Privacy Policy

AFM.AM (hereinafter "AFM") operates the financial marketplace platform available at https://afm.am/en, an independent digital platform that helps users find, compare, and apply for financial products offered by banks and financial institutions in Armenia, including consumer loans, mortgages, deposits, credit cards, and other banking services.

AFM is not a bank. AFM is a financial marketplace and information intermediary. When you submit an inquiry through AFM, AFM collects your personal information and forwards it to relevant partners so they can assess your request and contact you with offers or preliminary terms.

AFM processes personal data in strict compliance with the Law of the Republic of Armenia on Protection of Personal Data (Law No. ZR-49, adopted 18 May 2015) and other applicable legislation of the Republic of Armenia.

Data controller / processor: LLC «AFM.AM»
Registered address: Yerevan, Nar-Dosi Street 2
Email for privacy matters: manager@afm.am
Phone: +374 98 040582

When you submit an inquiry through AFM, we collect only the data necessary to process your request and forward it to relevant partners. This may include:

Identification and contact data:

• First name, last name
• Date of birth
• Social Security Number
• Phone number (used for SMS-based authorization and/or contact by AFM's partners)
• Email address

Authorization data:

• If you choose SMS authorization: your mobile phone number and the confirmation code sent to it
• If you choose imID authorization: the identity data verified and shared through imID that are necessary to confirm your identity for the inquiry submission

Loan inquiry data:

• Type of loan requested (consumer loan, mortgage, car loan, student loan, etc.)
• Requested loan amount
• Preferred loan term
• Purpose of the loan (where applicable)
• Any other parameters you specify in the inquiry form

Technical and session data:

• Time and date of form submission
• Consent log (version of the consent text shown to you, timestamp of your active selection of checkboxes, session or submission identifier)
• Device/browser technical metadata where used for platform security and fraud prevention

AFM does not collect special-category personal data (such as health data, ethnicity, political views, or biometric data) through the inquiry forms. If you use imID for authorization, imID shares only the minimum verified identity data required to confirm your identity.

AFM collects your personal data:

• Directly from you when you fill out and submit the inquiry form on the AFM website
• Through imID (if you choose imID authorization), which transfers your verified identity information securely and only with your explicit approval within the imID system
• Through SMS authorization (if you choose this option), by sending a one-time confirmation code to your phone number, which you enter to confirm your identity
• From AFM's partners, where they provide AFM with information about the status or outcome of your inquiry

AFM processes your personal data for the following purposes:

a) Processing your inquiry (mandatory)

To receive, review, and manage your request for a loan or other financial product submitted through the AFM platform. This includes verifying your identity via SMS or imID, recording your inquiry parameters, and forwarding your request to relevant organizations cooperating with AFM, so they can assess your inquiry, prepare terms or offers, and contact you directly. Forwarding your inquiry to AFM's partners is an essential part of the service, without it, AFM cannot deliver the service you have requested.

b) Marketing communications (optional, separate consent)

To send you informational, promotional, or advertising content about financial products, services, promotions, and offers available on the AFM platform, via phone call, SMS, or email. This purpose is pursued only if you have separately and actively consented to it by ticking the corresponding checkbox.

c) Platform security and fraud prevention

To maintain the security and integrity of the AFM platform, prevent unauthorized access, detect fraudulent activity, and ensure the reliability of the identity verification process.

d) Legal compliance

To fulfill AFM's obligations under applicable Armenian law, respond to lawful requests from competent authorities, resolve disputes, and maintain records required by law.

In connection with the purposes described above, AFM may perform the following actions on your personal data: collection, recording, input, organizing, maintaining, storing, transforming, restoring, transferring, correcting, blocking, destroying, and using your personal data.

By submitting an inquiry on AFM and ticking the mandatory consent checkbox, you authorize AFM to transfer the personal data and an inquiry information specified in Section 2 of this Policy to organizations cooperating with AFM under cooperation agreements or civil contracts, which are subject to confidentiality obligations under applicable law or their agreements with AFM.

The purpose of this transfer is strictly limited to: evaluating your request, preparing and presenting preliminary terms or offers, and contacting you regarding your inquiry.

Once your inquiry and personal data are transferred to AFM's partners, those recipient organizations process your data in accordance with their own privacy policies and applicable law. AFM is responsible for collecting your data, processing it on the AFM platform, and transferring it for the purposes described in this Policy. After receipt of the inquiry, each recipient organization becomes independently responsible for its own further processing of your personal data in accordance with applicable law.

Organizations that receive your data are obligated to process it only for the purpose for which it was transferred and in accordance with applicable Armenian law on personal data protection.

AFM may also share your data with technical service providers (hosting, CRM, communications infrastructure) acting on AFM's behalf and subject to confidentiality and data security obligations.

If any hosting, CRM, or service provider used by AFM is located outside the Republic of Armenia, such cross-border transfer will be carried out in accordance with applicable Armenian law, and where required, will be based on your consent or other lawful safeguards.

If you choose to authorize your inquiry using imID (Armenia's digital identity and trust service, founded by 10 Armenian banks and 3 telecommunications operators) your identity data is verified through imID's secure system and shared with AFM only to confirm your identity for the purpose of the inquiry submission.

imID uses multi-factor authentication and encryption. imID shares data with AFM only after the user actively authorizes it in the imID flow, under imID's own privacy terms. For details on how imID processes your data, refer to imID's own privacy and data processing terms available at: https://imid.am/en/resources/privacy-policy.

AFM processes your personal data on the following legal grounds, in accordance with the Law of the Republic of Armenia on Protection of Personal Data:

Where processing is based on your consent, you may withdraw that consent at any time (see Section 12 below). Withdrawal of the mandatory consent will mean that AFM cannot process or forward your inquiry, and the service cannot be provided for that specific request.

AFM stores your personal data only for as long as necessary to fulfill the purpose for which it was collected, or as required by applicable law.

After the applicable retention period ends, and where no legal obligation requires further retention, AFM will delete, anonymize, or permanently block the personal data, in accordance with its internal data lifecycle procedures. Backup copies will be securely overwritten or deleted within standard technical cycles.

AFM takes the following technical and organizational measures to protect your personal data:

• HTTPS encryption for all data transmission on the AFM website
• Role-based access controls — only authorized AFM staff with a legitimate operational need may access personal data
• Secure storage of inquiry data and consent logs
• Confidentiality obligations with all partners and vendors receiving personal data
• Internal procedures for handling data incidents
• Periodic review of data retention and deletion

No electronic storage or transmission method is entirely risk-free. In the unlikely event of a data incident affecting your personal data, AFM will take steps in accordance with applicable Armenian law.

Under the Law of the Republic of Armenia on Protection of Personal Data, you have the following rights:

• Right to access: Request information about whether AFM processes your personal data and obtain a copy of it
• Right to correction: Request correction of inaccurate, incomplete, or outdated personal data
• Right to blocking or deletion: Request that your personal data be blocked or deleted if it is unlawfully processed, no longer necessary for the stated purpose, or if you withdraw consent
• Right to withdraw consent: Withdraw your consent to processing at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. Withdrawal of the mandatory consent means AFM can no longer process or forward your inquiry
• Right to information about recipients: Request information about the persons or categories of persons to whom your personal data has been transferred

To exercise any of these rights, please contact AFM at:
Email: manager@afm.am
Address: Yerevan, Nar-Dosi Street 2

AFM will respond to your request within a reasonable period and may request verification of your identity before fulfilling the request.

You may withdraw your consent to personal data processing at any time by contacting AFM in writing at the email or address listed above. Upon receiving your withdrawal request:

• AFM will cease processing your personal data for the relevant purpose(s)
• AFM will destroy or block the data within 10 working days of receiving your written request, except for data that must be retained by law or for the resolution of pending obligations
• AFM will notify you of the destruction of your data within 3 working days of its completion

Please note: if you withdraw consent after an inquiry has already been forwarded to AFM's partners, AFM cannot recall data already received by those organizations. You should contact each organization directly regarding any further processing they carry out.

AFM's inquiry service is intended for persons who have full legal capacity to enter into financial relationships under the laws of the Republic of Armenia. AFM does not knowingly collect personal data from persons under 18 years of age through the inquiry form.

The updated version becomes effective upon publication on the AFM website, unless otherwise stated. Where changes materially affect consent-based processing, the updated notice will be presented in connection with the relevant service or consent collection.

For any questions about this Privacy Policy or the processing of your personal data:

Data controller / processor: LLC «AFM.AM»
Address: Yerevan, Nar-Dosi Street 2
Email: manager@afm.am
Phone: +374 98 040582