Privacy And Personal Data Processing Policy
Demir Kyrgyz International Bank Closed Joint-Stock Company (hereinafter referred to as the Bank) would like to thank you for your interest in the services of the Bank (hereinafter referred to as the Bank Services). Protection of your personal data is very important to us, so we pay special attention to the protection of personal data collected and processed while using the Bank's Services.
The Bank's Services include the Internet-Banking/Mobile-Banking system, mobile applications, service of creating/changing access codes to the Internet-Banking/Mobile-Banking system, as well as other services, products, services posted on the website www.demirbank.kg, www.ipotekademir.kg enabling You to interact with the Bank within the General bank account agreement and/or other agreement, as well as without conclusion of such agreements.
The Privacy and Personal Data Processing Policy (hereinafter - the Policy) is developed in accordance with the requirements of the legislation of the Kyrgyz Republic and establishes requirements for ensuring security of your personal data, as well as what personal data the Bank receives, how it uses and exchanges them with other persons.
Gaining access to use the Bank's Services means your unconditional consent to the provisions of this Policy.
This Policy also specifies the basic precautions that you must take to ensure that your personal data remains confidential.
This Policy applies to personal data that has been or will be received by the Bank as a result of your use of the Bank Services.
CONSENT FOR THE COLLECTION AND PROCESSING OF
The Bank collects and processes your personal data and information about you solely with your consent and/or in cases provided by law.
The specified consent is contained in the General bank account agreement, by signing which you give the Bank your consent to the collection, processing and transfer of all personal data, which you provide to us yourself when signing the agreement, and which become available to the Bank in the process of using the Bank Services. Consent can also be provided by you in the form of a separate document signed by you with your handwritten signature or in the form of an electronic document signed by electronic signature in accordance with the legislation of the Kyrgyz Republic.
PURPOSES OF PERSONAL DATA COLLECTION AND PROCESSING
The Bank collects and processes personal data in order to:
LIST OF PERSONAL DATA COLLECTED
In this Policy, your personal data means:
When using the Bank Services, the following personal data may be requested and received:
PERIOD FOR RETAINING PERSONAL DATA
The Bank keeps your personal data for the period necessary for the Bank to achieve the purposes of their collection and processing in accordance with the General Bank Account Agreement and/or other agreement concluded with the Bank, as well as specified in the signed consent by you, taking into account the retention periods regulated by the legislation of the Kyrgyz Republic.
PROVIDING YOUR PERSONAL DATA TO THIRD PARTIES
The Bank does not disclose and transfer to third parties your personal data, including those on operations obtained through the Bank Services, except for the following cases:
When you provide the Bank with personal data of third parties (including PIN, full name, mobile phone number, date and/or year of birth, e-mail address, residence address and other personal data) directly or through third parties, you confirm that you received their consent to the collection, processing, transfer, including cross-border transfer of personal data to the Bank and third parties to provide relevant services without the right to place personal data in publicly available information sources.
You are solely responsible to third parties for your actions related to the use of the Bank Services, including for the correctness of the personal data entered in the Bank Services and compliance of the entered data with the identity documents of third parties.
The Bank takes reasonable measures to keep your personal data available to the Bank accurate and up-to-date, and to delete outdated and other inaccurate or unnecessary personal data. Nevertheless, you are responsible for providing accurate information, as well as for updating the provided data in case of any changes.
You may at any time change (update, add) the personal information you have provided or any part of it. Changes of your personal data kept by us shall be made upon your written application with the submission of the documents, confirming changes in your data, or by you through the Bank Services (if technically possible).
Withdrawal of your consent. You have the right to withdraw your consent at any time by submitting a written application to the Bank. However, please be aware that we need your personal data in order to use the Bank Services. In this case, withdrawal of your consent will result in termination of any services provided to you by the Bank. At the same time, withdrawal of your consent does not entail termination of obligations arising for you under any banking services agreements of the Bank, including agreements on issue and service of payment cards, agreements on opening bank accounts and deposits, credit agreements.
Data rights. You have the right to receive information about the data we have on you. You can exercise your rights by contacting us in writing.
The Bank has right:
SECURITY MEASURES USED TO MAINTAIN THE CONFIDENTIALITY OF PERSONAL DATA
The Bank takes all possible measures to ensure the security and protection of your personal data from unauthorized attempts to access, modify, disclose or destroy it, as well as other types of improper use. In particular, the Bank is constantly improving methods of data collection, storage and processing, including physical security measures to prevent unauthorized access to the Bank Services for the purpose of property theft, phishing and other types of fraud. The Bank also restricts access to your personal data to employees, contractors and agents, with strict contractual confidentiality obligations, for violation of which strict liability is provided.
The security of your use of the Bank Services also depends on your compliance with the guidelines, which can be found below. You undertake to immediately notify the Bank of any suspected unauthorized use of your account.
Observance of the Bank's recommendations by you will ensure maximum safety of the information provided to the Bank, including details of the bank card (or other electronic means of payment) and other personal data, as well as reduce possible risks when performing operations using the Bank Services.
The Bank ensures protection of information at all stages of its "life cycle", including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal, destruction of personal data and forbids violation of confidentiality of received information.
To ensure safe storage of personal data in information systems in accordance with the requirements of legislation, the Bank uses the following methods (including, but not limited to): delimitation of user access to information resources, software means of processing (transmission) and protection of information; data encryption; use of secure communication channels; use of information protection tools, etc.
The terms of data storage in the Bank shall be determined in accordance with the requirements of the legislation of the Kyrgyz Republic, documents fixing the contractual relations of the Bank with subjects of personal data, and consent of subjects to the processing of personal data.
To ensure security in the process of using the Bank Services and protection of your data, you must comply with the following recommendations, but not limited to them:
1) You should not disclose your login, password and other personal data to unauthorized persons, including Bank employees;
2) You should not keep your login and password and other confidential data on access devices (personal computer, cell phone, etc.) or other unprotected media, including paper media, unless appropriate protection is provided;
3) You must change your password periodically, but do not use passwords with low security, such as your name or date of birth. The password must contain a combination of: letters (capital), special symbols and numbers;
4) You should ensure confidentiality of personal information, namely not to disclose personal information (passport data, e-mail address and other data) to unauthorized persons;
5) You should regularly check the history of transactions and statements to track errors or unauthorized transactions on the account and immediately inform the Bank about any cases of unauthorized transactions;
6) You need to check the correctness and security of the webpage, and in this case:
- Before making any online transactions or providing personal information, you should make sure that the correct webpage of Internet Banking and other Bank Services is being used. Beware of fake web pages created for fraudulent purposes;
- Make sure the web page is secure by checking Uniform Resource Locators (URL), which must start with "https" and a secure connection sign must appear on the status of your Internet browser;
- always enter the URL of a web page directly into your Internet browser, and avoid redirections or links to other untrusted pages;
- If possible, use software that automatically encrypts or encodes transmitted information during electronic transactions;
7) You must protect your access device (personal computer, cell phone, etc.) from unauthorized access and malware;
8) You should leave the site where operations are performed, even if the device is left unattended for a short period of time, and remember to log out of the Bank Services after performing operations.
The Bank may update and amend the provisions of this Policy at any time. A new version of this Policy becomes effective as of its posting, unless otherwise stipulated by the provisions of the new version of the Policy. The Bank recommends you regularly refer to this Policy for the most up-to-date version.
All suggestions or questions regarding this Policy should be reported to the Bank at the e-mail address firstname.lastname@example.org, or send a written request to the address: 720001, Kyrgyz Republic, Bishkek, 245 Chui Avenue to "Demir Kyrgyz International Bank" Closed Joint-Stock Company with a note "Questions and proposals on the Privacy and Personal Data Processing Policy".
If you want to make a complaint about the processing of your data, please contact the Bank at the above addresses and the Bank will try to respond to your request as soon as possible.