Privacy Notice

HNB Privacy Notice 

Effective Date: 03rd June 2025 

Hatton National Bank PLC (“HNB”, "we," "our," or "us") is committed to safeguarding your personal data (which is defined in 1(A) and 1 (B) below) and ensuring your privacy. This Privacy Notice explains what information we collect about you, how we will use that information, who we will share it with, the circumstances under which we will share it and what steps we will take to make sure it stays private and secure.

1. Information We Collect

We may collect the following types of personal data (hereafter referred to as 'Personal Data') to serve you better:

(A). For customers:

• Identification Information: Information that uniquely or semi uniquely identifies you.
  • For example: name, gender, date of birth, nationality, your photographs, signature, EPF/ETF, Pension number, etc.

• Official Identification Information: Information that are official/government identifiers.
  • For example: national identification number, passport number, tax identification number, driving license number. etc.
• Contact Information: Information that allows to address, send or communicate messages to you.
  • For example: residential address, email address, phone number (mobile or landline), etc.
• Financial Information: Information that identifies your financial position, background, status and history as required.
  • For example: account details, credit card details, transaction history, credit score, etc.
• Communications Information: Information relating to you collected via online or digital interactions
  • For example: telephone conversations, messaging, email and other communications we have with you
• Geo-location data: Information that provides or contains a device’s location.
  • For example, your internet protocol (IP) address or time zone settings, etc.
• Personal Relationship Data: Information about associations or close connections between individuals or entities that can determine your identity.
  • For example, if you are a politically exposed person, public official, or hold close personal or financial relationships with such persons
• Cookies and Tracking Data: We use cookies and similar tracking technologies to collect information about your use and browsing activities on our website, online banking and mobile applications. We may use cookies to automatically collect certain information from your device. This information can be used where relevant for internal analysis and troubleshooting, to recognize you and remember your preferences, improve quality and personalize your content and to determine the security status of your account, etc. For more details, please refer to our separate HNB Cookie Policy.

We may require to collect special categories of Personal Data about you sometimes, but this information is only collected if necessary and with your consent or where allowed by law. This may include: 

• Racial / Ethnic Information: Information which reveals your racial or ethnic origin
• Biometric Information: Information which uniquely identifies you through physical or behavioral characteristics, such as your fingerprints, images of you or CTTV and video recording, of you 

Your Personal Data is directly collected from you, but we may also obtain your Personal Data from other sources as required, which includes but are not limited to people you know:

• For example, Parents or guardians of minors. If you are a minor. We will get your parent or guardian's consent before collecting, using or sharing your personal data

(B). For Employment Candidates and Employees:

In addition to the information above we may also collect:

• Behavioural Data: Analytics information that describes your behavioural characteristics.
  • For example, results of any pre-employment testing such as psychometric testing
• Personal Relationship Data: Information about associations or close relationships between yourself and other employees of HNB
  • For example, if any family members are employees of HNB

We may require to collect special categories of Personal Data about you sometimes, but this information is only collected if necessary and with your consent or where allowed by law. This may include:

• Health Information: Information relating to your health
• Trade union membership: If relevant in certain jurisdictions
• Criminal convictions, proceedings or allegations information: Information about criminal convictions or related information that we identify in relation to our financial crime prevention obligations. This includes details of offences or alleged offences or convictions.

Your Personal Data is directly collected from you, but we may also obtain your Personal Data from other sources as required, which includes but are not limited to:

• People you know:
  • For example, results of any pre-employment testing such as psychometric testing
• Businesses and other organizations:
  • For example, your employer and/or company, business or organization you represent or is related to your credit reference and fraud prevention agencies, law enforcement authorities, social network sites, for example LinkedIn, Facebook, Instagram etc.
• Publicly available resources:
  • For example: online directories, career platforms, publications, social media posts and other information that is publicly available

2. Why We Collect Your Information 

We collect your Personal Data in order to manage our services and operate our business. We generally process your Personal Data in line with one or more of the following lawful bases as provided for by applicable Laws:

• Contract: When performing contractual obligations
• Legal Obligation: When required by applicable law
• Legitimate Interest: In relation to our legitimate interests related to serving you as our customer
• Data made manifestly public
• Defense of legal claims
• Statistical purposes

3. How We Use Your Information

We may use your Personal Data for the following purposes, which may include but is not limited to:

(A). For customers:

• Providing Financial Services: Managing your accounts, processing transactions, and providing banking services, etc.
• Providing Other Services: Statement printing, card embossing, and postage/delivery services, etc.
• Compliance with Legal Obligations: Complying with legal and regulatory requirements, including anti-money laundering and fraud prevention, etc.
• Marketing and Communications: Sending you information about our products, services, and promotions, etc.
• Improving Our Services: Analyzing and enhancing our website, products, and customer experiences, etc.
• Customer Support: Assisting with your inquiries and requests to enhance customer experience etc.
• Automated decision-making: Data analyzing, profiling, and behavioral analysis to facilitate and utilize automated decisions, enhance communication and processes, etc.
• Keeping you and our people safe: Conducting identity verification security checks for building access, using CCTV surveillance recordings at our premises and ATMs for the purposes of preventing and detecting fraud and/or other crimes, such as theft, for other health and safety compliance purposes, etc.
• Public interest: For the purpose of preventing or detecting crime, etc.

(B). For Employment Candidates and Employees:

In addition to the purposes given in 3 (A) above, we may also use your Personal Data for the following purposes, this may include but is not limited to:

• Processing job applications: Reviewing applications, assessing skills, qualifications and suitability for the job role or engagement applied for (including results of psychometric tests), conducting pre-employment or pre-engagement searches, background checks to verify identity and obtain references, etc.
• Communication: Communicating with you in relation to your application. We may also notify you of other potential career opportunities or job vacancies that we think might suit you.
• Improving our applicant screening procedures and recruitment process: Performing administrative tasks, risk management activities, auditing business operations, etc.

Note: we may not be able to proceed with your job application if you do not provide us with or want us to process the Personal Data that we consider is necessary and/or is required to meet our legal and regulatory obligations.

4. Data Sharing

We may share your Personal Data within the HNB and its Group and our advisors, consultants, service providers, business partners and third parties (including but not limited to their employees, sub-contractors, service providers, directors and officers, etc.) for the purposes given in 3(A) and 3(B) above or as required by law or requested by any authority. We may share your Personal Data with both local or foreign entities, depending on the nature of the services and the requirements of your banking relationship with us, in compliance with applicable data protection laws for data sharing and cross border transfers.

We do limit how and whom we share your Personal Data with and we take necessary steps to ensure Personal Data shared is kept confidential and protected when we share it. The parties with whom your Personal Data is shared may vary based on your banking relationship and on your interactions with us as an individual. We will not disclose your Personal Data to anyone unless we have your consent, are required to do so by law or have previously informed you of such sharing

We may share your Personal Data with the following: This may include but is not limited to:

• HNB and its Group
• Our advisors and consultants
• Our service partners/suppliers
• Third party business partners
• Government and law enforcement authorities
• CRIB and other related institutions

5. Data Storing

We may collect and store your Personal Data in electronic or physical form, depending on the requirement. We may store, share and transfer your Personal Data within HNB and its Group and with other third parties in order to improve and support our processes, business operation and to comply with legal and regulatory obligations. This may include cloud storage and cross-border transfers to jurisdictions with different data protections laws outside of Sri Lanka but only in compliance with applicable data protection laws.

6. Data Retention

We are committed to retaining your Personal Data for only as long as necessary to fulfill the purposes for which it was collected and in accordance with applicable laws and regulations. The specific retention periods may vary depending on the type of data and legal or statutory requirements, but as a general guideline: 

• Personal Data necessary for account and transaction management will be retained for the duration of your banking relationship with us and thereafter for a minimum period as required by relevant financial regulations or our legitimate interests in relation to our relationship with you. .
• Data collected for legal and regulatory compliance will be retained in accordance with specific legal requirements and industry standards.
• Information used for marketing and customer communication purposes will be retained until you withdraw your consent or request erasure subject to applicable laws.

We regularly review our data retention practices to ensure compliance with our policy and relevant regulations. After the retention period expires, we will securely and permanently delete or pseudonymize your Personal Data as per the guidelines provided by the Data Protection Authority (hereinafter referred to as the “DPA”) created under the Personal Data Protection Act No. 09 of 2022 (as amended).

7. Data Security

We implement adequate technical, physical and organizational security measures to protect your Personal Data against unauthorized access, disclosure, alteration, or destruction. We also ensure our practices are, in compliance with legal and regulatory requirements. We require and train our staff to maintain our privacy and security standards, and we will procure any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.

8. Third-party Websites

Some of our affiliates’ websites have their own privacy and information handling practices. Refer to the relevant privacy notices of those affiliates in relation to how they handle and use your Personal Data. 

Our Privacy Notice does not apply to other third-party websites, where our advertisements are displayed or to linked such other third-party websites which we do not operate/control. However, our web sites may contain links to third party websites. Whilst such links are provided for your convenience, you should be aware that the information handling practices of the linked websites might not be the same as ours. These websites should have their own privacy notices, which you can read and understand how they collect and process your Personal Data and your rights.

9. Your Rights

Subject to applicable laws, you have the following rights concerning your Personal Data:

• Right to access: to access information we hold about you and to obtain information about how we process it.
• Right to rectification or completion: to request rectification of your information if it’s inaccurate or incomplete.
• Right to request a review an automated decision making: to request a review of a decision made by an automated process.
• Right to erasure: in certain circumstances, to request erasure of your information.
• Please note if you choose to erase your information, we may continue to retain your information if we have another legitimate reason to retain same and are entitled or required to do so.
• Right to withdraw consent and object to processing: in certain circumstances, you may withdraw your consent for processing your information.
• Please note if you choose to withdraw your consent, we may continue to process your information if we have another legitimate reason to do so. The withdrawal of consent may also impact your ability to continue to have access to our products and services.
• Right to appeal: you may also choose to file a complaint or an appeal against a decision made in relation to a request to exercise your data subject rights with the Data Protection Authority.

To exercise these rights, please contact our customer service hotline or if you have questions about your data, please contact our Data Protection Officer (“DPO”) using the details given below.

10. Changes to this Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices or for legal and regulatory reasons. Our privacy notice is available on www.hnb.net  for your reference. Please visit the website periodically for the latest version.

11. Contact Us

If you require any further information or require to contact our Data Protection Officer (where applicable).

• Contact us via Customer Service Hotline

If you have any questions or concerns about this Privacy Notice or your Personal Data, please contact us at:

Contact No: +94 112 462462

Email: [email protected] 

Address: Head of Customer Experience,

HNB Towers,

Level 19, No. 479,

T B Jayah Mawatha,

Colombo 10.

Sri Lanka.

• Contact our Data Protection Officer (DPO)

If you have any questions or concerns regarding your Personal Data or this Privacy Notice and require to contact our Data Protection Officer:

Email: [email protected] 

Address: Data Protection Officer,

HNB Towers,

Level 11, No. 479,

T B Jayah Mawatha,

Colombo 10.

Sri Lanka.

HNB Cookie Policy

1. Introduction

Welcome to HNB's website. This Cookie Policy explains how we use cookies and similar technologies to enhance your browsing experience. By using our website, you consent to the use of cookies as described in this policy.

2. What are Cookies?

Cookies are small text files that are stored on your device when you visit a website. They help the website recognize your device and remember information about your visit, such as your preferences and settings.

3. How We Use Cookies 

We use cookies for the following purposes: 

• To ensure the proper functioning of our website
• To analyze and improve the performance of our site
• To personalize your experience by remembering your preferences
• To deliver targeted advertising based on your interests

4. Types of Cookies We Use

Essential Cookies: These cookies are necessary for the proper functioning of our website. They enable basic features, such as page navigation and access to secure areas, etc. 

Analytical/Performance Cookies: These cookies allow us to analyze how visitors use our website. We use this information to improve the user experience and optimize our site's performance, etc. 

Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences and choices etc.

5. Third-Party Cookies

Some cookies on our website may be set by third-party services. We have no control over these cookies, and they are subject to the privacy policies of the third parties providing them.

6. Managing Cookies

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or accept cookies and to delete them. The "Help" section in your browser provides information on how to manage your cookie settings. Please note that if you refuse all cookies, you may not be able to use our website.

7. Changes to this Cookie Policy

We may update this Cookie Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. Our cookie policy is available on www.hnb.net and www.hnb.lk for your reference. Please visit the website periodically for the latest version.

8. Contact Us

If you require any further information or require to contact our Data Protection Officer (where applicable).

• Contact us via Customer Service Hotline

If you have any questions or concerns about this Privacy Policy or your Personal Data, please contact us at:

Contact No: +94 112 462462

Email: [email protected] 

Address: Head of Customer Experience,

HNB Towers,

Level 19, No. 479,

T B Jayah Mawatha,

Colombo 10.

Sri Lanka.

• Contact our Data Protection Officer (DPO)

If you have any questions or concerns regarding your Personal Data or this Privacy Policy and require to contact our Data Protection Officer:

Email: [email protected] 

Address: Data Protection Officer,

HNB Towers

Level 11, No. 479,

T B Jayah Mawatha,

Colombo 10.

Sri Lanka.