Homebank application, Halyk Bank

We at Halykbank Bank (hereinafter — the Bank) would like to thank you for your interest in the Bank's products and Services. The protection of your personal information is very important to us and we are committed to the protection of data that are collected and processed as you use the Bank's Services. The Bank's Services include Internet banking mobile applicationsas well as other services posted on the website Homebank.kz, that enable Users to communicate with the Bank under executed banking service contracts and/payment card contracts and/or other contracts or without any such executed contract, including information exchange and individual transactions on the Internet or by using a special mobile device (smartphone, tablet PC, etc.) application and/or an e-payment system that enables mobile device users to pay for services, transfer money between individuals over social networks and shop on the Internet as well as traditional acquiring services. By accessing the Bank's Services a User consents without reservations to provisions of this Privacy Policy. The Bank shall protect the security of personal information received from Bank Service Users under laws of republic of Kazakhstan. This Privacy Policy has been designed to specify details that may be requested from Bank Service Users and ways in which such details may be processed by the Bank or other parties. This Privacy Policy also specifies purposes for which Users' personal information may be requested or disclosed. This Privacy Policy further specifies basic precautions that Users must follows to keep their personal information confidential.

This Regulation shall apply exclusively to information received by the Bank as a result of use of the Bank's Services by Users.

The Bank collects User information exclusively for purposes of technical management of the Bank's Services and for review and improvement of the Bank's Services; for purposes of informing Users on the Bank's services and products; for marketing purposes; and for other purposes referred to in this Privacy Policy. In this Privacy Policy User information means personal information that a User passes to the Bank on his or her own when creating an account, registering, etc. and while using a Service (full name, sex, e-mail address, telephone number, etc.); and data transmitted automatically during use of the Bank's Services including but not limited to IP address, details of the mobile device used for access purposes, etc.

The following information may be requested and received during use of the Bank's Services:

• User information. When a user creates an account and/or registers, the Bank requests the user's information such as his or her full name, sex, birth date, residence address, e-mail address, telephone number and details of the bank card or another electronic payment instrument. The Bank may also request additional information. Subject to a User's separate consent, the Bank may receive a User's contact details (telephone and/or address book, mobile device contacts)
• Phone number. The Client's personal mobile phone number used to register and connect to Homebank as login. The phone number can be used by the Bank for informational and financial interaction with the Client.
• Mobile device information. The Bank collects details of Users' mobile devices such as the mobile device model, operating system version, device unique identifiers, mobile network details and the mobile telephone number. In addition, the device identifier and the mobile telephone number may be linked to the User's account.
• Permissions for SMS-based financial transactions and money management.
• Location information. The Bank's Services that support the User mobile device geographical location function enable the Bank to receive details of a User's actual location including GPS data sent by a mobile device.
• Transaction information. When goods and/or services are paid for, when money is transferred, etc., the Bank collects transaction location, time and amount details, payment method details, seller and/or service provider details, details of the reason for the transaction (if any) and other information in relation to such transactions. Information about installed applications. The Bank collects metadata of the applications installed on the User's mobile device, such as the application name, application ID and checksum. These data are used by the Bank to detect malware and viruses in order to ensure the security of the User's data when using the mobile application. The Bank shall use and process User information in accordance with this Privacy Policy, the Bank's Customer Personal Data Protection Regulations and laws of the republic of Kazakhstan on personal information security.
• Device ID & call information. Read-only access to the status of the Customer’s mobile device, including the Customer’s mobile phone number, current information about the Customer’s mobile network, the status of all current calls and a list of all accounts registered on the Customer’s mobile device. To increase the level of security use of the app.
• Phonebook of the Customer’s mobile device. For the use of the Customer’s phonebook for the purpose of autocomplete the phone number, in the menu "Replenish" (mobile replenishment) and Mobile transfers.
• Access to the camera of the Customer’s mobile device, access to the media library (photo gallery/video gallery) of the Customer’s mobile device. To create photographic documents, to create and/or save an image and/or a photo, to save mediamaterials, to save the image.
• Audio recording. To make calls when registering within Halyk Homebank to communicate with the Bank's manager.

The Bank shall be entitled to pass User information to the Bank's affiliated persons and such other companies as may be associated with the Bank for the aforesaid purposes. The Bank's affiliated persons and associated companies shall adhere to this Privacy Policy.

The Bank shall not pass User information to companies and/or private persons that are not associated with the Bank except: — with the User's consent. A User's additional consent is requested for the Bank to pass User information to companies and/or private persons that are not associated with the Bank. — as required by current laws. The Bank provides User information if such information is required to be received, used and disclosed for purposes of:

• implementation of and compliance with current laws, court rulings or lawful requirements of public bodies;
• detecting, stopping and otherwise preventing fraud and remedy of technical faults or security issues;
• protection of rights, property and security of the Bank and Bank Service Users to the extent permitted by current laws. The Bank may provide generalized and depersonalized details of Bank Service Users to partners such as publishers, advertisers, etc. (e.g. for statistical and other research purposes). When passing User information abroad, the Bank shall procure that current laws and this Regulation are complied with in respect of User information by executing contracts to guarantee that information recipients maintain an appropriate level of protection.

Security measures used to keep information confidential The Bank shall take every possible measures to ensure that User information is secure and protected from unauthorized access, modification, disclosure or destruction and other improper use. In particular, the Bank shall on an ongoing basis improve ways in which data is collected, stored and processed, including User compliance with the Bank's recommendations will help to ensure maximum protection of information passed to the Bank including details of the User's bank card (or other electronic payment instrument) and other details and will reduce possible risks in performing transactions by using details of the bank card (or another electronic payment instrument) when paying cashless for goods and services including payments on the Internet.

Information transfer terms The User gives his/her consent to the Bank on processing his/her data specified as when registering in the Bank’s Mobile Application and/or Internet Bank, by any means, including by third parties, including but not limited to reproduction, electronic copying, depersonalization, blocking, destruction, as well as the above mentioned processing of his/her other personal data obtained as a result of their processing, in order to: providing access to the functionality of the Bank's Mobile Application and/or Internet Bank, as well as for

• Conclude a universal agreement with the Bank;
• Issue and service bank cards;
• Create information systems of personal data of the Bank;
• Insure his/her life/health/property and perform other insurance carried out with the Bank assistance or in favour of the Bank and/or in connection with the conclusion of the agreement;
• As well as for any other purposes directly or indirectly related to issuing and servicing bank cards and an offer for other products of the Bank, and providing the User with the information about new products and services of the Bank and/or its counterparties.

The User gives his/her consent to the Bank’s counterparties on processing all personal data available to the Bank and/or the Bank’s counterparties, among other things in order to inform the User about the services of the counterparties, as well as to process the information about subscribers and the communication services rendered to them (if the Bank’s counterparty is a communication provider) in order to assess the probability of the User’s solvency in the future for making a decision on the issue of a credit card. The specified consent has been given for a period of 15 years, and in the event of its recall, the processing of the User’s personal data should be stopped by the Bank and/ or third parties and the data should be destroyed subject to termination of the Agreement and full repayment of the debt under the Agreement no later than one (1) year from the date of the Agreement termination.

Changes to this Privacy Policy. Applicable law The Bank shall be entitled to update and change provisions of this Privacy Policy at any time. Any new version of the Privacy Policy shall be effective from its placing unless otherwise provided in such new version of the Privacy Policy. The Bank recommends that Bank Service Users consult this Privacy Policy on a regular basis to keep up with the latest version.