Introduction:

The Privacy Policy of the Co-operative City Bank Ltd. has been reviewed and

approved by the OMC (One Man Committee) vide its its meeting held on 21.09.2022

for the year FY 2022-2023

1. OBJECTIVE

a. To ensure the security and privacy of customers’ sensitive personal data.

b. To comply with the Privacy Regulations viz. The information Technology

(Reasonable Security Practices and Procedures and Sensitive Personal Data or

Information Rules, 2011).

c. Follow good practice.

d. Protect Bank’s Stake holders, staff and other individuals

e. Protect the organization from the consequences of a breach of its responsibilities

2. SCOPE AND APPLICABILITY

This policy is applicable to all employees of the Bank, Head office and its branches

and its vendors.

3. POLICY

Bank customers’ sensitive personal data i.e. biometric data, passwords and financial

information such as bank account details, credit and debit card details shall be

protected by BANK by following reasonable security practices and procedures. For

this, Bank has:

a. Adopted a comprehensive documented information security program and policies

that contain managerial, technical, operational and physical control measures

b. Implemented the documented security practices

c. Information Systems audits of Bank’s Data Canter and branches conducted every

year Bank shall always:

i. Comply with both the law and good practices

ii. Respect individual’s rights of non disclosure, confidentiality.

iii. Be open and honest with individuals whose data is held.

iv. Provide training and support for staff and volunteers who handle personal data,

so that they can act confidently and consistently

d. Recognize that its first priority is to avoid causing harm to individuals, which

means:

i. Keeping information securely in the right hands, and

ii. Holding good quality information.

e. Security and confidentialityof Customer Data

i. As per Information Systems security policies and procedures implemented in the

Bank, Bank has implemented administrative, physical and technical safeguards to

protect electronic personal data from loss, misuse and unauthorized access.

Customers’ personal data shall be stored on a secured database.

ii. Bank shall not sell personal data to any third party or anybody and shall remain

fully compliant with confidentiality of the data as per law.

iii. Bank shall share customers’ personal data to third party if required for business

purpose only after implementing adequate controls to ensure maintenance of

confidentiality and security of the data by the concerned third party.

f. Data Usage

i. Bank shall use customers’ personal data only for the purpose for which it is

collected. Bank is committed to ensuring that personal data is kept strictly

confidential. However, personal data may be disclosed to regulatory authorities for

the purposes of obtaining regulatory approval in accordance with applicable legal

requirements, or otherwise to comply with applicable legal requirements.

g. The Bank use or share customer’s only thatdatawhich is necessaryfor that service.

h. Data Retention

Customer’s data shall be retained as per senior management Directives and

Regulatory Standards (RBI directives)

i. Datamodification

I. Bank shall update the customer data only after ensuring the authenticity of the

change request. Adequate access controls and authorization controls shall be in

place to monitor data modifications.

II. Bank shall change or update any changes in customer’s data after verifying the

documents for which customer gives request to change.

j. DataQuality

Bank shall continuously review and asses the quality and completeness of the data

k. SECURITYAWARENESS AMONG USERS:

All staff handling personal data shall receive training in the requirements of data

protection related laws and regulations. They shall also be educated about the legal

consequences of intentional / unintentional disclosure /leakage of customers’ data.

l. To provide any special services via mobile, the consent of customer must be taken

by written in specific format provided by the bank. After receiving the consent by

customer then after bank will enable these services.

******************************************************