Privacy Policy: Mercantile Bank Digital Banking Platform (MBL Rainbow)

Last updated: 01 October 2020

Your Privacy is Important to Us

In this policy, “we”, “us”, “our” or “MBL” means Mercantile Bank Limited, “you”, “your” or “yours” means the persons to whom this policy applies means the customer or the users of the Digital Banking Platform (MBL Rainbow) by Mercantile Bank Limited, its related corporations, affiliates and branches.

The security of your personal data is important to us. MBL has in place safeguards to protect the personal data of the customers stored with us. This policy describes how we may collect, use, disclose, process and manage your personal data.

This policy applies to any individual’s personal data which is in our possession or under our control.

In the event of any inconsistency between different versions of this policy, the English version shall prevail.

What Personal Data We Collect

We define “Personal data” as data that can be used to uniquely identify a natural person. Personal data can be collected from various sources and processed by us. Some examples of data which on its own or jointly, can be used to identify a natural person are:

  1. personal particulars (e.g. name, contact details, residential address, date of birth, national id details, and/or professional details);
  2. specimen signature(s);
  3. financial details (e.g. income, expenses, and/or credit history);
  4. images and biometrics such as thumbprints, voice recordings of you, including our conversations with you for verification or other purposes;
  5. employment details (e.g. occupation, directorships and other positions held, employment history, salary, and/or benefits);
  6. tax and insurance information;
  7. information about your risk profile, investments, investment objectives, knowledge and experience and/or business interests and assets;
  8. banking information (e.g. account numbers and banking transactions);
  9. your personal opinions made known to us e.g. through feedback or surveys;
  10. information relating to your activities, habits, preferences and interests arising from your use of products and services of MBL, our partners or vendors; and/or
  11. Other electronic data or information relating to you such as IP addresses, cookies, activity logs, online identifiers and location data through your usage of our products and services or as part of their delivery to you.

How We Use Your Personal Data

We may use your personal data for our core business purposes, such as:

  1. developing and providing banking facilities, products or services (whether made available by us or through us), including but not limited to:
    1. executing investments, banking, commercial or other transactions and requests, including processing, settlement, clearing or reporting on these transactions;
    2. carrying out research, planning and statistical analysis; or
    3. analytics for the purposes of developing or improving our products, services, security, service quality, advertising or customization strategies;
  2. assessing and processing applications, instructions or requests from you or our customers;
  3. communicating with you, including providing you with updates on changes to products, services and banking facilities (whether made available by us or through us) including any additions, expansions, suspensions and replacements of or to such products, services and banking facilities and their terms and conditions;
  4. managing our infrastructure, business operations and complying with internal policies and procedures;
  5. responding to queries or feedback;
  6. addressing or investigating any complaints, claims or disputes;
  7. verifying your identity for the purposes of providing banking facilities, products or services;
  8. conducting credit checks, screenings or due diligence checks as may be required under applicable law, regulation or directive;
  9. complying with all applicable laws, regulations, rules, directives, orders, instructions, guidance and requests from any local or foreign authorities, including regulatory, governmental, tax and law enforcement authorities or other authorities;
  10. monitoring products and services provided by or made available through us;
  11. complying with obligations and requirements imposed by us from time to time by any credit bureau or credit information sharing services of which we are a member or subscriber;
  12. creating and maintaining credit and risk related models;
  13. financial reporting, regulatory reporting, management reporting, risk management (including monitoring credit exposures), audit and record keeping purposes;
  14. enabling any actual or proposed assignee or transferee, participant or sub-participant of MBL’s rights or obligations to evaluate any proposed transaction;
  15. enforcing obligations owed to us
  16. in connection with performance of duties when seeking consultancy or professional advice, including legal advice; and/or
  17. Administering benefits or entitlements in connection with our banking relationship with you, including the administration of loyalty, rewards programs, lucky draws, and/or sending gifts and awards.

In addition to the above purposes, we may also use personal data for purposes set out in the terms and conditions that govern our relationship with you or our customer.

Use of Personal Data for Marketing Purposes

We may use your personal data to offer you products or services, including special offers, promotions, contests or entitlements that may be of interest to you or for which you may be eligible. Such marketing messages may be sent to you in various modes including but not limited to electronic mail, direct mailers, short message service, telephone calls, emails and other mobile messaging services. In doing so, we will comply with the Personal Data Protection policy and other applicable data protection and privacy laws.

In respect of sending telemarketing messages to your Bangladeshi mobile number via short message service, phone calls (voice or video), email and other mobile messaging services, please be assured that we shall only do so if

  1. You have provided your clear and unambiguous consent by accepting or other recorded form for us to do so;
  2. You have not indicated to us in our ongoing relationship that you do not wish to receive telemarketing messages sent to your Bangladeshi mobile number and you have not registered that number with the National ID, please Do Not Register.

We may, as part of our ongoing relationship with you, send marketing messages to you. You may at any time request that we stop contacting you for marketing purposes via selected or all modes.

To find out more on how you can change the way we use your personal data for marketing purposes, please contact us (please see the “How to contact us” section below).

Nothing in this section shall vary or supersede the terms and conditions that govern our relationship with you.

Disclosure and Sharing of Personal Data

We may from time to time and in compliance with all applicable laws on data privacy, disclose your personal data to any personnel of MBL or to third parties, in order to carry out the purposes set out above. Please be assured that when we disclose your personal data to such parties, we require them to ensure that any personal data disclosed to them are kept confidential and secure.

An example of such sharing would be for the purposes of providing or offering products or services that might be of interest to you based on your collected information or other data relating to your interactions with MBL Group, our partners or vendors.

For more information about the third parties with whom we share your personal data, you may, where appropriate, wish to refer to the agreement(s) and/or terms and conditions that govern our relationship with you or our customer. You may also contact us for more information (please see the “How to contact us” section below).

We wish to emphasize that MBL does not sell personal data to any third parties and we shall remain fully compliant of any duty or obligation of confidentiality imposed on us under the applicable agreement(s) and/or terms and conditions that govern our relationship with you or our customer or any applicable law.

We may transfer, store, process and/or deal with your personal data outside Bangladesh. In doing so, we will comply with the laws of Bangladesh and other applicable data protection and privacy laws.

Cookies and Related Technologies

Our web sites and mobile applications (“apps” or an “app”) use cookies. A cookie is a small text file placed on your computer or mobile device when you visit a web site or use an app. Cookies collect information about users and their visit to the web site or use of the app, such as their Internet protocol (IP) address, how they arrived at the web site (for example, through a search engine or a link from another web site) and how they navigate within the web site or app. We use cookies and other technologies to facilitate your internet sessions and use of our apps, offer you products and/or services according to your preferred settings, track use of our web sites and apps and to compile statistics about activities carried out on our web sites and/or through our apps.

A pixel tag, also known as a web beacon, is an invisible tag placed on certain pages of our web site but not on your computer. Pixel tags are usually used in conjunction with cookies and are used to monitor the behavior of users visiting the web site.

You may set up your web browser to block cookies which will in turn disable the pixel tags from monitoring your web site visit. You may also remove cookies stored from your computer or mobile device. However, do note that if you enable blocking of cookies and pixel tags, it may limit certain features and functions in your use of our web sites.

Other Web Sites

Our web sites may contain links to other web sites which are not maintained by MBL. This privacy policy only applies to the web sites of MBL. When visiting these third party web sites, you should read their privacy policies which will apply to your use of the web sites.

Retention of Personal Data

Your personal data is retained as long as the purpose for which it was collected remains and until it is no longer necessary for any other legal or business purposes.

Access and Correction

You may request access or make corrections to your personal data held by MBL. MBL may charge a fee for processing your request for access. Such a fee depends on the nature and complexity of your access request. Information on the processing fee will be made available to you.

Please contact us (please see the “How to contact us” section below) for details on how you may request access, correct or exercise your rights with respect to the processing of your personal data.

How to Contact Us

To contact us on any aspect of this policy or your personal data or to provide any feedback that you may have, please visit any of our branches or get in touch with our customer contact center executive in the following ways:

If you are our personal banking customer or a non-customer, you may contact our customer contact center executive at our 24 hour hotline at 16225 or email us at

Amendments and Updates of MBL Privacy Policy

We may amend this policy from time to time to ensure that this policy is consistent with any developments to the way MBL uses your personal data or any changes to the laws and regulations applicable to MBL. We will make available the updated policy on our web site ( and at our branches. All communications, transactions and dealings with us shall be subject to the latest version of this policy in force at the time.

What you want? don't worry, contact us