Privacy Policy

 

  • Introduction and Scope of Application
  • The Data Confidentiality Agreement has been prepared in accordance with the Law of the Republic of Azerbaijan “On Banks”, the Law of the Republic of Azerbaijan “On Personal Data”, other applicable legislative acts of the Republic of Azerbaijan, the Charter of Kapital Bank OJSC (hereinafter referred to as the Bank), and the Bank’s internal regulatory documents, taking into account international standards and recommendations of international organizations.
  • This Policy ensures the confidentiality of data belonging to clients and users visiting the Bank’s website.

 

  • Definitions
    • The terms used in this Policy shall have the following meanings:
      • Personal Data – any information that directly or indirectly enables the identification of an individual, including but not limited to: first name, last name, patronymic, identification number, and information relating to the individual’s physical, physiological, genetic, mental, economic, cultural, or social identity;
      • Data Subject (hereinafter – the Subject) – a natural person whose personal data are collected, processed, and stored, and whose identity is established or may be established.
      • Website Cookies – small data files stored in a web browser and used to personalize and optimize users’ interaction with the website.
      • Processing of Personal Data – an operation performed on personal data, including collection, storage, modification, retrieval, use, transfer, distribution, combination, and matching of data;
      • Bank – Kapital Bank Open Joint Stock Company;
      • User or You – a natural or legal person registered in Birbank.
      • Application – the Birbank mobile application, all proprietary and intellectual property rights to which, including object and source code, belong to the Bank;
      • Webpage – the Bank-owned Birbank webpage;
      • Birbank – the Application and/or Webpage that enable remote account management and the execution of various banking transactions without visiting the Bank.

 

  • Data We Collect and How We Collect It
    • The Bank collects client data strictly in compliance with applicable legal requirements and through transparent methods. Such data may be obtained through the following means:
      • Forms. When using banking services, the clients complete various questionnaires and application forms. Through these forms, the following data are collected as required for client identification, service provision, and fulfillment of legal and regulatory obligations:
        • First name, last name, date of birth, and identification document details;
        • Fingerprints and other biometric data;
        • Contact details: phone number, email address, residential or registered address;
        • Financial and employment-related information – income, place of employment, and debt obligations;
        • Bank account and transaction data;
        • Website cookies – When using the Bank’s official website, certain data are collected from the client’s device via cookies to ensure proper website functionality and enhance user experience. The User may modify cookie settings and restrict their use at any time. The following data may be collected through cookies:
          • IP address, browser type, operating system;
          • Pages visited on the Bank’s website;
          • Selected language and other technical preferences;
          • Monitoring and analytics – To improve website functionality and enhance service quality, additional statistical data on website usage may be collected. These data are anonymous and do not allow the identification of the user;
          • Pages visited, links clicked;
          • Duration of activity on the website and navigation between pages.
        • Video surveillance – For the safety of clients and employees, prevention of unlawful acts, and to provide information upon requests from law enforcement authorities, the Bank’s branches and ATMs are equipped with video surveillance cameras. The following data may be collected through these means:
          • Video images (client’s physical actions);
          • Date, time, and location of the recorded footage.

 

  • Intellectual Property Rights
    • “Kapital Bank” and “Birbank” are trademarks owned by the Bank. All rights to these trademarks and any other related marks belong exclusively to the Bank. The User is not permitted to use or reproduce the Bank’s trademarks, logos, or trade names for personal, organizational, or any commercial purposes.
    • Any claims by the User or third parties arising from the use of the Application – including potential infringements of third-party intellectual property rights, product liability claims, or matters related to compliance with legal or regulatory requirements and protection of the User’s rights – shall be submitted directly to the Bank.
    • All pages, images, data, and materials published on Birbank, as well as the object and source codes of the Birbank application or any part thereof, are owned by the Bank or licensed to it.
    • The User shall ensure the following:

(i) not to copy or reproduce Birbank in whole or in part;

(ii) not to reverse-engineer, alter, modify, or adapt Birbank or any part thereof;

(iii) not to translate or convert the object code of Birbank or any part thereof into source code or high-level programming languages;

(iv) not to appropriate the object code of Birbank or any part thereof;

(v) not to remove or modify copyright notices contained in or related to Birbank (all proprietary rights belong to the Bank).

 

  • How We Use Your Data
    • The personal data collected are used strictly within the scope permitted by law and for the following purposes:
      • Service provision and improvement – Your personal data are used to deliver banking services, enhance service quality, and improve user experience. For these purposes, the data may be used to:
        • create and manage accounts;
        • perform financial transactions;
        • improve the functionality of digital channels;
        • develop new products and services.
      • Client communication – Your data are used to respond to inquiries, provide updates regarding your accounts, transactions, and security-related notifications. The means of communication may include:
        • All types of notices, messages, and other documents exchanged between the Parties shall be transmitted via the Application, as well as through SMS to the mobile numbers specified in this Contract or subsequently provided, by registered mail to the postal address, via email, or by telegram or fax;
        • Security and fraud prevention – Data are analyzed to identify and prevent potential fraud, abuse, system failures, and other unlawful activities.
      • Compliance with legal and regulatory obligations – The Bank may use personal data as required by law to fulfill its statutory obligations, including but not limited to:
        • compliance with anti-money laundering and counter-terrorism financing requirements;
        • responding to court orders and regulatory inquiries in accordance with applicable legislation;
        • submitting reports to relevant supervisory authorities.

 

  • Marketing
    • The Bank uses personal data for marketing purposes solely with your consent or on other lawful grounds. You have the right to opt out of receiving marketing communications at any time.

 

  • How We Store Your Data and Retention Period
    • The Bank is committed to protecting and securely storing clients’ personal data in accordance with applicable legislation, international standards, and the Bank’s internal security policy. To this end, the Bank implements the following measures:
      • data encryption and storage on secure servers;
      • use of two-factor authentication and user access management;
      • real-time monitoring to prevent fraud risks.
    • The Bank retains personal data strictly in accordance with the principle of necessity and for the periods established by law. Upon the expiration of the retention period, the data are securely deleted or anonymized. Documents used for client identification (KYC) are retained for a minimum of five (5) years, and video surveillance recordings are stored for six (6) months.

 

  • Your Rights in Relation to Personal Data Protection
    • In accordance with local legislation and international best practices, you are entitled to the following rights:
      • Right to access. You have the right to inquire whether the Bank processes your personal data and, if such processing takes place, to request access to those data. You may request access to the personal data we hold about you. You may obtain information regarding the categories of data collected, the purposes of their processing, potential data recipients, retention periods, and other related details.
      • Right to rectification. If you believe that the data held about you are incomplete or inaccurate, you have the right to request their correction or update.
      • Right to erasure. You may request the deletion of your personal data if the purposes for which they were collected no longer exist, if the processing is unlawful, if there are no legal grounds for their retention, or if you have withdrawn your consent to their processing, among other reasons.
      • Right to restrict processing. If you have concerns about the accuracy, legality, or necessity of data processing, you may request the temporary suspension of such processing.
      • Right to object. You have the right to object to the processing of your data if they are used for direct marketing purposes or if the processing is carried out based on public or legitimate interest.
      • Right to data migration. You have the right to obtain your personal data in a structured format and transfer them to another institution. This right applies to data processing based on your consent or any contract concluded between you and the Bank in connection with the provision of banking services.
      • Right to withdraw consent. If you have provided your consent to the processing of your personal data, you have the right to withdraw that consent at any time by submitting an official request.

 

  • Cookies
    • Cookies are small text files placed on your device when you visit a website. These files store information about your activities on the site and help improve the user experience during subsequent visits. Cookies may be used for technical, analytical, functional, and advertising purposes.
    • The Bank uses cookies for the following purposes:
      • to ensure the basic functionality of the website (login, language selection, security features, etc.);
      • to enhance the user experience and optimize website performance;
      • to personalize banking products and services;
      • to display advertisements relevant to the user’s interests for marketing purposes (based on the user’s consent).
    • As a user, you have full control over the use of cookies. You can manage them in the following ways:
      • provide or withdraw consent for the use of cookies via the website’s pop-up notification;
      • block all cookies in your browser settings, delete existing cookies, or activate a setting that requests confirmation each time a new cookie is created. Deleting or blocking certain cookies may negatively affect website functionality and user experience.
    • You agree that you have no objections to the Bank creating cookies to facilitate your use of the Webpage.
    • Please note that refusing cookies may prevent you from fully using our Webpage. The Bank shall not be liable in such cases. Blocking all or some cookies may result in improper website functionality or restricted access to certain sections.

 

  • Privacy Policy of Third-Party Websites
    • The Bank’s official website may contain external links to websites of other organizations or partner entities. These links are provided to offer additional information, services, or functionalities. Please note that such external websites have their own independent privacy policies and data processing rules. The Bank is not responsible for the collection, processing, or use of data on third-party websites, does not control their privacy policies or cookie usage, and cannot guarantee the legal or technical security of these sites.
    • The Bank strongly recommends reviewing the privacy policies and terms of use of any external websites before visiting them.

 

  • Legal Basis for Data Processing
    • The Bank collects, stores, and processes your personal data strictly on lawful grounds as established by applicable legislation. The legal bases are as follows:
    • Consent. Processing and transfer of your personal data based on your consent.
    • Necessity for the performance of a contract. If you have entered into or intend to enter into a contract with the Bank, processing of personal data may be necessary for the performance of such contract.
    • Legal obligations. The Bank is required to collect and store certain data in accordance with local legal requirements and international standards.
    • Legitimate interests. In certain cases, the Bank may process your personal data based on its legitimate interests, provided that such interests do not override your fundamental rights and freedoms. For example, data processing may be carried out to ensure proper website functionality, system security, and performance monitoring.
    • By signing (or confirming) this Agreement, you agree that Kapital Bank OJSC, in accordance with the Law “On Personal Data”, may collect, process, and transfer (including cross-border) the personal data you provide to the Bank or that are obtained from other operators/owners of personal data related to you, for the purposes of improving service quality and customer satisfaction, offering new banking products – including providing products to clients in a flexible and accessible manner – and conducting operations within the scope of activities permitted by the Bank’s license. The Bank may also provide your positive and negative credit information to credit bureau(s) to establish your credit history or receive such information from credit bureau(s). This consent remains effective for the entire period during which you use the Bank’s services. Personal data are stored, archived, and securely deleted in the Bank’s information systems in accordance with the retention periods established by law and the Bank’s internal regulations. You have the right to contact the Bank to withdraw this consent.

 

  • Data Transfer
    • The Bank transfers your personal data only in cases and for purposes explicitly provided for by law, as well as to authorized organizations or official bodies.
      • We may transfer your data in circumstances stipulated by the Law of the Republic of Azerbaijan “On Banks”, where the provision of personal data is necessary to protect the life or health of the data subject and obtaining their consent is not immediately possible.
    • Confidential personal data may be provided to state authorities (institutions) or local self-government bodies while performing their statutory duties, provided that the requirements established by law for personal data information systems are observed. The following data protection measures are applied during such transfers:
      • Confidentiality agreements and data processing contracts are concluded;
      • Technical and organizational security measures are implemented (encryption, access control);
      • The scope of transferred data is limited strictly to the minimum necessary;
      • Data transfer to any third party without a prior data transfer agreement between the partners is strictly prohibited.

 

  • International Data Transfer
    • Your personal data may be transferred outside the territory of the Republic of Azerbaijan, i.e., to international organizations or service providers located in other countries, only on the basis of your written consent and in compliance with the requirements of the Law of the Republic of Azerbaijan “On Banks” and the Law “On Personal Data”.
    • To ensure the protection of your data during international transfers, the following safety measures are applied in accordance with international standards and local legislation:
      • Transfers are made only to countries recognized by the European Commission as providing an adequate level of data protection;
      • If data are transferred to a country not listed in clause 13.2.1, Standard Contractual Clauses and Binding Corporate Rules (BCRs) are applied, along with enhanced security measures (data protection reinforcement, identity verification controls).

 

  • Data Security
    • To ensure the security of our clients’ personal data, the Bank implements technical and organizational measures based on legal requirements and international standards.
    • Information security policies – The Bank maintains internal policies in accordance with international standards and local legislation.
    • Employee awareness – All employees undergo training on data protection and ethical handling of information.
    • Data minimization – Only the minimum necessary and relevant data are collected.


 

  • Changes to the Privacy Policy
    • The Bank reserves the right to periodically amend and update the Privacy Policy. Changes may be made in the following cases:
      • As a result of changes in legislation or regulatory requirements;
      • When implementing new technologies or updating the functionality of provided services;
      • When changing practices related to personal data processing.
    • In the event of significant changes to the Privacy Policy, users will be notified via the website. The current version of the policy is published in the relevant section of the Bank’s official website.
    • The Bank may also send a notification of changes to the Contract through the Birbank application. In such a case, you have the right to terminate the Contract by deleting your account (registration) in Birbank before the changes take effect. If, after the notification period, you do not delete your account and/or continue to use Birbank, the Bank will consider that you have accepted the respective changes, which will automatically come into effect.

 

  • How to Contact Us
    • If you have any questions, complaints, or requests related to the processing of your personal data, the exercise of your rights, or any other aspects of information security, you may contact the Bank using the following methods:

 

Phone:
Email: If you have any questions or comments regarding this notice, you may send an email to [email protected] or a letter to the following address:

Kapital Bank OJSC
Head Office, 153 Neftchilar Avenue, Nasimi District 
AZ1010, Baku

Azerbaijan