| 3.1 |
Security and Confidentiality Data of Customer |
| 3.1.1 |
As per Information Systems security policies and procedures implemented
in the SSSP, SSSP has implemented administrative, physical and technical
safeguard to protect electronic personal data from loss, misuse and
unauthorized access. Customer’s personal data shall be stored on a
secured database. |
| 3.1.2 |
SSSP shall not sell personal data to any third party or anybody and
shall remain fully compliant with confidentiality of the data as per law
|
| 3.1.3 |
SSSP shall share customer’s personal data to third party if required for
business purpose only after implementing adequate controls to ensure
maintenance of confidentiality and security of the data by the concerned
third party. |
| 3.2 |
Usage of Data SSSP shall use customer’s personal data
only for the purpose for which it is collected. SSSP is committed to
ensuring that personal data is kept strictly confidential. However,
personal data may be disclosed to regulatory authorities for the
purposes of obtaining regulatory approval in accordance with applicable
legal requirements |
| 3.3 |
Auto Read OTP Functionality It is recommended that
each process of OTP validation shall have auto read facility of OTP in
the Mobile Application. Whenever the OTP send to the customer, mobile
app shall auto populate the OTP in the required field instead of
entering by the keyboard. |
| 3.4 |
SMS Forwarding App/Remote access App Mobile
Application can have an ability to identify the "SMS forwarding
Apps" as well as "Remote Access Apps" installed on the
User's handset. Based on the "AppID" of these kind of
Apps, Mobile App shall restrict the users to access the login to the
application if user have installed the listed apps. |
| 3.5 |
SMS Delivery status facility
SMS vendor should have Call Back facility available to verify the
status of SMS send from our end, also SMS vendor have " SMS
Delivery receipt check" to know the delivery status of the SMS
forwarded from our end.
Mobile banking Application shall have ability to read/detect
Installed Application on user’s device and upload it on bank’s
secure server for keeping safe track of existing applications. App
shall prohibit/restrict Mobile Banking Application usage incase of
any listed application with likes of remote access applications and
sms forwarder applications is detected.
By agreeing to terms within Mobile banking application and written
consent form undertaken from user during opting mobile banking
feature it will be considered user have provided affirmative consent
for all above mention disclosures.
|
| 3.6 |
Privacy Policy for SMS Autofill This Privacy Policy
describes how Mobile banking app collects, uses, and protects the
information you provide when using the SMS autofill feature in our
services. |
| 3.7 |
Information We Collect: Mobile banking app may collect
and process the following information: SMS Content: Mobile banking app
may access and analyze the content of SMS messages to provide autofill
suggestions for relevant information such as OTPs (One-Time Passwords)
or transaction details. |
| 3.8 |
Metadata: We may collect metadata associated with SMS
messages, such as sender information, timestamps, and message status.
|
| 4.1 |
Usage Data: Mobile banking app may collect data
related to your use of the SMS autofill feature |
| 4.2 |
How We Use Your Information: Improving Autofill
Accuracy: We use the information collected to improve the accuracy and
relevance of autofill suggestions provided to you. |
| 4.3 |
Security and Fraud Prevention: We use the information
to enhance the security of SMS autofill and prevent fraudulent
activities. |
| 4.4 |
Sharing of Information: Bank does not share your SMS
autofill data with third parties except as described in this Privacy
Policy or with your explicit consent. |
| 5.1 |
Data Retention: We retain SMS autofill data only for
as long as necessary to fulfill the purposes outlined in this Privacy
Policy or as required by law. |
| 5.2 |
Modification of Data: SSSP shall update the customer
data only after ensuring the authenticity of the change request.
Adequate access controls and authorization controls shall be in place to
monitor data modifications |
| 5.3 |
Quality of Data: SSSP shall continuously review and
asses the quality and completeness of the data |
| 6.1 |
Security Awareness Among Users: All staff handling
personal data shall receive training in the requirements of data
protection related laws and regulations. They shall also be educated
about the legal consequences of intentional / unintentional disclosure /
leakage of customer’s data. |