The scope of this policy include the collecting, recording, organizing, storing, modifying, using, disclosing, or deleting Customer, Employee and Company related data. For details of such definitions reference is drawn to the Information Technology Act, 2000 read with all statutory amendments carried forth therewith ("Act") including all other relevant Laws, Rules, Bye Laws or Standing orders passed by competent authorities within India applicable to each the Company. This includes personal information that is collected in India from individuals located outside of India and then transferred outside of India. Any treatment of all such data including its collection, storage, usage, and be fully protected in accordance with this policy and Privacy Rules.
This policy applies to SBICPSL and all its Employees, Officers, Directors, Advisors, Consultants other Personnel, and all third party service providers who act on behalf of the Company and collect, process and use personal data, profile data, financial and other, within India and outside.
This Policy has been issued on 10/24/11. It is effective from 10/24/11.
SBICPSL will ensure Reasonable Security Practices and Procedures including but not limited to the following:
SBICPSL will publish the policy on its website in an endeavor to make accessible through this policy the statement of practices & policies governing:
The Company while collecting information from the Provider of Information, data, sensitive personal data and other financial information will ensure that, in addition to obtain consent:
In addition to the general obligations, there are obligations specific to the collection, use, and disclosure of sensitive personal data. Sensitive personal data is broadly defined to include password; financial information (bank account, credit/debit card, or other payment instrument details); physical, physiological, and mental health conditions; sexual orientation; medical records and history; and biometric information. Any information that is freely available or accessible in the public domain or furnished under the Right to Information Act, 2005, is excepted from the definition.
Notwithstanding anything in Section 5 and 6 above, any sensitive personal data on Information shall be disclosed to any third party by an order under the law for the time being in force.
Any discrepancies or grievances will be addressed in a timely manner by the Company. A Grievance Officer and such other personnel designated to assist that grievance officer shall be designated, and his or her name and contact details are at all-time be published on the company’s website. The Grievance Officer is singularly responsible for and accordingly redresses the grievances expeditiously (but within one month from the date of receipt of the grievance).
To further ensure enforcement of these Standards, Privacy Leader in consultation with the appropriate Legal Counsel, Regulatory Officer and Compliance officer will identify Provider and Employment Data procedures that should be audited on periodic basis.