INFORMATION SECURITY

 

We are committed to safeguarding your personal data and ensuring complete information security. To achieve this, we continuously implement the following measures:

 

Ensuring Security in Accordance with International Standards

 

• ISO/IEC 27001 – Information Security Management System
• PCI DSS – Payment Card Industry Data Security Standard
We fully implement and adhere to these internationally recognized standards in our operations.

 

Internal Policies and Procedures Aligned with Global Best Practices

 

• Our internal policies and procedures for information confidentiality and protection are developed based on international best practices and requirements.
• All employees are required to comply with these policies and undergo regular training to reinforce them.

 

Strict Compliance with the Laws and Regulations of Mongolia

 

• Law on Personal Data Protection
• Law of Mongolia on Cyber Security
We strictly follow all relevant national laws and comply with the rules and regulations issued by regulatory authorities.

 

Audits and Continuous Improvement

 

• We engage internationally accredited audit organizations to conduct regular assessments of our information security and IT operations.
• Based on audit findings, we continuously enhance our internal processes and security systems to ensure the highest level of protection.

 

Advanced Technological Infrastructure and Security Solutions

 

• We maintain a reliable IT infrastructure that meets international standards.
• We research and implement cybersecurity solutions in phases to proactively prevent cyber threats.

 

Skilled and Certified Professionals

 

• Our team consists of experts specialized in information security and IT.
• Team members hold internationally recognized certifications and have substantial professional experience.

 

Continuous Employee Development

 

• We conduct regular training sessions for all employees to enhance their knowledge of security practices and ensure understanding of internal policies and procedures.

 

WHAT IS PERSONAL DATA?

 

“Personal data” refers to sensitive information about an individual as well as other details such as the individual's parent’s (mother’s/father’s) name, own name, date of birth (year, month, day), place of birth, residential address and location, citizen registration number, assets, education, memberships, electronic identifiers, and any other information that directly or indirectly identifies or can be used to identify a person.

“Sensitive personal data” refers to information concerning an individual’s ethnicity, ancestry, religion, beliefs, health, correspondence, genetic and biometric data, private digital signature keys, criminal record or whether the individual is serving or has served a sentence, sexual orientation, gender identity or expression, and information related to sexual relations.

 

WHAT PERSONAL DATA DO WE COLLECT?

 

XacBank collects the following personal information from you only when you have personally given your consent by signing the bank’s product or service application forms, agreements, or by accepting the terms and conditions of the products and services. This information is used solely for the purpose of providing, offering, and communicating relevant information about the bank’s products and services. These include:

 

•        Personal data;

•        Account balances, transaction history, and loan information;

•        Asset and income information;

•        Educational background;

•        Employment information;

•        Marital and family information;

•        IP address and access history of devices used to access XacBank digital products and services;

•        Information received from third-party organizations, such as inquiries from the Bank of Mongolia, Mongolian Tax Administration, General Executive Agency of Court Decision, and other authorized institutions.

 

PERSONAL DATA COLLECTION AND USE 

 

XacBank strives to provide its products and services in a timely, efficient, and accessible manner in accordance with the laws of Mongolia and relevant regulations set by authorized regulatory bodies. In this regard, the Bank may collect, record, use, and share your personal data for the following purposes:

 

•        Opening current accounts and processing fund transfers

•        Issuing debit and credit cards and providing related transaction services

•        Providing term and demand deposit services

•        Receiving and processing all types of loan applications

•        Registering for digital banking services

•        Mobile banking services

•        Providing information through the bank’s call center

•        Receiving complaints and feedback

 

TO WHOM WE MAY DISCLOSE YOUR PERSONAL DATA?

 

In accordance with the laws of Mongolia and the relevant regulations issued thereunder, XacBank has a legal obligation to provide customer information to the following authorized regulatory and law enforcement agencies:

 

•        Judicial bodies of any level of prevention, detection, investigation and prosecution (including money laundering, terrorism, fraud and other financial crimes);

•        Under the applicable Mongolian and International laws and regulations, orders, judicial decisions, Government sanctions and interdiction, reporting requirements under the law on financial transactions, and any regulatory and law enforcement bodies or judicial or exchange bodies are required.

•        Submission of data and information to credit information bureau; 

•        At the request of authorized representatives who have the legal right to access your information or are duly authorized to represent you;

•        Other legal grounds; 

 

PERSONAL DATA USE, STORAGE AND DELETION OF PERSONAL INFORMATION

 

In accordance with the applicable laws of Mongolia, XacBank’s internal policies and procedures, and the general terms and conditions for fees and charges related to electronic and card products and services, your personal data is collected and used for the purpose of providing you with products and services. Personal data storage, archiving, and deletion activities are conducted in compliance with the “XacBank Privacy Procedure” and “XacBank Archive Procedures”.

 

CONSENT AND WITHDRAWAL OF CONSENT

 

As the data subject and customer, you must personally express your intent to register as a customer and request services from the bank by accepting the relevant contractual terms and conditions and providing accurate information. Upon doing so, the bank will enter into the corresponding agreement and provide the requested services.

If the customer does not agree to the terms and conditions of the agreement related to the bank’s products or services prior to entering into the agreement, the bank reserves the right to refuse service.

 

CUSTOMER RIGHTS AND OBLIGATIONS

 

As a customer, you have the right, under the laws and regulations of Mongolia, to give or withhold consent regarding the collection, use, and disclosure of your personal data. You also have the right to access, correct, request deletion, obtain copies, and demand the processing of your information.

You are obligated to provide the bank with accurate and truthful information related to you. In the event of any changes to your information, you must promptly notify the bank to update your records accordingly.

 

CONTACT INFORMATION

 

The Bank values customer satisfaction and operates an open and prompt system for receiving and resolving feedback, requests, and complaints related to its products and services.

If you have any questions or require additional information, please contact us at:

 

•        XacBank Customer Service Center

•        Phone: 1800-1888, 75771888

•        Fax: 328701

•        Email address: info@xacbank.mn