1. Organizational and Administrative Provisions. Purpose
1.1 The purpose of this Policy shall be to establish the procedure and principles to process the Customer's data, namely, to collect, store, use and publish the Customer's data.
1.2 The Customer's data shall mean the information that the Customer transferred to the Bank and that is considered as bank secrecy: data on the Customer's property status, personal and contact information, information on performed transactions, economic activity, data on the employer, income, obligations, existence of dependents, payment discipline, debts, trade secrets, etc., as well as the data that is automatically transferred when electronic services are provided by the Bank, including: IP address, data on the mobile device from which access is performed, etc.
1.3 The Bank, and also subsidiary companies being part of the concern, shall collect, store, use, process and publish the Customer's data only if there is the latter's consent and/or in accordance with the procedure provided for by the legislation.
1.4 The Bank shall give an opportunity to the Bank's Customers to interact with the Bank within the framework of the signed bank service agreement, including the exchange of information and performance of separate transactions through bank cards, the Internet or a special application for mobile devices (smartphones, tablet PCs, etc.) as well as the electronic payment system allowing mobile device users to pay services, make remittances between natural persons through social networks and make purchases on the Internet.
2. Data Collection
2.1. When collecting the Customers' data, the Bank shall be limited to the data volume that is necessary to ensure the high-quality service and perform the requirements provided for by the legislation.
2.2. To ensure the best service if there is the Customer's consent or in accordance with the legislation (for example, the Law on Exchange of Information in the Field of Taxation), the Bank shall have the right to request the additional information about the Customer (for example, marital status, job title, place of employment, residency, property origin, etc.).
2.3. The Bank shall store the Customer's data correctly and verify it as the need arises, being guided by the current legislation, but at least once a year. The Customer may acquaint with the information given by the Customer to the Bank in all offices of the Bank and through electronic communication channels. If necessary, the information may be changed in the same place.
2.4. When receiving the Customer's data through electronic communication channels, the Bank must guarantee the security of information transfer.
2.5. The Customers' information shall be collected by the Bank exclusively for the purpose to implement the technical control of the Bank's Services, and also to carry out the analysis and improve the Bank's Services; to provide the Customers the information on the services provided by the Bank and the products offered by the Bank; for marketing purposes; for other purposes specified in this Policy.
3. Data Storage and Protection
3.1. On the basis of the Law on Credit Institutions, the Law on Personal Data Protection and the General Conditions, the Bank shall store and protect all the data that the Customer transferred to the Bank and that are considered as bank secrecy.
3.2. The Customer's data shall only be accessible to the employees of the Bank whom it is needed to perform their job duties.
3.3. The Bank's employees having access to the Customer's data shall be obligated to use the data according to the Bank's internal regulations and in accordance with the legislation, first of all the Constitution, the Law on Credit Institutions, the Law on Personal Data Protection. The Bank's employees shall be obligated to keep the bank secrecy with no time limit.
3.4. The Bank shall be obligated to monitor that the technical means used to store and protect the Customer's data would meet security standards and requirements.
4. Use of the Data
4.1. The Bank shall use the Customers' data to provide banking services and transfer the information that may be of interest to the Customers. Except usual transmission facilities in the customer area, the homepage and the Internet Bank, the Bank shall use the following communication channels: mail, e-mail, SMS or other communication facilities or mass media. The Customer may at any time refuse receiving advertising messages, for which it is necessary to submit an appropriate application.
4.2. The Bank shall not transfer the Customer's data to the third parties, including partners for advertising offers.
4.3. The Bank may process the Customers' data to improve the quality of offered services and to develop the new ones.
5. Publication of the Data
5.1. The Bank shall have the right to publish the bank secrecy relating to the Customer for the third parties only if there is the Customer's consent, if this obligation does not follow from the legislation.
5.2. The Bank shall have the right to publish the Customer's personal data as well as other data relating to the bank secrecy for the partners within the framework of agreements. Such partners may be, for example, corresponding banks and other payment intermediaries, securities depositories, international card organizations, ATM maintaining firms, firms providing services connected with IT, printing, remittances, communication, insurance, collection and also solvency evaluation of the Customer (for example, Krediidiinfo), etc.
5.3. When using the services of other firms (mail, technical, etc.), the Bank shall only publish for them the specific information that is necessary to perform the contractual obligations. The firms offering the services must consider the information obtained by them as confidential. It shall be a mandatory provision for the agreements signed with contracting parties that have no right to use the information obtained to provide the specific services for other purposes.
5.4. The generalized depersonalized data of the Bank's Customers may be provided by the Bank to its partners, such as publishers, advertisers, etc. (for example, to carrying out statistical and other research).
5.5. When transferring the Customers' information abroad, the Bank shall ensure the observance of the current legislation and this Policy in relation to the Customers' information by entering into the agreements in which it will be guaranteed that receivers of the information adhere to the appropriate level of protection.
6. Security Measures Used to Ensure the Confidentiality of Information
6.1. The Bank shall take every possible measure to ensure the security and protection of the Customers' information against unauthorized access attempts, change, disclosure or destruction as well as other types of the inadequate use. In particular, the Bank shall constantly improve the data handling methods, including physical security measures, to counteract an illegal access to the Bank's systems for the purpose of the theft of property, phishing and other types of fraud. The Bank shall also limit the access for employees, contractors and agents to the Customers' information, with providing for strict contractual obligations in the field of confidentiality.
6.2. The security of the use of the Bank's services also depends on the observance of the recommendations by Customers, which are listed on the Bank's official website. The Bank specified the Customer's obligations in the contractual obligations to save not only the Customer's property/money, but also the confidentiality of the Customer's data, namely, the Customer must store the account credentials, such as the login and password, secretly from the third parties. The Customer must without delay inform the Bank about any case of suspicion of the unauthorized use of the account credentials.
6.3. The observance of the Bank's recommendations by the Customer will allow to ensure the maximum security of the information provided to the Bank, including bank details of the Customer's bank card (or other electronic payment instrument), and other data, and also will reduce possible risks when performing transactions with the use of bank details of the bank card (or other electronic payment instrument) for cashless payment of goods and services, including via the Internet.