Privacy Policy

DIAMACASH - Last Updated: November 2025

DIAMA BANK SA places great importance on the protection of your personal data. This is why it has adopted this notice outlining the main principles regarding the protection of your data. This notice aims to provide you with detailed information on how DIAMA BANK SA protects your personal data. DIAMA BANK SA is responsible for the collection and processing of your personal data, which it uses in the course of its business activities. The purpose of this notice is to inform you about the personal data we collect about you, the reasons why we use it, with whom we share it, how long we retain it, your rights, and how to exercise them. In this regard, we inform you that, in collecting and managing your personal data, we comply with Law No. L/2016/037/AN of July 28, 2016, concerning cybersecurity and the protection of personal data in the Republic of Guinea. DIAMA BANK SA processes your personal data in accordance with this law. Additional information may be provided to you, where applicable, when you subscribe to a particular product or service.

I. THE PERSONAL DATA WE USE

• Identification data [surname, first name, date of birth, nationality, postal address, email address, telephone number, fax number, parentage, identity card, passport, residence permit, consular card, gender, home address, occupation, photograph, …);

• Bank details (bank account details, signature card, bank account information, credit card number, transfers)

• Contact information (email address, postal address, telephone number);

• Family information (marital status, number of children);

• Professional information (employment status);

• Economic and financial information (income, financial situation);

• Information about your habits and preferences;

• Data related to your use of our subscribed products and services (banking, financial, and transactional data);

• Traffic data (origin, destination, route, time, date, size, and duration of data passing through the information systems of our subscribed services);

• Data collected during our interactions with you in our branches (appointment reports), on our websites, our applications, our social media pages, during meetings, calls, chats, emails, interviews, and telephone conversations.

The Bank will not ask you to provide your Personal data relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, or sexual orientation.

The personal data we use about you may be provided directly by you.

To verify or enrich our databases, this data may come from the following sources:

• Publications/databases made available by official authorities (e.g., the Official Journal);

• Our corporate clients or service providers;

• Websites/social media pages containing information you have made public (e.g., your own website or social media);

• Databases made publicly available by third parties.

II. WHY AND ON WHAT LEGAL BASIS DO WE USE YOUR PERSONAL DATA?

1. To comply with our legal or regulatory obligations

We use your personal data to comply with various legal and regulatory obligations, including:

• Implementing security measures to prevent misuse and fraud;

• Detecting unusual or suspicious transactions;

• Determining your credit risk score and repayment capacity;

• Monitoring and reporting any risks we may face;

• Recording telephone calls, discussions, emails, etc., when necessary;

• Archiving data and responding to official requests from duly authorized public or judicial authorities;

• Combating money laundering, terrorist financing, and the proliferation of weapons of mass destruction;

2. To conclude a contract with you

We use your personal data to enter into and perform our contracts, in particular to:

• Provide you with information about our products and services;

• Assist you and respond to your requests;

• Assess whether we can offer you a product or service and, if so, under what conditions;

• Provide products or services to our corporate clients for whom you are an employee or customer (for example, in the area of cash management).

3. For the pursuit of our legitimate interests

We use your personal data to implement and develop our products or services, optimize our risk management, defend our rights, and also to:

• Maintain records of operations or transactions;

• Manage information technology, including infrastructure management, service continuity, and IT security;

• Personalize the products or services we offer you:

o By improving the quality of our banking, financial, or insurance products or services;

o By offering you products or services that match your situation and profile as we define it.

• Manage your accounts, including administering any loyalty or rewards program that may be linked to your account(s).

4. To respect your choice when we asked for your consent for specific processing

In some cases, your consent is necessary for us to process your data, including:

• When the purposes described above result in automated decision-making that produces legal effects concerning you or significantly affects you, we will inform you separately of the logic behind this decision, as well as the significance and consequences of this processing;

• If we process your data for purposes other than those described in section 3, we will inform you and, if necessary, request your consent.

• For certain interactions on social media, for the purpose of administering contests or other similar marketing operations.

III. AUTHORIZED RECIPIENT OF PERSONAL DATA

In order to fulfill the aforementioned purposes, we disclose your personal data only to DIAMA BANK SA entities to enable you to benefit from our range of products and services, as well as to certain external partners and entities, namely:

• Departments and services within the limits of their function;

• Credit and Audit Committees;

• Service providers performing services on our behalf;

• Independent agents, intermediaries or brokers, banking or commercial partners with whom we are in contact and who are required to respect the confidentiality and security of the data to which they have access and to use it exclusively within the scope of the missions entrusted to them;

• Judicial or financial authorities, state agencies or public bodies, upon their request and within the limits authorized by regulations;

• Regulated professions such as lawyers, notaries or auditors.

IV. TRANSFERS OF PERSONAL DATA TO A THIRD COUNTRY

In the event of a transfer of your data to a third country, this transfer will take place on the basis of a decision recognized and validated by the decision-making entity of the Republic of Guinea, ensuring that the recipient country has a level of protection equivalent to that existing in Guinea.

V. HOW LONG DO WE KEEP YOUR PERSONAL DATA

We retain your personal data for as long as necessary to comply with applicable regulations, or for a period determined by our operational needs, such as proper account management, effective customer relationship management, and to respond to legal requests or inquiries from authorities and regulators.

Most personal data relating to our customers is retained for the duration of the contractual relationship and for ten years after its termination.

For prospective customers, data is retained for two years.

VI. CUSTOMER RIGHTS

Under the regulations, the client has the following rights:

• Access to a copy of all their data held in the Bank's databases, as well as information relating to the processing carried out on their data;

• Right to information regarding the personal data being processed, allowing them to understand and contest the processing;

• Right to a copy of their personal data;

• Right to information relating to the purposes of the data processing and the recipients to whom the data is disclosed;

• Right to rectification of their data: the client can obtain the rectification or completion of inaccurate or incomplete data;

• Right to erasure: the client can obtain the erasure of their data when:

o (i) this data is no longer necessary for the purposes for which it was collected,

o (iii) the processing in question is unlawful.

• However, this right does not apply when the retention of the client's data is necessary for the Bank to comply with a legal obligation. • Right to restriction of processing: The customer may obtain a restriction on the processing of their personal data when they contest the accuracy of the data, for a period enabling the Bank to carry out the necessary checks. When such a restriction is in place, the data may only be processed, except for storage, with the customer's consent or for the establishment, exercise, or defense of legal claims.

• Right to object: The customer may request that the Bank cease processing their data for the purposes of pursuing its legitimate interests (including marketing).

• Right to provide instructions regarding the exercise of the above rights after their death.

• Right not to be subject to a decision based solely on automated processing which produces legal effects.

• Right to withdraw consent if given.

• Right to lodge a complaint if they believe that processing carried out by the Bank infringes the provisions of the regulations on the protection of personal data.

VII. EXERCISE OF CUSTOMER RIGHTS

The customer can exercise their rights by contacting the Bank at the following address: backoffice@diamabank.com

The customer can object to the use of their personal data for marketing purposes (including the use of their browsing data).