Privacy Notice
1. Introduction
1.1SBI Cards and Payment Services Limited, is a leading credit card and payment provider in India having its registered office at Unit 401 & 402, 4TH Floor, Aggarwal Millennium Tower, E 1,2,3, Netaji Subash Place, Wazipur, New Delhi – 110034 and its corporate office at 2nd Floor, Tower B, DLF Infinity Towers, DLF Cyber City, DLF Phase 2, Gurgaon-122002, Haryana.
1.2This Privacy Notice (hereinafter referred to as the "Notice") applies to all personal information collected, used, and processed by SBI Cards and Payment Services Limited (hereinafter referred to as "We," "Us," "Our," "Company," or "SBIC") in relation to the products and services you receive from us as a customer and is governed by the Aadhaar Act (regulations made thereunder, and the standards and specifications issued by UIDAI), the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and other applicable laws and regulations.
1.3SBI Cards acts as a Data Fiduciary with respect to the personal information we process in connection with our business operations. This role means that we determine the purposes and means of processing your personal data related to your use of SBI Cards’ products and services
1.4We respect and uphold individuals' rights to privacy and the protection of their personal information. The purpose of this Notice is to explain how we collect, use, and protect personal information in connection with our business activities.
1.5"Personal Information" refers to any data about an individual who can be identified by or in relation to such data. This includes but not limited to:
- password;
- financial information such as Bank account or credit card or debit card or other payment instrument details;
- physical, physiological and mental health condition;
- sexual orientation;
- medical records & history;
- biometric information;
- any detail relating to the above clauses as provided to body corporate for providing service;
- any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise.
2. CONSENT
2.1While using this website, or our mobile applications, or any of our digital properties or availing products and services vide online or offline platforms including but not limited to offices, kiosks, branches, third party platforms, or through communications, by electronic means or otherwise, or any other mode/platform communicated/introduced by SBIC from time to time (collectively, the “Services”), SBIC may collect, receive, possess, store, use, deal, handle, transfer, retain and otherwise process customer Information. By using our digital properties or otherwise accessing our Services, you confirm that you have read and agreed to be bound by this Privacy Notice and consent to the collection, receipt, possession, storage, usage, dealing with, handling, processing, transfer and retention of your Personal Information by SBIC as described in this Privacy Notice.
2.2By using our website, or our mobile applications, or any of its digital property or availing products and services vide online or offline platforms user consents to:
2.2.1 The terms of this Privacy Notice in addition to the terms of use of mobile application, website & product documents.
2.2.2 Collection of personal information in relation to issuance of credit cards and their ancillary services
2.2.3 Consent for collection of personal information in connection with Aadhar based authentication or verification provided by Unique Identification Authority of India (‘UIDAI’), to check/ verify/ download/ obtain / update KYC details from / with the Central KYC Registry, collection of personal information from Digi locker provided by Ministry of Electronic and Information Technology.
2.2.4 Communication relating to marketing & business promotions.
2.2.5 Storage of personal information as per company’s policy in addition to regulatory & legal requirements.
2.2.6 Consent for E Mandate Registration with e-signature.
2.3Please note that our website / mobile app / digital properties enable the user to access several other websites on which SBIC has no control. SBIC is not responsible for the content and the privacy practices of such other websites. SBIC encourages the user to self-examine each website’s privacy statement. SBIC does not owe any responsibility to any user for the access to other websites and its contents thereof, which are detailed/specified on the SBIC’s website/mobile app / digital properties.
3. STATEMENT OF PRACTICE & POLICY
3.1 Personal Information will be processed fairly and lawfully.
3.2 Personal Information will be collected for specified and legitimate purposes and not processed further in ways incompatible with those purposes which have been duly explained, communicated to and consented by each person concerned.
3.3 Personal Information will be relevant to and not excessive for the purposes for which they are collected and used.
3.4 Personal Information will be kept only as long as it is necessary for the purposes for which it was collected and processed and in accordance with data storage requirements under various applicable local laws.
3.5 Personal Information will be processed in having full regard to each person’s lawful rights.
3.6 All appropriate technical, physical, and organizational measures will be taken to prevent unauthorized access, unlawful processing, and unauthorized or accidental loss, destruction, or damage to Personal Information.
4. PERSONAL INFORMATION
4.1The Personal Information we collect includes but is not limited to:
4.1.1 Data about you: This may include, without limitation, your name, date of birth, gender, user IDs, signature, email addresses, phone numbers, addresses, contact details, KYC/identity documents (for example: Aadhaar and PAN), biometric data, communications with us, device and location data, information about how you use our Services, etc.
4.1.2 Financial data: This includes, without limitation, information about your bank account details, financial information, payment credentials, transaction data (credit details such as amounts, lending history, and repayments, credit history, income details, payment information, such as credit or debit card information, including the name of the cardholder, card number, billing address, and expiry date through our payment processing system etc.
4.1.3 Marketing and communication data: This includes without limitation, your preferences relating to receiving marketing messages from us and our service providers, and your communication preferences, knowing customer preferences, such as spending patterns, preferences, and interests etc.
4.1.4 Technical Data - This includes device and technical information you give us when using our website, such as IP addresses, cookie identifiers, or other unique identifiers, like mobile carrier, time zone setting, operating system, platform, etc.
4.2User must ensure that all Personal Information that you provide us is accurate, up-todate, and true. The user will be responsible for any errors, discrepancies, or inaccuracies in the Personal Information that has been shared with us, except for such Personal Information that has been verified through KYC processes set out by applicable law and backed by documentary proof. When you use our Services, we make best efforts to provide you with the ability to access and correct inaccurate or deficient Personal Information, subject to any legal requirements.
5. HOW SBIC COLLECT YOUR PERSONAL INFORMATION
5.1SBIC collects the user personal information through various methods, always striving for transparency and compliance with the applicable laws:
5.1.1 SBIC collects personal information directly from the user when the user applies for SBIC products, interacts with customer service, uses SBIC websites/apps, or participates in surveys/contests of SBIC.
5.1.2 SBIC may also obtain personal information indirectly from credit bureaus, or from co-branded partners, subject to their policies and user consent.
5.1.3 SBIC also collects Customer’s personal information from third parties. This includes, but is not limited to, merchants, service providers, banking partners, and other partners to facilitate transactions and services, any posts on SBIC-specific pages on social media websites, and other channels including our customer service centers.
5.1.4 Automatically collects personal information when you interact with its digital platforms using technologies like cookies to remember preferences and analyze usage. Device information, such as IP addresses, is also gathered to enhance services. SBIC ensures transparency and clarifies consent requirements for indirect personal information collectio
6. PURPOSE OF PROCESSING PERSONAL INFORMATION
6.1SBIC processes your personal information for various purposes, ensuring compliance with applicable laws and transparency in data collection:
6.1.1 Service Provision: Offering credit card facilities, online banking services, transaction processing, and managing payments.
6.1.2 Legal Compliance: Adhering to regulations such as KYC norms and anti-money laundering laws.
6.1.3 Legitimate Interests: Fraud prevention, internal operations, security, and reporting.
6.1.4 Communications: Providing essential account-related information, security alerts, and, with explicit consent, marketing materials and to send notifications to manage our relationship with you including to notify you of changes to our Services, send you information and updates pertaining to the Services you have availed, and to receive occasional company news and updates related to us or the Services.
6.1.5 Analytics and Reporting: Using anonymized data for service improvement.
6.1.6 Customer Support: Responding to inquiries and complaints.
6.1.7 Website and Internal Operations:
a) Improve the Website and ensure that its content is presented effectively for you and your device
b) Administer the Website, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
6.1.8 Quality and Training: Monitor and record calls for quality, training, legal compliance, analysis, and other related purposes to improve service delivery.
6.1.9 Surveys and Feedback:
a) Send you surveys by post or email, which you can opt out of at any time by contacting us.
b) Respond to your enquiries, requests, or feedback.
c) Enforce our terms, conditions, and policies.
d) Allow participation in interactive features of the Website when chosen.
6.1.10 Personalization:
a) Customize our products and services to you, including responding to and catering for your preferences.
b) Personalize the content you see on the Website, enabling you to save preferences.
6.1.11 Security and Analytics:
a) Keep the Website safe and secure.
b) Aggregate Customer’s personal information into anonymized statistical data for better understanding of SBIC's customer profile and service offering.
6.1.12 To conduct training
6.1.13 to market and advertise the Services to you.
6.1.14 to respond to court orders, establish or exercise our legal rights, or defend ourselves against legal claims.
6.1.15 to perform our obligations that arise out of the arrangement we are about to enter or have entered with you.
6.1.16 to comply with legal obligations.
6.1.17 to administer and protect our business and the Services, including for troubleshooting, data analysis, system testing, and performing internal operations.
7. RIGHTS & DUTIES OF DATA PRINCIPAL
7.1You have several rights regarding your personal information under the DPDPA 2023. Below are the key rights and the circumstances in which they apply:
| Right | Description |
|---|---|
| Right to Access Information | You have the right to request access to your personal
information and understand its use by SBICard. You can
inquire whether we possess or process your personal
information, and if so, access the information we hold along
with details about its use and who we share it with. Please note, SBICard may charge a reasonable administrative fee for this service. Access requests may be denied if deemed unreasonable |
| Right to Correction of Personal Data | You have the right to correct, complete and update your personal information that you have previously consented to. |
| Right to Erasure of Personal Data | You have the right to erase your personal information that you have previously consented to, unless its retention is required for a specified purpose or to comply with applicable laws. |
| Right of Grievance Redressal | You have the right to access readily available grievance redressal mechanisms provided by SBIC for any acts or omissions related to its obligations concerning your personal information |
| Right to Nominate | You have the right to nominate another individual who, in the event of your death or incapacity, will exercise your rights in accordance with the provisions of the DPDPA 2023 and its associated rules |
7.2Duties of Data Principal: As a user, you are expected to:
7.2.1 Adhere to all applicable laws in force while exercising your rights under the provisions of DPDPA 2023.Ensure you do not impersonate another person while providing your personal information for any specified purpose.
7.2.2 Ensure you do not suppress any material information when providing your personal information for any document, unique identifier, proof of identity, or proof of address issued by the State or any of its instrumentalities.
7.2.3 Ensure you do not register a false or frivolous grievance or complaint with us or the Board.
7.2.4 Furnish only information that is verifiably authentic while exercising your right to correction or erasure under the provisions of this Act or the rules made thereunder.
7.3Exercising Your Rights: If you wish to exercise any of the above rights, have concerns, or wish to complaint or grievance our Data Privacy practices, please contact us as per the details mentioned under ‘Contact Us’ section on our Website. Please note that in some cases, if you do not agree with how we process your information, we may be unable to provide certain products or services.
8. DISCLOSURE OF PERSONAL INFORMATION
8.1SBIC undertakes not to disclose Personal Information to any person, unless such action is necessary to:
8.1.1 offer and provide our Services, including for the purposes set out above; 8.1.2 confirm legal requirements or comply with legal process.
a) protect or defend SBIC or its affiliates or group companies’ rights, interests or property.
c) protect the interests of SBIC, its affiliates, group companies, members, constituents, or of other persons.
8.1.3 SBIC will limit the collection and use of Personal Information to a need-to-know basis to deliver better service to Customers. SBIC may share or store with and otherwise transfer Personal Information to third parties (including our affiliates, group companies, successors, service providers, vendors and partners), subject to suitable confidentiality obligations, and in accordance with contractual terms, applicable laws and our instructions, in order to render the Services to you and to enable us to provide you information about the Services. Such third parties may include, but not be limited to, service professionals, vendors, social media companies, third-party service providers, storage providers, data analytics providers, consultants, and lawyers, etc. These third parties shall use the Personal Information only for the above-mentioned purposes or as per contractual obligations.
8.1.4 SBIC may exchange, transfer or share all or a part of Personal Information with its affiliates, group companies, governmental agencies, and any third parties as may be required by applicable law, or for credit reporting, statistical analysis, credit scoring, verification, or risk management processes, and the Customer shall not hold SBIC liable for such use or disclosure of this Personal Information.
8.1.5 Your Personal Information may be disclosed to meet legal obligations or lawful requests from law enforcement.
8.1.6 Business Transaction: In the event of a business sale or asset acquisition, Personal Information may be disclosed to the prospective seller or buyer. If SBIC's assets are acquired by a third party, Personal Information will be one of the transferred assets.
8.1.7 Professional Advisors: To our legal advisors for establishing, exercising, or defending our legal rights, and to other professional advisors as authorized or required by law.
8.1.8 Transferring Information Overseas:
a) We do not transfer Personal Information outside India. However, in the event that transfer is necessary, it will only be conducted in strict adherence to the DPDPA 2023 and all other applicable laws. Personal Information may be transferred to countries that receive approval for an "adequate level of protection." These approvals are granted to countries with established data protection laws or those with bilateral or multilateral agreements emphasizing the safeguarding of Personal Information.
b) Forthcoming Executive Regulations are expected to provide additional guidance on cross-border data transfers. This guidance may include a list of countries recognized for providing a satisfactory level of data protection and specific instructions and criteria for managing data transfers beyond Indian borders in full compliance with the DPDPA. Once this guidance is clear, we will update our notice accordingly. SBIC is committed to staying abreast of these developments to ensure the secure and lawful transfer of Personal Data if it becomes necessary.
9. DATA SECURITY
9.1SBIC is committed to protecting your Personal Information. SBIC implements robust security measures aligned with the applicable laws:
9.1.1 Technical and Organizational Safeguards: SBIC employs a range of technical and organizational controls to safeguard your Personal Information, including access controls, data encryption, and regular security assessments.
9.1.2 Security Measures (Examples): SBIC utilize access control policies, manage assets effectively, maintain business continuity plans, enforce password management practices, leverage two-factor authentication, implement logging and monitoring systems, prioritize network and communication security, maintain data backups, and restore procedures, and prioritize physical and environmental security.
10.DATA RETENTION
10.1 SBIC shall keep the Personal Information collected on its systems or with third parties for the duration necessary to meet the purposes outlined above (under clause 6) or longer if required in accordance with: (a) any legal and regulatory requirements, (b) the establishment, exercise, or defense of legal claims, (c) the terms set out in this Privacy Notice, or (d) specific consents obtained.
10.2 The data pertaining to declined Credit card applications will be stored in SBIC ecosystem for 3 months in case of physical documents and all digital data is stored for 3 years for various analytics purposes.
11.UIDAI DATA PRIVACY REQUIREMENTS
Personal Data Collection
11.1 SBICPSL, being an E-KYC User Agency (KUA), collects personal data including Aadhaar number/Virtual ID, directly from the Aadhaar number holder for conducting authentication with UIDAI at the time of providing E-KYC service for issuing credit card.
11.2 Specific Purpose for Collection of Personal data:
11.2.1 At SBICPSL, we collect Identity Information, including Aadhaar numbers or Virtual IDs, for the purpose of authenticating Aadhaar number holders for E-KYC services needed to issue credit cards. The identity information collected and processed is used solely in accordance with applicable laws and as permitted under the Aadhaar Act 2016 or its amendments and other relevant regulations.
11.2.2 Identity information is only used for the specified purpose and will not be used beyond this without the Aadhaar number holder's consent. Even with consent, any use of such information for other purposes is restricted to permissible purposes under the Aadhaar Act 2016. We have processes in place to ensure identity information is not used beyond the purposes outlined in the notice/consent form provided to the Aadhaar number holder.
11.3 Notice / Disclosure:
11.3.1 SBICPSL ensures that Aadhaar number holders are provided with relevant information prior to the collection of their identity information/personal data. These shall include:
a. The purpose for which personal data / identity information is being collected.
b. The information that shall be returned by UIDAI upon authentication.
c. The information that the submission of Aadhaar number or the proof of Aadhaar is mandatory or voluntary for the specified purpose and if mandatory the appropriate legal provision mandating it.
d. The alternatives to submission of identity information (if applicable).
e. The information that Virtual ID can be used in lieu of Aadhaar number at the time of Authentication.
f. The name and address of SBICPSL collecting and processing personal data.
11.4 Obtaining Consent from Aadhar Number Holder:
11.4.1 SBICPSL discloses information to Aadhaar number holders and obtains consent in writing, electronically on the website or mobile application, or through other appropriate means. Logs of the disclosure of information and the Aadhaar number holder’s consent are maintained.
11.4.2 The Legal and Compliance Department vets the verbiage for the consent to be obtained and the process for obtaining consent.
Note: Aadhaar number holders are notified of the authentication through email, phone, or SMS at the time of authentication, and SBICPSL maintains logs of these notifications.
11.5 Processing of Personal Data:
11.5.1 SBICPSL ensures that identity information, including Aadhaar numbers, and biometric/demographic information collected from Aadhaar number holders, is used solely for the Aadhaar authentication process by submitting it to the Central Identities Data Repository (CIDR). Aadhaar authentication or Aadhaar e-KYC is used for the specific purposes declared to and permitted by UIDAI. These specific purposes are notified to the Aadhaar number holder at the time of authentication through a disclosure of information notice.
11.5.2 Identity information, including Aadhaar numbers or e-KYC, is not used for any purposes other than those allowed under the Reserve Bank of India (RBI) Master Direction on Know Your Customer (KYC) Directions, 2016, as updated from time to time, other applicable regulations, the Aadhaar Act 2016, the Aadhaar & other Laws Amendment Act 2019, the Aadhaar (Authentication and Offline Verification) Regulations, 2021, the Aadhaar (Data Security) Regulations, 2016, the Aadhaar (Sharing of Information) Regulations, 2016, or any other law in force. This information is communicated to residents/customers/individuals at the time of authentication
11.5.3 For e-KYC purposes, the demographic details of the Aadhaar number holder received from UIDAI are used to identify the Aadhaar number holder specifically for issuing credit cards and providing related services for the duration of the services.
11.5.4 SBICPSL does not use identity information, including Aadhaar numbers, for any purposes other than those mandated by UIDAI.
11.6 Retention of Personal Data:
11.6.1 SBICPSL ensures that authentication transaction logs are stored for a period of two years, after which they are archived for five years or as per applicable regulations, whichever is later. Upon expiry of this period and barring any court orders or pending disputes requiring their maintenance, the authentication transaction logs are deleted.
11.7 Sharing of Personal Data:
11.7.1 SBICPSL ensures that identity information is not shared in contravention of the Aadhaar Act 2016, its amendments, regulations, and other circulars released by UIDAI from time to time. Applications and systems, including client applications used for Aadhaar authentication at SBI Card and its ecosystem partners, do not store biometric data collected during authentication under any circumstances.
11.7.2 Biometric information collected is not transmitted over any network without creating an encrypted PID block as per the Aadhaar Act and regulations. SBICPSL does not transmit or require individuals to transmit Aadhaar numbers over the Internet unless such transmission is secure and the Aadhaar number is transmitted in encrypted form, except where transmission is required for the correction of errors or redressal of grievances.
11.8 Data Security
11.8.1 SBICPSL has established data security controls to ensure Aadhaar numbers are secured at all times as mandated by the UIDAI:
a. Aadhaar numbers are collected over a secure application, transmitted over a secure channel as per UIDAI specifications, and the identity information returned by UIDAI is stored securely.
b. Biometric information, if applicable, is collected using registered devices specified by UIDAI. These devices encrypt the biometric information at the device level, and the application sends it over a secure channel to UIDAI for authentication.
c. OTP information is collected in a secure application and encrypted on the client device before being transmitted over a secure channel as per UIDAI specifications.
d. Only authorized individuals have access to the authentication application, audit logs, authentication servers, application, source code, and information security infrastructure. An access control list is maintained and regularly updated by the organization.
e. Aadhaar/VID numbers submitted by residents/customers/individuals to the requesting entity and the PID block created are not retained under any circumstance. The entity retains only the parameters received in response from UIDAI.
f. e-KYC information is stored in an encrypted form only. This encryption matches UIDAI encryption standards and follows the latest industry best practices.
g. The keys used to digitally sign the authentication request and to encrypt Aadhaar numbers in the Data Vault are stored only in HSMs, in compliance with HSM and Aadhaar Data Vault circulars.
h. SBICPSL uses only Standardization Testing and Quality Certification (STQC) or UIDAI certified biometric devices for Aadhaar authentication, if biometric authentication is used.
i. All applications used for Aadhaar authentication or e-KYC are tested for compliance with the Aadhaar Act 2016 before being deployed in production and after every change that impacts the processing of identity information. These applications are audited annually by information systems auditors certified by STQC, CERT-IN, or any other UIDAI-recognized body.
j. In the event of an identity information breach, SBICPSL notifies UIDAI with the following information:
I. Description of the breach
II. Impact of the breach
III. Brief description of the number of Aadhaar number holders affected and the number of records affected
IV. Contact details of the Data Protection Officer
V. Measures taken to mitigate the identity information breach
k. Appropriate security and confidentiality obligations are implemented in nondisclosure agreements (NDAs) with employees, contractual agencies, consultants, advisors, and other personnel handling identity information.
l. Best practices in data privacy and data protection based on international standards are adopted.
m. The response received from CIDR in the form of authentication transaction logs is stored with the following details:
I. The Aadhaar number against which authentication is sought. In cases where the Aadhaar number is not returned by UIDAI and storage is not permitted, the respective UID token is stored in place of the Aadhaar number.
II. Specified parameters received as authentication response
III. Record of disclosure of information to the Aadhaar number holder at the time of authentication
IV. Record of consent from the Aadhaar number holder for authentication, but the PID information is not retained in any event.
n. An Information Security Policy in line with ISO27001 standards, UIDAI-specific Information, and the Aadhaar Act 2016 is formulated to ensure the security of identity information.
11.9 Rights of the Aadhaar Number Holder:
11.9.1 The Aadhaar number holder has the right to obtain and request updates of identity information stored with SBICPSL, including authentication logs. The collection, storage, and sharing of core biometric information are protected by Section 29 of the Aadhaar Act 2016; therefore, the Aadhaar number holder cannot request core biometric information.
11.9.2 SBICPSL provides a process for the Aadhaar number holder to view their stored identity information and request updates after verifying their identity. If an update is required from UIDAI, the Aadhaar number holder is informed accordingly.
11.9.3 The Aadhaar number holder can revoke consent given to SBICPSL for storing their e-KYC/ Aadhaar KYC data at any time. Upon receiving such a revocation request, SBICPSL will delete the e-KYC/Aadhaar KYC data in a verifiable manner and provide an acknowledgement to the Aadhaar number holder. This is provided the data is not required to be retained under any other applicable regulatory guideline, statutory requirement, court order, or pending dispute. In such cases, the Aadhaar number holder will be informed accordingly.
11.9.4 The Aadhaar number holder has the right to lodge a complaint with the Data Protection Officer, who is responsible for monitoring the processing of identity information to ensure it is not in contravention of the law
11.10 Aadhaar Number Holder Access request:
11.10.1 SBICPSL has formulated a process to handle queries and facilitate the exercise of rights of Aadhaar number holders with respect to their identity information/personal data. As part of this process, it is mandatory to authenticate the identity of the Aadhaar number holder before providing access to any identity information. All requests from Aadhaar number holders are formally recorded and responded to within a reasonable period. Compliance with relevant data protection/privacy laws is ensured.
11.11 Privacy by Design
11.11.1 SBICPSL has established processes to embed privacy aspects at the design stage of any new systems, products, processes, and technologies involving the processing of identity information of Aadhaar number holders. SBICPSL, in possession of Aadhaar numbers, does not make public any database or records of the Aadhaar numbers unless they have been redacted or blacked out through appropriate means, both in print and electronic form.
11.11.2 Before going live with any new process involving the processing of identity information, SBICPSL ensures that a Disclosure of Information/Privacy Notice in compliance with the Aadhaar Act 2016 is provided to residents/customers/individuals, and Public that consent is obtained and recorded in compliance with the Aadhaar Act 2016. Quarterly self-assessments are conducted to ensure compliance with disclosure of information and consent requirements. Privacy-enhancing organizational and technical measures such as anonymization, de-identification, and minimization are implemented to ensure the collection of identity information is adequate, relevant, and limited to the purpose of processing.
11.12 Grievance Redressal Mechanism
11.12.1 Aadhaar number holders with grievances about processing can contact SBICPSL's Data Protection Officer/Grievance Officer through multiple channels such as the website, phone, etc.
11.12.2 Reasonable measures are taken to inform residents/customers/individuals about the Data Protection Officer and their contact details.
11.12.3 The contact details of the Data Protection Officer/Grievance Officer and the format for filing a complaint are displayed on SBICPSL's website and other commonly used mediums for interaction with residents/customers/individuals.
11.12.4 Where the medium of interaction is not electronic (such as physical), posters/notices prominently visible are used to display the name of the Data Protection Officer/Grievance Officer and contact details.
11.12.5 If any issue is not resolved through consultation with SBICPSL's management, Aadhaar number holders can seek redressal through mechanisms specified in Section 33B of the Aadhaar Act, 2016.
12. CHANGES TO PRIVACY NOTICE
12.1 SBIC reserves the right to update this Privacy Notice periodically. SBIC ensures these changes align with any evolving legal requirements or significant modifications to SBIC’s personal information handling practices.
12.2 By using our Services after such update, you consent to updates made to this Privacy Notice. We encourage you to periodically review this Privacy Notice for the latest information on our privacy practices.
13.CONTACT US
13.1 If you have comments, questions, issues or requests relating to this Privacy Notice, please contact our Data Protection Officer (DPO) via email or write us at the address below:
Address: SBI Card, 2nd Floor, DLF Infinity Towers, Tower B, DLF Cyber City, Gurgaon, Haryana, India-122002 Email: dpo@sbicard.com.