Sadhana Sahakari Bank Ltd., Nagpur is committed to protecting the privacy, confidentiality and security of customer information in accordance with applicable laws, banking regulations and guidelines issued by the Reserve Bank of India (RBI).

1. Regulatory Framework

This Privacy Policy is aligned with RBI Master Directions on Information Technology Governance, Risk, Controls and Assurance Practices, RBI Cyber Security Framework for Banks, and applicable provisions under the Information Technology Act, 2000. Digital payment services including UPI, IMPS and AEPS are governed as per NPCI operational guidelines.

2. Information We Collect

• Personal identification details (Name, Address, Mobile, Email)
• KYC documents (PAN, Aadhaar, Photograph, Signature)
• Financial information (Account details, transaction history)
• Digital banking credentials and device information
• CCTV footage at branch premises (for security purposes)

3. Purpose of Data Collection

• Account opening and banking services
• Regulatory compliance (KYC/AML/CFT norms)
• Fraud prevention and risk management
• Transaction processing (RTGS/NEFT/UPI/IMPS)
• Customer grievance redressal

4. Cyber Security & Data Protection

The Bank implements a robust Cyber Security framework including:

• Firewall, IDS/IPS, Anti-Malware & Endpoint Security
• Data Encryption at Rest and in Transit
• Multi-Factor Authentication (MFA) for digital channels
• Periodic Vulnerability Assessment (VA) & Penetration Testing (PT)
• Access Control & Role-Based Authorization
• Continuous Security Monitoring and Log Management

The Bank follows RBI Cyber Security Framework circulars and conducts regular IT audits as per regulatory requirements.

5. Information Sharing & Disclosure

Customer information is shared strictly on a need-to-know basis and only:

• With RBI and other regulatory authorities
• With NPCI for payment processing
• With credit bureaus and statutory agencies
• Under court orders or legal obligations

The Bank does not sell or trade customer personal data to third parties.

6. Data Retention Policy

Customer data is retained as per regulatory retention requirements prescribed by RBI and other applicable laws. After expiry of mandatory retention period, data is securely archived or destroyed.

7. Customer Rights

• Right to access personal information
• Right to request correction of inaccurate data
• Right to lodge grievance regarding data misuse

8. Digital Banking Security Advisory

• Do not share OTP, PIN, CVV or passwords
• Verify UPI handle before transferring funds
• Report suspicious transactions immediately
• Use official banking channels only

9. Grievance Redressal

If customers have concerns regarding privacy or data protection, they may contact the Bank’s Grievance Officer. If unresolved within 30 days, customers may approach the RBI Ombudsman under the Integrated Ombudsman Scheme.

10. Policy Review

This Privacy Policy is reviewed periodically in line with regulatory updates and industry best practices adopted by leading scheduled banks in India.

Last Updated: January 2026