Client Privacy Policy

Our Commitment to You as a Client of the Bank

At ICICI Bank Canada and its subsidiaries (“ICICI Bank”, “we”, “our” or “us”), an important part of our commitment to provide you with excellent service is our respect for your right to privacy. While information is the cornerstone of our ability to provide excellent service, our most important asset is our clients’ trust. Your personal information (information that refers to you specifically as an individual) being kept secure, and being used only as you would want us to, is a top priority for us.

ICICI Bank is committed to maintaining the accuracy, confidentiality and security of your personal and financial information. As part of this commitment, we strictly adhere to the following principles:

1. Accountability:

All of our employees are fully committed to maintaining and protecting client information under our control. To help fulfill this mandate, we have designated a Chief Privacy Officer who is generally responsible and accountable for compliance by ICICI Bank with Canada’s Privacy requirements. Contact information for the Chief Privacy Officer is provided at the end of this Client Privacy Policy ("Privacy Policy" or "Policy").

2. Identifying Purposes :

We identify and document the purposes of collecting personal information of our clients at or before the time such information is collected. The information that we may request will depend on the product(s) or service(s) selected by you.

Some examples of the types of information that we might collect are:

• For deposit-related services like opening a deposit or business account, applying for a credit card, or purchasing a guaranteed investment certificate, you will be asked to provide information such as your name, date of birth, address and telephone number (business name and address in the case of business clients), occupation and acceptable identification documents required for establishing and verifying your identity under the Canadian anti-money laundering and anti-terrorist financing law.
  
  
• If you are applying for credit in the form of a loan, you will also be asked for specific information about your current financial situation or the financial situation of your business, based on the credit evaluation requirements of the Bank.
  
  
• If you have an account that earns interest or if you are buying registered investment products, we are required to keep a record of your social insurance number for income tax reporting purposes.

Most of the information comes directly from you when you apply for financial products or services. We may also need information from credit bureaus, income sources and personal references you have provided to us. Obtaining additional information about you from such third parties helps us assess your eligibility for our products/services. Of course, we will obtain consent from you before we contact anyone for information about you and we will only request information that is required for providing the service or product selected by you. If you withhold your consent, the Bank may be unable to assess your application and complete the transaction.

3. Consent:

We obtain your consent for the collection, use or disclosure of your personal information, except as otherwise required or permitted by law. As a general matter, we will obtain your consent through our client agreement with you or the application form for the relevant product / service.

4. Limiting Collection :

We only collect such personal information that is required to provide the service(s)/product(s) selected by you. With your consent, we will gather personal information from you (in person, at a branch, over the telephone, by corresponding with you via mail or electronic mail or the Internet), the person(s)/entity(ies) authorized by you (such as personal or professional references provided by you, your financial advisor and mortgage broker) or from third parties (such as credit bureaus).

5. Limiting Use, Disclosure and Retention :

Information gathered from you will only be used or disclosed for the purpose for which it was collected, except as you otherwise consent to or as otherwise required or permitted by law.

Depending upon the product/service you have applied for, we will review your credit history and information about your personal finances. With your consent, we will also disclose your credit history with us to other lenders or credit bureaus to support a credit approval process.

There are, however, some exceptions to seeking your consent for disclosing your personal information. For example:

• We sometimes require services from suppliers and agents, such as cheque printers, market research and computer data-processing companies. Before disclosing any personal information to them, we obtain their contractual commitment to keep all such information secure and confidential, and we ensure that only necessary information is disclosed.

• Our client lists are for use by ICICI Bank only and we never sell or give lists to other companies other than as provided herein.
  
  

• We are required to share personal or other information subject to various government reporting requirements
  
  
• We may receive subpoenas, search warrants, and court or government orders. In such cases, we will release only such information that is legally required.
  
  
• We may disclose personal information to the public authorities without requesting individuals’ consent to protect the public interest.
  
  
• We may disclose your personal and other information without requesting your consent to protect and defend ICICI Bank's and its affiliates' rights, interests or property; enforce the terms and conditions of the products or services provided by ICICI Bank to Clients or to protect the interests of ICICI Bank, its affiliates, or its members, constituents or of other persons.
  
  
• Personal Information transferred outside Canada may be subject to mandatory disclosure to foreign authorities.
  

Your personal information will only be retained for the period of time required to fulfill the purpose for which it was collected or as may be required by relevant laws, whichever is greater. Following this period of time, your personal information will either be destroyed or erased.

6. Accuracy:

We will make every reasonable effort to keep your personal information accurate and up-to-date. To help us achieve this, we encourage you to keep us informed of any changes, such as if you move or change telephone numbers.

You have the right to access, verify and amend the information held in your personal and financial files. If you find any errors in our information about you, let us know and we will make the corrections as soon as reasonably possible and transmit the amended information to related parties, where appropriate.

7. Safeguarding Client Information :

We will protect your personal information with appropriate safeguards and security measures. We will also retain your information only for the time it is required for the purposes we explain.

We use a variety of security measures such as restricting employee access to files and data centers, using fireproof and locked file cabinets, and employing a variety of electronic security measures, such as passwords, personal identification numbers and data encryption techniques.

8. Openness and Your Refusal or Withdrawal of Consent :

At your request, we will make available additional information concerning the policies and practices relating to the management of your information.

We will also explain your options of refusing or withdrawing consent to the collection, use or release of your information, and we will record and respect your choices.

In most cases you are free to refuse or withdraw your consent at any time. You may do so by contacting the branch or office where your account is held. Our staff will be pleased to explain your options and any consequences of refusing or withdrawing your consent, and record your choices.

If you don't want us to share information within ICICI Bank group of companies (“ICICI Group”) or contact you with product information, you can tell us so at any time. However, agreeing to let us share your information within businesses of ICICI Bank group may help us to serve you better.

9. Client Access:

At any time, you can find out what personal information we have, what it is being used for and to whom it has been disclosed. However, in some specific circumstances, disclosure of your personal information to you can or must by law be denied, for example, when:

• The information is protected by solicitor/client privilege;
  
  
• Disclosure of the information would also reveal personal information about another person; or
  
  
• Disclosure would reveal confidential commercial information.

We will do our best to provide the required information to you within 30 days and will provide an explanation if we are unable to meet your request. A fee may be charged for certain inquiries due to the time and resources required, in which case we will provide an estimate of the amount in advance.

10. Client Concerns :

If you have any questions, concerns or problems about privacy, confidentiality or how a request for information was handled, please write to/e-mail us at the below noted address or call/fax us at the below noted numbers:

Address
ICICI Bank Canada
Don Valley Business Park
150 Ferrand Drive, Suite 1200
Toronto, ON M3C 3E5

Telephone: (416) 360 0909

Fax: (647) 436 1178

E-mail: privacyofficer.ca@icicibank.com

Privacy Online - General

When you visit our website and move from page to page, read pages or download content onto your computer, we learn which pages are visited, what content is downloaded, and the address of websites that you visited immediately before coming to our website. However, none of this is associated with you as an individual. Rather, it is for statistical purposes. We use this information to find out how many people visit our websites and which sections of the sites are visited most frequently.

When you register for one of our Internet transaction services, we compile your profile for that service. Each time you use our Internet services, we collect your login ID, information about the transactions that you complete and the informational pages of the web that you visit while using the service. We use your profile in responding to your enquiries on the service. We use your login ID to identify you as a user of the service. We use the transaction information to assess and improve the service. We use specific transaction information for servicing purposes (e.g. billing).

In some cases, we may collect other information about you that is not personally-identifiable. Examples of this type of information include the type of Internet browser you are using, the type of computer operating system you are using, and the domain name of the website from which you linked to our website or advertisement.

We may use small text files called “cookies” to improve your website experience. Cookies can track how and when you use a site, which site you visited immediately before, and it can store that information about you. Cookies may be used to identify your computer, but will not be used to gather personal information about you or data residing on your computer. The use of cookies is now standard operating procedure for most websites and you may enable your browser to notify you when it is receiving a cookie.

When you send us an email or when you ask us to respond to you by email, we learn your exact email address and any information you have included in the email. We use your email address to acknowledge your comments and/or reply to your questions, and we will store your communication and our reply in case we correspond further.

ICICI Bank shall not be held liable for disclosure of the personal information when in accordance with this Privacy Policy or pursuant to the terms of any agreement with a Client.

ICICI Bank is strongly committed to protecting the privacy of its Clients and has taken all necessary and reasonable measures to protect the confidentiality of the Client information and its transmission through the worldwide web and it shall not be held liable for disclosure of the confidential information when in accordance with this Privacy Policy or in terms of the agreements, if any, with the Clients.

ICICI Bank uses 128-bit encryption, for the transmission of the information for the logged in pages. When the information provided by the Clients is not transmitted through this encryption, the Clients' system (if configured accordingly) will display an appropriate message ensuring the best level of security for the Clients' information.

You are required to cooperate with ICICI Bank in order to ensure the security of the information, and it is recommended, for example, that you choose passwords carefully such that no unauthorized access is made by a third party. You should undertake not to disclose your password to anyone or keep any written or other record of the password such that a third party could access it.

The Client shall not disclose to any other person, in any manner whatsoever, any information relating to ICICI Bank of a confidential nature obtained in the course of availing the services through the website. Failure to comply with this obligation shall be deemed a serious breach of the terms herein and shall entitle ICICI Bank to terminate the services, without prejudice to any damages, to which the Client may be entitled otherwise.

Other Web Sites

Our website(s) may contain links to other third party sites that are not governed by this Privacy Policy. Although we endeavor to only link to sites with high privacy standards, our Privacy Policy will no longer apply once you leave the ICICI Bank website. Additionally, we are not responsible for the privacy practices employed by other third party website. Therefore, we suggest that you examine the privacy statements of those sites to learn how your information may be collected, used, shared and disclosed.

Privacy Breach Notification

A privacy breach occurs when there is unauthorized access to or the collection, use or disclosure of personal information. There are several possible causes of a privacy breach including but not limited to stolen data, mistaken disclosures, faulty business procedures or operational break-downs. When we come to know about the occurrence of a privacy breach the following steps would be taken:

• Breach Containment and Preliminary Assessment
  The Bank will take immediate steps to contain any potential breach and thereby reduce the risk of re-occurrence by taking such steps as putting on hold the existing process, recovering the records and shutting down the affected systems temporarily. In case of a breach, the Bank will designate an appropriate individual to conduct the preliminary breach assessment. If a breach appears to involve theft or other criminal activity the appropriate law enforcing authority would be immediately notified.
  
  
• Risk Evaluation
  Subsequent to the preliminary assessment, the Bank will assess the risks associated with the breach. The steps may include checking the extent of involvement of personal information, the cause and extent of the breach, identification of individuals affected by the breach and the assessment of foreseeable harm from the Breach.
  
  
• Notification
  The Bank recognizes that notification can be an important mitigation strategy that has the potential to benefit both the organization and the individuals affected by a breach. The notification procedures involve the consideration of factors (such as legal and contractual obligations, risk of physical harm if any, risk of identity theft if any) relevant for notification. The risk assessment assists in identifying who should be notified and when and how the notification should happen. All such notifications will be done by the Chief Privacy Officer of the Bank. The notification will include appropriate information including but not limited to information about the incident, the extent of personal information involved in the breach and contact information of the privacy commissioner.
  
  Depending on the nature of the breach, in addition to notifying affected individuals, the Bank may decide to notify the Privacy Commissioner as well with all relevant information. Further on a case to case basis, the Bank will evaluate whether the notification should be made to the police, insurers or others, professional or other regulatory bodies, credit card companies and financial institutions or credit reporting agencies.
  
  
• Prevention of future breaches
  Once the Bank has taken the requisite immediate steps, it will conduct root cause analysis with a view to preventing a re-occurrence of the breach. The level of efforts to be put in prevention will depend upon the significance and extent of the breach and whether it was a systemic breach or an isolated instance. The preventive steps may include conducting of a security audit, a review of applicable policies and procedures, a review of employee training practices and a review of service delivery partners.

Updating the Client Privacy Policy

Any changes to our Privacy Policy and information handling practices shall be acknowledged in the Privacy Policy in a timely manner. We may add, modify or remove portions of the Privacy Policy when we feel it is appropriate to do so. This policy was last updated in July 2012.