Policy on Collection, Storage and Use of Website User Data

1. General Provisions

This Policy on the Collection, Storage and Use of Website User Data (hereinafter referred to as the “Policy”) defines the procedure for processing and protecting information about users of the official website of AccessBank Closed Joint-Stock Company (TIN: 1400057421) (hereinafter referred to as the “Website” and the “Bank”, respectively).

The Policy has been developed in accordance with the requirements of applicable legislation of Azerbaijan Republic on personal data protection, banking secrecy, and information security.

By using the Website, the user confirms their consent to the terms of this Policy.

2. Terms and Definitions

• Personal Data — any information relating directly or indirectly to an identified or identifiable natural person.
• User — any individual visiting the Website.
• Processing of Personal Data — any action (operation) or set of actions performed with personal data, including collection, recording, systematization, storage, use, transfer, anonymization, and destruction.

3. What Data the Bank Collects

The Bank may collect the following categories of data:

4. Purposes of Data Processing

The Bank processes users’ personal data exclusively for the following purposes:

• providing information about the Bank’s products and services
• processing user requests, applications, and inquiries
• ensuring the proper functioning of the Website
• improving service quality and user experience
• complying with legal requirements
• ensuring information and financial security

5. Legal Grounds for Data Processing

Personal data is processed on the basis of:

• the user’s consent
• the necessity to perform contracts or pre-contractual obligations
• legal requirements
• the legitimate interests of the Bank, provided that such interests do not infringe upon the user’s rights

6. Data Storage and Protection

The Bank takes all necessary organizational and technical measures to protect personal data from unauthorized access, loss, alteration, disclosure, or destruction.

Personal data is stored no longer than necessary to achieve the purposes of its processing, unless a different period is required by law.

The information systems in which user data are collected and stored have obtained a compliance certificate in accordance with the legislation of the Republic of Azerbaijan and have undergone state expert examination.

7. Transfer of Data to Third Parties

The Bank does not transfer personal data to third parties, except in the following cases:

• with the user’s consent
• at the request of government authorities in accordance with the law
• to the Bank’s employees, business partners and contractors, provided they comply with confidentiality and data protection requirements

8. Use of Cookies

The Website uses cookies and similar technologies to:

• ensure the functioning of the Website
• analyze traffic
• improve the quality of services provided.

The user may change cookie settings in their browser.

9. User Rights

The user has the right to:

• receive information about the processing of their personal data
• request clarification, updating, or deletion of their data
• withdraw consent to the processing of personal data
• appeal the Bank’s actions to authorized authorities

10. Withdrawal of Consent

Withdrawal of consent to the processing of personal data is carried out by submitting a written or electronic request to the Bank.

The Bank reserves the right to continue processing data in cases provided for by law.

11. Amendments to the Policy

The Bank reserves the right to make changes to this Policy.

The current version of the Policy is always available on the Website.

12. Contact Information

For questions related to the processing of personal data, the user may contact the Bank using the contact details provided on the Website