Privacy Policy for Handling of or Dealing in Personal Information (Including Sensitive Personal Data or Information)
Applicability
This policy applies to the following Deutsche Bank Group entities in India (“Deutsche”).
- Deutsche Bank AG, India
- Deutsche Investor Services Private Limited
- Deutsche Investments India Private Limited
- Deutsche Equities India Private Limited
- Deutsche Securities (India) Private Limited
- Deutsche Trustee Services (India) Private Limited
- Deutsche Asset Management (India) Private Limited
- Deutsche India Private Limited (Formerly known as DBOI Global Services Private Limited)
Statements of Practices and Policies
At Deutsche in India, we recognize that one of Deutsche’s fundamental responsibilities is to ensure that Deutsche protects personal information entrusted to Deutsche by its customers. This is critical for the maintenance of Deutsche’s reputation and for complying with its legal and regulatory obligations to protect Deutsche’s customer information. Deutsche also follows a transparent policy to handle personal information of its customers.
Safeguarding customer’s personal information and using it in a lawful manner, consistent with customer‘s expectations, is a cornerstone of Deutsche‘s customer relationships. To do so, Deutsche has put in place a privacy policy that sets forth principles and requirements governing the collection, usage, retention, disclosure and disposal of customer’s information (the "Policy"). This Policy is based on current laws and regulations. Deutsche will comply with any obligations or standards that may be imposed by any new laws and regulations.
Type of Personal or Sensitive Personal Data or Information Collected by Deutsche
Deutsche only collects personal information of its customers as may be required by law or that is reasonably essential to conduct Deutsche’s business.
As part of providing services to its customers, Deutsche may collect personal information including sensitive personal data or information that may consist of or relate to the following:
- Names, contact details, personal details, business details and personal preferences of its customers
- Information relating to its Know Your Clients (KYC) obligations
- Information that may help to provide, improve and maintain its products and services
- Financial information that may include, but might not be limited to, details related to customer bank accounts, credit or debit card, or other payment instrument details
- Biometric information that measures and analyses human body characteristics (such as fingerprints or facial patterns) for authentication purposes
Deutsche may also collect sensitive personal data or information in relation to health for superannuation products. Such sensitive information may include information about race, religious beliefs, sexual preferences, criminal record, medical records and history, physical, physiological and mental health condition.
Collection and Use of Personal Information (Including Sensitive Personal data or Information)
The personal information, including sensitive personal data or information, that Deutsche collects is used for the purposes for which it is collected or for related purposes that would reasonably be expected.
Deutsche may collect such personal information either itself or through its Third Parties. For the purpose of this policy “Third Party” includes any service provider or any Deutsche group entity associated with Deutsche in collecting, handling, storing, dealing, transmitting or processing personal information of Deutsche customers, in India or abroad.
Deutsche may use the information provided by customers for one or more of the following purposes:
- To process, confirm and fulfill customer requests regarding Deutsche products and services or transactions made using Deutsche online services
- To contact customers regarding their enquiries and requests
- To identify customers for login
- To comply with the rules relating to Know Your Customer (KYC) obligations and under Prevention of Money Laundering Act (PMLA)
- For Deutsche marketing purposes and partner promotions, such as sending updates to customers on Deutsche’s latest offers and promotions
- For identification, verification and background screening purposes
- To conform to legal requirements or comply with legal processesTo protect and defend Deutsche’s or its affiliates' rights, interests or property
- To enforce the terms and conditions of the products or services offered by Deutsche or such other purposes expressly specified in the data entry forms or other relevant sections of the web resources of Deutsche
If a customer does not wish to provide consent for usage of its sensitive personal data or information or later withdraws the consent, Deutsche has the right not to provide services or to withdraw the services for which the information was sought from the customer.
Disclosure of Personal Information (Including Sensitive Personal Data or Information)
Deutsche shall not disclose personal information of its customers without their prior consent unless such disclosure has been agreed to in a contract between the body corporate and customer, or where the disclosure is necessary for compliance of a legal obligation. In-case Deutsche discloses the personal information to Third Parties Such Third Parties will be bound contractually to ensure that they protect customer personal information in accordance with applicable laws.
The above obligations relating to sharing of sensitive personal data or information will not apply to information shared with government mandated under the law to obtain such information or by an order under law for the time being in force. Further, if any sensitive personal data or information is freely available or accessible in the public domain, Deutsche will not have any obligations regarding the same.
Information Retention
Deutsche retains information about customers for as long as necessary to fulfill the purpose for which such information was collected or as is otherwise required under any other law for the time being in force. However, this is subject to Deutsche’s rights and obligations under applicable laws to ensure retention of records which may contain sensitive personal data or information.
Reasonable Security Practices and Procedures
Deutsche uses appropriate techniques and processes to protect personal information including sensitive personal data or information.
Deutsche is committed to implement physical, electronic, and procedural safeguards to protect customer information against loss, misuse, damage and unauthorized access, modifications or disclosures. Deutsche continuously reviews and enhances Deutsche’s security policies and security measures to consistently maintain a high level of security.
A few key features of our information security program include:
- Use of firewalls, encryption, and other specialized technology
- Deployment of information security professionals that design, test, implement, and provide oversight to our information security and risk management programs
- Assurance that only employees of Deutsche and/ or its Third Parties will have access to sensitive personal data or information
- Continuous monitoring of Deutsche’s technical environment for vulnerabilities and potential intrusions
- Logical and physical controls to identify, authenticate and authorize access to Deutsche’s applications and building facilities
Notification of Changes in Policy
If there are any changes or amendments to the Policy, Deutsche will post those changes on Deutsche’s web site so that customers are always aware of what information is collected, how Deutsche uses it, and under what circumstances, if any, Deutsche may disclose it. Deutsche will use customer information in accordance with the Policy and any other privacy policy under which the information was collected. By virtue of this privacy policy, the Deutsche customer assents to collection, use, transfer, disclosure, retention and other processing of her/his personal information, including sensitive personal information, as described in this Policy.
Grievance Redressal Officer
If customer wishes Deutsche to address any discrepancies and grievances in relation to the sensitive personal data or information, the customer may write to Deutsche’s Grievance Officer and Deutsche will respond on the request in a time bound manner in accordance with applicable laws.
The contact details of Deutsche’s Grievance Officers are as under:
Entity : Deutsche Bank AG, India
Name : Nalanda Kadam
Contact no : +91(22)71806425
Email : nalanda.kadam@db.com
Entity : Deutsche Investor Services Private Limited
Name : Sachin Lotke
Contact no : +91(22)6670-3589
Email : sachin.lotke@db.com
Entity : Deutsche Investments India Private Limited
Name : Bhadresh Chhaya
Contact no : +91(22)7180-6760
Email : bhadresh.chhaya@db.com
Entity : Deutsche Equities India Private Limited
Name : Sanjiv Nagar
Contact no : +91(022)6658-4578
Email : sanjiv.nagar@db.com
Entity : Deutsche Securities (India) Private Limited
Name : Mandar Ponkshe
Contact no : +91(22)22078718/20
Email : mandar.ponkshe@db.com
Entity : Deutsche Asset Management (India) Private Limited & Deutsche Trustee Services (India) Private Limited
Name : Kiran Deshpande
Contact no : +91(22) 66584320
Email : kiran.deshpande@db.com