GENERAL PROVISIONS

Demir Kyrgyz International Bank Closed Joint-Stock Company (hereinafter referred to as the Bank) would like to thank you for your interest in the services of the Bank (hereinafter referred to as the Bank Services). Protection of your personal data is very important to us, so we pay special attention to the protection of personal data collected and processed while using the Bank's Services.

The Bank's Services include the Internet-Banking/Mobile-Banking system, mobile applications, service of creating/changing access codes to the Internet-Banking/Mobile-Banking system, as well as other services, products, services posted on the website www.demirbank.kg, www.ipotekademir.kg enabling You to interact with the Bank within the General bank account agreement and/or other agreement, as well as without conclusion of such agreements.

The Privacy and Personal Data Processing Policy (hereinafter - the Policy) is developed in accordance with the requirements of the legislation of the Kyrgyz Republic and establishes requirements for ensuring security of your personal data, as well as what personal data the Bank receives, how it uses and exchanges them with other persons.

Gaining access to use the Bank's Services means your unconditional consent to the provisions of this Policy.

This Policy also specifies the basic precautions that you must take to ensure that your personal data remains confidential.

This Policy applies to personal data that has been or will be received by the Bank as a result of your use of the Bank Services.

CONSENT FOR THE COLLECTION AND PROCESSING OF

PERSONAL DATA

The Bank collects and processes your personal data and information about you solely with your consent and/or in cases provided by law.

The specified consent is contained in the General bank account agreement, by signing which you give the Bank your consent to the collection, processing and transfer of all personal data, which you provide to us yourself when signing the agreement, and which become available to the Bank in the process of using the Bank Services. Consent can also be provided by you in the form of a separate document signed by you with your handwritten signature or in the form of an electronic document signed by electronic signature in accordance with the legislation of the Kyrgyz Republic.

PURPOSES OF PERSONAL DATA COLLECTION AND PROCESSING

The Bank collects and processes personal data in order to:

  • provide you with financial, banking services, as well as other services available in the Bank Services;
  • conclude any agreements with you and their further execution;
  • conduct campaigns, surveys and investigations by the Bank;
  • send notifications, offers and information regarding the use of the Bank Services;
  • process your inquiries, applications;
  • analyze and improve the performance of the Bank Services, develop and provide you with new products and extending services;
  • implement analytical and statistical data concerning your use of the Bank Services;
  • protect you and the Bank from fraudulent actions related to the use of the Bank Services;
  • for the purpose of collecting debts to the Bank;
  • for other purposes specified in this Policy or the terms of use of certain Services of the Bank.
  • LIST OF PERSONAL DATA COLLECTED

    In this Policy, your personal data means:

  • Personal data that you yourself provide to the Bank when creating an account, registration, etc., as well as during the use of the Bank Services (full name, gender, email address, phone number, facial digital image, place of residence, marital status and family composition, citizenship, nationality, PIN/TIN, place of work, salary and other income, etc.);
  • Automatically transmitted data during the use of the Bank Services, including, but not limited to: IP address, cookies, information about the mobile device from which you get access, etc.;
  • Data downloaded by you while using the Bank Services, including in the form of files and images;
  • Other personal data as defined in the Law of the Kyrgyz Republic "On Personal Information”.
  • When using the Bank Services, the following personal data may be requested and received:

  • Information about You. When creating an account and/or registering and/or using the Bank Services, the Bank requests information about you, such as your full name, gender, date of birth, residence address, email address, phone number, and bank card details or other electronic means of payment. The bank may also ask for additional information. With your separate consent, the Bank can get access to information about your contact information (phone and / or address book, contacts in your mobile device, for example, to make money transfers), to the photo gallery (only if you intend to choose a photo when using the Bank Services), to the camera of your mobile device (access, for example, will allow you to take a photo, scan a QR-code or a bar-code to pay for a service or transfer).
  • Information about your mobile device. The bank collects data about your mobile devices, such as mobile device model, operating system version, unique device identifiers, as well as mobile network data and mobile phone number. In addition, the device ID and mobile phone number may be linked to your account.
  • Location information. The Bank services that support your mobile device's geographic location feature allow the Bank to receive information about your actual location, including GPS data sent by your mobile device.
  • Information about transactions performed. When making payments for goods and services, money transfers and other transactions, the Bank collects information about the place, time and amount of transactions made, form of payment, data about the merchant and/or service provider, descriptions of the reason for the transaction, if any, as well as other information related to making the above transactions.
  • Information received when visiting the site: the Bank uses your data in order to allow you to use the Bank Services.
  • Information received from third parties. Such information is necessary for the proper provision of services, fulfillment of contractual obligations to you and third parties. The Bank receives information provided by third parties, which may contain data about you, other persons specified by you.
  • Your other data available to the Bank, which you have agreed to provide and / or received by the Bank from official sources or from any third parties to provide services to you through the Bank services.
  • PERIOD FOR RETAINING PERSONAL DATA

    The Bank keeps your personal data for the period necessary for the Bank to achieve the purposes of their collection and processing in accordance with the General Bank Account Agreement and/or other agreement concluded with the Bank, as well as specified in the signed consent by you, taking into account the retention periods regulated by the legislation of the Kyrgyz Republic.

    PROVIDING YOUR PERSONAL DATA TO THIRD PARTIES

    The Bank does not disclose and transfer to third parties your personal data, including those on operations obtained through the Bank Services, except for the following cases:

  • You gave consent to such actions;
  • The transfer is necessary to execute the agreement concluded with you for rendering services to you;
  • The transfer is necessary to execute the agreement concluded with you for rendering services to you.
  • When you provide the Bank with personal data of third parties (including PIN, full name, mobile phone number, date and/or year of birth, e-mail address, residence address and other personal data) directly or through third parties, you confirm that you received their consent to the collection, processing, transfer, including cross-border transfer of personal data to the Bank and third parties to provide relevant services without the right to place personal data in publicly available information sources.

    You are solely responsible to third parties for your actions related to the use of the Bank Services, including for the correctness of the personal data entered in the Bank Services and compliance of the entered data with the identity documents of third parties.

    YOUR RIGHTS

    The Bank takes reasonable measures to keep your personal data available to the Bank accurate and up-to-date, and to delete outdated and other inaccurate or unnecessary personal data. Nevertheless, you are responsible for providing accurate information, as well as for updating the provided data in case of any changes.

    You may at any time change (update, add) the personal information you have provided or any part of it. Changes of your personal data kept by us shall be made upon your written application with the submission of the documents, confirming changes in your data, or by you through the Bank Services (if technically possible).

    Withdrawal of your consent. You have the right to withdraw your consent at any time by submitting a written application to the Bank. However, please be aware that we need your personal data in order to use the Bank Services. In this case, withdrawal of your consent will result in termination of any services provided to you by the Bank. At the same time, withdrawal of your consent does not entail termination of obligations arising for you under any banking services agreements of the Bank, including agreements on issue and service of payment cards, agreements on opening bank accounts and deposits, credit agreements.

    Data rights. You have the right to receive information about the data we have on you. You can exercise your rights by contacting us in writing.

    BANK’S RIGHTS

    The Bank has right:

  • Receive from you information and/or documents containing your personal data;
  • Clarify the personal data provided by you;
  • In case you withdraw your consent for processing of personal data, continue processing of your personal data in accordance with the requirements of the legislation of the Kyrgyz Republic;
  • Block access to the Bank Services if, in the opinion of the Bank, there is a violation or attempts to violate the security procedure of the Bank Services, including in case of suspicion of fraudulent operations by third parties using your personal data using the Bank Services, as well as in other cases stipulated by the legislation of the Kyrgyz Republic;
  • SECURITY MEASURES USED TO MAINTAIN THE CONFIDENTIALITY OF PERSONAL DATA

    The Bank takes all possible measures to ensure the security and protection of your personal data from unauthorized attempts to access, modify, disclose or destroy it, as well as other types of improper use. In particular, the Bank is constantly improving methods of data collection, storage and processing, including physical security measures to prevent unauthorized access to the Bank Services for the purpose of property theft, phishing and other types of fraud. The Bank also restricts access to your personal data to employees, contractors and agents, with strict contractual confidentiality obligations, for violation of which strict liability is provided.

    The security of your use of the Bank Services also depends on your compliance with the guidelines, which can be found below. You undertake to immediately notify the Bank of any suspected unauthorized use of your account.

    Observance of the Bank's recommendations by you will ensure maximum safety of the information provided to the Bank, including details of the bank card (or other electronic means of payment) and other personal data, as well as reduce possible risks when performing operations using the Bank Services.

    The Bank ensures protection of information at all stages of its "life cycle", including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal, destruction of personal data and forbids violation of confidentiality of received information.

    To ensure safe storage of personal data in information systems in accordance with the requirements of legislation, the Bank uses the following methods (including, but not limited to): delimitation of user access to information resources, software means of processing (transmission) and protection of information; data encryption; use of secure communication channels; use of information protection tools, etc.

    The terms of data storage in the Bank shall be determined in accordance with the requirements of the legislation of the Kyrgyz Republic, documents fixing the contractual relations of the Bank with subjects of personal data, and consent of subjects to the processing of personal data.

    To ensure security in the process of using the Bank Services and protection of your data, you must comply with the following recommendations, but not limited to them:

    1) You should not disclose your login, password and other personal data to unauthorized persons, including Bank employees;

    2) You should not keep your login and password and other confidential data on access devices (personal computer, cell phone, etc.) or other unprotected media, including paper media, unless appropriate protection is provided;

    3) You must change your password periodically, but do not use passwords with low security, such as your name or date of birth. The password must contain a combination of: letters (capital), special symbols and numbers;

    4) You should ensure confidentiality of personal information, namely not to disclose personal information (passport data, e-mail address and other data) to unauthorized persons;

    5) You should regularly check the history of transactions and statements to track errors or unauthorized transactions on the account and immediately inform the Bank about any cases of unauthorized transactions;

    6) You need to check the correctness and security of the webpage, and in this case:

    - Before making any online transactions or providing personal information, you should make sure that the correct webpage of Internet Banking and other Bank Services is being used. Beware of fake web pages created for fraudulent purposes;

    - Make sure the web page is secure by checking Uniform Resource Locators (URL), which must start with "https" and a secure connection sign must appear on the status of your Internet browser;

    - always enter the URL of a web page directly into your Internet browser, and avoid redirections or links to other untrusted pages;

    - If possible, use software that automatically encrypts or encodes transmitted information during electronic transactions;

    7) You must protect your access device (personal computer, cell phone, etc.) from unauthorized access and malware;

    8) You should leave the site where operations are performed, even if the device is left unattended for a short period of time, and remember to log out of the Bank Services after performing operations.

    POLICY CHANGES

    The Bank may update and amend the provisions of this Policy at any time. A new version of this Policy becomes effective as of its posting, unless otherwise stipulated by the provisions of the new version of the Policy. The Bank recommends you regularly refer to this Policy for the most up-to-date version.

    FEEDBACK

    All suggestions or questions regarding this Policy should be reported to the Bank at the e-mail address customercare@demirbank.kg, or send a written request to the address: 720001, Kyrgyz Republic, Bishkek, 245 Chui Avenue to "Demir Kyrgyz International Bank" Closed Joint-Stock Company with a note "Questions and proposals on the Privacy and Personal Data Processing Policy".

    If you want to make a complaint about the processing of your data, please contact the Bank at the above addresses and the Bank will try to respond to your request as soon as possible.