Chapter 1 General provisions
1. These Confidentiality Rules for working in the system of remote banking services for individuals at the Subsidiary JSC VTB Bank (Kazakhstan) (hereinafter referred to as the Rules) shall apply to all information, which the Bank and/or its affiliates, including all persons belonging to the same group with VTB Bank (PJSC), can receive about the user, during the use of his/her cell phone application. The Bank's services include the application posted on the website www.vtb-bank.kz, in online stores Google Play, AppStore, Huawei AppGallery (AppGallery), and Samsung Galaxy Store.
2. Use of the application means the user's unconditional agreement with the Rules and the terms of processing of his/her personal data specified therein. In case of disagreement with these terms, the user must refrain from using the application.
Chapter 2: Basic Terms and Abbreviations
3. The following terms and abbreviations are used in these Rules:
1) The bank is Subsidiary JSC VTB Bank (Kazakhstan);
2) legislation is the current legislation of the Republic of Kazakhstan;
3) personal data is the information outlined in paragraph 6 of these Rules;
4) application is the "VTB KZ Online" mobile banking application;
5) user is the person using the application;
6) service(s) are services provided by the Bank on the grounds of the appropriate contract/agreement concluded with the user.
Chapter 3: User's personal data received and processed by the Bank
4. Information about the user's telephone number for identifying the party within the framework of the contracts/agreements, improving the quality of the anti-fraud mechanism, and operating the service of money transfers by telephone number.
5. Information about telephone numbers from the device's address book for making it easier for users to make money transfers.
6. Within the framework of the Rules, "personal data" means:
1) Personal data that the User provides about himself/herself in the process of using the application. The information that must be provided is marked in a special way. Other information is provided by the user at his/her discretion;
2) Data that is automatically transmitted by the application during its operation and is required by the Bank for the high-quality provision of remote services, including IP address, information about the telephone model, serial number, access time, geographical coordinates (geolocation), actions in the application;
3) Voice data in the form of recordings of spoken phrases (speech) received through the microphone of the device used for activation and interaction with the "Voice Assistant" application service, in the same or modified (text) form with the following actions: extraction, collection, recording, accumulation, systematization, storage, use, blocking, removal, destruction of such information, as well as automatic recognition of replica content and processing of the information obtained by the Bank as a result of such recognition.
Chapter 4. Purposes of users’ personal data collecting and processing
7. The Bank only collects and stores personal data that is necessary to provide the service(s).
8. The Bank may use the user's personal information for the following purposes:
1) party identification (within the framework of concluded contracts/agreements);
2) providing the user with personalized services;
3) communication with the user, including sending notifications, requests, and other information related to the use of the application, the provision of services, as well as processing requests and proposals from the user;
4) improving the quality of the application, its usability, the development of new applications and services;
5) ensuring the safety of users when working in the application;
6) carrying out statistical and other studies, based on impersonal data;
Chapter 5. Terms of processing of user personal data and their transfer to third parties
9. The Bank undertakes to take measures to prevent unauthorized access of third parties to the user's personal data obtained in connection with the use of the application. The user's personal data may be provided to third parties only in the manner prescribed by the current legislation of the Republic of Kazakhstan.
10. If the transfer of data via access channels is carried out at the request of or according to the user's order, the Bank shall not be liable for unauthorized access of third parties to such data during their transfer.
Chapter 6. Change of personal data by the user
11. The user may at any time change (update, supplement) the provided personal data or part thereof by contacting the branch of the Bank.
12. The user can disable automatic geolocation in the application in the "Settings/Location" section.
Chapter 7. Measures used to protect users’ personal data
13. The Bank shall take necessary and sufficient organizational and technical measures to protect the personal data of the user by ensuring the prevention of unauthorized access to personal data, timely detection of unauthorized access, and minimization of its adverse effects, as well as accidental access, destruction, modification, blocking, copying, distribution, as well as against other unlawful actions of third parties.
Chapter 8: Feedback. Questions and suggestions
14. All suggestions or questions regarding the Rules should be sent to the Customer Support Service via telephone number +7 (727) 330-59-59 or using the feedback form on the Bank's website www.vtb-bank.kz.
Chapter 9. Final Provisions
15. Responsibility for compliance with these Rules shall be imposed on the Bank employees as far as they are concerned according to the current legislation of the Republic of Kazakhstan and internal documents of the Bank.
16. The matters, which are not covered by these Rules, shall be resolved in the manner prescribed by the current legislation of the Republic of Kazakhstan and internal documents of the Bank.
17. These Rules shall enter into force from the date of their approval by the Management Board of the Bank.