Privacy & Customer Privacy Policy For SBM Bank (India) Ltd.

Table of Contents: Privacy Policy

01 Introduction

We, SBM Bank India. ("us", "we", or "our") operate www.sbmbank.co.in (the "Site"). This page informs you of our policies regarding the collection, use and disclosure of personal information we receive from users of the Site. This privacy policy (“Privacy Policy” or “ Policy”) has been made in accordance and is in compliance with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (the “IT Rules”) framed under the Information Technology Act 2000 and Master Circular on Customer Service in Banks issued by Reserve Bank of India.

We use your personal information only for providing the Site and improving services available on the Site. By using the Site, you agree to the collection and use of personal information in accordance with this Privacy Policy.

02 Operational Guidelines to the Policy

While using our Site, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, name, contact number, email ID etc. ("Personal Information").

How do we collect Information: Log Data

Like many site operators, we collect information that your browser sends whenever you visit our Site ("Log Data").

This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics.

In addition, we may use third party services such as Google Analytics that collect, monitor and analyze this.

What do we do with the Information: Communicate

We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of use to you through electronic media or otherwise. You have the option to decline receipt of such communications from us.

How do we secure the Personal Information: Security

While aiming to guarantee a secure, confidential, safe handling of your Personal Information, we use certain physical, managerial, technical or operational safeguards as per industry standards and established best practices to protect the information we collect. We use reasonable security practices and procedures and use secure servers as mandated under applicable laws for protection of your information. We review our information collection, storage and processing practices, including physical security measures to guard against unauthorized access to systems. However, as effective as these measures are, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us over the internet. You accept that the inherent security implications of data transmission over the internet and the world wide web cannot always be guaranteed as completely secure. Therefore, your use of the website will be at your own risk.

Cookies

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive.

Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

03 Policy Amendment Authority

This Privacy Policy is effective as of Mar 31, 2019 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Site after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on the Site .

04 Miscellaneous

The invalidity or unenforceability of any part of this Privacy Policy shall not prejudice or affect the validity or enforceability of the remainder of this Privacy Policy. This Privacy Policy does not apply to any information other than the information collected by us through any means. This Privacy Policy shall be inapplicable to any unsolicited information you provide us through any means. All unsolicited information shall be deemed to be non-confidential and we shall be free to use and/ or disclose such unsolicited information without any limitations. The rights and remedies available under this Policy may be exercised as often as necessary and are cumulative and not exclusive of rights or remedies provided by law. It may be waived only in writing. Delay in exercising or non-exercise of any such right or remedy does not constitute a waiver of that right or remedy, or any other right or remedy.

05 Force Majeure

Notwithstanding anything contained in this Privacy Policy or elsewhere, we shall not be held responsible for any loss, damage or misuse of your Personal Information, if such loss, damage or misuse is attributable to a Force Majeure Event (as defined below) or any act or omission attributable to you or any person claiming on your behalf. A "Force Majeure Event" shall mean any event that is beyond our reasonable control and shall include, without limitation, sabotage, fire, flood, explosion, acts of god, civil commotion, strikes or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, unauthorised access to computer, computer system or computer network, computer crashes, breach of security and encryption (provided beyond our reasonable control), power or electricity failure or unavailability of adequate power or electricity.

06 Your Rights

You shall have all the rights under the Privacy Policy, as are available to you under the applicable law.

Governing Laws and Jurisdiction

This Privacy Policy is governed by the laws of India and the courts in Mumbai shall have exclusive jurisdiction over any disputes in relation to the Privacy Policy.

07 Contact Us

If you have any questions about this Privacy Policy, please email us customercare@sbmbank.co.in

Grievance Redressal

In case of any discrepancy or grievance with respect to all or any Personal Information shared with us, please feel free to contact The Principal Nodal Officer, the Grievance Officer of the Bank, at nodal.officer@sbmbank.co.in.

Table of Contents: Customer Privacy Policy

01 Customer Privacy Policy

Introduction

SBM Bank India Limited (“Bank” or “we” or “us” or “our”) recognizes that one of its fundamental responsibilities is to ensure that it protects personal information entrusted to them by its customers. This is critical for the maintenance of the Bank’s reputation and for complying with its legal and regulatory obligations to protect the Bank’s customer information. The Bank also follows a transparent policy to handle personal information of its customers.

This privacy policy (“Privacy Policy” or “ Policy”) has been made in accordance and is in compliance with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (the “IT Rules”) framed under the Information Technology Act 2000 and Master Circular on Customer Service in Banks issued by Reserve Bank of India.

This Privacy Policy is applicable to personal information (including sensitive personal information) collected by the Bank directly from the customer or through the Bank’s online portals, electronic communications as also any information collected by the Bank’s server from the customer’s browser.

02 Operational Guidelines to the Policy

Classification of Information

Personal Information

01 “Personal Information”
means any information that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available with the Bank, is capable of identifying such person (e.g., telephone number, name, address, transaction history etc.).

“Sensitive personal data or Information” of a person means such Personal Information which consists of information relating to passwords, financial information such as Bank account or credit card or debit card or other payment instrument details, physical physiological and mental health condition, medical records and history, biometric information, details of nominees and national identifiers including but not limited to: Aadhaar card, passport number, income, PAN, etc. For customers enrolled in services provided by the Bank, such as online bill payment, personal information about the transaction is collected.

02. Non personal information
includes the IP address of the device used to connect to the Bank’s website along with other information such as browser details, operating system used, the name of the website that redirected the visitor to the Bank’s website, etc. Also, when customers browse our site or receive one of our emails, the Bank and our affiliated companies, use cookies and/or pixel tags to collect information and store their online preferences.

Any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as Sensitive Personal Data or Information.

The information customers provide online is held by the Bank business that maintains the account or is processing the application for a new product or service.

Purpose of Collection and Usage of Personal Information

The Bank shall use the Personal Information collected to manage its business and offer an enhanced, personalized online experience on its website. Further, it shall enable the Bank to:

1.Process applications, requests and transactions

2.Maintain internal records as per regulatory guidelines

3.Provide services to customers, including responding to customer requests

4.Comply with all applicable laws and regulations

5.Recognize the customer when he conducts online banking

6.Understand the needs and provide relevant product and service offers

7.If a customer does not wish to provide consent for usage of his/her Sensitive Personal Data or Information or later withdraws the consent, the Bank shall not provide services or withdraw the services for which the information was sought from the customer.

Disclosure/ Sharing of Information

The Bank’s obligation to maintain secrecy arises out of the contractual relationship between the Bank and customer, and as such no Sensitive Personal Data or Information would be divulged to third parties except under circumstances which are well defined. The Bank shall not disclose Sensitive Personal Data or Information of its customers without their prior consent unless such disclosure has been agreed to in a contract between the Bank and the customers, or where the disclosure is necessary for compliance of a legal obligation. In case Bank discloses the Sensitive Personal Data or Information to third parties, such third parties shall be bound contractually to ensure that they protect customers’ Sensitive Personal Data or Information in accordance with applicable laws.

The above obligations relating to sharing of Sensitive Personal Data or Information shall not apply to Sensitive Personal Data or Information shared with government mandated under the law to obtain such information or by an order under law for the time being in force. Further, if any Sensitive Personal Data or Information is freely available or accessible in the public domain, the Bank shall not have any obligations regarding the same.

No Personal Information about customer accounts or other personally identifiable data shall be shared with non-affiliated third parties unless any of the following conditions is met:

1.To help complete a transaction initiated by the customer

2.To perform support services through an outsourced entity provided it conforms to the Privacy Policy of the Bank

3.The customer/ applicant has specifically authorized it

4.To conform to legal requirements or comply with legal process

5.Where there is duty to the public to disclose

6.The information is shared with Government agencies mandated under law

7.The information is shared with any third party by an order under the law

8.Enforce the terms and conditions of the products or services Act to protect the rights, interests or property of the Bank, or its members, constituents or of another person

Accuracy

The Bank shall have processes in place to ensure that the Personal Information residing with it is complete, accurate and current. If at any point of time, there is a reason to believe that Personal Information residing with the Bank is incorrect, the customer should inform the Bank in this regard. The Bank shall correct the erroneous information as quickly as possible.

3.Response to Enquiries and Complaints

The Bank may use Personal Information of customers to contact customers with newsletters, marketing or promotional materials and other information that may be of use to customers through letters, emails, mobile messages etc. The customers have the option to decline receipt of such communications from the Bank.

The Bank shall encourage customer enquiries, feedback and complaints which would help it to identify and improve the services provided to its customers. In relation to such enquiries and complaints, customers shall have the rights available to them under the IT Rules and any other applicable law.

In case of any discrepancy or grievance with respect to all or any Personal Information shared with the Bank, please feel free to contact The Principal Nodal Officer of the Bank, at nodal.officer@sbmbank.co.in

4. Security Practices

The security of Personal Information is a priority and shall be ensured by maintaining physical, electronic, and procedural safeguards that meet applicable laws to protect customer information against loss, misuse, damage and unauthorized access, modifications or disclosures. Employees of the Bank shall be trained in the proper handling of Personal Information. When any third party body corporates are used to provide services on behalf of the Bank, it shall ensure that such body corporates protect the confidentiality of Personal Information they receive in the same manner the Bank protects. The Bank shall continuously review and enhance its security policies and security measures to consistently maintain a high level of security. However, as effective as these measures are, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that the information the Customer supplies will not be intercepted while being transmitted to us over the internet. The customers accept the inherent security implications of data transmission over the internet and the world wide web cannot always be guaranteed as complete secure. Therefore, customers’ use of the website will be at their own risk.

5. Policy Amendment Authority

The Bank shall reserve the right to change or update this Policy , at any time with reasonable notice to customers on Bank’s website so that customers are always aware of the information which is collected, for what purpose Bank uses it, and under what circumstances, if any, Bank may disclose it.

By virtue of this Privacy Policy, the customer assents to collection, use, transfer, disclosure, retention and other processing of her/his Personal Information, including Sensitive Personal Data or Information, as described in this Policy.

6. Force Majeure

Notwithstanding anything contained in this Privacy Policy or elsewhere, the Bank shall not be held responsible for any loss, damage or misuse of your Personal Information, if such loss, damage or misuse is attributable to a Force Majeure Event (as defined below) or any act or omission attributable to the customer or any person claiming on his/her behalf. A "Force Majeure Event" shall mean any event that is beyond our reasonable control and shall include, without limitation, sabotage, fire, flood, explosion, acts of god, civil commotion, strikes or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, unauthorised access to computer, computer system or computer network, computer crashes, breach of security and encryption (provided beyond our reasonable control), power or electricity failure or unavailability of adequate power or electricity.

7. Miscellaneous

The invalidity or unenforceability of any part of this Privacy Policy shall not prejudice or affect the validity or enforceability of the remainder of this Privacy Policy. This Privacy Policy does not apply to any information other than the information collected by us through any means. This Privacy Policy shall be inapplicable to any unsolicited information you provide us through any means. All unsolicited information shall be deemed to be non-confidential and we shall be free to use and/ or disclose such unsolicited information without any limitations. The rights and remedies available under this Policy may be exercised as often as necessary and are cumulative and not exclusive of rights or remedies provided by law. It may be waived only in writing. Delay in exercising or non-exercise of any such right or remedy does not constitute a waiver of that right or remedy, or any other right or remedy.

8. Governing Laws and Jurisdiction

This Privacy Policy is governed by the laws of India and the courts in Mumbai shall have exclusive jurisdiction over any disputes in relation to the Privacy Policy.