Value the time. We make your dreams come true!
Call now Online applications Search Offices
Special offer

Client protection principles

 «Bai – Tushum» Bank Closed joint-stock company invests significant effort into building long-term partner relationships with clients, based on mutual trust, understanding and respect.

Bai Tushum Bank has been awarded of Smart Campaign certificate in 2014 and 2016.

The principles of SMART Campaign:

1. Prevention of over-indebtedness. The Bank takes all the reasonable steps to disburse loans only to those borrowers, who have demonstrated sufficient ability to repay, while ensuring that the loans disbursed to them do not create a serious risk for the borrowers to have over-indebtedness resulting in getting them into debt pit.

2. Transparency and Responsible pricing. Costs and all conditions of providing financial services (including interest rates, insurance payments, all commission fees, etc.) are transparent, and are clearly communicated to the clients.

3. Adequate indebtedness collection practices. Debt collection actions are effectuated in accordance with the laws of the Kyrgyz Republic. Debt collection methods, used in the Bank, are free from insulting or involuntary taking of the indebtedness.

4. Adhering to Business Ethics. In handling clients, the Bank’s employees adhere to the high standards of business ethics. Necessary safeguards are implemented in the Bank to reveal and eliminate corruption or improper treatment of clients.

5. Grievances redress and satisfaction procedures. The Bank provides for the system of prompt examination of the grievances and suggestions provided by clients, under which the client may express his/her opinion on the Bank’s operation, quality of servicing and of services provided, as well as make suggestions to improve the Bank’s activities. The Bank, in its turn, immediately responses to such information and takes necessary steps to resolve the issue.

6. Appropriate product design and delivery. Products and services of the Bank, as well as the delivery channels are designed with client’s needs and wishes taken into account. In compliance with the Bank’s internal policies and procedures, our products and delivery channels do not harm the clients.

7. Privacy of client data. All interactions between the Bank and Client are strictly confidential, the Bank undertakes not to transfer and disclose to any third parties the information, relating to the loan agreement concluded, save for the cases, stipulated by the laws of the Kyrgyz Republic and the loan agreement.

CONFIDENTIALITY AND PERSONAL DATA PROCESSING POLICY

  1. General Provisions
    • This Confidentiality and Personal Data Processing Policy (hereinafter referred to as the Policy) defines the purposes and general principles, procedures, and conditions for the collection, processing, storage, and use of personal data at Bai-Tushum Bank OJSC (hereinafter referred to as the Bank).
    • Collection, processing, storage, use, and other actions related to personal data shall be carried out in compliance with the principles and conditions stipulated by this Policy and the legislation of the Kyrgyz Republic in the field of personal data.
    • The Policy has been developed according to Law No. 58 “On Personal Information”.
  1. Terms and Definitions.
    • Personal data updating means prompt amendment of personal data according to the procedures established by the current legislation of the Kyrgyz Republic.
    • Personal data blocking means temporary cessation of transfer, clarification, use, and destruction of personal data.
    • Holder (owner) of personal data array means state authorities, local self-government bodies, and legal entities, including the Bank, which is authorized to determine the purposes and categories of personal data and control the collection, storage, processing, and use of personal data according to the law “On Personal Information.”
    • Personal information (personal data) means information recorded on a tangible medium about a specific person, identified with a specific person, or which can be identified with a certain person, allowing the identification of this person directly or indirectly, by reference to one or more factors specific to his/her biological, economic, cultural, civil or social identity. Personal data includes biographical and identifying data, personal characteristics, information on marital status, financial situation, health status, and others.
    • Customer means 1) a natural person; 2) a legal entity; 3) a natural person engaged in entrepreneurial activity without establishing a legal entity (individual entrepreneur); 4) a natural person engaged in private practice in the manner prescribed by the legislation of the Kyrgyz Republic; 5) a natural person applying a special tax regime (self-employed) who has concluded an agreement on the ground of and in fulfillment of which the Bank provides products and/or services to the Customer.
    • NBKR – The National Bank of the Kyrgyz Republic.
    • RLA means regulatory legal acts.
    • Personal data depersonalization means the removal from personal data of that part of it which allows its identification with a particular person.
    • Personal data processing means any operation or set of operations performed, irrespective of methods, by the Bank or on its behalf, by automatic means or not, for the purpose of the collection, recording, storage, updating, grouping, blocking, erasure, and destruction of personal data.
    • Processor means a natural person or legal entity, determined by the Bank, who/which processes personal data on the grounds of an agreement concluded with it.
    • Personal data transfer means the provision of personal data by the Bank to third parties according to the law “On Personal Information” and international agreements.
    • A list of personal data means a list of categories of data about one subject.
    • Potential Customer means 1) a natural person who has applied for the Bank’s products and/or services, including consultation regarding the terms and conditions of the agreement, advantages of products and/or services, and/or is interested in receiving/acquiring the said products, and/or services, but has not yet concluded an agreement on the grounds of which he/she may receive the said products and/or services; 2) a natural person who, within the framework of the problem and/or overdue debt settlement processes, has expressed an intention to buy back the debt (by way of a debt transfer agreement, assignment of rights (cession), or by other means within the framework of the civil legislation of the Kyrgyz Republic).
    • Personal data confidentiality regime means normatively established rules determining the limitations of access, transfer, provision, and conditions of storage of personal data.
    • Collection of personal data means the procedure of obtaining personal data by the Bank from data subjects or other sources according to the laws of the Kyrgyz Republic.
    • Consent of the personal data subject means a free, specific, unconditional, and informed expression of the person’s will expressed in writing on paper or in the form of an electronic document signed according to the legislation of the Kyrgyz Republic with an electronic signature, according to which the subject informs of his/her consent to the procedures related to the processing of his/her personal data.
    • Personal data subject (subject) means a natural person to whom the relevant personal data relate.
    • Destruction (erasure or deletion) of personal data means actions to bring this data into a state that does not allow the restoration of its content.
  1. Basic principles of handling personal information
    • Personal data shall be obtained and processed in the manner prescribed by the Law of the Kyrgyz Republic “On Personal Information”.
    • Personal data shall be collected by the Bank for the following purposes:
  • Provision of products, services, and services to Customers and/or Potential Customers (natural persons, legal entities, individual entrepreneurs, persons engaged in private practice, persons applying a special tax regime), including interaction on issues of provision and maintenance of products and services;
  • Formation and development (elaboration, improvement) of personalized and/or needs-relevant offers of products and services;
  • Informing about products, services, and marketing communications related to the provision of products and services.
    • During processing, the accuracy, sufficiency, and relevance of personal data concerning the purposes of their processing shall be ensured. If inaccurate or incomplete personal data are detected, they shall be updated, provided that the reliability of new data is documented.
    • Processing and storage of personal data shall be carried out no longer than required by the purposes of personal data processing, if there are no legal grounds for further processing, including within the framework of requirements of the “List of basic documents generated in the activities of commercial banks and financial and credit institutions licensed by the NBKR, indicating the period of storage” approved by the NBKR. Upon expiry of the storage period and achievement of the personal data collection purposes, they shall be subject to destruction. Depending on the significance of personal data of certain subjects for sociological purposes, instead of destroying personal data, the Bank may depersonalize such data in the manner prescribed by the Government of the Kyrgyz Republic.
    • Personal data shall be stored and protected by the Bank against unlawful access, additions, amendments, and destruction.
  1. Procedure and conditions for processing and storage of personal information
    • Personal data may be handled by the Bank in the following cases:
  • if the personal data subject has given his/her consent to it;
  • if it is necessary to achieve the Bank’s legitimate interests;
  • when the implementation of these interests does not interfere with the exercise of the rights and freedoms of personal data subjects concerning the processing of personal data;
  • in other cases, stipulated by the legislation of the Kyrgyz Republic.
    • Personal data held by the Bank shall belong to confidential information, except for cases defined by the legislation of the Kyrgyz Republic.
    • The Bank shall process personal data in a mixed manner, both with and without the use of automation tools.
    • The following actions with personal data shall be performed: collection, recording, systematization, accumulation, storage, actualization (update, change), extraction, use, transfer, access, depersonalization, destruction, and blocking.
    • Receipt and processing of personal data shall be carried out by the Bank with the consent of the personal data subject expressed in writing on paper or in the form of an electronic document signed with an electronic signature according to the legislation of the Kyrgyz Republic.
    • The Bank shall not collect, accumulate, store, and use special categories of personal data revealing racial or ethnic origin, nationality, political opinions, religious or philosophical beliefs, health, and sexual inclinations solely for the purpose of identifying these factors.
    • Information that characterizes the physiological features of a person and based on which his/her identity can be established (biometric personal data) shall be collected with the consent of the personal data subject expressed in writing on paper or in the form of an electronic document signed with an electronic signature and shall be used by the Bank for remote identification or additional confirmation of the natural person’s identity when providing remote access to remote customer service systems.
    • If the Bank makes a decision in the prescribed manner on the necessity to retain personal data after the expiration of the retention period, and achievement of the established purposes of their collection, the Bank shall ensure the appropriate regime of personal data retention stipulated by the legislation of the Kyrgyz Republic.
    • The Bank shall take necessary legal, organizational, and technical measures to ensure the security of personal data, and their protection against illegal/unauthorized (including accidental) access, destruction, modification, copying, blocking access, and other unauthorized actions concerning personal data. Such measures, in particular, include:
  • appointment of the Bank’s employees responsible for working with personal data;
  • checking whether the contracts contain and include clauses on ensuring the confidentiality of personal data;
  • issuance of the Bank’s internal regulatory documents on processing and handling personal data, familiarization of persons having access to personal data with them, training of persons having access to personal data;
  • ensuring physical security of premises and processing facilities, access control, security guards, and video surveillance;
  • limitation and delimitation of access of persons having access to personal data and other persons to personal data and means of processing, and monitoring of actions with personal data;
  • identification of security threats to personal data during their processing, formation of a list of personal data security threats;
  • organization of training and methodical work with persons having access to personal data concerning the issues of personal data processing;
  • application of legal, organizational, and technical measures to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions concerning personal data;
  • registration and storage of personal data carriers, preventing their theft, substitution, unauthorized copying, and destruction;
  • maintaining a list of persons whose job description includes access to personal data;
  • appointment of a person (persons) responsible for ensuring the security of personal data during their processing in information systems and their briefing;
  • backup of actual personal data processed in the personal data information system for the possibility of recovery;
  • exercising control over personal data during transfer and transportation;
  • preventing unauthorized reading, copying, modification, or removal of personal data carriers (control over the use of data carriers);
  • preventing unauthorized recording of personal data and modification or destruction of recorded personal data (recording control) and ensuring the possibility to establish retrospectively when, by whom and which personal data were changed;
  • ensuring the security of data processing systems intended for the transfer of personal data regardless of the means of data transfer (control over the means of data transfer);
  • ensuring that users of the personal data processing system have access only to the personal data they are authorized to process (access control);
  • ensuring the possibility to establish retroactively when, by whom, and which personal data were entered into the personal data processing system (input control);
  • prevention of unauthorized reading, copying, modification, and destruction of personal data during the transfer and transportation of personal data (transport control);
  • ensuring the confidentiality of information obtained during the processing of personal data;
  • ensuring the possibility of restoring personal data modified or destroyed due to unauthorized access to them;
  • exercising internal control over compliance of processing, security, and protection of personal data with the requirements of the legislation of the Kyrgyz Republic, including banking legislation and NBKR’s RLAs.
  1. Rights and obligations of personal data subjects
    • The personal data subject shall have the right to know that the Bank has personal data relating to him/her and to have access thereto. The right of access may be restricted only in cases stipulated by the Law of the Kyrgyz Republic “On Personal Information”.
    • The personal data subject shall have the right to receive information from the Bank regarding the processing of his/her personal data as stipulated by the Law of the Kyrgyz Republic “On Personal Information”.
    • Information on the existence and content of the subject’s personal data shall be issued by the Bank on the grounds of a written request of the subject and his/her identity document in a publicly available form, clearly and explicitly expressed, and shall not contain personal data relating to other subjects.
    • The personal data subject shall have the right to read documents containing personal information about him/her.
    • If there are grounds confirmed by relevant documents, the personal data subject shall be entitled to require the Bank to make amendments to his/her personal data, as well as to block them. Amendments to personal data, as well as blocking/unblocking of personal data shall be made in the manner established by the legislation of the Kyrgyz Republic.
    • In cases established by the legislation of the Kyrgyz Republic, the subject’s rights of access to his/her personal data may be restricted.
    • The personal data subject shall be obliged to:
  • provide accurate and up-to-date personal data necessary for using the services according to the Public offer for the conclusion of the general banking service contract for natural persons, as well as other contracts signed with the bank;
  • timely update and supplement the provided information on personal data in case of changes;
  • keep account data from the Bank’s services, such as login and password, secret from third parties.
  1. Rights and obligations of the Bank and the processor handling personal data arrays
    • The rights and obligations of the Bank shall be determined by the current legislation and agreements of the Bank.
    • The Bank shall be obliged to:
  • Receive personal data directly from the personal data subject, and his/her authorized persons;
  • ensure regime of confidentiality of personal data in cases stipulated by the legislation of the Kyrgyz Republic and the Law of the Kyrgyz Republic “On Personal Information”;
  • determine, if necessary, a processor for processing personal data, providing guarantees regarding technical security measures and organizational measures regulating the processing of personal data, except for cases when the Bank independently imposes the functions and obligations of a processor on itself;
  • ensure the safety and reliability of personal data, as well as the access regime established according to the regulatory procedure;
  • provide personal data within one week of receiving a request from the subject;
  • in case of refusal to provide the subject, upon his/her request, with information on the availability of personal data about him/her, as well as the personal data themselves, issue a written motivated response containing a reference to the relevant paragraph of the article of the Law of the Kyrgyz Republic “On Personal Information”, within a period not exceeding one week from the date of the subject’s request;
  • provide, at the request of an authorized state body or the Ombudsman of the Kyrgyz Republic, information necessary for the execution of their powers.
    • Persons and employees of the Bank, to whom personal data became known due to their official position, shall assume obligations and bear responsibility to ensure the confidentiality of these personal data. Such obligations shall remain in force even after termination of work of these persons with personal data during the period of confidentiality regime preservation according to the legislation of the Kyrgyz Republic.
    • The Bank shall not be liable if the personal data was intentionally disclosed by the subject or not intentionally became known to third parties through the fault of the subject.
    • The Bank shall be entitled to transfer such data to another holder (owner) without the consent of the personal data subject in the following cases:
  • Extreme necessity to protect the interests of the personal data subject;
  • at the request of state authorities, and local self-government bodies, if the requested list of personal data corresponds to the powers of the requesting authority;
  • on the grounds of the legislation of the Kyrgyz Republic.
    • When transferring personal data, the recipient of personal data shall be obliged to comply with the regime of confidentiality of such data.
    • Duties of the personal data processor:
  • The processor shall process personal data on the grounds of an agreement concluded with the Bank;
  • The processor shall collect, record, store, and update personal data, regardless of the method and means of processing, by order of the Bank, and ensure the completeness of organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions concerning personal data.
  1. Final Provisions
    • All relations related to the personal data processing not reflected in this Policy shall be regulated according to the provisions of the Law of the Kyrgyz Republic “On Personal Information”.
    • The Bank shall be entitled to update and amend the provisions of this Confidentiality Policy at any time. The new edition of the Policy shall come into force from the moment of its placement on the Bank’s information resources unless otherwise stipulated by the provisions of the new edition of the Policy. The Bank recommends Customers to regularly refer to this Confidentiality and personal data processing policy to familiarize themselves with the most up-to-date version.

 

Details

Tenders and purchases

Property to be sold

Vacancy

Contacts

Sitemap