Privacy Policy – Prime Bank Fintech Limited (LENDEN)

Effective Date: October 28, 2025

1. Introduction

The brand “LENDEN” is established and wholly owned by Prime Bank Fintech Limited to provide secure, compliant, and innovative mobile financial services (MFS) under the regulatory framework of Bangladesh Bank. Prime Bank Fintech Limited (“LENDEN”, “we”, “our”, or “us”) is committed to protecting the privacy, confidentiality, and security of personal information belonging to its customers, users, and partners. This Privacy Policy describes how LENDEN collects, uses, stores, protects, and discloses personal and transactional information through the LENDEN Mobile Application, website, and all digital financial services operated under the supervision of Bangladesh Bank.

By downloading, installing, accessing, or using the LENDEN App or related services, you acknowledge that you have read, understood, and agreed to be bound by this Privacy Policy. If you do not agree, you should not use the App or any of our digital financial services.

LENDEN operates in strict compliance with the Bangladesh Bank Mobile Financial Services Guidelines, ICT Security Guidelines, and other applicable laws and directives issued by competent authorities in Bangladesh.

2. Information We Collect

In order to provide secure, compliant, and uninterrupted financial services, LENDEN collects and processes information from customers through lawful and transparent means.

We collect information directly from users during registration, identity verification, service usage, and communication, as well as automatically through the App for operational and security purposes.

The categories of information collected include but are not limited to:

  1. Personal and Identification Information

When you register for a LENDEN account or use our services, we collect identifying details such as your full name, national identification number, date of birth, photograph, and demographic data. We may also collect additional documents and information such as utility bills, driving license, or passport copies as required under Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations issued by Bangladesh Bank.

  1. Contact and Device Information

We collect your mobile number (MSISDN), SIM information, device identifiers (IMEI, Android ID, MAC address), and IP address for account linkage, fraud detection, and authentication. We may also collect your address, email, and communication preferences to send notifications and security alerts.

  1. Transactional and Financial Information

To ensure the integrity of your financial operations, we collect information related to your wallet balance, transaction history, cash-in and cash-out records, payment instructions, merchant purchases, fund transfers, and service usage details.

  1. Technical and Usage Information

The App automatically collects certain technical information to improve performance and user experience, such as app version, device model, operating system, session duration, and crash logs. We may also use aggregated, anonymized analytics to assess service usage trends and enhance application stability.

3. Purpose of Data Collection and Processing

All data collected by LENDEN is used for lawful business and regulatory purposes. The purposes include:

LENDEN collects and uses your personal and transactional data to verify your identity, open and manage your account, and comply with the KYC and AML/CFT regulations prescribed by Bangladesh Bank. Your data enables us to perform secure financial transactions, prevent fraudulent activities, and detect suspicious behavior or potential breaches.

We use collected information to communicate important updates, confirm transactions, send alerts, and provide service-related notifications. The information further helps us conduct audits, ensure system resilience, and perform data analytics to improve our products and customer experience.

LENDEN may also use anonymized and aggregated information to analyze user behavior, develop new features, and evaluate service performance without identifying individual users.

We do not sell or trade your personal information with third parties for marketing or promotional purposes.

4. Data Retention and Archival

LENDEN retains customer and transaction data strictly in accordance with the PBFTL Data Retention & Disposal Policy 2025 and the Bangladesh Bank ICT Security Guideline (v4.0).

Your information is retained for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, and audit requirements. Financial transaction data, customer identification documents, and system logs are preserved for a minimum of six (6) years after the termination of the relationship or as required by law.

Backup and archival copies of customer data are stored in encrypted and access-controlled repositories. Upon expiry of the retention period, data is securely destroyed using approved sanitization techniques, including cryptographic erasure or media degaussing, in compliance with NIST 800-88 and PBFTL’s disposal procedures.

 

5. Data Storage, Residency, and Protection

All customer data and backup copies are stored within data centers physically located in Bangladesh, operated under the supervision of approved service providers and in compliance with Bangladesh Bank Cloud Computing Guidelines.

Data is protected using advanced security measures, including encryption, access control, and network isolation. Sensitive information is encrypted with AES-256-bit encryption at rest and transmitted over secure channels using TLS 1.3 or higher protocols.

Our Backup & Restoration Policy ensures high availability and disaster recovery with a Recovery Point Objective (RPO) not exceeding fifteen (15) minutes and a Recovery Time Objective (RTO) not exceeding four (4) hours for core systems. All backup copies are maintained on immutable or Write-Once-Read-Many (WORM) storage to safeguard against ransomware and unauthorized modification.

Access to personal data is limited to authorized employees and service providers who require it for legitimate operational purposes. All personnel handling sensitive data are bound by confidentiality and subject to disciplinary action or legal proceedings for any violation.

Regular security audits, vulnerability assessments, and system monitoring are conducted to ensure compliance with the PBFTL ICT Security Policy 2025.

6. Data Sharing and Disclosure

LENDEN maintains strict confidentiality regarding customer information and does not disclose personal or transactional data to any unauthorized party. However, data may be disclosed under the following specific and lawful circumstances:

To Bangladesh Bank, the Bangladesh Financial Intelligence Unit (BFIU), or other competent regulatory authorities, as required under applicable laws or directives;

To law enforcement agencies or courts of law, upon receipt of a lawful order or subpoena;

To partner banks, payment processors, or settlement institutions for completing legitimate financial transactions;

To third-party service providers engaged by LENDEN (such as KYC verification agencies, SMS gateway providers, and cloud service providers) who are bound by contractual confidentiality obligations and data protection clauses;

When necessary to investigate or prevent suspected fraud, cybercrime, or unauthorized access;

With the customer’s explicit and informed consent, for the purpose of providing new or value-added services.

No customer data shall be transferred outside Bangladesh without prior approval from Bangladesh Bank and confirmation of equivalent or stronger data protection standards in the destination jurisdiction.

7. User Rights and Responsibilities

Customers have the right to access, review, and correct their personal information stored with LENDEN. You may request the rectification of inaccurate data or the closure of your account, subject to regulatory clearance and settlement of outstanding balances.

You also have the right to withdraw consent for certain data processing activities, except those required for regulatory compliance or lawful business operations.

As a customer, you are responsible for maintaining the confidentiality of your Personal Identification Number (PIN), password, and One-Time Password (OTP). LENDEN will never request such credentials through phone calls, messages, or emails. In the event of suspected credential compromise, you must immediately contact our hotline for prompt assistance.

8. Data Security and Incident Management

LENDEN employs layered security controls to protect user data against unauthorized access, alteration, or loss. These include network firewalls, intrusion detection and prevention systems, continuous monitoring, and real-time threat intelligence.

In the event of a data breach or security incident, LENDEN follows a structured Incident Response Procedure in compliance with Bangladesh Bank guidelines. We promptly assess the impact, take corrective measures, and notify relevant authorities and affected users where legally required.

All incidents and their remediation actions are documented and retained as audit evidence under PBFTL’s Backup & Restoration Policy and ICT Security Policy.

9. Cookies and Application Analytics

The LENDEN App and website may use cookies and analytics tools to enhance user experience, measure performance, and diagnose technical issues. These tools do not capture personally identifiable information unless you voluntarily consent to share it. You may manage or disable cookies through your device or browser settings without affecting access to core services.

10. Third-Party Links and Integrations

The LENDEN App may contain links to third-party websites or services, such as merchant portals or bill payment gateways. Once you leave the LENDEN App, our Privacy Policy no longer applies. We advise you to review the privacy practices of those external sites or partners before providing any information. LENDEN shall not be liable for any data misuse by third-party platforms beyond its control.

11. Cross-Border Data Transfer

LENDEN does not transmit or store customer data outside Bangladesh. Any remote access or technical support provided by foreign partners will occur under strict supervision and only with prior written approval from Bangladesh Bank.

All such activities are governed by cross-border data transfer clauses ensuring encryption, audit trails, and regulator oversight.

12. Policy Review and Updates

This Privacy Policy shall be reviewed annually or whenever there is a regulatory update, system enhancement, or significant change in service delivery. Any material modification to this Policy will be communicated through official channels, including in-app notifications and the company website.

By continuing to use our services after any policy change, you acknowledge acceptance of the revised terms.

13. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the People’s Republic of Bangladesh. Any dispute or claim arising out of or relating to this Policy shall be subject to the exclusive jurisdiction of the courts in Dhaka, Bangladesh, and in accordance with the applicable laws and regulations of Bangladesh Bank.

14. Acceptance of Policy

By accessing or using the LENDEN App, website, or related financial services, you confirm that you have read, understood, and agreed to this Privacy Policy. Continued use of the App signifies your consent to the collection, processing, and use of your data in accor

Scroll to Top