At ICICI Bank Canada (hereinafter referred to as “ICICI Bank”, “Bank”, “we”, “our” or “us”), an important part of our commitment to provide you, as a client of the Bank with excellent service is our respect for your right to privacy. While information is the cornerstone of our ability to provide excellent service, our most important asset is our clients’ trust. Your personal information (information that refers to you specifically as an individual) being kept secure, and being used only as you would want us to, is a top priority for us.
ICICI Bank is committed to maintaining the accuracy, confidentiality and security of your personal and financial information. As part of this commitment, we strictly adhere to the following principles:
2. Identifying Purposes:
We identify and document the purposes of collecting personal information of our clients at or before the time such information is collected. The information that we may request will depend on the product(s) or service(s) selected by you.
Some examples of the types of information that we might collect are:
- For deposit-related services like opening a deposit or business account, applying for credit cards, making money transfers, or purchasing a guaranteed investment certificate, you will be asked to provide information such as your name, date of birth, address and telephone number (business name and address in the case of business clients), occupation and acceptable identification documents required for establishing and verifying your identity under the Canadian anti-money laundering and anti-terrorist financing law.
- If you are applying for credit in the form of a loan, credit card or a mortgage, you will also be asked for specific information about your current financial situation or the financial situation of your business, based on the credit evaluation requirements of the Bank.
- If you have an account that earns interest or if you are buying registered investment products, we are required to keep a record of your social insurance number for income tax reporting purposes.
- If you open an account then you may be also asked to provide your U.S. tax identification number to comply with Foreign Account Tax Compliance Act (FATCA) regulations, if applicable.
Most of the information comes directly from you when you apply for financial products or services. We may also need information from credit bureaus, income sources and personal references you have provided to us. Obtaining additional information about you from such third parties helps us assess your eligibility for our products/services. Of course, we will obtain consent from you before we contact anyone for information about you and we will only request information that is required for providing the service or product selected by you. If you withhold your consent, the Bank may be unable to assess your application and complete the transaction.
We obtain your consent for the collection, use or disclosure of your personal information, except as otherwise required or permitted by law. As a general matter, we will obtain your consent through our client agreement with you or the application form for the relevant product or services, and for making promotional /marketing offers.
If you do not wish to receive promotional materials from us or you do not want your personal information shared among the members of ICICI Bank Group of companies (i.e., ICICI Bank Limited and subsidiary companies) for the purpose of marketing, you can choose to opt-out (unsubscribe) from our marketing and/or shared information lists.
Please note that it may take up to 7 business days to fulfill your request to unsubscribe from promotional electronic messages.
4. Limiting Collection:
We only collect such personal information that is required to provide the service(s)/product(s) selected by you. With your consent, we will gather personal information from you (in person, at a branch, over the telephone, by corresponding via mail or electronic mail or the Internet with you or with the person(s)/entity(ies) that have been authorized by you (such as personal or professional references provided by you, your financial advisor or mortgage broker) or by corresponding with third parties (such as credit bureaus).
5. Limiting Use, Disclosure and Retention:
Information gathered from you will only be used or disclosed for the purpose for which it was collected, except as you otherwise consent to or as otherwise required or permitted by law.
Depending upon the product(s)/service(s) you have applied for, we will review your credit history and information about your personal finances. With your consent, we will also disclose your credit history with us to other lenders or credit bureaus to support a credit approval process.
In connection with limiting the use, disclosure and retention of your personal information, we bring to your attention the following:
- We sometimes require services from suppliers and agents, such as cheque printers and market research and computer data-processing companies within and outside Canada. Before disclosing any personal information to them, we obtain their contractual commitment to keep all such information secure and confidential, and we ensure that only necessary information is disclosed.
- Our client lists are for use by the Bank only and we never sell or give lists to other companies other than as provided herein.
- We are required to share personal or other information subject to various government reporting requirements.
- We may receive subpoenas, search warrants, and court or government orders such as production orders. In such cases, we will release only such information that is legally required to be released.
- To protect the public interest, we may disclose personal information to public authorities without requesting an individuals’ consent.
- In keeping with applicable requirements, we may disclose your personal information without requesting your consent to protect and defend ICICI Bank's and its affiliates' rights, interests or property; or, to enforce the terms and conditions of the products or services provided by ICICI Bank; or, to protect the interests of ICICI Bank or its affiliates.
- The Bank may disclose personal information, without your knowledge or consent, to an investigative body when there are reasonable grounds to believe that the information relates to a breach of an agreement or a contravention of the laws of Canada, a province or a foreign jurisdiction that has been, is being or is about to be committed and the information is used for the purpose of investigating that contravention.
- The Bank may use and disclose personal information, without requesting your consent, for the purpose of engaging in a due diligence process for a prospective business transaction where such information is necessary to determine whether to proceed with the transaction.
- Some of our agents, suppliers and service providers may be located outside of Canada. Personal information transferred and stored outside Canada is subject to the laws of those countries and if so, may be shared with foreign authorities as required by valid demands, requests or orders by courts, regulators, government authorities and law enforcement authorities in those countries.
Your personal information will only be retained for the period of time required to fulfill the purpose for which it was collected or as may be required by relevant laws, whichever is greater. Following this period of time, your personal information will either be destroyed or erased.
If you have not opted out of the use or disclosure of your personal information for marketing purposes, we may also use your personal information for marketing additional products and services including special promotional offers, which may be of interest to you. As stated in the “Consent” section, you may be able to withhold or withdraw consent to the use of personal information for promotional purposes.
We will make every reasonable effort to keep your personal information accurate and up-to-date. To help us achieve this, we encourage you to keep us informed of any changes, such as if you move or change telephone numbers.
You have the right to access, verify and amend the information held in your personal and financial files. If you find any errors in our information about you, let us know and we will make the corrections as soon as reasonably possible and transmit the amended information to related parties, where appropriate.
7. Safeguarding Client Information:
We will protect your personal information with appropriate safeguards and security measures. We will also retain your information only for the time it is required for the purposes we explain.
We use a variety of security measures such as restricting employee access to files and data centers, using fireproof and locked file cabinets, and employing a variety of electronic security measures, such as passwords, personal identification numbers and data encryption techniques.
8. Openness and Your Refusal or Withdrawal of Consent:
At your request, we will make available additional information concerning the policies and practices relating to the management of your information.
We will also explain your options of refusing or withdrawing consent to the collection, use or release of your information, and we will record and respect your choices.
In most cases you are free to refuse or withdraw your consent at any time. You may do so by contacting the branch or office where your account is held. Our staff will be pleased to explain your options and any consequences of refusing or withdrawing your consent, and record your choices.
As earlier noted under the “Consent” heading, if you don't want us to share information within the ICICI Bank Group of companies or contact you with product information, you can tell us so at any time. However, agreeing to let us share your information within businesses of ICICI Bank Group may help us to serve you better.
9. Client Access:
At any time, you can find out what personal information we have, what it is being used for and to whom it has been disclosed. However, in some specific circumstances, disclosure of your personal information to you can or must by law be denied, for example, when:
- The information is protected by solicitor/ client privilege;
- Disclosure of the information would also reveal personal information about another person; or
- Disclosure would reveal confidential commercial information.
We will do our best to provide the required information to you within 30 days and will provide an explanation if we are unable to meet your request. A fee may be charged for certain inquiries due to the time and resources required, in which case we will provide an estimate of the amount in advance.
10. Client Concerns:
If you have any questions, concerns or problems about privacy, confidentiality or how a request for information was handled, please write to/e-mail us at the below noted address or call/fax us at the below noted numbers:
ICICI Bank Canada
Don Valley Business Park
150 Ferrand Drive, Suite 1200
Toronto, ON M3C 3E5
Telephone: (416) 360 0909
Fax: (647) 436 1178
Privacy Online - General
When you visit our website and move from page to page, read pages or download content onto your computer, we learn which pages are visited, what content is downloaded, and the address of websites that you visited immediately before coming to our website. However, none of this is associated with you as an individual. Rather, it is for statistical purposes. We use this information to find out how many people visit our websites and which sections of the sites are visited most frequently.
When you register for one of our Internet transaction services, we compile your profile for that service. Each time you use our Internet services, we collect your login ID, information about the transactions that you complete and the informational pages of the web that you visit while using the service. We use your profile in responding to your enquiries on the service. We use your login ID to identify you as a user of the service. We use the transaction information to assess and improve the service. We use specific transaction information for servicing purposes (e.g. billing). We do not install any computer programs automatically on your electronic device when you access the Bank’s website or conduct a transaction over the internet.
In some cases, we may collect other information about you that is not personally-identifiable. Examples of this type of information include the type of Internet browser you are using, the type of computer operating system you are using, and the domain name of the website from which you linked to our website or advertisement.
When you send us an email or when you ask us to respond to you by email, we learn your exact email address and any information you have included in the email. We use your email address to acknowledge your comments and/or reply to your questions, and we will store your communication and our reply in case we correspond further.
ICICI Bank uses 128-bit encryption, for the transmission of the information for the logged in pages. When the information provided by you is not transmitted through this encryption, your system (if configured accordingly) will display an appropriate message ensuring the best level of security for this information.
You are required to cooperate with ICICI Bank in order to ensure the security of the information, and it is recommended, for example, that you choose passwords carefully such that no unauthorized access is made by a third party. You should undertake not to disclose your password to anyone or keep any written or other record of the password such that a third party could access it.
The Client shall not disclose to any other person, in any manner whatsoever, any information relating to ICICI Bank of a confidential nature obtained in the course of availing the services through the website. Failure to comply with this obligation shall be deemed a serious breach of the terms herein and shall entitle ICICI Bank to terminate the services, without prejudice to any damages, to which the Client may be entitled otherwise.
Other Web Sites
Therefore, we suggest that you examine the privacy statements of those sites to learn how your information may be collected, used, shared and disclosed.
Privacy Breach Notification
A privacy breach occurs when there is unauthorized access to or the collection, use or disclosure of personal information. There are several possible causes of a privacy breach including but not limited to stolen data, mistaken disclosures, faulty business procedures or operational break-downs. When we come to know about the occurrence of a privacy breach the following steps will be taken:
- Breach Containment and Preliminary Assessment
The Bank will take immediate steps to contain any potential breach and thereby reduce the risk of re-occurrence by taking such steps as putting on hold the existing process, recovering the records and shutting down the affected systems temporarily. In case of a breach, the Bank will designate an appropriate individual to conduct the preliminary breach assessment. If a breach appears to involve theft or other criminal activity the appropriate law enforcement authority will be immediately notified.
- Risk Evaluation
Subsequent to the preliminary assessment, the Bank will assess the risks associated with the breach. The steps may include checking the extent of involvement of personal information, the cause and extent of the breach, identification of individuals affected by the breach and the assessment of foreseeable harm from the breach.
The Bank recognizes that notification can be an important mitigation strategy that has the potential to benefit both the organization and the individuals affected by a breach. The notification procedures involve the consideration of factors (such as legal and contractual obligations, risk of physical harm if any, risk of identity theft if any) relevant for notification. The risk assessment assists in identifying who should be notified and when and how the notification should happen. All such notifications will be done by the Chief Privacy Officer of the Bank. The notification will include appropriate information including but not limited to information about the incident, the extent of personal information involved in the breach and contact information of the federal Privacy Commissioner.
Depending on the nature of the breach, in addition to notifying affected individuals, the Bank may decide to notify the federal Privacy Commissioner as well with all relevant information. The Bank will do this in all cases if required by law. Further on a case to case basis, the Bank will evaluate whether the notification should be made to the police, insurers or others, professional or other regulatory bodies, credit card companies and financial institutions or credit reporting agencies.
- Prevention of Future Breaches
Once the Bank has taken the requisite immediate steps, it will conduct root cause analysis with a view to preventing a re-occurrence of the breach. The level of efforts to be put in prevention will depend upon the significance and extent of the breach and whether it was a systemic breach or an isolated instance. The preventive steps may include the conducting of a security audit, a review of applicable policies and procedures, a review of employee training practices and a review of service delivery partners.