Customer Confidentiality and privacy is of utmost concern to India Post Payments Bank (IPPB). The Policy represents the minimum standards that IPPB has set with respect to data privacy. It aligns with (and in some cases exceeds) the requirements of applicable laws and regulations.
Personally Identifiable Information (“PII”) refers to any information such as name, addresses, email addresses, passport number, Income, PAN, details of nominees, etc. that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
IPPB values the Personal Data entrusted to it and the Bank is committed to collecting, using, retaining and disclosing Personal Data in a fair, transparent and secure way.
Personal Data shall be collected by fair, lawful and transparent means. IPPB shall be open with individuals about how the Bank will use their Personal Data, with whom it shares and where it may be sent.
Personal Data required for authorized business activities shall be collected from the provider. Personal Data shall not be made available to anyone (including internal staff) who are not authorized, or do not have a business need to know the information.
The Personal Information collected or stored by IPPB, shall be available for view by any third party by an order under the law for the time being in force and the providers of information who provided information under lawful contract.
IPPB shall not be responsible for the authenticity of the personal information or information supplied by the provider of information. Personal Data shall be retained no longer than required, to support a specific business activity or legal or regulatory requirement (if any).
IPPB shall ensure that access to and transfers of Personal Data to third parties are carried out only if it is necessary for the performance of the lawful contract between IPPB or any person on its behalf and provider of information or where such person has consented to data transfer and with suitable contractual protections. Due diligence activities shall be conducted to ensure that the third party has appropriate security & privacy controls in place prior to sharing of any PII data.