Last updated: 07th January 2025

Privacy Policy Statement of Sampath Bank PLC

Sampath Bank PLC ("the Bank", "we" or "us") is committed to protecting your personal information and respecting your privacy. This privacy policy statement ("Privacy Policy") explains how we collect, use, share and retain your personal information when you use our website, mobile applications, online banking platforms, products and services, or when you communicate with us.

What is personal identifiable information (PII)?

Personal information is any information about an individual who is identified or reasonably identifiable. This may include customer name, date of birth, address, contact details, identification documents, financial information, transaction history, preferences and other types of data.

Personally Identifiable Information (PII)

Retail Entity

• Natural Person / Individual
• Name (First name, Middle name, Surname, Full name, Name with initials, Maiden name, Guardian Name)
• Contact details (Phone number, Email address, fax number)
• Address (Home / Communication / Office / Business)
• Personal Identification details (NIC Number, Passport Number, Driving License Number, Employee Number)
• Signature (Manual Signature, Digital Signature)
• Biometric identification (Fingerprint, Iris, Facial, Voice records, Photographic images etc.)
• Contact list of mobile devices

Sensitive Personally Identifiable Information (SPII)

• Demographic
• Insurance policy numbers
• EPF/ETF/Pension numbers
• Financial
• Credit card numbers
• Account Numbers
• TIN number

Cooperate Entity

• Name
• Address
• Business registration number
• Tax file number
• Contact number (Phone number, Email address, Fax number)

What personal information do we collect and why?

The personal information that we collect from you may include:

• Personal and contact details, such as your name, date of birth, gender, nationality, marital status, occupation, address, email, phone number, and education details.
• Identification documents, such as your national identity card, passport, driving license, or visa.
• Financial information, such as your bank account details, credit or debit card details, income, assets, liabilities, credit history, and transaction history.
• Photograph & Signature.
• Technical information, such as your device type, operating system, browser, IP address, and location when you use our website, mobile applications, or online banking platforms.
• Preferences and opinions, such as your product and service preferences, feedback, complaints, and survey responses.

We collect personal information about you for various purposes, such as:

• To verify your identity and prevent fraud.
• To provide you with our products and services and manage our relationship with you.
• To process your transactions and payments and provide you with statements and receipts.
• To communicate with you and respond to your queries, feedback, and complaints.
• To improve our products and services and enhance your customer experience.
• To conduct market research and analysis and send you marketing and promotional materials.
• To comply with our legal and regulatory obligations and cooperate with law enforcement and regulatory authorities.
• To protect and defend our rights and interests, and those of our customers, employees, and stakeholders.

How do we collect your personal information?

We collect your personal information from various sources, such as:

• Directly from you, when you provide it to us through our website, mobile applications, online banking platforms, forms, applications, contracts, or when you communicate with us by phone, email, or in person.
• From third parties, such as credit reporting agencies, verification service providers, payment service providers, other financial institutions, government agencies, or other parties that you have authorized or consented to share your information with us.

How do we use your personal information?

We use your personal information for the purposes for which we collected it, or for other purposes that are related, compatible, or ancillary to those purposes, such as:

• To provide you with our products and services and manage our relationship with you.
• To process your transactions and payments and provide you with statements and receipts.
• To communicate with you and respond to your queries, feedback, and complaints.
• To improve our products and services and enhance your customer experience.
• To conduct market research and analysis and send you marketing and promotional materials.
• To comply with our legal and regulatory obligations and cooperate with law enforcement and regulatory authorities.
• To protect and defend our rights and interests, and those of our customers, employees, and stakeholders.

We may also use your personal information for other purposes that you have consented to, or that are required or authorized by law or by the regulatory authority.

How do we share your personal information?

We may share your personal information with third parties for the purposes for which we collected it, or for other purposes that are related, compatible, or ancillary to those purposes, such as:

• With our affiliates, subsidiaries, and group companies, for internal management, administration, and reporting purposes.
• With our service providers, contractors, and agents, who perform functions or services on our behalf, such as IT, data processing, hosting, storage, security, marketing, analytics, verification, payment, and delivery services.
• With our business partners, associates, and intermediaries, who offer or provide products and services that may be of interest to you, or who facilitate or assist us in providing our products and services to you.
• With other financial institutions, credit reporting agencies, payment service providers, and card schemes, who are involved in your transactions, payments, or credit activities, or who provide us with information or services relating to your financial status or history.
• With government agencies, regulators, law enforcement, courts, and dispute resolution bodies, who require or request us to disclose your information for legal or regulatory purposes, or who are involved in any legal or dispute resolution proceedings involving you or us.
• With other parties, who you have authorized or consented to receive your information, or who acquire or are interested in acquiring any part of our business or assets.

We may also share your personal information with third parties for other purposes that you have consented to, or that are required or authorized by law.

How do we protect your personal information?

• We take reasonable steps to protect your personal information from unauthorized access, use, modification, disclosure, loss, or destruction, by implementing appropriate physical, technical, and organizational measures, such as:
• Using encryption, firewalls, passwords, and other security software and hardware to safeguard your information.
• Restricting access to your information to our authorized personnel who need it to perform their duties, and who are bound by confidentiality obligations.
• Providing training and awareness programs to our employees and service providers on data protection and privacy.
• Conducting regular audits and reviews of our data protection and privacy policies and practices
• Compliance with international standards and regulations

However, you are also responsible for protecting your information by keeping your credentials, devices, and accounts secure, and by notifying us immediately of any unauthorized access, use, or breach of your information.

How long do we retain your personal information?

We retain your personal information for as long as it is necessary to fulfill the purposes for which we collected it, or for other purposes that are related, compatible, or ancillary to those purposes, such as:

• To provide you with our products and services and manage our relationship with you.
• To comply with our legal and regulatory obligations and cooperate with law enforcement and regulatory authorities.
• To protect and defend our rights and interests, and those of our customers, employees, and stakeholders.
• To resolve any disputes or claims that may arise involving you or us.

We may also retain your personal information for longer periods if you have consented to, or if it is required or authorized by law.

We will delete or anonymize your personal information when it is no longer needed, or when we are no longer required or authorized to retain it.

Types of Additional Personally Identifiable Information (PII) collected via Sampath Bank Mobile Apps, Its Usage, Purpose, and Share

Data Collection

Contact List Information: We collect data from your device’s contact list upon receiving your authorization. This data includes:

• Names
• Phone Numbers
• Email addresses

Image Information: With your consent, we access and collect image data from your mobile device, which may include:

• Selfies
• Graphics
• Other image files

Data Used and Purpose

The collected additional PII related to Sampath Bank Mobile Apps will be for the following purpose and usage:

• Contact List Information: To provide seamless mobile banking services, allowing you to easily transfer funds to your contacts, receive transaction confirmations, and manage payees.
• Image Information: To enhance mobile banking app functionality, enabling features like mobile cash transfers, document uploads, and personalized settings.

Data Shared

The additional PII data, including Contact List and Image Information collected through Sampath Bank Mobile Apps, will be utilized strictly for the purposes for which they were collected. We assure you that this data will not be shared with any third parties and will be handled with the utmost confidentiality and care.

Sampath Bank WePay App Account and Data Deletion Policy

At Sampath Bank, we prioritize the privacy and security of our customers' data. If you wish to delete your WePay App Account and Data, you can submit a request through hotline +94112303050 and email info@sampath.lk

Please note that while we can delete WePay App Account and Data upon your request, we are required by the Central Bank of Sri Lanka's directions and guidelines to retain certain data. This includes:

• IP Addresses
• Login Data
• Transaction Data

These data retention practices ensure compliance with regulatory requirements and help us maintain the integrity and security of our banking services.

Cookies

A 'cookie' is a small bit of code stored on your computer's hard drive that enables you to manage your subscriptions and online profile. By setting this cookie, the websites will remember you the next time you visit and won't have to bother you by asking questions you have already answered (like address information). The Sampath Bank does not use 'cookies' to get information about you or your use of our website.

Making sure information is accurate

Keeping your account information accurate and up to date is very important. If your account information is incomplete, inaccurate or not current, please use the Contact Us option on our Site, or call or write to us at the telephone numbers or appropriate address for changes listed on your account statements, records, online or other account materials.

Linking to other sites

We may provide links to non-Sampath Bank websites, such as Reuters and payment gateway customers. If you follow links to websites not controlled by Sampath Bank, you should review their privacy policies and other terms, as they may be different from those of our sites.

How to Contact Us

If you have a question about the way your information is used in connection with this website or about the Sampath Bank privacy policy and information practices, you may go to the Contact Us.

Changes to the Online Privacy Policy Statement

This Online Privacy Notice is subject to change. Please review it periodically. When we post changes to this Statement, we will revise the "last updated" date at the top of this statement. Any changes to this policy will become effective when we post the revised policy on the Site. Your use of the Site following these changes means that you accept the revised policy.