• Favourites
  • Search
  • ×

    Popular Search

PRIVACY NOTICE


Data Protection Legislation means (i) before 25 May 2018, the EU Data Protection Directive 95/46 and all national implementing laws (including the UK Data Protection Act 1998); and (ii) on or after 25 May 2018, the EU General Data Protection Regulation 2016/679 ("GDPR"); together with all other applicable and national implementing legislation relating to privacy or data protection; and where we use the terms "personal data", "data subject", "controller", "processor" and "process" (and its derivatives), such terms shall have the meanings given to them in the Data Protection Legislation.

INTRODUCTION

ICICI Bank UK PLC (ICICI Bank) is committed to keeping your personal data private. We shall process any personal data we collect from you in accordance with Data Protection Legislation and the provisions of this Privacy Notice. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

DATA CONTROLLER

For the purpose of the GDPR ICICI Bank is the data controller of your information. This means that we are responsible for deciding how we hold and use your personal data. We are required under Data Protection Legislation to notify you of the information contained in this Privacy Notice.

DATA PROTECTION OFFICER

We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your personal data, please contact the DPO at the contact details set out below.

COLLECTING INFORMATION FROM YOU

ICICI Bank will collect and process your personal data you provide us through the platform and electronic communication (including telephone conversations) in order to provide our services to you.

THE KIND OF INFORMATION WE HOLD ABOUT YOU

We may collect, store, and use the following categories of data about you:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, title and date of birth.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses (if any).
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Cookies (please see our COOKIES policy)

Please note, however, that in certain circumstances it may be still lawful for us to continue processing this information even where consent has been withdrawn, if one of the other legal bases described below is applicable.

LAWFUL GROUNDS FOR USING YOUR INFORMATION

We are permitted to process your personal data in compliance with Data Protection Legislation by relying on one or more of the following lawful grounds:

  • You have explicitly agreed to us processing such information for a specific reason.
  • The processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you.
  • The processing is necessary for compliance with a legal obligation we have.
  • The processing is necessary for the purposes of a legitimate interest pursued by us, which might be:
    • to provide services to you;
    • to ensure that our customer accounts are well-managed;
    • to prevent, detect, investigate and prosecute fraud and alleged fraud and other crimes and to verify your identity in order to protect our business and to comply with laws that apply to us and/or where such processing is a contractual requirement of the services or financing you have requested;
    • to protect our business interests;
    • to ensure that complaints are investigated;
    • to evaluate, develop or improve our services; or
    • to keep our customers informed about relevant services, unless you have indicated at any time that you do not wish us to do so.
PURPOSES OF PROCESSING

Specifically, we may use your information for the following purposes and under the following legal bases:



Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new customer (a) Identity
(b) Contact
Performance of a contract with you
To process and deliver your order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy notice
(b) Asking you to leave a review or take a survey
(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to partake in a prize draw, competition or complete a survey (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical
(b) Usage
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
(f) Marketing and Communications
Necessary for our legitimate interests (to develop our products/services and grow our business)
AUTOMATED DECISION MAKING

We may also carry out automated anti-money laundering and sanctions checks. This means that we may automatically decide that you pose a fraud or money laundering risk if the processing reveals your behaviour to be consistent with that of known fraudsters or money launderers, is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk: (i) we may refuse to provide the services you have requested, or we may stop providing existing services to you; and (ii)a record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services or employment to you.

If you have any questions about this, please contact us on the details set out below.

INFORMATION SHARING

We keep all your personal dataconfidential. However, in order to be able to service your needs to the best of our ability, we may share any information you provide to us with our agents, counterparties and support service or data providers, wherever located. We will ensure that if we share such information with third parties, any such disclosure is at all times in compliance with Data Protection Legislation.

To help us provide services, your data will be processed internally and externally by other third parties. We use third parties for administrative, servicing, monitoring and storage of your data. We will outsource some services to third parties whom we consider capable of performing the required processing activities so that there is no reduction in the service standard provided to you by us.

The recipients or categories of recipients, of your information may be:

  • Any revenue service or tax authority including to HMRC, if obliged to do so under applicable regulations. For Common Reporting Standards and FATCA, we may also have to report your account(s) to the necessary tax authorities.
  • UK and overseas regulators and authorities in connection with their duties (such as crime prevention).
  • Anyone to whom we may transfer our rights and/or obligations.
  • Any other person or organisation after a restructure, sale or acquisition, as long as that person uses your information for the same purposes as it was originally given to us or used by us (or both).
  • Fraud prevention agencies and law enforcement agencieswho will use it to prevent fraud and money-laundering and to verify your identity if false or inaccurate information is provided by you and fraud is identified. We, fraud prevention agencies and law enforcement agencies may access and use your informationfor example, when recovering debt.

For further information please refer to our product specific terms and conditions and application form.

DETAILS OF DATA TRANSFERS OUTSIDE THE EU

Information about you in our possession may be transferred to other countries outside the European Economic Area for any of the purposes described in this Privacy Notice.

You and they understand and accept that these countries may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information it holds and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process. In addition, a number of countries have agreements with other countries providing for exchange of information for law enforcement, tax and other purposes.

When we, or our permitted third parties, transfer information outside the European Economic Area, we or they will impose contractual obligations on the recipients of that data to protect such information to the standard required in the European Economic Area. We or they may require the recipient to subscribe to international frameworks intended to enable secure data sharing. In the case of transfers by us, we may also transfer your information where the transfer is to a country deemed to provide adequate protection of your information by the European Commission or you have consented to the transfer.

If we transfer your information outside the European Economic Area in other circumstances (for example because we have to provide such information by law), we will use best endeavours to put in place appropriate safeguards to ensure that your information remains adequately protected.

RETENTION AND DISPOSAL OF DATA AND OUTPUT

We will only keep the information we collect about you on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate and up-to-date and still required.

We will normally destroy or erase data after statutory timelines lapse. However, we may retain your information, or information relating to your account after you cease to be a customer for longer than this, provided it is necessary for a legal, regulatory, fraud prevention or other legitimate business purpose.

STORAGE OF YOUR PERSONAL DATA AND DATA SECURITY

All information you provide to us is stored in secured servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know basis. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Please read the section on our websiterelating to online security which can be accessed here Terms of Use.

OUR COMMUNICATION WITH YOU

We may communicate with you via electronic mail (e-mail) (in which case we will never ask you for your password) or the platform.

When you contact us through any of our communication channels we will verify your identity by asking you a number of questions based on information known to us about you and the transactions on your account. We may record your calls for training, quality and security purposes.

MARKETING INFORMATION

We may use your information from time to time to inform you by letter, telephone, text (or similar) messages, email or other electronic means, about services or products which may be of interest to you.

You may, at any time, request that we cease or do not send such information by one, some or all channels, by contacting us using the contact details set out below.

RIGHTS OVER YOUR PERSONAL DATA

Under certain circumstances, by law you have the right to:

  • Be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third party sources from which it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance and envisaged consequences).
  • Object to your personal data being processed for a particular purpose or to request that we stop using your information.
  • Request not to be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data.
  • Ask us to transfer a copy of your personal data to you or to another service provider or third party where technically feasible and otherwise required by applicable regulations.
  • Withdraw, at any time, any consent that you have previously given to us for our use of your personal data.
  • Ask us to stop or start sending you marketing messages at any time.
  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us.
  • Request the erasure of your personal data. This enables you to ask us to delete or remove personal data where you think that we do not have the right to process it.

Any request for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will provide this information free of charge unless the request is manifestly unfounded or excessive. We will comply with our legal obligations as regards any individual’s rights as a data subject.

If you would like to contact us in relation to any of the rights set out above please contact us using the following contact details. To protect your privacy and security, we may take reasonable steps to verify your identity before providing you with the details.

Ms Sonal Chopra, The Data Protection Officer, ICICI Bank UK PLC, One More Town, Thomas More Street, London, E1W 1YN.

RIGHT TO COMPLAIN TO THE ICO

You can contact the ICO if you have any concerns about how ICICI Bank has handled your personal data and you also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can contact the ICO via their helpline on 0303 123 1113. You can find out more information about your rights as a data subjects, their regulatory powers and actions they can take on their website https://ico.org.uk/

THIS PRIVACY NOTICE

The content or services mentioned on our website may be changed in future and consequently this Privacy Notice may also change. Any changes we may make to this Privacy Notice in the future will be posted on this page and where appropriate, notified to you by email. We recommend that you re-visit this page regularly and inform us if you do not agree to any term mentioned here.