Privacy Notice for Website Users
1. General Information
Sberbank India, a branch of the globally recognized Sberbank Group, is committed to safeguarding your Personal Data. We prioritize transparency, accountability, and security in every interaction involving your Personal Data. As a regulated financial institution operating in India, we adhere to the Digital Personal Data Protection Act, 2023 (DPDPA), and other applicable Indian and global privacy regulations.
This Privacy Notice outlines our practices regarding the collection, use, disclosure, retention, and transfer of Personal Data obtained through our website, services, and interactions, both online and offline.
Sberbank Branch in India, New Delhi (hereinafter referred to as “Sberbank India” or “we”) is committed to the protection of your Personal Data. The protection of your Personal Data is of a great importance for us; therefore, we handle your Personal Data responsibly, in a data protection-compliant manner and in accordance with high standards of Personal Data processing and protection.
In this Privacy Notice, we explain how, as Data Fiduciary, we collect, process and use Personal Data of our individual clients and data of individuals associated with corporate clients (which include individuals and representatives contact details from corporate clients) about you as a www.sberbank.co.in (the Website) user and a potential or current client of Sberbank India, and how you can exercise your rights.
2. Description of Personal data processing
We collect and process the Personal Data that you voluntarily provide us through the Website for purpose you have provided us with the data. Such purposes may include, but are not limited to providing you with our banking and related services; receiving your feedback and queries; contacting you upon your request; Website use analytics, etc. In certain cases, we may be obliged to process your Personal Data by legal and regulatory provisions. Insofar as we also use your Personal Data in a way that requires your consent in accordance with applicable laws, we will ask for your consent before we collect your data.
Our website uses cookies to enhance user experience, improve performance, and support analytics. Cookies are small text files placed on your browser that help us recognize your preferences and gather information about how you interact with our website.
We also process the data collected during your usage of our Website through Cookies. By continuing to use this Website, you grant your consent to the processing of your Cookies. Cookies are a small fragment of data which a website requests from the browser used on your PC or mobile device. Cookies reflect your preferences or actions on the Website. Cookies are stored locally on your PC or mobile device. If you wish, you can delete the stored Cookies in the settings of your browser. Cookies (information about the user’s actions on the Website and about the user’s device, date and time of the session) are used by us to improve the functioning of the Website. You can decline the processing of cookies in your browser settings. In this case, our Website will only use those cookies that are strictly necessary for the functioning of the site and the services it offers.
Our website processes the obtained data, amongst others, by using metrics programs: SberTagManager and Yandex.Metrika.
The data we collect by using metrics programs is used for the Website use analytics purpose and include the following categories of data:
You can manage or disable cookies through your browser settings, though doing so may limit certain functionalities.
Please find the description of how we generally collect, process and use your data for the purpose of providing you with our banking and related services in the table below:
Table 1. Description of Personal data processing
Purposes and legal basis of processing | Legal basis for processing | Categories of Personal Data | Source of collection | Who may have access to your data | Cross-border transfer |
|---|---|---|---|---|---|
Signing and performance of lending agreement with corporate clients
| We process Personal Data for a reasonable purpose of concluding the agreement. There is also a reasonable assumption that acting on behalf of the Corporate Client, data principal has agreed to the processing of their Personal Data. | We may process the following information belonging to individuals associated with corporate clients (Authorized signatory): - Full name - Designation - Power of Attorney/ Letter of Authority | We collect relevant information directly from the data principal – an individual, whose Personal Data is to be processed. | The data may be sent as a part of mandatory reporting to credit agencies, MCA & CERSAI authorized by the Reserve Bank of India. | / |
KYC procedures | - Reasonable purpose of Sberbank India to ensure security of our business, prevent and detect fraud and related crimes; - Fulfillment of legal requirements related to KYC/AML/CFT procedures; - Consent of Data Principal (where applicable, e.g. disclosure of information to the Credit Information Bureau)
| We may process the following information belonging to individual clients and individuals associated with corporate clients, such as CEO, shareholders, beneficiaries, etc. - Personal details (e.g. full name, date and place of birth, designation, nationality, gender, income, photo); - Identification details (e.g. details of migration card (where applicable), ID details (series, No., date of issue), individual taxpayer’s number, PAN no., Passport and VISA details); - Contact details (e.g. Contact phone/fax, address of registration and residence); - Other information, which may be contained in verification documents (KYC Form). - Power of Attorney/ Letter of Authority | We collect relevant information: - directly from the data principal (in case of individual clients), or - From the individual associated with a corporate clients and who is authorized to provide us with the info on other associated individuals about corporate clients. | In order to fulfill the purposes listed under this head, we may disclose this information to: - Credit Information Bureau (India) Ltd and any other agency authorized by the Reserve Bank of India; - Other Governmental, statutory or judicial authorities, where Sberbank India is obliged to do so under legal and regulatory requirements; - We may also send this data to our business partners, who provide us with background and security check services.
| In certain cases, these data may be transferred to our head office Sberbank of Russia (Russian Federation, 117997, Moscow, Vavilova St., 19). We will ask for your consent prior to such transfer. |
Purchase and sale of currency | - Providing services for the benefit of Data principal, where Sberbank India may reasonably expect to obtain the consent of data principal | We may process the following information belonging to individual clients and individuals associated with corporate clients, (*authorized representative of the corporate client): - Full name; - Identification details (passport, driving license, PAN card, Aadhar Card); - Beneficiary’s banking details; | We collect relevant information directly from the Data principal
| / | / |
Opening of current account / deposit account | - Providing banking services for the benefit for the benefit of the Client, where Sberbank India may reasonably expect to obtain the consent of data principal | We may process the following information belonging to individual clients and their guardians (where applicable), individuals associated with corporate clients (i.e. authorized signatory): - Personal details (e.g. full name, date of birth, name of father/spouse, relationship type (for guardians), nationality, gender, photo); - Identification details (e.g. ID details, Passport and Visa details); - Contact details (e.g. Contact phone, e-mail, address; - Power of Attorney/ Letter of Authority - Other information that may be contained in verification documents may be also made available to Sberbank India. | We collect relevant information directly from the Data principal
| Your Personal Data may be transferred to and processed outside India, i.e. in Sberbank of Russia (Russian Federation, 117997, Moscow, Vavilova St., 19), which is our head office, for the purposes described above. We will ask for your consent prior to such transfer. |
|
Accounting of taxes | Fulfillment of legal obligations of Sberbank India | GST no. of Individual Clients | We collect relevant information directly from an individual client | We may transfer these data to GST Department of India as a part of our legal obligation | / |
Kindly note, that we need the above-mentioned data for the negotiations and performance of any agreements with you or the company you represent and/ or for the fulfillment of the legal obligations to which we may be subject to. If the Personal Data required for these purposes are not provided, we may not be able to fulfill our duties and/or in particular, the above purposes, and/or this would slow down the process considerably.
3. Children's Privacy
We do not knowingly collect Personal Data from children under the age of 18. If you believe that a child’s data has been inadvertently submitted through our platforms or during a banking relationship, you may contact our Data Protection Manager to request correction or deletion.
4. Third-Party Links Disclaimer
Our platforms may contain links to third-party websites for informational or convenience purposes. Sberbank India does not control or endorse these third-party websites, nor do we accept any responsibility for their content, privacy practices, or security measures. Users are encouraged to review the privacy policies of external sites before sharing any Personal Data with them.
5. Data Retention and Disposal
Sberbank India retains Personal Data only for as long as is necessary to fulfill the purposes for which it was collected, or as required under applicable laws and regulatory guidelines. The duration of retention depends on various factors including the type of product or service availed, the nature of the relationship, statutory obligations, legal hold requirements, and dispute resolution timelines.
Once the retention period expires or the data is no longer required, we ensure secure disposal through controlled processes such as digital wiping, and secure physical destruction (for paper records). Our disposal practices follow globally accepted data lifecycle management standards and are designed to eliminate any risk of unauthorized access, reuse, or reconstruction of data post-deletion.
6. Technical and Organizational Measures for Data Security
Sberbank India implements a multi-layered data protection strategy comprising both technical controls and organizational safeguards to ensure the security and confidentiality of Personal Data. Our systems are protected through advanced security architectures that include firewalls, intrusion detection and prevention systems (IDPS), encryption (at rest and in transit), virtual private networks (VPNs), and access controls based on roles and responsibilities.
7. Data Sharing and Cross-Border Transfers
All the data sharing and cross-border transfers are conducted in compliance with the principles of data minimization, purpose limitation, and accountability, ensuring that your rights as a Data Principal remain protected irrespective of where your data is processed.
8. The Rights of Data Principals in relation to Personal Data processing and other related queries:
8.1. Right to access information about Personal Data: you have the right to receive a confirmation from Sberbank India as to whether we are processing or have processed your Personal Data, and a brief summary of Personal Data which is being processed by Sberbank India and the processing activities undertaken by Sberbank India with respect to such Personal Data; the identities of all other Data fiduciaries and Data Processors with whom the Personal Data has been shared, along with a description of the Personal Data so shared; and any other information related to the Personal Data of such Data Principal and its processing, as may be prescribed.
8.2. Right to correction and erasure: you have the right to the correction of your inaccurate or misleading Personal Data, the completion of incomplete Personal Data, updating of Personal Data that is out-of-date (e.g. where your Personal Data is put on a roaster list), the erasure of Personal Data which is no longer necessary for the purposes for which it was processed.
8.3. Right of grievance redressal: you have the right to submit any grievances you might have to the Sberbank India’s Data Protection Manager (dpm_india@sberbank.ru) in respect of any act or omission of Sberbank India regarding the performance of its obligations in relation to your Personal Data or the exercise of your rights under the provisions of applicable laws.
8.4. Right to withdraw consent to the processing: where the processing of your Personal Data is based on your explicit consent, you have the right to revoke such consent at any time. However, please note that such withdrawal may affect our ability to fulfill our duties and/or in particular, the above purposes, and/or this would slow down the process considerably.
8.5. Right to nominate: you have the right to nominate any other individual, who shall, in the event of your death or incapacity, exercise your rights in accordance with the provisions of applicable laws.
Mechanism for the exercise of your Data Principal Rights
For all additional queries and/or for exercising any of the rights listed above or raising any grievances, Data principals shall make a request in writing with the necessary information as regards to their identity. For this purpose, they may reach us via contact details listed below:
Data Protection Manager
Sberbank India
E-mail: dpm_india@sberbank.ru
Address: Upper Ground Floor & Fourth Floor,
Birla Tower, 25 Barakhamba Road
New Delhi, Delhi, 110001.
9. Changes to this Privacy Notice
This Privacy Notice may be updated periodically to reflect changes in legal obligations, technology, or our internal practices. Any significant changes will be notified via our website and, where required, via direct communication.
By providing us with your Personal Data you acknowledge to have read this Privacy Notice and hereby provide explicit consent to process your data in accordance to this Notice. This Notice may be unpadded from time to time and you should review it before providing us with any new Personal Data.