Privacy Policy
Customer Privacy Policy
The Institution recognizes that one of its fundamental responsibilities is to ensure that the Institution protects personal information entrusted to the Institution by its customers. This is critical for the maintenance of the Institution’s reputation and for complying with its legal and regulatory obligations to protect the Institution’s customer information. The Institution also follows a transparent policy to handle personal information of its customers.
In this Policy, personal information means any information that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available with the Institution, is capable of identifying such person (e.g., telephone number, name, address, transaction history etc.).
The Policy is in compliance with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (the “IT Rules”) contained in the Information Technology Act 2000.
Applicability
The Institution collects three types of information: personal, sensitive personal data and non-personal
Personal information means any information that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available with the Institution, is capable of identifying such person (e.g., telephone number, name, address, transaction history etc.).
Sensitive personal data or information of a person means such personal information which consists of information relating to passwords, financial information such as Institution account or credit card or debit card or other payment instrument details, sexual orientation, physical physiological and mental health condition, medical records and history, biometric information, details of nominees and national identifiers including but not limited to: Aadhaar card, passport number, income, PAN, etc. For customers enrolled in services provided by the Institution, such as online bill payment, personal information about the transaction is collected.
Any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purpose of these rules.
The information customers provide online is held by the Institution business that maintains the account or is processing the application for a new product or service.
Non personal information includes the IP address of the device used to connect to the Institution’s website along with other information such as browser details, operating system used, the name of the website that redirected the visitor to the Institution’s website, etc. Also, when you browse our site or receive one of our emails, the Institution and our affiliated companies, use cookies and/or pixel tags to collect information and store your online preferences.
This Policy is applicable to personal information (including sensitive personal information) collected by the Institution directly from the customer or through the Institution’s online portals, electronic communications as also any information collected by the Institution’s server from the customer’s browser.
Accuracy
The Institution shall have processes in place to ensure that the personal information residing with it is complete, accurate and current. If at any point of time, there is a reason to believe that personal information residing with the Institution is incorrect, the customer should inform the Institution in this regard. The Institution shall correct the erroneous information as quickly as possible.
Purpose of collection and Usage of Personal Information
The Institution shall use the information collected to manage its business and offer an enhanced, personalized online experience on its website. Further, it shall enable the Institution to:
- Process applications, requests and transactions
- Maintain internal records as per regulatory guidelines
- Provide services to customers, including responding to customer requests
- Comply with all applicable laws and regulations
- Recognize the customer when he conducts online banking
- Understand the needs and provide relevant product and service offers
If a customer does not wish to provide consent for usage of its sensitive personal data or information or later withdraws the consent, the Institution shall have the right not to provide services or to withdraw the services for which the information was sought from the customer.
Disclosure/ Sharing of Information
The Institution shall not disclose personal information of its customers without their prior consent unless such disclosure has been agreed to in a contract between the body corporate and customer, or where the disclosure is necessary for compliance of a legal obligation. Incase Institution discloses the personal information to Third Parties, such Third Parties shall be bound contractually to ensure that they protect customer personal information in accordance with applicable laws.
The above obligations relating to sharing of personal data or information shall not apply to information shared with government mandated under the law to obtain such information or by an order under law for the time being in force. Further, if any personal data or information is freely available or accessible in the public domain, the Institution shall not have any obligations regarding the same.
No specific information about customer accounts or other personally identifiable data shall be shared with non affiliated third parties unless any of the following conditions is met:
- To help complete a transaction initiated by the customer
- To perform support services through an outsourced entity provided it conforms to the Privacy Policy of the Institution
- The customer/ applicant has specifically authorized it
- To conform to legal requirements or comply with legal process
- The information is shared with Government agencies mandated under law
- The information is shared with any third party by an order under the law
- Enforce the terms and conditions of the products or services
- Act to protect the rights, interests or property of the Institution, or its members, constituents or of other person
Security Practices
The security of personal information is a priority and shall be ensured by maintaining physical, electronic, and procedural safeguards that meet applicable laws to protect customer information against loss, misuse, damage and unauthorized access, modifications or disclosures. Employees shall be trained in the proper handling of personal information. When other companies are used to provide services on behalf of the Institution, it shall ensure that such companies protect the confidentiality of personal information they receive in the same manner the Institution protects. The Institution shall continuously review and enhance its security policies and security measures to consistently maintain a high level of security.
Amendments
The Institution shall reserve the right to change or update this Policy or practice, at any time with reasonable notice to customers on Institution’s website so that customers are always aware of the information which is collected, for what purpose Institution uses it, and under what circumstances, if any, Institution may disclose it.
By virtue of this privacy policy, the customer assents to collection, use, transfer, disclosure, retention and other processing of her/his personal information, including sensitive personal information, as described in this Policy.
Response to Enquiries and Complaints
The Institution shall encourage customer enquiries, feedback and complaints which shall help It identify and improve the services provided to the customers.