Privacy notice
Privacy notice
Golomt Bank is committed to ensuring the highest levels of confidentiality and security when it comes to your personal information. Our advanced encryption technologies and rigorous privacy policies are designed to protect your data from unauthorized access and breaches, giving you peace of mind as you manage your financial needs with us.
Golomt Bank is implementing the ISO 27701:2019 standard for Privacy Information Management Systems to safeguard the confidentiality of personal data, aligning with practices adopted by numerous countries worldwide.
This privacy policy explains the reasons for and methods of collecting and using personal data and outlines individuals’ rights regarding their personal data during and after their association with us.
What is personal data?
“Personal data” means sensitive personal data and other information which can directly or indirectly identify or potentially identify a person, including parents’ name, first name, date of birth, place of birth, place of residence, address, location, citizen’s registration number, property, education, membership, and electronic identifiers. ‘Personal data protection law of Mongolia”
“Sensitive information” means information in regards with a person’s race, ethnic origin, religion, beliefs, health, correspondence, genetic and biometric data, digital signature private key, criminal records, sexual and gender orientation, expression, and sexual relations. ‘Personal data protection law of Mongolia”
The purpose of collecting personal data:
Golomt Bank collects and processes personal data according to the Civil Code of Mongolia, the Banking Law, the Law on Combating Money Laundering and The Financing of Terrorism, state regulations, Golomt Bank’s internal policies and procedures, and the ISO27701:2019 standard. These measures protect and ensure the security of personal data. These included:
- Register new customers and provide products and services.
- Deliver tailored products and services to meet customer needs.
- Analyze and resolve customer feedback and complaints, preventing risks.
- Offer suitable products and services based on customer data to improve service quality.
- Prevent discrepancies in personal information and ensure accurate identification.
- Protect and secure systems and equipment storing customer information.
Personal data collected by Golomt bank
Golomt bank will offer banking products and services only with the customer’s consent to collect and process their personal information, confirmed by their signature on a contract, form, or via electronic channels, agreeing to the terms and conditions of the products and services. We collect the minimum necessary data for customer identification, service provision, and offering relevant products and information.
Types of Information Collected:
- Personally identifiable information
- Access history to Golomt Bank’s digital products and services
- Account balance, transaction history, and credit information.
- Asset and income information
- Educational background
- Employment information
- Marriage and family information
- Other necessary information
Golomt Bank collects personal information from third parties to meet legal requirements. These sources include social insurance, tax authorities, court decision agencies, the Bank of Mongolia, credit databases, and other government entities.
The right to grant and withdraw consent.
If the customer registers and requests services from the bank in person, and agrees to provide accurate information in accordance with the terms, conditions, and requirements of the agreement, the bank will proceed with the establishment of the contract and the provision of services.
If the customer does not accept the terms and conditions of the agreement related to the bank’s products and services, the bank has the right to refuse service provision.
The recipients of the PII
Golomt Bank will share your information in accordance with the Personal Data Protection Law of Mongolia. We are required to disclose a customer’s personal information to government authorities and law enforcement agencies when mandated by law. Additionally, based on your consent, we may share or transmit your personal information to third-party organizations when necessary.
|
Requirements for transmitting PII |
Does Golomt
bank share this information? |
Can the customer limit this sharing? |
| In compliance with official requests from government authorities and law enforcement agencies, information will be disclosed to the relevant regulatory bodies, the Financial Regulatory Commission, the General Department of Taxation, and the Bank of Mongolia, as required by law. |
Yes |
No |
| In accordance with legal obligations related to the prevention of money laundering and the financing of terrorism, reports and notifications will be prepared and submitted to the relevant regulatory authorities as required by law. |
Yes |
No |
| For the purpose of loan issuance, information will be provided to the credit information database as required. |
Yes |
No |
| Access to Your Information – Upon request by an authorized legal entity duly appointed to act on your behalf, your information will be disclosed as required. |
Yes |
Yes |
| Other legal grounds. | Yes | No |
Information security
Golomt Bank implements strict policies, procedures, and security measures to prevent unauthorized access and breaches. Our systems are fully protected by firewalls and intrusion prevention systems. Additionally, Golomt Bank adheres to internal policies and procedures when handling personal information and conducts regular reviews of our infrastructure and servers.
We protect your personal information by complying with applicable laws, regulations, and standards, including ISO 27001:2022, ISO 27701:2019, PCI DSS v 4.0, SWIFT CSP, GDPR, and ISO 27701:2019, to ensure all security requirements are met.
The utilization, disposal and retention periods for the personal data:
Golomt Bank collects and uses your personal information according to Mongolian laws, bank policies, and ISO 27701:2019 standards. This is to provide you with our products and services. Personal data is handled as per the “Procedure for Archival Operations” and the “Consolidated Privacy Management Procedure”.
We will retain your personal data for the duration of your use of our service as a customer and to meet legal obligations. The retention period of the personal data will vary depending on how long we need it.
Data subject’s Rights /Customer Rights/
It is essential for customers to manage their personal information. In compliance with the Personal Data Protection Law and the standards of the Personal Information Management System, customers have the following rights:
- To give or refuse consent to the data controller for data collection voluntarily.
- To obtain a copy of relevant information from the data controller in paper or electronic form.
- To be informed about third parties who have received or will receive the data concerning the data subject.
- To notify the data controller to erase data under the law for data erasure.
- To notify the data controller to rectify inaccurate data, make changes, and provide additional data.
- To know whether their data has been collected, processed, and used.
- To file a complaint or provide an explanation on the decision made because of data processing, provide additional data, and request data processing again.
- To transfer a copy of the specified data to a selected data controller.
Customers may submit requests to correct, delete, or restrict the processing of their personal information by sending an email to privacy@golomtbank.com, or by submitting a written request at any of Golomt Bank’s branches. In accordance with the rights outlined above, the bank will take the necessary actions to return, correct, or delete the personal information. Please note that, in compliance with applicable laws, the bank may be required to retain certain information for mandatory retention periods.
Golomt Bank fulfills requests at no charge unless they are clearly unfounded.
Contacts
For questions about this privacy policy, contact us at:
- Golomt bank branches and sub-branches
- Customer service: 1800 – 1646 (24/7)
- Email: privacy@golomtbank.com
For suggestions or concerns regarding information security risks, email us at security@golomtbank.com.
Information collected by Golomt bank
Information we collect from you
- Contact details;
- Passport/ ID number;
- Account balances, transaction history and credit information;
Lawful basis for the processing
The processing of personal data is carried out under the existing regulations. In our case, they mainly concern:
- When you sign on the contract in order to use our product or services;
- To comply with a legal obligation;
- Your consent (e.g., in case of subscribing to a newsletter);
You can withdraw this consent at any time by contacting us using the email address under the Contact section below or, in the case of newsletters, by clicking the “opt out” link in the newsletter.
The legitimate interests for the processing
- Recording CCTV;
- Notifying personal data breach to data subjects;
- Collecting online application on Hubspot;
The recipients of the personal data
We will only share your information with other organizations where we have your permission to do so in accordance with this Notice or where we believe it is necessary for a legitimate reason connected with the Website, the Apps or our Services.
| Reasons we can share your personal information | Does Golomt bank share? | Can you limit this sharing? |
| For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to Bank of Mongolia. | Yes | No |
| We share your information with telecommunication company regarding credit card alert services. | Yes | No |
| We share your information with telecommunication company regarding sms alert solution services. | Yes | Yes |
| For our marketing purposes— with service providers we use to offer our products and services to you | Yes | Yes |
| Google analytics – a web analytics service provided by Google, Inc. We use Google Analytics to allow us to evaluate and report on the usage of our website.
While you are using our website, we will ask you to use google analytics, and you have a choice either accept or reject. Therefore, if you have not make any choice, the default mode is rejection. |
Yes | Yes |
| Hubspot – CRM service provided by Hubspot Inc. We use Hubspot to facilitate sign-ups for our user account and to allow us to understand more about our visitors. | Yes | No |
To limit our sharing and direct marketing, please contact us at privacy@golomtbank.com or call us 976 7011-1646.
Please note:
If you are a new customer, we may begin sharing your information 45 days from the date we sent this notice. Please contact us at any time to limit our sharing your information, when you are no longer our customer, otherwise we may continue to share your information as described in this notice.
Direct marketing is considered as email and SMS. Even if you limit direct marketing, we may still contact you to service your account or as otherwise allowed by law.
Security
Unfortunately, the transmission of information via the internet is not completely secure. Whilst we cannot guarantee the security of your data transmitted to our site, and any transmission is at your own risk, we will use strict procedures and security features to try to prevent unauthorized access. For example, we provide HTTPS to ensure communication to/from egolomt.mn and golomtbank.com are securely encrypted. Our systems are fully protected behind a firewall, intrusion prevention systems and we follow strict internal policies as to our handling of personal data and conduct regular reviews of our infrastructure and server security.
To protect your personal information from unauthorized access and use, we use security measures which are comply with ISO 27001, PCI DSS, GDPR, and applicable laws. These measures include computer safeguards and secured files and buildings.
| Information type | Security |
| Electronic personal data | Encrypted storage |
| Access controls | |
| Transmission security controls | |
| Manual personal data | Access controls |
| Secured procedures | |
| Secured storage |
If you have any suggestion(s), or concern(s) relating to your personal data, information security risk, please notify us at security_notification@golomtbank.com.
The details of transfers of the personal data to international organizations
We share your transaction details with correspondent banks and swift in order to complete your international transaction.
Transferring data to overseas:
Golomt Bank provides international money transfer service to our customers through worldwide money transferring network providers such as Swift and WesternUnion. These partners have their own compliance framework for personal data protection. On our part, we have implemented technical and organizational controls in accordance with international standard, ISO 27001. The bank is also compliant with the Swift Customer Security Framework in all components of swift infrastructure and connection between swift network.
The retention periods for the personal data:
We will retain your personal data for as long as you use our service as a customer and for a legal obligation. The retention period of the personal data will vary dependent on how long we need the personal data to improve and maintain our services and store appropriate business and financial records and whether we require the information as part of a dispute or to comply with a legal obligation (including responding to a regulatory body).
The rights available to individuals in respect of the processing
We think it is important that you should be able to control your personal information. You have the right to ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing at any time by contacting us at privacy@golomtbank.com. The GDPR law gives you the right to request a copy of the personal information we hold about you. We first require you to prove your identity with 2 pieces of approved identification. We will supply, correct or delete personal information about you on our files. In addition, you may request rectification or erasure of personal information as well as the restriction of processing of your personal information. We will comply with your requests in accordance with the applicable law. According to the Central Bank of Mongolia regulation, Golomt bank is not able to erase some personal data such as transaction up to 25 years.
Customers have the right to object or limit the processing of data sharing with service providers.
Golomt Bank has one month (30 days) from the reception of your request to answer it. For complex or large numbers of requests, this period may be further extended by two months (60 days) in principle. In such case, you will be duly notified and given the grounds for the extension.
Golomt Bank will fulfill your requests free of charge unless demonstrated to be manifestly unfounded or excessive.
The right to data portability
Upon request from the Customer, Golomt Bank will transmit his or her personal data to another controller without hindrance, in a structured, commonly used, machine-readable and interoperable format.
The right to data portability is limited to the data you provided us with and which we process to fulfill a contract or upon your consent. Data which we create and any processing to meet our legislative obligations and which is in our legitimate interest are excluded from portability rights.
The right to withdraw consent
If you have withdrawn your consent, we will process the data for only a short period of time to allow us to process the request and will keep a record of your request. If you would like to withdraw your consent, contact us at privacy@golomtbank.com and we will respond in a reasonable time and manner. Please note that we may also be required to retain certain information by law.
The right to lodge a complaint with a supervisory authority
If Golomt Bank does not take action on your request within one month (30 days), then you have the right to lodge a complaint with the Supervisory Authority of your country of residence.
The details of whether individuals are under a statutory or contractual obligation to provide the personal data
We may also collect some additional information, which relates to you when you apply for a credit card or loan.
- Educational information;
- Employment information;
- Spouse and family information;
Mobile Applications
Golomt bank’s Mobile Applications for accounts (“Applications”) allows you to access your account balances, transfers and pay bills on your mobile device. This Notice applies to any Personal Information or Other Information that we may collect through the Applications.
Linking to other sites
We may provide links to third party sites, service providers or merchants. If you follow links to sites not affiliated or controlled by Golomt bank, you should review their privacy and security policies and terms and conditions, as they may be different from those of our Sites (refers www.golomtbank.com, www.egolomt.mn). Golomt bank does not guarantee and is not responsible for the privacy or security of these sites, including the accuracy, completeness, or reliability of their information.
Making sure information is accurate
Keeping your account information accurate and up to date is very important. If your account information is incomplete, inaccurate or not current, please use the Contact option on our website, or call or write to us at the telephone numbers or appropriate address for changes listed on your account statements, records, online or other account materials. You can also speak to a customer representative at a banking center or you can visit your online bank service.
Protecting children’s privacy online
The Site (www.egolomt.mn) is not directed to individuals under the age of sixteen (16), and we request that these individuals not to provide Personal Information through the Site. We do not knowingly collect information from children under 16 without parental consent.
Updates to this Privacy Notice
This Golomt bank Privacy Notice is subject to change. Please review it periodically. If we make changes to the Privacy Notice, we will revise the “Last Updated” date at the top of this Notice. Any changes to this Notice will become effective when we post the revised Notice on the Site. Your use of this Site following these changes means that you accept the revised Notice.
Data Protection Officer
If you have any questions regarding this notice, you can reach our Data Protection Officer by email at privacy@golomtbank.com.
EU Representative
Osano International Compliance Services Limited
ATTN: A8UY
25/28 North Wall Quay
Dublin 1, D01 H104
IRELAND
Last Updated
October 2021
This website uses google analytics
This website uses information gathering tool which is Google analytic in order to determine the effectiveness of our online campaign in terms of sales and user activity on our sites.