This Policy applies to J.P. Morgan Services India Private Limited (referred to as “JPMSIPL”).
As per the requirements of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("RSP Rules") this Policy outlines the manner in which the Personal Information or Sensitive Personal Information will be handled or dealt with by JPMorgan India.
JPMSIPL recognizes the importance of Personal Information including Sensitive Personal Data or Information (defined in Clause 2 below), provided to it by natural persons (Information Providers defined in Clause 2 below), under lawful contract and the trust they place with respect to maintaining the security of this information. With respect to Personal Information including Sensitive Personal Data or Information (SPDI), JPMSIPL will take reasonable steps to keep such information confidential and may share it with affiliates and third parties on a need-to-know basis under appropriate arrangements.
You agree and confirm that JPMSIPL may collect, store, process, disclose and transfer the Personal Information including SPDI collected about you to any of its affiliates, agents or third party service providers in connection with the products or services you have sought from, or your employment with JPMSIPL or to provide better services to you or to ensure compliance with a legal or contractual obligation of JPMSIPL. The purpose for which JPMSIPL would collect and use your SPDI includes instances set out in Clause 3.2 below. The types of third parties (whether in India or overseas) that your SPDI could be disclosed to, includes the types of third parties mentioned at Clause 5 below. You confirm that the SPDI so far collected, stored, processed, disclosed and transferred by JPMSIPL in the course of your employment for the above purposes shall continue to be used by JPMSIPL strictly in accordance with the applicable laws.
2.1 Personal Information (the “PI”) - for the purposes of this Policy, refers to any information that relates to a natural person which either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person such as name or address and to be read with the relevant internal policies including the Global/Regional Privacy policies.
2.2 Sensitive Personal data or information of a person (the “SPDI”) - for the purposes of this Policy, shall be the same as defined in the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the “SPDI Rules”), as amended from time to time. i.e.
(ii) Financial information such as Bank account or credit card or debit card or other payment instrument details;
(iii) Physical, physiological and mental health condition;
(iv) Sexual orientation;
(v) Medical records and history;
(vi) Biometric information;
(vii) Any detail relating to the above clauses as provided to us for providing services; and
(viii) Any of the information received under any of the above clauses by us for processing, storing or processing under lawful contract or otherwise.
Provided that any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as Sensitive Personal Information for the purposes of this Policy.
2.3 Information Provider - for the purpose of this Policy, refers to a natural person or individual who provides PI or SPDI to JPMSIPL. In this Policy, the Information Providers are referred to as "You".
3. Purpose of collection and use of SPDI
3.1. JPMSIPL will ordinarily collect Personal Information including SPDI that it believes is necessary for any purpose connected with a function or activity necessary to deliver, promote or market services or to carry out primary business functions and/or activities, comply with applicable regulations or in the capacity as an employer or a counterparty to agreements with individuals. Ordinarily, JPMSIPL will only collect such SPDI about you when you provide it or you have consented to provide the information or where it is required by law.
JPMSIPL will collect such information from you in the course of your employment and use the information during the tenure of your employment. Any such information collected will be kept confidential.
3.2. In general, we would be collecting/handling/ storing/ using or transferring your SPDI for the following, including but not limited to:
3.2.1 complying with legislative and regulatory requirements
3.2.2 providing a service to you
3.2.3 maintaining an employment relationship with you:
3.2.4 performing administrative functions; and
3.3 The SPDI collected from you may be collected and/or retained either directly by JPMSIPL or through or with an affiliate or third party.
JPMSIPL, its affiliates and third parties it shares SPDI with, will retain the SPDI for a reasonable period for the purposes for which such information has been collected and as may be lawfully used or is otherwise required under any law for the time being in force.
The SPDI collected shall be used for the purpose for which it has been collected.
You have the option not to provide JPMSIPL with the SPDI sought to be collected. You also have the option to withdraw the consent given earlier, provided it is sent to us in writing. In the event SPDI which JPMSIPL deems necessary for providing you with any service is not provided or if consent is withdrawn subsequently, JPMSIPL reserves the right not to provide you with such services/ benefits/ amenities and take any other action in this regard on just and reasonable grounds.
4. Personal Information including SPDI about third parties
While providing Personal Information including SPDI of another natural person (particularly of spouse, children or parents) to JPMSIPL, please ensure that you have the necessary concurrence of that natural person.
5. Disclosure of Sensitive Personal Information
5.1 In general, JPMSIPL will not use or disclose SPDI collected about you to a third party otherwise than for the purposes set out in this Policy, unless the disclosure is necessary for compliance of a legal obligation or where it is agreed to in the contract with you or as consented by you and supported by a valid non-disclosure contract or provisions in the legal contract.
5.2 Provided that such information shall be shared without your consent, with government agencies mandated under law to obtain information including SPDI for the purpose of verification of identity or for prevention, detection, investigation including cyber incidents, prosecution and punishment of offences or any law enforcing authorities.
5.3 Notwithstanding anything contained in the preceding paragraphs of this section, any SPDI shall be disclosed to any third party by an order under a law for the time being in force.
5.4 You authorize JPMSIPL to disclose necessary SPDI to certain employees, consultants, employees or consultants, of JPMSIPL affiliates, agents or third party service providers within India or outside India who provide services to JPMSIPL in connection with the services you have sought from, or, your employment with, JPMSIPL, on a need-to-know basis. These parties shall use your SPDI only for the specific purpose for which JPMSIPL supplies the SPDI to them and from disclosing it further.
5.5 Subject to what is permitted by law, the types of third parties (whether in India or overseas) your SPDI could be disclosed to may include:
5.5.1 agents, contractors, service providers, insurers and external advisers engaged by JPMSIPL from time to time to carry out, provide services or advise on the functions and activities;
5.5.2 other related bodies corporate /affiliates of JPMSIPL;
5.5.3 any person or organization who introduces you to JPMSIPL;
5.5.4 regulatory bodies, government agencies, law enforcement bodies and courts;
5.5.5 any person or organization who JPMSIPL deems necessary for carrying out the instructions you give to JPMSIPL; and
5.5.6 any prospective transferee in a scheme of arrangement, amalgamation, merger or sale of shares or sale of business relating to the whole or part of JPMSIPL.
6. Transfer of Sensitive Personal Information
JPMSIPL may transfer your SPDI to any person or entity, whether in India or located in any other country, that ensures a similar level of data protection as JPMSIPL employs when it is necessary for the performance of a lawful contract with you or where you have consented to such transfer.
7. Access to your Sensitive Personal Information
You may review and correct or revise the Personal Information including SPDI you have provided to us for the purpose of ensuring the said information is accurate. JPMSIPL shall not be responsible for the authenticity of the information you have supplied to it or to any person acting on its behalf.
JPMorgan India may not be able to provide access to information which is not directly provided by you. JPMorgan India may charge you a fee for accessing your SPI.
8. Information Security Standard for SPDI at JPMSIPL
JPMSIPL operates in an environment that is similar to the requirements of ISO/IEC 27001 Security Standards for ensuring that the SPDI it holds is protected from misuse, loss and unauthorized access, modification or disclosure.
9. Grievance handling
You may contact the Grievance Redressal Officer (GRO), who is the designated grievance officer, for any grievances with respect to processing your Sensitive Personal Information. JPMSIPL will make every effort to resolve your grievance expeditiously.
Name of GRO: Kesavan Narayanan
11. Need more information?