<p>Privacy Policy This Privacy Policy contains general information about processing and provision Raiffeisen Bank Aval JSC (hereinafter – the Bank) private information in application “Raiffeisen Pay” and Mobile application “Raiffeisen Online”. Bank recognizes how important privacy of information and security is to our clients. Bank’s relationship with clients while using application “Raiffeisen Pay” and Mobile application “Raiffeisen Online” is regulated by legislation of Ukraine, regulatory legal act of the National Bank of Ukraine, agreements (contracts) between clients and the Bank, given by the Bank clients’ agreement and this Privacy Policy. Information regarding clients’ financial state and operations that became known to the Bank during service provision process to clients and relationship with them and third parties during service provision process to the Bank while using application “Raiffeisen Pay” and Mobile application “Raiffeisen Online” according to art. 1076 of Civil code of Ukraine and art. 60 Bank and Banking Act of Ukraine is banking secrecy. The disclosure of banking secrecy is regulated by art. 62 Bank and Banking Act of Ukraine, by agreements (contracts) between clients and the Bank, given by clients’ agreement. Processing information by the Bank in application “Raiffeisen Pay” and Mobile application “Raiffeisen Online” is accomplished by the legislation of Ukraine, regulatory legal acts of the National Bank of Ukraine, agreements (contracts) between clients and the Bank, given by the Bank clients’ agreement, and also by Data protection guidelines of clients’ that are placed on the Bank website (www.aval.ua) in section “Personal Data protection” with features determined by this Privacy Policy. 1. Privacy Policy is applied by the Bank to application “Raiffeisen Pay” and Mobile application “Raiffeisen Online” (hereinafter – Services) regardless of the way you (hereinafter – the Bank client) use these Services: computer, mobile phone, tablet or any other device by the means of which the Bank’s client can use Services which are covered by this Privacy Policy. 2. In order to process conducted payments by the means of the Services and let clients conduct other operations the Bank gathers information that is specified in agreements (contracts) between clients and the Bank; in given by the Bank clients’ agreement, on Bank website (www.aval.ua) in section “Personal data protection”; in Privacy Policy, among them the Bank collects such data about clients as: - First name, middle name (patronymic), last name; - Credit or debit card numbers, its actual balance and card expiration date; - Bank account numbers, its actual balance and expiration date; - Date of birth, taxpayer identification number or any other government- issued identification number. 3. In order to register the Bank client and/or his/her electronic device in application “Raiffeisen Pay” and Mobile application “Raiffeisen Online” the Bank also collects: 1) Device information – such as: operating system version, hardware model, IMEI number and other unique device identifiers. The Bank does not collect information about call history, contact list etc. 2) Log information – user in Service (system) – such as time and duration of use of the Service, operations that the Bank clients fulfil while using Services and any other information that can be stored in cookies which the Bank uses on some devices; 3) Other information – about the Bank clients use of the Services, e.g. how the Bank client uses content offered by the Service. 4. While using application “Raiffeisen Pay” and Mobile application “Raiffeisen Online” in order to process transaction the Bank use information about transaction among which: date, time and amount of transaction, the merchant’s location and description, description given by the merchant of the goods or services purchased, the type of payment method, the purpose of the payment and any other information, which can be subjoined to transaction by the merchant and/or the buyer (the Bank client). 5. In order to provide clients the possibility to confirm their operations in Services (system) by one time password (OTP), the Bank requests access to SMS services. One time password may be requested during the registration process or during fulfilment of definite operation while using application “Raiffeisen Pay” and Mobile application “Raiffeisen Online” (financial operations, unblock cards etc.) In order to fulfil financial operations the Bank uses the client’s mobile phone number. The Bank collects information about SMS history of the Bank client, his/her contact list etc. Also the Bank can register a device in appropriate services that are represented by Google or Apple companies to give the Bank a possibility to confirm operations in Service (system) by PUSH-messages. 6. The Bank also collects and stores information which client provides directly to the Bank, and also client’s data as a user which is used for his/her registration and/or his/her device registration in application “Raiffeisen Pay” and Mobile application “Raiffeisen Online” to process payments of this Bank client. 7. The Bank uses information which it collects (and can consolidate with other collected information about the Bank client) for the next purposes: - Registration of the Bank client and/or his/her device in Services; - Provision of the service or function in Services which the Bank client ordered; - Provision of personalized content and recommendations as to usage of application “Raiffeisen Pay” and Mobile application “Raiffeisen Online”; - For advertising, e.g. providing to the Bank client personalized offers, sending him promotional communications; - For assessment and market analysis, clients, products and services which are provided by application “Raiffeisen Pay” and Mobile application “Raiffeisen Online” (including polling clients as to services provided by application “Raiffeisen Pay” and Mobile application “Raiffeisen Online”); - Conducts polls as to the way clients use given Services to improve the service quality; - Provision maintenance services and technical support of Services on client’s device; - Other information with your consent. 8. Information about the Bank client can be disclosed by the Bank to third parties and also can be used by these third parties in cases specified by the legislation of Ukraine, conditions of agreement (contacts) between clients and the Bank, by conditions given by the Bank clients’ agreement. Any personal information provided by the Bank clients directly to third party (side): to merchant (of goods and services), website or program is not covered by this Privacy Policy. The Bank is not responsible for privacy of information and security of merchants or third parties to which the Bank directly passes its personal information. The Bank encourages the Bank clients to review the Privacy Policy of third party to whom clients choose to share their personal information. The Bank will not share/disclose the Bank clients information outside the Bank, except cases predetermined by the legislation of Ukraine, conditions of agreements (contracts) between clients and the Bank, conditions of given by the Bank clients agreement. Security of the Bank client’s account in application “Raiffeisen Pay” and/or Mobile application “Raiffeisen Online” depends on the way clients keeps his/her computer, mobile phone, tablet or any other device, password (-s), PIN or any other information, which gives the access to the Bank client’s account in appropriate Service and whether the Bank client discloses information to third parties. In case if client willfully shares his/her computer, mobile phone, tablet or any other device and/or above mentioned information to third party who will have access to the Bank client’s account in Services and personal information of this Bank client thereat the Bank is not responsible for such cases. The Bank client is fully responsible for access control to his/her computer, mobile phone, tablet or any other mobile garget. The Bank client is also responsible for keeping his/her passwords and/or PIN and for disclosure of information to third parties. The Bank client is also obliged to inform the Bank if he/she considers that his/her personal information in application “Raiffeisen Pay” and Mobile application “Raiffeisen Online” was compromised. If client has any questions as to this Privacy Policy, he/she can turn to the Bank to solve them at address: Raiffeisen Bank Aval JSC 9, Leskova st. Kyiv 01011 Ukraine Tel.: 0(800)500500 Website: http://aval.ua</p>