Rabitabank OJSC (hereinafter referred to as the Bank) has created Rabita Mobile application as a free application. Registration and use of this service is free, and is intended for use in real conditions (as it is).
This policy aims to inform users about the Bank’s policy regarding the collection, use and disclosure of personal information of Rabitabank customers and non-customers wishing to use our services. The protection of your personal information is important to us, which is why the Bank pays great attention to the protection of your information.
Collection, use and purpose of information.
You may be required to provide certain personal information for better and safer use of the Bank’s services and the secure storage of customer data. Collection of user data shall be carried out by the Bank to provide banking services, as well as information about banking products to customers, for marketing purposes, and other purposes specified in this policy.
The application shall also use third-party services where user information is collected/used. Third party services where user data will be collected/used shall be used to provide various new services by the Bank to users, to ensure the security of users and the application, and to prevent theft of user data.
Links to third party service providers’ privacy policies used in this application:
In order to ensure the security of operations and prevent fraudulent activities, the Bank shall have the right to transfer the following information to Kaspersky (JSB “Kaspersky”, address: 125212, Moscow, Leningrad highway, 39A, building 2, BC “Olympia Park”):
Software, User version of the Application, Environment Identifiers (device identifiers, IMSI, IMEI, device software identifiers, software installation identifiers, software versions, Operating system, user identifier and user access in the user version of the Application); information on the use of the fingerprint identification function on the device (information on the support of this function by the device, activation/deactivation of functions, the fact of changing the fingerprint used for identification on the device); installed application information (file names, package names, folders, permissions, certificates, source, libraries used, date and time of installation, application reputation); device location information (coordinates, coordinate accuracy); active network connections (GPRS, GPS, Wi-Fi); device roaming, network connection information (IP addresses, MAC addresses, URLs, HTTP router information, SSID, VPN connection information); device features (device software and hardware features, display features, sensor features, network connection information, current settings, current security settings, location, system settings, WebView settings, webGl data, canvas fingerprint); file information (size, name, folder, file MD5 hash sum); SensorEvent data; SensorEvent data.
The information required, collected from users and used is divided into the following categories:
User information - When a user creates and/or registers in an account, the Bank shall require users to provide full name, gender, date of birth, residential address, email address, phone number and bank card details in order to identify users in the system. In addition, the Bank may request additional information (marital status, activities in other banks, etc.) from users, if necessary, in order to provide more advanced services to users.
Location information - In order to ensure continuous access to the services provided by the Bank and the security of users when connecting to the application, it is necessary to determine the geographical location of the user’s mobile device. Information about the location of the user’s mobile device includes GPS data sent by the device, user coordinates, active network connections. In addition, the Bank shall use IP and MAC addresses, SSID, URL addresses and VPN contact information to locate the device in roaming.
Operational information - When the User conducts any operation through the Bank, the Bank shall collect the place of operation, amount, details of the service provider, payment method and other details related to the operation.
Information about installed applications - The bank shall collect metadata of applications available on the user’s device in order to ensure a secure connection of users to the application. Application metadata includes application file name, package name, route, permissions, certificates, installation source, library used, date and time of installation.
File information - The bank shall collect information about the files available on the user’s device in order to ensure a secure connection of users to the application. File information includes file size, name, route, and hash MD5 definition.
Biometric data - The bank shall use users’ biometric data to identify user accounts in the application. Biometric data refers to the device’s fingerprint data and information on the use of fingerprint verification functionality in the device. For this purpose, the bank shall collect device firmware and hardware information, screen features, sensor features, network connections, current settings, current security settings, location, system settings, WebView settings, fingerprint canvas information. In addition, information on device support, activation/deactivation of functionality and the fact of changing the fingerprint used for identification on the device shall be used by the Bank for the application of fingerprint verification functionality.
Software information - The bank shall use user device identifiers, IMSI, IMEI information, Firmware identifiers, installed software identifiers, installed software and operating system versions, end product user identifiers and user name to identify users’ software identifiers, end product, data subjects and environment information. In addition, the user’s device’s SensorEvent data shall also be used.
The information required, collected and used for all of the above categories will be used in the forms below:
Registration log information - In case of any error while using the application, the Bank shall collect information and indicators on the user’s device called “Registration log information” (through third-party products). “Registration log information” may include the Internet Protocol (“IP”) address of the user’s device, device name, operating system version, application configuration when using the service, date and time of service use, other statistics, etc.
Cookies (identification files) - Cookies are usually files that are used as anonymous identifiers and contain small amounts of information. Cookies shall be sent from the website visited by the user to the browser on the user’s device and stored in the internal memory of the device. Cookies shall not be used directly in the service provided by the bank to users. However, the Bank may use third-party code and library that uses Cookie files to collect information and improve its services. Users can accept or reject Cookie files. The user will be notified when the Cookie file is sent to the user’s device. If the user refuses the Cookie files, he/she may not be able to use certain parts of the service provided by the Bank.
Service providers - We may engage third-party companies and individuals for the following reasons, subject to the requirements of the law:
a) To facilitate the use of the service;
b) To provide service on our behalf;
c) To perform services related to the Service or;
d) To assist in the analysis of the use of the Service.
Users of this service must be aware that for any of the above reasons, third parties involved in the service will have access to your User’s personal information in order for the services to be performed. The third party companies or persons involved in the service shall not disclose user information to other companies or persons and shall not use it for any purpose other than for the purposes agreed with the Bank.
Security - It is highly valued that users trust their personal information to the Bank, and efforts are made to use commercially acceptable means to protect this information. However, it should be borne in mind that no method of transmitting data over the Internet or storing them electronically is 100% reliable and secure, so the Bank cannot guarantee that these methods are completely secure.
The concept of “age control” - The services provided by the Bank do not apply to persons under the age of 18 without the expression of will or written consent of both parents. Personal data of persons under the age of 18 without the expression of will or written consent of both parents shall not be collected unambiguously by the Bank. If it is discovered that the personal data of a person under the age of 18 have been submitted to the Bank without the expression of will or written consent of both parents, that information will be immediately deleted from the Bank’s servers. If the User finds that his/her child or the child under his/her guardianship has provided us with his/her personal information, we ask that User to contact us to take appropriate action. The requirements of this article do not apply to emancipated persons. The information of these persons will be collected in the manner stipulated by the Policy.
Tel.: (994 12) 598 44 88
Fax: (994 12) 497 11 01