Privacy Notice

LB Finance Protects your personal data

This privacy notice informs you about how we collect, share, and process your personal data, as well as your rights related to that data. By accessing or using our services, you acknowledge and consent to the practices described in this Privacy Notice.

This notice highlights the following,

  1. Types of personal data we collect
  2. Methods of collecting personal data
  3. Reasons for collecting your personal data
  4. Sharing your personal data
  5. Protecting your personal data
  6. Retention of your personal data
  7. Your rights regarding your personal data
  8. Contact information for inquiries

1. Types of personal data we collect

To the extent they are relevant and allowed by law, we may collect following personal data from a natural person and or a representative of a natural person (you) -

  • Identification data - Name, nationality, photographs, national identification number, passport number, driving license number, Tax Identification Number, CCTV, audio, and video recordings (when used to identify individuals),
  • Contact data - Email address, phone or mobile number and your residential or business address etc.
  • Professional data - Occupation, title, documents evidencing industrial track-record, current and previous employment details, professional qualifications and references.
  • Financial and commercial data - Bank account details, movements of your bank transactions and information related to your business financial, credit report and score.
  • Geo-location data - Internet protocol (IP) address, cookies identifier.
  • Behavioural data -Browsing behavior on our websites and how you interact with our products and services, as well as with third-party organizations such as our advertising partners and social media platforms (Facebook, LinkedIn, YouTube, TikTok, Pinterest, X (formerly Twitter), and Instagram) and recruitment websites (TopJobs, XpressJobs).
  • Personal relationship data - Information about the agency, company, business or organisation you represent or is related to you.
  • Communications data - information relating to you contained in video, voice, messaging, email and other communications we have with you.
  • Special Category Personal Data: Personal data revealing racial or ethnic origin, such as photographs that may indicate or relate to race or ethnicity; information about Politically Exposed Persons (PEPs) for KYC compliance, which may reveal political opinions, including job title and political party or organization; biometric data for uniquely identifying individuals (such as fingerprints); data concerning health; information about criminal convictions related to our financial crime prevention obligations; and personal data relating to a child (obtained with parental or guardian consent).

2. Methods of Data Collection

We collect your personal data from various sources, including:

  • Directly from You: information you provide through our website, LB CIM mobile application, online banking platforms, forms, applications, contracts, or when you communicate with us via phone, email, or in person.
  • We obtain your consent for data collection and processing through clear, affirmative actions, such as agreeing to our terms and conditions during registration or while using our services. However, please note that consent may not always be required for certain data processing activities as permitted by applicable laws. Where applicable, we will seek your consent to ensure transparency and your understanding of how your data is used.
  • From Third Parties: This includes credit reporting agencies, verification service providers, payment service providers, other financial institutions, government agencies, and any parties you have authorized to share your information with us. We rely on these third parties to ensure that they have either obtained your consent or have a lawful basis for sharing your information with us.
  • From Other Sources: We may also gather information from people you know, businesses, publicly available resources (online registers, publications and social media).
  • Cookies: we may use cookies to automatically collect certain information from your device. You may disable the same by changing settings on your device. However, you will be unable to experience our certain digital financial services upon disable the same.

3. Reasons for Collecting Your Personal Data

We think that your personal data is important to us to ensure the following in providing and receiving goods and services. We ensure that any personal data processed is adequate, relevant, and proportionate to the purpose for which it is collected or processed. Thus, your personal data is required for the following main purposes,

To onboard, manage and monitor our relationships, including

  • Conducting customer due diligence at onboarding, contract renewal and as required during the contract performance
  • Enter in to agreements with you and realize business objectives
  • Creating and maintaining our customer account
  • Contacting you
  • Monitoring the performance of customer contracts
  • Settling bills and accounts
  • Personal data collected from Job Applicants and short-listed candidates
  • From employees during on-boarding and the period of employment
  • Form merchants during on-boarding and until the contract is in force

To convey updated and new services and marketing promotions

  • may use your personal data to advice and notice you on our existing and new products and services to be launched through digital platforms.
  • We may also invite you to participate in our market research and surveys and other similar activities at your wish.
  • However, at no cost, you can withdraw your consent to receive aforesaid information and activities by contacting our marketing representatives at our call center: +94 112 200 200. We assure you that we will take steps not to include you in our future direct marketing promotions and programs, if you withdraw your consent to receives them.

To operate our business in terms of legal Obligations or Legitimate Interest including,

  • Engaging in performing administrative tasks, risk engagement activities, audits and ensuring operation and security of our communications and processing systems
  • Developing, testing and analysing our systems and services
  • Monitoring and recording our communications with you.

To keep you and our employees safe including,

  • Conducting identity verification security checks for building access
  • Using CCTV surveillance recordings at our premises for the purposes of preventing and detecting fraud and/or other crimes
  • Investigating and reporting on incidents or emergencies on our properties and premises for the security of our systems and networks in order to keep your data safe and confidential
  • For other health and safety compliance purposes.

To detect, investigate and prevent financial crimes including,

  • Meeting or complying with LB Finance PLC policies, including identifying individuals and performing investigative procedures, measures or arrangements for sharing data and information within our company
  • For compliance with sanction or prevention or detection of money laundering, terrorist financing or other unlawful activities
  • Monitoring and recording voice and electronic communications and screening applications and transactions in connection with actual or suspected fraud, financial crime or other criminal activities

To comply with applicable laws, regulations and other requirements including,

  • Meeting or complying with our company policies, including identifying individuals and performing investigative procedures, measures or arrangements for sharing data and information within the company.
  • Complying with relevant local and foreign law, regulations, court or tribunal, enforcement agency or exchange body in any relevant jurisdiction.
  • Following any voluntary guidelines or recommendations as may be updated from time to time issued by legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers where we operate.

To exercise Company’s legal rights and conduct legal proceedings. This includes:

  • Tracing and exercising our rights and protecting ourselves against harm to our rights and interests
  • Retaining records as may be necessary as evidence for any potential litigation or investigation
  • Recovering debts and arrears
  • Conducting litigation to enforce our rights and obtaining professional advice
  • Investigating or making an insurance claim and responding to any insurance related matter, action or proceeding.

To Perform Automated Processing and Decision-Making,

We may use your personal data for automated processing and decision-making, including profiling and behavioural analysis, to enhance the efficiency of our operations. At LB Finance PLC (including its Service Providers), we ensure that these systems are fair, transparent, and objective, using advanced technologies like artificial intelligence (AI) and machine learning to make faster, more accurate decisions. Automated processing and decision-making may include:

  • Customer and Merchant Onboarding: Using electronic Know-Your-Customer (eKYC) and video-based KYC (VKYC) for verification via the LB CIM app and LB Merchant app, including biometric facial recognition and liveliness checks to verify the authenticity of scanned identification documents and photos.
  • Loan Applications: Using credit scoring models and machine learning to assess loan eligibility and creditworthiness.
  • Employee Screening: Using automated systems to screen potential employees during recruitment, ensuring compliance with regulatory and KYC requirements.
  • Recruitment: Using an Applicant Tracking System (ATS) for efficient recruitment processes and to streamline hiring decisions.
  • Customer Engagement: Analyzing customer interactions to tailor product recommendations and marketing communications based on preferences.
  • Call Center Operations: Using voicebots for identity verification during customer service interactions.

4. Sharing of your personal data

We may share your personal data for the purposes of processing, storing, sharing, transferring or disclosing your personal as set out in this privacy notice, within our Company, with our service providers, our business partners, other third parties locally and or internationally and as required by law or requested by any authority to realize following purposes,

  • On your written request to share your personal data with another person and or organisation nominated by you.
  • Banks, credit bureaus, credit reference agencies and other organisations who act on prevention of fraud, money laundering, terrorism and other financial crimes.
  • Professional advisers, such as auditors and legal counsel.
  • Insurers or insurance brokers.
  • Service providers, such as operational, administrative, data processing and other technology service providers, including anyone engaged or partnered with to analyze and facilitate improvements or enhancements in Company’s operations or provision of products and services.
  • We may have to transfer information overseas in order to comply with legal obligations and to protect the public interest or for our legitimate interest. However, we will ensure that the information is transferred overseas in a lawful manner and has an appropriate level of protection. We may need to transfer your personal information overseas if any of our information system infrastructure is located outside Sri Lanka.
  • Providers of professional services, such as market researchers, forensic investigators and management consultants.
  • Advertising companies and social media platform providers.
  • as required by law or as requested by any authority, which includes any government, regulator, administrative, regulatory or supervisory body, court, tribunal, enforcement agency, exchange body or domestic or foreign tax authorities and whether or not that the Company has a relationship with you.
  • Third parties in case of a merger, acquisition or divestment:
  • Any other person and or organisation who has undertaken to keep such information confidential.

5. Protecting your personal data

The Company has implemented a Personal Data Protection Policy, along with Information security policies, company rules, and technical measures such as encryption, firewalls, passwords, and other security tools to safeguard your personal data and comply with legal and regulatory requirements. We require our service providers and any third parties with whom we share your personal data to adhere to similar confidentiality, privacy, and security standards when handling, accessing, or processing it. Additionally, we regularly audit and review our data protection and privacy policies and practices. However, you also play a key role in protecting your information by keeping your credentials, devices, and accounts secure and notifying us immediately of any unauthorized access or use of your information.

6. Retention of your personal data

For the purposes described in this privacy notice, we keep your personal data for business, operational or legal reasons while you engage with us and may retain your personal data for a period of time afterwards, depending on the type of personal data, in accordance with our Record Management policy standards and as required by applicable laws and regulations. We will delete, dispose/ archive and/or stop using your personal data when we no longer need it.

7. Your rights regarding your personal data

You have the following rights in respect of your personal data which were provided to us:

  • To access your data.
  • To rectify or complete your data if your personal details have changed or if you believe we have incorrect or out-of-date information about you.
  • To request the erasure of your data. However, we may retain certain personal details to provide our products and services to you and to comply with legal and regulatory requirements.
  • To restrict, object to, or withdraw consent for the processing of your data. However, we may need certain personal details to effectively engage with you and provide our products and services.
  • Not to provide consent or to change or withdraw consent already given. However, we may not be able to provide our products and services or engage with you without certain personal data if you withdraw your consent.
  • To withdraw from direct marketing.
  • To request a review of decisions made through automated processing that may create an adverse impact on your rights and freedoms.
  • Any additional rights to which you are entitled under the Personal Data Protection Act No. 9 of 2022 and its amendments, including the right to appeal to the data protection authority.

However, we reserve the right to refuse to act on a request made by you if we cannot be satisfied with your credentials, request is baseless or unlawful, affect the national security and public order, affects any inquire conducted or investigation procedure carried out under any written law, safety of an individual or to public health, rights and freedoms of other persons under any written law, involve disclosure of a commercially sensitive decision-making process and or other instances described in the Personal Data Protection Act of Sri Lanka.

8. Contact Information for inquiries

LB Finance PLC acts as the controller of your personal data.

LB Finance PLC
No. 275/75,
Prof. Stanly Wijesundara Mawatha,
Colombo 7.

Telephone: +94 112 200 200
Email: [email protected]

For any questions about this privacy notice, to exercise your personal data protection rights, or if you have concerns or complaints about how we use your personal data, please contact our Data Protection Officer at [email protected] or +94 112 200 200, during week days and office hours (8.30am – 5.00 pm).

This notice is as of 01.01.2025, and we reserve the right to update the same time to time when required.

Linked Websites Disclaimer

Please note that our Privacy Notice is specifically designed for our platform and services. It does not cover third-party websites where you may see our advertisements, nor does it apply to external websites that we do not operate or control.

When you click on links to external websites, be aware that their privacy notices and practices differ from ours. We encourage you to review the privacy statements of any third-party sites you visit.