Withdrawal of consent to the processing of personal data by a borrower of a microfinance company

Everyone knows that when filling out any documents, contracts, for example, for the provision of medical services, when purchasing a phone, the buyer or patient is asked to sign consent to the processing of personal data. Having given consent to the processing of personal data, a person has the right to withdraw such consent at any time; we will consider how to do this and whether this should be done in more detail in this material.

ATTENTION : our credit lawyer will help you with the issue of revoking consent to the processing of personal data: professionally, on favorable terms and on time. Call!

When can you withdraw consent?

The procedure for working with personal information is established by the Law “On Personal Data” dated July 27, 2006 No. 152-FZ. From Art. 3 of the law it follows that individual data of a person includes any information about him that allows him to be identified.

This information may include:

• FULL NAME.;
• residential address;
• passport details;
• information about place of birth;
• other data.

The law does not contain a complete list of information; accordingly, in each specific case it is necessary to analyze whether it is possible to identify him or not using the information received from a person. Often, individual data is not personal because it is impossible to understand who exactly it belongs to. However, if the totality of information allows you to find out which person it relates to, then this is personal data.

Work with personal information is carried out on the basis of the written consent of the citizen whose information will be processed. There is no established form; each organization independently develops an agreement form for the processing of personal materials, which is signed by the citizen. Only after the subject has signed such a form, the institution has the right to begin working with information about the client.

Consent to processing can be obtained electronically using a simple electronic signature.

A citizen has the right to withdraw his consent to the processing of personal information at any time (Clause 2 of Article 9 of Law No. 152-FZ). Moreover, the legislator does not connect the revocation of personal data with any conditions or events. From which it follows that refusal to process personal data does not require justification.

How banks use clients' personal data

The primary task is to use them when providing services. For example, if we are talking about a loan. The bank will need this information in case of delay in order to transfer the case to collectors or use its own resources to organize the collection process.

Another point is advertising. Having a huge database of personal data, a financial organization receives a list of potential clients. They are regularly sent information about the provision of personal loans, credit cards, and simply advertise services. And although it can be annoying, from time to time there are really good offers.

By law, banks do not have the right to transfer the collected information to third parties, but mistakes do happen. News regularly appears that some organization has suffered a leak. This is due to hackers or employees who, taking advantage of their official position, criminally sell data.

It is clear that scammers use this information for personal enrichment. For example, in recent years they have been actively attacking Sberbank clients, posing as its security service. In this way, they extract information from citizens that helps them steal money from their accounts.

When withdrawal of consent does not matter for the personal data operator

Meanwhile, the operator can continue to work with the subject’s personal information materials even if the latter revokes his consent. The list of cases when he has such a right is specified in paragraphs. 2–11 hours 1 tbsp. 6, part 2 art. 10, part 2 art. 11 of Law No. 152-FZ. In particular, information about a person can be used by:

• courts with the participation of a citizen in legal proceedings;
• bailiffs in the execution of a judicial act;
• government bodies in the exercise of their powers;
• parties to civil contracts concluded with the subject of personal data;
• any subjects, if necessary, to protect the life or health of the bearer of personal information;
• journalists, if working with personal information is related to their professional activities;
• entities involved in the implementation of international treaties;
• statistical authorities, if personal data is anonymized.

What is included in personal data

This includes not only data from documents, but also any information about a person:

• FULL NAME.;
• passport details;
• place and date of birth;
• nationality;
• location;
• any contacts: phone number, email, social networks;
• SNILS and INN numbers;
• education;
• profession, place of work, salary;
• description of appearance (weight, hair color, DNA).

This also includes specific information that characterizes a person: habits and hobbies, belief in God, philosophical beliefs.

Procedure for revocation of individual data

Since citizens are often faced with the issue of permission to work with personal information, the natural question is how to revoke consent to the processing of personal data.

The step-by-step procedure is not prescribed in the legislation. Since permission to process information is given in writing, you must revoke consent by submitting a written application to the operator.

Refusal of consent to the processing of personal data is prepared in free form. You can submit your application to the institution:

1. Personally to the office or reception of the organization. In this case, it is necessary to prepare two copies of the document. On one of them, the organization will put a mark of receipt upon acceptance.
2. By postal correspondence (registered mail with notification). In this case, confirmation of receipt will be a notification returned to the sender.
3. In electronic form. For example, if consent to the use of personal information that the user provided to the operator via the Internet (for example, on the website) is revoked.

It is very important to confirm the date the operator received the request, since from this moment the period will begin during which the operator for processing individual information will have to stop working with the declared information.

Comments: 5

Your comment (question) If you have questions about this article, you can tell us. Our team consists of only experienced experts and specialists with specialized education. We will try to help you in this topic:

Author of the article Irina Rusanova

Consultant, author Popovich Anna

Financial author Olga Pikhotskaya

1. Rustem
   05.15.2021 at 21:32 I applied to the bank for a loan. When submitting a loan request, the bank issued a card to which the money would supposedly be transferred if approved, and entered into an agreement for the processing and transfer of personal data to third parties. The loan was not subsequently approved. Is it possible to revoke personal data if you have a bank card in your hands?
   Reply ↓ Anna Popovich
   05/16/2021 at 00:46

   Dear Rustem, you can close the card and revoke your personal data.

   Reply ↓

Sample application for review

An application for revocation of personal data is drawn up as follows:

1. The upper right column indicates the name of the recipient and his address, and the sender's details.
2. Below in the middle is the title of the document.
3. From the red line is the main text.
4. At the end of the document there is a date and signature.

A sample revocation of personal data from a bank may look like this:

To the Head of the Central Black Earth Bank PJSC "Bank"

Voronezh, st. January 9, 28

from Derzhaev Viktor Petrovich

Voronezh, st. Komarova, 28, 15

Statement

I, Derzhaev V.P., passport series 0000 No. 000 000, issued by the Department of Internal Affairs of the Sovetsky District of Voronezh __ __ ___, in accordance with Art. 9 of Law No. 152-FZ, I withdraw my consent to the processing of personal data, given by me when concluding the loan agreement No. 377-2010 dated __ __ ____.

Derzhaev V. P. /Derzhaev/

Date of: __ __ ____

Who fills it out?

The revocation of permission to work with personal information is made by the PD subject himself , the person who previously gave permission to the operator company. The document can be signed by the legal representatives of a citizen if he is declared incompetent, and by the parents of a minor child. In other cases, the signature of the owner of the confidential information is required.

Consequences of the recall

According to paragraph 5 of Art. 21 of Law No. 152-FZ, if a person revokes consent to work with his individual information, the operator is obliged to stop doing this. He is given 30 days to do this from the date of receipt of the application. Within the same period, the operator must destroy or ensure the destruction of information.

However, the law clarifies that if further work with individual information about a person is necessary to achieve the goals provided for by law, then the storage of information can continue.

For example, banks cannot fulfill the request of the subject of personal data to withdraw consent to their processing.

So, in accordance with paragraph 4 of Art. 7 of the Law “On Combating Legalization (Laundering) of Income...” dated August 7, 2001 No. 115-FZ, banking organizations must retain personal information about clients for at least 5 years from the date of termination of relations. Accordingly, if permission to work with individual information has been revoked, operations with information must be stopped, but the materials themselves are not destroyed and can be issued at the request of the court, prosecutor's office and other authorized institutions (appeal ruling of the Moscow City Court dated June 14, 2019 in case No. 33-25479).

Will the information disappear completely?

If the client is simply tired of advertising mailings and endless calls offering to take out a loan, this will work. Some banks really abuse spam, sending personal offers via SMS literally every day. It gets on your nerves. This type of mailing and calling must stop.

But the law indicates that information from the database does not completely disappear. There are reasons to continue storing, collecting and disseminating data:

• if the contractual relationship with the creditor has not been terminated. For example, there is a valid loan, credit or debit card, deposit, etc.;
• if the person is a participant in legal proceedings;
• processing is necessary to protect the life and health of a citizen;
• information may be required for the provision of medical services, diagnosis, identification;
• information will be required in case of compliance with security, counter-terrorism, criminal and executive laws.

A detailed description of all points is in Article 10 of Part 2 of Federal Law-152. If information is suddenly needed for these purposes, it will be provided by the financial organization to the department that requested it. That is, the data does not disappear without a trace.

Let's sum it up

Revocation of personal data that the bank has the right to process on the basis of a contract and agreement is possible. However, this does not mean that the creditor will completely stop any actions with information related to the debtor, since this is impossible in principle. You can recall some information, such as your phone number or that of third parties, if such information has been previously shared. However, it is impossible to deprive the bank of the opportunity to completely contact the debtor, since the terms of the agreement always provide for the presence of “feedback” communication for the parties to the relationship.

Read: How to revoke a payment order from a bank