Privacy Policy
Rabitabank OJSC (hereinafter referred to as the Bank) has created Rabita Mobile application as a free application. Registration and use of this service is free, and is intended for use in real conditions (as it is).
This policy aims to inform users about the Bank’s policy regarding the collection, use and disclosure of personal information of Rabitabank customers and non-customers wishing to use our services. The protection of your personal information is important to us, which is why the Bank pays great attention to the protection of your information.
If you wish to use our service, you agree to collection of information about you within this policy, provision of various financial and non-financial services to customers by the Bank, as well as use of this information by the Bank’s partner companies to protect customer data and operations. The personal information we collect is used to provide service, maintain and improve the security of customer data and operations. We will share or use this information with a third party within the scope of our existing Privacy Policy.
Unless otherwise specified in this Privacy Policy, the terms used herein shall have the same meaning as those set out in the “Rules on the provision of services through Mobile Banking” adopted by the Bank.
Collection, use and purpose of information.
You may be required to provide certain personal information for better and safer use of the Bank’s services and the secure storage of customer data. Collection of user data shall be carried out by the Bank to provide banking services, as well as information about banking products to customers, for marketing purposes, and other purposes specified in this policy.
The application shall also use third-party services where user information is collected/used. Third party services where user data will be collected/used shall be used to provide various new services by the Bank to users, to ensure the security of users and the application, and to prevent theft of user data.
Links to third party service providers’ privacy policies used in this application:
In order to ensure the security of operations and prevent fraudulent activities, the Bank shall have the right to transfer the following information to Kaspersky (JSB “Kaspersky”, address: 125212, Moscow, Leningrad highway, 39A, building 2, BC “Olympia Park”):
Software, User version of the Application, Environment Identifiers (device identifiers, IMSI, IMEI, device software identifiers, software installation identifiers, software versions, Operating system, user identifier and user access in the user version of the Application); information on the use of the fingerprint identification function on the device (information on the support of this function by the device, activation/deactivation of functions, the fact of changing the fingerprint used for identification on the device); installed application information (file names, package names, folders, permissions, certificates, source, libraries used, date and time of installation, application reputation); device location information (coordinates, coordinate accuracy); active network connections (GPRS, GPS, Wi-Fi); device roaming, network connection information (IP addresses, MAC addresses, URLs, HTTP router information, SSID, VPN connection information); device features (device software and hardware features, display features, sensor features, network connection information, current settings, current security settings, location, system settings, WebView settings, webGl data, canvas fingerprint); file information (size, name, folder, file MD5 hash sum); SensorEvent data; SensorEvent data.
The information required, collected from users and used is divided into the following categories:
User information - When a user creates and/or registers in an account, the Bank shall require users to provide full name, gender, date of birth, residential address, email address, phone number and bank card details in order to identify users in the system. In addition, the Bank may request additional information (marital status, activities in other banks, etc.) from users, if necessary, in order to provide more advanced services to users.
Location information - In order to ensure continuous access to the services provided by the Bank and the security of users when connecting to the application, it is necessary to determine the geographical location of the user’s mobile device. Information about the location of the user’s mobile device includes GPS data sent by the device, user coordinates, active network connections. In addition, the Bank shall use IP and MAC addresses, SSID, URL addresses and VPN contact information to locate the device in roaming.
Operational information - When the User conducts any operation through the Bank, the Bank shall collect the place of operation, amount, details of the service provider, payment method and other details related to the operation.
Information about installed applications - The bank shall collect metadata of applications available on the user’s device in order to ensure a secure connection of users to the application. Application metadata includes application file name, package name, route, permissions, certificates, installation source, library used, date and time of installation.
File information - The bank shall collect information about the files available on the user’s device in order to ensure a secure connection of users to the application. File information includes file size, name, route, and hash MD5 definition.
Biometric data - The bank shall use users’ biometric data to identify user accounts in the application. Biometric data refers to the device’s fingerprint data and information on the use of fingerprint verification functionality in the device. For this purpose, the bank shall collect device firmware and hardware information, screen features, sensor features, network connections, current settings, current security settings, location, system settings, WebView settings, fingerprint canvas information. In addition, information on device support, activation/deactivation of functionality and the fact of changing the fingerprint used for identification on the device shall be used by the Bank for the application of fingerprint verification functionality.
Software information - The bank shall use user device identifiers, IMSI, IMEI information, Firmware identifiers, installed software identifiers, installed software and operating system versions, end product user identifiers and user name to identify users’ software identifiers, end product, data subjects and environment information. In addition, the user’s device’s SensorEvent data shall also be used.
The information required, collected and used for all of the above categories will be used in the forms below:
Registration log information - In case of any error while using the application, the Bank shall collect information and indicators on the user’s device called “Registration log information” (through third-party products). “Registration log information” may include the Internet Protocol (“IP”) address of the user’s device, device name, operating system version, application configuration when using the service, date and time of service use, other statistics, etc.
Cookies (identification files) - Cookies are usually files that are used as anonymous identifiers and contain small amounts of information. Cookies shall be sent from the website visited by the user to the browser on the user’s device and stored in the internal memory of the device. Cookies shall not be used directly in the service provided by the bank to users. However, the Bank may use third-party code and library that uses Cookie files to collect information and improve its services. Users can accept or reject Cookie files. The user will be notified when the Cookie file is sent to the user’s device. If the user refuses the Cookie files, he/she may not be able to use certain parts of the service provided by the Bank.
Service providers - We may engage third-party companies and individuals for the following reasons, subject to the requirements of the law:
a) To facilitate the use of the service;
b) To provide service on our behalf;
c) To perform services related to the Service or;
d) To assist in the analysis of the use of the Service.
Users of this service must be aware that for any of the above reasons, third parties involved in the service will have access to your User’s personal information in order for the services to be performed. The third party companies or persons involved in the service shall not disclose user information to other companies or persons and shall not use it for any purpose other than for the purposes agreed with the Bank.
Security - It is highly valued that users trust their personal information to the Bank, and efforts are made to use commercially acceptable means to protect this information. However, it should be borne in mind that no method of transmitting data over the Internet or storing them electronically is 100% reliable and secure, so the Bank cannot guarantee that these methods are completely secure.
Links to other websites - This service may provide links to other websites. If the user clicks on a third party link, they will be redirected to the relevant website. The user should take into account that foreign websites belonging to third parties are not operated by the Bank. For this reason, it is recommended that users read the Privacy Policy of these websites. We do not control the content, privacy policy or work principle of third party websites or services, and we are not responsible for them.
The concept of “age control” - The services provided by the Bank do not apply to persons under the age of 18 without the expression of will or written consent of both parents. Personal data of persons under the age of 18 without the expression of will or written consent of both parents shall not be collected unambiguously by the Bank. If it is discovered that the personal data of a person under the age of 18 have been submitted to the Bank without the expression of will or written consent of both parents, that information will be immediately deleted from the Bank’s servers. If the User finds that his/her child or the child under his/her guardianship has provided us with his/her personal information, we ask that User to contact us to take appropriate action. The requirements of this article do not apply to emancipated persons. The information of these persons will be collected in the manner stipulated by the Policy.
Making changes to the Privacy Policy - We may update our Privacy Policy from time to time. For this reason, users should regularly visit the current page to check for changes. Any changes to the Privacy Policy will be reflected on this page, and users will be regularly notified of changes or updates. Changes take effect immediately upon posting on this page.
If you have any questions or suggestions about our Privacy Policy, please contact us at the email address below:
Tel.: (994 12) 598 44 88
Fax: (994 12) 497 11 01
iii. 133@rabitabank.com