Privacy-Policy

Privacy Policy

DFCC Bank completely understands the importance of protecting your data and privacy. Find out our privacy policy here.

We take our responsibility to protect your privacy very seriously. Thus, we apply strict security and privacy controls to the way we handle your personal information.

This privacy notice (“Privacy Notice”) describes how DFCC Bank PLC (“the Bank”, “we” or “us”) collects, uses, shares, and retains personal information that the Bank’s Customers (“You”) provide to us, or that we collect, when you use the Bank’s website located at www.dfcc.lk, related mobile applications, other products and services and complete related forms, participate in events organized by the Bank, or communicate with one of our customer service representatives.


Overview

All the employees of the Bank collect and handle your personal information in accordance with the Bank’s legal obligations, including those under the Personal Data Protection Act, No. 9 of 2022 in Sri Lanka.

If you do not provide us with or allow us to collect your information, or the information you provide is inaccurate, incomplete or outdated, we may not be able to provide you with access to our platforms or their full functionality, or access to other products and services we may offer you from time to time.

Therefore, you should ensure that:

  • The information you share with us is accurate, up to date and complete
  • You inform us as soon as possible of any changes in your personal details (Refer below for definitions)

What is in this Notice

This Privacy Notice describes how we collect, store, use and share your personal information when you use our online banking platforms at www.dfcc.lk, and/or our related mobile banking applications, channels and other products and services. This includes;

  • The kinds of personal information we collect
  • The reasons we collect and use such information
  • Whom we share your information with
  • How to access our Privacy Policy or contact us about our privacy practices

What is Personal Information

Personal information includes information or an opinion about an individual that is identified or reasonably identifiable. This can include a person’s name, age, gender, postcode and contact details, digital information, financial information, such as credit card or transaction details, as well as a range of other types of data.


What Information We Collect

The personal information that we collect about you will depend on the products or services that you apply for, or enquire about.

We collect personal information about you when you use or access our platforms, and on an ongoing basis while you bank with us, including:


Types of personal information Kinds of personal information that may be involved
Personal and contact details This may include your: Name, Date of birth, Residential address, Correspondence address, Email address, Phone numbers, Education details pertaining to clients
Socio-demographic information Marital status, age, gender, occupation, nationality and relevant information about your partner and or family
Sri Lankan/foreign government-related identity documents National Identity Card (NIC), Driving License, Passport
Financial information This may include:

– Details of employment, income, assets, financial liabilities
– Transactions and payments made using our platforms
– Other bank statements
– Credit card statements
– Credit information from the Credit Information Bureau of Sri Lanka (CRIB)
– Insurance history
– Information relating to business income such as a client’s BR number, audited reports, cash books, etc.
– Visa status in the case of clients employed abroad
– Health reports for DTA Policies
– Details relating to assets owned by the client(s)
Transaction information Information about transactions that you have made using our products and services. i.e., credit card transactions, ATM withdrawals, online banking transactions
Digital Information Information obtained and or collected from you electronically, deliberately or automatically, when you use our online services. This includes information such as:

– Location information (if enabled on device)
– IP address
– Details of the device used to access our digital services
– Details of the Wi-Fi network or mobile network used by your device
– Information collected through cookies
Information you or someone acting on your behalf provides to us This includes any and all information Provided to us as part of applying for a product or service from us, including details of your income and assets, financial liabilities, copies of bank statements and credit card statements from other financial institutions, as well as information from third parties regarding your credit history, and any other information that may be collected in this manner.


Why We Collect Your Information and What We Use It For

We collect, use and share your information for the following purposes and in the following ways:

  • To serve you better as a customer;

We may need to use your data to:

      • assess and process your applications for products and services
      • administer and manage existing products or services you have obtained from us
      • manage our relationship with you or your business including to contact you
      • improve our level of service to you
      • communicate about our products and services
      • facilitate payment requests and carry out your instructions

  • To improve our Business;

We may need to use your data to:

      • review customer feedback and assess how you use our products and services
      • test and validate the effectiveness of products, services and system enhancements
      • monitor and review call recordings, online chats and other business activity for quality assurance, training and compliance purposes

  • To promote our Products and Services;

We may need to use your data to:

      • let you know about products and services you might be interested in
      • assist our business partners with designing, pricing, providing, managing and improving their products and services

  • To manage our operations;

We may need to use your data to:

      • deliver our products and services
      • make and manage customer payments and transactions
      • manage fees, charges and interest due on your products and services
      • collect and recover money that is owed to us
      • respond to complaints and seek to resolve them
      • manage our share register and security holder records
      • personalize the way content, services, and offers are presented and or delivered to you, including providing you with a personalized user experience and targeted marketing offers
      • ensure you can use the products we provide through our platforms, in accordance with applicable terms and conditions

  • To identify, manage and minimize security risks and detect and prevent fraud, scams and other unauthorized activity;

We may need to use your data to:

      • combine data collected through our other channels to help us detect security threats
      • support the management of our information security and network controls to prevent cyber-attacks, unauthorized access and other criminal or malicious activities
      • collect behavioral information in order to identify suspicious activity
      • contact you if we detect a security threat
      • block disruptive use of our platforms or any suspicious and or illegal activities

  • To comply with our legal obligations;

We may need to use your data to:

      • confirm your identity
      • share relevant information with law enforcement agencies, tax authorities and other regulatory bodies
      • investigate financial crime
      • screen applications and monitor accounts to identify criminal activity such as fraud, terrorist financing, bribery, corruption and money laundering

  • In the case of behavioral information (other than your biometric fingerprint);

We may use your data for analytics purposes in order to:

      • improve our digital features, products and services
      • understand which aspects of our platforms are working well and which are not
      • detect whether certain features are available on your device or not
      • determine what types of content you may be interested in

  • To comply with our legal obligations, respond to legal process requests, or requests from law enforcement bodies or other third parties, including under relevant laws, such as the Personal Data Protection Act in Sri Lanka.

  • For any other purpose you consent to or opt-in to and any other purpose set out in our Privacy Policy.


Direct Marketing

We may also use your personal information to tell you about products and services we think may be of interest and value to you.

We may contact you by various means, including by mail, telephone, email, SMS or other electronic means, such as through social media or targeted advertising through the Bank’s website(s) or through our online banking services.

If you do not wish to receive such direct marketing communications from us, you may opt-out at any time by making a request here: DFCC Bank PLC – Personal Data Request Management Form V1.0


Who We Share Your Information With

The types of parties we may share your information with are listed below:

  • Our Agents, Contractors and Contracted service providers (i.e., technology service providers and cloud storage providers and others)
  • Authorized representatives who sell and or arrange products and services on our behalf
  • Insurers, Mortgage Insurers, Re-Insurers and Healthcare Assurance providers
  • Payment Systems Operators (for example, merchants receiving card payments)
  • Other Business Partners, who jointly with us, provide products or services to you
  • Debt Collectors
  • Professional Advisors such as our Financial Advisors, Legal Advisors and Auditors
  • Your authorized representatives
  • Fraud bureaus or other organizations to identify, investigate or prevent fraud or other misconduct
  • External dispute resolution schemes and or mechanisms
  • Regulatory bodies, government agencies and law enforcement bodies in any jurisdiction
  • Credit reporting bodies

We may also disclose your personal information to others outside the Bank where we are permitted to disclose such information under applicable Privacy Laws in the country.


How We Secure Your Information

We understand the importance of protecting your data and have implemented adequate controls in full compliance with Sri Lanka’s regulatory requirements to keep your information safe and secure.

We ensure that your personal data is processed for specified, explicit and legitimate purposes only, as outlined and described in this Privacy Notice. We also take all reasonable measures, and measures as directed by law, to ensure that your personal information is not further processed for any other purpose, except purposes such as public interest, scientific research, historical research and or statistical purposes, in compliance with all applicable laws and regulations of the jurisdictions in which we operate.

We use a range of physical and electronic security measures to protect the confidentiality and integrity of the personal information we hold about you.

We aim to only keep your information for as long as we need it. When we no longer need such information, we take reasonable steps to destroy and or irreversibly disassociate your personal identity with such information. Furthermore, your information will be kept up to date by us, and we will take every reasonable step to erase and or rectify any inaccurate and or outdated personal data of yours, without undue delay.