PRIVACY NOTICE

In this Privacy Notice:

The Protection of Personal Information Act 2013, together with all other applicable and
national implementing legislation, regulation relating to privacy or data protection; and where
we use the terms "Personal Information "data subject", "Responsible Party", "processor" and
"process" (and its derivatives), such terms shall have the meanings given to them in the
applicable Data Protection Legislation in South Africa.

INTRODUCTION

ICICI Bank Limited, South Africa Branch, regulated by South African Reserve Bank, is
committed to keeping your personal information private, by dealing with the same in a lawful,
legitimate and responsible manner. This Privacy Notice explains how we acquire, use, retain
and disclose your personal information, as is required by the Protection of Personal
Information Act 4 of 2013 (referred to as "POPI"). Please read this notice carefully to
understand our views and practices regarding your personal information and how we will
treat it.

PERSONAL INFORMATION

POPI defines personal information as information relating to a natural or juristic person,

including, but not limited to:

 information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or
social origin, colour, sexual orientation, age, physical or mental health, well-being,
disability, religion, conscience, belief, culture, language and birth of the person;
 information relating to the education or the medical, financial, criminal or employment
history of the person;
 any identifying number, symbol, email address, physical address, telephone number,
location information, online identifier or other particular assignment to the person;
 the biometric information of the person;
 the personal opinions, views or preferences of the person;
 correspondence sent by the person that is implicitly or explicitly of a private or confidential
nature or further correspondence that would reveal the contents of the original
correspondence;
 the views or opinions of another individual about the person; and
 the name of the person if it appears with other personal information relating to the person
or if the disclosure of the name itself would reveal information about the person.

RESPONSIBLE PARTY

For the purposes of POPI, ICICI Bank is the “Responsible Party” of your information. This
means that we are responsible for deciding how we hold and use your personal information.
COLLECTING INFORMATION FROM YOU

ICICI Bank Limited, South Africa Branch (“ICICI Bank”) will collect and process the personal
information you provide to us, through application forms, our website, face-to-face and
electronic communication (including telephone conversations) in order to provide our
services to you.

THE KIND OF INFORMATION WE HOLD ABOUT YOU

 Personal details such as name, date of birth, father’s name, mother’s name, email address,
nationality, marital status, gender and phone numbers
 Other information such as visa, passport, overseas tax-identification number and overseas
country-specific unique identifier
 Current overseas residential address and permanent residential address
 Transaction and shareholding details
 Financial Information
 If you are seeking specialized services as permitted under applicable law, then your
investment risk appetite and preferences, current investments profile and investment
objectives and goals as shared by you
 Information in the nature of your occupation, education and qualifications, annual income
and source of income
 Details of nominee, witnesses, guardians which includes their signatures, addresses and
relationship with you
 Address proofs like valid passport, visa, PIO card, driving license, voter identification card,
job card issued by government agencies, South African ID
 Overseas address proofs such as address on passport, utility bills, bank statements,
national ID cards and photographs
 IP addresses
 CCTV footage and other information obtained through electronic means
 Cookies (please see our COOKIES policy below)

Advertising and Marketing

Links

There are links in our website leading to other sites. This guidance does not extend to those
sites. We therefore would recommend the reading of the data safeguarding policies of these
sites.

Security

All proper and expected technical and organizational security procedures have been taken to
shield your personal data and to prevent that no unauthorized persons gain access to the
same.
LAWFUL GROUNDS FOR USING YOUR INFORMATION

We are permitted to process your personal information in compliance with POPI, by relying
on one or more of the following lawful grounds:

 You have explicitly agreed to us processing such information for a specific reason.
 The processing is necessary to perform the agreement we have with you or to take steps
to enter into an agreement with you.
 The processing is necessary for compliance with a legal obligation we have.
 The processing is necessary for the purposes of a legitimate interest pursued by us, which
might be:
i. to provide services to you;
ii. to ensure that our customer accounts are well-managed;
iii. To prevent, detect, investigate and prosecute fraud and alleged fraud, money
laundering and other crimes and to verify your identity in order to protect our business
and to comply with laws that apply to us and/or where such processing is a contractual
requirement of the services or financing you have requested;
iv. to protect our business interests;
v. to ensure that complaints are investigated;
vi. to evaluate, develop or improve our services; or
vii. to keep our customers informed about relevant services, unless you have indicated at
any time that you do not wish us to do so.

PURPOSES OF PROCESSING

Specifically, we and our other group companies may use your information for the following
purposes and under the following legal bases:
How we use your information Legal basis

To provide and manage your  Where necessary for the performance of our
account(s) and our relationship with agreement or to take steps to enter into an
you agreement with you
 Where the law requires this
 Where it's in our legitimate interests to ensure
that our customer accounts are well-
managed, so that our customers are
provided with a high standard of service, to
protect our business interests and the
interests of our customers

To give you statements and other  Where necessary for the performance of our
information about your account or our agreement or to take steps to enter into an
relationship agreement with you
 Where the law requires this
 How we use your information Legal basis

To handle enquiries and complaints  Where necessary for the performance of our
agreement or to take steps to enter into an
agreement with you
 Where the law requires this
 Where it's in our legitimate interests to ensure
that complaints are investigated, for
example, so that our customers receive a
high standard of service and so that we can
prevent complaints from occurring in future
 In the case of sensitive information, such as
medical information, where you have agreed

To provide our services to you  Where necessary for the performance of our
agreement or to take steps to enter into an
agreement with you
 Where the law requires this

For assessment, testing (including  Where the law requires this

systems tests) and analysis (including  Where it's in our legitimate interests to
credit and/ or behaviour scoring), develop, build, implement and run business
statistical, market and product analysis models and systems which protect our
and market research. business interests and provide our
customers with a high standard of service

To evaluate, develop and improve our  Where it’s in our legitimate interests
services to you and other customers continually to evaluate, develop or improve
our products as well as the experiences of
users of our sites, so that our customers are
provided with a high standard of service

To protect our business interests and  Where it's in our legitimate interests to
to develop our business strategies protect our people, business and property
and to develop our strategies
 Where necessary for the performance of our
agreement or to take steps to enter into an
agreement with you
 Where the law requires this
 In the case of sensitive information, such as
voice biometric information, where you have
agreed

To contact you, by post, phone, text,  Where the law requires this
email and other digital methods. This  Where we have agreed to contact you in our
may be: agreement
 to help you manage your accounts  Where the law requires this
 to meet our regulatory obligations  Where you agree
 How we use your information Legal basis

 to keep you informed about products  Where it’s in our legitimate interests to share
and services you hold with us and to information with our customers about
send you information about products products / services that may be relevant and
or services (including those of other beneficial to them. Where we send you
companies) which may be of interest marketing messages, you can always tell us
to you. when you no longer wish to receive them.

To collect any debts owing to us  Where it's in our legitimate interests to collect
any debts owing to us
 In the case of sensitive information, such as
medical information, where you have agreed

To meet our regulatory compliance  Where the law or regulation requires this
and reporting obligations and to  Where it's in our legitimate interests to
prevent, detect, investigate and prevent and investigate fraud, money
prosecute fraud and alleged fraud, laundering and other crimes
money laundering and other crimes.  Where such processing is a contractual
We may record your image on CCTV requirement of the services or financing you
when you visit our premises. have requested

To assess any application you make,  Where you have made data public
including carrying out fraud, money  Where such actions are in our legitimate
laundering, identity, sanctions interests, for the protection of our business
screening and any other regulatory interests
checks.  Where the law requires this
 In the case of sensitive information, such as
medical information, where you have agreed

To monitor, record and analyse any  Where it’s in our legitimate interests, to check
communications between you and us, your instructions to us, to prevent and detect
including phone calls fraud and other crime, to analyse, assess and
improve our services to customers, and for
training, for the enhancement of our
customer service provision and protection of
our business interests
 In the case of sensitive information, such as
medical information, where you have agreed

To transfer your information to or

share it with any third party to whom  Where necessary for the performance of our
your account has been or may be agreement with you
transferred following a restructure,  Where we have a legitimate interest in
sale or acquisition of any group restructuring or selling part of our business
company

To share your information with South

 Where the law requires this
African Reserve Bank, Reserve Bank of
 How we use your information Legal basis

India, South African Revenue Services  Where we have a legitimate interest in

and other government or regulatory performing certain credit checks so that we
authorities, credit reference agencies, can make responsible business decisions. As
fraud prevention agencies, and India a responsible organization, we need to
and overseas regulators and ensure that we only provide certain products
authorities to companies and individuals where the
products are appropriate, and that we
continue to manage the services we provide,
for example if we consider that you may have
difficulties making a payment to us.
 Where we have a legitimate interest in
assisting with the prevention and detection of
fraud and other crime
 Where we have a legitimate interest in
assisting regulators, who monitor banks to
ensure that they comply the law and
regulations.
 More detail on our data sharing with these
organizations is set out below.

To share your information with our  Where necessary for the performance of our
partners and service providers agreement
 Where we have a legitimate interest in using
third parties to provide some services for us
or on our behalf
For audit and record keeping purposes
We are obliged to keep record of certain
information for audit and regulatory record
keeping purposes

The type of information we collect depends on the purpose for which the information needs
to be collected, and will be used. We only collect information that we need for that particular
purpose and no more than necessary. Where applicable, we may inform you what information
you are required to provide to us and what information is optional.

Primarily, information shall be collected directly from you. It is possible that we may also
collect information about you from other sources, with or without your consent. We may
collect information about you from sources which are publicly available such as global
compliance databases.

AUTOMATED DECISION MAKING

If you apply to us for a product, your application may be processed by an automated decision-
making process which may carry out credit and affordability assessment checks to determine
whether your application will be accepted. Where these automated processes suggest that
your application should be rejected, we may manually review your application before making
a final decision. We may also use automated processes to decide credit limits.

We may also carry out automated anti-money laundering and sanctions checks. This means
that we may automatically decide that you pose a fraud or money laundering risk if the
processing reveals your behaviour to be consistent with that of known fraudsters or money
launderers, is inconsistent with your previous submissions, or you appear to have deliberately
hidden your true identity.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering
risk: (i) we may refuse to provide the services you have requested, or we may stop providing
existing services to you; and (ii) a record of any fraud or money laundering risk will be retained
by the fraud prevention agencies, and may result in others refusing to provide services or
employment to you.

The information so collected or determined may not always be revealed to you, including the
algorithm used for complying with applicable Anti Money Laundering /Combating the
Financing of Terrorism regulations

INFORMATION SHARING

We keep all your personal information confidential. However, in order to be able to service
your needs to the best of our ability, we may share any information you provide to us with
our group companies and their agents, counterparties and support service or data providers,
wherever located. If you have provided information to other members of our group, those
entities may also share that information with us.

To help us provide services, your data will be processed internally and externally by other
third parties. We use third parties for administrative, servicing, monitoring of your data. We
will outsource some services to third parties whom we consider capable of performing the
required processing activities so that there is no reduction in the service standard provided
to you by us.

The recipients or categories of recipients, of your information may be:

 Any revenue service or tax authority including South African Revenue Services, Income
Tax Department of India, if obliged to do so under applicable regulations.
 Overseas regulators and authorities in connection with their duties (such as crime
prevention).
 Anyone to whom we may transfer our rights and/or obligations;
 Any other person or organization after a restructure, sale or acquisition, as long as that
person uses your information for the same purposes as it was originally given to us or
used by us (or both)
 Credit reference, identity and address verification organizations who may record and use
your information and disclose it to other lenders, financial services organizations and
insurers. Your information may be used by those third parties to make assessments in
relation to your creditworthiness for debt tracing.
 Fraud prevention agencies and law enforcement agencies who will use it to prevent fraud
and money-laundering and to verify your identity if false or inaccurate information is
 provided by you and fraud is identified. We, fraud prevention agencies and law
enforcement agencies may access and use your information for example, when:
i. Checking details on applications for credit and credit related or other facilities;
ii. Managing credit and credit related accounts or facilities;
iii. Recovering debt;
iv. Checking details on proposals and claims for all types of insurance
 Other product and service providers for products and services which you would have
agreed to avail or being referred to
 Service providers as appointed from time to time for operational support to the Bank
 Courier or postal service providers for the purpose of sending of mails to you as a
customer
 Social media websites for our marketing campaigns where permitted
For further information, please refer to our product specific terms and conditions and
application form.

We have agreements and security measures in place to ensure that all third parties to whom
your personal information is disclosed comply with the terms and provisions of POPI.

DETAILS OF DATA TRANSFERS OUTSIDE SOUTH AFRICA

South African residents or nationals

If your personal information is collected by the Bank in South Africa, such information will
only be transferred outside of South Africa, if:
 the third party who is the recipient of the information is subject to a law, binding corporate
rules or binding service level agreement which provide an adequate level of information
protection; or
 you have consented to the transfer; or
 the transfer is necessary for the performance of a contract between you and ICICI

RETENTION AND DISPOSAL OF DATA AND OUTPUT

We will keep the information we collect about you on our systems or with third parties for as
long as required for the purposes set out above or as required to comply with any legal or
regulatory obligations to which we are subject.

STORAGE OF YOUR PERSONAL INFORMATION AND DATA SECURITY

All information you provide to us is stored in our secure servers. Where we have given you
(or where you have chosen) a password which enables you to access certain parts of our
website, you are responsible for keeping this password confidential. We ask you not to share
your password with anyone.

We have put in place appropriate security measures to prevent your personal data from being
accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition,
we limit access to your personal data to those employees, agents, contractors and other third
parties who have a business need to know basis. When we contract with third parties, we
impose appropriate security, privacy and confidentiality obligations on them to ensure that
personal information that we remain responsible for, is secured. They will only process your
personal data on our instructions and they are subject to a duty of confidentiality. We have
put in place procedures to deal with any suspected data security breach and will notify you
and any applicable regulator of a suspected breach where we are legally required to do so.

OUR COMMUNICATION WITH YOU

We may communicate with you via electronic mail (e-mail). We will never ask you for your
password.

When you contact us through any of our communication channels including visiting a local
branch or calling the telephone banking service, we will verify your identity by asking you a
number of questions based on information known to us about you and the transactions on
your account. We may record your calls for training, quality and security purposes.

MARKETING INFORMATION

We and other members of our group may use your information from time to time to inform
you by letter, telephone, text (or similar) messages, email or other electronic means, about
similar services which may be of interest to you or them. You may, at any time, request that
we cease or do not send such information by one, some or all channels, by contacting us
using the contact details set out below.

RIGHTS OVER YOUR PERSONAL DATA

Under certain circumstances, by law you have the right to:

a) Be informed about the processing of your personal data (i.e. for what purposes, what
types, to what recipients it is disclosed, storage periods, any third party sources from
which it was obtained, confirmation of whether we undertake automated decision-
making, including profiling, and the logic, significance and envisaged consequences).
b) Object to your personal data being processed for a particular purpose or to request
that we stop using your information.
c) Request not to be subject to a decision based on automated processing and to have
safeguards put in place if you are being profiled based on your personal data.
d) Ask us to transfer a copy of your personal data to you or to another service provider
or third party where technically feasible and otherwise required by applicable
regulations.
e) Withdraw, at any time, any consent that you have previously given to us for our use of
your personal data.
f) Ask us to stop or start sending you marketing messages at any time.
g) Request access to your personal data (commonly known as a "data subject access
request"). This enables you to receive a copy of the personal data we hold about you
and to check that we are lawfully processing it.
h) Request correction of the personal data that we hold about you. This enables you to
have any incomplete or inaccurate information we hold about you corrected. It is
important that the personal data we hold about you is accurate and current. Please
 keep us informed if your personal data changes during your working relationship with
us.
i) Request the erasure of your personal data. This enables you to ask us to delete or
remove personal data where you think that we do not have the right to process it.

Any request for access to or a copy of your personal data must be in writing and we will
endeavour to respond within a reasonable period and in any event within one month in
compliance with POPI. We will provide this information free of charge unless the request is
manifestly unfounded or excessive. We will comply with our legal obligations as regards any
individual’s rights as a data subject.

If you would like to contact us in relation to any of the rights set out above, you may visit our
Branch or contact us using the following contact details:

Mr. Nikhil Parekh, Information Officer, or Mr. Williams Vampu, Deputy Information Officer,
ICICI Bank Limited South Africa Branch, 3rd Floor, West Building, Sandown Mews, 88 Stella
Street, Sandton 2196; PO Box No. 78261, Sandton 2146, Johannesburg, South Africa.
Email: “dataofficer@[Link]”

To protect your privacy and security, we may take reasonable steps to verify your identity
before providing you with the details.

RIGHT TO COMPLAIN TO THE INFORMATION REGULATOR

You have the right to address any complaints you may have regarding your personal
information through our normal Complaints channels, as per detail below:

Address: ICICI Bank Ltd, 3rd Floor, West Building,

Sandown Mews, 88, Stella Street, Sandton,
2196 Johannesburg, South Africa
Telephone: +27 - 11 6767800
Email: complaints-sa@[Link]

Alternatively, you may contact the Personal Information Regulator:

The Information Regulator (South Africa)

SALU Building
316 Thabo Sehume Street
0001 PRETORIA
Tel: 012 406 4818
Fax: 086 500 3351
[Link]

THIS PRIVACY NOTICE

The content or services mentioned on our website may be changed in future and
consequently this Privacy Notice may also change. Any changes we may make to this Privacy
Notice in the future will be posted on this page and where appropriate, notified to you by
email. We recommend that you re-visit this page regularly and inform us if you do not agree
to any term mentioned here.

Cookie Guidance

Safeguarding your right to privacy is imperative to us. Hence, we request you to peruse
through our Cookie Guidance.

Cookies

Website usage information is collected using "cookies" which allows us to collect standard
internet visitor usage information, which we then store and process. Cookies help us improve
our website and deliver a more customised service. ICICI Bank currently uses the following
cookies on its website:

Cookie Current Use

These cookies work toward establishing a visitor session. utmb takes a

_utmb
timestamp of the precise moment when someone visits the site, while
__utmc
utmc takes a timestamp of the precise moment a visitor leaves the site.

This cookie keeps tabs on the number of times a visitor has viewed the
__utma
website, when was their first visit and when did their last visit happen.

To identify the traffic sources as well as to determine the visitor navigation

to the website. For example, this cookie defines what search engine was
__utmz
used, what link was clicked on, what keyword was used and where in the
world the user accessed our website from.

You may refuse to accept cookies by activating the setter on your browser, which allows you
to refuse the setting of cookies. However, this may cause certain parts of our website to
remain inaccessible to you. Until you have set your browser setting to refuse cookies, our
system will continue to issue cookies when you log onto our site. Please take note of the fact
that our advertisers may also use cookies and we have no control over this. For more
information on how to control and/or disable cookies please visit
[Link]