Annual Report 2024 Turning the Dream of Home into a Goal
Download report in PDF

Customer Privacy

The Bank ensures the privacy of customers and protection of personal data in strict compliance with the laws of the Republic of Kazakhstan.

Personal data of the customers is collected by front office employees with the consent of the customers or their representatives. Customer personal data is processed and used within the limits and to the extent provided for by the customer’s consent, as well as in cases stipulated by the laws of the Republic of Kazakhstan, by the Bank’s employees (consultants, agents working under an engagement agreement, a paid services agreement) directly using them for official purposes.

The Bank may not transfer processed personal data to third-party organizations and (or) third parties without the customer’s consent, except for cases stipulated by the laws of the Republic of Kazakhstan.

Processing of publicly available personal data obtained from appeals and requests of entities and individuals, biographical directories, telephone, address books, mass media, and in other cases stipulated by the laws of the Republic of Kazakhstan may be carried out without the customer’s consent.

The Bank takes the following measures to ensure the confidentiality of personal data:

  1. an undertaking of non-disclosure of information constituting a trade secret and other confidential information of the Bank is signed with all employees when concluding an employment contract, and with agents, consultants when concluding an engagement agreement or a paid services agreement;
  2. employees, employees of structural units do not allow dissemination of personal data without the consent of the customers or their legal representative, or other legal basis. Customer personal data is disclosed to third parties only with their consent or their legal representative’s consent, or other legal basis.
  3. all structural units and employees, agents, consultants of the Bank, take measures aimed at timely detection and identification of facts of unauthorized access to personal data, namely notification of their immediate supervisor and internal control unit of all suspicious situations and violations in the work with customer personal data;
  4. prevention of unauthorized access to personal data and (or) their disclosure to persons who have no right of access to such information by restricting access to electronic databases of personal data with a password, to paper versions of personal data – to persons having official access only;
  5. other measures not provided for in this Procedure, but ensuring continuous control over ensuring the level of protection of personal data.

In case of violation by the Bank or other persons having access to customer personal data of the rules governing the receipt, processing, storage, transfer and protection of customer personal data, they bear disciplinary, administrative, civil or criminal liability in accordance with the applicable laws of the Republic of Kazakhstan.

In 2024, four incidents involving the disclosure of information classified as banking secrecy were recorded. These violations were committed by employees of the Bank. In response to the confirmed incidents and in order to prevent similar cases in the future, the Bank implemented a series of necessary measures. Specifically, the head of the relevant department was advised to strengthen control over employees’ compliance with the Bank’s internal documentation regulating the procedure for disclosing information that constitutes banking secrecy.

There were no legal proceedings in 2024 related to breaches of customer privacy.