The Privacy and Personal Data Processing Policy (the Remote Banking Service System of Eurasian Bank JSC RBS) (hereinafter referred to as the Policy) establishes requirements for ensuring the security of the User’s personal data in Eurasian Bank JSC (hereinafter referred to as the Bank) and reflects the list of data that can be requested from the Users.

What is considered the data for the Bank

The Bank receives or collects information for the provision of the Bank services, as well as the services of its partners and government agencies (hereinafter referred to as the Services), including at installing, using and accessing thereto.

The personal data of the User of the mobile app and (or) provided by the User, including about third parties, for the provision of the Services, is considered the data for the Bank. The goals, principles and legal bases of activities related to the collection, processing and protection of data are of great importance to the Bank and are an important priority.

The data is required for the Bank to protect the security of the financial transactions of the mobile app’s Users (hereinafter referred to as the Users), secure provision of the financial services (opening bank accounts and deposits, obtaining loans) and due provision of the Services, fulfillment of contractual obligations to the Users.

The Users are individuals registered in the Bank mobile app.

The use of the Bank mobile app functions means the User’s unconventional agreement to this Policy and the terms for processing his/her personal data specified therein. In case of disagreement with these terms, the User must refrain from using the Bank mobile app.

The User’s data (personal data) is IIN, Full Name, mobile phone number, date of birth, e-mail address, residential address (including similar data from the third parties specified by the User to provide them with the Services), biometric data and other data in accordance with the legislation of the Republic of Kazakhstan.

Upon the User’s consent, the mobile app (the RBS) gets access to:

• the User’s Geolocation;
• Reading the status of the User’s mobile device, including the phone number of the User’s mobile device, current information about the cellular network of the User’s mobile device, the status of all current calls, and a list of all accounts registered on the User’s mobile device (including the number of SIM cards and the presence of an e-SIM);
• The presence of the call at the time of using the mobile app (without information about the participants and the content of the call);
• Information about the installed apps on the device;
• Contacts in the phone book (allowing the User to select the recipient of the payment or transfer from the contacts for transfers by phone number);
• The User’s mobile device Camera;
• Microphone (allowing the User to send voice messages for communication);
• Digital documents provided through the integration of the digital document service with the Bank mobile app;
• Sending notifications, offers and information regarding the use of the Bank products, the provision of the Services, the provision of marketing information and newsletters, as well as the processing of the requests;
• The User’s SMS messages for auto-filling the OTP code in the Bank mobile app (the confirmation code sent by the Bank as an SMS message).
•  

Information collected automatically

The Bank collects diagnostic information, as well as information and performance information about the mobile app (the RBS) during its installation and use. This category includes information about the User’s actions (using the mobile app, interacting with other Users, etc.), date and time of visits from the mobile app, information about failures and characteristics of the mobile app, device model, information about the operating system, browser data, IP address, unique User and device IDs.

When the User makes a money transfer, the Bank receives payment information and confirmations of money transfers (data on the time and amount of transactions conducted, payment methods, information about the recipient and/or the service provider, descriptions of the reason for the transaction (if any)).

The Bank receives information provided by the third parties, which may contain data about the User and other persons specified by the User (when using the mobile app, the Users can provide the Bank with a phone number and/or other data, data from the third parties (IIN, Full Name, mobile phone number, date and/or year of birth, e-mail address, residential address), to make a money transfer, as well as send messages when making a money transfer, etc.).

The Bank cooperates with third-party entities that help the Bank to operate, provide, improve, analyze, configure, maintain and promote the Bank services.  For example, the Bank works with entities that provide: information and technical interaction services in the process of providing Bank services; delivery services; government and other services. In some situations, these entities may provide the Bank with the User’s information. The Mobile app allows the User to use the Bank services together with the services of third parties.

For what purposes does the Bank receive and process the User’s data?

The Bank processes the User’s data in order to be able to provide the Services to the User pursuant to the agreements concluded between the User and the Bank and (or) third parties, accessible through the mobile app.

The Bank uses this data for remote conclusion of contracts and receipt of the electronic Services; identification of the User within the framework of contracts and security provision; communication with the User (sending notifications, offers about the Bank products/services); verification of the data of the User and (or) the third parties transmitted by the User and (or) the third party for the provision of the Services.

The Bank processes the User data in order to comply with the legal requirements (to fulfill obligations to government agencies, to prevent fraud, misuse of the Services, and to ensure the data security).

The Bank complies with all the legal requirements on cross-border data transfer and helps protect the User’s data.

The Bank shall not disclose or transfer the User’s personal data to the third parties, except in the following cases:

• The transfer is required for the fulfillment of the contract concluded with the User, provision of the Services to the User;
• The transfer is provided for by the current legislation.
•  

When providing personal data of third parties to the Bank directly or through third parties, the User confirms that he/she has received their consent to collection, processing, and transferring (including cross-border) personal data to the Bank and third parties for provision of the relevant services without the right to post data in publicly available information sources.

The User is solely responsible to the third parties for his/her actions related to the use of the mobile app (including for the correctness of the data entered into the mobile app and the compliance of the entered data with the identity documents of the third parties).

The Bank’s security measures to keep information confidential

The Bank has technologies, internal procedures and performs all actions aimed at protecting the User’s data from outside interference, unauthorized attempts to access information, modification, detection of distortions and/or changes in the content of electronic documents, disclosure or destruction of personal data.

The Mobile app provides protection of the transmitted data between the User and the Bank. The User’s passwords are not displayed in the Bank system, they are stored and transmitted exclusively in encrypted form.

The User is obliged not to transfer the phone (including SIM card) to the third parties (on which the User is installed and from which the User is registered), not disclose, provide or hide the account data (the number of the mobile phone registered in the mobile app and password) when dialing from third parties. It is recommended to use and update anti-virus programs in a timely manner to ensure maximum protection. The User undertakes to inform the Bank immediately of any suspicion of unauthorized use of his/her account.

The Bank will store the User’s data in accordance with this Policy for as long as they are required to achieve the purposes of their collection and processing, and/or in order to comply with the requirements of the legislation of the Republic of Kazakhstan.

Personal data of minors

The Mobile app and its contents are not intended for persons under the age of 18.

The Bank does not have any methods for determining whether or not parental or guardian consent is available when using a mobile app for a person under the age of 18.

The parent or guardian should contact the Bank by contacting the Bank outlet/branch if:

• a person under the age of 18 provided personal information without the consent of his/her parents or guardians;
• The use of the mobile app is performed by a person under the age of 18 without the consent of a parent or guardian.

Confidentiality

If the User does not agree with the Policy, he/she is obliged to refuse to download the mobile app.

All disputes and disagreements arising from the relationship between the User of the mobile app and the Bank shall be resolved through negotiations (a written request for a voluntary settlement of the dispute).

The Policy and relations between the User and the Bank are governed by the law/legislation of the Republic of Kazakhstan. All rights to the mobile app, including the services implemented and developed, belong to Eurasian Bank JSC.