Implementing international standards such as the Information security, cybersecurity and privacy protection - Information security management systems - Requirements (ISO/IEC27001:2022), the Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - Requirements and guidelines (ISO27701:2019), and the Payment Card Industry Data Security Standard (PCI DSS) ensures that your banking and personal information is protected from all types of external and internal threats, intentional and accidental. It aims to ensure the confidentiality, integrity, and accessibility of information and information assets, and to implement cybersecurity acts, privacy laws, and other laws, as well as the policies, procedures, and rules of statutory and regulatory bodies. These include; The Golomt Bond is obligated under the applicable Mongolian laws not to disclose your personal information, except as required by law. Even after a client closes an account, The Golomt Bond continues to ensure the confidentiality of client information in accordance with applicable laws. The Golomt Bond implements all technical and process security measures in accordance with related laws and regulations to protect your personal information. The Golomt Bond implements the Information security, cybersecurity and privacy protection - Information security management systems - Requirements (ISO/IEC27001:2022) and best practices in its operations. The Golomt Bond's payment card system fully meets and implements the requirements of the PCI DSS v4.0 standard for securing payment card information. The SWIFT complies with the recommendations and requirements of the Client Security Program (CSP). The Golomt Bond, when working with external service providers, sets strict requirements for compliance with information security standards in accordance with international security best practices. Regardless of where your information is transferred, we take appropriate measures to ensure the security of your personal and confidential information. Golomt Bond's Privacy Policy We respect and maintain the confidentiality of your client information and data, and maintaining that confidentiality is very important to us. The Golomt Bond was the first to introduce and implement the privacy information management system (ISO27701:2019) in Mongolia, which is followed globally. Within the framework of these standards, we aim to provide transparent, detailed and accessible information through this Privacy Policy about the purposes for which we collect, protect and store information from our clients. What is personal information? Personal information means sensitive information about an individual, including parent's name, name, date of birth, place of birth, residential address, location, social security number, academic background, membership, electronic identifiers, and any information that directly or indirectly identifies you. Person or other identifiable data. Sensitive information includes information such as ethnicity, race, religion, beliefs, political party affiliation, health, education and employment history, correspondence, marital status, membership information, genetic and biometric data, electronic signatures, information such as, sexual orientation, sources of assets, status of movable and immovable assets, and references from competent authorities. Granting and Rejecting Consent The Golomt Bond will conclude the relevant contract and provide the Instruments and Services only if you register with the Company as a client at your request, indicate your request to receive the Instruments and Services from the Company and agree to the Terms and Conditions and provision of the Services. The Client provides the Company with the terms and conditions of the contract and the exact information required. If the client does not agree to the Terms and Conditions of the contract before entering into a contract with the Company, the Company will refuse to provide the Services. If the client wishes to withdraw his/her consent under the contract after entering into an agreement with the Company, he/she should indicate his/her refusal in writing. In this case, the Company will refuse to provide the Services, close the Client's account, and take steps to terminate the applicable agreement. Whenever the client opens a new account or receives other additional services at his/her request, he/she shall update the information previously provided and provide only accurate information and documents. If the client fails to update the information in accordance with applicable laws or provides false information and documents, the Company reserves the right to refuse to provide the Service and compensate the client for damages. What personal information do we collect? The Golomt Bond collects the following personal information from you, the client, for the purpose of informing, offering or providing you with the Company instruments and services only if you have directly signed and consented to the application for the Company instruments and services. You have agreed to the Terms and Conditions of the Instruments and Services conducted online, which include; Personal information such as your last name, ID card, registration number, a copy of your Mongolian residence permit or, for foreign citizens, a copy of your foreign passport, residential address, postal address, e-mail address, telephone number, fax number, etc. Income data (for loans) IP address and access history of the device through which you access Golomt Bond's electronic instruments and services Information provided by a third party; or: ND - Information and references on social security contributions Taxes - Inquiry about unpaid taxes State administration - Inquiry about unpaid debts Any other required information. Why do we collect personal information? We comply with the Code of Mongolia, the Banking Law, the Law on Cash Deposits, Cash Transfers and Credit Operations of Banks and Authorised Entities, the Law on Prevention of Money Laundering and Terrorist Financing and other laws and regulations issued pursuant thereto. In accordance with the rules of the authorised regulatory bodies, Golomt Bond's regulations, internal policies and procedures, the Terms and Conditions on Deposit, Electronic and Card Products, Service Fees and General Use and the ISO27701:2019 standard, your information may be collected, registered, used and shared for the following reasons: At the client's request, we register him/her as a new client of the Company. We deliver instruments and services that meet client requirements. We analyze, verify and correct client-submitted suggestions and complaints. We improve the quality of services provided to clients by providing them the right instruments and services based on the information provided by clients. We prevent and identify inconsistencies in personal information during the process of providing client service. How do we collect personal information? We collect your information through applications, online channels, surveys and questionnaires for all of our services: Registering clients, offering instruments and services, and opening accounts in person at bank branches. Submitting suggestions and complaints through branch payment centers, integrated service centers, or official electronic channels. Use, storage, and disposal of personal information We collect your personal information from you in accordance with applicable Mongolian laws and regulations, the Golomt Bond's internal policies and procedures, deposit, electronic and card instruments, service fees and charges, and the ISO27701:2019 standard. The destruction of your personal information is carried out in accordance with the ‘Bank's Archiving Operational Procedures’ and the Golomt Bond's ‘Confidentiality Procedures’. Request for personal information The Golomt Bond collects your personal information and provides instruments and services with your consent in accordance with relevant laws and regulations. At your request, you may inquire about the types of personal information we hold about you by submitting a written request to our branch payment center. The Golomt Bond will carefully review your written request and, after verifying your identity, provide you with the relevant information. Who do we share your information with? The Golomt Bonds is obliged to provide your information to the following authorized regulatory bodies and law enforcement agencies in accordance with the laws and regulations of Mongolia and the ISO27701:2019 standard, which include; Upon request by courts, prosecutor's offices, law enforcement agencies, court judgment enforcement agencies, or authorized public officials As required by competent regulatory bodies, the Bank of Mongolia, the Financial Regulatory Commission, the Customs and Taxation Service, the Inspectorate and the Authorised officials of the State Inspectorate in connection with the performance of their functions prescribed by applicable laws and regulations
 We prepare and forward reports to competent regulatory authorities in accordance with our legal obligations related to the prevention of money laundering and financial crime. Providing information to credit databases At the request of someone who has access to your information or is authorized to act on your behalf In accordance with other grounds and requirements prescribed by the laws and regulations The Golomt Bond may share your information with third party service providers with your consent for marketing and improving our instruments and services. Oversight and implementation In the frameworks of ISO27001:2022; PCIDSS v 4.0 and ISO27701:2019, the implementation and control of information security and information privacy is handled by the Data Protection Officer or Senior Vice President responsible for risk. Contact Us If you have any questions or would like more information, please contact us through the Contact Us form on our website.