IndusInd Bank Privacy Policy

1. Introduction 

We value Customers’ privacy as if it were our own.

We, IndusInd Bank Limited (hereon referred as “the Bank”) are committed to protecting the privacy of our customers’ confidential information and have taken all the necessary measures to protect. We maintain physical electronic, and procedural safeguards to protect our, Customer’s confidential information. The employees and other business associates of the Bank are authorized to access Customers information for authorized business purposes only.  Our employees’ / business associates are bound by a code of ethics that requires confidential treatment of Customer information and are subject to disciplinary action if they fail to follow this code.  The Bank shall not be held liable for disclosure of the confidential information when the disclosure is in accordance with this Privacy Commitment or in terms of the agreements, if any, with the Customers or in accordance with the applicable laws / directives from the appropriate authorities.    

Below described Privacy Policy ("document") is applicable when services of the Bank are availed either directly or through partners for any financial or non-financial transaction with the Bank. 

This document outlines the Bank’s approach to fulfil its obligations towards protecting the privacy of our third parties and Customers’ personal information. It applies to all your Personal Data processed by us, in digital/electronic mode. Throughout this document, the terms “we”, “us”, “our” & “ours” refer to IndusInd Bank and the terms “you”, “your” & “yours” refer to YOU (the individual whose personal data we are referring to). 

Definitions:  

• “Application” means Bank’s mobile application, most commonly referred to as an app, is a type of application software designed to run on a mobile device, such as a smartphone or tablet computer and all other application through which the Bank’s Services can be availed electronically. 
• “Employee or Employees” means person employed for wages or salary by us or third parties appointed by us. 
• “Third Parties” means a person, authority, or agency other than customer and IndusInd Bank Employee authorized to process personal data. 
• “Customer” means an individual, business or organization that has banking or financial relationship with us. 
• “Personal Data” means any data about an individual who is identifiable by or in relation to such data. 
• “Sensitive Personal Data or Information” of a person means such personal information which consists of information relating to: 
  • Password; 
  • financial information such as Bank account or credit card or debit card or other payment instrument details; 
  • physical, physiological and mental health condition; 
  • sexual orientation; 
  • medical records & history; 
  • biometric information; 
  • Any detail relating to the above clauses as provided to body corporate for providing service; 
  • Any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise. 
• “Website” means a collection of publicly accessible, interlinked Web pages of the Bank that share a single domain name. Bank’s Website is created and maintained to serve a variety of purposes. 

Any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as Personal Data/ Information for the purposes of this document. Any reviews, comments, messages, blogs posted/ uploaded/ conveyed/ communicated by Customer on the public sections of the Bank Website or an Application becomes published content and is not considered personal information subject to this document. 

In this document, unless the context indicates otherwise –

• Products and Services: Products and services offered by IndusInd Bank. 
• Customer: An individual whose personal data is processed by IndusInd Bank or by another entity on behalf of IndusInd Bank. 
• Processing: Any operation or set of operations performed on personal data or sets of personal data. These include collection, receipt, recording, holding, structuring, storage, organization, adaptation or alteration, collation, updating, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available in any form, merging, linking, alignment, or combination, restriction, erasure, degradation, or destruction. These could be performed by manual or by automated means. 
• Profiling: any form of processing of personal data that analyses or predicts aspects concerning the behavior, attributes, or interests of a customer. 

2. Applicability 

This is applicable to Personal Data and Sensitive Personal Data collected by us or is received directly from the Customer/ employees or through the Bank’s website, Application and electronic communications and also any information collected by the Bank’s server from the Customer’s browser. 

We recognize our responsibility to maintain the confidentiality of the Personal Data provided to us by our Customers against unauthorized disclosure and/or misuse. We are committed to keep your Personal Data confidential except as stated in this document. This document outlines the details of the Personal Data collected, the purposes for which it is used/ collected, disclosure of such information and security practices and procedures that have been undertaken to maintain the confidentiality of such information. 

We process any Personal Data we collect from you in accordance with the provisions of this document. Please read the following carefully to understand our practices regarding your Personal Data. Bank shall not be held liable for disclosure of any information when the disclosure is in accordance with this document or in terms of the agreements, if any, with the Customers. 

3. What Personal Data We Collect & Process? 

3.1. What Personal Data we collect? 

We may collect below personal data depending upon the nature of product/service offered: 

• Identification Data: Name, Date of Birth, Gender, Login credentials, Photographs, Aadhar Card & Number, Passport, Permanent Account Number, Voter ID, Driving License, etc. 
• Contact Data: Address, Email ID, Mobile or Landline number, etc. 
• Professional Data: Educational details, employment details, business details, etc. 
• Geo-location Data: Location, GPS Co-ordinates, IP Address, etc. 
• Financial Details: Account details, Debit/Credit card information, Financial history, Credit Rating and related history, etc. 
• Biometric Data: Fingerprints, Face ID, etc. 
• Device Details: IMEI number, Serial Number, Operating System, Model number, Wi-Fi details, mobile network, etc. 

3.2. Why do we process your personal data? 

We process your personal data for the following purposes, as necessary to provide relevant products and services, depending on your banking relationship (including when applying for opening an account or any other product) or you represent, or are associated with, other individuals, companies, businesses, or organizations who hold banking relationship with us. 

• Availing any product/service from the bank 
• Conducting relevant due diligence and know-your-customer (KYC) checks as required by Applicable Law 
• Conducting credit checks and financial assessments as required by Applicable Law and regulations 
• Managing banking relationships 
• Managing authentication and user access controls 
• Conducting market research and customer satisfaction surveys 
• Monitoring applications and transactions in connection with actual or suspected fraud, financial crime or other criminal activities 
• Designing our products and services for your use 
• Protect our business interest 
• To enter into a contract with you and for performance of contract 
• Evaluate, develop or improve our products and services 
• Providing information about products, offers, promotions and services 

4. Where do we obtain Personal Data from? 

Most of the Personal Data we process is provided by you directly to us through our Website/Application/phone banking/visiting our branch and for/while using our products and/or services.  

We may collect personal data through on-boarding/ interaction channels such as, not limited to bank’s Website, mobile and web application/phone banking/digital partners/visiting our branch and for/while using our products and/or services. 

Note: 

1. Above is not an exhaustive list and may change as per the products and services offered to fulfil regulatory and legal requirements. 
2. We may also collect your Personal Data from other sources such as credit reference agencies, fraud detection services, insurers, partners / third party, publicly available sources such as social media or websites. 

5. Sharing of Personal Data 

We may disclose your Personal Data to below for allowing the bank to meet its legal, regulatory, and contractual obligations.  

1. Statutory and regulatory bodies such as Reserve Bank of India, CERSAI, UIDAI and government authorities (including the government) investigating agencies, credit bureau agencies and entities or persons, to whom or before whom it is mandatory to disclose Personal Data as per the applicable regulatory requirements. 
2. Law enforcement agencies, judicial and quasi-judicial authorities’ tribunals, arbitrators, & arbitration tribunals, government authorities, courts, dispute resolution bodies, Indian and overseas regulators. We may disclose your Personal Information to the police, regulatory bodies or legal advisers in connection with any alleged criminal offence or suspected breach of this document and/or the Terms and Conditions or otherwise where required by law and we will co-operate with any LEA or court order requesting or directing us to disclose the identity of or locate anyone breaching this document or otherwise for the prevention or detection of crime or the apprehension or prosecution of offenders. 
3. Auditors and any party appointed or requested by applicable regulators to carry out compliance with an investigation / audit on our business/ activities. 
4. Sub-contractors, agents or service providers who work for us or provide services or products to us. 
5. Partners engaged in providing co-branded services, products, or programs. 
6. Prevent, monitor or report fraud, money laundering, terrorism and/or other crimes. 
7. We have asked you for your consent to share it and you have agreed 
8. For the purpose of collection, the bank might share your personal details such as mobile, e-mail, address etc. with the bank approved collection agencies. For details of the bank approved collection agencies, kindly refer link (https://www.indusind.com/in/en/personal/collection-agencies.html ) 
9. Group Companies, Partners, and Subsidiaries. 
10. If you desire the Bank to limit such sharing whereby you would not like to be informed of offers available, you may contact us at reachus@indusind.com  
11. Depending on the extent of your request, please note that you may not be able to continue receiving the full benefit of our products and services. The withdrawal of your consent or authorization pursuant to the Withdrawal Request will not affect the validity of our processing carried out on the basis of the consent until the time of withdrawal. In the event that you choose to continue with the full benefit of the product and/or services then it shall be mandatory/obligatory for you to send an email to the Bank requesting the Bank to reject the Withdrawal Request, failing which the Bank shall reserve the right to act upon the Withdrawal Request. 

6. Consent 

By using/availing the product and services of the Bank (whether through our Website, Application and/or otherwise), Customer consent and authorize us to use their Personal Data for the purposes identified in this document and you are expressly agreeing to and consenting to the terms of this document. 

You consent to Bank undertaking the following:  

1. Send you and keep you updated about existing and new services including special offers of third party products via post, courier and electronic communication such as email, SMS etc.; 
2. To use the Information for marketing/ non-marketing, and/ or for market research/ industry/ sector analytics including internal demographic studies, administrative purposes, facilitation of transactions, offer additional support and to provide, optimize and personalize banking services and to further enhance Bank products and services for you, improve internal business processes ,  to send newsletters and information about banking services and participating in telecommunication or electronic clearing network as may be required by law/customary practice by the bank; 
3. Receiving/ providing information/ services, either from the Bank, Central KYC Registry and/or through any of the Bank’s authorised service providers/ agency(ies)/ professional advisors related to the operation of my/ our account(s)/ services availed by me/ us; 
4. To provide the Information to any regulatory/ statutory / government / quasi-government authority or pursuant to any legal requirement to credit bureaus, statutory authorities, regulatory authority(ies), central KYC registry, law enforcement agencies or any other authority governing the financial and banking operations whether in India or outside India, without prior notice as may be required by the Bank under the laws applicable in India and/or such other jurisdiction where it may be applicable, if required for the purpose of preventing frauds, or in public interest without my/ our specific consent; 
5. in case of minors, their guardian/s shall monitor the minor’s access to and usage of our Website, our Application and our various platforms; and by such access and/or usage by the minor, it shall be deemed that the same is pursuant to a prior valid approval by the guardian/s with respect to such access and/or usage by the minor; and that the guardian/s shall at all times be responsible and/or liable for the acts and/or omissions of the minor. 

7. Usage of Cookies and Other Tracking Mechanisms 

• Our Website uses cookies. Cookies are small data files that a Website stores on your computer or mobile device. Every cookie is unique to your web browser. We use persistent cookies which are retained on your computer to store non-personal and profiling information which will enhance your future visit to our platform.  
• By using our Website, user/s agree that these types of cookies can be placed on his/her device. User/s is free to disable/delete these cookies by changing his/her device / browser settings.  
• The Bank is not responsible for cookies placed in the device of user/s by any other Website and Personal Data collected thereto. We do not control these Cookies and once you have clicked on the advertisement and left the Site, our Privacy Policy no longer applies. Bank is not responsible for collecting cookies through Linked Sites (defined below), neither is it liable for misuse of the information you provide to Linked Sites. 
• We may also track your interests via our Application via permissions in the Application. This is primarily used to enhance the functionality of the Application and to analyze it to serve you better. 
• You can change your web browsers settings to accept or not to accept cookies. Bank may use third-party service providers to serve ads on its behalf across the internet and sometimes on the Website. Such third party service providers may collect anonymous information about your visits to the Website and use of the services offered by Bank. Personally identifiable information is not linked to data collected from this source. 

8. Personal Data Security 

• We are committed to protecting your Personal Data in our custody. We take reasonable steps and procedural safeguards that meet applicable laws to ensure appropriate technical and managerial safeguards are in place to protect your Personal Data confidentiality and integrity.  
• The Bank has adopted ITIL document and ISO/IEC27001 standards, which are globally accepted standards. The Bank’s Datacenters, IT and Support functions are ISO 27001:2013 certified. 
• We take precautions to protect your information. When you submit Sensitive Information via the Website and/or the Application your information is protected both online and offline. Wherever we collect Sensitive Information (such as credit card data or other payment preferences), that information is encrypted and transmitted to us in a secure way by using Secured Sockets Layer (SSL) encryption. 
• While we use encryption to protect Sensitive Information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service or responding to legal requests) are granted access to Personal Information. The servers in which we store Personal Information and payment information are kept in a secure environment with industry standard security controls in place. 
• Appropriate contracts with security measures are executed with third parties involved in processing of personal data. 
• The Bank strives to ensure the security, integrity protection and privacy of your Personal Information against unauthorized access or unauthorized alteration, disclosure or destruction. We follow stringent security techniques and requirements for handling Sensitive and Personal Information. These techniques and requirements are fully compliant with the guidelines set forth under the applicable laws. Our servers are accessible only to authorized personnel. Your information covered under this Privacy Notice is shared with respective personnel only on need to know basis and/ or to provide the services you have requested. All representatives handling information under these provisions are under contractual confidentiality obligation with the Bank. While we take every step to safeguard the confidentiality of your Personal Information, you agree and confirm that Bank is not liable for any negligence, disclosure due to errors in transmission or unauthorized acts of third parties or Linked Sites. 
• You are required to follow the Terms and Conditions while using this Website including the instructions stated therein and as part of Do’s and Don’ts in respect of security and confidentiality of your bank account and credentials. 
• Bank has internal policy and procedures established for handling cyber/security incidents and breaches. In case of any such incident and breaches, the Bank will adhere to the same. 
• Notwithstanding the foregoing, you must keep account details including your username and password (“Account Information”) confidential at all times and should not reveal the same to any third parties. You must take appropriate security measures to prevent unauthorized disclosure of your Account Information (including logging out from your account at the end of each session) and you must notify us immediately if your Account Information becomes known to any unauthorized user. You are solely responsible for maintaining the confidentiality of your Account Information and all activities that occur under your account(s). Any breach of this document by anyone to whom you disclose your account details including your username and password will be treated as if the breach had been committed by you and will not relieve you of your obligations under this Privacy Policy and the Terms and Conditions. 
• Notwithstanding anything contained herein, Bank shall not be liable for any loss, damage or misuse of your Personal Information due to a Force Majeure Event. A “Force Majeure Event” for the purposes of this document shall mean any event that is beyond reasonable control of Bank and shall include, without limitation, sabotage, fire, flood, explosion, acts of God, civil commotion, strikes or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, unauthorized access to computer data and storage device, computer viruses breach of security and encryption or any other cause beyond the control of the Bank. 

9. Retention of Personal Data 

We may retain your Personal Data per Bank’s internal policies as required for legitimate purposes that may include such as managing your account and dealing with any concerns that may arise or otherwise if as may be required for any for legal, regulatory and/or statutory reasons. 

If the Bank no longer require retaining the information provided by the Customer, it will use best efforts to destroy or delete such Customer Information as per our Bank’s internal policies. 

10. Links to other Websites and social media 

• Our website may contain links to websites of other organizations which are not owned by Bank. This document does not cover how those organizations process your Personal Data. We encourage you to read the relevant Privacy Policy on the other websites that you may visit. 
• Please note that when visiting Bank’s official social media site/ page, you are subject to this document well as the social media platform's own terms and conditions. 

11. Conflict of Laws & Disputes 

• You agree that, irrespective of your location or country of jurisdiction, this document and its contents shall be subject to and governed by Indian laws (as amended from time to time) as may be applicable and that you waive all your rights which you may have in relation to this document under any contract or relevant laws applicable to the jurisdiction where you are situated and/or by which you are governed. 
• Any disputes over inter alia collection, storage and handling of Personal Information will be governed by this document, Terms and Conditions and by the laws of India and courts of Mumbai shall have exclusive jurisdiction. 

12. Decision Making 

Any decision made by us in relation to this document shall be at our sole discretion and the same shall be final and binding upon you. 

13. Customer Care

In case of any discrepancies or grievances, you may refer our Grievance Redressal Policy available on our Website. 

14. Notification of Changes 

We reserve the right, in our sole discretion, to change, modify, add, or delete portions of this Privacy Notice at any time without notice, and it is your responsibility to review this Privacy Notice from time to time on the Website and/or the Application, in order to keep track and take note of the changes. Your use of the Website and/or the Application following any amendment of this Privacy Notice will signify and constitute your consent to and acceptance of such revised this Privacy Notice. We will not file or store a copy of these terms for each interaction on transaction by you through the Website and/or the Application. We therefore recommend that you save a copy of this Privacy Notice for future reference and ensure that such copies can be reliably verified as being effective (i.e., published on the Website and/or the Application) on a particular date.