National Savings Bank

Online Privacy Policy Statement


Introduction:

The name, National Savings Bank (hereafter referred to as "NSB" or "We") over the years has built on trust between our customers and ourselves. Therefore, your privacy on internet does not mean any difference to us and is utmost importance to us. 

This Online Privacy Policy Statement details the following sections with regards to capture and use of information of our online users and we want you to fully read and understand the terms and conditions surrounding each of these areas.


  1. When does this Online Privacy Policy Statement apply?
  2. What user information does the bank collect and store?
  3. How does information (mentioned in point no. 2) are collected?
  4. How does information (mentioned in point no. 2) are secured when they are at rest or in transit?
  5. Why does the bank use information gather in point no. 2 and with whom the information is shared?
  6. Accessing and updating your information and contacting us?
  7. Changes to the Online Privacy Policy Statement?


  1. When does this Online Privacy Policy Statement apply?

This online policy statement explains the approach taken by NSB toward the personal information and data that we collect about you (“Your information”) and is limited to information and data collected on NSB website, Online Banking and NSB Pay App, electronically respond to our online advertisements or when you send us communications via any computer, mobile or other similar electronic devices.

It does not apply to information we collect in other ways e.g., when you are dealing with our staff in a branch or over the telephone or via third-party apps (ex: FriMi, JustPay etc.). Further, our Online Privacy Statement does not apply when you leave our website or mobile app, including third-party websites or apps where our online advertisements are displayed or links to third-party websites or apps which we do not operate or control. Please read the privacy statements and terms and conditions of these third-party websites or apps and decide whether they satisfactorily protect your rights.

    2.    What user information does the bank collect and store?

Personal Information

We will not collect personal information like names or addresses when you visit our website or mobile app unless you choose to provide it to us. If you register for our online banking system or mobile app, you may be asked for information that helps to identify you, such as your name, email address, and organization. The information you are asked to provide is used for technical and customer administration of the site only and is not shared with third parties (Refer Point no. 5). 

In addition to above set of information, authentication data such as passwords and transactional data such as credit/debit card numbers, account details etc. are stored and handled in a secure manner as mentioned in point number 4.

Non-personally identifiable information

We automatically gather and store certain technical information about your visit. This information never identifies who you are. The information we collect and store about your visit are listed below:


  1. How does information (mentioned in point no. 2) are collected?

Cookies

Your visit to the bank’s site or mobile app may be recorded for analysis on the number of visitors to the site or app and general usage patterns. Some of this information will be gathered through the use of "cookies". Cookies are small bits of information that are automatically stored on a person's web browser in their device that can be retrieved by the site or app. Should you wish to disable these cookies you may do so by changing the setting on your browser.

Marketing Promotions

Occasionally, we may collect personal information from visitors to our social media pages (i.e., Facebook, Twitter, LinkedIn etc.) and those individuals that participate in a contest or promotion (online or over the telephone, or at one of our branches). Such information is only collected from individuals who voluntarily provide us with their personal information. We may use this information to advise them of products, services and other marketing materials, which we think, may be of interest to them. We may also invite visitors to our social media pages to participate in market research and surveys and other similar activities. 

You can choose to receive marketing and other promotional materials by email. If you do receive email or promotional direct mailings, you will always have an opportunity to opt-out. 

If at any time you would like us to cease sending you direct mailings, please contact our representatives at our Call Centre by calling 011-237 9379. We will then, act on your request within 30 days and ensure that you are not included in future direct marketing promotions.

If we do ask you to provide personal information, we will always specify the purpose for which such personal information is collected and ensure that it is only used for the purpose specified at the time of collection.


  1. How does information (mentioned in point no. 2) are secured when they are at rest or in transit?

Secure user information at rest

We store the authentication data of our customers such as passwords in salted hashes incorporated with a robust hashing algorithm. Further, the bank never stores user passwords in clear-text format under any circumstances. 

In addition to that, customers’ full 16-digit debit card numbers are never stored in clear-text but stored with encrypted format under PCI-DSS recommended strong encryption mechanism.

Critical database tables which contain customers Personally Identifiable Information (PII) highlighted in point number 2 are access restricted via implementing defense-in-depth controls and also limited access to internal users under need-to-know basis.

Secure user information in transit

When we transmit highly confidential information (such as a username, password and credit/debit card number) over the Internet, we protect it through the use of encryption, such as the Secure Socket Layer (SSL) protocol and there are variety of procedures and security technologies to protect customer’s personal information from unauthorized access, use, or disclosure. It is your responsibility to keep your username and password confidential which is used for accessing online banking system sites or mobile app of the bank. For more information on best practices in securely logging on to sites/apps, please download and view the “Important Security Notice” link under the URL, https://internetbank.nsb.lk/.


    5.    Why does the bank use information gather in point no. 2 and with whom the information is shared?

We gather two (2) types of information as depicted above.

In addition to that, this information is retained for a stipulated period of time mandated by bank’s information security policy and it is shared only with regulatory or law enforcements when and where required. However, in case the bank is required to share this information with any third-party bodies other than mentioned above, the bank will notify the current active customers on the same for their consent and only upon their consent the bank will proceed further actions. 


  1. Accessing and updating your information and contacting us?

If you have any questions concerning our Online Privacy Policy Statement, please reach us on contacts outlined in “CONTACT US” page.


  1. Changes to the Online Privacy Policy Statement?

We update our Online Privacy Policy Statement from time to time and ask that you regularly check this page to make sure you are familiar with the most recent version.

This Online Privacy Policy Statement is not intended to, nor does it, create any contractual rights whatsoever or any other legal rights, nor does it create any obligations on us in respect of any other party or on behalf of any party.

This Online Privacy Policy Statement was last updated on 27th May 2021.

Copyright © National Savings Bank 2021. All rights reserved.