Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Privacy Policy

Global Privacy Policy

Who is covered under this policy? 
All natural persons ("Covered Persons"), whose personal information is either collected/ received/ possessed/ stored/ dealt in/ handled by HDFC Bank/ who visit the site http://www.hdfcbank.com and provide information to HDFC Bank online, are covered under this Policy.

 

Information covered by this Policy 
This Policy seeks to cover personal information of the Covered Persons provided to HDFC Bank as also any information collected by the bank server from the visitor’s browser. The ("Information"), i.e. any of the following:

 

  • Personal/private information of the Covered Persons
  • Sensitive personal data or information

 

Definitions used in this policy:
"Personal information" means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

 

"Sensitive personal data or information" of a person means such personal information which consists of information relating to:

  • Password
  • Financial information such as Bank account or credit card or debit card or other payment instrument details;
  • Physical, physiological and mental health condition;
  • Sexual orientation;
  • Medical records and history;
  • Biometric information;

Provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for these purposes.

 

The Features of the Policy:

All Information collected shall be used for the relevant lawful purposes connected with various functions or activities of the Bank related to services in which the Concerned Person is interested, and/or to help determine the eligibility of the Concerned Persons for the product/services requested/ applied/ shown interest in and/or to enable Bank the Covered Persons verification and/or process applications, requests, transactions and/or maintain records as per internal/legal/regulatory requirements and shall be used to provide the Concerned Person with the best possible services/products as also to protect interests of HDFC Bank.

 

The Information shall not be shared with any external organisation unless the same is necessary to protect the interests of the Bank or to enable HDFC Bank to provide you services or to enable the completion/compilation of a transaction, credit reporting, or the same is necessary or required pursuant to applicable banking norms or pursuant to the terms and conditions applicable to such Information as agreed to with HDFC Bank or pursuant to any requirement of law/regulations or any Government/court/other relevant authority’s directions/orders. Needless to add, confidentiality norms as applicable to banks shall be adhered to. HDFC Bank may also share Information to provide you with superior services and a range of offers.

 

We may also share your Information, without obtaining your prior written consent, with government agencies mandated under the law to obtain information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences, or where disclosure is necessary for compliance of a legal obligation. Any Information may be required to be disclosed to any third party by us by an order under the law for the time being in force.

 

In this regard, it may be necessary to disclose the Covered Persons information to one or more agents and contractors of HDFC Bank and their sub-contractors, but such agents, contractors, and sub-contractors will be required to agree to use the information obtained from HDFC Bank only for these purposes.

Information provided by you are retained (for later of the) (i) as long as the purposes for which such data were collected continue. Or (ii) for such period so as to satisfy legal, regulatory or accounting requirements or to protect HDFC Bank's interests.

Please note that the accuracy of the Information provided to us on the Website is essential, among others, to provision of our products and services to you. It is therefore a term and condition governing the access and use of the Website that you undertake to ensure the accuracy and completeness of all Information disclosed, shared, exchanged or otherwise update and notify the Bank via e-mail a Contact-Us of any changes in the Information.

 

The Covered Persons authorises HDFC Bank to exchange, share, part with all information related to the details and transaction history of the Covered Persons to its Affiliates / banks / financial institutions / credit bureaus / agencies/participation in any telecommunication or electronic clearing network as may be required by law, customary practice, credit reporting, statistical analysis and credit scoring, verification or risk management or any of the aforesaid purposes and shall not hold HDFC Bank liable for use or disclosure of this information.

 

The Covered Persons shall not disclose to any other person, in any manner whatsoever, any information relating to HDFC Bank or its Affiliates of a confidential nature obtained in the course of availing the services through the website. Failure to comply with this obligation shall be deemed a serious breach of the terms herein and shall entitle HDFC Bank or its Affiliates to terminate the services, without prejudice to any damages, to which the Covered Persons may be entitled otherwise.

 

As regards the information collected from visitors of the website online (“visitor”), HDFC Bank will use the Information to improve the Covered Persons experience on the site and make subsequent offers to the visitor on products which may be of interest to him / her, if so agreed while giving information.

 

The HDFC Bank website uses cookies. Cookies are small data files that a website stores on your computer. We use persistent cookies which are permanently placed on your computer to store non-personal (Browser, ISP, OS, Clickstream information etc) and profiling information (age, gender, income etc). While cookies have unique identification nos, personal information (name, a/c no, contact nos etc) SHALL NOT be stored on the cookies.

 

We will use the information stored in the cookies to improve visitor experience through throwing up relevant content where possible. We will also use the cookies to store visitor preferences to ease visitor navigation on the site.

We may in the future implement encryption of the cookies.

HDFC Bank also may disclose information about you as permitted or required by law.

At HDFC Bank, we value your relationship and will at all times strive to ensure your privacy.

The Bank may, from time to time, change this policy.

 

Privacy For EU Customers

This Privacy Notice outlines HDFC Bank Limited’s (“HDFC Bank”) approach to data protection to fulfil its obligations under the EU General Data Protection Regulation 2016/679 ("GDPR"). This Privacy Notice applies to personal data of the Covered Person(s) which is processed by or for HDFC Bank as a controller, whether in physical or electronic mode. In this Privacy Notice, the expressions ‘personal data’, ‘data subject’, ‘controller’, ‘processor’ and ‘processing’ shall have the meanings given to them in the GDPR.

HDFC Bank is committed to treating data privacy seriously. It is important that you know exactly what we do with the personal data you and others provide to us, why we process it and what it means to you. Please read this Privacy Notice carefully to understand our views and practices regarding your personal data and how we will treat it.
 

Data Privacy Matters

This Privacy Notice applies in relation to all our products and services as applicable to the Covered Persons. Your product or service terms and conditions will specify which of our businesses is providing the relevant product or service to you. If you are a customer of one of these businesses, please also read the Data Privacy Notice applicable to such respective businesses. If you have any questions about how your personal data is processed, please contact our Privacy Contact.

Who we are

Throughout this document, “we”, “us”, “our” and “ours” refer to HDFC Bank.

HDFC Bank means: 

HDFC Bank Limited having its registered office at Senapati Bapat Marg, Lower Parel (West), Mumbai 400013, Mumbai, India and includes its branches in and outside India and subsidiary companies.

Website : https://www.hdfcbank.com/

Our contact details are given at the end of this Privacy Notice. Should you need further details about HDFC Bank, please visit the about us page in our website. 
 

Who is covered under this Notice (Covered Persons)?

Any natural person in relation to whose personal data (to the extent processed by or for HDFC Bank), the GDPR applies, shall be to the extent of such personal data and such processing be the "Covered Person(s)" or “You”.
 

The information we collect about you

The information we collect falls into various categories as under: 
 

  • Identity & contact information
     
    • Name, address, signatures, biometric data, date of birth, copies of identity cards (“ID”), contact details marital status, relatives information, nomination, medical condition, PAN/TIN/Aadhaar/National ID/Social Security Number/ or its equivalent, Photograph, Gender
       
  • Financial details/circumstances
     
    • Bank account details, investments history, credit/debit card details, income details, history in relation to these.
    • Employment / occupational information.
    • Residential status under banking, general and tax laws.
    • Spending/saving/investing/payments/receipts/borrowing history.
    • Risk profile, financial objectives, financial knowledge and experience, preferences and any other information to assess the suitability of our products to you.
    • Information collected when you make or receive payments.
       
  • Information you provide us about others or others provide us about you
     
    • If you give us information including personal data about someone else (for example, information about a spouse or financial associate provided during the course of a joint application with that person), or someone gives us information about you, we may add it to any personal data we already hold and we will use it in the ways described in this Data Privacy Notice.
    • Your personal data from third party providers: In order to enhance our ability to provide relevant marketing, offers, and services to you, we obtain personal data about you from other sources with your consent, such as email service providers, public databases, joint marketing partners, social media platforms, as well as from other third parties as appropriate.
    • Information including personal data from credit information companies/ credit reference agencies, risk management and fraud prevention agencies, national and government databases.
    • Information including personal data from other parties and entities where we are a part of a transaction in one or more roles even though we may not be directly interfacing you, for example during the course of remittances being initiated by you through your bank to a beneficiary whose bank account is with us.
       
  • Personal data which you have consented to us using
     
    • Your agreement to allow us to contact you through certain channels to offer you relevant products and services.
       
  • Information from online activities.
     
    • We collect information about your internet activity using technology known as cookies, which can often be controlled through internet browsers. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy, which is available on our website.
    • Your digital and electronic devices where we perform various checks designed to ascertain and verify your residency to ensure we meet our regulatory obligations. These checks include identifying the IP address your device connects from and the collection of information about your use of the website or mobile app (including device type, operating system, screen resolution, and the way you interact with us). 
       
  • Other personal information
     
    • Information in relation to data access, correction, restriction, deletion, porting requests and complaints.
    • CCTV images and data at our Bank branches, offices and ATMs (but only for security reasons and to help prevent fraud or crime).
    • Conversations during meetings/calls/correspondences/discussions with bank staff.
       

When and how we collect personal data about you?

Personal data about you is gathered or collected:
 

How we process your Personal Data?

Whether we’re using it to confirm your identity, to help in the processing of an application for a product or service or to improve your experiences with us, your personal data is always handled with care and the principles outlined in this Data Privacy Notice are always applied. 
 

Lawfulness and Purposes of the processing

The lawfulness and legal basis for obtaining, processing personal data about you will be one or more of the following:

The table below sets out the purposes for which we use your personal data and our legal basis for doing so. Where we are relying on a legitimate interest, these are also set out below

    • When you ask us to provide you with certain products and services.
    • When you use our services or products;
    • During the course of transactions;
    • When you apply for products, make enquiries or engage with us or with any other person where we are involved for any other person in the transaction concerning you
    • When you use our website and online services provided by us (including mobile applications) and visit our branches, offices.
    • When you email or call or respond to our emails/phone calls or during meetings with our bank staff or its service providers or representatives.
    • When you or others give us personal data verbally or in writing. This personal data may be on application forms, in records of your transactions with us or if you make a complaint.
    • From information publicly available about you. When you make information including personal data about yourself publicly available on your social media accounts or where you choose to make information available to us through your social media account, and where it is appropriate for us to use it
       
    • Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. To allow us to take actions that are necessary in order to provide you with the product / service (performance of a contract), for example, to make and receive payments
    • Processing is necessary because of a legal obligation that applies to us. It may be necessary to allow us to comply with our legal obligations, for example, obtaining proof of identity to enable us to meet our anti-money laundering obligations under applicable law.
    • Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. Processing may be required to meet our legitimate interests, for example, to understand how customers use our services and to develop new services, as well as improve the service we currently provide.
    • Where we have your consent to do so.
    • Its processing is necessary to protect your “vital interests” where we need to process your personal data and you are not capable of providing consent (emergency situations).

 

What we use your personal data for The legal basis for doing so (one of more under each sub-heading)

  • To provide our products and services to you and perform our contract with you

  • Establish your eligibility for our products and services.

  • Manage and administer your accounts, policies, benefits or other products and services

  • Process your applications for credit or financial services.

  • Process payments that are paid to you or by you. For example, if you hold a credit or debit card with us, we will share transaction details with our card scheme providers (e.g. Visa or MasterCard).

  • Run loyalty and reward programmes you have signed up to.

  • Contact you by post, phone, text message, email, social media, fax, using our online banking website or other means, but not in a way contrary to your instructions to us or contrary to law.

  • Monitor and record our conversations when we speak on the telephone (for example, to check your instructions to us, to analyse, to assess and improve customer service and for training and quality purposes).

  • Recover debts you may owe us.

  • Manage and respond to a complaint or appeal.

  • To undertake checks for the purposes of security, detecting and preventing fraud and money laundering, and to verify your identity before we provide services to you. These checks may reveal political opinions or information about criminal convictions or offences
  • Where necessary for the performance of our agreement or to take steps to enter into an agreement with you
  • Where the law requires this
  • Where it is in our legitimate interests to ensure that our customer accounts are well-managed, so that our customers are provided with a high standard of service, to protect our business interests and the interests of our customers
  • Where it is in our legitimate interests to ensure that complaints are investigated, for example, so that our customers receive a high standard of service and so that we can prevent complaints from occurring in future
  • In case of sensitive information, such as medical information, where you have agreed
  • To manage our business for our legitimate interests
  • Carry out credit scoring, credit management
  • Provide service information, to improve our service quality and for training purposes
  • Conduct marketing activities, for example, running competitions, promotions and direct marketing (provided that you have not objected to us using your details in this way), and research, including customer surveys, analytics and related activities
  • Where necessary for the performance of our agreement or to take steps to enter into an agreement with you
  • Where the law requires this
  • Where it is in our legitimate interests to develop and improve our products and services to ensure we can continue to provide products and services that our customers want to use and to ensure our business model remains competitive.
  • Where it's in our legitimate interests to provide you with information about our products and services that may be of interest.
  • Where we have your consent to do so.
  • To run our business on a day to day basis
  • Carry out strategic planning and business portfolio management.
  • Protect our business, reputation, resources and equipment, manage network and information security (for example, developing, testing and auditing our websites and other systems, dealing with accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services) and prevent and detect fraud, dishonesty and other crimes (for example, to prevent someone trying to steal your identity),
  • Manage and administer our Bank’s legal and compliance affairs, including complying with our obligations to credit card providers, compliance with regulatory guidance and voluntary codes of practice to which we have committed and to comply with directive/order of any law enforcement agencies

 
  • Where necessary for the performance of our agreement or to take steps to enter into an agreement with you
  • Where the law requires this
  • To share your information with Indian or other relevant tax authorities, Reserve Bank of India and other government authorities, credit reference agencies, fraud prevention agencies, and India and overseas regulators and authorities
  • To perform certain credit checks so that we can make responsible business decisions.
  • To assist with the prevention and detection of fraud and other crime
  • To assist overseas regulators, who monitor banks to ensure that they comply the law and regulations

 

  • Where the law requires this
  • Where we have a legitimate interest in performing certain credit checks so that we can make responsible business decisions. As a responsible organisation, we need to ensure that we only provide certain products to companies and individuals where the products are appropriate, and that we continue to manage the services we provide, for example if we consider that you may have difficulties making a payment to us.
  • Where we have a legitimate interest in assisting with the prevention and detection of fraud and other crime
  • Where we have a legitimate interest in assisting overseas regulators, who monitor banks to ensure that they comply the law and regulations
  • More detail on our data sharing with these organisations is set out below

 

 

  • To send electronic messages to you about product and service offers from our Bank.
  • To use transaction history/account information from your HDFC Bank account or credit card to identify your spending and saving habits in order to personalise offers that are exclusive and individual to you, based on your account transactions.
  • To use cookies in accordance with our Cookie Policy.
  • To use information you have made public and combine with this with the activities outlined above. When we ask for your consent, we will provide you with more information on how we will use your data in reliance on that consent, including in relation to third parties we would like your consent to share your data with

 
  • Where necessary for the performance of our agreement or to take steps to enter into an agreement with you
  • Where the law requires this
  • Where we have your consent to do so.
   


When we process personal data to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and before collecting, we ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.


We will send you messages by post, telephone, text, email and other digital methods, including for example via our ATMs, mobile applications, push notifications, or online banking services (and new methods that may become available in the future). These messages may be:

Automated processing
 

The way we analyse personal information in relation to our products and services including applications, credit decisions, determining your eligibility for the products or services, may involve automated profiling and decision making, this means that we may process your personal data using software that is able to evaluate your personal aspects and predict risks or outcomes as also where the decision making may be automated. 

We may also carry out automated anti-money laundering and sanctions checks. This means that we may automatically decide that you pose a fraud or money laundering risk if the processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. 

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk: 
 

You expressly acknowledge that the automated decision is necessary for entering into or performance of contract and/or you explicitly consent to such automated decision making, hence you subject to even the decisions which are solely based on automated processing. You have rights in relation to automated decision making: if you want to know more please contact us using the details set out in the Contact Us section.
 

Cookies
 

We may use cookies and similar technologies on our websites, mobile apps, and in our emails. Cookies are text files that get small amounts of information, which your computer or mobile device stores when you visit a website or use a mobile app. When you return to the websites or mobile apps – or visit websites and mobile apps that use the same cookies – they recognise these cookies and therefore your device. 
We use cookies to do many different jobs, like letting you navigate between pages efficiently, remembering your preferences and generally improving your online experience. They can also help ensure that the advertisements and marketing material(“ads”) you see online are more relevant to you and your interests. We also use similar technologies such as pixel tags and JavaScript to undertake these tasks. We also use cookies in some of our emails to help us to understand a little about how you interact with our emails, and to help us improve our future email communications. These cookies also help ensure that the ads you see online are more relevant to you and your interests. 
 

Our respective websites and mobile app terms and conditions give you more information on these technologies, how and where we use them and how you can control them.
 

How to manage and disable cookies?
 

For instructions on blocking and deleting cookies, see the privacy settings and help documentation of your specific browser’s website. If you use more devices and/or browsers, you will need to disable cookies on each device and on each browser separately. Here are the locations of the cookie settings for all major web browsers:

If you limit the ability of our websites to set cookies, this may prevent you from using certain features of our website properly and your user experience – which will no longer be personalised for you – may deteriorate. You may also be able to opt out from certain cookies through third party cookie management sites. Disabling cookies may prevent you from using certain parts of our website. If you delete your cookies from the browser, you may need to remember to re-install opt-out cookies. 
In the past we would have dropped the cookies in your device when you accessed our online platforms. For removing these cookies, you will need to go to your respective browser settings in your devices and remove them.
 

Recipients: Who we share your personal data with:

We only share your personal data with the following persons and/or in the following circumstances,and only as may be necessary:

For further information, please refer to our product specific terms and conditions and application form.
 

Period of storage of your personal data

We will keep the personal data we collect about you on our systems or with third parties for as long as required for the purposes set out above or even beyond the expiry of transactional or account based relationship with you: (a) as required to comply with any legal and regulatory obligations to which we are subject or (b) for establishment, exercise or defence of legal claims. 
 

Implications of not providing personal data or Withdrawing Consent

Sharing personal data with us is in both your interest and ours. 

We need your personal data in order to:

When we request personal data, we will inform you if providing it is a contractual requirement, a statutory requirement or not, and whether or not we need it to comply with our legal obligations. 

You may choose not to share personal data or withdraw consent, but doing so may limit the services we are able to provide to you (unless consent is not the only legal basis for processing and there are other legal basis as well), particularly as under.

However, if you withdraw your consent, it will not affect the lawfulness of processing based on your consent before its withdrawal or the other legal basis which we may have for such processing.
 

Processing your personal data outside the EEA
 

HDFC Bank is incorporated and regulated in India, its overseas branches are regulated by host country regulations and subsidiaries are governed under applicable laws. As such, your personal data is stored on secure systems within HDFC Bank premises within India and with providers of secure information storage in India. Further, we may transfer or allow the transfer of personal data about you and your products and services with us to our service providers and other organisations outside the European Economic Area (EEA), with adequate safeguards to ensure your personal data remains adequately protected.If you need copy of safeguards provided to transferred personal data, please notify us in accordance with the “How to contact us?” section below. These jurisdictions and countries outside EEA may have different and less stringent laws relating to the degree of confidentiality afforded to the personal data and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process. In addition, a number of countries have agreements with other countries providing for exchange of information for law enforcement, tax and other purposes. 

For example, we may process payments using third parties (including other financial institutions such as banks and the worldwide payments system operated by the SWIFT organisation) 
 

How do we secure your Personal data?

HDFC Bank is ISO 27001:13 compliant. We seek to use reasonable organizational, technical and administrative measures to protect Personal data within our organization. However, if you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “How to contact us?” section below.
 

How to exercise your information rights (including the right to object)?
 

You have the following rights, in accordance with and subject to the qualifications and provisions under GDPR:


Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which processing is based on necessity for the purposes of legitimate interests pursued by us or third party, including profiling. Upon such exercise of your right, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds: (a) for the processing which override your interests, rights and freedoms or (b) for the establishment, exercise or defence of legal claims. 
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to this use, we will stop using your information for direct marketing purposes.
If you exercise any of the aforesaid rights, in most instances, we will respond within one calendar month. If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests), we may extend this period by a further two calendar months. Should this be necessary, we will explain the reasons.However, where we have reasonable doubts concerning your identity, we may request the provisions of additional information necessary to confirm your identity. Ordinarily, we will not charge a fee for the exercise by you of any rights as above. However, we may charge a reasonable fee if your request for access is found to be excessive or unfounded. Alternatively, we may refuse to comply with the request in such circumstances. 
If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise. 
 

Links to Other Websites

From time to time, our website may contain links to and from websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites may have their own privacy notices and that we do not accept any responsibility or liability for any such notices. Please check these notices, where available, before you submit any personal data to these websites


Children

If you are a parent of a child under 16 (or such age as applicable for GDPR purposes in the respective EU Member States), you give your consent or authorise the consent if you wish your child to access HDFC Bank Services.
 

In How to contact us

If you have any questions about how your personal data is gathered, stored, shared or used, or if you wish to exercise any of your information rights, please contact our Privacy Contact at privacy@hdfcbank.com 
Phone Banking: +91 22 67606161
 

Changes to this notice

We will update this Data Privacy Notice from time to time. Any changes will be communicated to you and made available on this page and, where appropriate, notified to you by SMS, e-mail or when you log onto website or start one of our mobile apps. 
Dated: 12th June 2018

    • To help you manage your account(s) 
       
    • Messages we are required to send to comply with our regulatory obligations, such as changes to your agreements, and to give you information you need to manage your money
    • To keep you informed about the features and benefits of the products and services you hold with us
       
    • To tell you about products and services (including those of others) that may be of interest to you – these are marketing messages sent in accordance with your preferences. You can ask us to stop or start sending you marketing messages at any time by writing to us.
       
    • We may refuse to provide the services you have requested or we may stop providing existing services to you
    • A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services or employment to you.
    • Internet Explorer – Tools > Internet Options > Privacy tab.
    • Mozilla Firefox – Tools > Options > Privacy menu.
    • Safari users – Edit > Preferences > Privacy menu.
    • Chrome users – Settings > Content Settings > Privacy > Cookies.
    • Your authorised representatives
    • Third parties we need to share your personal data with in order to facilitate payments you have requested (for example, SWIFT, credit card issuers and merchant banks) and those you ask us to share your personal data with.
    • We may also share your personal data with the following third parties to help us manage our business for our legitimate interests:
      • Statutory and regulatory bodies and authorities (including central and local government) and law enforcement authorities, investigating agencies and entities or persons, to whom or before whom it is mandatory to disclose the personal data as per the applicable law, courts, judicial and quasi-judicial authorities and tribunals, arbitrators and arbitration tribunals.
      • Overseas regulators and authorities in connection with their duties (such as crime prevention).
      • Third parties bank may engage to provide services to you.
      • Processors and service providers of HDFC Bank engaged for its various activities and services.
      • Credit information companies or Credit reference entities, identity and address verification organizations who may record and use your information and disclose it to other lenders, financial services organizations and insurers. Your information may be used by those third parties to make assessments in relation to your creditworthiness for debt tracing
      • Other banks and financial institutions, quasi governmental institutions like clearing houses, network associations etc where required in terms of contract or legal requirements
      • Transferees and assignees and potential transferees and assignees of HDFC Bank
      • Courier or postal service providers for the purpose of sending or collecting of mails to you as a customer
      • Any other person or organization after a restructure, sale or acquisition, as long as that person uses your information for the same purposes as it was originally given to us or used by us (or both)
      • HDFC Bank’s branches in India or outside India, its subsidiaries, Affiliates and group entities.
    • Provide our products and services to you and fulfil our contract with you.
    • Manage our business for our legitimate interests.
    • Comply with our legal obligations.
    • We may not be able to provide you with certain products and services that you request. We may not be able to continue to provide you with or renew existing products and services if such collection or updating of personal data is a legal or regulatory requirement to which we are subject.
    • We may not be able to assess your suitability for a product or service, or, where relevant, give you a recommendation to provide you with a HDFC Bank financial product or service.
    • The right to request from us as the controller, the access to and rectification or erasure of your personal data or restriction of processing concerning you or to object to processing as well as the right to data portability;
    • Where the processing is based on your consent, the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before such withdrawal. Please however note that in case such processing is also based on other legal basis like our legitimate interest or legal obligation or contractual performance or a necessity for entering into contract, and such legal basis continues to hold good, the processing will be continued despite such withdrawal of the consent.
    • A right to lodge a complaint with a supervisory authority in accordance with the GDPR;
Privacy Policy for Digital Platform

Privacy Notice – Digital Platforms

Effective Date – 1st August 2019

HDFC Bank is committed to protecting your privacy when you use HDFC Bank’s Digital Platforms. This Privacy Statement ("Statement") explains how we collect, use, share, and safeguard your information when you use our Digital Platforms.

HDFC Bank” or “we” or “our” = HDFC Bank Limited, its subsidiaries and service providers.

You” or “Your” = Customers of the Bank and visitors of the Digital Platforms (including their representatives).

Digital Platform(s)” = Our mobile applications, online services and other digital platforms such as Payment Gateways, Digital Application Platform (DAP) and POS devices.

Use of our Digital Platforms = Visiting any Digital Platforms owned and/or controlled by us including to access your accounts, use our EVA service, conduct online transactions, etc.; viewing or clicking on our ads on third-party sites that re-direct you to our Digital Platforms; interacting with us on third-party sites, etc.

When you use our Digital Platforms, you are expressly agreeing to and consenting to the terms of this Statement and by any use of our Digital Platforms you will deemed to have given your consent for the processing of your Personal Data as set out in this Statement.

Data we collect
  • "Personal data" refers to data that identifies (whether directly or indirectly) a particular individual, such as information you provide on our forms, surveys, online applications or similar online fields. Examples may include your name, previous names, postal address, email address, telephone number, domicile, nationality, PAN number, date of birth or account information.
  • "Anonymous information" means information that cannot reasonably be used to identify a particular individual. Examples may include information about your Internet browser, IP address, information collected through tracking technologies, demographic information that you provide to us and aggregated or de-identified data.
  • "Location information" means information that may be collected by certain mobile applications that identifies your physical location. This information may be collected from your mobile device's location-aware features when you request certain services that are dependent on your physical location.
  • “Device Information” means unique device identifier such as IMEI number, contact lists (in some cases), technical Data about your computer and mobile device including details regarding applications and usage details.
  • “Biometric information” means information such as your fingerprint, etc. that you choose to provide to us for authentication and fraud prevention purposes.  We will not collect your biometric information without your explicit consent.
  •  Other information such as information relating to your occupation and financial situation such as employer’s name and address (if self-employed, type of account, and nature and volume of anticipated business dealings, with the conventional bank licensee, income proof, bank statements, income tax returns, salary slip, contract of employment, passbook, debit card/credit card details, expenditure, assets and liabilities, source of wealth, signature, as well as your other bank account details;
  • Generation and storing password or PIN in encrypted form based on your request on the Digital Platform;
  • Your photographs;
  • Social relationships detail such as your father’s name, spouse’s name and mother’s name;
  • Behavioural details as to how to utilise our products, services, offers etc., your browsing actions, patterns and online activity;
  • Records of correspondence and other communications between us, including email, telephone conversations, live chat, instant messages and social media communications containing information concerning your grievances, complaints and dispute
  • Sensitive personal data such as gender, medical records and history;
  • Personal data you provide to us about others or others provide to us about you.

Purpose of collecting your personal data
  • To personalize your Digital Platform experience;
  • To respond to your inquiries and address your requests;
  • To deliver marketing communications that we believe may be of interest to you;
  • To inform you about important information regarding our Digital Platforms, changes to terms, conditions, and policies and/or other administrative information;
  • To offer you our products or services which you may have applied for or shown interest in;
  • To allow you to apply for our products or services (e.g., to prequalify for a loan, apply for a credit card, or to open an account, investment account, insurance or other financial product),
  • To evaluate your eligibility for our products or services;
  • To provide you with products or services you’ve requested, e.g. fulfilling a payment request or any other transaction
  • To perform our obligations under KYC norms (e.g. sharing your information with third parties to verify details you have provided to us like your identity, to authenticate you and verify your information;
  • To allow you to participate in surveys and other forms of market research, contests and similar promotions and to administer these activities. Some of these activities have additional rules, which may contain additional information about how Personal Data is used and shared;
  • To perform activities such as data analysis, audits, usage trends to determine the effectiveness of our campaigns and as input into improving products and services and enhancing our Digital Platforms;
  • To improve risk control for fraud detection and prevention, to comply with laws and regulations, and to comply with other legal processes and law enforcement requirements;
  • To allow you to utilize Digital Platform features by granting us access to information from your device such as contact lists, or geo-location when you request certain services;
  • To use it in other ways as required or permitted by law or with your consent;
  • To manage our relationship with you;
  • To prevent or detect crime including fraud and financial crime, e.g. financing for terrorism and human trafficking;
  • For security and business continuity and risk management;
  • To protect our legal rights and comply with our legal obligations;
  • For system or product development and planning, audit and administrative purposes;
  • To enter into a contract with you or to take steps pursuant to your request prior to entering into a contract.
  • To meet the legitimate interests to be pursued by us or by a third party.

Who do we share your information with?
  • With subsidiaries and/or affiliates in an effort to bring you improved services across our family of products and services, when permissible under relevant laws and regulations;
  • With third-party service providers, vendors, data processors and/or agents who perform services for us and help us operate our business;
  • Other companies to bring you co-branded services, products or programs;
  • Other third parties to comply with legal requirements such as the demands of applicable warrants, court orders; to verify or enforce our terms of use, our other rights, or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise to protect the rights, property or security of our customers or third parties.
  • Statutory and regulatory bodies and authorities including but not limited to the Reserve Bank of India or the Securities and Exchange Board of India (including central and local government) and law enforcement authorities and entities or persons, to whom or before whom it is mandatory to disclose the Personal Data as per the applicable law, courts, judicial and quasi-judicial authorities and tribunals, arbitrators and arbitration tribunal.
  • By using our Digital Platform or by agreeing to transact with us, you agree to the above sharing of information during your relationship with us.

How do we collect your personal data?
  • We use information about the devices you use to interact with HDFC Bank such as Device information and location information.
  • When you provide your details in forms, surveys, online applications or similar online fields.
  • We may record details of your interaction with us including telephone conversations with our call centres and other kinds of communication. We may use these recordings to check your instructions to use, assess, analyse and improve our service, train our people, manage risk and or to prevent fraud and other crimes.

Retention of Personal Data 
  • We may retain your Personal Data for as long as required to provide you with services such as managing your account and dealing with any concerns that may arise or otherwise if required for any legal or regulatory requirements or for establishment, exercise or defence of legal claims.
  •  We may need to retain your information for a longer period where we need the information for our legitimate purposes for e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc. If we don’t need to retain information for this period of time, we may destroy, delete or anonymise it more promptly

Cookies
  • "Cookies" are bits of electronic information that can transfer to your hard drive, mobile device, or other device to keep records of your use or visit to our Digital Platform. We may use cookies to improve your experiences when visiting or using our Digital Platform. We may use cookies to anonymously track interests , and collect aggregate information when you use or visit Digital Platform. We do not use cookies to store or transmit any Personal Data.
  • Temporary "session" cookies are also used to facilitate customer navigation within our Digital Platform during your visit. "Session" cookies are deleted once you close your internet browser. We may also use "persistent" cookies that are retained on your computer after your visit ends so we can identity your preferences and enhance your future visits to our Digital Platform.
  • "Log files" are files that anonymously log actions that take place on a website. We may use log files to gather statistics about your browsing habits and to assess overall digital activity, including how many "hits" a particular web page is getting. Log files enable us to track interest in specific promotions, troubleshoot technical concerns, and provide content that may be of interest. We also use the log file entries for our internal marketing and demographic studies, so we can improve the Digital Platform we provide to customers and visitors. Log files are used internally only, are anonymous, and are not associated with any particular user, device, computer, or browser.

 

Third-Party Links
  • Clicking on certain links within our Digital Platforms may take you to other websites, or may display information on your computer screen or device from other sites, which may not be maintained by HDFC Bank. Such sites may contain terms and conditions, privacy provisions, confidentiality provisions, or other provisions that differ from the terms and conditions applicable to our Digital Platforms. Links to other Internet services and websites are provided solely for the convenience of users. A link to any service or site is not an endorsement of any kind of the service or site, its content, or its sponsoring organization.
  • The Bank assume no responsibility or liability whatsoever for the content, accuracy, reliability or opinions expressed in a website, to which our digital platforms are linked (a "linked site") and such linked sites are not monitored, investigated, or checked for accuracy or completeness by the Bank. It is the responsibility of the user to evaluate the accuracy, reliability, timeliness and completeness of any information available on a linked site. All products, services and content obtained from a linked site are provided "as is" without warranty of any kind, express or implied, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, title, non-infringement, security, or accuracy.

Security
  • We take our responsibility to protect your information very seriously. We use physical, technical, and procedural safeguards that comply with applicable legal standards to secure your information from unauthorized access and use, alteration, and destruction.
  • We seek to use reasonable organizational, technical and administrative measures to protect Personal data within our organization. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.

Social Media
  • HDFC Bank may provide an experience on social media platforms including, but not limited to, Facebook, Twitter, YouTube and LinkedIn that may enable online sharing and collaboration among users who have registered to use them. Please note that when visiting any official HDFC Bank’s social media site, you are subject to this Online Privacy Statement as well as the social media platform's own terms and conditions. 

Updating Your Information
  • Keeping your account information up-to-date is very important. If you believe that your account information is incomplete or inaccurate, please contact us through channels available to you

If you prefer, you may call or write to us at the telephone numbers and addresses provided on your account statements, or you may speak directly with a branch representative, or your designated relationship manager.

Contacting us

Updates
  • If we make updates to our privacy practices, we will update this Statement with the changes. Any updates to the Statement become effective when we post the updates on this site. Your use of our Digital Platforms following any update to the Statement means that you accept the updated Statement and consent to the use and sharing provisions identified in the Statement.

 

Cookie Policy

Date of most recent update: 13th February 2019

PLEASE READ THIS POLICY CAREFULLY BEFORE USING OUR WEBSITES

This policy explains how cookies are used on our websites.

This policy may be amended from time to time and the latest policy will be posted on this page.

By using our websites, you agree that we can place cookies on your device. Please be aware that some of our services will not function if your browser or device does not accept our cookies.

Please note that where we have another type of presence on a site owned by a third party, such as a page or handle on a social media site, that third party’s privacy policy and terms of use, rather than this Policy, will govern, unless specifically stated otherwise.

 

What are cookies?

Cookies are text files containing small amounts of information, which your computer or mobile device downloads when you visit a website. When you return to websites — or visit other websites that use the same cookies — they recognise these cookies and therefore your browsing device.

Cookies do lots of different jobs, like helping us understand how this website is being used, letting you navigate between pages efficiently, remembering your preferences, and generally improving your browsing experience. Cookies can also help ensure marketing you see online is more relevant to you and your interests.

You can learn about the cookies we use and how to manage them below.

 

What type of cookies Bank use?

The type of cookies used on most websites can generally be put into 1 of 4 categories: Strictly Necessary, Performance, Functionality and Targeting.

Strictly Necessary Cookies

These cookies are essential, as they enable you to move around the website and use its features, such as accessing secure areas. Without these cookies, services you've asked for can't be provided. These cookies don’t gather information about you that is used for marketing or remembering where you've been on the internet.

Performance Cookies

These cookies collect information about how you use a website, for example which pages you go to most often and if you get error messages from certain pages. These cookies don't gather information that identifies you. All information these cookies collect is anonymous and is only used to improve how a website works.

These cookies are not used to target you with online marketing. Without these cookies we can't learn how our website is performing and make relevant improvements that could better your browsing experience.

Functionality Cookies

These cookies allow a website to remember choices you make (such as your user name, language or the region you're in) and tailor the website to provide enhanced features and content for you.

Without these cookies, a website cannot remember choices you've previously made or personalise your browsing experience.

Targeting Cookies

These cookies are used to tailor marketing to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information may be shared with other organisations such as advertisers. Although these cookies can track your visits to other websites, they don’t usually know who you are.

Without these cookies, online advertisements you encounter will be less relevant to you and your interests.

 

What happens if I disable cookies?

If cookies are disabled on your computer, tablet or mobile your experience on the website may be limited. For example, you may not be able to browse freely or use specific functions or features.

 

How do I disable/enable cookies?

To disable or enable cookies you will need to change some settings on your Internet browser.

We have provided step-by-step guides for the major desktop browsers below. 

For information on how to manage cookies on your tablet or mobile please consult your documentation or online help files.

Google Chrome

In the settings menu, select 'show advanced settings' at the bottom of the page

Select the 'content settings' button in the privacy section

In the page that appears tells you can manage and/or clear stored cookies.

Firefox

In the menu, select 'options'

Select the privacy tab in the options box

From the dropdown choose, 'use custom settings for history'. This will present the options for cookies and you can choose to enable or disable cookies.

Internet Explorer 6+

In the tools menu, select 'Internet options'

Click the privacy tab

You will see a privacy settings slider which has six settings that allow you to control the number of cookies that will be placed: Block All Cookies, High, Medium High, Medium (default level), Low, and Accept All Cookies.

Safari

In the settings menu, select the 'preferences' option

Open the privacy tab

Select the option you want from the 'block cookies' section

Any other browser

For information on how to manage cookies via other desktop browsers please consult your documentation or online help files.

 

What happens to cookies that have been downloaded in the past?

If you've disabled through your browser we may still use information collected from existing cookies, but we'll stop using the disabled cookies to gather any further information. For information on deleting stored cookies in your browser please visit the All About Cookies website.