Unity Small Finance Bank Limited (hereinafter referred to as ‘the Bank’) recognizes the expectations of its customers with regard to privacy, confidentiality and security of their personal information that resides with the Bank. Bank takes your privacy seriously and, is committed to protect customer’s personal information and assures that the information made available to the Bank will be safely maintained.
The Bank will use its best efforts to prevent inadvertent disclosure of your Personal Information to unauthorized personnel or to any other third-party vendor. The Bank will not publish any Personal Information provided by you.
This Data Privacy Policy sets out the way in which the Bank collects, uses, shares, discloses, transfers, and disposes your Personal Information when you use the Bank’s website or other digital platforms and their sub-domain/ custom extensions (i.e., applications such as, but not limited to, applications for digital lending, mobile applications of the Bank as also information/ data provided through API based mechanism).
You are advised to read the Data Privacy Policy before navigating the Bank’s website and other digital platforms.
Please note that the Bank’s website and other digital platforms may contain links or have a mechanism of re-direction to and from websites/ webpages/ platforms/ apps of other networks, advertisers, affiliates, Processing entities and third-party vendor websites and other digital platforms which are provided for your convenience. While the Bank shall be responsible for the privacy practices and security of the information that you share with the Bank, the Bank urges and recommends that you refer to the privacy policy of the websites/ other digital platforms that you visit and we do not accept any responsibility or liability for any such notices. Kindly ensure you check such notices, where available, before you submit any Data to these websites/ webpages/ platforms/ apps.
Definitions
(1) “Personal Information” means any information that relates to a person/natural person, which either directly or indirectly, in combination with other information available or likely to be available with and/or comes in to possession of and/or shared by the customer/you with the Bank, is capable of identifying such person and shall include without limitation the following categories of Personal Information/sensitive Personal Information that the Bank may collect, share, receive, possess, store, use, deal, handle, transfer, and otherwise process, to the extent permitted by regulatory/ statutory guidelines:
- Sensitive Personal Information (defined below).
- nformation about you: This may include, without limitation, your name, user IDs, signature, email addresses, phone numbers, addresses, KYC/identity documents (for example: Aadhaar and PAN), biometric data, communications with us, device and location data, information about how you use our Services, etc.
- Your preferences relating to receiving marketing messages/alerts/emails/pop ups from us and our service providers.
- Previous names, maiden names, marital status, relatives information, nomination, medical condition, domicile, origin, citizenship, nationality, residence, any legal or other identifiers like Taxpayer Identification Number (TIN / National ID/ Social Security Number/ or its equivalent, photograph and gender.
- Personal Information that identifies (whether directly or indirectly) a particular individual, such as information you provide on any forms, surveys, online applications or similar online fields.
- Demographic information that you provide and aggregated or de-identified Personal Information.
- Bank account details, investments history, credit/debit card details, loan details, financial information, payment credentials, lending history, repayment history, credit history, payment details, prepaid payment instrument details, any other instrument/ modality/ function details, UPI handles, income details, history in relation to these etc.
- Employment / occupational information.
- Residential status under banking, general and tax laws.
- Spending/saving/investing/payments/receipts/borrowing history.
- Risk profile, financial objectives, financial knowledge and experience, preferences and any other information to assess the suitability of the products/services to you.
- Information collected when you make or receive payments.
- Other information such as information relating to occupation and financial situation such as employer’s name and address, if self-employed, type of account, and nature and volume of anticipated business dealings, with the conventional bank licensee, income proof, bank statements, income tax returns, salary slip, contract of employment, passbook, expenditure, assets and liabilities, source of wealth and signature.
- Personal Information that is collected when you make financial and non-financial transactions. Personal Information may include information associated with the transaction such as amount sent or requested, amount paid for services/products or merchant information, including information about any funding instruments used to complete the transaction.
- If you give information or data about someone else (for example, information or data about a spouse or financial associate provided during the course of a joint application with that person), or someone gives information about you, may be added to any Personal Information that is already held about you and can be used in the ways described in this Data Privacy Policy.
- Your Personal Information from third party providers: In order to enhance our ability to provide relevant marketing, offers, and services to you, Personal Information about you is obtained from other sources with your consent, such as email service providers, public databases, joint marketing partners, social media platforms, as well as from other third parties as appropriate.
- Information including Personal Information from credit information companies/ credit reference agencies, risk management and fraud prevention agencies, national and government databases.
- Information including Personal Information from other parties and entities where we are a part of a transaction in one or more roles even though we may not be directly interfacing you, for example during the course of remittances being initiated by you through your bank to a beneficiary whose bank account is with us.
- Personal Information of authorised signatories or authorised persons or representatives of non-individual applicants/ customers/ users of any services, whether direct or indirect.
- Information about your internet activity is collected using technology known as cookies, which can often be controlled through internet browsers. For detailed information on the cookies used and the purposes for which they are used, kindly refer to the section on ‘Cookie’, forming part of this Policy., Your digital and electronic devices where various checks are performed are designed to ascertain and verify your residency to ensure we meet our regulatory obligations. These checks include identifying and collecting your location (with your specific permission) and the IP address your device connects from and the collection of information about your use of the website or mobile app (including device type, operating system, screen resolution, and the way you interact with us).
- Information about your Internet browser, IP address, information collected through tracking technologies.
- Unique device identifier such as International Mobile Equipment Identity (IMEI) number, technical usage data, contact lists (in some cases where specific permission is obtained), technical data about your computer and mobile device including details regarding applications and usage details.
- Information such as your fingerprint, etc. that you choose to provide to us. We will not collect your biometric information without your explicit consent.
- Generation and storing password or PIN in encrypted form.
- Information in relation to data access, correction, restriction, deletion, porting requests and complaints.
- CCTV images and Personal Information at our Bank branches, offices and ATMs (but only for security reasons and to help prevent fraud or crime).
- Conversations during meetings/calls/correspondences/discussions with bank staff.
- Social relationships detail such as your father’s name, spouse’s name and mother’s name;
- Behavioural details as to how to utilise our services/products, offers etc., your browsing actions, patterns and online activity;
- Records of correspondence and other communications with you, including email, telephone conversations, live chat, instant messages and social media communications containing information concerning your grievances, complaints and dispute.
- Any other information, Personal Information or records which you may consent to be collected or used.
- Your communication preferences
Any derivative of the aforesaid information like any credit scores or behavioural projections, profiling, analytical results, reports. (2) “Sensitive Personal Information” of a person means such Personal Information which consists of information relating to:
- passwords
- financial information such as Bank account or credit card or debit card or other payment instrument details
- physical, physiological and mental health condition;
- sexual orientation
- medical records & history
- biometric information
- any detail relating to the above clauses as provided to body corporate for providing service any of the information received under above clauses by body corporate for processing stored or processed under lawful contract or otherwise. Provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as Sensitive Personal Information for the purposes of this policy.
(3) "Customer" or “you” or “You” refers to a person who may have:
- Visited the bank's website, mobile app, or any other platform provided by the Bank.
- Sought information about the Bank's products, services, or other offerings.
- Established a relationship with the bank.
- Avails any products and/or services of the/offered by the Bank.
Applicability
This Policy is applicable to Personal Information and Sensitive Personal Information collected by the Bank or its affiliates directly from the customer or through the Bank’s online portals, mobile applications and electronic communications as also any information collected by the Bank’s server from the customer’s browser.
PURPOSE OF COLLECTION AND USE OF PERSONAL INFORMATION
The Bank collects and uses the financial information and other Personal Information from its customers. YourPersonal Information will be collected on need-to-know basis and shall be used for specific business purpose or for other related purposes designated by the Bank or for a lawful purpose to comply with the applicable laws and regulations and to provide products or services as requested by you. The Bank will obtain your explicit written consent where necessary prior to processing your Personal Information. The Bank shall maintain audit trail of such consent provided by you.
The Bank may supplement the Personal Information that you provide with other information obtained from the Bank’s dealings with you or which the Bank receives from other organizations, such as, the Bank’s lending service providers and other third-party vendors.
Please note, if you do not choose to provide the Bank with the requested Personal Information, the Bank may choose to deny you products or services.
The Bank will use your Personal Information for lawful purposes, including the following:
- to administer and provide products and services you request or have expressed an interest in and to communicate with you in respect thereof.
- to share with third parties who are also involved in administering and providing products or services you request or have expressed an interest in.
- to communicate with you in the event that any products or services you have requested are unavailable.
- to update you and make subsequent offers about other relevant products and services that may be of your interest.
- for fraud screening and prevention purposes by taking preventive measures and managing associated and independent risks.
- for audit, compliance, and risk management
- to manage relationship with you.
- for processing or executing transactions.
- for business purposes such as, but not limited to, deriving business insights
- to contact you or to establish contact with you or your whereabouts.
- credit assessment, risk assessment, risk analysis, obtaining credit information reports, scores, scrubs, fraud checks, fraud detections, fraud prevention, detecting and preventing crime including crime/ terror funding, detecting malpractices or discrepant documents or information, prevention of misuse, assessment of credit worthiness, financial standing, due diligence, background check, physical and other inspections, verifications, obtaining any reports for any of the above, KYC/ AML checks, customer service, monitoring, collections, default detection, default prevention, default investigation, recovery, any legal proceedings, actions, enquiries, investigations, pursuing any remedies, enforcing rights, reporting including credit reporting, KYC reporting, default reporting, filing, perfections etc., whether any of these are undertaken internally or through any Processing Entity or through a combination of multiple options.
- to perform activities such as data analysis, audits, usage trends to determine the effectiveness of our campaigns and as input into improving Products.
- for credit scoring, credit analysis, risk analysis, obtaining any reports, credit scores, credit information, scrubs, for assessing and undertaking/ evaluating financial standing, fraud check, fraud probability, reference checks, due diligence, inspections, etc. including from or through any credit information companies, bureaus, fintech entities or service providers.
- to allow you to utilize features on platforms/ apps by granting us access to Personal Information from your device
- for system or product development and planning, audit, and administrative purposes.
- where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. Processing may be required to meet our legitimate interests, for example, to understand the customer behaviour, customer expectations, to build analytical models, or to understand how customers use or respond to the services/products, or to develop new services/products, as well as improve the services/products we currently provide. This may also include sharing of your Personal Information either as part of a sample or specifically or generally with any potential or actual service provider or consultant or vendor or third party or Processing Entity, for the purposes of testing of proof of concept, where the utility, workability, efficacy, authenticity of any solution or service proposed or being rendered by any such person may be tested, and any such person may process such Personal Information along with any other data it may have or source externally, for the purpose of running or pilot running or testing of the proposed solution or service and to submit the results to us along with the Personal Information and any other data which such person may have or source. You agree that such sharing of Personal Information and processing thereof and testing of proof of concept is in our legitimate interest to improve our efficiency, customer service, product delivery, to prevent frauds, etc. and ultimately is a necessary part of developing the ecosystem where customers and potential customers including you, benefit.
- where processing is necessary to protect your interests, where we need to process your Personal Information and you are not capable of providing consent (emergency situations).
- subject to a specific consent (obtained separately from this Data Privacy Policy), to allow you to participate in surveys and other forms of market research, contests and similar promotions and to administer these activities. Some of these activities have additional rules, which may contain additional information about how Personal Information is used and shared.
- where we have your consent to do so.
- for record keeping purposes.
- for authenticating the identity of the customer including but not limited to Aadhar, PAN or any other identity document.
- to carry out market research and get feedback so that the Bank can improve the products and services offered.
- to track your activity on the Bank’s digital platforms.
- to create an individual profile for you so that the Bank can understand and respect your preferences.
- to personalize and improve your experience on the Bank’s digital platforms.
- to personalize and/ tailor any communications that the Bank may send you.
- for profiling purposes to enable the Bank to personalize and/or tailor any marketing communications that you may consent to receive from the Bank.
- fulfilling any regulatory or legal requirements applicable to the Bank.
When the Bank provides you with products or services or where you register with the Bank your interest in the Bank’s products or services, the Bank may collect and store your Personal Information, for example, when you sign up for an online account, register to receive marketing communications from the Bank/ Group Companies (and/ or from our lending service providers and third-party vendors), fill in one of our forms (whether online or offline) or otherwise provide the Bank with your Personal Information for purposes listed above.
The Bank’s applications may require one-time access to your mobile phone resources such as camera, microphone, location, or any other facility necessary for the purpose of on-boarding/ know-your-customer (KYC) requirements. Such access shall only be obtained after seeking your consent. However, the Bank shall in case of digital lending ensure that the applications desist from accessing resources on your mobile phone such as, file, media, contact list, call logs, and telephony functions.
Further, the Bank shall not collect/ store your biometric information in the systems associated with the Bank’s applications or the Bank’s third-party vendor applications unless permitted under applicable law.
The Bank shall ensure that our applications or our third-party vendors engaged to provide products/ services to you will not store your Personal Information except such information (such as, but not limited to, name, address, contact details) that may be required to carry out operations. The Bank shall enable you with an option not to provide the information sought to be collected, provide, or deny consent (in written) for use of specific Personal Information, restrict disclosure to third-party vendors and to revoke consent already granted at the time of collecting Personal Information if mandated by law or any other decree.
The Bank shall share the purpose of collection of Personal Information every time the Bank seeks your consent.
The authenticity of the Personal Information provided by the customer shall not be the responsibility of the Bank. Any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as Personal Information for the purposes of this Policy and the Bank shall not be responsible for the same.
You must ensure that all Personal Information that you provide us with is accurate, up-to-date, and true. You will be responsible for any errors, discrepancies, or inaccuracies in the Personal Information you share with us, except for such Personal Information that has been verified through KYC processes set out by applicable law and backed by documentary proof. When you use our Services, we make best efforts to provide you with the ability to access and correct inaccurate or deficient Personal Information, subject to any legal requirements.
SHARING YOUR PERSONAL INFORMATION
The Bank requires that the third-party vendors protect your Personal Information, only process it for the purposes it was shared for and not disclose it further.
The Bank may share your Personal Information with:
- Subsidiaries and/or affiliates/group companies.
- Service providers, vendors, agents etc. who perform services for the Bank.
- Entities or persons with whom we have tie-ups for the co-branded services, products or programs, any rewards programs or loyalty programs, any benefits, offers, features or any similar arrangements.
- Lending service provider, co-originators, collaborators, and persons with whom the Bank may have a tie-up for any services/products.
- Other third parties to comply with legal requirements such as the demands of applicable warrants, court orders; to verify or enforce our terms of use, our other rights, or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise to protect the rights, property or security of our customers or third parties.
- Credit information companies, bureaus, fintech entities or service providers for the purposes of obtaining any reports, credit scores, credit information, scrubs, financial standing, fraud check, fraud probability, reference checks, due diligence, inspections, risk analysis etc.
- Any persons involved in any transaction which necessitates sharing of such Personal Information
- Any persons involved in any payment system or infrastructure or architecture of which the Bank is a part including NACH, UPI, ECS, ATM portability, IMPS, RTGS, NEFT etc. or with any persons (including TPAP) to whom the Bank acts as a service provider, distributor, agent, referral entity, promoter, marketer, sponsor bank, PSP bank, trustee, etc. where you are part of any payment or withdrawal or transaction or purchase/ sale/ distribution of any product, whether as payee, payer, beneficiary, intermediary, distributor etc. and whether your interface/ interaction is directly with us or not or with any such other person or any platform/app.
We may share your Personal Information, without obtaining your consent or without intimating you: (a) with governmental, statutory, regulatory, executive, law-enforcement, investigating or judicial/ quasi-judicial authorities, departments, instrumentalities, agencies, institutions, boards, commissions, courts, tribunals, who ask for such Personal Information including by way of an order, direction, etc; or (b) with any person, where disclosure is necessary for compliance of any legal or regulatory obligation. Wherever the Personal Information is shared as above, we will not have control over how such Personal Information is further processed by such authorities, persons, etc.
The Personal Information may also be shared by any of the aforesaid entities/ persons with their service providers, consultants, agents, subsidiaries, affiliates, co-brand entity/partner, distributors, selling/ marketing agents, any partners, fintech companies, other players/ intermediaries in any ecosystem of which we are a part, TPAPs (for whom we act as PSP bank), collaborators, co-lenders, co-originators, merchants, aggregators, lead generators, sourcing entities, clients, customers or other persons with whom we have a tie-up or contract for any products or services etc. for any of the aforesaid purposes or any purposes incidental or necessary thereto. Any person or entity with whom the Personal Information or any part thereof is shared by us or further shared by any of them, for any of purposes under this Data Privacy Policy, shall be referred to as a processor. Wherever the Personal Information is shared with any processor (with whom we have direct contract), we will through such contracts restrict the processing by them of such Personal Information for the aforesaid purposes.
Kindy note that the list of lending service providers (LSPs) & digital lending applications (DLAs) and collection & recovery agents authorized by the Bank to process personal information can be accessed on the website of the Bank.
STORAGE AND TRANSFER OF PERSONAL INFORMATION
The Bank may transfer your Personal Information to any of its associated entities/ group companies in India that ensures the same level of information protection that is adhered to by the Bank itself. The Personal Information collected by the Bank is shared with any other organization/third party for the following purposes:
- Enabling financial or other transactions, e.g., V-KYC.
- Credit reporting.
- Legal and regulatory disclosures, if any.
- Providing services/products of such third parties.
- For completion of the transactions initiated by the customers/you by suing the Banks services/products.
- Enhancing customer experience, such as but not limited to service offerings.
- For any other purposes subject to terms and conditions accepted by the customer/you with the Bank for any specific products/services of the Bank/availed by the customer/you from the Bank.
While doing so, the Bank is committed to maintaining banking norms, confidentiality clauses, terms and conditions agreed with the customer, and legal and regulatory standards. Although the Bank takes appropriate measures to maintain the highest standards of data privacy, the Bank will not be liable for any malpractice from third-party vendors.
The Personal Information collected by the Bank is shared with employees on a need-to-know basis. For business analysis, customer Personal Information is anonymized. The Bank takes various initiatives to educate its employees about data privacy and has a strong enforcement mechanism to discipline any violations if they occur.
Bank complies with applicable laws/internal policies in respect of the storage and transfer of Customer Information. As a part of Your use of the Services, the Personal Information you provide to us may be transferred to and stored in countries other than the country you are based in. This may happen if any of our servers are from time to time located in a country other than the one in which you are based, or if one of our vendors, partners, or service providers is located in a country other than one you are based in. We ensure that that any recipients of Personal Information that we transfer are subject to suitable confidentiality obligations and access to and processing of Personal Information is in accordance with contractual terms, applicable laws, and our instructions.
LOG AND RECORD RETENTION OF PERSONAL INFORMATION
In accordance with applicable laws/ regulatory requirements and internal policies/ contractual obligations, the Bank shall retain your Personal Information for the period necessary to fulfil the lawful business purposes outlined in this Data Privacy Policy unless a longer retention period is required or is permitted by law/ regulatory body.
We will keep the Personal Information we collect on our systems or software or hard copies of such information or with third parties for as long as required for the purposes set out above or even beyond the expiry of transactional or account based relationship with you: (a) as required to comply with any legal and regulatory obligations to which we are subject, or (b) for establishment, exercise or defence of legal claims, or (c) as specified in this Data Privacy Policy, or (d) in accordance with specific consents.
If the retention of customer information is not required, we have deployed policies and procedures to destroy or delete such customer information on a best effort basis. The Bank shall dispose Personal Information using secure destruction mechanism only.
Contact Information
In order to address any discrepancies or grievances related to the Personal Information residing with the Bank, the customer may contact the Grievance Redressal Officer. The details of the Grievance Redressal Officer are published on the website of the Bank.
COOKIES
Bank’s digital platforms use various third party analytical tools. These tools use cookies which are downloaded to your device when you visit the Bank’s website/ digital platform in order to provide a personalized browsing experience. Further, in common with many other website operators, the Bank uses standard technology called ‘cookies’ on its website. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive, and they are used for lots of tasks like remembering your preferences and settings, provide personalized browsing experience and analyze website operations to record how you navigate the Bank’s website on each visit and to provide for a personalized browsing experience.
These cookies automatically collects information and temporarily stores the following information such as but not limited to about your visit:
- the name of the domain you use to access the Internet;
- the date and time of your visit;
- the pages you visited;
- the address of the web site you came from when you came to visit
The Bank uses this information for statistical purposes and to help make the Bank’s available digital platforms/ channels more useful to visitors. All information collected by third party cookies is aggregated and anonymous. By browsing the website and using Bank’s digital platforms you agree that these type of cookies can be placed on his/ her/ their device. User is free to disable/ delete these cookies by changing his/ her/ their device/ browser settings. Bank shall not be responsible for cookies placed in the device of user/s by any other website or information collected thereto.
SAFEGUARDING YOUR PERSONAL INFORMATION
The security of Personal Information is a priority and is protected by maintaining physical, electronic, and procedural safeguards that meet applicable laws. The Bank takes reasonable precautions to keep your Personal Information secure and require any third-party vendors/employees/affiliates that handle or process your Personal Information for the Bank to do the same. Access to your Personal Information is restricted to prevent unauthorized access, modification, or disclosure
The Bank shall manage security breaches that impact Personal Information as per the Bank’s incident management processes.
All Personal Information that the Bank collects shall be stored in servers located in India as per the local regulatory requirement.
YOUR PRIVACY RIGHTS
The Bank shall provide you with reasonable access to view and review your Personal Information and request correction and deletion where appropriate. In order to protect your privacy, the Bank shall take reasonable steps to verify your identity before granting access to your Personal Information.
You have the right to tell the Bank if you:
- do not want to be contacted by the Bank in the future
- would like a copy of the Personal Information which the Bank holds about you
- would like to delete your Personal Information from the Bank’s records (including the Bank’s applications and applications of third-party vendors used to provide services to you)
- wish to report any misuse of your Personal Information
- would like to correct or update your Personal Information
HANDLING PRIVACY CONCERNS
To exercise your privacy rights or in case you have any questions about this Data Privacy Policy or the Bank’s data privacy practices or to report any grievances, then please reach out at care@unitybank.co.in.
Grievance redressal shall be carried out at the earliest and in accordance with the grievance redressal policy of the Bank. The escalation matrix for redressal of grievances is available on the website of the Bank.
UPDATES TO OUR DATA PRIVACY POLICY
The Bank may amend the Data Privacy Policy from time to time and post the updated version of the same on the Bank’s website. The Bank encourages you to visit the Bank’s website periodically and stay informed about how the Bank uses your Personal Information.
In the event where there is conflict between this Policy and the RBI regulations/ Statutory guidelines, the latter shall prevail.
The updated policy shall be effective as soon as it is published on the Bank’s website/ respective apps/ platforms. If you use our website or Apps, platforms or make any application/ request for any Product or use any Product or make any service requests for or during usage of any Product or if you use any functionality provided by or for us, such act of any of aforesaid users shall by itself amount to your acceptance of the Policy with changes if any.