PRIVACY POLICY OF M BANK

This Privacy Policy (“Policy”) is framed to inform you the privacy practice followed by M bank (“M bank” or “We”) on how and for what purpose we obtain, collect, process, use, disclose, share, store and secure your personal data or information disclosed or made available to us while you are using our products and services. Your registration to M bank as a customer or use of our products and services shall be deemed your acceptance of this Policy. Relationship between us herein shall be regulated by laws and regulations of Mongolia.

1. What is the extent of information or data this Policy covers?

This Policy is applicable to your personal details such as first name, last name, date of birth, place of birth, residential address, location, identification and registry number, asset, education, membership, photographs, electronic identity or contact information, copy of documents, and any other finance or loan related personal information or data (“Personal Information”).

Any personal data or information that is freely available or accessible in public domain or included in public information according to law shall not be regarded as personal data or information for the purposes of this policy.

2. What is the purpose of collection, processing and use of your Personal Information?

We collect, process and use your Personal Information for specific purposes or for a lawful purpose to comply with the applicable laws and regulations, such as credit scoring, credit analysis, presenting products and services suited to your needs, developing/improving our products and services, providing information about your account/s, keep you informed about products and services you hold with us, resolving complaints and enquiries, risk assessment, ensuring data security and compliance, debt collection, prevention of money laundering, terrorism financing and proliferation of weapons of mass destruction crimes, complying with our regulatory and reporting duties, data analysis, and audits.

Your Personal Information may, with your consent, be transferred to a third parties that is providing services to us ensuring due safeguards. In order to calculate credit scoring, we may collect and store data or references from Credit Information Unit of the Bank of Mongolia, other credit information providers, government data bases or other third parties.

In order to present products and services tailored to your needs, we may collect information of location of your mobile phone with your electronic consent or may collect information of model of your mobile phone in order to prevent you from any risks.

3. How information or data is collected?

We will collect, in the course of your registration to M bank as a customer or use of our products and services, your Personal Information or information or data which are necessary in order to provide our products and services to you through application forms, requests, product and service agreements, documents provided, mobile apps, ATM and other sources authorized by you or permitted by law.

4. What type of information are processed by us?

We may process following information or data relevant to you that are collected by us in accordance with law provided that principles and requirements provided under applicable law shall be followed:

• Your Personal Information, nationality, marital status, age, gender, income and expenditure information;

• Documents provided for identification purposes (such as photographs, ID card, passport, birth certificate, reference, statement etc.);

• Transaction details and account statement;

• Financial information and experience;

• CCTV footage and other information obtained through electronic means;

• IP addresses, device used in relation to banking services and geolocations.

5. Disclosure of Personal Information

Your information collected by us are disclosed to third party in the following cases:

• we are required by competent authority to disclose the information in accordance with law; or

• the disclosure has been agreed by you.

We may use third party services or outsource some services to third parties to help us provide/ improve our products and services, and in this case your information or data may be used or processed by those third parties. However, the data transfers would take place after signing of non-disclosure agreements incorporating obligations of due safeguards and keeping confidentiality of your data and ensuring the third party to maintain the confidentiality of the information using the same degree of care used by us.

6. Data Retention

We will keep your Personal Information for as long as necessary to fulfil the purposes we collected it for, and for a period not less than the period prescribed by the law for the purposes of preventing money laundering and terrorism financing, archive, official record-keeping, accounting, or reporting requirements.

7. Reasonable Security Practices and Procedures

Ensuring accuracy, confidentiality and accessibility of Personal Information of our customers is a priority to M bank and information security is ensured by maintaining human, technology, and process-based safeguards that meet applicable laws and international standards.

We have a team of professionals responsible for information security and the team is responsible for ensuring and monitoring confidentiality and safety of information or data used or processed by us.

According to our objective to maintain information security, we have successfully started PCI-DSS (the Payment Card Industry Data Security Standard) implementation project and are also working on to implement ISO27001 (the international standard for information security) in the near future.

8. How to reach out to us for questions or concerns?

Please contact us at hello@m-bank.mn for any questions or concerns.

9. What is your obligation?

You are obliged not to disclose, transfer, share or expose your login information, account name, password, secret question and answer to any person when you are using our products and services. We will not be responsible for any loss caused by your loss of your login information.

10. How we contact you for any notice or information?

We will deliver you any notice or information in Mongolian through M bank application, email, registered phone number or your residential address. Also, products and services related information, such as the Privacy Policy, the Products and Services Terms or other information will be published on www.m-bank.mn. Notice or information delivered through these channels are deemed officially accepted.

11. Our contact information 🤔

You can contact us through M bank application or below channels.

Email: hello@m-bank.mn

Tel: 1800-2929

Head office: Central Tower 1st Floor, M Customer Center, 8th Khoroo, Sukhbaatar District, Ulaanbaatar-14200, Mongolia