Dear Clients and Perspective Clients of the Bank,
we would like to inform you that in order to provide banking and financial services FUIB JSC performs processing (including transmission) of personal data provided by clients and perspective clients after obtaining consent in order to comply with the law, namely, the Law of Ukraine "On Personal Data Protection" and the Law of Ukraine "On Banks and Banking".
Awareness of clients and perspective clients about the future personal data processing is the key to voluntary and competent decision-making on the personal data processing.
To help you to decide on the personal data processing consent, FUIB JSC informs you about the following:
https://pumb.ua site (hereinafter referred to as the "Site") is managed by FUIB JSC, Unified State Register of Enterprises and Organizations of Ukraine Code 14282829, the legal entity that is registered and acting in accordance with the legislation of Ukraine (hereinafter referred to as the "Bank" or "FUIB JSC").
The Bank has great respect for the confidential (personal) information of all, without exception, persons who intend to receive or already receive banking and financial services of FUIB JSC who visited the Site, as well as those who use the services provided by the Site. In this regard, the Bank seeks to protect the personal data confidentiality (information or a set of information about an individual who is identified or can be specifically identified), including by creating and providing the most comfortable conditions for using the Site services to each user.
The Privacy and Personal Data Protection Policy (hereinafter referred to as the "Policy") sets out the procedure for the personal data processing by the Bank, types of personal data collected, purposes and goal of using such personal data, interaction of the Bank with third parties, security measures to protect personal data, terms of access to personal data, as well as contact information for the user to access, change, block or delete their personal data and address any questions that may arise regarding the personal data protection practice.
FUIB JSC (holder and controller of personal data)
Ukrainian Bureau of Credit Histories LLC
International Bureau of Credit Histories PJSC
First All-Ukrainian Bureau of Credit Histories PJSC
VF Ukraine PJSC
The processing and storage of the provided personal data are carried out by the Bank in data centers created following the requirements of the legislation of Ukraine. When contacting the Bank for the purpose of obtaining a loan or other services, personal data may be transferred to the above credit bureaus and/or operators, telecommunications providers providing (mobile) communication services (in order to verify the customer's parameters as a user of mobile services and providing the Bank with relevant information about the customer) and processed there with the consent of the subject of personal data.
Actions that will be provided by personal data processing: collection, storage, transfer, etc. with creation of conditions for this data protection.
For processing in the database (system) of personal data of JSC “PUMB”, personal data provided by a customer, potential customer (full name, date of birth, place of residence (stay), information on residence (including tax residence of the USA), the identification number of the individual (individual tax number) may be included; the series and number of the passport (or other identity document), the date of issue and the authority that issued it, contact phone number, other data obtained, including those obtained from open sources).
Your personal data is used to ensure provision of banking, financial and other services, Internet services of the Site, exchange of information, news, relations in the field of advertising and communication, respectively, and to comply with the laws of Ukraine, including, but not limited to: "On Banks and Banking". "On Protection of Personal Data", "On Ratification of the Convention for Protection of Individuals with regard to Automatic Processing of Personal Data and the Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data concerning Supervisors and Cross-Border Data Flows", About Information "," About Advertising ", as well as considering the principles and rules of the General Data Protection Regulation (GDPR) of the European Union.
The purpose of personal data processing is provision of banking, financial services, establishment of business relations and contractual relations, preparation of statistical, administrative and other information, in accordance with the requirements of law, as well as internal documents of FUIB JSC on banking issues. FUIB JSC may use impersonal data for the purpose of targeting advertising and/or information materials by age, gender, other data; conducting statistical surveys.
The purpose and grounds for personal data transmission (other conditions regarding personal data processing) may be supplemented or specified in the agreement with the Bank.
Personal data is stored for no longer than is necessary in accordance with the purpose of its processing.
After the personal data subject ceases to be a user of the Site by deleting his/her account on the Site, his/her personal data is also automatically deleted.
The period of personal data storage when providing banking and financial services depends on the type of financial (banking) service and can be determined in accordance with regulations (including the NBU) and can be set from 5 to 10 years (in the case of refuse to provide services or in some other exceptional cases the term may differ).
The Bank is the holder and controller of the Site user personal data.
When the user uses the Site services, the Bank processes the user's data, namely:
- data provided by the user both when filling out registration forms and in the process of using the services, including, but not limited to:
- last name, first name, patronymic; taxpayer identification number (identification number);
- actual place of residence and state registration, living conditions;
- education, occupation, specialty, work experience and information about the place of work and position;
- personal information about age, marital and family status, relatives;
- data and copies of documents issued in the name of an individual or on his/her behalf;
- financial condition, income, types of accruals and deductions;
- e-mail address, telephone numbers and other electronic identification data;
- voice recordings, images (photos and videos);
- credit history and any information on the status of execution of obligations under agreements concluded with the Bank and other deeds by an individual;
- information on the actions of an individual and their results that took place within execution of agreements concluded with the Bank;
- other information that became known to the Bank due to implementation of legal relations with an individual, in compliance with the requirements of the legislation of Ukraine and internal documents of the Bank;
- IP address;
- parameters and settings of Internet browsers (User-agent).
The Bank collects only those personal data (for example, your name and surname, login and password, e-mail address, contact phone number, date of birth, gender, and etc.) that are knowingly and voluntarily provided by you as a personal data subject for the purpose of using the services provided by the Bank, the Site services which in accordance with the law is the consent of the personal data subject to his/her personal data processing in accordance with the purpose of its processing.
When visiting the Site, all system logining is recorded. Other user traffic information is not processed or stored.
Please note: the Bank is limited to collecting the minimum scope of information required solely to fulfill the personal data subject request. In any case, when optional information is requested, the user will be notified at the time of such information collection.
The Bank does not collect any information the processing of which is limited with some requirements of the law, such as information about racial or ethnic origin, political, religious or ideological beliefs, membership in political parties and trade unions, criminal convictions for committing a crime, or conviction, as well as data related to health, sexual life, biometric or genetic data (according to Article 7 of the Law of Ukraine "On Protection of Personal Data").
The Bank collects data on statistics of Site visits. The information may include information about the connection, traffic, user's browser, as well as the date, time, duration of work on the Internet and stay on the Site.
- credit and/or debit card numbers, their current balance and expiration dates of cards;
- bank account numbers, their current balance and expiration dates;
- date of birth, taxpayer identification number (TIN) or any other identification number recognized by the state.
In case it is necessary to register the Bank's client and/or his/her electronic device in the Bank's mobile application, the Bank also collects:
1. device information, such as operating system version, hardware model, IMEI, and other unique device identifiers. The bank does not collect information about the history of calls, contact list, and etc.;
2. information on the Bank's client (user in the Service (system)) actions, such as: time and duration of using the Services, actions performed by the Bank's client while using the Services and any other information that may be stored in cookies used by the Bank on some devices;
3. other information — about the Bank's client use of the service using the Services, for example, how the Bank's client uses the content provided by the Service.
When using the mobile application to process a transaction, the Bank uses information about the transaction, including: date, time and amount of the transaction, location and description of the seller (merchant), description provided by the seller of the goods or services for which payment is made, the method of payment used, the purpose of payment and any other information that may be added to the transaction by the seller and/or buyer (the Bank's client).
In order to provide the Bank's clients with the opportunity to confirm their actions in the Service (system) with a one-time temporary password (OTP), the Bank requests access to SMS services. The one-time temporary password can be requested within registration or certain actions when using the mobile application (financial transactions, card unlocking, and etc.). In order to carry out the client's financial operation, the Bank uses the mobile phone number of such Bank's client. The Bank does not collect information on the Bank's client SMS history, his/her contact list, and etc. The Bank may also register the device in the relevant services provided by Google or Apple in order to enable the Bank's client to confirm his/her actions in the Service (system) by PUSH-messages.
The Bank also collects and stores information provided by the Bank's client directly to the Bank, as well as data of the Bank's client as a user used for his/her registration and/or registration of his/her device in the mobile application for processing these Bank’s client payments.
The Bank uses the information it collects (and may combine with other collected information about the Bank's client) for the following purposes:
- registration of the Bank's client and/or his/her device in the Services;
- provision of a service or function in the Services ordered by the Bank's client;
- provision of personalized content and recommendations for using the mobile application;
- for advertising, for example, providing the Bank's client with personalized offers, sending him/her advertising messages;
- to assess and analyze the market, clients, products and services provided through the mobile application (including surveys of clients on services provided via the mobile application);
- to conduct the research on how Bank's clients-users use the provided Services to improve the quality of services;
- to provide updates and technical support of the Services on the Bank's client's device;
- other information with the Bank's client consent.
The Bank will not disclose/transmit the Bank's client information to anyone outside the Bank, except as provided by the legislation of Ukraine, the terms of agreements (contracts) between the clients and the Bank, the terms of the consent provided by the Bank's clients.
The security of the Bank's client's account in the mobile application depends on how the Bank's client stores a computer, mobile phone, tablet or other device, password(s), PIN or other information that allows access to the Bank's client's accounts in the respective Services, and whether the Bank's client distributes this information to the third parties. If the Bank's client voluntarily provides the third parties with its computer, mobile phone, tablet or other device and/or the above information, the third party will have access to the Bank's client's account in the Service and personal information of this Bank's client, the Bank shall not be responsible for such cases.
The Bank's client shall be directly responsible for controlling access to his/her computer, mobile phone, tablet, or other mobile device, mobile application that may be installed on his/her computer, mobile phone, tablet, or other mobile device, the Bank's client shall also be responsible for storing his/her passwords and/or PINs and for distribution (dissemination) of this information to the third parties.
The Bank's client shall also be obliged to immediately notify the Bank if he/she believes that his/her personal information in the mobile application has been compromised.
The Bank may process personal data obtained using the NBU BankID System (including remote identification). Using the NBU BankID System may be requested (transfer) from the subscriber-identifier data (including personal data), the list and volume of which are indicated below:
- last name, first name, middle name
- registration number of the taxpayer's account card (identification number)
- date of birth
- the place of birth
- registration address (country, postcode, region, district, city, street, house number, apartment number)
- address of the actual place of residence (country, postcode, region, district, city, street, house number, apartment number)
- social status
- the place of work
- email address
- data of identification documents issued in the name of an individual (document type, series, document number, issued by whom, date of issue of the document, validity period of the document, unique number of the customer's entry in the UNCR registry)
The purposes of using personal data obtained using the NBU BankID System is indicated above. Information on the conditions and procedure for the provision of services for obtaining which personal data is received using the NBU BankID System is posted on the Bank's website in the relevant section of the corresponding service.
Cookie is (are) a text file(s) that contain(s) a small amount of information that is (are) sent to a web browser and stored on the user's device. Such devices may include a computer, mobile phone or other device through which the user visits the Site.
Cookies can be perpetual (they are called persistent cookies) and stored on the computer until the user deletes them or temporary (such cookies are called session cookies), i.e. stored only until the browser is closed. In addition, cookies are divided into primary (they are set directly by the site visited) and third-party (set by other websites).
It is important:
- when the user visits the Site again, the cookie data is updated;
- in most cases, the default web browser allows automatic storage of cookies on the user's device;
- disabling cookies may lead to restriction of access to published materials and/or malfunction of the Site services.
The Bank cares about its users and tries to make their stay on the Site as comfortable as possible, for this purpose the Bank needs to analyze the behavior, preferences and interests of the user via cookies. This analysis will help the Bank to improve the experience of interaction with the Site, determine the most user-friendly interface and navigation of the Service.
According to the classification of the International Chamber of Commerce, the Bank uses the following categories of cookies:
Strictly necessary cookies are required for the user to navigate on the web page and when using certain services, for example, to access secure pages, registration and authorization, search the Site. Also, remember the previous actions of the user when going to the previous page in the same session.
Operational cookies aggregate information about how the Site is used. This data is stored on the user's device between web browser sessions. Examples of such data are the following metrics: time spent on the Site, the most frequently visited pages, understanding which sections and services of the Site were most interesting to the user, how effective the advertising and/or marketing campaign was, and etc.
All information collected through operational cookies is designed for statistical and analytical purposes. Some cookie data may be provided to the third parties who have permission from the website and for the above purposes only.
Functional cookies are used to store parameters or configurations that are stored on the user's device between web browser sessions. Examples of such data are the following metrics: username, profile photo, information on comments left, Site language version, location, information on whether the user has been provided with any information or selected preferences previously, as well as other Site setting parameters.
These cookies also allow users to watch videos, participate in interactions (polls, voting) and interact with social networks.
To make the experience more pleasant after visiting the resource, these cookies remember the information provided by the user, increasing the efficiency of interaction with the Site.
Some cookie data may be provided to the third parties who have permission from the website and for the above purposes only.
Target cookies are used to provide content that may be interesting to the user. This data is stored on the user's device between web browser sessions. Examples of such data include the following metrics: tracking the recommended text, graphics, audio, and video to avoid reruns, managing the targeted advertising, evaluating the effectiveness of advertising campaigns, information about user visits to other resources within conversions, and other Site setting parameters.
The Site may share this information with other parties, including media customers, advertisers, agencies, and related business partners, in order to provide qualitative targeted advertising.
Cookies of Third-Party Services and Analytics Services
For prompt delivery, better display and detailed analysis of content on the Site, the Bank uses services that are owned by other third parties, such as Facebook, Twitter, Instagram, Alphabet Inc., Gemius and etc.
Please note that the Site may not affect the operation of cookies used by these services. All the necessary information about their use can be found by visiting the appropriate resource.
Major web browsers (listed below) are set to automatically accept cookies. To disable them, use the help function in your browser. Help can be called up via the menu or using F1 key.
It is important:
- the configuration of cookie settings for mobile web browsers may differ;
- it shall be noted that full-fledged work with the Site is available only when using cookies;
- disabling cookies may restrict access to the content and malfunction of the Site services.
Information about users obtained via cookies is not sold or disseminated in the public domain, and is also the property of the Bank that owns the resource.
When the user uses the services, the pages of the Site may contain codes of other Internet resources and third parties, as a result of which such Internet resources and third parties receive your data. Therefore, these online resources may receive and process information that you have visited these pages, as well as other information transmitted by the user's browser.
Use of these services of the Bank is necessary for the operational analysis of Site visits, internal and external assessment of site traffic, depth of views, user activity. The Bank does not store or process the data received from these services.
Accordingly, if the user for any reason does not want these services to access his/her personal data, the user can voluntarily log out of his/her account or profile and clear cookies (through his/her browser).
The Site is not designed for minor users, except for users who can apply to the Bank to obtain banking and financial services. The Bank takes security issues very seriously, especially for minors, and for its part, the Bank calls on parents to explain to their children the problems of Internet safety, their specific purpose and need for use of certain Site services.
The Bank does not transfer personal data to the third parties, except when such transfer is required by law, at the request of the personal data subject or in other cases provided herein. The Bank understands that personal information is a value and integral content, including personal intangible rights of any individual, and therefore takes all possible measures to protect personal information of users, voluntarily and knowingly transmitted by the latter to the Bank.
The Site may contain links to other websites (for informational purposes only). When linking to other websites, this Policy will not apply to such sites. In this regard, the Bank recommends that you review the privacy and personal data policies of each website before transmitting any personally identifiable information.
Information about the activity (traffic) of users who pass through the network or the user's e-mail on the Site is protected in accordance with the law. That is, the Bank in no way violates the secrecy of the user "activity" when he/she uses the Site services.
The Bank uses generally accepted standards of process and operational protection of information and personal data against loss, misuse, alteration or destruction. However, despite all efforts, the Bank cannot guarantee absolute protection against any threats arising outside the Bank's control.
The Bank ensures using all relevant confidentiality obligations, as well as technical and organizational security measures to prevent unauthorized or illegal disclosure or processing of such information and data, their accidental loss, destruction or damage.
The Bank provides access to information and personal data only to authorized employees who gave consent to ensure the confidentiality of such information and data in accordance with the Bank's requirements.
Dissemination of personal data without the consent of the personal data subject or his/her authorized person is allowed in cases specified by law and only (if necessary) in the interests of national security, economic well-being and human rights.
The procedure for access to personal data of the third parties is determined by the conditions of the user's consent provided to the personal data holder for such data processing, or in accordance with the requirements of the law.
The user shall have the right to receive any information about himself/herself from any subject of relations regarding the personal data subject to specifying the surname, name and patronymic, place of residence (stay) and details of the document that certifies the individual who submits the request, except as provided by law.
The user shall have access to data about himself/herself free of charge.
Deferring the user's access to his/her personal data is not allowed.
Deferring access to personal data of the third parties is allowed if the necessary data cannot be provided within thirty calendar days from the request receipt date. In this case, the total term for resolving the issues raised in the request may not exceed forty-five calendar days.
The notice of deferment shall be notified to the third party who submitted the request in writing, explaining the procedure for appealing against such decision.
The decision to defer or deny access to personal data may be appealed to the Commissioner for Human Rights of the Verkhovna Rada of Ukraine or a court.
The Bank informs you about your rights as a personal data subject that are regulated by the Law of Ukraine "On Personal Data Protection", namely:
1. to know about the sources of collection, location of their personal data, the purpose of their processing, location or place of residence (stay) of the personal data holder or controller or give a corresponding order to obtain this information to authorized persons, except as provided by the law;
2. to receive information about the conditions for granting access to personal data, namely, information about the third parties to whom his/her personal data is transferred;
3. to access his/her personal data;
4. to receive an answer as to whether his/her personal data is processed, as well as to receive the content of such personal data no later than thirty calendar days from the date of request receipt, except as provided by the law;
5. to make a reasoned request to the personal data holder with an objection to his/her personal data processing;
6. to make a reasoned request to change or destroy his/her personal data by any personal data holder and controller, if this data is processed illegally or is inaccurate;
7. to protect his/her personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, non-provision or untimely provision, as well as to protect against provision of information that is unreliable or discredits the honor, dignity and business reputation of an individual;
8. to file claims against the processing of his/her personal data to the Commissioner for Human Rights of the Verkhovna Rada of Ukraine or to a court;
9. to apply legal remedies in case of violation of the legislation on personal data protection;
10. to make reservations regarding the restriction of the right to process his/her personal data within the consent granting;
11. to withdraw consent to the personal data processing;
12. to know the mechanism of automatic personal data processing;
13. to obtain protection against an automated decision that has legal consequences for him/her.
To update, access, change, block or delete your personal data, withdraw consent to processing of personal data provided by you to the Bank in accordance with this Policy, or in the case of any comments, wishes or claims regarding your personal data that is processed by the Bank, please contact the Bank: by e-mail [email protected] or write a letter to: 0470, Ukraine, Kyiv, 4 Andriivska Str.
The personal data subject may give consent to the processing (including transfer) of personal data in writing (including electronic, including, as affixing the appropriate designation/mark, sending a password/code or sending data to JSC “PUMB” by means of communications: JSC “PUMB” website, e-mail, instant messengers, etc.) or in the form, which allows to conclude that consent has been given. In particular, consent may include ticking a box when visiting the Website, the choice of technical settings for informational services, or other documentary evidence or methods of action that clearly indicate, in this context, the acceptance by the data subject of the proposed processing of his personal data. Any form of consent confirms acquaintance of the client, potential client with the above information, in particular: the sources of personal data collection, the location of personal data, the purpose of their processing, the conditions for granting access to personal data, their transfer and third parties to whom personal data can be transferred, the location of the owner and manager of personal data, awareness of the processing of personal data.
When visiting the Website, silence, a previously ticked checkbox when visiting the Website, or inaction, in turn, should not be construed as consent. The consent must cover all data processing carried out for the same purpose or such a purpose. In the event that data processing has several purposes, consent is necessary for each of them unless otherwise provided in the contract.
This Policy may be amended and supplemented from time to time and without prior notice to the user, including when changing the requirements of the law.
In the case of significant amendments to this Policy, the Bank will post a notice on the Site and specify the date of entry into force of these amendments. If you do not refuse to accept them in writing within the specified period, it will mean that you agree with the relevant amendments to the Policy.
We ask you to review the Policy from time to time in order to be aware of any amendments and supplements.