1. 
General Provisions
Policy of Privacy of “KICB”/ “KICB BUSINESS” internet- banking system in CJSC “Kyrgyz Investment and Credit Bank”
1.1. This Policy of Privacy was developed in accordance with the legislation of the Kyrgyz Republic and addressed to the “KICB”/ “KICB BUSINESS” internet-banking system Users (hereinafter referred to as the "User") - clients of CJSC "Kyrgyz Investment and Credit Bank" (hereinafter - "Bank").
1.2. This Privacy Policy shall define the methods of obtaining the list of collected personal data, the purposes of their collection, storage, processing and transfer to third parties, the rights and obligations of the Users and the Bank, as well as the list of measures taken by the Bank to ensure the security of the Users' personal data during their use of the “KICB”/ “KICB BUSINESS” internet-banking system (hereinafter referred to as "KICB" System).
1.3. This Privacy Policy shall be available for review on the Bank official website on the Internet at: www.kicb.net
1.4. For the purposes of this document, personal data about the User of the "KICB" System, the User’s "KICB" System, received by the Bank as a result of the User's usage of the "KICB" System, shall be recognized as confidential information.
2. Consent for the collection, storage, processing and transfer of personal data
2.1. Collection, storage, processing and transfer of confidential information to third parties shall be carried out exclusively within the framework of the concluded agreement or acceptance of the “Rules for provision and use of “KICB”/ “KICB BUSINESS” internet-banking system in CJSC “Kyrgyz Investment and Credit Bank”” (hereinafter referred to as the "Agreement"). The procedure and conditions for concluding the Agreement shall be determined in accordance with the legislation of the Kyrgyz Republic.
2.2. By accepting the terms of the Agreement and using “KICB” System, the User shall agree to the terms of collection, storage, processing and transfer of confidential information used by the Bank in the process of the "KICB" System usage.
3. List of collected personal data
3.1. This Privacy Policy shall be applied to all personal data and other information provided by Users upon acceptance of the Agreement, as well as received by the Bank in the process of providing services through the "KICB" System, including in partnership with other organizations.
3.2. The Bank shall use the following data about Users:
3.2.1. Identification data that the User provides to the Bank during the registration process. Such data includes:
Individuals: full name, date of birth, address, details of an identity document (name, series, number, date of issue of the document, authority that issued the document), telephone number, e- mail address, gender, as well as other information required by the Bank;
Individuals engaged in entrepreneurial activities as an individual entrepreneur on the basis of a patent or certificate: data of the certificate of state registration, TIN, legal address, OKPO code, registration number, data of the patent for entrepreneurial activity, data of the identity document, which certifies the personality of the manager, information about the founder/manager, telephone number, e-mail address, as well as other information required by the Bank;
Legal entities: data of the state registration certificate: name of the legal entity, TIN, legal address, OKPO code, registration number; a document proving the identity of the manager and his/her powers in relation to the legal entity, information about the founder, telephone number, e- mail address, as well as other information required by the Bank;
3.2.2. Mobile device and its usage data. The Bank shall collect data about the User's device, such as: the mobile device model and name, its operating system and version, IMEI code, phone number, IP address, etc.;
3.2.3. Transaction data. The Bank may have access to information about Users' transactions (including, but not limited to the data entered by the User when making transactions: the transaction amount, the service provider name, the personal account number of the service provider's subscriber, etc.) made through the "i- bank" of the User through various access channels.
3.3. The list of personal data collected for the purpose of providing services through the "KICB" System is not exhaustive and the Bank may change it in accordance with the legislation of the Kyrgyz Republic.
3.4. This Privacy Policy shall not apply to information collected on information resources owned by third parties or if the User transfers it to anyone independently through the use of various communication channels. Before using the information resources of third parties and transferring personal data to them, it is recommended:
3.4.1. The "KICB" System User shall undertake to follow the rules for the security and storage of personal data for Users described in the Agreement;
3.4.2. The "KICB" System User shall undertake to study carefully the Privacy Policy of information resources owned by third parties, and be cautious with the dissemination of confidential data.
4. Purposes for collection, storage, processing and transfer of privacy data
4.1. The Bank shall collect, store, process and transfer confidential data in order to:
4.1.1. Fulfill the terms of the Agreement with the User on provision of services through the "KICB" System;
4.1.2. Provide the banking services, services of the Bank's partners and representatives, including services provided to the Bank by third parties and by the Bank to third parties;
4.1.3. Improve the quality of provided services and maintenance;
4.1.4. Users participation in the contests, promotions and advertising campaigns of the Bank, including social networks;
4.1.5. Determine and forecast the Users’ needs, preferences and interests, provide discounts, hold promotions for goods and services, advertise the Bank, its partners and other events through a mobile application, web resources, SMS messages, PUSH notifications, e-mail, by phone, by mail and other available methods determined by the Bank itself;
4.1.6. Develop and propose the new products and services, informing Users about changes in the conditions of the services provided, the procedure for their provision and maintenance;
4.1.7. Counter the financing of terrorist activities and money laundering, as well as other illegal actions, in accordance with the legislation of the Kyrgyz Republic;
4.1.8. Provide maximum protection of Users from fraudulent activities related to the use of services through the "KICB" System and banking services of the Bank;
4.1.9. Provide reports to internal and external Users;
4.1.10. Collect the debts to the Bank;
4.1.11. Provide implementation by the Bank and third parties of the rights and obligations established by the legislation of the Kyrgyz Republic;
4.1.12. The Bank shall not be responsible if personal data was intentionally transferred by the User, or unintentionally became known to third parties due to the User’s fault.
5. Rights of the “KICB” System User
5.1. The "KICB" System User shall have right for the following:
5.1.1. Data change:
Changes in the User's available personal data shall be made upon User’s written application with provision of documents confirming the change in such data in accordance with the procedures and requirements of the Bank;
5.1.2. Withdrawal of consent to the collection, storage, processing and transfer of personal data:
The User shall have the right to revoke his/her consent at any time by submitting a written application (in free form) to the branch of the Bank. However, it should be taken into account that personal data is required to enable the Bank to provide services through the "KICB" System. The withdrawal of the User's consent in this case shall entail the termination of the provision of available services of the Bank and its partners;
5.1.3. Complaints and suggestions:
The user shall have the right to file a complaint and make his/her proposal on the procedure for collection, storage, process and transfer of personal data. The Bank shall consider and provide a reply to these requests as soon as possible in accordance with the legislation of the Kyrgyz Republic.
6. Terms for personal data storage
6.1. A storage of the Users’ personal data shall be made within a period, necessary for the Bank to achieve aims of its collection, storage, process and transfer according to Agreement taking into account the storage terms, regulated by the legislation of the Kyrgyz Republic.
7. Measures the Bank takes to protect the privacy data
7.1. The Bank shall implement, maintain and regularly improve organizational and technical protection measures at all stages of the life cycle of privacy data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions made with them by unauthorized persons.
7.2. Responsibility for ensuring the security of confidential information by the Bank's employees and other responsible persons shall be ensured by defining responsibility in policies, provisions of job descriptions, relevant contracts and agreements on non-disclosure of privacy information. The legislation of the Kyrgyz Republic Responsibility shall regulate the responsibility for a disclosure of confidential information.
7.3. The Bank shall take all organizational and technical measures depending on the Bank to protect and store the User's privacy information from unauthorized access by third parties, use, copying and distribution.
8. Transfer of personal data to the third parties
8.1. The Bank shall regulate a transfer of information to third parties in accordance with the current legislation of the Kyrgyz Republic.
8.2. The transfer of personal data to partners shall be based on the principles of legality and privacy of the transferred data. Each partner shall conclude an agreement with the terms of non-disclosure of confidential data of Users and other confidential information. The agreement with the partner shall provide a requirement to prevent the distribution of Users' personal data without their consent or other legal grounds.