Privacy Policy Inner Page Slide

Privacy Policy

Privacy Policy

Privacy Policy part -2

State Bank of India
External Privacy Notice

1. Who we are and what we do

Who we are

We are State Bank of India (UK) Ltd ("SBI UK", "us", "we", "our"). We are a limited company registered in England and Wales under registration number Company Number 10436460 and we have our registered office at 15 King Street, London, EC2V 8EA. We are registered with the UK supervisory authority, Information Commissioner's Office ("ICO") in relation to our processing of Personal Data under registration number ZA295911.

SBIUK is part of the State Bank of India group of companies (the "SBI Group"). Details of the SBI Group can be found at >https://www.sbiuk.com/footer/about-sbi/about-us. Personal data provided may be stored on a SBI Group database and may be used by us, any SBI Group company or third party for the purposes set out in this Privacy Notice.

What we do

We are in the business of providing banking services including personal banking, business banking, loans and mortgages, We are committed to protecting the privacy and security of the Personal Data we process about you.

Controller

Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.

2. Purpose of this privacy notice

The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the 'How to contact us' section.

3. Who this privacy notice applies to

This privacy notice applies to you if:

  1. You visit our website
  2. You use any of our products and/or services
  3. You enquire about our products and/or services
  4. You use our YONO SBI UK mobile banking App (see also our privacy notice specifically for users of our YONO App which is available when you log into the YONO App)
  5. You sign up to receive newsletters and/or other promotional communications from us
  6. You are a business associate of ours

4. What Personal Data is

'Personal Data' means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier

Personal Data we collect

The type of Personal Data we collect about you will depend on our relationship with you. For the type of Personal Data we collect see the list below. For details of how we use this data see the section entitled 'Purposes, lawful bases and retention periods'.

We may collect, use, store and transfer different types of personal data about you (or those associated with you such as dependents, other close family members and joint account holder(s)) which you may provide or which we may collect from other parties. These can broadly be grouped together as follows:

Contact Data includes billing address, physical address, email address and telephone number(s).

Correspondence Data includes all of the above category groups of Personal Data which are contained in, or relating to, any communication with you (including telephone conversations, if applicable, where we notify you such conversations are recorded), which may also include the communication content and metadata associated with the communication

Enquiry Data includes Identity, Contact and Financial Data contained in any enquiry you submit to us regarding services and products

Financial Data includes bank accounts details, payment card details, salary and other income, expense, asset and liability details

Identity Data includes first name, maiden name, last name, user-name orsimilaridentifiers(including reference numbers we have allocated to identify you), marital status, title, date of birth, gender and job title

Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences

Profile Data includes your username and password, transactions made by you, your interests and preferences

Regulatory Data includes personal data involving credit and identification checking and validation, money-laundering checks and information about criminal convictions and offences

Transaction Data includes details about payments to and from you and other details of services and products we provide to you such as the date, amount, currency and the name and type of supplier (for example, supermarketservices, medical services, transactions in assets, retailservices) and from the payments which are made to and from your account(s) with us.

Technical Data a includes internet protocol (IP) address, your log-in data, browser type and version, time zone and location settings, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site and the online services provided by us

Usage Data includes information about how you use our website and services, including but not limited to, traffic data, location data, web-logs and other communication data, whether this is required for our own purposes or otherwise, and the resources that you access

Vulnerability Data includes any information which may suggest you are vulnerable to some degree. Characteristics could include physical or mental illness or disability, illiteracy, lack of financial skills, poor hearing etc

We also collect, use and share aggregated data such as statistical or demographic data. Aggregated data may be derived from your Personal Data but is not considered Personal Data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

Where we need to collect Personal Data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. For example, to provide you with goods or services. In this case, we may have to cancel a product or service you have with us but, if this is the case, we will notify you at the time.

6. How we collect your Personal Data

We collect most of the Personal Data directly from you in person, by telephone, text or email and/or via our website and YONO App. For example, we collect your Personal Data when you complete forms, use our website, use our YONO App, correspond with us and have conversations with us.

We may receive information about you from third parties or publicly available sources. For example, we receive Personal Data about you from third parties,such as employers, joint account holders, credit reference agencies, fraud prevention agencies or other organisations when you apply for an account with us or for any of our other products or services. We may also collect Personal Data about you from publicly available sources such as social media sites and Government registers and information that you provide on social media websites such as Twitter, LinkedIn and YouTube.

We use automated technologies to collect your Personal Data. For example, as you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We may collect this data by using cookies and other similar technologies. We also collect data from you when you use our YONO App.

We collect and create an analysis and management of your accounts and servicesWe learn about you from the way in which your accounts with us are administered and managed, from the transactions made, such as the date, amount, currency and the name and type of supplier (for example, supermarket services, medical services, transactions in assets, retail services) and from the payments which are made to, and from, your account(s) with us

Where you provide personal and financial information to us about others (such as dependents, other family members and joint account holder(s)), you confirm that you have their consent or are otherwise lawfully entitled to provide this data to us and for it to be used in accordance with this Privacy Notice.

7. We may also collect information about you if we observe that you may benefit from extra support from us. See the section below entitled "Accessibility".

We want to make banking with us as easy as possible, so if you are suffering from any physical or mental condition that affects your ability to manage your finances, please let us know so that we can find ways to support you. For example, if you struggle with hearing loss, we will speak to you more loudly or if you are facing an upsetting life experience, we will be sensitive to this.

If you do not tell us about something you are struggling with, we may, nonetheless, notice this when you engage with us. In these circumstances, we will do whatever we reasonably can to assist you in dealing with your finances. We may also keep a note of what we observe so that we are more able to quickly and easily assist you in an appropriate way the next time you interact with us.

8. Use of our YONO App

Our YONO ("You only need one") App is a mobile banking App that offers banking services. To see our full privacy notice relating to your use of YONO App, please log in to your YONO App.

9. Purposes, lawful bases and retention periods

We will only use your Personal Data when the law allows. Most commonly, we will use your Personal Data in the following circumstances:

Categories of individuals Purpose of Processing Categories of Personal Data Lawful Basis Retention Period
New customers To register you as a new customer, process your application and set up your accounts
  • Identity Data
  • Enquiry Data
  • Contact Data
  • Financial Data
  • Profile Data
  • Correspondence Data
  • Vulnerability Data
Contract 7 Years from the date of closure of the account
New customers and existing customers To verify your identity and make financial risk assessments including anti-money laundering checks and for crime and fraud prevention purposes. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at: https://www.cifas.org.uk/fpnhttps://nhunter.co.uk/privacy-policy/For more information about how credit referencing agents generally use your personal data, visit the Credit Reference Agency Information Notice (CRAIN) which can be found here: https://www.experian.co.uk/legal/crain/ For specific information on how our credit reference agency uses your data, visit: https://www.experian.co.uk/consumer/privacy.html
  • Identity Data
  • Contact Data
  • Enquiry Data
  • Regulatory Data
  • Financial Data
  • Vulnerability Data
Depending on the situation:
  • Contract
  • Legal obligation
  • Legitimate interests of running our business, ensuring security, preventing fraud, meet our regulatory compliance and reporting obligations or the legitimate interests of a third party.
7 Years from the date of closure of the account
Existing customers To deliver the services to you including:
  • managing your accounts (including payments, fees and charges and the collection and recovery of money owed to us or to you)
  • providing statements
  • providing an online service
  • Identity Data
  • Enquiry Data
  • Contact Data
  • Transaction Data
  • Financial Data
  • Profile Data
  • Correspondence Data
  • Marketing and
  • Communications Data
  • Vulnerability Data
  • Contract
  • Legal obligation
  • Legitimate interests of running our business, ensuring security, preventing fraud, meet our regulatory compliance and reporting obligations.
  • Consent(to provide content and notifications in line with your preferences)
7 Years from the date of closure of the account
Existing customers To manage, develop and improve our relationship with you which will include: notifying you about changes to our terms or privacy policy or our services, providing you with professional assistance as required, developing and improving our servicesto you.
  • Identity Data
  • Enquiry Data
  • Contact Data
  • Transaction Data
  • Financial Data
  • Profile Data
  • Correspondence Data
  • Marketing and
  • Communications Data
  • Vulnerability Data
  • Contract
  • Legal obligation
7 Years from the date of closure of the account
Website users, existing customers, new customers and potential new customers To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance,support,reporting and hosting of data)
  • Identity Data
  • Contact Data
  • Technical Data
  • Profile Data
  • Usage Data
  • Vulnerability Data
  • Legitimate interests of running our business, ensuring security, preventing fraud, meet our regulatory compliance and reporting obligations.
  • Legal obligation
7 Years from the date of closure of the account
Website users, existing customers, new customers and potential new customers To use data analyticsto improve our website, products/services, marketing, customer relationships and experiences
  • Identity Data
  • Contact Data
  • Technical Data
  • Profile Data
  • Usage Data
  • Financial Data
  • Marketing and Communications Data
  • Vulnerability Data
  • Legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
7 Years from the date of closure of the account
Website users, existing customers, new customers and potential new customers To enable us to carry out assessment and analysis (including credit and/or behaviour scoring, market and product analysis)
  • Identity Data
  • Contact Data
  • Technical Data
  • Profile Data
  • Usage Data
  • Financial Data
  • Marketing and Communications Data
  • Vulnerability Data
  • Contract
  • Legal obligation
  • Legitimate interests of running our business, to defining types of customers for our products and services, developing our business and marketing strategy
7 Years from the date of closure of the account
Website users, existing customers, new customers and potential new customers To enforce any of our rights against you
  • Identity Data
  • Contact
  • Data
  • Technical Data
  • Financial Data
  • Correspondence Data
  • Regulatory Data
  • Vulnerability Data
  • Contract
  • Legal obligation
  • Legitimate interests (for running the business, to meet our regulatory compliance and reporting obligations,to recover debts due to us) or the legitimate interests of a third party
7 Years from the date of closure of the account
Website users, existing customers, new customers and potential new customers To meet our regulatory compliance and reporting obligations including to prevent and detect fraud, money laundering and other crime and carry regulatory checks
  • Identity Data
  • Contact Data
  • Technical Data
  • Financial Data
  • Correspondence Data
  • Regulatory Data
  • Vulnerability Data
  • Legal obligation
  • Legitimate interests of running our business, meeting our regulatory compliance and reporting obligations) or the legitimate interests of a third party
7 Years from the date of closure of the account
Website users, existing customers, new customers and potential new customers To provide you or permit selected third parties to provide you with information, products or services that you request from us or which we or they consider may be of interest to you, where you have consented to be contacted for such purposes
  • Identity Data
  • Contact Data
  • Marketing and Communications Data
  • Vulnerability Data
  • Consent(to provide content and notifications in line with your preferences)
Until you withdraw consent
Business associates To engage with you for the purposes of the services we may be able to provide to each other
  • Contact Data
  • Correspondence Data
  • Vulnerability Data
  • Consent
  • Legitimate interests
3 years from the date of our last meaningful contact
Users of our YONO App To administer your account on the YONO App and provide you with the services you request
  • Identity Data
  • Enquiry Data
  • Contact Data
  • Financial Data
  • Profile Data
  • Correspondence Data
  • Technical Data
  • Vulnerability Data
  • Consent
  • Legitimate interests
7 years from the date of account closure

We'll only use your information if we have your permission, or we have another legal reason for using it. These reasons include:

  • if we need to pursue our legitimate interests
  • if we need to process the information to enter into or carry out an agreement, we have with you
  • if we need to process the information to comply with a legal obligation
  • where we believe it's in the public interest for us to do so (for example, to help prevent or detect crime)
  • to establish, exercise or defend our legal rights

Where Personal Data is processed because it is necessary forthe performance of a contract to which you are a party, we will be unable to provide our services without the required information.

10.Use of your Personal Data for marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:

Promotional offers from us

We may use your Identity, Contact, Technical, Usage, Profile Data and Marketing and Communications Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant to you.

We will send you marketing communications if you have requested information or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving marketing

Opting-out - you can ask us to stop sending you marketing messages at any time by logging into the relevant website and checking or unchecking relevant boxes to adjust your marketing preferences, by selecting the unsubscribe options in email correspondence received, by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of a product/service request, product/service experience or other transactions.

Third-party marketing - we will only share your Personal Data with a company outside the SBI UK Group of companies for marketing purposes if we have your prior express opt-in consent.

11. Sharing your Personal Data

We may share your Personal Data with:

  • any member of the SBOI Group (which means our subsidiaries, our ultimate holding company and its subsidiaries) insofar as is reasonably necessary for the purposes set out in this Privacy Notice;
  • any prospective buyer of our business or assets or any prospective seller of another business or business assets that we are interested in buying. We will ensure that the prospective seller or buyer treats your data as confidential;
  • our insurers, lawyers, accountants, auditors and professional advisers insofar as is reasonably necessary for the purposes of obtaining and maintaining insurance cover, obtaining legal and other advice, managing legal disputes, managing risks and meeting reporting, regulatory and compliance obligations;
  • our business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
  • analytics and search engine providers that assist us in the improvement and optimisation of our website;
  • third parties we use to process your Personal Data on our behalf, for example, third parties used to host the website, maintain our IT systems or approved third party brokers. Where we use third parties to process your data on our behalf we will ensure that they have provided appropriate safeguards required in relation to such processing;
  • We and fraud prevention agencies may also enable law enforcement agenciesto access and use your Personal Data to detect, investigate and prevent crime. If we, or a fraud prevention agency,determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested or we may stop providing existing services to you;
  • Credit reference agencies for the purpose of verifying your identity and suitability for an account and assessing your credit score where this is a condition of us entering into a contract with you. Credit reference agencies keep a record of our enquiries and may record, use and provide such information to other financial institutions, insurers and other organisations. Information held about you by the credit reference agencies may already be linked to records relating to your partner ormembers of your household where a financial "association" has been created. Any enquiry we make at a credit reference agency may be assessed with reference to any associated records. Another person's record will be associated with yours when (i) you make a joint application, (ii) you advise us of a financial association with another person, or (iii) if the credit reference agencies have existing linked or "associate" records. This "association" will be taken into account in all future applications by either or both of you and shall continue until one of you applies to the credit reference agencies and is successful in filing a "disassociation". For more information on how credit reference agents process data, visit the Credit Reference Agency Information Notice (CRAIN) which can be found here: https://www.experian.co.uk/legal/crain/ . For more information on how our credit reference agent processes your personal data, please visit: https://www.experian.co.uk/consumer/privacy.html;
  • identity and address verification agencies who may record and use your Personal Data, especially if fraud and/or dishonesty is suspected, and disclose it to other organisations and law enforcement agencies (including internationally) for purposes of debt tracing and recovery, fraud and money laundering prevention and prosecution. Further details can be found at https://www.sbiuk.com/personal-banking/personal/credit-reference;
  • HM Revenue & Customs;
  • UK and overseas financial regulators to meet our regulatory, compliance and reporting obligations;
  • other financial service organisations (including lenders and operators of card schemes) both within the UK and abroad;
  • other third parties if we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation, or as part of legal proceedings, or in order to enforce any of our rights against you under your contract with us or to protect the property, safety or vital interests of SBIUK, or of another natural person;
  • to other parties connected to your account (e.g. a joint account holder);
  • your advisers (including but not limited to accountants, lawyers or other professional advisors) where authorised by you;
  • to carefully selected third parties for marketing purposes when you have consented to be contacted for such purposes; and
  • providers of Approved Third Party Service as set out in our General Terms and Conditions.

12. International transfers

Your Personal Data may be processed outside of the UK in the following circumstances:

  • SBIUK has outsourced the storage of a large part of its customer data to State Bank of India in India and their databases are located in India;
  • processing international payments by international electronic transfer;
  • disclosures to foreign authorities, regulators and law enforcement agencies to reduce financial crime and terrorism;
  • picture based, human verified, identification checksfor online account opening; or
  • the data generated by cookies about your use of our web application (including your IP address but no other personal data).

Where we processinternational payments outside the UK at yourrequest, we do so through the SWIFT (the international payments) System. When we do this your data will be processed and stored abroad by other banks or financial institutions involved in completing the payment. Those banks and financial institutions may have to release the information to foreign authorities and other third parties, including those outside the UK (in which case your personal data may not be protected in line with data protection laws).

Whenever we transfer your data outside the UK we will take appropriate steps to ensure that the Personal Data processed outside the UK has an essentially equivalent level of protection to that guaranteed in the UK. We do this by ensuring that:

  • Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or
  • We enter into an International Data Transfer Agreement ("IDTA") with the receiving organisation and adoptsupplementary measures, where necessary. (A copy of the IDTA can be found here internationaldata-transfer-agreement.pdf (ico.org.uk)) or
  • In the case of transfers to the US, we ensure that the US organisation receiving your Personal Data is signed up to the UK-US Data Bridge.

13. Your rights and how to complain

You have certain rights in relation to the processing of your Personal Data, including to:

  • Right to be informed
    You have the right to know what Personal Data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this
  • Right of access (commonly known as a "Subject Access Request")
    You have the right to receive a copy of the Personal Data we hold about you.
  • Right to rectification
    You have the right to have any incomplete or inaccurate information we hold about you corrected.
  • Right to erasuree (commonly known as the right to be forgotten)
    You have the right to ask us to delete your Personal Data
  • Right to object to processing
    You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material.
  • Right to restrict processing
    You have the right to restrict our use of your Personal Data
  • Right to portability
    You have the right to ask us to transfer your Personal Data to another party.
  • Automated decision-making. You have the right not to be subject to a decision based solely on automated processing which will significantly affect you
  • Right to withdraw consent
    If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.
  • Right to lodge a complaint
    If you are concerned about the way in which we are handling your Personal Data, please let us know in order that we can address your concerns. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office who can be contacted online at: Contact us | ICO Or by telephone on 0303 123 1113

How to exercise your rights

You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances

If you wish to exercise your rights, you may contact us using the details set out below within the section called 'How to contact us and our Data Protection Officer'. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated.

14. Automated processing

As part of the processing of your Personal Data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our automated processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or isinconsistent with your previous submissions, or you appearto have deliberately hidden your true identity. You have rights in relation to automated decision making (see above).

15. Children's Privacy

This website is not intended for children. However, we do offer bank accounts for children. Please contact us should you wish to see our privacy notice for children.

16. Your duty to inform us of changes.

It is important that the Personal Data we hold about you is accurate and up to date. Please keep us informed if your Personal Data changes during your relationship with us.

17. How to contact us and our Data Protection Officer

If you wish to contact us or our Data Protection Officer in relation to this privacy notice or if you wish to exercise any of your rights outlined above, please contact us as follows:

State Bank of India (UK) Limited
FAO: Data Protection Officer
15-17 King Street
London
EC2V 8EA
Email: dataprotection.sbiuk@statebank.com

18. Third-party links

This website may include links to third-party websites, advertisers and affiliates, plug-ins and applications. Clicking on those links or enabling those connections may allow third partiesto collect orshare data about you. We do not control these third-party websites and we do not accept any responsibility or liability for their privacy policies. We encourage you to read the privacy notice of every website you visit before you submit any Personal Data to them.

19. Changes to this Privacy Notice

We may update this notice (and any supplemental privacy notice), from time to time asshown below. We will notify of the changes where required by applicable law to do so

Last modified: 19th October 2023.

SUB Services How to open an account with the State Bank of India UK Ltd

How to open an account with SBI UK Ltd

contacus

Learn More

SUB Services Talk to us, we can help

Talk to us, we can help

contacus

Invest or refinance a buy to let mortgage

SUB Services Free money transfer to India

Remittance to India

contacus

More about money transfers