PRIVACY POLICY

 

In the course of using this website, mobile applications or its custom extensions or availing the products and services vide the online application forms and questionnaires, AU Small Finance Bank Limited (‘Bank’) and its Affiliates may become privy to the personal information of its customers, including information that is of a confidential nature.

The Bank is strongly committed to protecting the privacy of its customers and has taken all necessary and reasonable measures to protect the confidentiality of the customer information and its transmission through the world wide web and it shall not be held liable for disclosure of the confidential information when in accordance with this privacy commitment or in terms of the agreements, if any, with the customers.

The Bank endeavours to safeguard and ensure the security of the information provided by the customers. The Bank uses 128-bit encryption, for the transmission of the information, which is currently the permitted level of encryption in India. When the information provided by the customers is not transmitted through this encryption, the system (if configured accordingly) will display an appropriate message ensuring the best level of secrecy for the customer's information. Customer’s data is stored securely in India as per Bank’s policy ensuring compliance, statutory and regulatory obligations.

Prospective customers data is stored, in accordance with Bank's policy, for future engagement regarding Bank’s products and services.

The customer would be required to cooperate with Bank in order to ensure the security of the information, and it is recommended that the customers necessarily choose their passwords carefully such that no unauthorised access is made by a third party. To make the password complex and difficult for others to guess, the customers should use combination of alphabets, numbers and special characters. The customers should undertake not to disclose their password to anyone or keep any written or other record of the password such that a third party could access it.

Bank undertakes not to disclose the information provided by the customers to any person, unless such action is necessary to:

  • Confirm to legal requirements or comply with legal process.
  • Protect and defend Bank or its Affiliates rights, interests or property.
  • Enforce the terms and conditions of the products or services; or
  • Act to protect the interests of Bank, its Affiliates, or its members, constituents or of other persons.

The customers shall not disclose to any other person, in any manner whatsoever, any information relating to Bank or its Affiliates of a confidential nature obtained in the course of availing the services through the website. Failure to comply with this obligation shall be deemed a serious breach of the terms herein and shall entitle Bank or its affiliates to terminate the services, without prejudice to any damages, to which the customer may be entitled otherwise.

Bank will limit the collection and use of customer information only on a need-to-know basis to deliver better service to the customers.

User will need to share SMS permission to send and view messages to ensure the SIM card in the phone & registered phone number match. The send SMS permission is used for meeting the mandatorily required provision by Reserve Bank of India (RBI) rules for security purposes by Bank as well as Unified Payment Interface (UPI) authentication.

Bank may use and share the information provided by the customers with its affiliates and third parties for providing services and any service-related activities such as collecting subscription fees for such services and notifying or contacting the customers regarding any problem with, or the expiration of, such services. In this regard, it may be necessary to disclose the customer information to one or more agents and contractors of Bank and their sub-contractors, but such agents, contractors, and sub- contractors will be required to agree to use the information obtained from Bank only for these purposes.

  • The Bank will ensure data protection and privacy as required in relevant legislation, regulations, and, if applicable, contractual clauses for each outsourced activity.
  • The Bank will ensure that data identified under following labels are protected based on the policy:
    -Personally Identified Information (PII); and
    -Sensitive private data or information (SPDI)
  • The Bank will ensure that PII/SPDI of an individual are collected only where there is relevant business / regulatory requirement and not shared with a third party without consent from information owner.
  • The Bank will ensure that PII/SPDI collected are classified as confidential and protected in all form as per Bank's IS policy.
  • The Bank will ensure that access to data identified as per this policy are monitored and reviewed.
  • The Bank will provide appropriate trainings to its employees / suppliers to ensure proper handling of bank's data.
  • The Bank will ensure that incidents which involve compromise of personal and sensitive information are considered as privacy incidents and are managed as per Bank's Information Security Incident process.
  • The Bank strictly protects customer information and only discloses it as per regulatory guidelines. Information is shared on a need-to-know basis with third parties (such as affiliates, service providers, tax authorities, fraud prevention agencies, or consultants) under confidentiality agreements and regulatory guidelines. Third parties use this data solely for agreed purposes like service delivery, compliance, fraud prevention, or marketing (with consent). To protect Personal Information from unauthorized access and use, Bank use security measures that comply with regulatory guidelines.
  • Third parties are not authorised to utilize customer's data unless explicitly authorized by the Bank to serve customers. Any such usage will be conducted in accordance with theBank's policies and regulatory guidelines.
  • The usage of customer’s data by third parties is line with Bank’s policies hence the Bank’s policy is provided to the customer.
  • All third parties associated with the Bank are under Bank’s audit framework purview to ensure adherence to Bank’s policies.
  • Customers can address grievances by referring to Bank’s Customer Grievance Redressal Policy, which can be found at the following link: Customer Grievance Redressal Policy. We are committed to resolving your concerns promptly and efficiently.
  • The Bank has implemented best practices across SMS & Push notifications to limit the frequency or reach, focusing on objective towards reducing fatigue & optimizing costs.

In-App Permissions

SMS and Phone permission: User will need to share permission to send and view messages to ensure the SIM card in the phone & registered Phone number match. The send SMS permission is used for meeting the mandatorily required provision by Reserve Bank of India (RBI) rules for security purposes as well as for Unified Payment Interface (UPI) authentication.

Contact Permission: The Bank requests access to customer mobile contacts, however, doesn’t store them. Contacts are accessed only while making a specific payment like UPI payment basis contact details. The Bank doesn’t authorize disclosure or any other use of customer’s contact details. Customers can withdraw permission anytime through permission settings present in the mobile application

Image Upload Permission: Collect and process image information for profile enrichment and better payments experience.

Information Sharing

The Bank will not sell or rent your Information to anyone, for any reason, at any time. However, we will be sharing your Information with our financial partners, affiliates and business partners, and the user hereby consents to the same. We will take reasonable steps to ensure that these third-party service providers are obligated to protect your information and are also subject to appropriate confidentiality/non-disclosure obligations and they comply with the applicable provisions of the data protection laws.

Log & Record Retention Policy

In accordance with applicable laws and internal policies, the Bank may retain customer information provided for as long as required to provide services to the customer such as managing customer’s account and dealing with any concerns that may arise, or if required for compliance with any legal or regulatory requirements, or for the institution, enforcement, or defense of legal claims.

The Bank may also retain your information for business and related purposes, including but not limited to, responding to queries or complaints, combating with fraud and financial crime or in accordance with contractual obligations.

Customer information is retained by the Bank for the duration of the entire relationship period. It is also stored beyond this period in accordance with Bank’s policies and regulatory guidelines.

If the retention of customer information is not required, we have deployed policies and procedures to destroy or delete such customer information on a best effort basis.

Customers can update all or specific details previously provided at any time by contacting their nearest AU Small Finance Bank branch.  Post enactment of DPDP Act, Bank will further establish a formal withdrawal process in accordance with the guidelines.

The Bank is committed to safeguarding your privacy and security. With regards to facial recognition for second-factor authentication in our banking application, we want to assure you that we do not store any facial data. Your facial features are only used for real-time authentication during the login process and are not retained or stored by the bank's systems.

Terms of Use for Nuclei on AU 0101 app

  • Nuclei on AU 0101 app brought to you by Nuclei is a platform to display the offers extended by different merchants to the customers of the Bank.
  • Please note that the Bank is not selling/rendering any of these products/services and does not give any warranty, guarantee nor does the Bank make any representation with respect to the offers made by the merchant.
  • The Bank shall not be liable in any case whatsoever regarding any of the utility, merchantability or any other case regarding the products/services availed on ‘Nuclei in the AU 0101 app’.
  • The Bank is only acting as a channel to facilitate the payment for its customers by providing the payment services to avail the products/services from the merchant.
  • The mobile number will be used for activating your relationship with Nuclei and for sending booking related confirmation(s) and communication(s).
  • The Bank does not control such communication(s) and bears no responsibility for it.

 

Location permission

To provide secure, efficient, and personalized banking services, the bank request access to customer’s device’s location (precise or approximate) to detect and prevent fraud, identifying suspicious activity based on geographic patterns, support regulatory compliance through jurisdiction validation and audit requirements and enhances the overall app experience with contextual features.