Ayeyarwaddy Farmers Development Bank “Bank” is a financial institution in Myanmar that adheres to ethical business conducts and compliance with applicable legal framework. The Bank is aware of your trust in the Bank’s products and services and recognizes your need for security in transaction and the handing of your personal data.
For prioritizing your privacy and safeguarding your personal data, the Bank, therefore, has set out policies, regulations and rules for the Bank’s business providing strict measures in protecting your personal data so that you can be assured that your personal data entrusted to Bank will be processed to meet your needs and in accordance with the laws.
1. What is the purpose of this Policy?
This Policy is to inform you, as a data subject, to be aware of the purposes and details of the collection, usage and/or disclosure of your personal data as well as your legal rights in connection with personal data.
2. Which personal data that the Bank collects, uses, and/or discloses?
2.1 Personal Data is data that can directly or indirectly identify you, i.e.
2.1.1 Personal data that you give directly to or through the Bank, or available to the Bank by your use of products and/or services, contact, visit, search via digital channels, branches, website, call center, assigned person or other means.
2.1.2 Personal data received or accessed by the Bank from other sources not directly from you. For example, government entities, financial institutions, financial service providers, business partners, and information service provider, etc. The Bank will collect data from other sources only when your consent is given as consistent with laws unless where necessary for the bank as permissible under laws.
Your personal data that the Bank collects uses and/or disclose are such as
– Personal information such as name, surname, age, date of birth, marital status, national identification number, passport number;
– Contact information such as home address, workplace, telephone number, E-mail;
– Financial information such as source of income, expenses, saving account numbers, balance, interests, credit card numbers, debit card numbers, financial history, assets;
– Transaction information such as financial statements, payments, borrowings, investments, purpose of transaction;
– Data related to devices or machines such as IP address, MAC address, Cookie ID; and
– Other information such as website-visiting data, voice, still picture, moving picture, and other information deemed personal data under the Personal Data Protection Laws
2.2 Sensitive Data is personal data that is specially categorized by law and will be collected, used and/or disclosed by the Bank only when the Bank has obtained explicit consent from you or where necessary for the Bank as permissible under law. The Bank may collect, use and/or disclose biometric identifiers (Biometrics), e.g., facial recognition, fingerprint recognition, retina recognition, voice recognition for the purpose of verifying and confirming identity of applicants for services and/or transaction via digital channels, branches, website, call center or other channels, etc.
(Unless otherwise specified in this Policy, personal data and sensitive data about you above will be collectively called “ Personal Data ”)
2.3 Device accessibility is request to access to in person, by telephone or electronically.
2.3.1 Device camera: the app requires your permission to use the camera, which allows the app to turn on/off camera. This is necessary for using functions of scanning QR code, taking and sending photos on the app.
2.3.2 Device storage: the app requires your permission to access the phone storage for file and gallery. This is used for the apps to store pictures or files onto the phone as well as for you to upload files or photos from your local storage to the apps.
2.3.3 SMS: the app requests access to receive/read SMS message when you perform financial transaction and non-financial transactions for more transaction-level security.
2.3.4 Location information: the app can requests permission to access for current location of the customer to allow customer to use the map for ATM, branches and agents location of A bank.
2.3.5 Contact: the app can requests permission to access contacts on the phone for technical convenience when you use perform financial transaction and non-financial transactions.
3. What are the Bank’s purposes of collecting, using and/or disclosing your Personal data?
The Bank will collect your Personal Data for your benefits in using products and/or services; for performing legal obligations required by any law applicable to Bank or you; and for any purposes provided in this Policy, as follows;
3.1 For your benefits in using the Bank’s products and/or services that meet your own purposes and for other purposes necessary under laws
3.1.1 To allow you to use the Bank’s products and/or services that meet your purposes under your contract with the Bank or to take steps at your request prior to using the Bank’s products
And/or services (Contractual Basis), for instance,
(1) to Approve the using of any products and/or services, e.g. loan request, investment, insurance, deposit, withdrawal, transfer, exchange, assets or payment; and/or
(2) to take any steps in relation to the providing of any products and/or services, e.g. processing, contact, notification, outsource, right and/or duty assignment, notification of debt payment or extension of products and/or services term, and debt collection.
3.1.2 To comply with relevant or applicable law (Legal Obligation), for instance,
(1) to comply with an order from a competent authority; and/or
(2) to comply with Financial Institution Law, Directive for the CDD Measures 18/2019, Securities Exchange Law 2013, Myanmar Insurance Law, , The Union Taxation Law 2018, Anti-money Laundering Law 2014, The Counter Terrorism Law 2014, The Countering the Financing of Terrorism Rules 2015, , Telecommunication Law 2013, Electronic Transaction Law 2004, Law Protecting the Privacy and Security of Citizens 2017, Insolvency Law 2020, and other laws to which the Bank is subject both in Myanmar and in other countries including
Regulations and rules issued pursuant to such laws.
If the bank is required to collect, use and/or disclose your Personal Data to meet our legal obligations or enter into an agreement with you, the bank may not be able to provide (or continue to provide) our products and/or services to you if the bank cannot collect your
Personal Data when requested.
3.1.3 To take necessary steps for the Bank’s legitimate interests or other individual or legal person which are not overriding your reasonable expectations (Legitimate Interest), for instance,
(1) to record voice conversation with call center or images from CCTV, to exchange ID cards
Before entering buildings;
(2) to maintain relationship with customers, e.g. complaint handling, satisfaction survey, customer service by the Bank’s staff, notification or offer on any products and/or services of the
Same types you are using for your benefits;
(3) to manage risks, monitor, manage within organization including to refer such tasks to affiliated companies in the conglomerate under the Personal Data related policy of the
Conglomerates (Binding Corporate Rules);
(4) to anonymize your Personal Data (Anonymous Data);
(5) to prevent, respond, and minimize potential risks arising from corruption, cyber threat, debt default or contractual breach (e.g. bankruptcy related data), law violation (e.g. money laundering, financing of terrorism, offences related to property, life, body, liberty or fame); including sharing Personal Data to enhance work standards of affiliated companies/other companies in the same business in order
To prevent, respond and minimize the above risks;
(6) to collect, use and/or disclose the Personal Data of directors, representatives, agents of customers that are legal person;
(7) to contact, voice or image recording during meetings, trainings, seminars or booth activities;
(8) to collect, use, and/or disclose the Personal Data of person under court’s receivership order; and
(9) to receive – dispatch parcels.
3.2 To enable you to receive benefits from using products and/or services according to your given consent, for instance,
For you to receive products and/or services that are better and suitable for your need;
For you to receive offers, privileges, recommendations and other information including eligibility to attend special activities;
regardless of being products and/or services, privileges, promotions, information or special activities of the Bank, or person of whom the Bank is an agent, agent, distributor, business partner or a third party associated with the Bank, depending on your given consent.
4. To whom may the Bank disclose your Personal Data?
The Bank may disclose your Personal Data to other person to the extent permissible under your consent or law. The persons or entities receiving such data will collect, use, and/or disclose the Personal Data to the extent permissible under your consent or related to this Policy.
The Bank may disclose your Personal Data for various purposes, e.g. providing services to you; analyzing and developing products and/or services, conducting research or analyzing statistical data; promoting sales and advertising by the Bank; managing organization; preventing corruption; allowing the Bank’s supporting service providers; verifying customers’ identity, etc.
The Bank may disclose the data to other persons or entities. For example, the Personal Data processors, business partners launching products with the Bank (Co-branding), external service providers, the Bank’s agents, sub-contractors, financial institutions, auditors, external auditors, credit rating companies, asset management companies, competent authority, prospective assignees and/or assignees in any transaction or business merger of the Bank, any corporations or individuals under relationship or contract with the Bank; including executives, staffs, employees, contractors, agents, the Bank’s advisor and of those person or entity who receive the data, etc.
In case of disclosing your Personal Data to other persons for the marketing purposes of the data receiver, e.g. sale promotions, advertisements or products and/or services offers for you, etc., the Bank will notify you of a list of the data receivers to take into consideration when making a decision to give consent.
5. Can the Bank send or transfer your Personal Data to other countries?
When it is necessary, the Bank may send or transfer your Personal Data to affiliated companies/companies in the same business located in other countries or to other receivers in ordinary course of the Bank’s business, e.g. sending or transferring the Personal Data to be stored on server/cloud in other countries.
If the receiving countries do not maintain adequate standard levels, the Bank will ensure that the sending and the transferring are in compliance with legal requirements and will put in place the Personal Data protection measures as necessary, appropriate and in consistent with confidentiality measures. For example, entering into confidentiality agreement with receivers in such country; or in case of affiliated companies/companies in the same business being the receivers, setting out the Personal Data policy that is audited and certified by competent authorities under relevant law and controlling the sending and transferring to comply with such policy instead of legal requirements.
6. How long does the Bank retain your Personal Data?
The Bank will retain your Personal Data for as long as necessary during the period you are a customer or under relationship with the Bank, or for as long as necessary in connection with the purposes set out in this Policy, unless law requires or permits longer retention period. For example, retention pursuant to Anti-money Laundering Law, retention for proving and examining in the event of dispute within legal prescription period of at least 5 years, etc.
The Bank may erase destroy, or anonymize the Personal Data when it is no longer necessary or when the period lapses.
7. How does the Bank protect your Personal Data?
For retention of your Personal Data, the Bank implements technical measures and organizational measures to ensure appropriate security in the Personal Data processing and preventing Personal Data breach. The Bank has set out policies, rules and regulations on Personal Data protection, e.g. security standards of information technology and measures to prevent data receivers from using or disclosing the data outside the purposes or without authorization or unlawfully. The Bank has amended the policy, rule and regulation as frequently as necessary and appropriate.
Moreover, the Bank’s executives, staffs, employees, contractors, agents, advisers and data receivers are obligated to keep the Personal Data in confidence pursuant to confidentiality measure provided by the Bank.
8. What are your rights related to Personal Data?
Your rights described here are legal rights that you should be informed. You may exercise any of these rights within legal requirements and policies at the present or as amended in the future as well as regulation set out by the Bank. In case you are under 20 years old or your legal contractual capacity is restricted, your father and mother, guardian or representative may request to exercise the rights on your behalf.
8.1 Withdrawal of consent: If you have given consent to the Bank to collect, use and/or disclose your Personal Data (whether before or after the effective date of the Personal Data Protection law), you have the right to withdraw such consent at any time throughout the period your Personal Data available to Bank, unless it is restricted by laws or you are still under beneficial contract.
Withdrawal of your consent may affect your use of products and/or services. For example, you may not receive privileges, promotions or new offers, products and/or services that are enhanced and consistent with your needs, or not receive beneficial information, etc. For your benefits, you are advised to learn and ask for consequences before withdrawing your consent.
8.2 Data Access: You have the right to access your Personal Data that is under the Bank’s responsibility; to request the Bank to make a copy of such data for you; and to request the Bank to reveal as to how to Bank obtain your Personal Data.
8.3 Data Portability: You have the right to obtain your Personal Data if the Bank organizes such Personal Data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request the Bank to send or transfer the Personal Data in such format directly to other data controllers if doable by automatic means; and to request to obtain the Personal Data in such format sent or transferred by the Bank directly to other data controller unless not technically feasible
Your Personal Data above must be under your consent given to the Bank to collect, use, and/or disclose; or those the Bank deems necessary to collect, use and/or disclose to allow you to use products and/or services that meet your need under your contract with the Bank; or to take steps at your requests before using products and/or services; or as legally required by competent authority.
8.4 Objection: You have the right to object to collection, use and/or disclosure of your Personal Data at any time if such doing is conducted for legitimate interests of the Bank, corporation or individual which is within your reasonable expectation; or for carrying out public tasks. If you request to object, the Bank will continue collecting, using and/or disclosing your Personal Data only when the Bank can establish a legal basis that doing so is more important than your fundamental rights; or to affirm legal rights; to comply with laws; or to defend a legal proceedings, depending on a case by case basis.
In addition, you have the right to object to collection, use and/or disclosure of your Personal Data carried out for purposes related to marketing, scientific, historical or statistical research.
8.5 Data Erasure or Destruction: You have the right to request the Bank to erase, destroy or anonymize your Personal Data if you believe that the collection, use and/or disclosure of your Personal Data is against relevant laws; or retention of the data by the Bank is no longer necessary in connection with related purposes under this Policy; or when you request to withdraw your consent or to object to the processing as earlier described.
8.6 Processing Suspension: You have the right to request the Bank to suspend processing your Personal Data during the period where the Bank examines your rectification or objection request; or when it is no longer necessary and the Bank must erase or destroy your Personal Data pursuant to relevant laws but you instead request the bank to suspend the processing.
8.7 Data Rectification: You have the right to rectify your Personal Data to be updated, complete and not misleading.
8.8 Complaint Lodging: You have right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use and/or disclosure of your Personal Data is violating or not in compliance with relevant laws.
8.9 The exercise of rights above may be restricted under relevant laws and it may be necessary for the Bank to deny or not be able to carry out your requests, e.g. to comply with laws or court orders, public tasks, your request in breach of rights or freedom of other persons, etc. If the Bank denies the request, the Bank will inform you of the reason.
9. How can you contact the Bank and the Data Protection Officer?
If you have any suggestions or inquiries regarding collection, usage and/or disclosure of your Personal Data as well as a request to exercise your rights under this Policy, you may contact the Bank via the following channel:
Contact Center: Tel (+951) 9559199, (+951) 9559399
(+951) 8430963 ~ 66
Address: No. (108), Corner of Kabaraye Pagoda Road and NatMauk Road, BoCho (1) Quarter, Bahan Township,Yangon, Myanmar.