The Policy on Personal Data Protection and Processing for Users of the Mobile Application of JSC “Islamic Bank “Zaman-Bank” (hereinafter – the Policy) establishes the requirements for ensuring the security of your personal data within JSC “Islamic Bank “Zaman-Bank” (hereinafter – Zaman Bank), and also defines what personal data is collected by Zaman Bank, how it is used, and how it may be shared with third parties.

The following terms and definitions are used in this Policy:

• Mobile Application – a software application provided by Zaman Bank for the provision of Services, including the exchange of electronic documents required for obtaining and executing banking services, in accordance with the terms of the agreement and the legislation of the Republic of Kazakhstan;

• Personal Data – any data, including biometric data, relating to an identified or identifiable User, recorded on electronic, paper, and/or other tangible media, as well as any future changes and/or additions thereto, and necessary and/or sufficient for identification in accordance with the legislation of the Republic of Kazakhstan, including IIN, full name, mobile phone number, date and/or year of birth, residential address, salary and other income (including similar data of third parties provided by the User within the Mobile Application when receiving Services);

• User(s) – individuals, including individual entrepreneurs, registered in the Mobile Application or intending to register;

• Terms on Collection and Processing of Personal Data and Disclosure of Banking Secrecy (hereinafter – the Terms) – a document governing relations related to the provision (possible provision) of Personal Data to the Bank, including procedures and conditions for processing Personal Data and disclosure of banking and other legally protected secrets, published on the website: www.zamanbank.kz;

• Service(s) – banking services provided by Zaman Bank to the User, as well as services of partner platforms and government authorities available through the Mobile Application.

Personal Data of Users is collected by Zaman Bank for the purpose of providing banking and other services, including partner and government services, during installation and use of the Mobile Application, ensuring the security of financial transactions, safe provision of financial services (including opening accounts, deposits, financing), proper delivery of Services, fulfillment of contractual obligations, and for other purposes defined in the Terms.

With the User’s consent, the Mobile Application may access:

• geolocation (to determine location);

• application performance data (information about user activity, date and time of visits, diagnostic reports, failures and performance characteristics of the Mobile Application, device model, operating system information, and unique user and device identifiers);

• contacts (phonebook data) (allowing the User to select a payment or transfer recipient from contacts for transfers by phone number);

• camera of the User’s mobile device (for identification procedures and scanning QR codes for payment of services);

• payment information (data on the time and amount of transactions performed, payment methods, and information about the recipient and/or service provider);

• sending notifications, offers, and requests related to the use of the Mobile Application features.

When processing Users’ Personal Data, Zaman Bank is guided by this Policy, the Terms, the requirements of the Law of the Republic of Kazakhstan “On Personal Data and Their Protection,” as well as international treaties ratified by the Republic of Kazakhstan. This Policy has been developed in accordance with these requirements and is applied in conjunction with the Terms.

Processing of the User’s Personal Data is carried out without time limitation or until the purposes of their collection and processing, as specified in the Terms, are achieved, by any lawful means, including within personal data information systems with or without the use of automation tools.

By installing and/or using the Mobile Application, the User confirms acceptance of the Terms and provides consent to the collection and processing of Personal Data by Zaman Bank under the terms and in the manner as provided for in the Terms, including the provision of consent through the performance of actions specified in the Terms (including registration in the Mobile Application, completion of forms, submission of service requests, etc.).

Zaman Bank processes Personal Data for the purposes specified above, including for compliance with legal and regulatory requirements, fulfillment of obligations to government authorities, handling of claims, debt collection and other legal proceedings, prevention of fraud and misuse of Services, as well as ensuring data security.

Zaman Bank may share Users’ Personal Data with partners and other companies related to Zaman Bank for the purposes specified in this Policy, as well as with persons specified in the Terms.

Zaman Bank does not disclose Users’ Personal Data to any third parties not affiliated with Zaman Bank and/or not specified in the Terms, except where the User has provided consent for such disclosure.

Zaman Bank receives and processes Personal Data provided by third parties, which may include data relating to the User and/or other persons specified by the User. For example, when Zaman Bank clients use the Mobile Application, they may provide Zaman Bank with a mobile phone number and/or other data, as well as personal data of third parties (Individual Identification Number (IIN), full name, mobile phone number, date and/or year of birth, email address, residential address) for the purpose of making money transfers, etc.

Zaman Bank does not transfer your Personal Data to third parties, including information on transactions performed using the Mobile Application, except in the following cases:

- where such transfer is carried out in accordance with this Policy and in favor of the persons specified herein;

- where such transfer is carried out in accordance with the Terms and in favor of the persons specified therein;

- where such transfer is carried out based on your consent and in favor of the persons specified in such consent;

- where such transfer is carried out in cases provided for by the legislation of the Republic of Kazakhstan, including where obtaining your consent is not required.

When you provide Zaman Bank with Personal Data of third parties (including IIN, full name, mobile phone number, date and/or year of birth, email address, residential address), whether directly or through third parties, you confirm that you have obtained their prior consent for the collection and processing, including cross-border transfer, of such Personal Data to Zaman Bank and third parties for the provision of relevant services, without the right to place such data in publicly accessible sources.

You bear sole responsibility to third parties for your actions related to the use of the Mobile Application, including for the accuracy of the data entered in the Mobile Application and its compliance with the identification documents of such third parties.

Zaman Bank takes all necessary measures to protect your Personal Data from unauthorized interference, unauthorized access, alteration, disclosure, or destruction, as well as to detect possible distortions and/or changes in the content of electronic documents.

The Mobile Application ensures the protection of transmitted data. Passwords are not displayed and are stored and transmitted exclusively in encrypted form.

For the safe use of the Mobile Application, Zaman Bank recommends that you:

• keep your Mobile Application account credentials confidential and not disclose them to third parties;

• not transfer your phone or any other mobile device (including the SIM card) to third parties (on which the Mobile Application is installed and from which it is used);

• immediately notify Zaman Bank of any suspected unauthorized use of your Mobile Application account.

The Mobile Application and its content are not intended for individuals under the age of 18.

The Mobile Application is not intended for the opening of bank accounts or the issuance of bank loans to U.S. citizens, or persons temporarily or permanently residing in the United States or within the territory of the United States of America. When issuing loans (credits), Zaman Bank is governed by the laws of the Republic of Kazakhstan.

Zaman Bank will store your data in accordance with this Policy and the Terms for as long as it is necessary to achieve the purposes of its collection and processing and/or to comply with the requirements of the legislation of the Republic of Kazakhstan.

You may initiate the deletion of your account through the settings of the Mobile Application.

After account deletion, you will no longer have access to all or any sections or services of the Mobile Application (your Mobile Application account) and your data.

Deletion of the account does not terminate obligations arising for the Client under agreements concluded with Zaman Bank, including agreements on the provision and servicing of payment cards, bank account and deposit agreements, and financing agreements.

Zaman Bank reserves the right to amend this Policy without the User’s consent. The updated version of the Policy becomes effective from the moment it is published, unless otherwise provided in the revised version of the Policy.

If the User does not agree with the updated version of the Policy, they must cease using the Mobile Application and delete it, or submit a written request to the Bank at: Republic of Kazakhstan, Astana, Almaty District, Rakhymzhan Koshkarbayev Avenue, Building 1A, premises 3.

If the User continues to use the Mobile Application or does not submit a written request to the Bank within 5 (five) calendar days from the date of publication of the updated Policy, the User shall be deemed to have accepted its terms.

The current version of the Privacy Policy is available at: https://zamanbank.kz/upload/docs/zaman_privacy_policy.pdf

The Policy and the relationship between the User and Zaman Bank are governed by the Terms and the legislation of the Republic of Kazakhstan.

All rights to the Mobile Application, including its related services, existing and under development, belong to Zaman Bank.