“Altyn-i” (“Altyn Bank” JSC (Joint stock company) (SB (Subsidiary bank) of China CITIC Bank Corporation Ltd (Limited))), hereinafter referred to as the “Bank”, thanks you for your interest in the Products and Services provided by the Bank, hereinafter referred to as the “Bank services”. The protection of your personal information is very important to the Bank, therefore we take special care in protecting the data that is collected and processed when using the Bank services.
The Bank services are a mobile application and website that allow users of the Bank services, hereinafter referred to as “Users”, to interact with the Bank within the framework of the concluded Banking services agreement, and without concluding such agreements, as well as to interact with the Bank’s partners under agreements signed between the Bank and such partners, including the information sharing and the performance of individual transactions via the Internet or via special application of a mobile device (smartphone, tablet computer, etc.), as well as an electronic payment system (e-payment system) that allows users of mobile devices to pay for services, make money transfers between individuals through social networks and also to shopping online.
1. Received and used information of the Users, as well as the purpose of its use
User information. When creating an account and / or registering, the Bank requests information about the User, for example, Full name (Name, surname, patronymic), gender, date of birth, IIN (Individual identification number), details of the identity document (ID – details), residence and registration address, email address, phone number, photo images and video content that containing biometric data of the User, obtained using the camera or in any other way, education data, information about the contact data of the User (phone and / or address book, contacts in a mobile device), as well as data sent by the web server automatically. An additional information may also be requested by the Bank.
Mobile device information. The Bank collects data on Users’ mobile devices, such as the mobile device model, operating system version, unique device identifiers, as well as data on the mobile network and mobile phone number. In addition, the device ID (identifier) and mobile phone number can be linked to the User’s account.
Location information. The Bank services that support the geographic location function of the User’s mobile device allow the Bank to receive information about the location of the User’s actual location, including GPS (Global Positioning System) data sent by the mobile device.
Information about the transactions performed. When making transactions for payment for goods and services, money transfers, etc., the Bank collects data on the place, time and amount of transactions, the type of payment method, information about the merchant and / or service provider, descriptions of the reason for the transaction, if any, and other information related to the performance of the above transactions.
2. Terms and conditions of information processing
3. Providing User information to third parties
The Bank shall not to provide user information to companies and individuals unrelated to the Bank, except for the following cases:
– The user has given its consent. To provide the Bank with information of Users to companies and individuals unrelated to the Bank, including other Users, additional consent of the User is requested.
– In accordance with the current legislation of the Republic of Kazakhstan. The Bank may provide summarized anonymized (de-identified) data of the Users of the Bank services to partners (for example, for the purpose of conducting statistical studies and other studies).
When transferring User information abroad, the Bank ensures compliance with the current legislation of the Republic of Kazakhstan with respect to information of Users, including by entering into agreements, in which it will be guaranteed that the recipients of information adhere to the appropriate level of protection.
4. Security measures used to keep information confidential
The Bank takes all possible measures to ensure the safety and protection of Users’ personal information from unauthorized access (hacking attack), modification, disclosure or destruction, as well as other types of improper use. In particular, the Bank is constantly improving the methods of collecting, storing and processing data, including physical security measures, to counteract unauthorized access to the systems of the Bank for the purpose of theft of property, phishing (fishing) and other types of fraud. The bank also restricts access to Users personal information by employees, contractors and agents, providing for strict contractual obligations in the field of confidentiality, for violation of which, strict liability and penalties are established.
The security of using the Bank services also depends on the User’s compliance with the recommendations, which can be found in the official website of the Bank. The User must keep account data, such as login and password, secret from third parties. The User undertakes to immediately notify the Bank of any case of suspicion of unauthorized use of its account.
Compliance by the User with the Bank’s recommendations will ensure the maximum safety of the information provided to the Bank, including the details of the User’s plastic card (or other electronic payment instrument), and other data, as well as mitigate possible risks when performing transactions using the details of the plastic card (or other electronic payment instrument) for non-cash payment for goods and services, including online (the Internet) payments.