The Bank recognizes that one of its fundamental responsibilities is to ensure that the Bank protects personal information entrusted to the Bank by its customers. This is critical for the maintenance of the Bank’s reputation and for complying with its legal and regulatory obligations to protect the Bank’s customer information. The Bank also follows a transparent policy to handle personal information of its customers.

In this Policy, personal information means any information that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available with the Bank, is capable of identifying such person (e.g., telephone number, name, address, transaction history etc.).

The Policy is in compliance with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (the “IT Rules”) contained in the Information Technology Act 2000.

Applicability

The Bank collects three types of information: personal, sensitive personal data and non-personal

Personal information means any information that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available with the Bank, is capable of identifying such person (e.g., telephone number, name, address, transaction history etc.).

Sensitive personal data or information of a person means such personal information which consists of information relating to passwords, financial information such as Bank account or credit card or debit card or other payment instrument details, sexual orientation, physical physiological and mental health condition, medical records and history, biometric information, details of nominees and national identifiers including but not limited to: Aadhaar card, passport number, income, PAN, etc. For customers enrolled in services provided by the Bank, such as online bill payment, personal information about the transaction is collected.

Any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purpose of these rules.

The information customers provide online is held by the Bank business that maintains the account or is processing the application for a new product or service.

Non personal information includes the IP address of the device used to connect to the Bank’s website along with other information such as browser details, operating system used, the name of the website that redirected the visitor to the Bank’s website, etc. Also, when you browse our site or receive one of our emails, the Bank and our affiliated companies, use cookies and/or pixel tags to collect information and store your online preferences.

This Policy is applicable to personal information (including sensitive personal information) collected by the Bank directly from the customer or through the Bank’s online portals, electronic communications as also any information collected by the Bank’s server from the customer’s browser.

Accuracy

The Bank shall have processes in place to ensure that the personal information residing with it is complete, accurate and current. If at any point of time, there is a reason to believe that personal information residing with the Bank is incorrect, the customer should inform the Bank in this regard. The Bank shall correct the erroneous information as quickly as possible.

Purpose of collection and Usage of Personal Information

The Bank shall use the information collected to manage its business and offer an enhanced, personalized online experience on its website. Further, it shall enable the Bank to:

Process applications, requests and transactions

Maintain internal records as per regulatory guidelines

Provide services to customers, including responding to customer requests

Comply with all applicable laws and regulations

Recognize the customer when he conducts online banking

Understand the needs and provide relevant product and service offers

If a customer does not wish to provide consent for usage of its sensitive personal data or information or later withdraws the consent, the Bank shall have the right not to provide services or to withdraw the services for which the information was sought from the customer.

Disclosure/ Sharing of Information

The Bank shall not disclose personal information of its customers without their prior consent unless such disclosure has been agreed to in a contract between the body corporate and customer, or where the disclosure is necessary for compliance of a legal obligation. In-case Bank discloses the personal information to Third Parties, such Third Parties shall be bound contractually to ensure that they protect customer personal information in accordance with applicable laws.

The above obligations relating to sharing of personal data or information shall not apply to information shared with government mandated under the law to obtain such information or by an order under law for the time being in force. Further, if any personal data or information is freely available or accessible in the public domain, the Bank shall not have any obligations regarding the same.

No specific information about customer accounts or other personally identifiable data shall be shared with nonaffiliated third parties unless any of the following conditions is met:

To help complete a transaction initiated by the customer

To perform support services through an outsourced entity provided it conforms to the Privacy Policy of the Bank

The customer/ applicant has specifically authorized it

To conform to legal requirements or comply with legal process

The information is shared with Government agencies mandated under law

The information is shared with any third party by an order under the law

Enforce the terms and conditions of the products or services

Act to protect the rights, interests or property of the Bank, or its members, constituents or of other person

Security Practices

The security of personal information is a priority and shall be ensured by maintaining physical, electronic, and procedural safeguards that meet applicable laws to protect customer information against loss, misuse, damage and unauthorized access, modifications or disclosures. Employees shall be trained in the proper handling of personal information. When other companies are used to provide services on behalf of the Bank, it shall ensure that such companies protect the confidentiality of personal information they receive in the same manner the Bank protects. The Bank shall continuously review and enhance its security policies and security measures to consistently maintain a high level of security.

Amendments

The Bank shall reserve the right to change or update this Policy or practice, at any time with reasonable notice to customers on Bank’s website so that customers are always aware of the information which is collected, for what purpose Bank uses it, and under what circumstances, if any, Bank may disclose it.

By virtue of this privacy policy, the customer assents to collection, use, transfer, disclosure, retention and other processing of her/his personal information, including sensitive personal information, as described in this Policy.

Response to Enquiries and Complaints

The Bank shall encourage customer enquiries, feedback and complaints which shall help it identify and improve the services provided to the customers.