If you receive any calls (except from BoB Contact Center when you have lodged a concern with them +975 2 349903), SMS and Email asking for personal details such as Account number or ATM Card number, please do not share. Bank of Bhutan will never ask for personal details of clients. It’s all spam.

Notification on ATM Withdrawal Charge

All customers are requested to note that cash withdrawals from other bank’s ATM machines are chargeable @Nu 9/- per withdrawal transaction from the sixth transaction onwards, and is recovered at each month end. This is a common charge across banks and as mandated by the Central Bank.


Bank of Bhutan (BoB) is committed to ensure the privacy of customer data and information; and to use personal information in a very judicious manner. The Bank is guided by the regulations and best practices in the area of data protection & privacy. If a customer provides certain information with which the customer can be identified personally, the information would be used only for the purpose for which it was submitted and in accordance with the Bank’s Data Protection & Privacy Policy approved by the management.


The use of the term “The Bank” refers to Bank of Bhutan (BoB).

Website means website of the Bank with URL: and other sites that can be directly reached by the URL owned by the Bank.

Application means any Digital Applications of the Bank.

User refers to persons who access the Bank’s Website and/or Digital Applications.

Customer refers to person doing any transactions with the Bank directly or indirectly.

Sensitive Porsonal Information includes but not limited to, financial information including banking related information, financial and credit information, personal details such as Citizenship details, email, address, mobile no., payment card information, photographs, etc. However, any information that is freely available or accessible in public domain or any other laws in force shall not be regarded as sensitive personal data or information for the purposes of Data Privacy.

Privacy Policy refers to the Data Privacy Policy of the Bank, approved by its management.

Third Party refers to an entity that is not the Bank or its direct customer.


The Policy covers all users who interact with the Bank/ Website/ Digital Applications and whose personal information is collected/ received/ transmitted/ processed/ stored/ dealt with and/or handled by the Bank. This Policy covers the “sensitive personal data or information” of customers, which are handled by the Bank in any form or mode.


The Bank collects and uses the financial and personal information from its customers as is required under various regulations and guidelines. Such information is collected and used for specific business purposes or for other related purposes or for a lawful purpose, to comply with the applicable laws and regulations.


By making available their personal information to the Bank, the customers are deemed to have provided their consent to the Bank to use all such information:

  1. For extending the products or services requested for/ applied for or shown interest in;
  2. To enable the Bank for verification and check;
  3. To process applications, requests, transactions and/ or to maintain records as per internal or legal or regulatory requirements; and/or
  4. For any other lawful purposes.


The Bank may use Personal Identifiable Information (PII) for the following purposes and/or for any other lawful purposes.

  1. To allow customers to apply for products or services and to evaluate customer eligibility for such products or services;
  2. To verify customer identity and/or location in order to allow access to accounts, conduct online transactions and to maintain measures aimed at preventing fraud and protecting the security of account and Personal Information;
  3. For risk control, for fraud detection and prevention, to comply with laws and regulations and to comply with other legal processes and law enforcement requirements;
  4. To inform customer about important information regarding the products or services for which customer applies or may be interested in applying for, or in which customer is already enrolled, or to convey changes to terms, conditions, and policies and/or other administrative information;
  5. For business purposes, including data analysis, audits, developing and improving products and services, enhancing the website, identifying usage trends and determining the effectiveness of promotional campaigns;
  6. To allow customers to utilize various features and options provided in our website;
  7. To respond to customer inquiries and fulfil customer requests;
  8. To enhance, improve and fine tune the Application and other online services;


The Bank’s customers have access to a broad range of products and services such as basic Banking products, ATM, Internet Banking, Mobile Banking (mBoB), etc. To deliver products and services effectively and conveniently, it is extremely important that the Bank uses technology to manage and maintain certain customer information while ensuring that customer information is kept confidential and safe.

The Bank is committed to ensure that the information is secure. The collected information data from customer/user will be stored securely. In order to prevent unauthorized access or disclosure, the Bank has put in place physical, managerial and electronic procedures to safeguard and secure the data and information that the Bank collects. The Bank will give access to Customer Information to only authorized employees. Employees who violate this Privacy Policy shall be considered a serious offence and subject to disciplinary process of the Bank. Any employee who withdraws from the employment of the Bank will have to undertake to abide by this Privacy Policy and keep all Customer Information secure and confidential.


  1. BoB does not provide any personal identifiable information to a third party. However, if permitted or required by law or subpoenaed or ordered by a court of law or to enforce the Terms and Conditions of the Products or services or to safeguard/ defend our rights, interests and properties or that of our affiliates , the Bank will have to disclose to the proper authorities the personal information of any individual user.
  2. The Bank may be required to disclose the information obtained with customer’s consent to third parties for availing support services. For this, they will be required to agree to use the information obtained from the Bank only for specifically stated purposes and will be disposing the information in a secured manner consistent with the Bank’s policies.
  3. The person/ agent/ agency requesting the Bank to exchange, share, and part with any information related to the details and transaction history of the Covered Person will be required to indemnify the Bank for use or disclosure of the information. Non-Disclosure Agreements will be executed by the Bank, depending upon the nature of sharing of the information.


  1. The Bank will retain the information for so long as it is needed by the business. Since most of the information is in continuous use, it is retained on an indefinite basis or for such period as to satisfy legal, regulatory or accounting requirements.
  2. When the Bank finds that information collected or stored or transferred is no more in use and if there is no legal obligation to retain such information, the Bank will determine appropriate means to dispose or to de-identify personally identifiable information in a secure manner in keeping with its legal obligations.


The Bank may, from time to time, change this Policy. The effective date of this Policy, as stated below, indicates the last time this Policy was revised or materially changed.

Effective Date: 30 August 2023


For any queries, please contact the Information Security section at [email protected]