• The type of information collected from Employees,Vendors,Suppliers, Customers or Consultants
• The purpose, means and modes of usage of such information
• How and to whom the BANK may disclose such information
• How will the information be retained by the BANK
The Policy is applicable and binding on all Employees, Officers, Directors, Vendors , Suppliers, Customers or Consultants of the BANK. Any Employee, Vendor, Supplier, Customer or Consultant of the BANK is hereinafer referred to as "You"
This Policy is applicable to personal information and sensitive personal data or information collected by the Bank or it's affiliates directly from You or through the Bank's online portals, mobile apps and electronic communications as also any information collected by the Bank's server from the Customer's browser.
- the fact that the information is being collected;
- the purpose for which the information is being collected;
- the intended recipients of the information;
- the name and address of the entity that is collecting the information and the entity that will retain the information ; and
- the various rights available to such Users in respect of such information.
- DEFINITIONS OF PERSONAL INFORMATION AND SENSITIVE PERSONAL INFORMATION AS DEFINED IN IT ACT 2000 AND RULES
Personal Information is defined to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
Sensitive Personal Data or Information of a person means such personal information which consists of information relating to-
- financial information such as bank account or credit card or debit card or other payment instrument details
- physical, physiological and mental health condition
- sexual orientation
- medical records and history
- biometric information
- any detail relating to the above clauses as provided to body corporate for providing service
- any of the information received under the above clauses by body corporate for processing, stored or processed under lawful contract or otherwise;
- Collection of Personal Information
The BANK collects all or any of the following Personal information from you directly or indirectly such as :
- • Name
- • Age
- • Sex
- • postal address
- • phone number(s)
- • email address
- • educational qualifications
- • Pan Number
- • Adhaar Card details
- • details of any known diability ( for employees )
- • emergency contact details ( for employees )
- • Work history and employment record ( for employees )
- • Information caotured in security systems or CCTVs
- • Email , correspondence or any ther communication created, stored or transmitted using the BANK's Computer and communication equiment.
- • Any other information necessary in view of the fucntion to be carried out by You
The BANK may also collect or gather information about you indirectly in the background including but not limited to CTV footage, Electronic Devices and IT Asset monitoring , cookies or other technical methods .
- Collection of Sensitive Personal Information
THE BANK collects the following Sensitive personal information
Type of Infrormation
Financial Information such as bank details, Health Information, Biometrics
- USE OF INFORMATION BY THE BANK ( PURPOSE)
Use of Personal Information
The BANK uses personal information concerning You in order to:
- • Manage your relationship with the Bank
- • to provide safety and security measures
- • to comply with applicable laws
- • for statutory compliances
Use of sensitive personal information
- •For employees
- 1. For purpose of payroll processing and other employee related compliances
- 2. maintain sickness records and occupational health programmes
- 3. statutory compliances
- • For Vendors/ Suppliers / Consultants
- 1. For payment processing
- 2. statutory compliances
3. DISCLOSURE OF PERSONAL AND SENSITIVE INFORMATION
- • For Customers
- 1. For providing banking services
- 2. statutory compliances
The personal information collected by the Bank shall not be disclosed to any other organization except where :
- the disclosure has been agreed in a written contract or otherwise between the Bank and You
- where the Bank is required to disclose the personal information to a third party on a need-to-know basis, provided that in such case the Bank shall inform such third party of the confidential nature of the personal information and shall keep the same standards of information/ data security as that of the Bank.
- The BANK also outsources the processing of certain functions and/or information to third parties and may disclose your personal information to such third parties to carry out the agreed functions.
- The BANK ensures that the third parties shall also provide the same level of protection as offered by The BANK to protect your personal information with appropriate security measures and prohibit them from using your personal information for their own purposes or from disclosing your personal information to others.
- The BANK reserves the right to disclose any personal information in the BANK's custody if the BANK is compelled to do so by a court of law or requested to do so by a governmental entity or if the BANK determines it is necessary or desirable to comply with the law or to protect or defend the BANK's rights or property. THE BANK also reserves the right to retain information collected and to process such information to comply with accounting and tax rules and regulations.
4. NOTIFICATION AND CONSENT
IT Act 2000 does not require to obtain your consent for the collection, use or disclosure of personal information for the purpose of establishing, managing , terminating your relationship with the bank or for tendering banking services to you. By expressly entering into a contractual relationship with the Bank, the Bank assumes, unless you advise the BANK otherwise, that you have consented to the BANK collecting, using and disclosing your personal information for the purposes stated above (including any other purposes stated or reasonably implied at the time such personal information was provided to the BANK).
IT Act 2000 requires your express consent for collection, use or disclosure of your sensitive personal information. By accepting this policy electronically you have given your express consent to the terms and conditions embodied herein. You may, at any time, subject to legal or contractual restrictions and reasonable notice, withdraw your consent.
All communications with respect to such withdrawal or variation of consent should be in writing and addressed to the Privacy Officer at firstname.lastname@example.org
In case You do not provide consent or withdraw your consent at a later stage , the BANK shall have the option of not providing you the services for which the said information was sought including termination of contract between You and the BANK
On termination of your relationship with the bank or withdrawal of consent, all personal and sensitive information will be retained for the period so required as per the retention policy of the BANK or as per law.
- CHANGES TO THE POLICY
This Policy may change from time to time. To assist you, this Policy is dated and has an associated version number.
- REQUEST FOR ACCESS TO PERSONAL INFORMATION / QUESTIONS OR COMPLAINTS
If you have any questions about this Policy, or any concerns or complaints with regard to the administration of the Policy, or if you want to know more about the personal or sensitive information that the BANK maintains about you, you may write to or submit a request in writing for access to email@example.com
The information submitted by the You shall be held as per the data retention policies of the BANK or as required by law.
- REVIEW OR AMEND
You may review and amend your personal information or senstive personal information provided by you and ensure that any personal information or sensitive personla information found to be inaccurate or deficient shall be amended or corrceted by You. The BANK shall not be responsible in any manner for the authenticity of the personal information or sensitive personal information or information supplied by You.
- REASONABLE SECURITY PRACTICES
The security of personal and sensitive information is a priority and is protected by maintaining physical, electronic, and procedural safeguards that meet applicable laws. The Bank shall take reasonable steps and measures to protect the security your personal and sensitive information from misuse and loss, un-authorized access, modification or disclosure. The Bank maintains its security systems to ensure that your personal and sensitive information is appropriately protected and follows the extant standard encryption norms followed for the transmission of information. The Bank ensures that its employees and affiliates respect the confidentiality of any personal and sensitive information held by the Bank.
The BANK maintains 'reasonable security practices and procedures' to protect the Sensitive Personal Information provided by you.
THE BANK is not liable for any loss of any personal or sensitive personal information provided by you , due to reasons or causes or conditions beyond its control including but not limited to corruption of data, strike, riots, civil unrest, Govt. policies, tampering of data by unauthorized persons like hackers, war and natural calamities.
23 Dec 2021