Privacy Policy

Mobile Banking Application Privacy Policy

Commercial Bank of Ceylon PLC (“The Bank” or “We”) respects your privacy and is committed to protecting the personal data that you share with us. This Privacy Policy is intended to explain the policies and practices regarding the use and disclosure of your personal data by the Bank.

We collect personal data about you when you use our products or services, or deal with us in some way. Personal data comprises all the details the Bank collects and/ or holds about you, directly or indirectly, your transactions, financial information, geographical location, device information, interactions and dealings with the Bank, including information received from third parties and information collected through use of our website and any other electronic banking channels of the Bank as well as through traditional banking methods.

By using our products and services, you consent to the collection and use of your personal data by the Bank.

Why we collect your data

We collect your personal data to carry out and administer our services to you and in an effort to improve your customer experience. Without such data the Bank may be unable to establish or continue banking facilities or provide banking services.

We may collect, use and exchange your personal data for purposes which include the following;

  • Identity verification, sanction screening and due diligence checks.
  • Processing of requests for banking products and services.
  • Establishment, continuation and management of banking relationships and accounts.
  • Operational and marketing purposes.
  • Prevention, detection, investigation and prosecution of crimes, frauds and other illegal activities
  • Improve our service to you and your experience with us.
  • Conduct research and surveys with the aim of improving our products and services.
  • Comply with Laws, and assist Government or Law Enforcement Agencies.

Disclosure of your personal data

Data held by the Bank relating to you will be kept confidential. However, the Bank may provide such data to the following parties for the purposes as mentioned above. These parties will include;

  • Any agent, contractor or third party service provider who provides administrative, telecommunications, computer, payment or securities clearing or other services to the Bank in connection with the operation of its business.
  • Any person under a duty of confidentiality to the Bank that has undertaken to keep such information confidential.
  • Any Regulatory Authority, Law Enforcement Authority or Judicial Courts.

Data Security

We will take all reasonable precautions at all times to protect your personal data which we hold from misuse, loss and unauthorised access, modification or disclosure. The Bank has in place standard technical and procedural security measures to provide a robust security environment, where the adequacy of these measures is reviewed regularly.

App Permission

  • Location Access
    • Flash requires location access while using the application when logging in and payment screens. This is for user verification purposes. 
  • Camera Access
    • Required when creating your Flash profile
    • Enables QR payments through Lanka QR, QR Pay. 
  • SMS Access
    • Access to read SMS is required on OTP screens to verify transactions. Without this permissions, the OTP can be entered manually by the user. 
  • Storage Access
    • Allows the user to save transaction receipts directly to the users storage. 
  • Phone Calling
    • Allows the user to dial Help Center numbers directly from the application.
  • Fingerprint Access
    • Login to your Flash Digital Banking account via your fingerprint. 
  • Contact List Access
    • Flash Digital Banking requires access to your contact list in order to enable you to send and request money from phonebook contacts. Your contact list is also synchronised on our servers in order to help you identify other Flash users in your phonebook.

Changes to the Privacy Policy

The Bank reviews and updates this Privacy Policy from time to time as needed.

Third Party Content and Links to Third Party Content

Certain content provided through our electronic banking services may be hosted and served by third parties. In addition, these electronic banking services may link to third party web sites, apps or other content over which we have no control and which are governed by the privacy policies and business practices of those third parties. The Bank is not responsible for the privacy practices or business practices of such third parties.

Contact Us

If you have any questions or would like further information about our privacy policy and information handling practices, please contact us at