PRIVACY NOTICE

In this Privacy Notice:

Data Protection Legislation means (i) before 25 May 2018, the EU Data Protection Directive 95/46 and all national implementing laws (including the UK Data Protection Act 1998); and (ii) on or after 25 May 2018, the EU General Data Protection Regulation 2016/679 ("GDPR"); together with all other applicable and national implementing legislation relating to privacy or data protection; and where we use the terms "personal data", "data subject", "controller", "processor" and "process" (and its derivatives), such terms shall have the meanings given to them in the Data Protection Legislation.


INTRODUCTION

ICICI Bank UK PLC (ICICI Bank) is committed to keeping your personal data private. We shall process any personal data we collect from you in accordance with Data Protection Legislation and the provisions of this notice (Privacy Notice).

This Privacy Notice applies to personal information we collect from you when you use this site, which provides a sandbox environment for certain APIs. If you’re an ICICI customer, or otherwise have a relationship with us, we may also have provided you with a separate privacy notice setting out how we use your personal information, which will also apply.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.


DATA CONTROLLER

For the purpose of the GDPR ICICI Bank is the data controller of your information. This means that we are responsible for deciding how we hold and use your personal data. We are required under Data Protection Legislation to notify you of the information contained in this Privacy Notice.


DATA PROTECTION OFFICER

We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your personal data, please contact the DPO at the contact details set out below.


COLLECTING INFORMATION FROM YOU

Information we may collect from you

As a registered user of the ICICI Bank UK API Portal, we may collect and process the following information about you:

  • your name
  • your email address
  • IP addresses
  • ICICI Bank UK API Portal user log-on details and information relating to your use of Security Tools.
  • Information relating to your access and use of the API Portal.
  • Cookies (please see our COOKIES policy)

How we use your information

We’ll only use your information where we have your consent or we have another lawful reason for using it. Unless we say otherwise below, we’ll use your personal information on the basis that it’s within our legitimate interests in operating and maintaining the site, and providing you with site functionality and related services. We use information provided or obtained via this site to:

  • enable us to provide the site and any associated products and services
  • respond to your queries and reports (for example, if you’ve asked a question or submitted a report via the site)
  • carry out our obligations from any contracts entered into between you and us or any obligations which we are subject to
  • allow you to participate in any interactive features of the site
  • notify you about changes to the site
  • ensure site content is presented in the most effective manner for the device you’re accessing it from
  • undertake data analytics to learn more about how you and others interact with this site
  • detect and prevent misuse or abuse of this site or our services.

We also use information to meet our compliance obligations, to comply with other laws and regulations and to share with regulators and other authorities that ICICI Group companies are subject to. This may include using it to help detect or prevent crime (including terrorism financing, money laundering and other financial crimes). We’ll only do this on the basis that it’s needed to comply with a legal obligation, it’s in our legitimate interests and that of others or to prevent or detect unlawful acts.


IP addresses

We may collect information about your computer (or mobile device), including where available your IP address, operating system and browser type, for system administration or for our own commercial purposes. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.


Automated decision making

Personal data will not be used for the purposes of automated decision-making in individual cases, including profiling.


INFORMATION SHARING

We may share your information in order to provide you with products or services you’ve requested (for example, if they’re not provided by the ICICI Bank operating this site), if we have a legitimate interest in doing so (e.g. to manage risk, verify your identity, to combat fraud, abuse of our site or services), or where you’ve agreed to us doing so.

We may share your information with others including other ICICI group companies and any of our service providers, anyone else whose products and services you’ve requested, anyone who we’re under an obligation to disclose information to or where it’s in the public interest, for example to prevent or detect fraud, abuse of our site or services).


DETAILS OF DATA TRANSFERS OUTSIDE THE EEA

Information about you in our possession may be transferred to other countries outside the European Economic Area (particularly to our parent company in India) for any of the purposes described in this Privacy Notice.

You and they understand and accept that these countries may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information it holds and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process. In addition, a number of countries have agreements with other countries providing for exchange of information for law enforcement, tax and other purposes.

When we, or our permitted third parties, transfer information outside the European Economic Area, we or they will impose contractual obligations on the recipients of that data to protect such information to the standard required in the European Economic Area. We or they may require the recipient to subscribe to international frameworks intended to enable secure data sharing. In the case of transfers by us, we may also transfer your information where the transfer is to a country deemed to provide adequate protection of your information by the European Commission or you have consented to the transfer.

If we transfer your information outside the European Economic Area in other circumstances (for example because we have to provide such information by law), we will use best endeavours to put in place appropriate safeguards to ensure that your information remains adequately protected.


RETENTION AND DISPOSAL OF DATA AND OUTPUT

We will only keep the information we collect about you on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. We will normally destroy, delete, purge or anonymise the data after statutory timelines lapse however, we may retain your information, or information relating to your account for longer than this, provided it is necessary for a legal, regulatory, fraud prevention or other legitimate business purpose.


STORAGE OF YOUR PERSONAL DATA AND DATA SECURITY

All information you provide to us is stored in our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know basis. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.


RIGHTS OVER YOUR PERSONAL DATA

Under certain circumstances, by law you have the right to:

  • Be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third party sources from which it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance and envisaged consequences).
  • Object to your personal data being processed for a particular purpose or to request that we stop using your information.
  • Request not to be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data.
  • Ask us to transfer a copy of your personal data to you or to another service provider or third party where technically feasible and otherwise required by applicable regulations.
  • Withdraw, at any time, any consent that you have previously given to us for our use of your personal data.
  • Ask us to stop or start sending you marketing messages at any time.
  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us.
  • Request the erasure of your personal data. This enables you to ask us to delete or remove personal data where you think that we do not have the right to process it.

Any request for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will provide this information free of charge unless the request is manifestly unfounded or excessive. We will comply with our legal obligations as regards any individual’s rights as a data subject.

If you would like to contact us in relation to any of the rights set out above please contact us using the following contact details. To protect your privacy and security, we may take reasonable steps to verify your identity before providing you with the details

Ms Sonal Chopra, The Data Protection Officer, ICICI Bank UK PLC, One Thomas More Square, London, E1W 1YN.


RIGHT TO COMPLAIN TO THE ICO

You can contact the ICO if you have any concerns about how the ICICI Bank has handled your personal data and you also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can contact the ICO via their helpline on 0303 123 1113. You can find out more information about your rights as a data subjects, their regulatory powers and actions they can take on their website https://ico.org.uk/


THIS PRIVACY NOTICE

The content or services mentioned on our website may be changed in future and consequently this Privacy Notice may also change. Any changes we may make to this Privacy Notice in the future will be posted on this page and where appropriate, notified to you by email. We recommend that you re-visit this page regularly and inform us if you do not agree to any term mentioned here.