Data Protection Legislation means (i) before 25 May 2018, the EU Data Protection Directive 95/46 and all national implementing laws (including the UK Data Protection Act 1998); and (ii) on or after 25 May 2018, the EU General Data Protection Regulation 2016/679 ("GDPR"); together with all other applicable and national implementing legislation relating to privacy or data protection; and where we use the terms "personal data", "data subject", "controller", "processor" and "process" (and its derivatives), such terms shall have the meanings given to them in the Data Protection Legislation.
ICICI Bank UK PLC (ICICI Bank) is committed to keeping your personal data private. We shall process any personal data we collect from you in accordance with Data Protection Legislation and the provisions of this notice (Privacy Notice).
This Privacy Notice applies to personal information we collect from you when you use this site, which provides a sandbox environment for certain APIs. If you’re an ICICI customer, or otherwise have a relationship with us, we may also have provided you with a separate privacy notice setting out how we use your personal information, which will also apply.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the GDPR ICICI Bank is the data controller of your information. This means that we are responsible for deciding how we hold and use your personal data. We are required under Data Protection Legislation to notify you of the information contained in this Privacy Notice.
We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your personal data, please contact the DPO at the contact details set out below.
Information we may collect from you
As a registered user of the ICICI Bank UK API Portal, we may collect and process the following information about you:
We’ll only use your information where we have your consent or we have another lawful reason for using it. Unless we say otherwise below, we’ll use your personal information on the basis that it’s within our legitimate interests in operating and maintaining the site, and providing you with site functionality and related services. We use information provided or obtained via this site to:
We also use information to meet our compliance obligations, to comply with other laws and regulations and to share with regulators and other authorities that ICICI Group companies are subject to. This may include using it to help detect or prevent crime (including terrorism financing, money laundering and other financial crimes). We’ll only do this on the basis that it’s needed to comply with a legal obligation, it’s in our legitimate interests and that of others or to prevent or detect unlawful acts.
We may collect information about your computer (or mobile device), including where available your IP address, operating system and browser type, for system administration or for our own commercial purposes. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
Personal data will not be used for the purposes of automated decision-making in individual cases, including profiling.
We may share your information in order to provide you with products or services you’ve requested (for example, if they’re not provided by the ICICI Bank operating this site), if we have a legitimate interest in doing so (e.g. to manage risk, verify your identity, to combat fraud, abuse of our site or services), or where you’ve agreed to us doing so.
We may share your information with others including other ICICI group companies and any of our service providers, anyone else whose products and services you’ve requested, anyone who we’re under an obligation to disclose information to or where it’s in the public interest, for example to prevent or detect fraud, abuse of our site or services).
Information about you in our possession may be transferred to other countries outside the European Economic Area (particularly to our parent company in India) for any of the purposes described in this Privacy Notice.
You and they understand and accept that these countries may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information it holds and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process. In addition, a number of countries have agreements with other countries providing for exchange of information for law enforcement, tax and other purposes.
When we, or our permitted third parties, transfer information outside the European Economic Area, we or they will impose contractual obligations on the recipients of that data to protect such information to the standard required in the European Economic Area. We or they may require the recipient to subscribe to international frameworks intended to enable secure data sharing. In the case of transfers by us, we may also transfer your information where the transfer is to a country deemed to provide adequate protection of your information by the European Commission or you have consented to the transfer.
If we transfer your information outside the European Economic Area in other circumstances (for example because we have to provide such information by law), we will use best endeavours to put in place appropriate safeguards to ensure that your information remains adequately protected.
We will only keep the information we collect about you on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. We will normally destroy, delete, purge or anonymise the data after statutory timelines lapse however, we may retain your information, or information relating to your account for longer than this, provided it is necessary for a legal, regulatory, fraud prevention or other legitimate business purpose.
All information you provide to us is stored in our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know basis. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Under certain circumstances, by law you have the right to:
Any request for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will provide this information free of charge unless the request is manifestly unfounded or excessive. We will comply with our legal obligations as regards any individual’s rights as a data subject.
If you would like to contact us in relation to any of the rights set out above please contact us using the following contact details. To protect your privacy and security, we may take reasonable steps to verify your identity before providing you with the details
Ms Sonal Chopra, The Data Protection Officer, ICICI Bank UK PLC, One Thomas More Square, London, E1W 1YN.
You can contact the ICO if you have any concerns about how the ICICI Bank has handled your personal data and you also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can contact the ICO via their helpline on 0303 123 1113. You can find out more information about your rights as a data subjects, their regulatory powers and actions they can take on their website https://ico.org.uk/
The content or services mentioned on our website may be changed in future and consequently this Privacy Notice may also change. Any changes we may make to this Privacy Notice in the future will be posted on this page and where appropriate, notified to you by email. We recommend that you re-visit this page regularly and inform us if you do not agree to any term mentioned here.