Privacy Policy

Collection of Personal Data

• Personal information shall only be collected after providing notification to individuals whose data is being collected. The notice shall describe
  • The type of personal information collected and the purpose for which it is collected
  • The exceptional scenarios when personal information will be disclosed (e.g. for law enforcement, public safety etc.)

• Consent shall be taken from individuals before collecting their personal information. The consent information obtained from individuals shall be stored and preserved for future reference.

• Bank shall ensure that personal information shall be used only for the purpose for which it was collected.

• Only the data elements required for business purposes shall be collected using fair and lawful means, with the knowledge of the individual.

• When personal information is to be used for a purpose not previously specified, Bank shall

  • Notify the individual and document the new purpose.

  • Obtain and document consent from the individual

• All kinds of data such as personally identifiable information shared by users shall be:

  • Processed fairly, lawfully and securely.

  • Processed in relation to the purpose for which it is collected.

  • Maintained up to date and accurate as necessary.

  • Retained for no longer than is necessary for the purpose for which it is collected.

• Agents, contractors or companies to perform services with Bank must sign the non-disclosure agreement form (NDA)

Disclosure of Personal Information

The personal information collected by the Bank shall not be disclosed to any other organization except:

• Where the disclosure has been agreed in a written contract or otherwise between the Bank and the customer.
• where the Bank is required to disclose the personal information to a third party on a need-to-know basis, provided that in such case the Bank shall inform such third party of the confidential nature of the personal information and shall keep the same standards of information/ data security as that of the Bank.

Use, Retention and Disposal of Personal Data

• Information systems handling Personal Information such as account numbers, credit card/debit card details, etc shall always use latest security protocols to protect the integrity and confidentiality of such information.
• Bank shall ensure that an individual's personal data collected remains accurate and up-to-date and the person has been provided with an opportunity to correct his/her data.
• Bank shall periodically assess the relevance of personal information records and correct them, as necessary, in order to minimize the use of inappropriate data for decision making.
• Personal data shall be retained for no longer than 10 years to fulfill the stated purposes unless a law or regulation specifically requires otherwise.
• Bank shall ensure that personal data and the containing media shall be disposed of in a manner that prevents loss, theft, misuse, or unauthorized access.

General Guidelines

• Depending on their roles and responsibility, Bank shall educate employees and external consultants about privacy guidelines and best practices, and the consequences of non-compliance with the guidelines.
• Legal and regulatory requirements related to data privacy shall be monitored in every location in which Bank operates and the respective business and technology teams shall conform to the requirements of applicable local laws and regulations.

Organization specific data sharing

There shall be a mechanism in place to ensure that files/Agenda items are securely shared for all meetings including Board meetings