SECURITY & PRIVACY POLICY FOR THE USE OF MOBILE APP (Dated: 6th May, 2017)

HBZ Mobile Security & Privacy Policy describes how Habib Bank AG Zurich and its subsidiaries collect, process, use and disclose information through the use of the HBZ App.

For any queries or concerns regarding HBZ privacy practices, kindly contact the nearest branch.

This Policy does not apply to collection of data through our websites, social media, other online or offline websites or services.

By using the App, the client consents to the collection, processing, use and disclosure of information as described in this Mobile Security & Privacy Policy.

Security

HBZ employs appropriate technical security measures to protect client’s personal information and restrict unauthorized access. Information storage is held in a secure Data Centre and is encrypted wherever possible. HBZ's security procedures also specify that proof of identification (which includes a valid login name, password and a device key) will be required before releasing client’s personal information. HBZ App undergoes periodic reviews of its security policies and procedures to ensure that its systems are secure and protected.

In addition to periodic reviews, HBZ’s strong security framework includes:

  1. Automatic “session timeout” if inactive for a short period
  2. User authentication with valid login name, password and device key
  3. Encrypted communication using state of the art TLS technology
  4. Additional application layer encryption
  5. Registration restricted to HBZ customers who subscribes to HBZOtp
  6. Valid access confirmation through Captcha mechanism

Client agrees to the collection, processing, use and disclosure of information as described in this Mobile Privacy Policy by registering for the HBZ App.

Privacy

Client’s Personal Information: Personal information viz name, address, phone number, e-mail address, and bank account details provided by the Client and automatically acquired by the Bank is treated as highly private and confidential.

The information may be gathered:

  1. On registration
  2. On interaction with the App
  3. Received from any third party
  4. Other sources

Use of information by HBZ: HBZ may use Client information for the following purposes:

  1. Confirm identity
  2. Allow access to the account
  3. Respond to inquiries
  4. Process transfer of funds to and from third parties
  5. Communicate new or revised services and promotional offers
  6. Update records;
  7. Prevent or detect fraud
  8. Enable third parties to carry out technical, logistical or other functions on its behalf.

HBZ only shares Client’s Information with other entities as described below.

  1. Agents / contractors
  2. Business transfers
  3. Fraud / Credit Risk
  4. Regulatory Authority or other agencies

Besides above HBZ has client’s consent to share information with any such third parties.

Account Information: HBZ will review use of the app including any transactions made to improve and enhance its services.

Transfer Of Client’s Information Outside The EEA: For its UK customers, HBZ may need to transfer personal information from time to time outside the European Economic Area where this is necessary to operate account(s), and the client expressly agrees to such transfer.

Accessing And Updating Client Information: Client may request a copy of their information. Client must notify HBZ of any change to personal details alternatively HBZ will contact client for such details at any time in writing to regularize their account details.

Data Collected thru the App: HBZ may collect personal and non-personal information through the use of the App as follows:

  1. Name
  2. Contact information including address, phone and email
  3. Card or account number with details
  4. Security code, postcode, secret question, password or other authentication credentials;
  5. Information provided through feedback or contacting HBZ;
  6. Data provided for transfers
  7. Device-related information:
    • Dates and times when the App accesses HBZ servers
    • Non-personal information about banking or other transactions
    • Information and files that have been downloaded to the App
    • Version of the App
    • Type of OS
    • Device model and manufacturer;
    • Mobile service provider
    • Screen resolution
    • Device ID.

HBZ may collect the location of the device based on GPS, cellular tower information and IP-based location services.

The App does not engage in the collection of Personal Information about online activities over time and across third-party web sites or online services.

Use Data Collected by HBZ App: Information collected through the App is managed by the HBZ business that maintains the account or processes the application for a new or existing product or service.

HBZ provides a platform through the App to:

  1. Authenticate the App to access the account
  2. Process applications and transactions
  3. Respond to requests
  4. Enhance, improve, personalize and tailor the App and other online services
  5. Use and/or disclose information for fraud detection and information for security purposes
  6. Recognize the device

How HBZ Discloses and Shares Data Collected: HBZ may share personal information with affiliates and third party partners to:

  1. Help the client to provide requested services
  2. Analyze and understand how the services are used
  3. Protect business from fraud or other illegal activities
  4. Comply with subpoenas, court orders or other legal requirements

Client’s Rights

Subject to certain exceptions, client can update or change the account information, by contacting the nearest HBZ branch.

Data Retention and Use Limitations

HBZ uses personal information collected through the use of the App only for the purposes for which it was collected. The information collected through the use of the App is retained for as long as the App is used and for a reasonable time thereafter.

Data Security

The security and confidentiality of personal information is HBZ’s priority. The information is protected by maintaining physical, electronic, and procedural safeguards that meet applicable law requirements. The employees are trained to handle such information appropriately. HBZ ensures other companies used to provide services maintain confidentiality of personal information received by them. While no data transmission over the internet, wireless networks or data storage systems is guaranteed to be 100% secure, HBZ continuously evaluates and updates it’s security measures.

Revisions To This Privacy Statement

HBZ reserves the right to revise this Security and Privacy Policy or any part thereof from time to time, which should be reviewed periodically for changes. Unless otherwise stated, the current Security and Privacy Policy applies to all information that HBZ has about the client.