Privacy

- We will only collect/store/process data about You that is necessary for the business relationship which We have with You. Some information is directly collected from You. We also process personal data from a range of other third party sources, which may include publicly available sources (e.g. the press, registers of companies or assets, internet websites, including social media platforms like Linked-In) and from providers of business-risk screening services, such as credit reference agencies, anti-fraud databases, sanctions list and databases of news articles.

- If you exchange emails, telephone conversations or other electronic communications with us and our employees, our information technology systems may record details of those communications, including their content. 

- Our premises have closed circuit TV systems and building access controls for security and safety purposes which may record you if you visit our premises. 

- The types of personal data that We process may include (but are not limited to): 

- Name, address and other contact information (telephone, e-mail address), marital status, dependants; 

- KYC (“Know Your Customer”) records, such as passport details, Residency ID, specimen signature.

- Financial information such as such as employment, Employer / business details (including salary certificates), bank / investment statements, portfolio details, financial statement of company, wealth information. 

- Data relating to your usage of our IT platforms (including electronic communications), and your engagement with our marketing activities. 

- Dietary and access requirements (e.g. for event organization purposes). 

We process personal data in accordance with the DIFC DP Law.

3.1. For fulfilment of contractual obligations

It may be necessary for us to process Your personal data in order to perform a contract with You relating to our banking and financial services business, or to take steps at Your request prior to entering into a contract. For further details, please refer to Your contractual documentation with us.

3.2. In the context of legitimate interests

Where necessary, We process Your personal data to serve our legitimate interests or those of a third party (the law permits this only insofar as such interests are not outweighed by your legitimate interests). Cases where We may rely on our legitimate interests to process Your personal data include (but are not limited to):

- Know-Your-customer and creditworthiness checks; 

- Client and vendor relationship management; 

- Business analysis and development of products and services;

- Monitoring of electronic communications for business and compliance purposes; 

- Prevention and detection of financial crime; 

- Evaluating, bringing or defending legal claims; 

- Marketing of DB group products (unless You have objected/unsubscribed); 

- Audits; 

- Risk control; 

- Business restructurings. 

3.3. As a result of your consent

If We wish to process Your personal data in a way not covered by the legal justifications above, We would need Your consent. Where You give consent, You are entitled to withdraw it at any time. Note that withdrawing Your consent does not render our prior handling of Your personal data unlawful and that it might have an impact on our ability to continue to provide our services in the same way in future. (e.g. analysis of trading activities for marketing purposes or an invitation to an event).

3.4. Where necessary for compliance with Applicable Law

As a bank, We are subject to a number of statutory and regulatory obligations that may require us to collect, store or disclose personal data, such as for anti-money laundering purposes or to respond to investigations or disclosure orders from the police, regulators of HDFC Bank Group entities, and tax or other public authorities (including outside the DIFC).

Where necessary to fulfil Your instructions to us and for the other purposes outlined above, We may share information about You with a range of recipients including (but not limited to) the following: 

- credit reference agencies,  

- background screening providers,  

- financial institutions, funds, 

- payment recipients, payment and settlement infrastructure providers,  

- exchanges,  

- regulators, 

- courts,  

- public authorities (including tax authorities),  

- HDFC Bank Group entities and service,

- Providers, professional advisors, auditors, insurers and potential purchasers of elements of our business.  

These recipients could be located outside the DIFC. We will only disclose information about You as permitted under the contractual terms We have in place with You, data protection law and client confidentiality obligations. 

HDFC Bank Limited have its registered office at Senapati Bapat Marg, Lower Parel (West), Mumbai 400013, Mumbai, India and also includes its branches in and outside India and subsidiary companies. 

And hence, information relating to You may, in line with the purposes described above, be transferred outside the DIFC. However, such transfers will only be made where permitted by DIFC law as long as: 

- We have provided appropriate or suitable safeguards in accordance with the DIFC DP Law and enforceable data subject rights and effective legal remedies for data subjects are available; 

- One of the specific derogations in the DIFC DP Law (Article 27(3)) applies (including, but not limited to, where you have explicitly consented to the proposed transfer in accordance with the DIFC DP Law); or 

- The limited circumstances set out in the DIFC DP Law (Article 27(4)) apply. 

Please contact us if you would like to request to see a copy of the specific safeguards applied to the export of your information. 

We will process and store clients’ personal data for as long as it is lawful for us to do so. In making decisions about how long to retain data We take account of the following: 

- The termination date of the relevant contract or business relationship; 

- Any retention period required by law, regulation or internal policy; 

- Any need to preserve records beyond the above periods in order to be able to deal with actual or potential audits, tax matters or legal claims. 

In relation to your personal data, and to the extent permitted under the DIFC DP Law, you have the right: 

- To access and to obtain a copy of your Personal Data as processed by HDFC Bank. 

- Withdraw any consent You have given regarding the processing of Your personal data. 

- Request rectification of the personal data that We hold about You. This enables You to have incomplete or inaccurate data that We hold about You corrected. 

- Request erasure of Your personal data. This enables You to ask us to delete Your personal data where there is no good reason for us continuing to process it. 

- Request not to be subject to automated decision making. This enables you to ask us not to make a decision about you that affects your legal position (or has some other significant effect on you) based purely on automated processing of your data. (We do not as a rule make decisions of this nature based solely on automated processing and without any human assessment whatsoever. We would notify you specifically if we did.).

- Object to processing of Your personal data at any time on reasonable grounds relating to Your situation. The right to object only applies where Our lawful basis for processing your data is that it is necessary in the public interest or for our (or another party’s) legitimate interests. You also have the right to object to any use of your personal data for direct marketing purposes by Us and to be given prior notice of disclosure of your data to third parties for direct marketing purposes (or such use of it by Us on their behalf) so that You may object if You wish. 

- Request the restriction or blocking of processing of Your personal data. You have the right to block or limit the processing or use of your personal data in certain circumstances. This enables You to ask us to suspend the processing of Your data, such as during the period of time it might take us to respond to a claim by You that the data is inaccurate or that our legitimate interests in processing it are outweighed by Yours. 

- Right to portability of Your Personal Data, meaning that You have the right to receive Personal Data that You have provided to Us in a structured, commonly used and machinereadable. You also have the right to direct us to transfer this data to any other person where technically feasible. 

To exercise any of these rights, please write to Your usual contact at HDFC Bank in the DIFC or the Compliance Officer via the contact details given in section 1. 

You are also entitled to submit any complaint You may have to the data protection regulator, the DIFC Commissioner of Data Protection, via email to commissioner@dp.difc.ae or via regular mail sent to the DIFC main office: Office of the Commissioner of Data Protection, The Gate, Level 14, DIFC P.O. Box 74777, Dubai, UAE, Tel: +971 (0)4 362 2223. 

You are not required by law to provide us with Your personal data. However, if You refuse to do so We may not be able conduct further business with You. For example, in order to satisfy our antimoney laundering obligations We have to verify the identity of our clients. This inevitably requires us to collect certain personal data from current and prospective clients. 

We may update this privacy notice from time to time in order to clarify it or address changes in law or our business operations. We will notify You if We make any substantial updates and You can always access the current version at the following Website address: 
www.hdfcbankdifc.com