Information security

Information security

In this era of transition to the digital era, one of the important tools for ensuring the continuous and normal operation of business organizations is electronic payment.
  • Golomt bank is strongly committed to protecting your personal data. We recognize the need to respect and protect personal data that is collected or disclosed to us, both by individuals themselves or by others.

    This privacy notice describes why and how we collect and use personal data and provides information about individuals’ rights in relation to personal data during and after your relationship with us, in accordance with applicable General data protection regulation We may use personal data provided to us for any of the purposes described in this privacy notice or as otherwise stated at the point of collection.

    Golomt bank is both the data controller and the processor according to General data protection regulation from European Union which was effective from 25 of May, 2018.


    Information collected by Golomt bank

    What is personal data?

    Any information, related to an identified or identifiable natural person; an identifiable natural person is one, who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    We do not consider the anonymized (de-identified) and aggregated data as a personal data. Aggregated and De-Identified Data are data that we may create or compile from various sources, including but not limited to accounts and transactions. This information, which does not identify individual account holders, may be used for our business purposes, which may include offering products or services, research, marketing or analyzing market trends, and other purposes consistent with applicable laws.

    Golomt bank collects and processes personal data in order to provide banking service. We collect your personal information, for example, when you:

    • Open an account or perform a transaction;
    • Apply for a loan, credit, or debit card;

    Such data may be used for the purposes of creditworthiness assessment and personalised product offers. Golomt Bank may also collect personal data from sources other than the Customer to comply with its legal obligations.

    Information we collect from you

    • Contact details;
    • Passport/ ID number;
    • Account balances, transaction history and credit information;

    Lawful basis for the processing

    The processing of personal data is carried out under the existing regulations. In our case, they mainly concern:

    • When you sign on the contract in order to use our product or services;
    • To comply with a legal obligation;
    • Your consent (e.g., in case of subscribing to a newsletter);

    You can withdraw this consent at any time by contacting us using the email address under the Contact section below or, in the case of newsletters, by clicking the “opt out” link in the newsletter.

    The legitimate interests for the processing

    • Recording CCTV;
    • Notifying personal data breach to data subjects;
    • Collecting online application on Hubspot;

    The recipients of the personal data

    We will only share your information with other organizations where we have your permission to do so in accordance with this Notice or where we believe it is necessary for a legitimate reason connected with the Website, the Apps or our Services.

    Reasons we can share your personal information Does Golomt bank share? Can you limit this sharing?
    For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to Bank of Mongolia. Yes No
    We share your information with telecommunication company regarding credit card alert services. Yes No
    We share your information with telecommunication company regarding sms alert solution services. Yes Yes
    For our marketing purposes— with service providers we use to offer our products and services to you Yes Yes
    Google analytics – a web analytics service provided by Google, Inc. We use Google Analytics to allow us to evaluate and report on the usage of our website.While you are using our website, we will ask you to use google analytics, and you have a choice either accept or reject. Therefore, if you have not make any choice, the default mode is rejection. Yes Yes
    Hubspot –  CRM service provided by Hubspot Inc. We use Hubspot to facilitate sign-ups for our user account and to allow us to understand more about our visitors. Yes No

    To limit our sharing and direct marketing, please contact us at or call us 976 7011-1646.

    Please note:
    If you are a new customer, we may begin sharing your information 45 days from the date we sent this notice. Please contact us at any time to limit our sharing your information, when you are no longer our customer, otherwise we may continue to share your information as described in this notice.

    Direct marketing is considered as email and SMS. Even if you limit direct marketing, we may still contact you to service your account or as otherwise allowed by law.


    Unfortunately, the transmission of information via the internet is not completely secure. Whilst we cannot guarantee the security of your data transmitted to our site, and any transmission is at your own risk, we will use strict procedures and security features to try to prevent unauthorized access. For example, we provide HTTPS to ensure communication to/from and are securely encrypted. Our systems are fully protected behind a firewall, intrusion prevention systems and we follow strict internal policies as to our handling of personal data and conduct regular reviews of our infrastructure and server security.

    To protect your personal information from unauthorized access and use, we use security measures which are comply with ISO 27001, PCI DSS, GDPR, and applicable laws. These measures include computer safeguards and secured files and buildings.

    Information type Security
    Electronic personal data Encrypted storage
    Access controls
    Transmission security controls
    Manual personal data Access controls
    Secured procedures
    Secured storage

    If you have any suggestion(s), or concern(s) relating to your personal data, information security risk, please notify us at

    The details of transfers of the personal data to international organizations

    We share your transaction details with correspondent banks and swift in order to complete your international transaction.

    Transferring data to overseas:

    Golomt Bank provides international money transfer service to our customers through worldwide money transferring network providers such as Swift and WesternUnion. These partners have their own compliance framework for personal data protection. On our part, we have implemented technical and organizational controls in accordance with international standard, ISO 27001. The bank is also compliant with the Swift Customer Security Framework in all components of swift infrastructure and connection between swift network.

    The retention periods for the personal data:

    We will retain your personal data for as long as you use our service as a customer and for a legal obligation. The retention period of the personal data will vary dependent on how long we need the personal data to improve and maintain our services and store appropriate business and financial records and whether we require the information as part of a dispute or to comply with a legal obligation (including responding to a regulatory body).

    The rights available to individuals in respect of the processing

    We think it is important that you should be able to control your personal information. You have the right to ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing at any time by contacting us at The GDPR law gives you the right to request a copy of the personal information we hold about you. We first require you to prove your identity with 2 pieces of approved identification. We will supply, correct or delete personal information about you on our files. In addition, you may request rectification or erasure of personal information as well as the restriction of processing of your personal information. We will comply with your requests in accordance with the applicable law. According to the Central Bank of Mongolia regulation, Golomt bank is not able to erase some personal data such as transaction up to 25 years.

    Customers have the right to object or limit the processing of data sharing with service providers.

    Golomt Bank has one month (30 days) from the reception of your request to answer it. For complex or large numbers of requests, this period may be further extended by two months (60 days) in principle. In such case, you will be duly notified and given the grounds for the extension.

    Golomt Bank will fulfill your requests free of charge unless demonstrated to be manifestly unfounded or excessive.

    The right to data portability

    Upon request from the Customer, Golomt Bank will transmit his or her personal data to another controller without hindrance, in a structured, commonly used, machine-readable and interoperable format.

    The right to data portability is limited to the data you provided us with and which we process to fulfill a contract or upon your consent. Data which we create and any processing to meet our legislative obligations and which is in our legitimate interest are excluded from portability rights.

    The right to withdraw consent

    If you have withdrawn your consent, we will process the data for only a short period of time to allow us to process the request and will keep a record of your request. If you would like to withdraw your consent, contact us at and we will respond in a reasonable time and manner. Please note that we may also be required to retain certain information by law.

    The right to lodge a complaint with a supervisory authority

    If Golomt Bank does not take action on your request within one month (30 days), then you have the right to lodge a complaint with the Supervisory Authority of your country of residence.

    The details of whether individuals are under a statutory or contractual obligation to provide the personal data

    We may also collect some additional information, which relates to you when you apply for a credit card or loan.

    • Educational information;
    • Employment information;
    • Spouse and family information;

    Mobile Applications

    Golomt bank’s Mobile Applications for accounts (“Applications”) allows you to access your account balances, transfers and pay bills on your mobile device. This Notice applies to any Personal Information or Other Information that we may collect through the Applications.

    Linking to other sites

    We may provide links to third party sites, service providers or merchants. If you follow links to sites not affiliated or controlled by Golomt bank, you should review their privacy and security policies and terms and conditions, as they may be different from those of our Sites (refers, Golomt bank does not guarantee and is not responsible for the privacy or security of these sites, including the accuracy, completeness, or reliability of their information.

    Making sure information is accurate

    Keeping your account information accurate and up to date is very important. If your account information is incomplete, inaccurate or not current, please use the Contact option on our website, or call or write to us at the telephone numbers or appropriate address for changes listed on your account statements, records, online or other account materials. You can also speak to a customer representative at a banking center or you can visit your online bank service.

    Protecting children’s privacy online

    The Site ( is not directed to individuals under the age of sixteen (16)and we request that these individuals not to provide Personal Information through the Site. We do not knowingly collect information from children under 16 without parental consent.

    Updates to this Privacy Notice

    This Golomt bank Privacy Notice is subject to change. Please review it periodically. If we make changes to the Privacy Notice, we will revise the “Last Updated” date at the top of this Notice. Any changes to this Notice will become effective when we post the revised Notice on the Site. Your use of this Site following these changes means that you accept the revised Notice.

    Data Protection Officer

    If you have any questions regarding this notice, you can reach our Data Protection Officer by email at

    EU Representative

    Osano International Compliance Services Limited
    ATTN: A8UY
    25/28 North Wall Quay
    Dublin 1, D01 H104

    Last Updated
    October 2021

This website uses google analytics

This website uses information gathering tool which is Google analytic in order to determine the effectiveness of our online campaign in terms of sales and user activity on our sites.

  • 0

    Your loan calculation

    Monthly payment

    Salary amount (45%)

    Down payment

    Loan amount

  • 10000

    Calculate your savings

    The money you saved

    Total interest


Exchange rate news