Privacy

Privacy Policy

Privacy Notice of HDFC Bank, Dubai (DIFC) Branch

This Privacy Notice is to help you understand how we use your Personal Data, in accordance with the DIFC Data Protection Law, DIFC Law No. 5 of 2020, and the Regulations and further guidance thereunder (the “Law”). Personal Data is any information referring to an identified or Identifiable Natural Persons such as clients, authorised representatives, ultimate beneficial owners, guarantors, beneficiaries, and individual business contacts (all referred to below as “You”). This notice also outlines Your rights under data protection law.

As part of our commitment to protect your Personal Data in a transparent manner, we want to inform you:

Why and how HDFC Bank collects, uses and stores your Personal Data;

The lawful basis on which your Personal Data is processed; and

What your rights and our obligations are in relation to such processing.

Our Commitment

HDFC Bank is committed to treating data privacy seriously. It is important that you know exactly what we do with the personal data you and others provide to us, why we process it and what it means to you. Please read this Privacy Notice carefully to understand our views and practices regarding your personal data and how we will treat it.

Who is covered under this Notice (Covered Persons)?

Any natural person in relation to whose personal data (to the extent processed by or for HDFC Bank), the DIFC Data Protection Law applies, shall be to the extent of such personal data and such processing be the "Covered Person(s)" or “You”.

What does this Privacy Notice cover?

This notice applies to any and all forms of use of Personal Data (“processing”) by us.

Who is legally responsible for the handling of Your personal data and who can You contact about this subject?

In data protection law terminology, such role lies with the “controller”, namely:

HDFC Bank Limited DIFC Branch, Office number 2701, Level 27, Al Fattan Currency House Tower 2, Dubai International Financial Centre, PO Box 241586, Dubai, United Arab Emirates.

We are required to handle (or “process”) Your personal data securely and otherwise in accordance with applicable data protection laws.

Should You have queries or complaints about the way in which We process Your personal data,

You may raise these with your usual HDFC Bank contact at the DIFC Branch or else with our

Compliance Officer via the contact details above or the following email address: DIFC.Compliance@hdfcbank.com

What personal data might We hold about You and where do We source such data?

We will only collect/store/process data about You that is necessary for the business relationship which We have with You. Some information is directly collected from You. We also process personal data from a range of other third party sources, which may include publicly available sources (e.g. the press, registers of companies or assets, internet websites, including social media platforms like Linked-In) and from providers of business-risk screening services, such as credit reference agencies, anti-fraud databases, sanctions list and databases of news articles.

If you exchange emails, telephone conversations or other electronic communications with us and our employees, our information technology systems may record details of those communications, including their content.

Our premises have closed circuit TV systems and building access controls for security and safety purposes which may record you if you visit our premises.

The types of personal data that We process may include (but are not limited to):

Name, address and other contact information (telephone, e-mail address), marital status, dependants;

KYC (“Know Your Customer”) records, such as passport details, Residency ID, specimen signature

Financial information such as such as employment, Employer / business details (including salary certificates), bank / investment statements, portfolio details, financial statement of company, wealth information.

Data relating to your usage of our IT platforms (including electronic communications), and your engagement with our marketing activities.

Dietary and access requirements (e.g. for event organization purposes).

What do we process your data for (purpose of processing) & on what Legal Basis?

We process personal data in accordance with the DIFC DP Law.

3.1. For fulfilment of contractual obligations

It may be necessary for us to process Your personal data in order to perform a contract with You relating to our banking and financial services business, or to take steps at Your request prior to entering into a contract. For further details, please refer to Your contractual documentation with us.

3.2. In the context of legitimate interests

Where necessary, We process Your personal data to serve our legitimate interests or those of a third party (the law permits this only insofar as such interests are not outweighed by your legitimate interests). Cases where We may rely on our legitimate interests to process Your personal data include (but are not limited to):

Know-Your-customer and creditworthiness checks;

Client and vendor relationship management;

Business analysis and development of products and services

Monitoring of electronic communications for business and compliance purposes;

Prevention and detection of financial crime;

Evaluating, bringing or defending legal claims;

Marketing of DB group products (unless You have objected/unsubscribed);

Audits;

Risk control;

Business restructurings.

3.3. As a result of your consent

If We wish to process Your personal data in a way not covered by the legal justifications above, We would need Your consent. Where You give consent, You are entitled to withdraw it at any time. Note that withdrawing Your consent does not render our prior handling of Your personal data unlawful and that it might have an impact on our ability to continue to provide our services in the same way in future. (e.g. analysis of trading activities for marketing purposes or an invitation to an event)

3.4. Where necessary for compliance with Applicable Law

As a bank, We are subject to a number of statutory and regulatory obligations that may require us to collect, store or disclose personal data, such as for anti-money laundering purposes or to respond to investigations or disclosure orders from the police, regulators of HDFC Bank Group entities, and tax or other public authorities (including outside the DIFC).

Who might We share Your data with?

Where necessary to fulfil Your instructions to us and for the other purposes outlined above, We may share information about You with a range of recipients including (but not limited to) the following:

credit reference agencies,

background screening providers,

financial institutions, funds,

payment recipients, payment and settlement infrastructure providers,

exchanges,

regulators,

courts,

public authorities (including tax authorities),

HDFC Bank Group entities and service

Providers, professional advisors, auditors, insurers and potential purchasers of elements of our business.

These recipients could be located outside the DIFC. We will only disclose information about You as permitted under the contractual terms We have in place with You, data protection law and client confidentiality obligations.

Transfer of data to other countries

HDFC Bank Limited have its registered office at

Senapati Bapat Marg, Lower Parel (West), Mumbai 400013, Mumbai, India and also includes its branches in and outside India and subsidiary companies.

And hence, information relating to You may, in line with the purposes described above, be transferred outside the DIFC. However, such transfers will only be made where permitted by DIFC law as long as:

We have provided appropriate or suitable safeguards in accordance with the DIFC DP Law and enforceable data subject rights and effective legal remedies for data subjects are available;

One of the specific derogations in the DIFC DP Law (Article 27(3)) applies (including, but not limited to, where you have explicitly consented to the proposed transfer in accordance with the DIFC DP Law); or

The limited circumstances set out in the DIFC DP Law (Article 27(4)) apply.

Please contact us if you would like to request to see a copy of the specific safeguards applied to the export of your information.

Data Retention

We will process and store clients’ personal data for as long as it is lawful for us to do so. In making decisions about how long to retain data We take

account of the following:

The termination date of the relevant contract or business relationship;

Any retention period required by law, regulation or internal policy;

Any need to preserve records beyond the above periods in order to be able to deal with actual or potential audits, tax matters or legal claims.

What data privacy rights do I have?

In relation to your personal data, and to the extent permitted under the DIFC DP Law, you have the right:

To access and to obtain a copy of your Personal Data as processed by HDFC Bank.

Withdraw any consent You have given regarding the processing of Your personal data.

Request rectification of the personal data that We hold about You. This enables You to have incomplete or inaccurate data that We hold about You corrected.

Request erasure of Your personal data. This enables You to ask us to delete Your personal data where there is no good reason for us continuing to process it.

Request not to be subject to automated decision making. This enables you to ask us not to make a decision about you that affects your legal position (or has some other significant effect on you) based purely on automated processing of your data. (We do not as a rule make decisions of this nature based solely on automated processing and without any human assessment whatsoever. We would notify you specifically if we did.)

Object to processing of Your personal data at any time on reasonable grounds relating to Your situation. The right to object only applies where Our lawful basis for processing your data is that it is necessary in the public interest or for our (or another party’s) legitimate interests. You also have the right to object to any use of your personal data for direct marketing purposes by Us and to be given prior notice of disclosure of your data to third parties for direct marketing purposes (or such use of it by Us on their behalf) so that You may object if You wish.

Request the restriction or blocking of processing of Your personal data. You have the right to block or limit the processing or use of your personal data in certain circumstances. This enables You to ask us to suspend the processing of Your data, such as during the period of time it might take us to respond to a claim by You that the data is inaccurate or that our legitimate interests in processing it are outweighed by Yours.

Right to portability of Your Personal Data, meaning that You have the right to receive Personal Data that You have provided to Us in a structured, commonly used and machinereadable. You also have the right to direct us to transfer this data to any other person where technically feasible.

To exercise any of these rights, please write to Your usual contact at HDFC Bank in the DIFC or the Compliance Officer via the contact details given in section 1.

You are also entitled to submit any complaint You may have to the data protection regulator, the DIFC Commissioner of Data Protection, via email to commissioner@dp.difc.ae or via regular mail sent to the DIFC main office: Office of the Commissioner of Data Protection, The Gate, Level 14, DIFC P.O. Box 74777, Dubai, UAE, Tel: +971 (0)4 362 2223.

Are You under an obligation to provide us with Your personal data?

You are not required by law to provide us with Your personal data. However, if You refuse to do so We may not be able conduct further business with You. For example, in order to satisfy our antimoney laundering obligations We have to verify the identity of our clients. This inevitably requires us to collect certain personal data from current and prospective clients.

Changes to this privacy notice

We may update this privacy notice from time to time in order to clarify it or address changes in law or our business operations. We will notify You if We make any substantial updates and You can always access the current version at the following Website address: www.hdfcbankdifc.com

View Less

Privacy Policy for EU Customers

This Privacy Notice applies in relation to all our products and services as applicable to the Covered Persons. Your product or service terms and conditions will specify which of our businesses is providing the relevant product or service to you. If you are a customer of one of these businesses, please also read the Data Privacy Notice applicable to such respective businesses. If you have any questions about how your personal data is processed, please contact our Privacy Contact.

Who we are

Throughout this document, “we”, “us”, “our” and “ours” refer to HDFC Bank.

HDFC Bank means:

HDFC Bank Limited having its registered office at Senapati Bapat Marg, Lower Parel (West), Mumbai 400013, Mumbai, India and includes its branches in and outside India and subsidiary companies.

Website : https://www.hdfcbank.com/

Our contact details are given at the end of this Privacy Notice. Should you need further details about HDFC Bank, please visit the about us page in our website.

Who is covered under this Notice (Covered Persons)?

Any natural person in relation to whose personal data (to the extent processed by or for HDFC Bank), the GDPR applies, shall be to the extent of such personal data and such processing be the "Covered Person(s)" or “You”.

The information we collect about you

The information we collect falls into various categories as under:

Identity & contact information
- Name, address, signatures, biometric data, date of birth, copies of identity cards (“ID”), contact details marital status, relatives information, nomination, medical condition, PAN/TIN/Aadhaar/National ID/Social Security Number/ or its equivalent, Photograph, Gender

Financial details/circumstances
- Bank account details, investments history, credit/debit card details, income details, history in relation to these.
- Employment / occupational information.
- Residential status under banking, general and tax laws.
- Spending/saving/investing/payments/receipts/borrowing history.
- Risk profile, financial objectives, financial knowledge and experience, preferences and any other information to assess the suitability of our products to you.
- Information collected when you make or receive payments.

Information you provide us about others or others provide us about you
- If you give us information including personal data about someone else (for example, information about a spouse or financial associate provided during the course of a joint application with that person), or someone gives us information about you, we may add it to any personal data we already hold and we will use it in the ways described in this Data Privacy Notice.
- Your personal data from third party providers: In order to enhance our ability to provide relevant marketing, offers, and services to you, we obtain personal data about you from other sources with your consent, such as email service providers, public databases, joint marketing partners, social media platforms, as well as from other third parties as appropriate.
- Information including personal data from credit information companies/ credit reference agencies, risk management and fraud prevention agencies, national and government databases.
- Information including personal data from other parties and entities where we are a part of a transaction in one or more roles even though we may not be directly interfacing you, for example during the course of remittances being initiated by you through your bank to a beneficiary whose bank account is with us.

Personal data which you have consented to us using
- Your agreement to allow us to contact you through certain channels to offer you relevant products and services.

Information from online activities.
- We collect information about your internet activity using technology known as cookies, which can often be controlled through internet browsers. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy, which is available on our website.
- Your digital and electronic devices where we perform various checks designed to ascertain and verify your residency to ensure we meet our regulatory obligations. These checks include identifying the IP address your device connects from and the collection of information about your use of the website or mobile app (including device type, operating system, screen resolution, and the way you interact with us).

Other personal information
- Information in relation to data access, correction, restriction, deletion, porting requests and complaints.
- CCTV images and data at our Bank branches, offices and ATMs (but only for security reasons and to help prevent fraud or crime).
- Conversations during meetings/calls/correspondences/discussions with bank staff.

When and how we collect personal data about you?

Personal data about you is gathered or collected:

How we process your Personal Data?

Whether we’re using it to confirm your identity, to help in the processing of an application for a product or service or to improve your experiences with us, your personal data is always handled with care and the principles outlined in this Data Privacy Notice are always applied.

Lawfulness and Purposes of the processing

The lawfulness and legal basis for obtaining, processing personal data about you will be one or more of the following:

The table below sets out the purposes for which we use your personal data and our legal basis for doing so. Where we are relying on a legitimate interest, these are also set out below

- When you ask us to provide you with certain products and services.
- When you use our services or products;
- During the course of transactions;
- When you apply for products, make enquiries or engage with us or with any other person where we are involved for any other person in the transaction concerning you
- When you use our website and online services provided by us (including mobile applications) and visit our branches, offices.
- When you email or call or respond to our emails/phone calls or during meetings with our bank staff or its service providers or representatives.
- When you or others give us personal data verbally or in writing. This personal data may be on application forms, in records of your transactions with us or if you make a complaint.
- From information publicly available about you. When you make information including personal data about yourself publicly available on your social media accounts or where you choose to make information available to us through your social media account, and where it is appropriate for us to use it
- Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. To allow us to take actions that are necessary in order to provide you with the product / service (performance of a contract), for example, to make and receive payments
- Processing is necessary because of a legal obligation that applies to us. It may be necessary to allow us to comply with our legal obligations, for example, obtaining proof of identity to enable us to meet our anti-money laundering obligations under applicable law.
- Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. Processing may be required to meet our legitimate interests, for example, to understand how customers use our services and to develop new services, as well as improve the service we currently provide.
- Where we have your consent to do so.
- Its processing is necessary to protect your “vital interests” where we need to process your personal data and you are not capable of providing consent (emergency situations).

What we use your personal data for	The legal basis for doing so (one of more under each sub-heading)
To provide our products and services to you and perform our contract with you Establish your eligibility for our products and services. Manage and administer your accounts, policies, benefits or other products and services Process your applications for credit or financial services. Process payments that are paid to you or by you. For example, if you hold a credit or debit card with us, we will share transaction details with our card scheme providers (e.g. Visa or MasterCard). Run loyalty and reward programmes you have signed up to. Contact you by post, phone, text message, email, social media, fax, using our online banking website or other means, but not in a way contrary to your instructions to us or contrary to law. Monitor and record our conversations when we speak on the telephone (for example, to check your instructions to us, to analyse, to assess and improve customer service and for training and quality purposes). Recover debts you may owe us. Manage and respond to a complaint or appeal. To undertake checks for the purposes of security, detecting and preventing fraud and money laundering, and to verify your identity before we provide services to you. These checks may reveal political opinions or information about criminal convictions or offences	Where necessary for the performance of our agreement or to take steps to enter into an agreement with you Where the law requires this Where it is in our legitimate interests to ensure that our customer accounts are well-managed, so that our customers are provided with a high standard of service, to protect our business interests and the interests of our customers Where it is in our legitimate interests to ensure that complaints are investigated, for example, so that our customers receive a high standard of service and so that we can prevent complaints from occurring in future In case of sensitive information, such as medical information, where you have agreed
To manage our business for our legitimate interests Carry out credit scoring, credit management Provide service information, to improve our service quality and for training purposes Conduct marketing activities, for example, running competitions, promotions and direct marketing (provided that you have not objected to us using your details in this way), and research, including customer surveys, analytics and related activities	Where necessary for the performance of our agreement or to take steps to enter into an agreement with you Where the law requires this Where it is in our legitimate interests to develop and improve our products and services to ensure we can continue to provide products and services that our customers want to use and to ensure our business model remains competitive. Where it's in our legitimate interests to provide you with information about our products and services that may be of interest. Where we have your consent to do so.
To run our business on a day to day basis Carry out strategic planning and business portfolio management. Protect our business, reputation, resources and equipment, manage network and information security (for example, developing, testing and auditing our websites and other systems, dealing with accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services) and prevent and detect fraud, dishonesty and other crimes (for example, to prevent someone trying to steal your identity), Manage and administer our Bank’s legal and compliance affairs, including complying with our obligations to credit card providers, compliance with regulatory guidance and voluntary codes of practice to which we have committed and to comply with directive/order of any law enforcement agencies	Where necessary for the performance of our agreement or to take steps to enter into an agreement with you Where the law requires this
To share your information with Indian or other relevant tax authorities, Reserve Bank of India and other government authorities, credit reference agencies, fraud prevention agencies, and India and overseas regulators and authorities To perform certain credit checks so that we can make responsible business decisions. To assist with the prevention and detection of fraud and other crime To assist overseas regulators, who monitor banks to ensure that they comply the law and regulations	Where the law requires this Where we have a legitimate interest in performing certain credit checks so that we can make responsible business decisions. As a responsible organisation, we need to ensure that we only provide certain products to companies and individuals where the products are appropriate, and that we continue to manage the services we provide, for example if we consider that you may have difficulties making a payment to us. Where we have a legitimate interest in assisting with the prevention and detection of fraud and other crime Where we have a legitimate interest in assisting overseas regulators, who monitor banks to ensure that they comply the law and regulations More detail on our data sharing with these organisations is set out below
To send electronic messages to you about product and service offers from our Bank. To use transaction history/account information from your HDFC Bank account or credit card to identify your spending and saving habits in order to personalise offers that are exclusive and individual to you, based on your account transactions. To use cookies in accordance with our Cookie Policy. To use information you have made public and combine with this with the activities outlined above. When we ask for your consent, we will provide you with more information on how we will use your data in reliance on that consent, including in relation to third parties we would like your consent to share your data with	Where necessary for the performance of our agreement or to take steps to enter into an agreement with you Where the law requires this Where we have your consent to do so.

When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and before collecting, we ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.

We will send you messages by post, telephone, text, email and other digital methods, including for example via our ATMs, mobile applications, push notifications, or online banking services (and new methods that may become available in the future). These messages may be:

Automated processing

The way we analyse personal information in relation to our products and services including applications, credit decisions, determining your eligibility for the products or services, may involve automated profiling and decision making, this means that we may process your personal data using software that is able to evaluate your personal aspects and predict risks or outcomes as also where the decision making may be automated.

We may also carry out automated anti-money laundering and sanctions checks. This means that we may automatically decide that you pose a fraud or money laundering risk if the processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk:

You expressly acknowledge that the automated decision is necessary for entering into or performance of contract and/or you explicitly consent to such automated decision making, hence you subject to even the decisions which are solely based on automated processing. You have rights in relation to automated decision making: if you want to know more please contact us using the details set out in the Contact Us section.

Recipients: Who we share your personal data with:

We only share your personal data with the following persons and/or in the following circumstances,and only as may be necessary:

Your authorised representatives
Third parties we need to share your personal data with in order to facilitate payments you have requested (for example, SWIFT, credit card issuers and merchant banks) and those you ask us to share your personal data with.
We may also share your personal data with the following third parties to help us manage our business for our legitimate interests:
- Statutory and regulatory bodies and authorities (including central and local government) and law enforcement authorities, investigating agencies and entities or persons, to whom or before whom it is mandatory to disclose the personal data as per the applicable law, courts, judicial and quasi-judicial authorities and tribunals, arbitrators and arbitration tribunals.
- Overseas regulators and authorities in connection with their duties (such as crime prevention).
- Third parties bank may engage to provide services to you.
- Processors and service providers of HDFC Bank engaged for its various activities and services.
- Credit information companies or Credit reference entities, identity and address verification organizations who may record and use your information and disclose it to other lenders, financial services organizations and insurers. Your information may be used by those third parties to make assessments in relation to your creditworthiness for debt tracing
- Other banks and financial institutions, quasi governmental institutions like clearing houses, network associations etc where required in terms of contract or legal requirements
- Transferees and assignees and potential transferees and assignees of HDFC Bank
- Courier or postal service providers for the purpose of sending or collecting of mails to you as a customer
- Any other person or organization after a restructure, sale or acquisition, as long as that person uses your information for the same purposes as it was originally given to us or used by us (or both)
- HDFC Bank’s branches in India or outside India, its subsidiaries, Affiliates and group entities.
  
  For further information, please refer to our product specific terms and conditions and application form.

Period of storage of your personal data

We will keep the personal data we collect about you on our systems or with third parties for as long as required for the purposes set out above or even beyond the expiry of transactional or account based relationship with you: (a) as required to comply with any legal and regulatory obligations to which we are subject or (b) for establishment, exercise or defence of legal claims.

Implications of not providing personal data or Withdrawing Consent

Sharing personal data with us is in both your interest and ours.

We need your personal data in order to:

When we request personal data, we will inform you if providing it is a contractual requirement, a statutory requirement or not, and whether or not we need it to comply with our legal obligations.

You may choose not to share personal data or withdraw consent, but doing so may limit the services we are able to provide to you (unless consent is not the only legal basis for processing and there are other legal basis as well), particularly as under.

However, if you withdraw your consent, it will not affect the lawfulness of processing based on your consent before its withdrawal or the other legal basis which we may have for such processing.

Processing your personal data outside the EEA

HDFC Bank is incorporated and regulated in India, its overseas branches are regulated by host country regulations and subsidiaries are governed under applicable laws. As such, your personal data is stored on secure systems within HDFC Bank premises within India and with providers of secure information storage in India. Further, we may transfer or allow the transfer of personal data about you and your products and services with us to our service providers and other organisations outside the European Economic Area (EEA), with adequate safeguards to ensure your personal data remains adequately protected.If you need copy of safeguards provided to transferred personal data, please notify us in accordance with the “How to contact us?” section below. These jurisdictions and countries outside EEA may have different and less stringent laws relating to the degree of confidentiality afforded to the personal data and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process. In addition, a number of countries have agreements with other countries providing for exchange of information for law enforcement, tax and other purposes.

For example, we may process payments using third parties (including other financial institutions such as banks and the worldwide payments system operated by the SWIFT organisation)

How do we secure your Personal data?

HDFC Bank is ISO 27001:13 compliant. We seek to use reasonable organizational, technical and administrative measures to protect Personal data within our organization. However, if you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “How to contact us?” section below.

How to exercise your information rights (including the right to object)?

You have the following rights, in accordance with and subject to the qualifications and provisions under GDPR:

Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which processing is based on necessity for the purposes of legitimate interests pursued by us or third party, including profiling. Upon such exercise of your right, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds: (a) for the processing which override your interests, rights and freedoms or (b) for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to this use, we will stop using your information for direct marketing purposes.
If you exercise any of the aforesaid rights, in most instances, we will respond within one calendar month. If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests), we may extend this period by a further two calendar months. Should this be necessary, we will explain the reasons.However, where we have reasonable doubts concerning your identity, we may request the provisions of additional information necessary to confirm your identity. Ordinarily, we will not charge a fee for the exercise by you of any rights as above. However, we may charge a reasonable fee if your request for access is found to be excessive or unfounded. Alternatively, we may refuse to comply with the request in such circumstances.
If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise.

Links to Other Websites

From time to time, our website may contain links to and from websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites may have their own privacy notices and that we do not accept any responsibility or liability for any such notices. Please check these notices, where available, before you submit any personal data to these websites

Children

If you are a parent of a child under 16 (or such age as applicable for GDPR purposes in the respective EU Member States), you give your consent or authorise the consent if you wish your child to access HDFC Bank Services.

In How to contact us

If you have any questions about how your personal data is gathered, stored, shared or used, or if you wish to exercise any of your information rights, please contact our Privacy Contact at privacy@hdfcbank.com
Phone Banking: +91 22 67606161

Changes to this notice

We will update this Data Privacy Notice from time to time. Any changes will be communicated to you and made available on this page and, where appropriate, notified to you by SMS, e-mail or when you log onto website or start one of our mobile apps.
Dated: 11 Oct-2022

View Less

Cookie Policy

Date of most recent update: 1^st July 2022.

PLEASE READ THIS POLICY CAREFULLY BEFORE USING OUR WEBSITES

This policy explains how cookies are used on our websites.

This policy may be amended from time to time and the latest policy will be posted on this page.

By using our websites, you agree that we can place cookies on your device. Please be aware that some of our services will not function if your browser or device does not accept our cookies.

Please note that where we have another type of presence on a site owned by a third party, such as a page or handle on a social media site, that third party’s privacy policy and terms of use, rather than this Policy, will govern, unless specifically stated otherwise.

What are cookies?

Cookies are text files containing small amounts of information, which your computer or mobile device downloads when you visit a website. When you return to websites — or visit other websites that use the same cookies — they recognise these cookies and therefore your browsing device.

Cookies do lots of different jobs, like helping us understand how this website is being used, letting you navigate between pages efficiently, remembering your preferences, and generally improving your browsing experience. Cookies can also help ensure marketing you see online is more relevant to you and your interests.

You can learn about the cookies we use and how to manage them below.

What type of cookies Bank use?

The type of cookies used on most websites can generally be put into 1 of 4 categories: Strictly Necessary, Performance, Functionality and Targeting.

Strictly Necessary Cookies

These cookies are essential, as they enable you to move around the website and use its features, such as accessing secure areas. Without these cookies, services you've asked for can't be provided. These cookies don’t gather information about you that is used for marketing or remembering where you've been on the internet.

Performance Cookies

These cookies collect information about how you use a website, for example which pages you go to most often and if you get error messages from certain pages. These cookies don't gather information that identifies you. All information these cookies collect is anonymous and is only used to improve how a website works.

These cookies are not used to target you with online marketing. Without these cookies we can't learn how our website is performing and make relevant improvements that could better your browsing experience.

Functionality Cookies

These cookies allow a website to remember choices you make (such as your user name, language or the region you're in) and tailor the website to provide enhanced features and content for you.

Without these cookies, a website cannot remember choices you've previously made or personalise your browsing experience.

Targeting Cookies

These cookies are used to tailor marketing to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information may be shared with other organisations such as advertisers. Although these cookies can track your visits to other websites, they don’t usually know who you are.

Without these cookies, online advertisements you encounter will be less relevant to you and your interests.

What happens if I disable cookies?

If cookies are disabled on your computer, tablet or mobile your experience on the website may be limited. For example, you may not be able to browse freely or use specific functions or features.

How do I disable/enable cookies?

To disable or enable cookies you will need to change some settings on your Internet browser.

We have provided step-by-step guides for the major desktop browsers below.

For information on how to manage cookies on your tablet or mobile please consult your documentation or online help files.

Google Chrome

In the settings menu, select 'show advanced settings' at the bottom of the page

Select the 'content settings' button in the privacy section

In the page that appears tells you can manage and/or clear stored cookies.

Firefox

In the menu, select 'options'

Select the privacy tab in the options box

From the dropdown choose, 'use custom settings for history'. This will present the options for cookies and you can choose to enable or disable cookies.

Internet Explorer 6+

In the tools menu, select 'Internet options'

Click the privacy tab

You will see a privacy settings slider which has six settings that allow you to control the number of cookies that will be placed: Block All Cookies, High, Medium High, Medium (default level), Low, and Accept All Cookies.

Safari

In the settings menu, select the 'preferences' option

Open the privacy tab

Select the option you want from the 'block cookies' section

Any other browser

For information on how to manage cookies via other desktop browsers please consult your documentation or online help files.

What happens to cookies that have been downloaded in the past?

If you've disabled through your browser we may still use information collected from existing cookies, but we'll stop using the disabled cookies to gather any further information. For information on deleting stored cookies in your browser please visit the All About Cookies website.

View Less

SDK Policy

SDKs Information We Collect and Services We Provide

If you use our apps (e.g. mobile application which integrates with Advertising services), we may use SDK’s to gather non PII information. At no point will these SDKs capture any personally identifiable information. We refer to the information we collect from our SDKs as the ‘SDKInformation .” The SDK Information includes (or may include) the following:

1. Information Collected About End Users by Our SDKs

Information about those visits on the websites where have implemented the SDK (e.g., session duration, time-stamp, referring URLs).
End User’s interactions information with apps and websites. (Session data which includes - First Launches, Upgrades, Daily Engaged Users, Monthly Engaged Users, Launches, Crashes, Previous Session Length, Average Page Depth, Average Time Spent on Page, Average Time Spent on Site, Bounce rate, Bounces, Daily Return Visits, Entries, Exits, Instances, Lifetime, Mobile Views, New Engagements, Occurrences, Page Depth, Page Events, Page Views, Path Views, Reloads, Return Visits, Searches, Single Access, Time Spent, Unique Customer, Unique Visitors, Visitors, App Visits)
IP address.
Email address, if provided to us.
End User’s browser and device information specifically (Browser language type; Operating system version (e.g., Android, iOS); Network provider; Language setting; time zone; browser Device height and width Pixel density; Screen height and width
A unique identifier, Advertising ID, which may uniquely identify an End User anonymously.
Location information ( Location information is only collected the user has granted permission to the App to collect this).
Channel source of App download

As noted above, we refer to all of the above collectively as the “SDKInformation .”

2. How We Use the SDK Information

We use the SDK Information to provide following Services to our users:

To operate and improve the app

Enable you to use app feature
Communicate with you about the app, including by sending announcements, updates and security alerts which we may send through a push notification, and responding to your questions and feedback
Perform statistical analysis about use of the app
Measure and analyze effectiveness of marketing campaigns

To send you marketing and promotional communication

We may send you marketing communications as permitted by law.
We might do the following analysis with aggregated data (no PII is stored or used at any given point in time)
Customer Journey Analysis: Conversion funnels such as from Home Page to Product Page to Lead Form
Traffic Analysis : Marketing channel categorized by visits, unique visitors, bounces etc.

3. How and Why We Share the SDK Information.

We share the SDK Information with service providers, to perform any of the activities set forth in Section 2.

HDFC Bank does not share SDK information with third parties except those who process the data on behalf of HDFC Bank.

View Less