Byblos Bank Armenia considers data protection to be a matter of utmost importance and processes personal data only in compliance with the relevant data protection regulations, in particular the GDPR. Detailed information can be found in this privacy notice.

1.1. Which data do we process & where do they come from?

We and our affiliates and service providers may collect personal data which mainly includes:

• Personal information, such as full name, address, phone numbers, email address, marital and family status, employment status and position.

• Identification data, such as ID/ passport number, specimen of signature, date and place of birth, gender.

• Tax information: such as country of residence, tax identity number.

• Financial/ transactional data, such as payment orders, transfer orders, credit data, credit/debit cards

• Children’s data: we understand and respect the privacy of children, namely individuals under the age of 18. Byblos Bank Armenia may collect the personal data of children only provided that we have first obtained their parents’ or legal guardian’s consent or unless otherwise permitted under law.

Personal Data is collected mainly through:

• CIF creation and Account Opening applications.

• Byblos Bank Armenia mobile app, internet banking, website.

• Whenever you reach out to us for a service through our branch or call center.

• Legitimate organizations or publicly available resources.

1.2. For which purposes do we process your personal data and on what legal basis?

• To abide by any regulatory requirements (e.g. Anti-Money Laundering Laws).

• To safeguard the legitimate interests pursued by us or by a third party (e.g. initiating or responding to a legal claim).

• To proceed with our contractual agreements by offering our primary banking products and services such as account openings, letter of credit/ letter of guarantee, and credit applications.

• To be able to take the necessary steps so as to enter into a contract with prospective customers

• For internal statistics and reporting purposes.

• To safeguard the legitimate interests pursued by us or by a third party (e.g. initiating or responding to a legal claim; setting up CCTV systems) and to protect our rights, privacy, safety or property, and/or that of our affiliates.

• On the basis of your consent to processing your personal data for one or more specific purposes. You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

1.3. How long is your personal data stored?

• Your personal data is processed and retained in our databases as long as you are benefitting from our contractual services. It may be retained even longer, after our business relationship is terminated, for regulatory or legal purposes, for up to ten (10) years.

• We may keep your data for longer than 10 years if we cannot delete it for legal, regulatory or technical reasons.

• For prospective customer personal data, we shall keep your personal data for 6 months from the date of notification of the rejection of your application for banking services and/or facilities or from the date of withdrawal of such application>

1.4. Who receives your personal data?

• Your personal data is shared within Byblos Bank Group and may be transferred to any of our affiliates (list of affiliates is available on request) in order to process your transactions and fulfill our contractual obligations, where it is treated with high confidentiality and security.

• Other data recipients may include third party service providers following your contractual consent including, any payment system under which we issue your card, credit card companies (such as MasterCard, Visa), our insurance partners.

• Supervisory and other regulatory and public authorities, courts, institutions (such as the Central Bank of Armenia, , criminal prosecution authorities, etc.) in as much as a statutory obligation exists.

• Professional service providers, external advisors and consultants.

• We may disclose, or transfer personal data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stocks (including in connection with any bankruptcy or similar proceedings), provided that such processing is permitted under the relevant applicable laws.

1.5. What rights do you have over your personal data?

• You have the right to access and receive any information we retain about you; to rectify or erase data; to restrict or object to processing of your personal information; and to have your personal data transferred by Byblos Bank Armenia to any other controller of your personal data. To exercise any of your rights or whether you have any questions regarding your rights please contact our Compliance Unit (contact details provided below).

1.6. Failure to provide your Personal Data

• Where the provision of personal data is a statutory or contractual requirement and you fail to provide such data when requested, Byblos Bank Armenia may not be able to enter into a contract with you or continue the business/contractual relationship with you or execute an order.

1.7. Personal Data transfers to third countries

• Your data will only be transferred to third countries, where it is necessary to do so in order to execute your orders (e.g. for credit transfers to correspondent banks), where we are legally obliged to do so (e.g. reporting obligations under Tax Law, such as the FATCA ) or where you have given us your consent to do so. Third country processors are under the obligation to comply with the same personal data protection standards and safeguards as we do, on the basis of either an adequacy decision issued by the European Commission pursuant to Article 45 of the GDPR, or contractual clauses between us and them or other appropriate safeguards pursuant to Article 46 of the GDPR.

1.8. Automated decision making

We do not make decisions based solely on automated processing (including processing) and we generally do not use any automated decision-making (including profiling).

1.9.Changes to Privacy Notice

• We may modify this Privacy Notice from time to time in accordance with any changes in the applicable legal framework. We will update the revision date at the top of the page and notify you appropriately when we make changes.

1.10 Identity and contact details of Byblos Bank

• For more information about our data protection measures, or for any inquiry/request you may have concerning your data at Byblos Bank Armenia, please contact us at ttorosyan@byblosbank.am or +37460616100 ext. 9023