Privacy Policy of SendMN NBFI LLC 

 

Last Updated:  

SendMN NBFI LLC (“SendMN,” “we,” “our,” or “us”) is a licensed non-bank financial institution regulated by the Financial Regulatory Commission of Mongolia. We are authorized to provide remittance, loan, foreign exchange, and trust services, and we are the developer and operator of the SendMN 3.0 mobile application (“App”). 

 

This Privacy Policy explains how we collect, process, share, store, and protect your personal data when you use the SendMN 3.0 App, our website, loan services, or any related services (collectively, the “Services”). 

 

By using our Services, you consent to the collection and use of your personal data as described in this Privacy Policy. If you do not agree, please refrain from using our Services. 

 

1. Data Controller 

SendMN NBFI LLC is responsible for the collection and processing of your personal data. 

• Controller: SendMN NBFI LLC
• Registration Number & Address: 6052363, 7th floor, Central Park tower, Amusement Park street, Chinggis Avenue-17, 1st khoroo, Sukhbaatar district, Ulaanbaatar, 14240, Mongolia.
• Data Protection Contact: info@send.mn | +976 7000-0909

If you believe that the collection or processing of your personal data violates your rights, you have the right to file a complaint with the National Human Rights Commission of Mongolia. 

 

2. The Data We Collect 

Before providing products and services through the SendMN 3.0 application, we will present you with the terms and conditions of service and the agreement electronically. After you have reviewed these terms and conditions and voluntarily accepted them, we will collect the following information necessary to deliver our products and services: 

• Personal Information: Full name, national ID number, date of birth, gender, nationality, residential address, ID card or passport details
• Contact Information: Mobile phone number, email address,

• Government Information Exchange System Data: ID verification, social insurance records
• Account & Payment Information: Bank account details, card information, transaction history
• Transaction Data: Transaction amount, date, purpose, recipient relationship, frequency, supporting documents
• Recipient Data: Recipient’s full name, contact details, recipient bank, account or wallet number
• Employment & Income Data: Job title, employment verification, social insurance statement
• Financial Data: Credit history, outstanding debts, bank statements, loan repayment records
• Emergency Contact: Name, and phone number of your designated emergency contact person, relationship to the user
• Credit Information Database Records: Data obtained from the Bank of Mongolia or other authorized institutions
• Biometric Data (if applicable): Facial images, video KYC
• Device & Technical Data: IP address, device identifiers (IMEI, MAC), operating system, browser type, geolocation
• Customer Service Data: Complaints, inquiries, chat messages, call recordings
• Marketing & Preferences Data: Survey responses, promotional participation

 

3. How We Collect Data 

We collect your personal data through: 

• Direct interactions (registration, KYC verification, transactions, customer support)
• Automatic means (cookies, device information)
• Partner institutions (financial partners providing remittance or loan services)
• Official and third-party sources (government databases, sanctions lists, media sources, public registers)

 

4. Purpose and Legal Basis of Processing 

We may collect, record, process, and share your personal information in accordance with “the Law of Mongolia Civil Code”, “the Law on Deposits, Loans, and Banking Transactions of Banks and Authorized Legal Entities”, “the Law on Combating Money Laundering and Terrorism Financing”, “the Law of Mongolia on Cyber Security”, “the Law on Personal Data Protection”, and other applicable laws and regulations issued thereunder, as well as the rules and requirements of competent regulatory authorities and SendMN’s internal policies and procedures. We process your personal data for the following purposes: 

Processing Purposes include: 

a. To perform a contract: 

• Provide remittance, loan, and payment services
• Process and confirm transactions
• Register and verify new customers

b. To comply with legal obligations: 

• AML/CTF compliance, screening, reporting, and record-keeping

c. To protect legitimate interests: 

• Detect and prevent fraud and financial crimes
• Ensure information security, risk management, and service improvement
• Verify accuracy of personal data and customer identity

d. To serve customer needs: 

• Deliver tailored products and services
• Analyze and resolve customer feedback and complaints

e. For security purposes: 

• Protect customer data and company systems against cyber threats

f. With customer consent: 

• Biometric verification

• Marketing and survey participation

 

5. Automated Decision-Making 

We use automated systems to monitor and assess risks related to fraud and electronic crime. This may result in delays, restrictions, or cancellations of transactions. If you believe an automated decision has adversely affected your rights, you may submit a complaint to us for review. 

 

6. Age Restrictions 

The SendMN 3.0 App is intended for users aged 18 and above. If data relating to a minor is collected, the account will be closed and the data deleted. 

 

7. Data Retention 

We retain your personal data only for as long as necessary under applicable laws and regulations: 

• KYC and transaction records: Minimum 5 years after termination of the relationship (per AML/CTF Law)
• Customer service and complaints: Up to 1 year, or longer if required by law
• Fraud investigation records: As long as necessary for prevention and investigation
• Marketing and optional data: Until consent is withdrawn
• Call recordings: Retained for the legally prescribed period

After the retention period, data will be securely deleted or anonymized. 

 

 

8. Customer Rights 

You have the following rights under the Personal Data Protection Law of Mongolia: 

• Right to Access: Obtain a copy of your personal and account information via the SendMN 3.0 App.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data (except where retention is legally required)
• Right to Restrict Processing: Limit how your data is processed in certain circumstances
• Right to Data Portability: Receive your data in a readable format
• Right to Withdraw Consent: Revoke consent at any time (without affecting prior lawful processing).

To exercise your rights, contact us at info@send.mn. 

 

9. Data Sharing and Transfers 

We share customer information with partners, regulators, and law enforcement authorities strictly within the scope permitted by applicable Mongolian and international laws, regulations, directives, and requirements. Such sharing is conducted to fulfill reporting obligations, prevent, detect, and investigate crimes, and to ensure the successful delivery of remittance, loan, and other products and services to customers: 

• Service providers: payment processors, KYC/AML vendors.
• International payout partners and banks: for processing transactions.
• Regulatory authorities: FRC, FIU, Bank of Mongolia, law enforcement.
• Business transactions: in mergers, acquisitions, or restructuring.

We require all third parties to protect your data in compliance with applicable laws. 

 

10. International Transfers 

Because remittance services require foreign processing, your data may be transferred outside Mongolia. We ensure that such transfers comply with Mongolian law and are protected by legal safeguards (contractual clauses, treaties, or your explicit consent). 

 

11. Loan Services Data Usage 

When applying for or using loan services, we may collect additional information (employment, income, credit history). This data is used for creditworthiness assessment, regulatory compliance, reporting to the Credit Information Bureau, and loan repayment management. Loan-related data is retained for at least 5 years after the loan relationship ends. 

 

12. Data Security 

We implement technical and organizational measures to protect your data, including: 

• Encryption of data at rest and in transit
• Multi-factor authentication for account access
• Logging and monitoring of access
• Incident response measures for data breaches

We are not responsible for losses caused by customers’ negligence in safeguarding their own credentials. 

 

13. Breach Notification 

If your personal data is compromised due to cyberattacks, system failures, or unauthorized actions, we will promptly notify you via your registered email or mobile number and provide instructions on protective measures. 

 

14. Marketing and Communication 

We may send you mandatory service communications (e.g., transaction notifications, security alerts). Marketing messages will only be sent with your consent, and you may opt out at any time through the App settings, email links, or by contacting us directly. 

15. Third-Party Links 

Our Services may contain links to partner websites or applications. Their privacy policies apply independently, and we are not responsible for their practices. 

 

16. Changes to this Policy 

We may update this Policy from time to time. Significant changes will be communicated via the App, website, or email. Updates take effect upon publication.