BANK OF BARODA - PRIVACY POLICY

Contents:

Introduction

1. ABOUT THE BANK OF BARODA

The Bank of Baroda is committed to ensuring that your personal information is used properly and is kept securely. We recognise and acknowledge the responsibility and duty of trust and care that we have to maintain the privacy of your personal data, and comply with the data protection principles which are set out in the Data Protection Act 1998.
This Privacy Policy explains the following:

Any personal information that you provide to us is controlled by the Bank of Baroda. This means that the Bank of Baroda is the organisation that decides the purposes for which your personal information will be used and the way in which it is processed.
The Bank of Baroda is registered as a data controller with the Information Commissioner's Office under reference number: Z4631489.
If you have any queries about the information we hold about you, please contact our Data Protection Officer, Mr.Ravi Kumar, who you may contact at the following address:

Bank of Baroda
32 – 36 City Road
London
EC1Y 2BD

it.uk@bankofbaroda.com


2. COLLECTION OF YOUR PERSONAL INFORMATION

When you visit our website, apply to open an account or use our online banking services, you may be asked to provide information about yourself.  You may also provide personal information to us when you contact us by email, telephone or letter.  We may collect information about you from documents that are available to the public, such as the electoral register, or from third parties such as credit reference agencies. When you provide personal information to us or we collect personal information from other sources, we will treat that information in accordance with this Privacy Policy.

[When we collect information about you we will tell you at the point of collection why we need that information and how we will use it.]

3. WHAT INFORMATION DOES THE BANK OF BARODA COLLECT ABOUT ME?

The type of information we hold about you will depend on the nature of our relationship with you.  If you are a customer we will typically hold the following information:

If you are not a customer but you have contacted us about a product or service we may hold your contact details and information about the products or services that you are interested in.
You have a right to access information that we hold about you.  Please see the Access to your personal information of this Privacy Policy for more information on how to exercise this right.

4. USE AND STORAGE OF YOUR PERSONAL INFORMATION

We will use personal information provided by you or gathered by the Bank of Baroda for the following purposes:

Any information which you may provide to us will be stored securely. Where personal information is provided to us in the course of our online banking services, we use 128-bit Secure Socket Layer (SSL) encryption to protect this information. This is the highest level of security layer presently available.

5. SHARING OF YOUR PERSONAL INFORMATION

We may share your personal information with third parties in the following ways:

6. HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION?

Subject to any legal requirements we may have in relation to your personal information, we will only hold that information for as long as may be necessary for the purposes for which it was collected.

7. USE OF COOKIES

A cookie is a piece of information that is held on the hard drive of your computer which records how you have used a website. Cookies allow website operators to accumulate useful information, such as whether the computer (and sometimes its user) has visited the site before. This is done on a repeat visit by checking to see, and finding, the cookie left there on the last visit.
We use cookies to monitor how people use our website and online banking services in order to help us to provide you with a better service. Cookies make it easier for you to log on and use the website and online banking services during future visits. They also allow us to personalise the content of the website for you.
By adjusting the settings on your browser, you have the option of accepting all cookies, being notified whenever a cookie is issued, or not receiving some or all of the cookies which we use. You may also wish to visit www.aboutcookies.org, which provides detailed information on how to restrict or block cookies on a variety of different browsers. However, please note that you may not be able to use some of the features on our website or online banking services without cookies.
You can find more information about the cookies we use and the purposes for which we use them by reviewing the table below:


Cookie

Name

Purpose

Bank of Baroda

Risk fort Cookie

Used to recognize the user when user is returning the site from same machine.
Used to recognize the machine used before for BoB eBanking site. If the cookie is present, it is recognize the machine as a trusted machine and allow user without step up authentication.

 

utma

_[utma
_utmb
_utmc
_utmz]

[These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where vistors have come to the site from and the pages they visited.]

 

http://www.morevisibility.com/analyticsblog/from-__utma-to-__utmz-google-analytics-cookies.html

 

8. ACCESS TO YOUR PERSONAL INFORMATION

We must process your data in accordance with your rights under the Data Protection Act 1998. One of the most important of these rights is your ability to request a copy of the personal information that we hold about you and to have any inaccuracies corrected.  We will ask for confirmation of identity before we disclose any personal information and may charge a £10 administration fee to process the request.  Please address requests to Mr. Ravi Kumar.

Bank of Baroda
32 – 36 City Road
London
EC1Y 2BD
it.uk@bankofbaroda.com


9. OVERVIEW OF OUR OBLIGATIONS UNDER THE DATA PROTECTION ACT (THE “ACT”)

The Act imposes a number of obligations on any organisation which handles personal information about living individuals and regulates the use of personal data by requiring personal data to be processed in accordance with eight data protection principles. These principles are as follows:

The First Principle: Fair and Lawful Processing

"Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 is met, and in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.”
In order for personal data to be processed fairly and lawfully, we must inform individuals of the fact that we are a data controller, the purposes for which we intend to process personal data, any disclosures to third parties that we will make and any additional information about the way in which personal data will be processed which would not be immediately obvious to the individual.  This information is set out in this Privacy Policy and in privacy notices given to individuals at the point where their personal information is collected.
We must also ensure that we meet a Schedule 2 condition.  Relevant conditions include:
The following categories of information are “sensitive personal data”: information relating to an individual’s health, sexual life, religious opinions, political beliefs, trade union membership, racial or ethnic origin, crimes, alleged crimes or criminal proceedings.
  • The circumstances in which the Bank may process sensitive personal data are more restricted.  Normally we will need the individual’s express consent to process sensitive personal data.  We must also ensure that we take particular care to keep sensitive personal data secure and prevent unauthorised access.

    The Second Principle: Specified and Lawful Purposes

    "Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes."
    It is a requirement of the Act that we notify the Information Commissioner of the types of personal data that we collect and the purposes for which we process that information.  The notification must also cover any disclosures of personal data made to third parties and details of whether we transfer personal data outside the European Economic Area. 
    We are permitted to process personal data only in accordance with the notification we have provided to the Information Commissioner and in accordance with the purposes set out in the privacy notices provided to individuals. 

    The Third Principle: Adequate, Relevant and Not Excessive

    "Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed."
    This means that we must only collect such personal data as is necessary for the purposes for which we wish to process the personal data. In addition, we must ensure that we have sufficient information in order to be able to carry out the processing properly. 

    The Fourth Principle: Accurate and Up to Date

    "Personal data shall be accurate and, where necessary, kept up to date."
    This principle requires us to take steps to ensure that personal information that we collect and store is accurate and to carry out regular reviews to ensure that personal information is kept up to date. 

    The Fifth Principle: Retention Periods

    "Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes."
    This principle requires us to ensure that personal data is kept only for as long as is necessary for the purposes for which it was collected.  The Bank has data retention policies in place which categorise different types of personal information and specify the period of time for which they will be retained.  When the retention period expires, we must destroy the data securely.    

    The Sixth Principle: Rights of Individuals

    "Personal data shall be processed in accordance with the rights of data subjects under this Act."

    Individuals have a number of rights under the Act, which are as follows:

    Any requests or queries received from an individual in relation to their personal data should be directed to Mr. Ravi Kumar

    The Seventh Principle: Security  

    "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."
    This means that we must ensure that our physical security measures are sufficient to protect personal data. We are also required to put appropriate technical security measures in place to ensure that personal data cannot be accessed by unauthorised persons and that it is protected against loss or damage.  The Bank's security policies set out in detail the steps that employees must take to ensure that personal information is kept and handled securely.
    Where we have instructed third parties to process personal data on our behalf, such third party processors must be audited to ensure they are reputable and have sufficient security measures in place to protect any personal data which we may provide to them.  All arrangements with third party processors must be governed by a written contract which specifies the security measures the processor must take and prohibits the processor from using personal data other than in accordance with the Bank’s instructions.  We must also regularly monitor third parties to ensure they are complying with security requirements.

    The Eighth Principle: Transfers outside of the EEA   

    "Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data."

    We are not permitted to transfer personal data outside the EEA unless one of the following conditions is met:

    Updates

    We may update this Privacy Policy from time to time. Please ensure that you check the Privacy Policy regularly for updates. If material changes are made to this Privacy Policy, we will notify you by placing a prominent notice on our website.

    **********