Mobile App Privacy & Cookie Policy

The following information is intended for users of the mobile application of Bank Millennium S.A. ("Bank" or "Bank Millennium"). Mobile Application is special software installed on a mobile device connected to the Internet and additional devices connected to it (in particular smart watches), enabling access to bank accounts and use of banking services ("Mobile Application").

Application Users are persons who have installed the mobile application on a mobile device, including the Bank's Clients or persons authorised by the Clients.

Privacy Policy

Bank Millennium ensures data security to its Clients, including Mobile Application users. All information provided by users is protected using modern technologies, in accordance with applicable legal standards, security requirements and confidentiality rules. The Bank is actively developing its systems for protecting the privacy and security of users by implementing new organisational and technical safeguards. The Bank informs users about changes in the confidentiality protection rules via the website or other means of communication agreed with the user.

General information on using the Bank Millennium mobile application

The use of the Mobile Application is possible on condition of:

  1. Conclusion of an agreement for access to services through Electronic Banking Channels ("EBCs");
  2. Have active access to the EBCs;
  3. Installation of the Mobile Application on a mobile device that meets the technical requirements;
  4. Activation of the Mobile App and authenticating the user:

    - launching the Mobile Application and entering the Millecode and password (SMS P@ssword received by SMS or answering a call made to a defined phone number and correctly performing the actions provided by the Bank and giving the Temporary Password);
    - providing a Mobile Password or Password1 (if applicable) or an identifier (e.g. Social Security number or ID card);
    - setting a PIN and Password1 (if not set).

Details on how to download the Mobile Application, current technical requirements, instructions for activating the Mobile Application as well as questions and answers can be found on www.bankmillennium.pl/en/electronic-banking/mobile-banking/mobile-application-individuals-business

Is the Mobile App Safe?

Communication between the Mobile Application and the Bank's transaction systems takes place using secure encryption mechanisms.

In order to increase the security of its Clients using the Mobile Application and to prevent fraud, the Bank collects the following information:

  • whether the basic security of the mobile device has been broken (root / jailbreak) – i.e. whether the data processed on it has at least the level of security expected by Google / Huawei / Apple (the information obtained is a yes/no answer);
  • device information – among others language, time zone, model, brand, phone name;
  • psedounique* identifiers of the phone, based on various elements related to the device (such as resolution, etc.) without components of these identifiers.

*Such identifiers are unique in relation to a certain group of clients who have similar phone settings / similar model.

The bank does not collect a list of applications. However, it is possible to analyse on a mobile device whether there are any suspicious applications installed from outside the official Google, Apple or Huawei store, which have high privileges and may pose a threat to the Client's actions in the Mobile Application – in such cases, the application identifier, its hash (i.e. the sum of the checks calculated on the installation file) and the scope of application permissions are collected.

Access to permissions or information on your mobile device

Mobile Application - depending on the operating system on which it is installed - can access permissions or functions on the mobile device, among others to:

  • technical data of the device (to enable verification of the user's identity),
  • displaying network connections, receiving data from the Internet (to check Internet access through the application and for security purposes),
  • using information about the Wi-Fi connection – for the purpose of generating unique application identifiers used to encrypt data and communication between the Mobile Application and the server;
  • gyroscope, accelerometer, the manner of using the touchscreen (for security purposes);
  • device memory (when using the QR transfer function);
  • contacts (to retrieve the e-mail address/phone number from the contact list for transfer to e-mail/telephone or to send transaction confirmations);
  • adding an emergency phone number to contacts (e.g. when buying OC/AC insurance);
  • location (to search for the nearest ATMs or branches of the Bank or to save the location on the map in the transaction history);
  • photos (e.g. to choose a wallpaper from your photo gallery);
  • still camera (e.g. to scan a QR code in the "Scan and Pay" option);
  • fingerprint reader (to log in and approve certain operations with your fingerprint).

A detailed catalogue of access for iOS and Android, along with an explanation of what each access is for, can be found on the www.bankmillennium.pl/en/electronic-banking/mobile-banking/mobile-application-individuals-business website in the "Application Security and Permissions" tab.

Managing access permissions

Depending on the version of the device and the version of the mobile device's operating system, the permissions are accepted before the installation of the Mobile Application or before the use of a given functionality. Permissions can also be granted by default. The permissions (functions and information of the mobile device) that the user grants to the Mobile Application are visible in the settings panel of the mobile device, where access rights can be managed (changed or revoked). Please note that a change or cancellation may result in the loss of the Mobile Application function linked to the given permission. The authorisations of the Mobile Application may also be revoked by uninstalling the Mobile Application.

Details can be found on the www.bankmillennium.pl/en/electronic-banking/mobile-banking/mobile-application-individuals-business website in the "Application Security and Permissions" subsection and in the user manuals of manufacturers: Google, Apple, Huawei.

Marketing and commercial information in the Mobile Application

The Bank does not use marketing cookies or mobile identifiers for displaying advertisements in the Mobile Application, however, marketing and commercial information may be displayed in the User's Mobile Application.

Marketing campaigns are addressed to the user, taking into account the statements expressed by the user in relations with the Bank, including the marketing consents granted indicating the form of receiving marketing and commercial messages preferred by the Client. The Mobile Application is only one of the Bank's communication channels in this respect. Information on the rights that the Client has in connection with the processing of data for the purpose of providing marketing and commercial information can be found in the "Processing of personal data" subsection.

Not agreeing to the Mobile App Privacy and Cookie Policy

If you do not agree to this privacy and cookie policy, you should not install the Mobile App or, if it has been installed, uninstall it.

Useful links

Details about the Mobile App www.bankmillennium.pl/en/electronic-banking/mobile-banking/mobile-application-individuals-business.
Bank's Privacy Policy and Information Clauses: Data Protection - Bank Millennium.