Introduction:
The Privacy Policy of the Samarth Sahakari Bank Maryadit, Jalna. is formulated and the same was approved by the Board of Directors of our bank in its meeting held on 28th February 2023 Board Resolution No. 10 for the year 2022-23

1. OBJECTIVE

 To ensure the security and privacy of customers’ sensitive personal data.
 To comply with the Privacy Regulations viz. The information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules, 2011).
 Follow good practice.
 Protect Bank’s Stake holders, staff and other individuals
 Protect the organization from the consequences of a breach of its responsibilities

2. SCOPE AND APPLICABILITY
This policy is applicable to all employees of the Bank, Head office and its branches and its vendors.

3. POLICY
Bank customers’ sensitive personal data i.e. biometric data, passwords and financial information such as bank account details, credit and debit card details shall be protected by BANK by following reasonable security practices and procedures. For this, Bank has:

A. Adopted a comprehensive documented information security program and policies that contain managerial, technical, operational and physical control measures.
B. Implemented the documented security practices.
C. Recognize that its first priority is to avoid causing harm to individuals, which means:

1. Keeping information securely in the right hands, and
2. Holding good quality information.

D. Information Systems audits of Bank’s Data Canter and branches conducted every year Bank shall always:

1. Comply with both the law and good practices
2. Respect individual’s rights of non-disclosure, confidentiality.
3. Be open and honest with individuals whose data is held.
4. Provide training and support for staff and volunteers who handle personal data, so that they can act confidently and consistently.

E. Security and confidentiality of Customer Data

1. As per Information Systems security policies and procedures implemented in the Bank, Bank has implemented administrative, physical and technical safeguards to protect electronic personal data from loss, misuse and unauthorized access. Customers’ personal data shall be stored on a secured database.

2. Bank shall not sell personal data to any third party or anybody and shall remain fully compliant with confidentiality of the data as per law.

3. Bank shall share customers’ personal data to third party if required for business purpose only after implementing adequate controls to ensure   maintenance of confidentiality and security of the data by the concerned third party.

4. Auto Read OTP functionality: -It is recommended that each process of OTP validation shall have auto read facility of OTP in the Mobile application. Whenever the OTP send to the customer, mobile app shall auto populate the OTP in the required field instead of entering by keypad.

5. SMS forwarding App / Remote access App: It is recommended that; the Mobile Application can have an ability to identify the “SMS forwarding Apps” as well as “Remote Access Apps” installed on the User’s handset. Based on the “AppID” of these kind of Apps, Mobile App shall restrict the users to access the login to the application if user have installed the listed apps.

6. SMS Delivery status facility: SMS vendor should have Call back facility available to verify the status of SMS send from our end, also SMS vendor have “SMS Delivery receipt check” to know the delivery status of the SMS forwarded from our end.

F. Data Usage

Bank shall use customers’ personal data only for the purpose for which it is collected. Bank is committed to ensuring that personal data is kept strictly confidential. However, personal data may be disclosed to regulatory authorities for the purposes of obtaining regulatory approval in accordance with applicable legal requirements, or otherwise to comply with applicable legal requirements.

G. The Bank use or share customer’s only that data which is necessary for that service.

H. Data Retention
Customer’s data shall be retained as per senior management Directives and Regulatory Standards (RBI directives)

I. Data modification

1. Bank shall update the customer data only after ensuring the authenticity of the change request. Adequate access controls and authorization controls shall be in place to monitor data modifications.
2. Bank shall change or update any changes in customer’s data after verifying the documents for which customer gives request to change.

J. Data Quality

Bank shall continuously review and asses the quality and completeness of the data

K. SECURITY AWARENESS AMONG USERS:
All staff handling personal data shall receive training in the requirements of data protection related laws and regulations. They shall also be educated about the legal consequences of intentional / unintentional disclosure /leakage of customers’ data.

L. To provide any special services via mobile, the consent of customer must be taken by written in specific format provided by the bank. After receiving the consent by customer then after bank will enable these services.

M. Mobile banking Application shall have ability to read/detect Installed Application on user's device and upload it on bank's secure server for keeping safe track of existing applications. App shall prohibit/restrict Mobile Banking Application usage in case of any listed application with likes of remote access applications and SMS forwarder applications is detected.

N. By agreeing to terms within Mobile banking application and written consent form undertaken from user during opting mobile banking feature it will be considered user have provided affirmative consent for all above mention disclosures.