Website and Mobile App Privacy Policy
Introduction
Welcome to the website and mobile application ("app") of The Commercial Co-operative Bank Ltd. ("the Bank"). Our website and mobile app provide users with access to a range of banking services including account management, fund transfers, financial transactions, and information about our products and services.
This privacy policy is designed to inform you about the collection, use, and disclosure of personal information when you use our website or mobile app collectively referred to as the "services." Protecting your privacy and ensuring the security of your personal information are core priorities for us at The Commercial Co-operative Bank Ltd. We are committed to maintaining the confidentiality, integrity, and security of the information entrusted to us by our customers.
By accessing or using our website or mobile app, you consent to the collection, use, and disclosure of your personal information as outlined in this privacy policy. We urge you to carefully review this policy to understand how we collect, utilize, and safeguard your information.
This privacy policy encompasses:
- Details regarding the types of personal information we collect from you when you utilize our services including but not limited to name, contact details, financial information, and transactional data.
- Insight into how we utilize and process your personal information to provide you with efficient and personalized banking services tailored to your needs and preferences.
- Circumstances under which we may share your personal information with trusted third parties as required to fulfill our contractual obligations or as mandated by law.
- Your rights concerning the collection, use, and rectification of your personal information, including the procedures through which you can access, update, or delete your data.
- Comprehensive measures we implement to safeguard the security, confidentiality, and integrity of your personal information including robust data encryption, access controls, and regular security audits.
Statements of Practices and Policies
1.1 The Bank recognizes that one of its fundamental responsibilities is to ensure that the Bank protects personal information entrusted to the Bank by its customers. This is critical for the maintenance of the Bank’s reputation and for complying with its legal and regulatory obligations to protect the Bank's customer information. The Bank also follows a transparent policy to handle personal information of its customers.
1.2 In this Policy, personal information means any information that relates to a natural person which either directly or indirectly in combination with other information available or likely to be available with the Bank is capable of identifying such person.
1.3 The Policy is in compliance with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (the “IT Rules”) contained in the Information Technology Act 2000.
1.4 The Policy is in compliance with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (the “IT Rules”) contained in the Information Technology Act 2000.
Applicability
This Policy is applicable to personal information collected by the Bank directly from the customer or through the Bank’s online portals, electronic communications, as also any information collected by the Bank’s server from the customer’s browser.
Accuracy
The Bank shall have processes in place to ensure that the personal information residing with it is complete, accurate, and current. If at any point in time there is a reason to believe that personal information residing with the Bank is incorrect, the customer may inform the Bank in this regard. The Bank shall correct the erroneous information as quickly as possible.
Definitions and Key Terms
To help explain things as clearly as possible in this Privacy Policy, every time any of these terms are referenced, they are strictly defined as:
- Cookie: Small amount of data generated by a website and saved by your web browser. It is used to identify your browser, provide analytics, and remember information about you, such as your language preference or login information.
- Bank: When this policy mentions “Bank,” “we,” “us,” or “our,” it refers to The Commercial Co-operative Bank Ltd. that is responsible for your information under this Privacy Policy.
- Country: Where https://www.commercialcoopbank.com or the owners/founders of https://www.commercialcoopbank.com are based, in this case, is India.
- Customer: Refers to the Bank, organization, or person that signs up to use the https://www.commercialcoopbank.com Service to manage the relationships with your consumers or service users.
- Device: Any internet-connected device such as a phone, tablet, computer, or any other device that can be used to visit https://www.commercialcoopbank.com and use the services.
- IP address: Every device connected to the Internet is assigned a number known as an Internet Protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet.
- Personnel: Refers to those individuals who are employed by The Commercial Co-op Bank Ltd. or are under contract to perform a service on behalf of one of the parties.
- Personal Data: Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
- Service: Refers to the service provided by https://www.commercialcoopbank.com as described in the relative terms (if available) and on this platform.
- Website: The Commercial Co-op Bank Ltd.’s site, which can be accessed via this URL: https://www.commercialcoopbank.com
- You: A person or entity that is registered with https://www.commercialcoopbank.com to use the Services.
Purpose of Collection and Usage of Personal Information
- The Bank shall use the information collected to manage its business and offer an enhanced, personalized online experience on its website. Further, it shall enable the Bank to:
- Process applications, requests and transactions
- Maintain internal records as per regulatory guidelines
- Provide services to customers, including responding to customer requests
- Comply with all applicable laws and regulations
- Recognize the customer when he conducts online banking
- Understand the needs and provide relevant product and service offers
- If a customer does not wish to provide consent for the usage of their sensitive personal data or information, or later withdraws consent, the Bank shall have the right not to provide services or to withdraw the services for which the information was sought from the customer.
What Information Do We Collect?
- Personal Information: This includes but is not limited to names, addresses, contact details, identification documents, and any other data provided voluntarily by the end user.
- Financial Information: The Commercial Co-op Bank Ltd. may collect financial data such as account numbers, transaction details, credit history, and income statements to provide banking services effectively.
- Technical Information: When accessing our website or utilizing online services, we may collect technical data such as IP addresses, device information, browser types, and other similar details for security and optimization purposes.
When Do We Use End User Information from Third Parties?
- Verification Purposes: The Commercial Co-op Bank Ltd. may use information obtained from third-party sources to verify the identity of end users, prevent fraud, and ensure compliance with regulatory requirements.
- Enhancing Services: Information from third parties might be utilized to enhance our services, personalize user experiences, and offer tailored financial products based on the end user's preferences and needs.
- Legal Obligations: In certain circumstances, The Commercial Co-op Bank Ltd. may be legally obligated to obtain information from third parties to fulfill regulatory obligations, respond to legal requests, or comply with court orders.
When Do We Use Customer Information from Third Parties?
We receive some information from third parties when you contact us. For example, when you submit your email address to us to show interest in becoming a The Commercial Co-op Bank Ltd. customer, we receive information from a third party that provides automated fraud detection services to https://www.commercialcoopbank.com.
We also occasionally collect information that is made publicly available on social media websites. You can control how much of your information social media websites make public by visiting these websites and changing your privacy settings.
Disclosure/Sharing of Information
- The Bank shall not disclose personal information of its customers without their prior consent unless such disclosure has been agreed to in a contract between the body corporate and customer, or where the disclosure is necessary for compliance with a legal obligation. In case the Bank discloses personal information to third parties, such third parties shall be bound contractually to ensure that they protect customer personal information in accordance with applicable laws.
- The above obligations relating to sharing of personal data or information shall not apply to information shared with government agencies mandated under the law to obtain such information or by an order under law for the time being in force. Further, if any personal data or information is freely available or accessible in the public domain, the Bank shall not have any obligations regarding the same.
- No specific information about customer accounts or other personally identifiable data shall be shared with nonaffiliated third parties unless any of the following conditions is met:
- To help complete a transaction initiated by the customer
- To perform support services through an outsourced entity provided it conforms to the Privacy Policy of the Bank
- The customer/applicant has specifically authorized it
- Conform to legal requirements or comply with legal process
- The information is shared with government agencies mandated under law
- The information is shared with any third party by an order under the law
- Protect and defend the Bank's rights, interests, or property
- Enforce the terms and conditions of the products or services
- Act to protect the interests of the Bank, its members, constituents, or other persons
Do We Share the Information We Collect with Third Parties?
- The Commercial Co-op Bank Ltd. does not sell, rent, or lease end user information to third parties for marketing purposes.
- However, we may share information with trusted third-party service providers or business partners who assist us in operating our website, conducting business, or servicing end users, provided that they agree to keep this information confidential and use it only for the purposes outlined by The Commercial Co-op Bank Ltd.
- Additionally, we may disclose information when required by law, to enforce our site policies, or to protect ours or others' rights, property, or safety.
Where and When is Information Collected from Customers and End Users?
The website will collect personal information that you submit to us. We may also receive personal information about you from third parties as described above.
How Do We Use the Information We Collect?
- Provision of Services: The information collected is primarily used to provide banking services, process transactions, and manage accounts in accordance with end user preferences and instructions.
- Personalization: We may use information to personalize the end user experience, including offering tailored financial products, promotions, or recommendations based on their financial needs and behavior.
- Communication: Information collected may be used to communicate with end users regarding account updates, transaction confirmations, service alerts, and other relevant information related to their banking activities.
- Improvement of Services: We analyze collected data to improve our products, services, and website functionality, including identifying trends, troubleshooting issues, and enhancing security measures.
- Compliance and Legal Requirements: Collected information may be used to comply with legal obligations, regulatory requirements, and internal policies, including anti-money laundering laws, fraud prevention, and risk management.
How Do We Use Your Email Address?
- The Commercial Co-op Bank Ltd. may use end users' email addresses to communicate important updates, account-related information, promotional offers, and other relevant notifications related to our services.
- End users may opt-in or opt-out of receiving promotional emails or newsletters from The Commercial Co-op Bank Ltd. at any time by adjusting their email preferences through the provided options or contacting customer support.
How Long Do We Keep Your Information?
We keep your information only as long as we need it to provide services to you and fulfill the purposes described in this policy. This also applies to anyone with whom we share your information and who carries out services on our behalf. When we no longer need to use your information and there is no need for us to keep it to comply with our legal or regulatory obligations, we’ll either remove it from our systems or depersonalize it so that we can't identify you.
How Do We Protect Your Information?
- The Commercial Co-op Bank Ltd. employs industry-standard security measures to protect the confidentiality, integrity, and availability of end user information. The security of personal information is a priority and shall be ensured by maintaining physical, electronic, and procedural safeguards that meet applicable laws to protect customer information against loss, misuse, damage, and unauthorized access, modifications, or disclosures. Employees shall be trained in the proper handling of personal information. When other companies are used to provide services on behalf of the Bank, it shall ensure that such companies protect the confidentiality of personal information they receive in the same manner the Bank protects. The Bank shall continuously review and enhance its security policies and security measures to consistently maintain a high level of security.
- These measures include but are not limited to:
- Encryption: Utilizing encryption protocols to safeguard data during transmission and storage.
- Access Controls: Implementing access controls to ensure that only authorized personnel can access sensitive information.
- Regular Security Audits: Conducting regular audits to identify and address security vulnerabilities.
- Employee Training: Providing training to employees to raise awareness about security best practices and protocols.
- Physical Security: Implementing physical security measures to protect servers, data centers, and other infrastructure.
- Despite our best efforts, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
Security and Confidentiality of Customer Data
- As per Information Systems security policies and procedures implemented in the Bank, the Bank has implemented administrative, physical, and technical safeguards to protect electronic personal data from loss, misuse, and unauthorized access. Customers’ personal data shall be stored on a secured database.
- The Bank shall not sell personal data to any third party or anybody and shall remain fully compliant with confidentiality of the data as per law.
- The Bank shall share customers’ personal data with third parties only if required for business purposes and only after implementing adequate controls to ensure the maintenance of confidentiality and security of the data by the concerned third party.
- Auto Read OTP Functionality: It is recommended that each process of OTP validation shall have an auto-read facility of OTP in the Mobile application. Whenever the OTP is sent to the customer, the mobile app shall auto-populate the OTP in the required field instead of entering it by keypad.
- SMS Forwarding App / Remote Access App: It is recommended that the Mobile Application can identify “SMS forwarding Apps” and “Remote Access Apps” installed on the User’s handset. Based on the “AppID” of these kinds of Apps, the Mobile App shall restrict users from accessing the application if any listed apps are installed.
- SMS Delivery Status Facility: The SMS vendor should have a callback facility available to verify the status of SMS sent from our end, and also have “SMS Delivery Receipt Check” to know the delivery status of the SMS forwarded from our end.
- Mobile Banking Application: The Mobile Banking Application shall have the ability to read/detect installed applications on the user’s device and upload this information to the Bank’s secure server for safe tracking of existing applications. The app shall prohibit/restrict Mobile Banking Application usage if any listed applications, such as remote access applications and SMS forwarder applications, are detected.
- By agreeing to the terms within the Mobile Banking application and the written consent form undertaken from the user during opting for mobile banking features, it will be considered that the user has provided affirmative consent for all the above-mentioned disclosures.
Data Usage
The Bank shall use customers’ personal data only for the purpose for which it is collected. The Bank is committed to ensuring that personal data is kept strictly confidential. However, personal data may be disclosed to regulatory authorities for the purposes of obtaining regulatory approval in accordance with applicable legal requirements, or otherwise to comply with applicable legal requirements.
Is the Information Collected Through the Website Secure?
We take precautions to protect the security of your information. We have physical, electronic, and managerial procedures to help safeguard, prevent unauthorized access, maintain data security, and correctly use your information. However, neither people nor security systems are foolproof, including encryption systems. In addition, people can commit intentional crimes, make mistakes, or fail to follow policies. Therefore, while we use reasonable efforts to protect your personal information, we cannot guarantee its absolute security. If applicable law imposes any non-disclaimable duty to protect your personal information, you agree that intentional misconduct will be the standards used to measure our compliance with that duty.
Can I Update or Correct My Information?
- End users have the right to update or correct their personal information held by The Commercial Co-op Bank Ltd. by contacting us directly through the provided contact information.
- We will make reasonable efforts to ensure that the information we hold about end users is accurate, complete, and up-to-date. End users may be required to provide verification of their identity before any updates or corrections are made.
Privacy Policy for SMS Autofill
This Privacy Policy describes how the Mobile Banking app collects, uses, and protects the information you provide when using the SMS autofill feature in our services.
Information We Collect :
- SMS Content: The Mobile Banking app may access and analyze the content of SMS messages to provide autofill suggestions for relevant information such as OTPs (One-Time Passwords) or transaction details.
- Metadata: We may collect metadata associated with SMS messages, such as sender information, timestamps, and message status.
- Usage Data: The Mobile Banking app may collect data related to your use of the SMS autofill feature.
- Improving Autofill Accuracy: We use the information collected to improve the accuracy and relevance of autofill suggestions provided to you.
- Security and Fraud Prevention: We use the information to enhance the security of SMS autofill and prevent fraudulent activities.
How We Use Your Information :
Sharing of Information:
The Bank does not share your SMS autofill data with third parties except as described in this Privacy Policy or with your explicit consent.
Data Retention:
We retain SMS autofill data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law.
Personnel
If you are a The Commercial Co-op Bank Ltd. worker or applicant, we collect the information you voluntarily provide to us. We use the information collected for Human Resources purposes in order to administer benefits to workers and screen applicants. You may contact us to:
- Update or correct your information.
- Change your preferences with respect to communications and other information you receive from us.
- Receive a record of the information we have relating to you. Such updates, corrections, changes, and deletions will have no effect on other information that we maintain or information that we have provided to third parties in accordance with this Privacy Policy prior to such update, correction, change, or deletion.
Sale of Business
In the event of a sale, merger, acquisition, or transfer of assets involving The Commercial Co-op Bank Ltd., customer information may be transferred or disclosed as part of the transaction. We will take reasonable steps to ensure that the acquirer or successor entity continues to adhere to this privacy policy and protects the confidentiality, integrity, and security of customer information in accordance with applicable laws and regulations.
End users will be notified of any such transaction and any changes to the privacy policy through the website or other appropriate channels. By continuing to use the services of The Commercial Co-op Bank Ltd. after such notification, end users consent to the transfer of their information as described herein.
Affiliates
We may disclose information (including personal information) about you to our Corporate Affiliates. For purposes of this Privacy Policy, "Corporate Affiliate" means any person or entity which directly or indirectly controls, is controlled by, or is under common control with The Commercial Co-op Bank Ltd., whether by ownership or otherwise. Any information relating to you that we provide to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this Privacy Policy.
Governing Law
This Privacy Policy is governed by the laws of the United States of America without regard to its conflict of laws provisions. You consent to the exclusive jurisdiction of the courts in connection with any action or dispute arising between the parties under or in connection with this Privacy Policy except for those individuals who may have the rights to make claims under Privacy Shield or the Swiss-US framework.
The laws of the United States of America, excluding its conflicts of law rules, shall govern this Agreement and your use of the website. Your use of the website may also be subject to other local, state, national, or international laws.
By using https://www.commercialcoopbank.com or contacting us directly, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, you should not engage with our website or use our services. Continued use of the website, direct engagement with us, or following the posting of changes to this Privacy Policy that do not significantly affect the use or disclosure of your personal information will mean that you accept those changes.
Your Consent
We've updated our Privacy Policy to provide you with complete transparency into what is being set when you visit our site and how it's being used. By using The Commercial Co-op Bank Ltd., registering an account, you hereby consent to our Privacy Policy and agree to its terms.
Blocking and Disabling Cookies and Similar Technologies
Wherever you're located, you may also set your browser to block cookies and similar technologies, but this action may block our essential cookies and prevent our website from functioning properly, and you may not be able to fully utilize all of its features and services. You should also be aware that you may also lose some saved information (e.g., saved login details, site preferences) if you block cookies on your browser. Different browsers make different controls available to you. Disabling a cookie or category of cookie does not delete the cookie from your browser; you will need to do this yourself from within your browser; you should visit your browser's help menu for more information.
KIDS PRIVACY
We do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided us with Personal Data, please contact us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.
Changes to Our Privacy Policy
We may change our services and policies, and we may need to make changes to this Privacy Policy so that they accurately reflect our services and policies. Unless otherwise required by law, we will notify you (for example, through our Service) before we make changes to this Privacy Policy and give you an opportunity to review them before they go into effect. Then, if you continue to use the Service, you will be bound by the updated Privacy Policy. If you do not want to agree to this or any updated Privacy Policy, you can delete your account.
Tracking Technologies
Google Maps API
Google Maps API is a robust tool that can be used to create a custom map, a searchable map, check-in functions, display live data syncing with location, plan routes, or create a mashup, just to name a few. Google Maps API may collect information from you and your device for security purposes. Google Maps API collects information that is held in accordance with its Privacy Policy.
Cookies
We use cookies to enhance performance and functionality but are non-essential to their use. However, without these cookies, certain functionality like videos may become unavailable, or you would be required to enter your login details every time you visit the website or app as we would not be able to remember that you had logged in previously.
Local Storage
Local Storage, sometimes known as DOM storage, provides web apps with methods and protocols for storing client-side data. Web storage supports persistent data storage, similar to cookies but with a greatly enhanced capacity and no information stored in the HTTP request header.
Sessions
We use "Sessions" to identify the areas of our website that you have visited. A Session is a small piece of data stored on your computer or mobile device by your web browser.
Information About General Data Protection Regulation (GDPR)
We may be collecting and using information from you if you are from the European Economic Area (EEA). In this section of our Privacy Policy, we will explain exactly how and why this data is collected, and how we maintain this data under protection from being replicated or used in the wrong way.
What Is GDPR?
GDPR is an EU-wide privacy and data protection law that regulates how EU residents data is protected by Banks and enhances the control the EU residents have over their personal data. The GDPR is relevant to any globally operating Bank and not just the EU-based businesses and EU residents. Our customer’s data is important irrespective of where they are located, which is why we have implemented GDPR controls as our baseline standard for all our operations worldwide.
What Is Personal Data?
Any data that relates to an identifiable or identified individual. GDPR covers a broad spectrum of information that could be used on its own or in combination with other pieces of information to identify a person. Personal data extends beyond a person’s name or email address. Some examples include financial information, political opinions, genetic data, biometric data, IP addresses, physical addresses, sexual orientation, and ethnicity. The Data Protection Principles include requirements such as:
- Personal data collected must be processed in a fair, legal, and transparent way and should only be used in a way that a person would reasonably expect.
- Personal data should only be collected to fulfill a specific purpose, and it should only be used for that purpose. Organizations must specify why they need the personal data when they collect it.
- Personal data should be held no longer than necessary to fulfill its purpose.
- People covered by the GDPR have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization.
Why Is GDPR Important?
GDPR adds some new requirements regarding how banks should protect individuals' personal data that they collect and process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breaches. Beyond these facts, it's simply the right thing to do. At https://www.commercialcoopbank.com, we strongly believe that your data privacy is very important, and we already have solid security and privacy practices in place that go beyond the requirements of this new regulation.
Individual Data Subject's Rights - Data Access, Portability, and Deletion
We are committed to helping our customers meet the data subject rights requirements of GDPR. The Commercial Co-op Bank Ltd. processes or stores all personal data in fully vetted, DPA compliant vendors. We do store all conversation and personal data for up to 6 years unless your account is deleted. The data retention can be extended in cases where the data is retained for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes. In this case, we dispose of all data in accordance with our Terms of Service and Privacy Policy, but we will not hold it for longer than 90 days.
Contact Us
If you have any questions about this Privacy Policy, please contact us:
- Via Email: itsupport@ccbl.co.in
- Via Phone Number: +91-0231-2656561/2653261
- Via Website:https://www.commercialcoopbank.com
- Via this Address: The Commercial Co-Op. Bank Ltd., 615, E, Shahupuri 1st Lane, Kolhapur 416001