JSC Silk Bank (hereinafter - "the Bank", "We") undertakes to protect your privacy and personal data. This personal data protection Policy (hereinafter - "Policy") defines the way the Bank takes care of your data and what principles guide its processing. By the Policy, you will also learn your data protection rights and exercise thereof.  

We promise to care for the security and protection of your personal data; We will not use your data inappropriately and upon your request, We will furnish you with comprehensive and through details regarding processing your personal data.

1. Who We Are

JSC Silk Bank is a company registered in accordance with the legislation of Georgia, a licensed commercial Bank, which can act as a data controller. The identification code of the company: 201955027; legal address: 2 Saarbrucken Square, Tbilisi, Georgia.

For more information visit www.silkbank.ge. To contact us, please see "How to Contact Us" section.

2. What Data do We Process

The information We process may include: Identification and contact information (e.g. first name, last name, signatures, biometric data, date of birth, copies of identity documents, contact data, including email address and telephone number, address/residence, sex). Financial details (e.g. Bank account details, credit/debit card details, financial activity history, income(s) details and the related history, also, the credit history, creditworthiness, loan information and arrears; the socio-demographic information, such as employment/profession, employer's name and address, education, citizenship, salary certificate). Transaction-related information (e.g. Bank account number; income/expenditure; payments/transfers from your accounts; when and where the said transactions were effected). Communication information (e.g. the information regarding you, which the Bank obtains both from printed materials and e-mails, telephone and etc. communication channels). The informationabout third parties that you supply to us or the one concerning you, you supply to third parties (e.g. information you provide about other person(s), such as data about a spouse, potential co-borrower or a guarantor for the purpose of a joint application, or if another person provides information about you).

Information obtained from third parties - We retain the right to request and receive your personal data from third parties, such as, the databases of Credit Information Bureaus and/or Public Services Development Agency. The above information is requested in accordance with the Georgian Law on Personal Data Protection and, if necessary, based on your prior consent.  

3. The WayPurpose and Basis of Data Processing

At your consent, in order to provide services to you/consider your application, fulfill obligations under the applicable legislation of Georgia and/or protect the legal interests of the Bank, We process personal data, so that you can open a Bank account, We render and you use various banking services at your satisfaction; also for statistical analysis and business research in the aggregated or depersonalized manner solely.

We respect your data protection rights and, therefore, personal data:

• are processed lawfully, fairly and transparently;
• are collected only for explicit, specified and legitimate purposes and in line with them;
• are processed only to the extent necessary to achieve the relevant legitimate purpose and is proportionate to certain purpose for which it is processed;
• are accurate and, if necessary, kept up to date;
• are stored for the period necessary for the purposes for which data is processed (based on actual needs of the Bank and/or obligation(s) determined by the applicable legislation of Georgia).

Your data may be collected/processed at your request and in the following cases:

• when you become our client/user;
• you register on our online platforms/receive online services;
• you use our products or services;
• during telephone communication or visiting the branch;
• you use our website, mobile application and online consulting functionality (online chat);
• you send us letters by post or e-mail.
• you effect Bank transactions;
• you use open banking services;
• you use banking or bank-related services;
• We may also collect your data from organizations, such as the LEPL Revenue Service, Credit Information Bureau(s) other financial institutions or organizations.

Your data may be processed in order to:

• render banking services and provide products.
• manage our relationship with you.
• enable you to use products/services.
• process or effect transactions.
• submit and process an application/request for product/service, as well as fulfill the contractual obligations;
• perform such activities as data analysis, audit, determine whether the services are efficient, determine their usage trends to improve products.
• analyze solvency, obtain any reports, credit scores, credit information, evaluate your financial status, determine and investigate fraud, estimate its probability and inspect etc., including via the Credit Information Bureaus.
• use our website, platforms and online services (including mobile or web applications). as well as visit our branches or offices.
• contact or locate you.
• ensure your security, business continuity and risk management.
• develop a product and planning, auditing and for administrative purposes.
• improve consumption and user experience.
• notify you important information related to our products, terms, rules and Policy changes and/orother administrative information; also, enforce the terms of the contract you are a party to; take the relevant measures to provide the product/service (implementation of a contract), e.g. to make payments.
• fulfill our obligations under the applicable legislation.
• to meet a legitimate interest of the Bank or third parties. Processing may be necessary to meet our legitimate interests, for example to understand user behavior, customer expectations, to create analytical models, or understand how users use or respond to products, or to develop and improve new products. Data sharing is a legitimate interest of the Bank to improve its efficiency, customer service, product delivery etc. Ultimately, it is a necessary part for developing an ecosystem to benefit client/customers and potential client/customers, including you.
• also, in other exceptional cases where the processing is necessary for the above purpose(s).

Processing Personal Data for Direct Marketing Purposes: Only on your consent do We use your personal data for marketing purposes. We need the information to supply you with information on customized products and offers. For this purpose, We process the data you share with us or allow us to receive from third parties.

We will study your data to understand your wishes or needs, what would be of interest to you. In this way, We decide which product, service or offer may be of interest to you.

At any time, you have the right to withdraw your consent, contact us to ask to stop processing the data for direct marketing purposes. The request can be submitted at any time through the Bank's contact information, including hotline 032 2 242 242 and/or e-mail: info@silkbank.ge and/or through the opt-out mechanism offered during the direct marketing.

We respect your wishes and will stop using your data for direct marketing purposes within 5-7 days.

4. Who do We Share Your Personal Data with?

We may need to share your personal data in the cases determined by the legislation of Georgia or with the organizations that must provide us with the product or service you have selected.

If We use the services of third parties or other providers as part of our core business, We may need to share your personal data with them to perform specific tasks. Examples of cooperation with third party service providers are:

• design of web-tools and/or applications, current operational services;
• IT service providers that can provide application or infrastructure (e.g. "cloud") services;
• legal, auditing and other professional services rendered by lawyers, notaries, trustees, audit companies etc.;
• detection, investigation and prevention of fraud or other. crime or omission conducted by specialized companies;
• performance of banking/financial operations (agreements) (assisted by trust companies, investors and consultants).

Your personal data may also be shared in case of change of the Bank structure, for example: 

• if the Bank resolves to sell or alienate its assets, or carry out a merger or reorganization in another way stipulated by the law.
• in case of any of the aforesaid, We may share your data with the relevant party, provided it assumes the obligation to protect confidentiality and safeguard your data thereof.

In any case where your data is shared with third parties, We take all the measures to ensure its security.

5. Data Retention Periods

The data will be stored for the entire period of the service rendered to you and for the term necessary to achieve the goals listed above, including after the termination of the relationship with you based on the Bank account, if required for fulfillment of the obligations under the law, as well as, if necessary, for the purpose of examining and considering the claim or issue and/or in accordance with the content of the specific consent.

6. Consequences of Termination of Data Processing or Withdrawal of Consent

Sharing personal data with us is in our mutual interest. As said above, the Bank needs to process your data to achieve the listed legitimate purposes.

In the specific cases where We request your consent to data processing, We will inform you whether the request is a contractual requirement, necessary for the fulfillment of a legal obligation or a measure to achieve other goals.  

When solely your consent is required for data processing, you can choose not to share the data or withdraw your consent, which may however result in a delay in your use of certain services (e.g. simplified online services).  

7. Confidentiality Guarantees

The Bank ensures maximum protection of the confidential information provided to in compliance with the law.

Whereas the Bank uses its best efforts to protect your privacy and confidentiality of Your personal information, given that your data are not encrypted during the remote transfer, the Bank shall not be held accountable for a third party's unauthorized access to the information when it is being transferred to the Bank.

You are responsible for maintaining the accuracy of the information you submit to us. If your personal data changes, you can correct, delete an inaccuracy or amend informaion. As soon as possible, We will take reasonable steps to make the requested changes to our then-active databases. If any information you provide is untrue, inaccurate, out of date or incomplete (or is no longer true, no longer accurate, out of date or incomplete), and/or the Bank reasonably suspects the same, We may discontinue rendering the services to you.

The Bank does not exercise control over the websites displayed as searchresults or links from within its services. These other websites may place their own short information files (so-called cookies) or other files on the User's device, collect data or solicit personal information from the User, for which the Bank is not responsible or liable and fully disclaims responsibility for such. Accordingly, the Bank does not make any representations concerning the data protection practices, nor does we guearantee the accuracy, integrity, or quality of the information, data, text, software, sound, photographs, graphics, videos, messages or other materials available on such websites. If you decide to visit a third-party website linked, you do so entirely at your own risk. The Bank encourages the customer to read/examine the data protection policies of third parties.The Bank implements reasonable/appropriate security practices/measures and procedures to protect the personal data under its control from unauthorized access, misuse and disclosure, unauthorized modification and unlawful destruction or accidental loss. The Bank is not responsible for any damage/loss of data due to unauthorised access to the User’s electronic devices through which the user avails the services.

The Bank implements reasonable security practices/measures and has a comprehensive documented information security program and information security policies that contains managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of our business.

We respect your right to privacy and data protection, and other than as specifically set forth in this policy, we only disclose Your personal information in the event it is required to do so by law, a supervisory body or law enforcement agency

or when the Bank in its sole discretion, deems it necessary in order to protect its rights or the rights of others, to prevent harm to individuals or property, to prevent fraud or mitigation of the risks or to enforce or apply the "Agreement on conducting Banking Operations for Individuals and Banking Products and Service Terms".

8. You Enjoy the Data Protection Rights below:

• at any time, you can contact us to request information on processing your data and/or copies of the data, which, after properly identifying you, will be provided to you within the time limit under the law.
• you can request to rectify, update, correct or complete your personal data if it is not correct or complete. Also, the deletion and/or destruction thereof if processed improperly. After processing the said request in accordance with the relevant procedures, you will be notified about the status of your request within the time limit under the law. However, please note that We have the right to refuse to comply with the request if there is another legal basis for processing of your data or We are processing the data to justify a legal claim or a counterclaim/objection, the processing the data is necessary to exercise the right to freedom of expression or information and/or the processing is required by law provided for archiving purposes in the public interest, or for statistical purposes and/or the exercise of this right makes it impossible or significantly impairs achievement of the specified objectives.
• you can also request blocking the data and/or their transfer thereof in accordance with the rules established by the current legislation of Georgia.
• you can withdraw your consent at any time where solely your consent is required to process your personal information.

Please note that before responding to such a request, We have the right to ask you to confirm/verify your identity.

• besides registering your claim with the Bank, you also have the right to file a complaint at the Personal Data Protection Service of Georgia (for more information see: https://personaldata.ge) or the Court regarding collection and use of your personal data by us.

9. Changes to the Data Protection Policy

We reserve the right to update the Policy at any time. In case of substantial changes to the Policy or processing the user's personal information, you will have the opportunity to familiarize yourself with the information on the changed conditions relevant to the changes. Unless otherwise specified, this Policy applies to all information on you available to the Bank.

10. How to Contact Us:

In case You wish to exercise your rights (data correction, update, addition, transfer, blocking, deletion, destruction, etc.), you may contact us via Internet and/or mobile banking or e-mail us to the addresses below. Also, you may visit any branch of the Bank.

Personal data protection officer: dpo@silkBank.ge

Protection of consumer rights: info@silkBank.ge

Additionally, you may contact us on the phone number: + (995 32) 24 22 42

You may also contact the consultant via an online chat.