Privacy policy

JSC "BANK CREDIT DNIPRO", identification code according to EDRPOU 14352406 (hereinafter referred to as the "Bank") cares about the security and privacy of our clients. That is why we have created this Privacy Policy (hereinafter referred to as the "Policy") to tell you, as the end user of the Bank's applications (hereinafter referred to as the "Client"), about our collection, processing and protection of Client data and their mobile devices in the Bank's mobile applications.

 

Data collected by the Bank

When using the Bank's mobile applications, the Bank may request the Client's data and/or access to the Client's mobile device for the following purposes:

Data and/or access

Purpose of obtaining

Information about the application and its operation

For access to error logs, diagnostics, and other data about the operation of the application.

Full network access "Full network access"

Accessing the Internet network to which the device is connected at the time of using the application to send notifications.

Using the Client's mobile device camera

Activating the QR code scanner and/or performing photo/video verification.

Requesting geolocation

For the security of transactions, account protection, and viewing the branch map.

Requesting sending notifications

Ensuring timely delivery of information about certain events or changes.

The Client's mobile device phone book and contact book

Mobile applications access the Client's contact book for:

  1. The "Transfers by Phone Number" service works, therefore it requests: access to contact information to identify it as a Client of the Bank; transfer of personal data to the Visa payment system to send transfers by phone number.
  2. Autofilling of the phone number in the "Mobile Top-up" menu.
  3. Displaying the status of the Client's card availability in the mobile application of other Bank clients who have the Client's phone number among the metadata of the smartphone.
  4. Quick transfer of funds using the Mobile Application, using phone numbers and contact names and their images contained in the metadata of the Client's smartphone. The Bank does not use or store any other data contained in the metadata of the Client's smartphone.

Applications need to access the phone book on the Client's mobile device to select the recipient of a new transfer by his phone number, which replaces its manual entry. The phone number selected by the Client when initiating the transfer will be sent to our server for the purpose of making such a transfer. You can enable or disable access to your contact book at any time in your device settings.

Secure access to mobile applications

Applications use Fingerprint / FaceID technology to log in to the account without entering a login and password.

 In order to provide Customer service, the Bank also collects the following information about Customers:

  • credit and/or debit card numbers, their current balance and card expiration dates;
  • bank account numbers, their current balance and contract expiration dates;
  • date of birth, taxpayer registration card number (RNOKPP) or any other identification number recognized by the state.

If it is necessary to register the Customer with the Bank and/or his electronic device in the Bank's mobile applications, the Bank also collects: device information - such as: operating system version, hardware model and other device identifiers. The Bank does not collect information about call history.

When using mobile applications to process a transaction, the Bank uses   transaction information, including the following data: date, time and amount of the transaction, location and description of the merchant, description provided by the seller of the goods or services for which payment is made, payment method used, purpose of payment and any other information that may be added to the transaction by the seller and/or buyer (Bank Client).

A one-time temporary password may be requested during registration or when performing certain actions when using the mobile application  (performing financial transactions, unblocking cards, etc.).

The Bank does not collect information regarding the history of the Client's SMS messages. Also, the Bank may register the device in the relevant services provided by Google or Apple in order to provide the Client with the opportunity to confirm his actions in the mobile application via PUSH notifications.

The Bank uses the information it collects (and may combine it with other information collected about the Client) for the following purposes:

  • registering the Client and/or his device in the mobile application;
  • providing a service or function in the mobile application that the Client ordered;
  • providing personalized content and recommendations for using the mobile application;
  • for advertising, for example, providing the Client with personalized offers, sending him advertising messages;
  • conducting research on how the Bank's Clients use the mobile application, in order to maintain proper quality and further improve the quality of the Bank's services;
  • providing updates and technical support for the mobile application on the Client's device.

The Client must confirm the provision of the Bank with access to this or that information and/or data through a dialog box. Clicking the "allow" button in the dialog box by the Client constitutes the Client's permission and consent to:

  1. Granting the Bank access to the requested information and/or data.
  2. Processing his/her personal data obtained by the Bank during the Client's use of the Bank's mobile applications.
  3. Granting the Bank the right to process, collect, adapt and use data obtained from the Client, including personal data, for the purpose specified in this Policy (provided for by the Bank's confidentiality requirements), and for the purpose of performing agreements concluded with the Client, in accordance with the provisions of the legislation of Ukraine, including the Laws of Ukraine "On Banks and Banking Activities", "On Personal Data Protection", "On Prevention and Counteraction to the Legalization (Laundering) of Proceeds of Crime, Financing of Terrorism and Financing of the Proliferation of Weapons of Mass Destruction", "On Payment Services", "On Financial services and financial companies".
  4. Granting the Bank the right to transfer data, including personal data and information received from the Client, to third parties within the scope of the purpose specified in this Policy (provided for by the Bank's confidentiality requirements).

By clicking the "allow" button in the dialog box, the Client confirms that he is familiar with the rights of the personal data subject provided for in Article 8 of the Law of Ukraine "On Personal Data Protection".

 

Processing of personal data

The Bank processes and stores the provided personal data in data centers created in accordance with the requirements of the legislation of Ukraine. When contacting the Bank for the purpose of obtaining a loan or other services, personal data may be transferred to the credit bureaus and/or operators, telecommunications providers listed below that provide (mobile) communication services (for the purpose of checking the Client's parameters as a user of mobile (mobile) communication services and providing the Bank with relevant information about the Client) and processed there with the consent of the personal data subject. By giving consent to the processing of personal data when applying to the Bank for a loan, the subject of personal data gives the Bank consent to access the credit history.

Actions that will involve the processing of personal data: collection, storage, transfer, etc. with the creation of conditions for the protection of this data. 

 

Who will process personal data

JSC "BANK CREDIT DNIPRO" (owner and manager of personal data)

Requests by Clients can be submitted using the following contact details:

LLC "Ukrainian Credit Histories Bureau"

  • Address: 01001, Ukraine, Kyiv, st. Hrushevskogo, 1-d
  • Phone: +38(044) 585-11-96, +38(044) 585-11-94
  • E-mail: info@ubki.ua
  • Website: info@ubki.ua

PJSC "International Credit Histories Bureau"

  • Address: 03062, Ukraine, Kyiv, Peremohy Avenue, 65
  • Phone: +38(044) 223-33-92, +38(044) 422-51-85
  • Phone/fax: +38(044) 422-51-99
  • E-mail: info@ibch.info
  • Website: www.credithistory.com.ua

PJSC "First All-Ukrainian Credit Histories Bureau"

PRAT «Kyivstar»

PRAT «VF Ukraine» 

 

Features of personal data processing in the Bank's mobile applications

The Bank's processing of information in mobile applications  is carried out in accordance with the legislation of Ukraine, regulatory legal acts of the National Bank of Ukraine,  agreements (contracts) concluded between the Clients and the Bank, the consent provided by the Clients to the Bank, as well as in accordance with this Privacy Policy.

This Policy is applied by the Bank to the Bank's mobile applications regardless of how you (the Bank's Client) use the mobile application data: via a mobile phone, tablet, or other device with which the Bank's Client can use the Bank's mobile applications covered by this Privacy Policy.

In order to process payments made by the Bank's Clients using the Bank's mobile application and to allow the Clients to carry out other transactions, the Bank collects information specified: in agreements (contracts) concluded between the Clients and the Bank; in the consent provided by the Clients to the Bank, on the Bank's website https://creditdnepr.com.ua/,  in this Privacy Policy.

The Bank is not responsible for the confidentiality of information and security of sellers (merchants) or third parties to whom the Client directly transfers their confidential information. The Bank recommends that Clients  familiarize themselves with the privacy policies of third parties to whom the Bank's Clients transfer their confidential information.

The Bank will not disclose/transfer information belonging to the Clients to anyone outside  Bank, except for cases provided for by the legislation of Ukraine, the terms of agreements (contracts) concluded between the Clients and the Bank, the terms of the consent provided by the Clients to the Bank, this Policy.

The security of the Client's account in the mobile application depends on how the Client stores the mobile phone, tablet, or other device, password(s), PIN or other information that allows access to the Client's accounts in the relevant mobile application, and whether the Client distributes such information to third parties. In the event that the Client voluntarily provides third parties with his mobile phone, tablet, or other device and/or the above information, the third party will have access to the Client's account in the mobile application and the personal information of this Client, and the Bank is not responsible for such cases.

The Client is directly responsible for controlling access to his mobile phone, tablet, or other mobile device, mobile application that may be installed on his mobile phone, tablet, or other mobile device. The Client is also responsible for storing his passwords and/or PIN and for distributing (distributing) this information to third parties.

The Client is obliged to immediately notify  the Bank if he believes that his personal information in the mobile application has been compromised.

 

Storage of personal data

Personal data is stored for no longer than is necessary in accordance with the purpose of their processing.

The storage period of personal data when providing banking, financial services depends on the type of financial (banking) service and may be determined in accordance with regulatory legal acts (including the NBU) and be set from 5 to 10 years (in case of refusal to provide the service or in other exceptional cases, the period may differ).

The Client has the opportunity to familiarize himself with the Procedure and Procedure for Personal Data Protection in more detail on the Bank's own website on the Internet, at the following link: 6_poryadok_zahystu_personalnyh_danyh_2024.pdf

 

Changes to the Policy

This Policy may be amended and supplemented periodically and without prior notice to the Client, including in the event of changes in legislative requirements.

In the event of significant changes to this Policy, the Bank will post a notice on the Bank's website https://creditdnepr.com.ua/ and indicate the date of entry into force of these changes. If the Client does not refuse to accept them in writing within the period specified in such notice, this will mean that the Client agrees to the relevant changes to the Policy.

The Bank asks Clients to review the current version of this Policy from time to time in order to be aware of any changes and/or supplements.