PRIVACY NOTICE

In this Privacy Notice:

Data Protection Legislation means the EU General Data Protection Regulation 2016/679 ("GDPR"); together with all other applicable and national implementing legislation relating to privacy or data protection; and where we use the terms "personal data", "data subject", "controller", "processor" and "process" (and its derivatives), such terms shall have the meanings given to them in the Data Protection Legislation.

INTRODUCTION

ICICI Bank is committed to keeping your personal data private. We shall process any personal data we collect from you in accordance with Data Protection Legislation and the provisions of this Privacy Notice. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

DATA CONTROLLER

For the purpose of the GDPR, ICICI Bank Limited, Singapore Branch and ICICI Bank UK PLC (together called “ICICI Bank”) shall be the joint data controller of your information. This means that we are responsible for deciding how we hold and use your personal data. We are required under Data Protection Legislation to notify you of the information contained in this Privacy Notice.

COLLECTING INFORMATION FROM YOU

ICICI Bank will collect and process your personal data you provide us through application forms, our website, face-to-face and electronic communication (including telephone conversations) and other documents in order to provide our services to you.

THE KIND OF INFORMATION WE HOLD ABOUT YOU

Personal details such as title, name, date of birth, nationality, marital status, addresses, gender, telephone numbers, and personal email addresses.
Other information such as visa, passport, overseas tax-identification number and overseas country-specific unique identifier
Transaction details
Financial Information
Information in the nature of your occupation, annual income and source of income and wealth
Copy of your identification and address proofs such valid passport, driving license, utility bills, job card issued by government agencies, etc.
Overseas address proofs such as address on passport, utility bills, bank statements, national ID cards, photographs, etc.
IP addresses
CCTV footage and other information obtained through electronic means
Cookies

LAWFUL GROUNDS FOR USING YOUR INFORMATION

We are permitted to process your personal data in compliance with Data Protection Legislation by relying on one or more of the following lawful grounds:

You have explicitly agreed to us processing such information for a specific reason.
The processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you.
The processing is necessary for compliance with legal obligations that we may have.
The processing is necessary for the purposes of a legitimate interest pursued by us, which might be:
1. to provide services to you;
2. to ensure that our customer accounts are well-managed;
3. To prevent, detect, investigate and prosecute fraud , alleged fraud, money laundering and other crimes and to verify your identity in order to protect our business and to comply with laws that apply to us and/or where such processing is a contractual requirement of the services or financing you have requested;
4. to protect our business interests;
5. to ensure that complaints are investigated;
6. to evaluate, develop or improve our services; or
7. to keep our customers informed about relevant services, unless you have indicated at any time that you do not wish us to do so.

PURPOSES OF PROCESSING

Specifically, we and our other group companies may use your information for the following purposes and under the following legal bases:

How we use your information	Legal basis
To provide and manage your account(s) and our relationship with you	Where necessary for the performance of our services/ agreement or to take steps to enter into an agreement with you; Where the law or regulation requires this; Where it's in our legitimate interests to ensure that our customer accounts are well-managed, so that our customers are provided with a high standard of service, to protect our business interests and the interests of our customers.
To give you statements and other information about your account or our relationship	Where necessary for the performance of our agreement or to take steps to enter into an agreement with you; Where the law or regulation requires this.
To handle enquiries and complaints	Where necessary for the performance of our services/ agreement or to take steps to enter into an agreement with you; Where the law or regulation requires this; Where it's in our legitimate interests to ensure that complaints are investigated,for example, ensuring that our customers receive a high standard of service and prevent complaints from occurring in future; In the case of sensitive information, such as medical information, where you have agreed.
To provide our services to you	Where necessary for the performance of our services/ agreement or to take steps to enter into an agreement with you; Where the law or regulation requires this.
For assessment, testing (including systems tests),analysis (including credit and/ or behaviour scoring), statistical, market and product analysis and market research.	Where the law or regulation requires this; Where it's in our legitimate interests to develop, build, implement and run business models and systems which protect our business interests and provide our customers with a high standard of service.
To evaluate, develop and improve our services to you and other customers	Where it’s in our legitimate interests continually to evaluate, develop or improve our products and services as well as the experiences of users of our sites, so that our customers are provided with a high standard of service.
To protect our business interests and to develop our business strategies	Where it's in our legitimate interests to protect our people, business and property and to develop our strategies; Where necessary for the performance of our services/ agreement or to take steps to enter into an agreement with you; Where the law or regulation requires this;
To contact you, by post, phone, text, email and other digital methods. This may be: to help you manage your accounts to meet our regulatory obligations to keep you informed about products and services you hold with us and to send you information about products or services (including those of other companies) which may be of interest to you.	Where the law or regulation requires this; Where we have agreed to contact you in our agreement with you; Where you agree; Where it’s in our legitimate interests to share information with our customers about products / services that may be relevant and beneficial to them. Where we send you marketing messages, you can always tell us when you no longer wish to receive them.
To collect any debts owing to us	Where it's in our legitimate interests to collect any debts owed to us; In the case of sensitive information, such as medical information, where you have agreed.
To meet our regulatory compliance and reporting obligations and to prevent, detect, investigate and prosecute fraud and alleged fraud, money laundering and other crimes. We may record your image on CCTV when you visit our premises.	Where the law or regulation requires this; Where it's in our legitimate interests to prevent and investigate fraud, money laundering and other crimes; Where such processing is a contractual requirement of the services or financing you have requested.
To assess any application you make, including carrying out fraud, money laundering, identity, sanctions screening and any other regulatory checks.	Where you have made data public; Where such actions are in our legitimate interests, for the protection of our business interests; Where the law or regulation requires this; In the case of sensitive information, such as medical information, where you have agreed.
To monitor, record and analyse any communications between you and us, including phone calls	Where it’s in our legitimate interests, to check your instructions to us, to prevent and detect fraud and other crimes, to analyse, assess and improve our services to customers, and for training towards enhancement of our customer service provisions and protection of our business interests; In the case of sensitive information, such as medical information, where you have agreed.
To transfer your information to or share it with any third party to whom your account has been or may be transferred following a restructure, sale or acquisition of any group company	Where necessary for the performance of our agreement or services with you; Where we have a legitimate interest in restructuring or selling part of our business.
To share your information with UK, India or other relevant tax authorities, Monetary Authority of Singapore (MAS), Personal Data Protection Commission (PDPC) Reserve Bank of India (RBI) and other government authorities, credit reference agencies, fraud prevention agencies, and UK and other overseas regulators and authorities	Where the law or regulation requires this; Where we have a legitimate interest in performing certain credit checks so that we can make responsible business decisions in relation to products/ services provided to our customers. As a responsible organisation, we need to ensure that we only provide certain products/ services to companies and individuals where the products are appropriate, and that we continue to manage the services we provide, for example if we consider that you may have difficulties making a payment to us. Where we have a legitimate interest in assisting with the prevention and detection of fraud and other crimes. Where we have a legitimate interest in assisting Singapore, UK and overseas regulators, who monitor banks’ compliance with the applicable law and regulations; More detail on our data sharing with these organisations is set out below.
To share your information with our partners and service providers	Where necessary for the performance of our services / agreement with you; Where we have a legitimate interest in using third parties to provide some products/ services for us or on our behalf.

AUTOMATED DECISION MAKING

We may carry out automated anti-money laundering and sanctions checks. This means that we may automatically decide that you pose a fraud or money laundering risk if the processing reveals your behaviour to be consistent with that of known fraudsters or money launderers, is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk: (i) we may refuse to provide the services you have requested, or we may stop providing existing services to you; and (ii) a record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services or employment to you.

INFORMATION SHARING

We keep all your personal data confidential. However, in order to be able to service your needs to the best of our ability, we may share any information you provide to us with our group companies and their agents, counterparties and support service or data providers, wherever located. If you have provided information to other members of our group, those entities may also share that information with us. We will ensure that if we share such information with third parties, any such disclosure is at all times in compliance with Data Protection Legislation.

To help us provide services, your data will be processed internally and externally by other third parties. We use third parties for administrative, servicing, monitoring of your data. We will outsource some services to third parties whom we consider capable of performing the required processing activities ensuring that there is no reduction in the service standard provided to you by us.

The recipients or categories of recipients, of your information may be:

Any revenue service or tax authority including relevant Income Tax authorities, if obliged to do so under applicable law or regulations.
UK and Overseas regulators and authorities in connection with their duties (such as crime prevention).
Anyone to whom we may transfer our rights and/or obligations;
Any other person or organization after a restructure, sale or acquisition, as long as that person uses your information for the same purposes as it was originally given to us or used by us (or both)
Credit reference, identity and address verification organizations who may record and use your information and disclose it to other lenders, financial services organizations and insurers. Your information may be used by those third parties to make assessments in relation to your creditworthiness for debt tracing.
Fraud prevention agencies and law enforcement agencies who will use it to prevent fraud and money-laundering and to verify your identity if false or inaccurate information is provided by you. We, fraud prevention agencies and law enforcement agencies may access and use your information for example, when:
- Checking details on applications for credit and credit related or other facilities;
- Managing credit and credit related accounts or facilities;
- Recovering debt;
- Checking details on proposals and claims for all types of insurance
Other product and service providers for products and services which you would have agreed to avail or being referred to you;
Service providers as appointed from time to time for operational support
Courier or postal service providers for the purpose of sending of mails to you as a customer;

For further information, please refer to respective product specific terms and conditions and application form.

DETAILS OF DATA TRANSFERS OUTSIDE THE EU

Information about you in our possession may be transferred to other countries outside the European Economic Area (particularly to our parent company in India and our booking centre i.e. ICICI Bank Limited, Singapore Branch) for any of the purposes described in this Privacy Notice.

You understand and accept that these countries may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information it holds and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process. In addition, a number of countries have agreements with other countries providing for exchange of information for law enforcement, tax and other purposes.

If we or our permitted third parties transfer your information outside the European Economic Area in (for example as part of outsourcing), we or they will impose contractual obligations on the recipients of that data to protect such information to the standard required in the European Economic Area.

If we transfer your information outside the European Economic Area in other circumstances (for example because we have to provide such information by law), we will use best endeavours to put in place appropriate safeguards to ensure that your information remains adequately protected.

RETENTION AND DISPOSAL OF DATA AND OUTPUT

We will keep the information we collect about you on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject.

However, we may retain your information, or information relating to your account beyond the statutory timelines after you cease to be a customer for longer than statutory timeline, provided it is necessary for a legal, regulatory, fraud prevention or other legitimate business purpose.

STORAGE OF YOUR PERSONAL DATA AND DATA SECURITY

All information you provide to us is stored in our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know basis. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

OUR COMMUNICATION WITH YOU

We may communicate with you via electronic mail (e-mail) or other channels.We will never ask you for your password.

When you contact us through any of our communication channels including visiting a local branch or calling the telephone banking service, we will verify your identity by asking you a number of questions based on information known to us about you and the transactions on your account. We may record your calls for training, quality and security purposes.

MARKETING INFORMATION

We and other members of our group may use your information from time to time to inform you by letter, telephone, text (or similar) messages, email or other electronic means, about similar services which may be of interest to you or them.

You may, at any time, request that we cease or do not send such information by one, some or all channels, by contacting us using the contact details set out below.

RIGHTS OVER YOUR PERSONAL DATA

Under certain circumstances, by law you have the right to:

Be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third party sources from which it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance and envisaged consequences).
Object to your personal data being processed for a particular purpose or to request that we stop using your information.
Request not to be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data.
Ask to transfer a copy of your personal data to you or to another service provider or third party where technically feasible and otherwise required by applicable regulations.
Withdraw, at any time, any consent that you have previously given to us for our use of your personal data.
Ask to stop or start sending you marketing messages at any time, if applicable.
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us.
Request the erasure of your personal data. This enables you to ask us to delete or remove personal data where you think that we do not have the right to process it.

Any request for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will provide this information free of charge unless the request is manifestly unfounded or excessive. We will comply with our legal obligations as regards any individual’s rights as a data subject.

If you would like to contact us in relation to any of the rights set out above please contact us using the following contact details. To protect your privacy and security, we may take reasonable steps to verify your identity before providing you with the details.

1) Mr. Sandip Agarwal, The Data Protection Officer, ICICI Bank UK PLC, One Thomas More Square, London, E1W 1YN.

2) Data Protection Officer, ICICI Bank Limited, Singapore Branch, 9 Raffles Place, # 50-01 Republic Plaza, Singapore 048619 by emailing at dpo.sg@icicibank.com

RIGHT TO COMPLAIN TO THE SUPERVISORY AUTHORITY

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this Regulation.

THIS PRIVACY NOTICE

The content or services mentioned on our website may be changed in future and consequently this Privacy Notice may also change. Any changes we may make to this Privacy Notice in the future will be posted on this page and where appropriate, notified to you by email. We recommend that you re-visit this page regularly and inform us if you do not agree to any term mentioned here.