A. Privacy Policy
A.1 Introduction
We, SBM Bank India. ("us", "we", or "our") operate www.sbmbank.co.in (the "Site"). This page informs you of our policies regarding the collection, use and disclosure of personal information we receive from users of the Site. This privacy policy (“Privacy Policy” or “Policy”) has been made in accordance and is in compliance with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (the “IT Rules”) framed under the Information Technology Act 2000 and Master Circular on Customer Service in Banks issued by Reserve Bank of India.
We use your personal information only for providing the Site and improving services available on the Site. By using the Site, you agree to the collection and use of personal information in accordance with this Privacy Policy.
A.2 Background and Definitions
Who is covered under this policy?
All natural persons ("Covered Persons"), whose personal information is either collected/ received/ possessed/ stored/ dealt in/ handled by SBM Bank/ who visit the site www.sbmbank.co.in and provide information to SBM Bank online, are covered under this Policy.
Information covered by this Policy
This Policy seeks to cover personal information of the Covered Persons provided to SBM Bank as also any information collected by the bank server from the visitor’s browser. The ("Information"), i.e., any of the following:
Definitions used in this policy:
"Personal information" means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
"Sensitive personal data or information" of a person means such personal information which consists of information relating to:
Provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for these purposes.
A.3 Operational Guidelines to the Policy
While using our Site, we may ask you to provide us with certain personal information that can be used to contact or identify you.
What do we do with the Information: Communicate
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of use to you through electronic media or otherwise. You have the option to decline receipt of such communications from us.
Further, all Information collected shall be used for the relevant lawful purposes connected with various functions or activities of the Bank related to services in which the Concerned Person is interested, and/or to help determine the eligibility of the Concerned Persons for the product/services requested/ applied/ shown interest in and/or to enable Bank the Covered Persons verification and/or process applications, requests, transactions and/or maintain records as per internal/legal/regulatory requirements and shall be used to provide the Concerned Person with the best possible services/products as also to protect interests of SBM Bank.
The Information shall not be shared with any external organisation unless the same is necessary to protect the interests of the Bank or to enable SBM Bank to provide you services or to enable the completion/compilation of a transaction, credit reporting, or the same is necessary or required pursuant to applicable banking norms or pursuant to the terms and conditions applicable to such Information as agreed to with SBM Bank or pursuant to any requirement of law/regulations or any Government/court/other relevant authority’s directions/orders. Needless to add, confidentiality norms as applicable to banks shall be adhered to. SBM Bank may also share Information to provide you with superior services and a range of offers.
We may also share your Information, without obtaining your prior written consent, with government agencies mandated under the law to obtain information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences, or where disclosure is necessary for compliance of a legal obligation. Any Information may be required to be disclosed to any third party by us by an order under the law for the time being in force.
In this regard, it may be necessary to disclose the Covered Persons information to one or more agents and contractors of SBM Bank and their sub-contractors, but such agents, contractors, and sub-contractors will be required to agree to use the information obtained from SBM Bank only for these purposes.
Information provided by you are retained (for later of the) (i) as long as the purposes for which such data were collected continue. Or (ii) for such period so as to satisfy legal, regulatory or accounting requirements or to protect SBM Bank's interests.
Please note that the accuracy of the Information provided to us on the Website is essential, among others, to provision of our products and services to you. It is therefore a term and condition governing the access and use of the Website that you undertake to ensure the accuracy and completeness of all Information disclosed, shared, exchanged or otherwise update and notify the Bank of any changes in the Information.
The Covered Persons authorises SBM Bank to exchange, share, part with all information related to the details and transaction history of the Covered Persons to its Affiliates / banks / financial institutions / credit bureaus / agencies/participation in any telecommunication or electronic clearing network as may be required by law, customary practice, credit reporting, statistical analysis and credit scoring, verification or risk management or any of the aforesaid purposes and shall not hold SBM Bank liable for use or disclosure of this information.
The Covered Persons shall not disclose to any other person, in any manner whatsoever, any information relating to SBM Bank or its Affiliates of a confidential nature obtained in the course of availing the services through the website. Failure to comply with this obligation shall be deemed a serious breach of the terms herein and shall entitle SBM Bank or its Affiliates to terminate the services, without prejudice to any damages, to which the Covered Persons may be entitled otherwise.
As regards the information collected from visitors of the website online (“visitor”), SBM Bank will use the Information to improve the Covered Persons experience on the site and make subsequent offers to the visitor on products which may be of interest to him / her, if so agreed while giving information.
How do we collect Information: Log Data
Like many site operators, we collect information that your browser sends whenever you visit our Site ("Log Data").
This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics.
The SBM Bank website uses cookies. Cookies are small data files that a website stores on your computer. We may use persistent cookies which are permanently placed on your computer to store non-personal (Browser, ISP, OS, Clickstream information etc) and profiling information (age, gender, income etc). While cookies have unique identification nos, personal information (name, a/c no, contact nos etc) SHALL NOT be stored on the cookies. Please refer our Cookie policy for details
We will use the information stored in the cookies to improve visitor experience through throwing up relevant content where possible. We will also use the cookies to store visitor preferences to ease visitor navigation on the site.
We may in the future implement encryption of the cookies.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
In addition, we may use third party services such as Google Analytics that collect, monitor and analyse this.
How do we secure the Personal Information: Security
At SBM Bank, we value your relationship and will at all times strive to ensure your privacy. While aiming to guarantee a secure, confidential, safe handling of your Personal Information, we use certain physical, managerial, technical or operational safeguards as per industry standards and established best practices to protect the information we collect. We use reasonable security practices and procedures and use secure servers as mandated under applicable laws for protection of your information. We review our information collection, storage and processing practices, including physical security measures to guard against unauthorized access to systems. However, as effective as these measures are, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us over the internet. You accept that the inherent security implications of data transmission over the internet and the world wide web cannot always be guaranteed as completely secure. Therefore, your use of the website will be at your own risk.
A.4 Policy Amendment Authority
This Privacy Policy is effective as of DATE TO BE PUT HERE ON RELEASE and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.
We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Site after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.
If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on the Site.
A.5 Miscellaneous
The invalidity or unenforceability of any part of this Privacy Policy shall not prejudice or affect the validity or enforceability of the remainder of this Privacy Policy. This Privacy Policy does not apply to any information other than the information collected by us through any means. This Privacy Policy shall be inapplicable to any unsolicited information you provide us through any means. All unsolicited information shall be deemed to be non-confidential and we shall be free to use and/ or disclose such unsolicited information without any limitations. The rights and remedies available under this Policy may be exercised as often as necessary and are cumulative and not exclusive of rights or remedies provided by law. It may be waived only in writing. Delay in exercising or non-exercise of any such right or remedy does not constitute a waiver of that right or remedy, or any other right or remedy.
A.6 Force Majeure
Notwithstanding anything contained in this Privacy Policy or elsewhere, we shall not be held responsible for any loss, damage or misuse of your Personal Information, if such loss, damage or misuse is attributable to a Force Majeure Event (as defined below) or any act or omission attributable to you or any person claiming on your behalf. A "Force Majeure Event" shall mean any event that is beyond our reasonable control and shall include, without limitation, sabotage, fire, flood, explosion, acts of god, civil commotion, strikes or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, unauthorised access to computer, computer system or computer network, computer crashes, breach of security and encryption (provided beyond our reasonable control), power or electricity failure or unavailability of adequate power or electricity.
A.7 Your Rights
You shall have all the rights under the Privacy Policy, as are available to you under the applicable law.
A.8 Governing Laws and Jurisdiction
This Privacy Policy is governed by the laws of India and the courts in Mumbai shall have exclusive jurisdiction over any disputes in relation to the Privacy Policy.
A.9 Contact Us
If you have any questions about this Privacy Policy, please email us customercare@sbmbank.co.in
A.10 Grievance Redressal
B. In case of any discrepancy or grievance with respect to all or any Personal Information shared with us, please feel free to contact The Principal Nodal Officer, the Grievance Officer of the Bank, at nodal.officer@sbmbank.co.in. Customer Privacy Policy
B.1 Introduction
SBM Bank India Limited (“Bank” or “we” or “us” or “our”) recognizes that one of its fundamental responsibilities is to ensure that it protects personal information entrusted to them by its customers. This is critical for the maintenance of the Bank’s reputation and for complying with its legal and regulatory obligations to protect the Bank’s customer information. The Bank also follows a transparent policy to handle personal information of its customers.
This privacy policy (“Privacy Policy” or “ Policy”) has been made in accordance and is in compliance with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (the “IT Rules”) framed under the Information Technology Act 2000 and Master Circular on Customer Service in Banks issued by Reserve Bank of India.
This Privacy Policy is applicable to personal information (including sensitive personal information) collected by the Bank directly from the customer or through the Bank’s online portals, electronic communications as also any information collected by the Bank’s server from the customer’s browser.
B.2 Operational Guidelines to the Policy
Classification of Information
Personal Information
Personal Information means any information that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available with the Bank, is capable of identifying such person (e.g., telephone number, name, address, transaction history etc.).
“Sensitive personal data or Information” of a person means such Personal Information which consists of information relating to passwords, financial information such as Bank account or credit card or debit card or other payment instrument details, physical physiological and mental health condition, medical records and history, biometric information, details of nominees and national identifiers including but not limited to: Aadhaar card, passport number, income, PAN, etc. For customers enrolled in services provided by the Bank, such as online bill payment, personal information about the transaction is collected.
Non personal information includes the IP address of the device used to connect to the Bank’s website along with other information such as browser details, operating system used, the name of the website that redirected the visitor to the Bank’s website, etc. Also, when customers browse our site or receive one of our emails, the Bank and our affiliated companies, use cookies and/or pixel tags to collect information and store their online preferences.
Any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as Sensitive Personal Data or Information.
The information customers provide online is held by the Bank business that maintains the account or is processing the application for a new product or service.
Purpose of Collection and Usage of Personal Information
The Bank shall use the Personal Information collected to manage its business and offer an enhanced, personalized online experience on its website. Further, it shall enable the Bank to:
1. Process applications, requests and transactions
2. Maintain internal records as per regulatory guidelines
3. Provide services to customers, including responding to customer requests
4. Comply with all applicable laws and regulations
5. Recognize the customer when he conducts online banking
6. Understand the needs and provide relevant product and service offers
7. If a customer does not wish to provide consent for usage of his/her Sensitive Personal Data or Information or later withdraws the consent, the Bank shall not provide services or withdraw the services for which the information was sought from the customer.
Disclosure/ Sharing of Information
The Bank’s obligation to maintain secrecy arises out of the contractual relationship between the Bank and customer, and as such no Sensitive Personal Data or Information would be divulged to third parties except under circumstances which are well defined. The Bank shall not disclose Sensitive Personal Data or Information of its customers without their prior consent unless such disclosure has been agreed to in a contract between the Bank and the customers, or where the disclosure is necessary for compliance of a legal obligation. In case Bank discloses the Sensitive Personal Data or Information to third parties, such third parties shall be bound contractually to ensure that they protect customers’ Sensitive Personal Data or Information in accordance with applicable laws.
The above obligations relating to sharing of Sensitive Personal Data or Information shall not apply to Sensitive Personal Data or Information shared with government mandated under the law to obtain such information or by an order under law for the time being in force. Further, if any Sensitive Personal Data or Information is freely available or accessible in the public domain, the Bank shall not have any obligations regarding the same.
No Personal Information about customer accounts or other personally identifiable data shall be shared with non-affiliated third parties unless any of the following conditions is met:
1. To help complete a transaction initiated by the customer
2. To perform support services through an outsourced entity provided it conforms to the Privacy Policy of the Bank
3. The customer/ applicant has specifically authorized it
4. To conform to legal requirements or comply with legal process
5. Where there is duty to the public to disclose
6. The information is shared with Government agencies mandated under law
7. The information is shared with any third party by an order under the law
8. Enforce the terms and conditions of the products or services Act to protect the rights, interests or property of the Bank, or its members, constituents or of another person
Accuracy
The Bank shall have processes in place to ensure that the Personal Information residing with it is complete, accurate and current. If at any point of time, there is a reason to believe that Personal Information residing with the Bank is incorrect, the customer should inform the Bank in this regard. The Bank shall correct the erroneous information as quickly as possible.
B.3 Response to Enquiries and Complaints
The Bank may use Personal Information of customers to contact customers with newsletters, marketing or promotional materials and other information that may be of use to customers through WhatsApp, letters, emails, mobile messages etc. The customers have the option to decline receipt of such communications from the Bank.
The Bank shall encourage customer enquiries, feedback and complaints which would help it to identify and improve the services provided to its customers. In relation to such enquiries and complaints, customers shall have the rights available to them under the IT Rules and any other applicable law.
In case of any discrepancy or grievance with respect to all or any Personal Information shared with the Bank, please feel free to contact The Principal Nodal Officer of the Bank, at nodal.officer@sbmbank.co.in
B.4 Security Practices
The security of Personal Information is a priority and shall be ensured by maintaining physical, electronic, and procedural safeguards that meet applicable laws to protect customer information against loss, misuse, damage and unauthorized access, modifications, or disclosures. Employees of the Bank shall be trained in the proper handling of Personal Information. When any third party body corporates are used to provide services on behalf of the Bank, it shall ensure that such body corporates protect the confidentiality of Personal Information they receive in the same manner the Bank protects. The Bank shall continuously review and enhance its security policies and security measures to consistently maintain a high level of security. However, as effective as these measures are, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that the information the Customer supplies will not be intercepted while being transmitted to us over the internet. The customers accept the inherent security implications of data transmission over the internet and the world wide web cannot always be guaranteed as complete secure. Therefore, customers’ use of the website will be at their own risk.
B.5 Policy Amendment Authority
The Bank shall reserve the right to change or update this Policy, at any time with reasonable notice to customers on Bank’s website so that customers are always aware of the information which is collected, for what purpose Bank uses it, and under what circumstances, if any, Bank may disclose it.
By virtue of this Privacy Policy, the customer assents to collection, use, transfer, disclosure, retention and other processing of her/his Personal Information, including Sensitive Personal Data or Information, as described in this Policy.
B.6 Force Majeure
Notwithstanding anything contained in this Privacy Policy or elsewhere, the Bank shall not be held responsible for any loss, damage, or misuse of your Personal Information, if such loss, damage or misuse is attributable to a Force Majeure Event (as defined below) or any act or omission attributable to the customer or any person claiming on his/her behalf. A "Force Majeure Event" shall mean any event that is beyond our reasonable control and shall include, without limitation, sabotage, fire, flood, explosion, acts of god, civil commotion, strikes or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, unauthorised access to computer, computer system or computer network, computer crashes, breach of security and encryption (provided beyond our reasonable control), power or electricity failure or unavailability of adequate power or electricity.
B.7 Miscellaneous
The invalidity or unenforceability of any part of this Privacy Policy shall not prejudice or affect the validity or enforceability of the remainder of this Privacy Policy. This Privacy Policy does not apply to any information other than the information collected by us through any means. This Privacy Policy shall be inapplicable to any unsolicited information you provide us through any means. All unsolicited information shall be deemed to be non-confidential, and we shall be free to use and/ or disclose such unsolicited information without any limitations. The rights and remedies available under this Policy may be exercised as often as necessary and are cumulative and not exclusive of rights or remedies provided by law. It may be waived only in writing. Delay in exercising or non-exercise of any such right or remedy does not constitute a waiver of that right or remedy, or any other right or remedy.
B.8 Governing Laws and Jurisdiction
This Privacy Policy is governed by the laws of India and the courts in Mumbai shall have exclusive jurisdiction over any disputes in relation to the Privacy Policy.