Data Privacy Policy

1. Introduction

Tehri Garhwal Zila Sahkari Bank Ltd, Tehri recognizes that one of its fundamental responsibilities is to ensure that it protects personal information entrusted to it by its customers. This is critical for the maintenance of the Bank’s reputation and for complying with its legal and regulatory obligations to protect the Bank’s customer information. The Bank also follows a transparent policy to handle the personal information of its customers.

This privacy policy has been framed in accordance and in compliance with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (the “IT Rules”) framed under the Information Technology Act 2000 and Master Circular on Customer Service in Banks issued by Reserve Bank of India.

This Privacy Policy is applicable to personal information (including sensitive personal information) collected by the Bank directly from the customer or through the Bank’s online portals, electronic communications as also any information collected by the Bank’s server from the customer’s browser.

• Operational Guidelines to the Policy
  • Classification of Information
  • Personalinformation Personal Information

Means any information on that relates to a natural person, which either directly or

Indirectly, in combination with the other information available or likely to be available with the Bank, is capable of identifying such person (e.g., telephone number, name, address, transaction history etc.).

“Sensitive personal data or Information” of a person mean such Personal Information which consists of information relating to passwords, financial information such as account or credit card or debit card or other payment instrument details, historical physiological and mental health conditions, medical records and history, biometric

1

information, details of nominees and national identifiers including but not limited to: Aadhaar card, passport number, income, PAN, etc. For customers enrolled services provided by the Bank, such as online bill payment, personal information about the transaction is collected.

2.2.2. Non-personal information

includes the IP address of the device used to connect to the Bank’s website along with other information such as browser details, operating system used, the name of the website that redirected the visitor to the Bank’s website, etc. Also, when customers browse our site or receive one of our emails, the Bank and our affiliated companies, use cookies and/or pixel tags to collect information and store their online preferences.  •

Any information that is freely available or accessible in the public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as Sensitive Personal Data or Information.

The information customers provide online is held by the Bank business that maintains the account or is processing the application for a new product or service.

2.3. Purpose of Collection and Usage of Personal Information

The Bank shall use the Personal Information collected to manage its business and offer an enhanced, personalized online experience on its website. Further, it shall enable the Bank to:

1. Process applications, requests and transactions

n. Maintain internal records as per regulatory guidelines

•  Provide services to customers, including responding to customer requests 1v. Comply with all applicable laws and regulations
• Recognize the customer when he conducts online banking
• Understand the needs and provide relevant product and service offers
• If a customer does not wish to provide consent for the usage of his/her Sensitive Personal Data or Information or later withdraws the consent, the Bank shall not provide services or withdraw the services for which the information was sought from the customer.

2.4. Disclosure/ Sharing of Information

The Bank’s obligation to maintain secrecy arises out of the contractual relationship between the Bank and the customer, and as such no Sensitive Personal Data or Information would be divulged to third parties except under circumstances that are well defined. The Bank shall not disclose Sensitive Personal Data or Information of its customers without their prior consent unless such disclosure has been agreed to in a contract between the Bank and the customers, or where the disclosure is necessary for compliance of a legal obligation. In case Bank discloses the Sensitive Personal Data or Information to third

parties, such third parties shall be bound contractually to ensure that. they protect customers’ Sensitive Personal Data or Information in accordance with applicable laws.

The above obligations relating to sharing of Sensitive Personal Data or Information shall not apply to Sensitive Personal Data or Information shared with the government­ mandated under the law to obtain such information or by an order under law for the time being in force. Further, if any Sensitive Personal Data or Information is freely available or accessible in the public domain, the Bank shall not have any obligations regarding the same.

No Personal Information about customer accounts or other personally identifiable data shall be shared with non-affiliated third parties unless any of the following conditions are met:

To help complete a transaction initiated by the customer

To perform support services through an outsourced entity provided it conforms to the Privacy Policy of the Bank

The customer/ applicant has specifically authorized it

To conform to legal requirements or comply with legal process Where there is a duty to the public to disclose

The information is shared with Government agencies mandated under law The information is shared with any third party by an order under the law

Enforce the terms and conditions of the products or services Act to protect the rights, interests or property of the Bank, or its members, constituents or of another person·

• Accuracy

The Bank shall have processes in place to ensure that the Personal Information residing with it is complete, accurate and current. If at any point of time, there is a reason to believe that Personal Information residing with the Bank is incorrect, the customer should inform the Bank in this regard. The Bank shall correct the erroneous information as quickly as

possible.

3. Response to Enquiries and Complaints

The Bank may use the Personal Information of customers to contact customers with newsletters, marketing or promotional materials and other information that may be of use to customers through letters, emails, mobile messages etc. The customers have the option to decline receipt of such communications from the Bank.

The Bank shall encourage customer enquiries, feedback and complaints which would help it to identify and improve the services provided to_ its customers. In relation to such enquiries and complaints, customers shall have the rights available to them under the IT Rules and any other applicable law.

In case of an discrepancy or grievance with respect to all or any Personal Information shared with t)ie Bank, please feel free to contact The Nodal Officer Customer Grievance

Cell of the Bank.

4. Security Practices

The security of Personal Information is a priority and shall be ei:15ured by maintaining physical, electronic, and procedural safeguards that meet applicable laws to protect customer information against loss, misuse, damage and unauthonzed access, modifications or disclosures. Employees of the Bank shall be trained in the proper handling of Personal Information. When any third-party body corporates are used to provide services on behalf of the Bank, it shall ensure that such body corporates protect the confidentiality of Personal Information they receive in the same manner the Bank protects. The Bank shall continuously review and enhance its security policies and security measures to consistently maintain a high level of security. However, as effective as these measures are, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that the information the Customer supplies will not be intercepted while being transmitted to us over the internet. The customers accept the inherent security implications of data transmission over the internet and the world wide web cannot always be guaranteed completely secure. Therefore, customers’ use of the website will be at their own risk.

• Policy Amendment Authority

The Bank shall reserve the right to change or update this Policy, at any time with reasonable notice to customers on the Bank’s website so that customers are always aware of the information which is collected, for what purpose Bank uses it, and under what circumstances, if any, Bank may disclose it. •

By virtue of this Privacy Policy, the customer assents to the collection, use, transfer, disclosure, retention and other processing of her/his Personal Information, including Sensitive Personal Data or Information, as described in this Policy.

6. Force Majeure

Notwithstanding anything contained in this Privacy Policy or elsewhere, the Bank shall not be held responsible for any loss, damage or misuse of customer’s Personal Information, if such loss, damage or misuse is attributable to a Force Majeure Event (as defined below) or any act or omission attributable to the customer or any person claiming on his/her behalf. A “Force Majeure Event” shall mean any event that is beyond our reasonable control and shall include, without limitation, sabotage, fire, flood explosion acts of God, civil commotion, strikes or industrial action of any kind, riots, i urrection’ war, acts of government, computer ha king, unauthorized access to the computer’ computer system or computer network) computer crashes, breach of security and encryption (provided beyond our reasonable control), power or electricity failure or unavailability of adequate power or electricity.

7. Miscellaneous

The invalidity or unenforceability of any part of this Privacy Policy shall not prejudice or affect the validity or enforceability of the remainder of this Privacy Policy. This Privacy Policy does not apply to any information other than the information collected by us through any means. This Privacy Policy shall be inapplicable to any unsolicited information any customer provides us through any means. All unsolicited information shall be deemed to be non-confidential and we shall be free to use and/ or disclose such unsolicited information without any limitations. The rights and remedies available under this Policy may be exercised as often as necessary and are cumulative and not exclusive of rights or remedies provided bylaw. It may be waived only in writing. Delay in exercising or non-exercise of any such right or remedy does not constitute a waiver of that right or remedy, or any other right or remedy.

8. Governing Laws and Jurisdiction

This Privacy Policy is governed by the laws of India and the courts in the state of Uttarakhand shall have exclusive jurisdiction over any disputes in relation to the Privacy Policy.