IndusInd Bank Privacy Policy

1. Introduction

We value Customers’ privacy as if it were our own.

We, IndusInd Bank Limited (hereon referred as “the Bank”) are strongly committed to protecting the privacy of our Customers’ confidential information and have taken all the necessary measures to protect the same. Keeping information secure is one of our most important responsibilities. We maintain physical, electronic, and procedural safeguards to protect our Customer’s confidential information. The employees and other business associates of the Bank are authorized to access Customers information for authorized business purposes only. Our employees’ / business associates are bound by a code of ethics that requires confidential treatment of Customer information and are subject to disciplinary action if they fail to follow this code. The Bank shall not be held liable for disclosure of the confidential information when the disclosure is in accordance with this Privacy Commitment or in terms of the agreements, if any, with the Customers or in accordance with the applicable laws / directives from the appropriate authorities. We recognize our responsibility to maintain the confidentiality of the information provided to us by our Customers.

  • Below described Privacy Policy ("document") is applicable when services of the Bank are availed either directly or through merchant partners for any financial or non-financial transaction with the Bank.
  • This document outlines the Bank’s approach to fulfil its obligations towards protecting the privacy of our Customers’ personal information including Sensitive Personal data or information. It applies to all your Personal Data/ Sensitive Personal Data processed by us, whether in physical or electronic mode.
  • Throughout this document, the terms “we”, “us”, “our” & “ours” refer to IndusInd Bank and the terms “you”, “your” & “yours” refer to YOU (the individual whose personal data we are referring to).
  • “Application” means Bank’s mobile application, most commonly referred to as an app, is a type of application software designed to run on a mobile device, such as a smartphone or tablet computer and all other application through which the Bank’s Services can be availed electronically
  • “Personal Data” means any personal information that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available with the Bank, is capable of identifying such person.
  • “Sensitive Personal Data or Information” of a person means such personal information which consists of information relating to:
  1. Password;
  2. financial information such as Bank account or credit card or debit card or other payment instrument details;
  3. physical, physiological and mental health condition;
  4. sexual orientation;
  5. medical records & history;
  6. biometric information;
  7. any detail relating to the above clauses as provided to body corporate for providing service;
  8. any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise.
  • “Website” means a collection of publicly accessible, interlinked Web pages of the Bank that share a single domain name. Bank’s Website is created and maintained to serve a variety of purposes.
  • “Sensitive Personal Data” is a subset of “Personal Data”. Hence, wherever Sensitive Personal Data is not mentioned separately in this document, it is deemed to be included under Personal Data. Consequently, all that applies to Personal Data is automatically applicable to Sensitive Personal Data.
  • Any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as Personal Data/Sensitive Personal Data or Information for the purposes of this document. Any reviews, comments, messages, blogs posted/uploaded/conveyed/communicated by Customer on the public sections of the Bank Website or an Application becomes published content and is not considered personal and Sensitive information subject to this document.

In this document, unless the context indicates otherwise –

  • Products and Services: Products and services offered by IndusInd Bank.
  • Customer: An individual whose personal data is processed by IndusInd Bank or by another entity on behalf of IndusInd Bank.
  • Processing: Any operation or set of operations performed on personal data or sets of personal data. These include collection, receipt, recording, holding, structuring, storage, organization, adaptation or alteration, collation, updating, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available in any form, merging, linking, alignment, or combination, restriction, erasure, degradation or destruction. These could be performed by manual or by automated means.
  • Profiling: any form of processing of personal data that analyses or predicts aspects concerning the behaviour, attributes or interests of a Customer.

2. Applicability

  • This is applicable to Personal Data and Sensitive Personal Data collected by us or is received directly from the Customer/ employees or through the Bank’s website, Application and electronic communications and also any information collected by the Bank’s server from the Customer’s browser.
  • We recognize our responsibility to maintain the confidentiality of the Personal Data provided to us by our Customers against unauthorized disclosure and/or misuse. We are committed to keep your Personal Data confidential except as stated in this document. This document outlines the details of the Personal Data collected, the purposes for which it is used/ collected, disclosure of such information and security practices and procedures that have been undertaken to maintain the confidentiality of such information.
  • We process any Personal Data we collect from you in accordance with the provisions of this document. Please read the following carefully to understand our practices regarding your Personal Data. Bank shall not be held liable for disclosure of any information when the disclosure is in accordance with this document or in terms of the agreements, if any, with the Customers.

3. What Personal Data We Collect & Process?

We collect below categories of Personal Data for providing services to you. Please note below is not an exhaustive list and may change as per the products and services offered to fulfil regulatory and legal requirements:

  • Demographic data such as name, email address, contact details, gender, age, residential address, date of birth, residential status, business details etc.
  • Identity and address proof such as passport, PAN card, driving license, etc.
  • Financial Data such as Customer ID, bank account number, cheque number, demand draft number, debit/credit account number, transaction data etc.
  • Online Identifiers such as IP address, device details (eg: location, model, installed application information, wi-fi, mobile network, mobile/phone number, SMS log, User Image, contact list etc), cookies data, etc.

4. Where do we obtain Personal Data from?

Most of the Personal Data we process is provided by you directly to us through our Website/Application/phone banking/visiting our branch and for/while using our products and/or services.

We also collect your Personal Data from other sources such as credit reference agencies, fraud detection services, insurers, partners where we act as corporate agents, market researchers.

5. Purpose for collecting and processing Personal Data

We use or process your Personal Data for the following purposes:

  • Legitimate interest pursued by us, such as:
  1. provide products and assist in and administer the provision of services to you;
  2. prevent, detect, investigate and prosecute fraud and alleged fraud, money laundering and other crimes and to verify your identity in order to protect our business;
  3. protect our business interests;
  4. evaluate, develop or improve our products and services;
  5. providing information about products, offers, promotions and services; and
  6. process and deal with any complaints or enquiries made by or about you.
  • To Comply with any legal and regulatory requirement.
  • To Enter into a contract with you and for performance of contract.
  • For fraud prevention purposes.

6. Sharing of Personal Data

  • We may disclose your Personal Data to the following Third Parties:
  1. other Group Companies, Partners and Subsidiaries;
  2. sub-contractors, agents or service providers who work for us or provide services or products to us;
  3. law enforcement agencies, government authorities, courts, dispute resolution bodies, Indian and overseas regulators, auditors and any party appointed or requested by applicable regulators to carry out investigations or audits of our activities;
  4. partners engaged in providing co-branded services, products or programs;
  5. agents or service providers who have a requirement in connection with regulatory reporting, litigation or asserting or defending legal rights and interests;
  6. statutory and regulatory bodies, Reserve Bank of India, authorities (including the government) investigating agencies, credit bureau agencies and entities or persons, to whom or before whom it is mandatory to disclose Personal Data as per the applicable law, courts, judicial and quasi-judicial authorities’ tribunals, arbitrators and arbitration tribunals.
  • We may pass your Personal Information to above mentioned third parties in the following scenarios:
  1. have a requirement in connection with regulatory reporting, litigation, or asserting or defending legal rights and interests:
    1. to procure credit reports from credit bureaus and identity verification services (such as those provided by UIDAI);
    2. to help us or Law Enforcement Agencies (LEA) to prevent fraud, money laundering, terrorism and other crimes. Also, we may disclose your Personal Information to the police, regulatory bodies or legal advisers in connection with any alleged criminal offence or suspected breach of this document and/or the Terms and Conditions or otherwise where required by law and we will co-operate with any LEA or court order requesting or directing us to disclose the identity of or locate anyone breaching this document or otherwise for the prevention or detection of crime or the apprehension or prosecution of offenders;
    3. if it is necessary for legal proceedings and when we believe in good faith that any applicable law, regulation, government, regulatory or other authority, agency or officer requires it or to protect the safety or security of users of the Website and/or the Application;
    4. compliance with an audit on our business; and
    5. assisting an agency in undertaking information for us.
  2. To provide you with products and services:
    1. to help us process questions you may have about the Bank Website and/or the Application and/or the services offered by Bank;
    2. we may pass your Personal Information to administer the services provided to you by us now or in the future; and
    3. if we use third party processors to administer and process your Personal Information for the purposes notified in this document, e.g. for hosting activities related to the use of the Website, the Application or the services offered by the Bank.
  3. Legitimate business reason for doing so. For example, to manage risk, verify your identity, assess the suitability of products, offers, promotions, and services for you:
    1. to confirm or correct what we know about you;
    2. if we sell all or any part of our business or merge with another company;
    3. to obtain advice from third parties such as auditors or legal advisors; and.
    4. if another organization is engaged by us to perform tasks on our behalf.
  4. To further enhance our products and services for you.
  5. Have asked you for your consent to share it and you have agreed.
  • If you desire the Bank to limit such sharing whereby you would not like to be informed of offers available, you may contact us at reachus@indusind.com
  • Depending on the extent of your request, please note that you may not be able to continue receiving the full benefit of our products and services. The withdrawal of your consent or authorization pursuant to the Withdrawal Request will not affect the validity of our processing carried out on the basis of the consent until the time of withdrawal. In the event that you choose to continue with the full benefit of the product and/or services then it shall be mandatory/obligatory for you to send an email to the Bank requesting the Bank to reject the Withdrawal Request, failing which the Bank shall reserve the right to act upon the Withdrawal Request.

7. Consent

  • By using/availing the product and services of the Bank (whether through our Website, Application and/or otherwise), Customer consent and authorize us to use their Personal Data for the purposes identified in this document and you are expressly agreeing to and consenting to the terms of this document.
  • You consent to Bank undertaking the following:
  1. send you and keep you updated with information by email, telephone (including SMS) or mail about existing and new services and benefits from us;
  2. use the information for marketing and for market research/industry/sector analytics purposes including internal demographic studies, to provide, optimize and personalize our services and to further enhance our products and services for you and to send you newsletters and information about our services; and.
  3. in case of minors, their guardian/s shall monitor the minor’s access to and usage of our Website, our Application and our various platforms; and by such access and/or usage by the minor, it shall be deemed that the same is pursuant to a prior valid approval by the guardian/s with respect to such access and/or usage by the minor; and that the guardian/s shall at all times be responsible and/or liable for the acts and/or omissions of the minor.

8. Use of Cookies and Other Tracking Mechanisms

  • Our Website uses cookies. Cookies are small data files that a Website stores on your computer or mobile device. Every cookie is unique to your web browser. We use persistent cookies which are retained on your computer to store non-personal and profiling information which will enhance your future visit to our platform.
  • By using our Website, user/s agree that these types of cookies can be placed on his/her device. User/s is free to disable/delete these cookies by changing his/her device / browser settings.
  • The Bank is not responsible for cookies placed in the device of user/s by any other Website and Personal Data collected thereto. We do not control these Cookies and once you have clicked on the advertisement and left the Site, our Privacy Policy no longer applies. Bank is not responsible for collecting cookies through Linked Sites (defined below), neither is it liable for misuse of the information you provide to Linked Sites.
  • We may also track your interests via our Application via permissions in the Application. This is primarily used to enhance the functionality of the Application and to analyze it to serve you better.
  • You can change your web browsers settings to accept or not to accept cookies. Bank may use third-party service providers to serve ads on its behalf across the internet and sometimes on the Website. Such third party service providers may collect anonymous information about your visits to the Website and use of the services offered by Bank. Personally identifiable information is not linked to data collected from this source.

9. Personal Data Security

  • We are committed to protecting your Personal Data in our custody. We take reasonable steps and procedural safeguards that meet applicable laws to ensure appropriate physical, technical and managerial safeguards are in place to protect your Personal Data confidentiality and integrity. Appropriate contracts inclusive of security measures to protect your Personal Data is executed with the third parties/ vendors/ service providers involved in providing services to us.
  • The Bank has adopted ITIL document and ISO/IEC27001 standards, which are globally accepted standards. The Bank’s Data-Centres, IT and Support functions are ISO 27001:2013 certified.
  • We take precautions to protect your information. When you submit Sensitive Information via the Website and/or the Application your information is protected both online and offline. Wherever we collect Sensitive Information (such as credit card data or other payment preferences), that information is encrypted and transmitted to us in a secure way by using Secured Sockets Layer (SSL) encryption.
  • While we use encryption to protect Sensitive Information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service or responding to legal requests) are granted access to Personal Information. The servers in which we store Personal Information and payment information are kept in a secure environment with industry standard security controls in place.
  • The Bank strives to ensure the security, integrity protection and privacy of your Personal Information against unauthorized access or unauthorized alteration, disclosure or destruction. We follow stringent security techniques and requirements for handling Sensitive and Personal Information. These techniques and requirements are fully compliant with the guidelines set forth under the applicable laws. Our servers are accessible only to authorized personnel. Your information covered under this Privacy Notice is shared with respective personnel only on need to know basis and/ or to provide the services you have requested. All representatives handling information under these provisions are under contractual confidentiality obligation with the Bank. While we take every step to safeguard the confidentiality of your Personal Information, you agree and confirm that Bank is not liable for any negligence, disclosure due to errors in transmission or unauthorized acts of third parties or Linked Sites.
  • Notwithstanding the foregoing, you must keep account details including your username and password (“Account Information”) confidential at all times and should not reveal the same to any third parties. You must take appropriate security measures to prevent unauthorized disclosure of your Account Information (including logging out from your account at the end of each session) and you must notify us immediately if your Account Information becomes known to any unauthorized user. You are solely responsible for maintaining the confidentiality of your Account Information and all activities that occur under your account(s). Any breach of this document by anyone to whom you disclose your account details including your username and password will be treated as if the breach had been committed by you and will not relieve you of your obligations under this Privacy Policy and the Terms and Conditions.
  • Notwithstanding anything contained herein, Bank shall not be liable for any loss, damage or misuse of your Personal Information due to a Force Majeure Event. A “Force Majeure Event” for the purposes of this document shall mean any event that is beyond reasonable control of Bank and shall include, without limitation, sabotage, fire, flood, explosion, acts of God, civil commotion, strikes or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, unauthorized access to computer data and storage device, computer viruses breach of security and encryption or any other cause beyond the control of the Bank.
  • You are required to follow the Terms and Conditions while using this Website including the instructions stated therein and as part of Do’s and Don’ts in respect of security and confidentiality of your bank account and credentials.
  • Bank has internal policy and procedures established for handling cyber/security incidents and breaches. In case of any such incident and breaches, the Bank will adhere to the same.

10. Retention of Personal Data

We may retain your Personal Data for as long as required for legitimate purposes that may include such as managing your account and dealing with any concerns that may arise or otherwise if as may be required for any for legal, regulatory and/or statutory reasons.

If the Bank no more require to retain the information provided by the Customer, it will use best efforts to destroy or delete such Customer Information as per our Bank’s internal policies.

11. Links to other Websites and Social Media

  • Our Website may contain links to websites of other organizations which are not owned by Bank. This document does not cover how those organizations process your Personal Data. We encourage you to read the relevant Privacy Policy on the other websites that you may visit.
  • Please note that when visiting Bank’s official social media site/ page, you are subject to this document well as the social media platform's own terms and conditions.

12. Conflict of Laws & Disputes

  • You agree that, irrespective of your location or country of jurisdiction, this document and its contents shall be subject to and governed by Indian laws (as amended from time to time) as may be applicable and that you waive all your rights which you may have in relation to this document under any contract or relevant laws applicable to the jurisdiction where you are situated and/or by which you are governed.
  • Any disputes over inter alia collection, storage and handling of Personal Information will be governed by this document, Terms and Conditions and by the laws of India and courts of Mumbai shall have exclusive jurisdiction.

13. Decision Making

Any decision made by us in relation to this document shall be at our sole discretion and the same shall be final and binding upon you.

14. Customer Care

In case of any discrepancies or grievances, you may refer our Grievance Redressal Policy available on our Website.

15. Notification of Changes

We reserve the right, in our sole discretion, to change, modify, add or delete portions of this Privacy Notice at any time without notice, and it is your responsibility to review this Privacy Notice from time to time on the Website and/or the Application, in order to keep track and take note of the changes. Your use of the Website and/or the Application following any amendment of this Privacy Notice will signify and constitute your consent to and acceptance of such revised this Privacy Notice. We will not file or store a copy of these terms for each interaction on transaction by you through the Website and/or the Application. We therefore recommend that you save a copy of this Privacy Notice for future reference, and ensure that such copies can be reliably verified as being effective (i.e. published on the Website and/or the Application) on a particular date.

Â