Privacy Policy for PLC TOUCH
1. Background
People’s Leasing & Finance PLC (PLC) provides a diverse range of digital financial services to customers and the PLC TOUCH mobile application is a major online service, which offers seamless mobile banking facilities to our financial services including online savings, withdrawals, and payment facilities where customers can do their transactions on the go. This Privacy Policy outlines how PLC collects, uses, and safeguards personal data from users of the PLC TOUCH mobile app. Our goal is to ensure the security, confidentiality, and compliance with applicable data protection laws, ensuring customer privacy remains a top priority.
2. Purpose
This policy aims to clarify what information PLC TOUCH collects, why it is collected, and how customers can manage, update, export, and delete their data. The data collected is used to provide online services, verify the identity of customers, and ensure adherence to privacy principles, ensuring the confidentiality of all provided information.
3. Scope
This Privacy Policy applies to all personal data collected from PLC TOUCH app. It governs the handling, processing, and confidentiality of data related to customers, staff, and visitors.
4. Applicability
This policy applies to all customers, staff, and visitors who access PLC TOUCH app. It provides guidelines on how data is collected, stored, used, and shared.
5. Terms and Conditions
i. Data Collection & Consent
PLC TOUCH app processes personal data for registration, login, identity verification, and the provision of online services, including mobile applications. Customers provide consent for data collection when they register for PLC TOUCH app, and PLC ensures that the collected data is used only for necessary purposes such as service delivery and compliance with legal obligations.
ii. Data Access
Only authorized personnel, primarily in the Online Services department, will have access to customer data. Call center officers will have restricted access for support purposes. Data access logs are maintained, and customers can view and manage access details via their accounts.
iii. Security Measures
All personal data is encrypted using SSL/TLS protocols during transmission and at rest. The mobile application utilizes two-factor authentication (2FA) to prevent unauthorized access. Encryption standards are regularly audited to maintain the highest levels of data security.
iv. Categories of Data Collected
PLC TOUCH app collects the following personal data:
- Name
- Email address
- Date of birth
- Mailing address
- Contact numbers
- Login credentials
- Reference data for financial transactions (e.g., fund transfers, utility payments)
- Permissions for mobile applications
- Phone Permission: We collect and monitor specific details about your device, such as the hardware model, operating system version, unique identifiers like IMEI and serial number, user profile information, and mobile network details. This allows us to uniquely identify devices and ensure that unauthorized devices cannot access your account, thereby helping to prevent fraud.
- Location Permission: We gather and monitor your device’s location to accurately determine your whereabouts and offer a more tailored and efficient service that meets your needs.
- Contacts Permission: This permission enables us to detect references and automatically fill in data during your credit line application process for a smoother user experience. We collect and monitor your contacts’ information, including names, phone numbers, account types, last modified dates, favorites, and optional details such as relationships and addresses. This data helps us enrich your financial profile, assess your risk profile, and determine your credit eligibility.
- SMS Permission: We collect and monitor only SMS messages related to bank transactions, including the names of parties involved, transaction descriptions, and amounts, to perform credit risk assessments and facilitate quicker credit approvals. No personal SMS data is collected, read, or stored.
- Apps Permission: We collect and monitor the list of apps installed on your device to enhance your transaction experience.
- Accounts Permission: We collect and monitor the list of accounts on your device to improve your credit profile.
v. Data Retention & Deletion
We retain customer data only for as long as necessary to provide our services and meet regulatory requirements. Should you wish to request the removal of your data, you may do so by submitting a written request. However, please note that we may be required to retain certain minimal information in order to comply with legal obligations, such as data retention laws. Rest assured, we will inform you of how long your data will be retained and any applicable regulatory requirements that may apply.
vi. Data Sharing with Third Parties
PLC TOUCH app does not share personal data with third parties without customer consent, except in legally required cases. Data shared with subsidiaries or related companies is strictly for service provision. Clear disclosures are provided at the time of data collection, and customers retain control over their data-sharing preferences.
vii. Notification of Policy Changes
PLC will notify customers of any significant updates to the Privacy Policy via in-app notifications, email, and SMS. Users will be prompted to review and accept policy changes during app updates or while using the online portal.
6. Customer and Mobile Application Security
i. Data Security
All personal, financial, and device-related data transmitted through PLC’s mobile applications are encrypted using SSL/TLS protocols. PLC ensures secure access by employing two-factor authentication (2FA) to allow only authorized users to manage their accounts.
ii. Device Security
PLC advises customers and staff to protect their devices using PINs, biometric authentication, and other secure practices. While PLC ensures application-level security, it is not responsible for breaches due to poor device security on the user’s side.
iii. Access Control
Access to sensitive data via PLC mobile applications is strictly controlled based on user roles. Customers can only access their own personal and financial details, while staff access is limited to the data necessary for their job responsibilities.
iv. Security Audits
PLC conducts regular security audits on its mobile applications to detect and address vulnerabilities, ensuring continuous protection of sensitive data.
7. Collecting Personal Information
PLC collects personal information relevant to providing financial services to customers. This includes:
- Direct information from the customer (e.g., during service registration, marketing participation, surveys)
- Data from external sources such as Credit Information Bureau (CRIB) and publicly available information
PLC’s mobile apps request minimal permissions necessary for service delivery, and customers are informed of the reasons for collecting any sensitive data. Sensitive data (e.g., health, political views) will not be collected without explicit consent.
8. Biometric Data
Our customers can login to the PLC TOUCH by enabling device biometrics, which would facilitate device registered fingerprint or facial recognition. Any of our mobile applications will not be storing any biometric information.
9. Non-Disclosure / Confidentiality
PLC does not share personal information with third parties without customer consent, except as required by law or in the following circumstances:
- To comply with legal and regulatory obligations
- To assist with investigations into unlawful activities
- To report to credit reporting agencies or related entities for service provision
10. Links to other web sites
Our mobile apps may contain links to non-PLC Group web sites for your convenience and please be aware that the information handling practices of the linked web sites may differ from ours.
PLC will not be responsible for any disputes arising between you and the linked web sites since PLC is not the provider of the services mentioned in those web sites.
11. Governing Law
This policy is governed by the laws of Sri Lanka, and PLC ensures compliance with all applicable legal and regulatory standards regarding data protection and privacy.
12. Policy Review
PLC reserves the right to amend this Privacy Policy at any time. Updates will be communicated through the website, mobile application, or other appropriate channels. The policy will be reviewed periodically and updated to reflect the latest legal, regulatory, and technological developments.
13. Contact Us
If you have any questions or would like further information about our privacy policy and information handling practices, please contact us through below contact details;
Address: No.1161, Maradana Road, Colombo 08,
E-mail: info@plc.lk
Phone: 0112 631631