Privacy Policy
1.Statements of Practices and Policies
1.1. The Bank recognizes that one of its fundamental responsibilities is to ensure that the Bank protects personal information entrusted to the Bank by its customers. This is critical for the maintenance of the Bank’s reputation and for complying with its legal and regulatory obligations to protect the Banks’s customer information. The Bank also follows a transparent policy to handle personal information of its customers.
1.2. In this Policy, personal information means any information that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available with the Bank, is capable of identifying such person.
1.3. The Policy is in compliance with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (the “IT Rules”) contained in the Information Technology Act 2000.
2.Applicability
2.1. This Policy is applicable to personal information collected by the Bank directly from the customer or through the Bank’s online portals, electronic communications as also any information collected by the Bank’s server from the customer’s browser.
3.Accuracy
3.1. The Bank shall have processes in place to ensure that the personal information residing with it is complete, accurate and current. If at any point of time, there is a reason to believe that personal information residing with the Bank is incorrect, the customer may inform the Bank in this regard. The Bank shall correct the erroneous information as quickly as possible.
4.Purpose of collection and Usage of Personal Information
4.1. The Bank shall use the information collected to manage its business and offer an enhanced, personalized online experience on its website. Further, it shall enable the Bank to:
4.2. Process applications, requests and transactions
4.3. Maintain internal records as per regulatory guidelines
4.4. Provide services to customers, including responding to customer requests
4.5. Comply with all applicable laws and regulations
4.6. Recognize the customer when he conducts online banking
4.7. Understand the needs and provide relevant product and service offers
4.8. If a customer does not wish to provide consent for usage of its sensitive personal data or information or later withdraws the consent, the Bank shall have the right not to provide services or to withdraw the services for which the information was sought from the customer.
5.Disclosure/Sharing of Information
5.1. The Bank shall not disclose personal information of its customers without their prior consent unless such disclosure has been agreed to in a contract between the body corporate and customer, or where the disclosure is necessary for compliance of a legal obligation. In-case Bank discloses the personal information to Third Parties, such Third Parties shall be bound contractually to ensure that they protect customer personal information in accordance with applicable laws.
5.2. The above obligations relating to sharing of personal data or information shall not apply to information shared with government mandated under the law to obtain such information or by an order under law for the time being in force. Further, if any personal data or information is freely available or accessible in the public domain, the Bank shall not have any obligations regarding the same.
5.3. No specific information about customer accounts or other personally identifiable data shall be shared with nonaffiliated third parties unless any of the following conditions is met:
5.3.1. To help complete a transaction initiated by the customer
5.3.2. To perform support services through an outsourced entity provided it conforms to the Privacy Policy of the Bank
5.3.3. The customer / applicant has specifically authorized it
5.3.4. Conform to legal requirements or comply with legal process
5.3.5. The information is shared with Government agencies mandated under law
5.3.6. The information is shared with any third party by an order under the law
5.3.7. Protect and defend Banks' rights, interests or property
5.3.8. Enforce the terms and conditions of the products or services
5.3.9. Act to protect the interests of Bank, or its members, constituents or of other person
6.Security Practices
6.1. The security of personal information is a priority and shall be ensured by maintaining physical, electronic, and procedural safeguards that meet applicable laws to protect customer information against loss, misuse, damage and unauthorized access, modifications or disclosures. Employees shall be trained in the proper handling of personal information. When other companies are used to provide services on behalf of the Bank, it shall ensure that such companies protect the confidentiality of personal information they receive in the same manner the Bank protects. The Bank shall continuously review and enhance its security policies and security measures to consistently maintain a high level of security.
7.Amendments
7.1. The Bank shall reserve the right to change or update this Policy or practice, at any time with reasonable notice to customers on Bank’s website so that customers are always aware of the information which is collected, for what purpose Bank uses it, and under what circumstances, if any, Bank may disclose it.
8.By virtue of this privacy policy, the customer assents to collection, use, transfer, disclosure, retention and other processing of her/his personal information, including sensitive personal information, as described in this Policy.
9.Response to Enquiries and Complaints
9.1. The Bank shall encourage customer enquiries, feedback and complaints which shall help it identify and improve the services provided to the customers.
10.Security and confidentiality of Customer Data
As per Information Systems security policies and procedures implemented in the Bank, Bank has implemented administrative, physical and technical safeguards to protect electronic personal data from loss, misuse and unauthorized access. Customers’ personal data shall be stored on a secured database.
Bank shall not sell personal data to any third party or anybody and shall remain fully compliant with confidentiality of the data as per law.
Bank shall share customers’ personal data to third party if required for business purpose only after implementing adequate controls to ensure maintenance of confidentiality and security of the data by the concerned third party.
Auto Read OTP functionality: -It is recommended that each process of OTP validation shall have auto read facility of OTP in the Mobile application. Whenever the OTP send to the customer, mobile app shall auto populate the OTP in the required field instead of entering by keypad.
SMS forwarding App / Remote access App: It is recommended that; the Mobile Application can have an ability to identify the “SMS forwarding Apps” as well as “Remote Access Apps” installed on the User’s handset. Based on the “AppID” of these kind of Apps, Mobile App shall restrict the users to access the login to the application if user have installed the listed apps.
SMS Delivery status facility: SMS vendor should have Call back facility available to verify the status of SMS send from our end, also SMS vendor have “SMS Delivery receipt check” to know the delivery status of the SMS forwarded from our end.
Mobile banking Application shall have ability to read/detect Installed Application on user’s device and upload it on bank’s secure server for keeping safe track of existing applications. App shall prohibit/restrict Mobile Banking Application usage incase of any listed application with likes of remote access applications and sms forwarder applications is detected.
By agreeing to terms within Mobile banking application and written consent form undertaken from user during opting mobile banking feature it will be considered user have provided affirmative consent for all above mention disclosures.
11.Data Usage
Bank shall use customers’ personal data only for the purpose for which it is collected. Bank is committed to ensuring that personal data is kept strictly confidential. However, personal data may be disclosed to regulatory authorities for the purposes of obtaining regulatory approval in accordance with applicable legal requirements, or otherwise to comply with applicable legal requirements.
---------------------------------------------------------------------------------------------------------------------