India
France
HongKong
Japan
Kenya
New Zealand
Singapore
USA
Tanzania
UK
Uganda
Vietnam
Antwerp
Dubai
IBU GIFT CITY
Indonesia
Accounts
Cards
Loans
Deposit
Accounts
MSME
Corporate
Merchant Acquiring Business
Authorised Branches/ Centralised Office
Export Finance
Investments
FX Retail
Special Rupee Vostro Account
Govt. Deposit Schemes
Mutual Funds
Insurance
Accounts
Loans
Invest with us
Insure with us
Remit Money
Ancillary Services
Forms and FAQs
KYC - Updation
Agri Products
Financial Inclusion
Ancillary Services
TERMS and CONDITIONS
The Bank shall recognize and respect intellectual property rights (that include software or document copyright, design rights, trademarks, patents, and source code licenses) associated with its information systems.
The Bank shall comply with:
- Copyright requirements associated with proprietary material, software, and designs acquired by the Bank;
- Licensing requirements limiting the usage of products, software, designs and other material acquired by the Bank.
- Updating the License inventory periodically and the efficient management of the license process.
- Appropriate procedures shall be implemented to ensure compliance with legislative, regulatory, and contractual requirements on the use of material in respect of which there may be intellectual property rights and on the use of proprietary software products.
- The Bank shall ensure continued compliance with product copyright restrictions and licensing requirements.
The content to be posted on bank's official social media platforms must be reviewed and approved by GM in charge.
Archival of data from the live system would be decided by the business owner. Archived data would be preserved and made available easily as and when demanded for a reasonable period of time as decided by the Business owner.
Retention period of data would be decided by the business owner. In no case the retention of data would be less than the period mandated by the regulations relevant to the data.
Data Retention & Archival:
Data (electronic / physical) will be retained and disposed of in an appropriate manner in accordance with Bank's and regulatory Record-keeping guidelines.
The following aspects should be taken into account while prescribing various record preservation periods –
- Compliance with statutory and regulatory requirements
- Satisfaction of the needs of RBI inspectors to have access to certain records
- Satisfaction of the needs of internal and external auditors to have access to certain records
The Bank shall ensure that information processing resources and associated documentation are reviewed immediately after installation and thereafter on a periodic basis to verify that they are compliant with the security policies and standards.
We may provide links to other websites. Within our websites, there may be embedded applications, plug-ins, widgets, as well as links to third-party sites that may offer you goods, services, or information. Some of these sites may appear within our site. When you click on one of these applications, plug-ins, widgets, or links, you will leave our site and will no longer be subject to Bank of India Privacy Policy and privacy practices. We are not responsible for the information collection practices of the other sites that you visit, and we urge you to review their privacy policies before you provide them with any non-public information about you. Third-party sites may collect and use information about you in ways that are different from Bank of India privacy policy. Thus if you follow links to websites not controlled by the Bank, you take the responsibility of reviewing their privacy policies and other terms and provide your information, as they may be different from our website and Bank of India will not be liable for any disclosure of information resulting from such activity.
Customers' personal information should be kept confidential unless they have offered specific consent to the financial services provider or such information is required to be provided under the law or it is provided for a mandated business purpose (for example, to credit information companies). The customer should be informed upfront about likely mandated business purposes. Customers have the right to protection from all kinds of communications, electronic or otherwise, which infringe upon their privacy. In pursuance of the above Right, bank will –
- Treat customer's personal information as private and confidential (even when the customer is no longer banking with us), and, as a general rule, not disclose such information to any other individual/institutions including it's subsidiaries / associates, tie-up institutions etc. for any purpose unless
a. The customer has authorized such disclosure explicitly in writing
b. Disclosure is compelled by law / regulation
c. Bank has a duty to the public to disclose i.e. in public interest
d. Bank has to protect its interests through disclosure
e. It is for a regulatory mandated business purpose such as disclosure of default to credit information companies or debt collection agencies - Ensure such likely mandated disclosures be communicated immediately to the customer in writing
- Shall not use or share customer's personal information for marketing purpose, unless the customer has specifically authorized it;
- Shall adhere to Telecom Commercial Communications Customer Preference Regulations, 2010 (National Customer Preference Registry) issued by Telecom Regulatory Authority of India, while communicating with customers.
Bank of India has a Website Monitoring Policy in place and the website is monitored periodically to address and fix the quality and compatibility issues around the following parameters:
- Performance:
Site load time is optimized for a variety of network connections as well as devices. All important pages of the website are tested for this. - Functionality:
All modules of the website are tested for their functionality. The interactive components of the site such as, chatbot, navigations, online forms, feedback forms etc are working smoothly. - Broken Links:
The website is thoroughly reviewed to rule out the presence of any broken links or errors. - Traffic Analysis:
The site traffic is regularly monitored to analyze the usage patterns as well as visitors profile and preferences.
Business Continuity Management
Bank ensures that Business Continuity Plan "BCP" for its applications cover below mentioned pointers:
- The BCP and DR policy adopts best practices to guide its actions in reducing the likelihood or impact of the disruptive incidents and maintaining business continuity. The policy is being updated based on major developments/ risk assessment.
- Bank's BCP/ DR capabilities is designed to effectively support its resilience objectives and enable it to rapidly recover and securely resume its critical operations (including security controls) post cyber-attacks/ other incidents.
- BCP identifies risks that can impact Bank's ability to do business. Each risk is evaluated for likelihood and impact.
BCP for the applications identifies plans and procedures to continue operations during several scenarios.
BCP contains communication plans for coordinating with internal employees, customers, and the public.
BCP maintains contacts used during an emergency, such as police, hospitals, corporate insurance and corporate attorneys.
In extreme situations, remote access to systems may be permitted to Staff as per guidelines defined in WFH policy of Bank.
Disaster Recovery Plan
Bank ensures that Disaster Recovery Plan "DRP" for its applications covers below mentioned pointers:
- DR drill is performed periodically and any major issue(s) observed during the DR drill shall be resolved and tested again to ensure successful conduct of drill before the next cycle.
- The DR testing shall involve switching over to the DR / alternate site and thus using it as the primary site for sufficiently long period where usual business operations of at least a full working day are covered.
- Bank shall regularly test the BCP / DR under different scenarios for possible types of contingencies, to ensure that it is up-to-date and effective.
- Bank shall backup data and periodically restore such backed-up data to check its usability. The integrity of such backup data shall be preserved along with securing it from unauthorized access.
- Bank shall ensure that DR architecture and procedures are robust, meeting the defined RTO and RPO for any recovery operations in case of contingency.
- Bank shall ensure that the configurations of information systems and deployed security patches at the DC and DR are identical.
Protecting Your Information, Integrity, Confidentiality, and Security
We protect information we collect about you by maintaining physical, logical, administrative, electronic, and procedural safeguards. These safeguards restrict access to your confidential information to only authorized personnel with specific need to access and utilize your information. We train our employees on how to handle your information to maintain confidentiality and privacy. To protect your personal information from unauthorized access and use, we use security measures that comply with law and industry level best practices. These measures include computer and system safeguards, strong access controls, network and application controls, security policies, processes, trained personnel and secured repositories and buildings etc. We regularly monitor and review our compliance with internal policies, regulatory guidelines and industry best practice. We educate our employees to protect the information. The same policy applies to our trusted partners through contracts and agreements.
We take reasonable steps to destroy or permanently de-identify any personal information after which it can no longer be used.
Who do we disclose your personal information to, and why? Categories of Third-Parties with Whom Bank of India May Share Information
Bank of India shares personal information with third-parties only as permitted and required by law, as per Bank’s approved guidelines and your consent in connection with the administration, processing, and servicing of account and account-related transactions, in order to perform services for you and on your behalf, for example, credit reporting agencies, bill payment processors, credit, debit and ATM card processing networks, data processing companies, insurers, marketing and other companies in order to offer and/or provide financial products and services to you, and in response to legal or regulatory requirement, court order and/or other legal process or investigation.
For all third-party outsourcing of services the information is shared and used as per the service level agreement and non-disclosure agreement.
To be more specific the information may be shared with the following:
- our agents, contractors, valuers, solicitors and external service providers;
- authorised representatives and agents who sell products and services on our behalf;
- insurers, re-insurers and health care providers;
- payment systems operators (for example, merchants receiving card payments);
- other organisations, who jointly with us, provide products or services to you;
- other financial services organisations, including banks, mutual funds, stockbrokers, custodians, funds managers and portfolio service providers;
- debt collectors;
- our financial advisers, legal advisers or auditors;
- your representatives (including your legal heirs, legal adviser, accountant, mortgage broker, financial adviser, executor, administrator, guardian, trustee, or attorney);
- fraud bureaus or other organisations to identify, investigate or prevent fraud or other misconduct;
- agencies providing credit scores
- Govt. agencies for verification of land records etc
- external dispute resolution schemes
- regulatory bodies, government agencies and law enforcement bodies in any jurisdiction
- we are required or authorised by law or where we have a public duty to do so
- your express instructions or consent to the disclosure with specific entities
- any act or regulation which force us to disclose the information to any specified entity; law enforcement and judicial entities
- for international transactions, such as currency exchanges, we may need to disclose your information to the corresponding international party in order to process the transaction. The countries we disclose your information to will depend on the details of the transaction you ask us to carry out.
