Findoc Mobile – Privacy Policy
Findoc Mobile – a product of Azerbaijan Credit Bureau LLC (“ACB”, “we”, “us”, “our”)
Effective date: 10.10.2025
1) Who we are and how to contact us
Findoc Mobile (“App”) is offered by Azerbaijan Credit Bureau LLC, registered in the Republic of Azerbaijan, headquartered at World Business Center, Samad Vurgun str. 43, AZ1014, Baku.
Email: privacy@acb.az / office@acb.az • Tel: (+994) 12 210 10 10.
ACB operates under Azerbaijan’s credit reporting framework and personal data regime. See ACB’s legislation page for the governing instruments, including the Law of the Republic of Azerbaijan on Credit Bureaus and the Law of the Republic of Azerbaijan on Personal Data.
2) Scope of this Policy
This Policy explains how we collect, use, disclose, retain and protect personal data when you:
- download or use the App on iOS or Android;
- create or access your Findoc account/cabinet; and
- request reports or services related to your credit history.
This Policy complements, and does not replace, the rights and obligations set out in Azerbaijani law, including the Law of the Republic of Azerbaijan on Personal Data (sometimes translated as the Law “On personal data”) and sectoral rules governing credit bureaus.
3) Key definitions
Personal data: for the purposes of this Privacy Policy any information that directly or indirectly identifies you (for example, name, ID/passport details, contact info, device identifiers). (See definitions in the personal data law.)
Credit history: the set of information on your current and past obligations used to assess payment capacity and discipline (defined under the credit bureaus law).
Processing: any operation performed on personal data (collection, storage, use, disclosure, etc.).
4) What we collect
Depending on how you use the App and ACB services, we may process:
A. Identification & contact data – For a better experience, we may require you to provide us with certain personally identifiable information, including name, surname, patronymic (if applicable), date of birth, national ID/passport details, TIN/customer identifiers, phone number, email, address.
B. Account & authentication data – account credentials, device tokens, one-time passwords, identity verification artifacts (e.g., selfie/liveness, document images) where KYC is required.
C. Device & usage data – IP address, device model/OS, app version, logs, crash data, performance data, interaction events.
D. Location data (optional) – if you allow the App to access location for fraud-risk, security, or nearest-service features.
E. Support & complaint data – content of communications with support and ACB’s complaint channels.
F. Payment data (if in-app payments are enabled) – transaction reference, masked card details or payer identifiers processed via our payment providers; ACB does not store your full card number.
G. Cookies/SDK signals – strictly necessary operational SDKs; and, if enabled, optional analytics/bug-tracking SDKs (list each SDK here: e.g., Firebase Analytics, Crashlytics, Sentry). For iOS, tracking across apps/websites is off by default and, where any third-party tracking is present, requires your consent under Apple’s App Tracking Transparency (ATT).
Permissions you will be asked for in the App:
- Camera (optional) – KYC/document capture, QR payments or receipt scans.
- Photos/Files (optional) – upload documents for identity/dispute purposes.
- Location (optional) – fraud-risk, nearest services.
- Notifications (optional) – security alerts, report-ready notices.
You can withdraw permissions anytime in your device settings.
5) Sources of data
- Directly from you (registration, identity verification, in-App actions, support).
- From data providers and users of credit reports registered under the Credit Bureaus law and supervisory rules (e.g., banks, MFIs, leasing companies, utilities, telecoms), including via the e-government portal, where applicable.
- From public registers or state systems where permitted by law.
- From your device and in-App events.
6) Legal bases & grounds for processing
We process personal data under Azerbaijani law on one or more of the following grounds:
- Your consent – e.g., when you authorize the creation/retrieval of your credit report, or enable optional features like analytics or location. (Consent is a core principle for forming and using credit histories, except for cases specified by law.)
- Performance of a contract – to provide you the App, your Findoc account, and requested services.
- Legal obligations – to comply with credit reporting regulations, AML/CFT, record-keeping, supervisory requests.
- Legitimate interests – secure operation, fraud/risk management, service improvement (balanced against your rights).
- Protection of rights and claims – establishing, exercising, or defending legal claims.
7) Purposes of processing
- Provide App functions: registration, login, cabinet access, identity verification, report requests, subscriptions.
- Customer support & disputes: respond to requests, handle complaints and disputes about report content.
- Security & fraud-prevention: protect accounts, detect abuse, ensure system integrity.
- Compliance: supervise adherence to laws, respond to regulators/courts.
- Analytics & quality (optional): improve reliability and user experience (only with appropriate settings/consent).
- Notifications: security alerts, service updates, transactional notices; marketing only with your consent and with opt-out.
8) Disclosures & recipients
We disclose data only as necessary and proportionate:
- Service providers (processors) – IT hosting, support, security, ID verification, payments, notifications, analytics (each under contract and confidentiality).
- State bodies & courts – where required by Azerbaijani law or orders.
- Corporate transactions – in case of reorganization/merger, per legal safeguards.
We do not sell your personal data.
9) International data transfers
Where data is transferred outside Azerbaijan (e.g., to cloud providers or cross-border requestors), according to the Law of the Republic of Azerbaijan on Personal Data, we will do so only: (i) where required for the service; (ii) with your consent or another lawful ground; and (iii) with safeguards consistent with Azerbaijani rules regarding confidentiality, security, and cross-border data flows for credit reports/personal data.
10) Retention
We retain personal data only as long as necessary for the purposes above, to comply with legal/ supervisory retention requirements applicable to credit bureaus and financial services, and to defend legal claims. After expiry, data is securely deleted or anonymized.
11) Your rights
Subject to legal conditions and exceptions, you may have the right to:
- Access your personal data and obtain a copy (including your credit information).
- Request correction of inaccurate or incomplete data.
- Request blocking/suspension of processing in specified circumstances.
- Withdraw consent where processing is based on consent (this does not affect prior lawful processing).
- Object to processing based on legitimate interests when allowed by law.
- Complain to the competent authority (see Section 13).
These rights arise from Azerbaijani personal data law and related regulations. To exercise your rights or make a credit history dispute, contact us at office@acb.az or through the in-App request channel. We may need to verify your identity.
12) Children’s data
The App is intended for adults. We do not knowingly process personal data of children without lawful basis and appropriate consent when required by law.
13) Supervisory authority & complaints
If you have concerns, please contact us first. You also have the right to raise the issue before the relevant state bodies regarding our handling of your personal data under Azerbaijani law. (See governing laws referenced at ACB’s legislation page.)
14) Security
We implement organizational and technical measures proportionate to the risks of credit reporting, including access controls, encryption in transit and at rest (where applicable), network monitoring, logging, and staff confidentiality obligations. ACB maintains an information security management policy and operates under sectoral supervision rules applicable to credit bureaus.
15) App Store & Google Play disclosures
Apple App Store. We provide App Privacy details in App Store Connect describing the data types collected, whether they are linked to you, and whether they are used for tracking. Where any tracking would occur, iOS will request your permission via ATT before access.
Google Play. We complete the Data safety form accurately and keep it up to date, and we host this Policy at a public URL linked from our Play listing.
16) Third-Party SDKs / Integrations
The App integrates several government and regulated third-party systems to provide secure identity, signature, and payment services. These integrations operate under their own legal and privacy frameworks.
- SİMA KYC / SİMA Digital Identity — used for identity verification (KYC). When invoked, your ID data and live video are securely transmitted to SİMA for biometric verification. Requires camera and (if needed) microphone access.
- SİMA İmza — used for digital signatures and secure authentication. Your signing certificate is managed by SİMA.
- ASAN İmza — used for mobile electronic signing and authentication via your SIM card and operator.
- Azericard — serves only as a third-party payment processor for transactions made within the App. Findoc Mobile does not collect, store, or access any payment card data. All payment details are processed within Azericard’s secure infrastructure.
- Digital Login / MyGov ID — used for unified login (SSO) and secure access to your personal data via the national authentication system.
17) Additional information
Link to the privacy policies of third-party service providers used by the app
18) Changes to this Policy
We may update this Policy to reflect changes in law or our practices. If the changes are material, we will notify you via the App or by email and indicate the effective date above. Continued use of the App after the effective date constitutes acceptance of the updated Policy.
19) Contact
Email: office@acb.az
Postal: World Business Center, Samad Vurgun str. 43, AZ1014, Baku