Statement of Policy and Practices
This Statement is made by Brillink Bank Corporation Limited (the “Bank”) in accordance with the AIFC Data Protection Regulations (AIFC Regulations No. 10 of 2017) and AIFC Data Protection Rules (AIFC Rules No. 1 of 2018) (the “Rules and Regulations”) of the Astana International Financial Centre (“AIFC”) in the Republic of Kazakhstan and intended to notify you why personal data is collected, how it will be used and to whom data access requests are to be addressed. This Statement is also intended to set out the policies and practices of the Bank for protecting personal data privacy in accordance with the provisions of the Rules and Regulations.
When the Bank collects personal data from individuals, the Notice relating to the AIFC Data Protection Regulations (AIFC Regulations No. 10 of 2017) and AIFC Data Protection Rules (AIFC Rules No. 1 of 2018) (the “Rules and Regulations”) of the Bank (the “Data Protection Notice”) will be provided to them on or before the collection in an appropriate format and manner (e.g. in the same paper form or web page that collects the personal data).
Bank’s Privacy Principles
To preserve the confidentiality of the information that the Bank obtained, we follow and maintain the following principles:
A. Kind of Personal Data Held by the Bank
There are two broad categories of personal data held by the Bank. They are personal data related to customers and employees (including potential, current and former ones) of the Bank.
Personal data held by the Bank regarding customers may include the following:
Personal data relating to employment held by the Bank may include, but not limited to, name, information of identification documents, address, contact information, educational background, qualifications, career history, outside employment, medical records, curriculum vitae and relevant personal data of family members of employees.
The Bank may hold other kinds of personal data which it needs in the light of experience and the specific nature of its business.
B. Collecting, processing and use of your personal data
In the course of collecting personal data, the Bank will provide the individuals concerned with the Notice relating to the AIFC Data Protection Regulations (AIFC Regulations No. 10 of 2017) and AIFC Data Protection Rules (AIFC Rules No. 1 of 2018) (the “Rules and Regulations”) (the “Data Protection Notice”) informing them of the purpose of collection, classes of persons to whom the data may be transferred/disclosed, their rights to access and correct the data, and other relevant information.
The purposes for which data relating to a customer may be used are as follows:
The purposes for which data relating to employees and potential employees may be used are as follows:
C. Disclosure of Personal Data
Data held by the Bank relating to you will be kept confidential but the Bank may provide such data to the following parties (whether within or outside the AIFC) for the purposes set out in paragraph B above and such data may be transferred to a place outside AIFC:
(1) the Bank’s group companies;
(2) third party financial institutions, insurers, credit card companies, securities and investment services providers;
(3) third party reward, loyalty, co-branding and privileges programme providers;
(4) co-branding partners of the Bank and the Bank’s group companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
(5) charity or non-profit making organisations;
(6) external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Bank engages for the purposes set out in paragraph B (vii) and/or B (viii) above.
D. Use of Personal Data in Direct Marketing
Where you are a customer, the Bank intends to use your personal data in direct marketing and the Bank requires your consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
1. financial, insurance, credit card, banking and related services and products;
2. reward, loyalty or privileges programmes and related services and products;
3. services and products offered by the co-branding partners of the Bank or the Bank’s group companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
4. donations and contributions for charitable and/or non-profit making purposes;
If you do not wish the Bank to use or provide to other persons your data for use in direct marketing as described above, you may exercise your opt-out right by notifying the Bank without charge.
E. Provision of Another Person’s Data
Where you provide to us data about another person, you should give to that person a copy of this Notice and, in particular, tell him/her how we may use his/her data.
F. Retention of Personal Data
The Bank takes practicable steps to ensure that personal data will not be kept longer than necessary for the fulfillment of the purposes (including any directly related purpose) for which the data are or are to be used and the compliance of all applicable statutory and regulatory requirements and contractual obligations. Different retention periods apply to the various kinds of personal data collected and held by the Bank in accordance with internal customer document retention and destruction policy subject to the legal and regulatory requirements.
G. Security of Personal Data
The Bank ensures an appropriate level of protection for personal data in order to prevent unauthorized or accidental access, processing, erasure, loss or other use of that data.
Access and Correction
You have the right to access and update your information and contact us. It is the policy of the Bank to comply with and process all data access and correction requests in accordance with the provisions of the Ordinance, and for all staff concerned to be familiar with the requirements for assisting individuals to make such requests. The Bank may charge a fee for processing your request for access. Such a fee depends on the nature and complexity of your access request.
Enquiries
If you have any question about our Privacy Policy Statement, or how you may request access, correct or exercise your rights with respect to the processing of your personal data, please write to us at:
Data Protection Officer
Brillink Bank Corporation Limited
Mangilik El 55/20, Block C4.1, office 251-252, Z05T3D0
E-mail Address:info@brillinkbank.com
Notice relating to the AIFC Data Protection Regulations (AIFC Regulations No. 10 of 2017) and AIFC Data Protection Rules (AIFC Rules No. 1 of 2018) (the “Rules and Regulations”) of the Bank (the “Data Protection Notice”) for Brillink Bank Corporation Limited
This Statement is made by Brillink Bank Corporation Limited (the “Bank”) in accordance with the AIFC Data Protection Regulations (AIFC Regulations No. 10 of 2017) and AIFC Data Protection Rules (AIFC Rules No. 1 of 2018) (the “Rules and Regulations”) of the Astana International Financial Centre (“AIFC”) in the Republic of Kazakhstan and intended to notify you why personal data is collected, how it will be used and to whom data access requests are to be addressed. This Statement is also intended to set out the policies and practices of the Bank for protecting personal data privacy in accordance with the provisions of the Rules and Regulations.
When the Bank collects personal data from individuals, the Notice relating to the AIFC Data Protection Regulations (AIFC Regulations No. 10 of 2017) and AIFC Data Protection Rules (AIFC Rules No. 1 of 2018) (the “Rules and Regulations”) of the Bank (the “Data Protection Notice”) will be provided to them on or before the collection in an appropriate format and manner (e.g. in the same paper form or web page that collects the personal data).
To preserve the confidentiality of the information that the Bank obtained, we follow and maintain the following principles:
The Bank only collects personal data for a lawful purpose directly related to a function or activity of the data user who is to use the data; which is necessary for or directly related to that purpose; and the data is adequate but not excessive in relation to that purpose;
The Bank would take all practicable steps to procure accuracy of personal information held on our records and ensure them up-to-date having regard to the purpose (including any directly related purpose) for which the personal data is or is to be used;
The Bank only uses personal data for the purposes described in the following and without the consent of the data subject, the personal data shall not be used for a new purpose;
The Bank may be required from time to time to disclose personal data to a third party (including but not limited to Governmental or judicial bodies or agencies or our regulators), but we will only do so under proper authority, applicable laws and court orders.
Data subjects have rights of access to and correction of their personal data.
The Bank maintains strict internal control and security systems to keep the personal data confidential and prevent unauthorised access to personal information by anyone, including staff of the Bank.
There are two broad categories of personal data held by the Bank. They are personal data related to customers and employees (including potential, current and former ones) of the Bank.
Personal data held by the Bank regarding customers may include the following:
name and address, occupation, contact details, date of birth and nationality of customers and marital status of customers and their identity card and/or passport numbers and place and date of issue thereof;
current employer, nature of position and annual salary of customers;
information obtained by the Bank in the ordinary course of the continuation of the business relationship (for example, personal data collected when customers deposit money or generally communicate verbally or in writing with the Bank, by means of documentation or telephone recording system, as the case may be); and
Information received and collected from handling complaint cases lodged by customers.
Personal data relating to employment held by the Bank may include, but not limited to, name, information of identification documents, address, contact information, educational background, qualifications, career history, outside employment, medical records, curriculum vitae and relevant personal data of family members of employees.
The Bank may hold other kinds of personal data which it needs in the light of experience and the specific nature of its business.
In the course of collecting personal data, the Bank will provide the individuals concerned with the Notice relating to the AIFC Data Protection Regulations (AIFC Regulations No. 10 of 2017) and AIFC Data Protection Rules (AIFC Rules No. 1 of 2018) (the “Rules and Regulations”) (the “Data Protection Notice”) informing them of the purpose of collection, classes of persons to whom the data may be transferred/disclosed, their rights to access and correct the data, and other relevant information.
The purposes for which data relating to a customer may be used are as follows:
processing of applications for banking and/or other financial services and facilities;
the daily operation of the services and credit facilities provided to or secured by you;
conducting credit checks at the time of application for credit and at the time of regular or special reviews which normally will take place one or more times each year;
creating and maintaining the Bank’s credit scoring models;
assisting other financial institutions to conduct credit checks and collect debts;
ensuring your ongoing credit worthiness;
conducting customer surveys and/or designing financial services or related products for customers’ use;
marketing services, products and other subjects (please see further details in paragraph D below);
determining amounts owed to or by you;
enforcing the Bank’s rights, including without limitation, collection of amounts outstanding from you and those providing security for your obligations;
complying with the obligations, requirements or arrangements for disclosing and using data that apply to the Bank or that it is expected to comply according to:
any law binding or applying to it within or outside the AIFC existing currently and in the future (e.g. AIFC Common Reporting Standard Regulations (AIFC Regulations No. 26 of 2019), AIFC Common Reporting Standard Rules (AIFC Rules No. AFSA-L-PC-2019-0006 of 2019) and its provisions including those concerning automatic exchange of financial account information);
any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers within or outside the AIFC existing currently and in the future (e.g. guidelines or guidance given or issued by the Astana Financial Services Authority including those concerning automatic exchange of financial account information); or
any present or future contractual or other commitment with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers that is assumed by or imposed on the Bank by reason of its financial, commercial, business or other interests or activities in or related to the jurisdiction of the relevant local or foreign legal, regulatory, governmental, tax, law enforcement or other authority, or self-regulatory or industry bodies or associations;
complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within the group of the Bank and/or any other use of data and information in accordance with any group-wide programmes for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
enabling an actual or proposed assignee of the Bank, or participant or sub-participant of the Bank’s rights in respect of you to evaluate the transaction intended to be the subject of the assignment, participation or sub-participation; and
updating, comparing and/or verifying any and all of your personal information that may be held by any affiliates, group companies, agents or service providers of the Bank; and
purposes relating thereto.
The purposes for which data relating to employees and potential employees may be used are as follows:
processing employment applications;
determining and reviewing salaries, bonuses and other benefits;
consideration for promotion, training, secondment or transfer;
consideration of eligibility for employee benefits and entitlements;
providing employee references;
monitoring compliance with internal rules of the Bank;
meeting the requirements to make disclosure under the requirements of any law binding on the Bank and for the purposes of any guidelines issued by regulatory or other authorities with which the Bank are expected to comply;
administering any affairs or benefits relating to the retirement and insurance plan of employees and their family members; and
purposes relating thereto.
Data held by the Bank relating to you will be kept confidential but the Bank may provide such data to the following parties (whether within or outside the AIFC) for the purposes set out in paragraph B above and such data may be transferred to a place outside AIFC:
any agent, contractor or third party service provider (including any of the Bank’s group companies) who provides administrative, telecommunications, computer, payment or clearing or other services to the Bank in connection with the operation of its business, including mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies that the Bank engages for the purposes set out in paragraph B(viii) above;
any other person under a duty of confidentiality to the Bank including a group company of the Bank which has undertaken to keep such information confidential;
the drawee bank providing a copy of a paid cheque (which may contain information about the payee) to the drawer;
credit reference agencies, and, in the event of default, to debt collection agencies;
any person to whom the Bank is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to the Bank, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which the Bank is expected to comply, or any disclosure pursuant to any contractual or other commitment of the Bank with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or self- regulatory or industry bodies or associations of financial services providers, all of which may be within or outside the AIFC and may be existing currently and in the future; and
any actual or proposed assignee of the Bank or participant or sub-participant or transferee of the Bank’s rights in respect of you;
any party giving or proposing to give a guarantee or third party security to guarantee or secure the customer’s obligations;
(1) the Bank’s group companies;
third party financial institutions, insurers, credit card companies, securities and investment services providers;
third party reward, loyalty, co-branding and privileges programme providers;
co-branding partners of the Bank and the Bank’s group companies (the names of such co- branding partners can be found in the application form(s) for the relevant services and products, as the case may be);
charity or non-profit making organisations;
external service providers (including but not limited to mailing houses, telecommunication companies, telemarketing and direct sales agents, call centres, data processing companies and information technology companies) that the Bank engages for the purposes set out in paragraph B (vii) and/or B (viii) above.
Where you are a customer, the Bank intends to use your personal data in direct marketing and the Bank requires your consent (which includes an indication of no objection) for that purpose. In this connection, please note that:
your name, contact details, products and services portfolio information, transaction pattern and behaviour, financial background and demographic data held by the Bank from time to time may be used by the Bank in direct marketing;
the following classes of services, products and subjects may be marketed:
financial, insurance, credit card, banking and related services and products;
reward, loyalty or privileges programmes and related services and products;
services and products offered by the co-branding partners of the Bank or the Bank’s group companies (the names of such co-branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
donations and contributions for charitable and/or non-profit making purposes;
the above services, products and subjects may be provided or (in the case of donations and contributions) solicited by the Bank and/or:
the Bank’s group companies;
third party financial institutions, insurers, credit card companies, securities and investment services providers;
third party reward, loyalty, co-branding or privileges programme providers;
co-branding partners of the Bank or the Bank’s group companies (the names of such co- branding partners can be found in the application form(s) for the relevant services and products, as the case may be); and
charitable or non-profit making organisations;
in addition to marketing the above services, products and subjects itself, the Bank also intends to provide your data described in paragraph D (i) above to all or any of the persons described in paragraph D (iii) above for use by them in marketing those services, products and subjects, and the Bank requires your written consent (which includes an indication of no objection) for that purpose;
the Bank may receive money or other property in return for providing your data to the other persons as contemplated in paragraph D (iv) above and, when requesting your consent or no objection as described in paragraph D (iv) above, the Bank will inform you if it will receive any money or other property in return for providing your data to the other persons.
Where you provide to us data about another person, you should give to that person a copy of this Notice and, in particular, tell him/her how we may use his/her data.
The Bank takes practicable steps to ensure that personal data will not be kept longer than necessary for the fulfillment of the purposes (including any directly related purpose) for which the data are or are to be used and the compliance of all applicable statutory and regulatory requirements and contractual obligations. Different retention periods apply to the various kinds of personal data collected and held by the Bank in accordance with internal customer document retention and destruction policy subject to the legal and regulatory requirements.
The Bank ensures an appropriate level of protection for personal data in order to prevent unauthorized or accidental access, processing, erasure, loss or other use of that data.
You have the right to access and update your information and contact us. It is the policy of the Bank to comply with and process all data access and correction requests in accordance with the provisions of the Ordinance, and for all staff concerned to be familiar with the requirements for assisting individuals to make such requests. The Bank may charge a fee for processing your request for access. Such a fee depends on the nature and complexity of your access request.
If you have any question about our Privacy Policy Statement, or how you may request access, correct or exercise your rights with respect to the processing of your personal data, please write to us at:
Data Protection Officer
Brillink Bank Corporation Limited
Mangilik El 55/20, Block C4.1, office 251-252, Z05T3D0 E-mail Address:info@brillinkbank.com