PUBLIC OFFER: TERMS OF USE OF THE SERVICE FOR CREATING/CHANGING SYSTEM ACCESS CODES TO "INTERNET-BANKING/MOBILE-BANKING"

These Terms of Use of the Service for Creating / Changing Access Codes to the Internet Banking / Mobile Banking System (hereinafter referred to as the Agreement) establish the conditions under which Demir Kyrgyz International Bank Closed Joint Stock Company (hereinafter referred to as the Bank) agrees to provide an individual who has previously opened a deposit demand account with the Bank, also owns a payment card Visa International and/or MasterCard issued by the Bank (hereinafter referred to as the Customer) an access to the service for creating / changing Access Codes to the Internet Banking / Mobile Banking system (hereinafter referred to as the Service).

1. GENERAL PROVISIONS

1.1. The service is located on the official website of the Bank and is intended for the Customer to create a Username, Password and PIN-code or change them (hereinafter referred to as Access Codes) for the purpose of the following authorization of the Customer using Access Codes in the Internet Banking / Mobile banking".

1.2. This Public Offer is a legally binding Agreement between the Bank and the Customer. The agreement is considered concluded and becomes effective as an accession agreement from the moment the Customer takes actions to use the Service, which means full familiarization and unconditional acceptance of all the terms of this Offer without any exceptions or restrictions in accordance with Art. 387, art. 395, art. 398, art. 399, art. 402 of the Civil Code of the Kyrgyz Republic. If the Customer does not agree with the provisions of this Agreement, the Customer is not entitled to use the Service.

1.3. The Bank has the right to unilaterally make changes and additions to this Agreement with notifying the Customer about this by posting a new version of this Agreement on the official website of the Bank. If the Customer does not agree with the changes/additions made by the Bank, the Customer does not use the Service. The continued use of the Service by the Customer is a confirmation of the Customer's consent to such changes/additions and their full and unconditional acceptance.

1.4. The Bank has the right to periodically modify the Service, in connection with which the Customer may not be able to continue using the Service until the update and/or adoption of a new version of this Agreement.

1.5. The possibility of using the Service is provided by the Bank to the Customer, subject to the following requirements:

1.5.1. this Agreement and the General Bank Account Agreement have been concluded between the Bank and the Customer;

1.5.2. The Customer is the holder of a debit or credit bank payment card Visa International and/or MasterCard issued by the Bank (hereinafter referred to as the Payment Card);

1.5.3. The Customer passed the identification procedure at the Bank in accordance with the requirements of the legislation of the Kyrgyz Republic.

1.6. The commission for providing access and using the Service is determined by the current tariffs of the Bank and can be changed by the Bank unilaterally by posting an updated version of the Bank's tariffs on information stands in the operating room of the Bank's structural units and on the Bank's official website in the manner prescribed by the legislation of the Kyrgyz Republic. The current version of the Bank's Tariffs is posted on the official website at www.demirbank.kg.

2. REGISTRATION AND AUTHORIZATION

2.1. In order to be able to use the Service, the Customer must complete the registration procedure as a Customer of the Service each time (s)he logs into the Service. To register a Customer:

• 2.1.1. the following identifiers are used (hereinafter referred to as Identifiers):
  • a) Customer PIN (Personal number on the ID-card) / ID card number for residents of the Kyrgyz Republic or passport number for non-residents of the Kyrgyz Republic;
  • b) One-time password - a set of characters and/or symbols and/or numbers intended for protection against unauthorized access by third parties, which will be sent to the Customer by SMS message to the mobile phone number registered with the Bank and connected to the SMS notification service (hereinafter referred to as the subscriber number), while the validity period of the One-time password is independently determined by the Bank and the Bank is not responsible for possible obstacles that may prevent the Customer from using the One-time password sent by the SMS message on time;
  • c) The last 4 digits of the Customer's Payment Card number;
  • d) PIN-code from the Customer's Payment card.
• 2.1.2. the following conditions must be met:
  • a) the Customer's passport / ID card is valid;
  • b) The Customer's payment card is activated and valid (the validity period has not expired);
  • c) The Service can be used by Customers who use the additional protection of the E-token (by creating a Username and PIN), while in order to use "Mobile-Banking" by these Customers, they must additionally create a Password in the Service, since the use of "Mobile-Banking" with the E-token is impossible.

The Customer agrees that in order to reduce the possible risks of using the Service, the Bank at the time of registration and at any time in the process of using the Service by the Customer has the right to request, collect and verify any information, including with respect to the information provided by the Customer during registration, using any available sources of information and databases.

Based on the results of the analysis and assessment of the information obtained during the verification, the Bank has the right to refuse the Customer to register in the Service and/or access to the Service.

All actions of the Customer performed in the Service using the correct Identifiers are irrevocably and unconditionally recognized by the Parties as actions performed personally by the Customer. All orders, statements, consents and other electronic documents drawn up by the Customer through the Service using the correct Identifiers and subject to the conditions specified in subparagraph 2.1.2. paragraph 2.1. of this Agreement, are equated to paper documents personally signed by the Customer (simple electronic signature), and create the corresponding legal consequences.

2.2. If the Customer enters the correct Identifiers, and in particular, if the conditions specified in subparagraph 2.1.2 paragraph 2.1. of this Agreement are met, the Service for creating/changing Access Codes to the Bank's Internet Banking/Mobile Banking System becomes available to the Customer. At the same time, the Customer understands and agrees with the possible risks that are typical for working on the Internet, realizing that the Internet is not a secure channel of communication and information transfer. The Customer is obliged to familiarize with the information brought to the attention of the Customers by the Bank on the official website of the Bank in terms of information regarding possible risks when using the Service, and to take all necessary actions in connection with the above information, if any.

2.3. The Customer confirms that the information that the Customer has provided to the Bank in connection with the Customer's registration in the Service is true, accurate and complete.

3. RIGHTS AND OBLIGATIONS OF THE PARTIES

3.1. Customer's rights and obligations:

3.1.1. The Customer has the right to use the Service at any time, 24/7 in accordance with the terms of this Agreement;

3.1.2. The Customer has the right to create / change Access Codes using the Service;

3.1.3. The Customer is obliged to ensure the safety and confidentiality of the Identifiers and Access Codes and not disclose them to third parties. The Customer must immediately contact the Bank if the Customer believes that the Identifiers and/or Access Codes have been disclosed and/or become known to third parties. The risk and all responsibility for unauthorized use by third parties of Identifiers and/or Access Codes is solely borne by the Customer.

3.1.4. The Customer is obliged to immediately notify the Bank of all changes in the documents submitted to the Bank, including in the event of updating the information specified in the Customer's and (or) beneficial owner's profiles, and to submit duly certified copies of documents on the introduction of such changes, as well as to notify other circumstances that are important for the parties to fulfill their obligations under the Agreement.

3.1.5. In the event of a change in the Customer's subscriber number registered with the Bank, which, according to the terms of this Agreement, is used by the Bank to send an SMS message to the Customer with a One-Time Password and/or another Code, the Customer must immediately contact the Bank and personally fill out an application for changing the subscriber number;

3.1.6. Upon registration the Customer undertakes to provide information that corresponds to reality;

3.1.7. The Customer undertakes to immediately inform the Bank about the theft / loss of a SIM card, access device (personal computer, smartphone, etc.), any security breach or the fact of unauthorized use of the Service that the Customer became aware of;

3.1.8. The Customer undertakes to periodically change the Access Codes, not to use passwords/PIN-codes with a low level of protection;

3.1.9. Before using the Service, the Customer undertakes to make sure that the correct web page of the Service is being used. Beware of fake web pages created by scammers for fraudulent purposes.

3.2. Bank’s rights and obligations:

3.2.1. The Bank undertakes to provide the Customer with access to the Service and provide the possibility of using the Service in accordance with the terms of this Agreement;

3.2.2. The Bank undertakes to ensure the confidentiality of information about the Customer and his/her actions performed using the Service.

3.2.3. The Bank has the right to block the Customer's access to the Service in the following cases:

• 3.2.3.1. Imposition of restrictions/seizure/ blocking on the Customer's accounts in accordance with the current legislation of the Kyrgyz Republic;
• 3.2.3.2. Based on the Customer's request;
• 3.2.3.3. In other cases provided for by this Agreement, other agreements concluded between the Parties and/or the legislation of the Kyrgyz Republic.

3.2.4. The Bank has the right to modify any software of the Service (website, etc.);

3.2.5. The Bank has the right to deny the Customer access to the Service if the Customer violates the terms of this Agreement or detects cases of fraud, money laundering or other illegal actions, without prior notice to the Customer;

3.2.6. The Bank has the right, at its discretion, to temporarily suspend or restrict the Customer's access to the Service, or to refuse the Customer to provide or renew access to the Service:

• 3.2.6.1. when revealing the Customer's actions, clearly indicating the presence of malicious intent, with the aim of causing damage to the information systems of the Bank;
• 3.2.6.2. in case of detection of facts of violation by the Customer of the security rules and conditions of use of the Service;
• 3.2.6.3. if there is an unpaid debt of the Customer to the Bank;
• 3.2.6.4. if the Customer does not comply with the requirements of any provision of this Agreement;
• 3.2.6.5. in case of detection of malfunctions, errors and failures in the operation of software and/or hardware involved in ensuring the functioning of the Service, as well as for preventive purposes and in order to prevent unauthorized access to the Service;
• 3.2.6.6. if the Bank may deem it necessary to protect the security and integrity of the Service from unauthorized interference with the operation of the Service, or the Bank will need to ensure compliance with its obligations, or in case of suspicion of fraudulent actions using the Service;
• 3.2.6.7. in other cases provided for by this Agreement and/or the legislation of the Kyrgyz Republic.

3.3. The Bank guarantees that the software and hardware used in the Service comply with the information security requirements;

3.4. When using the Service, the Customer is prohibited from making any changes to the software or any part of it.

4. SERVICE

4.1. This Agreement determines the conditions and procedure for the use of the Service by the Customer solely for the following purposes:

4.1.1. the creation by the Customer of a Username, Password and PIN code for the purpose of subsequent authorization of the Customer in the Internet Banking/Mobile Banking system in full mode to perform available operations in the Internet Banking / Mobile Banking system. At the same time, the legal relationship of the Parties related to the performance of transactions in the Internet Banking/Mobile Banking system is governed by the General Bank Account Agreement concluded between the Parties;

4.1.2. Changes by the Customer of the Username, Password and PIN-code. In this case, when changing the Access Codes, the current mode of the Customer of the "Internet Banking" system remains unchanged ("Full mode" or "View mode"). Further use of "Mobile-Banking" is possible only in "Full mode" regardless of the "Internet-Banking" mode;

4.2. When using the Service, the Customer's orders are generated by the Customer in electronic form following the instructions posted in the relevant sections of the Service, by filling in the details fields on the Service website, as well as by clicking the appropriate buttons (for example, “Confirm”, “Next”, etc.).

4.3. If the Customer has forgotten or lost the Access Codes, the Customer has the opportunity to independently restore the Access Codes using the Service.

4.4. New Access Codes, changed by the Customer independently in accordance with the terms of this Agreement, are determined by the Parties as new Access Codes. Previous Access Codes are invalid.

4.5. The access codes are unknown to the Bank's employees and must be kept secret by the Customers during the entire period of using the Internet Banking/Mobile Banking system. When creating/changing Access Codes, avoid obvious, easily assumed combinations, for example, the end of the phone number, date of birth, etc., which can be easily identified by third parties. The password must contain at least 8 characters: Latin letters (at least 1 uppercase and 1-line), at least 1 number and 1 special character ( ! $ % ^ & * ( ) + | ~ - = `` { } [ ] : " ; ' < > ? , . / ).

4.6. The Customer should adhere to certain rules to ensure the secrecy of Access Codes and Identifiers:

4.6.1. do not write/store Access Codes and/or Identifiers anywhere, especially on access devices or other unprotected media, in order to avoid negative consequences, the Bank recommends the Customer to remember them;

4.6.2. do not allow anyone to spy on the dialing Access Codes on the access device keypad.

4.6.3. Access codes that are created/changed independently by the Customer through the Service for the subsequent authorization of the Customer in the Bank's System "Internet Banking/Mobile Banking" are not subject to disclosure by the Customer to third parties.

5. VALIDITY

5.1. This Agreement enters into force from the moment the Customer accepts this public offer by performing the actions provided for in clause 1.2. of this Agreement and is valid until terminated.

5.2. This Agreement may be terminated by agreement of the Parties.

5.3. The Customer has the right to terminate this Agreement at any time, notifying the Bank about it at least 7 working days before the day of termination of this Agreement by filling out a written application when the Customer appears in person at the Bank.

5.4. The Bank has the right to terminate this Agreement at any time unilaterally out of court by posting information on termination of this Agreement on the official website at: www.demirbank.kg.

6. RESPONSIBILITY OF THE PARTIES

6.1. For non-fulfillment or improper fulfillment of obligations under this Agreement, the Parties shall be liable in accordance with the terms of this Agreement and the current legislation of the Kyrgyz Republic.

6.2. The Customer is responsible for the safety and confidentiality of Identifiers and Access Codes, as well as for losses that may arise in the event of unauthorized use of Identifiers and Access Codes by third parties.

6.3. If the Bank is not notified in accordance with the established procedure about the change of the subscriber number in accordance with subparagraph 3.1.5. paragraph 3.1. of this Agreement, the risk and all responsibility for the unauthorized use of the One-Time Password and/or other Codes sent to the subscriber number previously registered with the Bank shall be borne solely by the Customer.

6.4. The Bank shall not be liable if, when the Customer uses the Service, the information transmitted between the Customer and the Bank becomes known to third parties as a result of wiretapping, hacker, virus attacks, interception, hacking of access devices, and as a result of violation by the Customer of the rules for using the Service provided for in this Agreement.

6.5. The Customer is responsible for all risks and negative consequences of loss, illegal possession, technical interception, etc. of information from the Customer's mobile phone or the Customer's subscriber number.

6.6. In case of illegal use of Identifiers and/or Access Codes by any third parties, the Bank is not responsible for the occurrence of possible consequences.

6.7. In case of loss/theft/use of Access Codes and Identifiers by an unauthorized person and/or loss, theft or use by an unauthorized person of access devices through which the Customer entered the Service, or if cases of unauthorized use of the Service are detected, immediately contact the Bank by phone with an oral the requirement to block access to the Service and the Internet Banking/Mobile Banking system (with the message to the Bank of special data proving the Customer's identity) or in person with the provision of a subsequent written confirmation of the verbal request by mail or fax no later than within 3 banking days after the statement of the oral request. At the same time, the Customer agrees not to raise claims against the Bank if the Bank was not promptly notified of the incident in writing;

6.8. The bank is not responsible for:

6.8.1. for errors, delays or inability of the Customer to access the Service associated with a malfunction of the Customer's access devices and/or communication failures in the communication channels;

6.8.2. for damage to the Customer's access device or information stored in the Customer's access device, for the security of the Customer's software and access device from various viruses and other damages;

6.8.3. for funds, products and services with the help of which the Service is provided by a third party (Internet access provider, cellular (radiotelephone) communication channels, etc.;

6.8.4. за несанкционированный доступ в Сервис, произошедший со стороны третьих лиц, в случаях, когда такой доступ произошел в ситуации, не подлежащей или не подпадающей под контроль со стороны Банка;

6.8.5. for the consequences of the Customer's untimely notification of the Bank about the loss/theft/use by an unauthorized person of Identifiers and/or Access Codes and/or loss, theft or use by an unauthorized person of access devices through which the Customer entered the Service, about attempts to unauthorized access to the Service (or about making attempts of such access). Any loss or liability due to such or similar actions shall be borne by the Customer;

6.8.6. for the fulfillment of the Customer's orders, if the Customer fails to provide information about the loss/theft/use of the Access Codes and/or Identifiers to the Service by an unauthorized person.

6.9. The Bank shall not be liable for failure to provide or delay in providing access to the Service for reasons that may be considered as circumstances beyond the control of the Bank, such as the operability of the public communication network, network congestion, disconnections, the state of operability of the Customer's access device, and also unpredictable events, such as inclement weather or technical problems (including as a result of hacker activities), which can disrupt ongoing activities despite the use of reasonably sufficient preventive measures to correct them.

7. DISPUTE SETTLEMENT PROCEDURE

7.1. Disputes that may arise during the execution of the terms of this Agreement, the parties will strive to resolve through negotiations.

7.2. If a mutually acceptable solution is not reached, the Parties may submit the disputed issue for resolution to the court in the manner prescribed by the legislation of the Kyrgyz Republic, at the location of the Bank's Head Office, except for cases where the exclusive jurisdiction is applied to disputes established by the procedural legislation of the Kyrgyz Republic.

8. MISCELLANEOUS

8.1. Any notifications sent by the Bank are considered officially sent and received by the Customer if they are sent to the Customer in at least one of the following ways:

• posted on the official website of the Bank;
• sent by the Bank by letter to the address indicated by the Customer in any of the documents submitted to the Bank;
• sent by the Bank by e-mail to the Customer's e-mail address indicated in the documents submitted to the Bank;
• sent by the Bank via mobile communication to the Customer's mobile phone number indicated in the documents submitted to the Bank;
• sent by the Bank by sending push notifications and/or by other means through the communication channels used by the Customer and specified in the documents submitted to the Bank.

8.2. Each clause of this Agreement acts independently. If any provision of this Agreement is declared invalid by the court, then the remaining articles remain in full force and effect.

8.3. Telephones of the Bank's customer support service (Bishkek): +996 (312) 610610; +996 (312) 610613; mailing address for telegrams: 720001, Bishkek, 245 Chui Ave. One can also send letters to customercare@demirbank.kg, or write WhatsApp messages to +996 (222) 610610, or call the short number 2222 for all mobile operators communications of the Kyrgyz Republic.