Privacy-Policy

Privacy Policy

DFCC Bank completely understands the importance of protecting your data and privacy. Find out our privacy policy here.

We take our responsibility to protect your privacy very seriously. We apply strict security and privacy controls to the way we handle your personal information.

This privacy notice (“Privacy Notice”) describes how the DFCC Bank PLC (“the Bank”, “we” or “us”) collects, uses, shares, and retains personal information that the Bank’s Customer (“You”) provide to us, or that we collect, when you use the Bank’s website located at https://www.dfcc.lk, related mobile applications, other products and services and complete related forms, participate in the Bank events, or communicate with one of our customer service representatives.


Overview

All the employees of the Bank collect and handle your personal information in accordance with its legal obligations, including those under the Data Protection Bill in Sri Lanka.

If you don’t provide or allow us to collect your information, or the information you give us is inaccurate, incomplete or outdated, we may not be able to give you access to our platforms or their full functionality, or access to other products and services we may offer you from time to time.

You should ensure:

  • The information you share with us is accurate, up to date and complete
  • You inform us as soon as possible of any changes in your personal details (Refer below for definitions)

What is in this Notice

This Privacy Notice describes how we collect, store, use and share your personal information when you use our online banking platforms at https://www.dfcc.lk, and/or our related mobile banking applications, channels and other products and services. This includes

  • The kinds of personal information we collect
  • The reasons we collect and use that information
  • Who we share your information with
  • How to access our Privacy policy or contact us about our privacy practices

What is Personal Information

Personal information includes information or an opinion about an individual that’s identified or reasonably identifiable. This can include a person’s name, age, gender, postcode and contact details, digital information, financial information, such as credit card or transaction details, as well as a range of other types of data.


What Information We Collect

The personal information that we collect about you will depend on the products or services that you apply for, or enquire about.

We collect personal information about you when you use or access our platforms, and on an ongoing basis while you bank with us, including:


Types of personal information Kinds of personal information might be involved
Personal and contact details This may include your:

  • Name
  • Date of birth
  • Residential address
  • Corresponding address
  • Email address
  • Phone numbers
  • Education details pertaining to clients
Socio-demographic information Marital status, Age, Gender, Occupation, Nationality and relevant information about your partner or family
Sri Lankan/Foreign government-related identity documents National Identity Card (NIC), Driving License, Passport
Financial information This may include:

  • Details of the employment, income, assets, financial liabilities
  • Transactions and payments made using our platforms
  • Other bank statements
  • Credit card statements
  • Credit information from the Credit Information Bureau of Sri Lanka (CRIB)
  • Insurance history
  • Information relating to business income clients (BR number, Audited reports, Cash books, etc)
  • Visa status in the case of clients employed abroad
  • Health reports for DTA Policies
  • Details relating to assets owned by the clients
Transaction information Information about transactions that you have made using our products and services. i.e. Credit card transactions, ATM withdrawals, Online Banking transactions
Digital information Information from you electronically when you use our online services. This includes information such as:

  • location information (if enabled on device)
  • IP address
  • details of the device including identifiers used to access our digital services
  • details of the wi-fi network or mobile network used by your device
  • information collected by cookies
  • images to setup user profiles
  • Video of KYC verification for digital onboarding
Information you or someone acting on your behalf Provides us as part of applying for a product or service from us, including details of your income and assets, financial liabilities, copies of bank statements and credit card statements from other financial institutions, as well as information from third parties regarding your credit history


Why We Collect Your Information and What We Use It For

We collect, use and share your information:

  • To serve you better as a Customer;

This may include:

      • assess and process your applications for products and services
      • administer and manage existing products or services you have with us
      • manage our relationship with you or your business including to contact you
      • improve our service to you
      • communicate about our products and services
      • facilitate payment requests and carry out your instructions

  • To improve our Business;

This may include:

      • reviewing customer feedback and assessing how you use our products and services
      • testing and validating the effectiveness of products, services and system enhancements
      • monitoring and reviewing call recordings, online chats and other business activity for quality assurance, training and compliance purposes

  • To promote our Product and Services;
      • let you know about products and services you might be interested in
      • To assist our business partners with designing, pricing, providing, managing and improving their products and services

  • To manage our operations;

This may include:

      • deliver our products and services
      • make and manage customer payments and transactions
      • manage fees, charges and interest due on your products and services
      • collect and recover money that is owed to us
      • respond to complaints and seek to resolve them
      • manage our share register and security holder records
      • To personalize the way content, services, and offers are presented or delivered to you, including providing you with a personalized user experience and targeted marketing offers
      • To make sure you can use the products we provide through our platforms, according to applicable terms and conditions

  • To identify, manage and minimize security risks and detect and prevent fraud, scams and other unauthorized activity;
      • combine data collected through our other channels to help us detect security threats
      • support the management of our information security and network controls to prevent cyber-attacks, unauthorized access and other criminal or malicious activities
      • Behavioral information we collect to identify suspicious activity
      • Use your information to contact you if we detect a security threat
      • Block disruptive use of our platforms or any suspected illegal activities

  • To comply with our legal obligations;

This may include:

      • confirm your identity
      • share relevant information with law enforcement agencies, tax authorities and other regulatory bodies
      • investigate financial crime
      • screen applications and monitor accounts to identify criminal activity such as fraud, terrorist financing, bribery, corruption and money laundering

  • In the case of behavioral information (other than your biometric fingerprint), for analytical purposes to help us:
      • Improve our digital features, products and services
      • Understand which aspects of our platforms are working well and which aren’t
      • Detect whether certain features are available on your device
      • Determine what types of content you may be interested in

  • To comply with our legal obligations, respond to legal process requests, or requests from law enforcement bodies or other third parties, including under relevant laws, such as the Personal Data Protection Bill in Sri Lanka

  • For any other purpose you consent to or opt in to and any other purpose set out in our Privacy Policy


Direct Marketing

We may also use your personal information to tell you about products and services we think may be of interest and value to you, but we will stop if you inform us.

We may contact you by various means, including by mail, telephone, email, SMS or other electronic means, such as through social media or targeted advertising through the Bank’s websites or through our online banking services.

If you do not want to receive direct marketing offers from us, you can opt-out by informing us via DFCC Bank PLC – Personal Data Request Management Form


Who Do We Share Your Information With?

The types of parties are listed below:

  • our Agents, Contractors and Contracted service providers (i.e. technology service providers and cloud storage providers)
  • authorized representatives who sell or arrange products and services on our behalf
  • Insurers, Mortgage Insurers, Re-Insurers and Health-Care Assurance providers
  • Payment Systems Operators (for example, merchants receiving card payments)
  • other Business Partners, who jointly with us, provide products or services to you
  • Debt Collectors
  • Professional Advisors such as our Financial Advisors, Legal Advisors and Auditors
  • your authorized representatives
  • fraud bureaus or other organizations to identify, investigate or prevent fraud or other misconduct
  • external dispute resolution schemes
  • regulatory bodies, government agencies and law enforcement bodies in any jurisdiction
  • credit reporting bodies

We may also disclose your personal information to others outside the Bank where we are permitted to disclose the information under applicable Privacy Laws in the country.


How Do We Secure Your Information?

We completely understand the importance of protecting your data and have implemented adequate controls inline with Sri Lankan regulatory requirements to keep your information safe and secure.

We ensure that your personal data is processed for specified, explicit and legitimate purposes as mentioned above. As well, this personal information is not further processed for another purpose except purposes such as public interest, scientific research, historical research or statistical purposes adhering to laws and regulations.

We use a range of physical and electronic security measures to protect the confidentiality and integrity of the personal information we hold about you.

We aim to only keep your information for as long as we need it. When we no longer need information, we take reasonable steps to destroy or de-identify it. Further, your information will be kept up to date, and we will take every reasonable step to erase or rectify any inaccurate or outdated personal data, without undue delay.



How You Can Request, Update, Delete Your Data?

We understand your rights to access, update, delete, restrict processing or make any complaints about the personal information that we have collected from you. You may exercise these requests by submitting a “Personal Data Request Management Form”. In your request, please make clear what information you would like to have changed. For your protection, we may need to verify your identity before implementing your request. We will try to implement your request as soon as reasonably practicable. We reserve the right to refuse to act on a request that is manifestly unfounded or excessive (for example because it is repetitive) and/or to charge a fee that takes into account the administrative costs for providing the information or taking the action requested