Privacy Policy

Updated on: 06 Jan, 2025

1. INTRODUCTION

This Privacy Policy ("Policy") is a privacy statement related to the processing of "your personal data by BOKT Embafinans" QSC. Protection of your personal data is significant to us, and we strive to ensure it is fully protected.

Through this Policy, you can get detailed information about us, the purposes for which we collect and process your personal data, the third parties to whom we transfer and disclose your personal data, how we ensure the protection of your personal data, and how long we keep this data.

2. ABOUT US

BOKT Embafinans" QSC (TIN: 1302932691) is a non-bank credit organization (NBCO) incorporated in the Republic of Azerbaijan and located at General Akim Abbasov st.., 73E, Baku.

• E-mail: info@embafinans.az
• Phone number: +994 12 311 15 42

3. DATA WE COLLECT

We may collect the following information about you through the Embafinans mobile app ("Platform"), to provide quality service and ensure the use of the Platform:

3.1. Your name, surname, patronymic;

3.2. Birth date and place;

3.3. Your residential / registered address;

3.4. Information and photo from your national identity document;

3.5. Necessary financial information including but not limited to the following:

3.5.1. Debit card details;

3.5.2. Your credit history from Azerbaijan Credit Bureau (ACB) and Embafinans Platform;

3.5.3. Loan repayment schedule;

3.6. Your device data, including but not limited to the following:

3.6.1. The IP address of the phone, computer or other device;

3.6.2. Device model, type of operating system, browser, and other information;

3.6.3. Real-time location data;

3.6.4. Other information about the device that allows you to be identified (for example, device IMEI number, MAC address, etc.);

3.7. E-mail address;

3.8. Telephone number;

3.9. Employment details (place of work, years of experience, amount of salary, and other relevant information), as well as social insurance credentials from Digital Finance;

3.10. Biometric KYC data (e.g., SIMA KYC, facial image);

3.11. Digital signatures (e.g., Sima Digital Signature) for legally binding consent under Azerbaijani law.

3.12. Cookies. We may use cookies to collect your personal information when accessing our web pages. Cookies are information in small text files that identify your device. Our primary aim in processing this data is to analyze your behavior. We acknowledge that regardless of the type of cookies we use if the data allows you to be identified, that data is considered personal data and must be processed by the legislation;

3.13. A list of your contacts (phone numbers) subject to your consent.

4. DATA COLLECTION PROCESS

The personal data that we hold consists of information that you and any third party (resource) provide to us or that we collect from other sources. We categorize your data based on the source of the collection as follows:

Sources of Data:

4.1. Information we receive from you: Information is collected directly from you during registration, loan applications, and account updates. This includes any documentation manually submitted via forms or uploads, and interactions with automated systems. Data collected during registration may consist of mandatory fields like your FIN and mobile phone number, and additional information for KYC and AML compliance.

4.2. Information we collect from you when you use the platform: Data is automatically gathered through cookies, web beacons, tracking pixels, and analytics tools. This includes device identifiers, browsing patterns, and engagement metrics. Device settings such as language preferences may also be collected to optimize service delivery and personalize your experience.

4.3. Third-Party Data: We may collect information from third-party services such as identity verification platforms (DIGITAL FINANS) and credit bureaus (AKB). These services may provide data to complete transactions, perform risk assessments, or meet legal obligations.

4.4. Public Data: We may collect data about you from publicly available sources, such as websites, social media networks, professional media, and others.

5. OUR PURPOSES FOR COLLECTING YOUR DATA

We adhere to the "data minimization" principle, meaning we only collect and process your data for specific purposes. These objectives include:

5.1. To provide you with quality service.

We need to process your personal data to provide the services you ordered. For example, to register an account, we need to process your name, surname, patronymic, phone number, Personal ID card details, and other information, as well as your and the recipient's relevant information for creating a loan application.

5.2. Evaluating User Behaviour.

We do not engage in social scoring, but we may need to analyze user behavior to customize our products and platforms accordingly. This will assist us in enhancing our services and offering you the most appropriate products.

5.3 Financial and Risk Assessment:

For creditworthiness evaluations, we collect personal identification numbers (FİN), employment details, and residential addresses, which are cross-referenced with governmental databases to verify identity and ensure compliance with Anti-Money Laundering (AML) and Know Your Customer (KYC) laws. We also use external credit reporting agencies and internal metrics to monitor repayment activity. Additionally, financial transaction details, such as income verification may be used to assess credit risk and eligibility for financial services.

5.4. Marketing.

We process your personal data to offer you the services and products we and our partners provide. For instance, we may process your information to offer products based on your interests. Similarly, we may contact you to provide loan products from our partners.

5.5. Security and Fraud Prevention:

We implement various measures to ensure account security, including biometric data, and one-time password (OTP) verification. Digital signatures, session timeouts, and encryption are used to prevent unauthorized access and maintain the integrity of user data.

5.7. Contacting you

We may contact you when you need us to, for instance, to respond to a question you have sent to our customer care team.

5.8. Compliance with legislation

We process personal information to meet legal obligations, including complying with data storage and processing laws. This includes compliance with AML and other regulatory requirements. User activity may be monitored and reported when necessary to meet legal obligations. Data may be retained for audit, tax, and other legal purposes. We may also disclose personal information in response to court orders, subpoenas, or regulatory investigations as required by law.

6. DATA STORAGE

6.1. We reserve the right to store your data within our internal data processing centers. Currently, we store your data in the following:

6.1.1. In our internal data processing centers;

6.2. We store your information for as long as necessary to fulfill the purposes outlined in this Policy. Once it is no longer required to process your data according to this Policy, we will proceed to destroy the data and delete any duplicates.

7. DATA SECURITY

We ensure the security of your information by implementing encryption, hashing, pseudonymization (aliasing), and other advanced organizational and technical measures. While data is stored in the data processing center or cloud infrastructure and during transmission, we encrypt it.

8. DATA TRANSFER

8.1. As explained above, we market and improve our and our partners' products. In addition, we receive services from banks, individuals who provide us with technical support, consultants, and other third parties. For these purposes, we may sometimes transfer your data to third parties. Third parties include, but are not limited to the following:

8.1.1. Government bodies authorized to request certain information;

8.1.2. Courts;

8.1.3. Auditors;

8.1.4. Advisors;

8.1.5. Payment agents;

8.1.6. Technical, marketing, analytics, communications, technology, data and other service providers;

8.2. We will not consider transferring your necessary data to third parties for the execution of payment operations in accordance with the relevant legislation of the Republic of Azerbaijan a violation of this Policy by us.

8.3. In all circumstances, the transfer of your personal data to third parties is carried out in compliance with the legislation of the Republic of Azerbaijan.

9. AMENDMENTS TO THE PRIVACY POLICY

Please be advised that we may periodically update and change this Policy. The updated or amended text of the Policy will be communicated to you at least 30 (thirty) days before the Policy comes into force, using a notification through the Platform. If you do not raise objections regarding the changes within this period, you will consider these changes as accepted.

10. LIABILITY

10.1. You are solely and fully responsible for the accuracy, up-to-dateness, and completeness of the information you provide. In the event of inaccurate information, we reserve the right to suspend or terminate your registration and/or use of our website and platform. We assume no liability for any adverse consequences arising from providing inaccurate information on your part.

10.2. You confirm that you have reached adulthood and are fully authorized to use our website and Platform. Furthermore, suppose you are not in adulthood, you confirm that you have obtained the necessary consent from your legal representatives by the applicable laws to use our website and Platform.