Data Retention Policy:-

Data retention period is 6 months.
We collect and generate various data points about you.

Data by which you are identified is termed as “Personal Data”. Personal Data does not mean information that is freely available or accessible in public domain

Your Privacy is of utmost importance to us and protection of your Personal Data is a key commitment for us.

We are governed by the provisions of applicable law in India including the Information Technology Act 2000 and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 to maintain the privacy of your Personal Data

PRIVACY POLICY

The Unique Identification Authority of India (UIDAI) has been established by the Government of India with the mandate to the Authority is to issue a unique identification number (called Aadhaar
or UID) to Indian residents that is robust enough to eliminate duplicate and fake identities, and can be verified and authenticated using biometrics in an easy and cost-effective manner.

The UID has been envisioned as a means for residents to easily and effectively establish their identity, to any agency, anywhere in the country, without having to repeatedly produce identity documentation to agencies.

The UIDAI offers an authentication service that makes it possible for residents to authenticate their identity biometrically through presentation of their fingerprints / iris authentication or non-biometrically using a One Time Password (OTP) sent to the registered mobile phone or e-mail address.

Aadhaar Authentication Services

Aadhaar Authentication is defined as the process wherein, Aadhaar number along with the Aadhaar holder’s personal identity information is submitted to the Central Identities Data Repository
(CIDR) for matching following which the CIDR verifies the correctness thereof based on the match with the Aadhaar holder’s identity information available with it.

The purpose of Authentication is to enable Aadhaar-holders to prove identity and for service providers to confirm the resident’s identity claim in order to supply services and give access to benefits.

To protect resident’s privacy, Aadhaar Authentication service responds only with a “Yes/No” and no Personal Identity Information (PII) is returned as part of the response.

e-KYC Service

UIDAI also offers the e-KYC service, which enables a resident having an Aadhaar number to share their demographic information (i.e. Name, Address, Date of Birth, Gender, Phone & Email) and Photograph with a UIDAI partner organization (called a KYC User Agency –KUA) in an online, secure, auditable manner with the resident’s consent.

The consent by the resident can be given via a Biometric authentication or One Time Password (OTP) authentication

Data Privacy on Aadhaar and Biometric details

The submission of Aadhaar details by a customer to the Bank is voluntary, and the Bank will not insist on a customer to produce their Aadhaar details for availing any of the services.

In cases where the customer offers Aadhaar number voluntarily to the Bank, the Bank will seek a declaration by the customer towards the same.

For cases where e-KYC verification is required, the Bank will get an explicit consent from the resident for download of resident demographic details from UIDAI mentioning the purpose for which the details are sought.

The consent will be either in the form of an authorization letter or a provision to electronically record the consent in a software application.

Biometric details are required by the Bank to be captured for purposes of authentication, for example to authenticate a customer before permitting transaction through a Micro ATM / any other device, as an AEPS (Aadhaar Enabled Payment System) transaction.

The biometric details whenever captured by the Bank will be used only for data exchange with UIDAI, which validates the captured biometric data against the biometric data maintained in CIDR
(Central Identities Data Repository) against the specific Aadhaar number.

The biometric details whenever captured by the Bank will be used only for data exchange with UIDAI, which validates the captured biometric data against the biometric data maintained in CIDR
(Central Identities Data Repository) against the specific Aadhaar number.

A system log wherever required will be maintained to extract the details in case of disputes. The logs will capture Aadhaar Number (in encrypted format ) , timestamp etc., but will not capture / store
the PID (Person Identity Data) associated with the transaction.

Policy Review and Updates

The Policy shall be reviewed as and when required or at least once in a year, to address the requirements of the Bank and to comply
with guidelines issued by the UIDAI or any applicable regulator or judiciary from time to time.

However, any of the regulatory changes, during the year will be implemented immediately with the approval Board.