The purpose of this Policy is to maintain the privacy of users, members, unregistered visitors, etc. (hereinafter collectively referred to as “Users” or “you” or “your”). It shall also outline the information collected by the Company from the Users, the purpose for which the information has been collected by the Company, with whom the information has been collected may be shared, and the Users’ choice with respect to the uses and disclosures as contemplated herein.
The Company through this Policy aims to demonstrate its commitment towards the applicable laws including but not limited to Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information), Rules, 2011, Reserve Bank of India (RBI) rules and guidelines and other rules in relation thereto (“Rules”) This Policy is applicable to all the information collected, received, possessed, owned, controlled, stored, dealt with, or handled by the Company in respect of a User.
You hereby expressly consent to provide below mentioned information to us for the purpose of providing the services to you. We may seek your consent through a separate consent form detailing required data points, purpose of collection, disclosure of entities with whom such information might be shared, if so required by regulatory bodies as and when required to be collected at each stage of
I. COLLECTION OF INFORMATION
For providing the services we will collect the following categories of information from you.
1. Personal Information:
(iii) Email ID
(iv) Contact information
2. Economic Profile Information
(ii) Occupation details
(iii) Bank details
(iv) Salary statements
(v) Income Tax returns
3. KYC related information
(i) Aadhar Card
(ii) Pan Card
We shall seek your explicit consent by way of a specific consent form and request ‘one time access’ during the collection of the below information
(i) Device Location
(ii) Camera usage
4. Device Related Information
We may further collect, the information the Platform collects such as transaction or activity within the app or website, and how that information is used, depends on how you manage your privacy controls on your device.
5. Google AD ID
We collect the unique Google user identifier for sending personalized communications
6. Credit Reports
We may also collect your credit information for limited end use purpose based on your instructions and strictly for the provision of services to you. We shall not aggregate, retain, store, copy, reproduce, republish, upload, post, transmit, sell or rent the credit information to any other person and the same cannot be copied or reproduced other than as agreed herein.
Web Beacons: The web pages of the website contain electronic images known as “web beacons”, sometimes called single-pixel gifs and are used along with cookies to compile aggregated statistics to analyse how the website is used. Web beacons may also be used in some of our emails to so as to know which emails and links recipients have opened, allowing it to gauge the effectiveness of its customer communications and marketing campaigns.
Third Party SDK: Our Platform has a link to a registered third party SDK that collects data on our behalf and is stored to a secured server to perform a variety of services such as analyzing your inapp actions, serving retargeting ads, sending personalized push notifications, and performing credit assessment based on your information among others.
We don’t allow unauthorized access to your non-public personal contacts or financial transaction SMS data with any third party.
We make sure that our respective Lending Service Providers (LSP) and Digital Lending Apps (DLA) shall:
(i) Collect your information only upon obtaining explicit consent in a specific consent form.
(ii) Collect only such information on a need based approach which are specifically required for providing the services to you
(iii) store only basic personal information only to the extent required to carry out our operations towards you.
(iv) not access your mobile phone resources like file and media, contact list, call logs, telephony functions.
We shall not seek for any unauthorized information from you and shall refrain from any unauthorized disclosures.
If any of the information provided by you changes, you may correct, delete inaccuracies, or amend information by sending an email with the updated details to email@example.com. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable. We shall not be responsible for the authenticity of your information including sensitive personal data supplied to us.
II. PURPOSE OF COLLECTION:
Our goal in collecting the information is to provide you with a Platform to render personalised services. We shall use the information on a need basis for the purpose of providing you the services in the following ways and in compliance with all applicable laws:
(a) To observe, improve, and administer the quality of services;
(b) To analyse how the Platform is used and diagnose technical problems;
(c) To make user data analysis and risk management;
(d) To ensure compliance with all legal obligations of the Company, vis-à-vis Know your Customer, Prevention of Money Laundering, CKYC requirements, etc;
(e) For fraud prevention and detection;
(f) To send User surveys and marketing communications that the Company believes may be of User interest;
(g) To analyse, conduct internal reviews, surveys and understand the Users, improve the content and features of the Platform;
(h) To notify you about any changes to the Platform;
(i) To enable us to comply with legal and regulatory obligations;
(j) To enable us to send administrative notices and service-related alerts to you;
(k) To enable us to do market research, troubleshooting, protection against errors, project planning, fraud and other criminal activity; and
(m) To verify your identity and determine your eligibility to use the Platform and avail the services.
We have stringent security measures in place to protect the loss, misuse, and alteration of the information under our control. Whenever you change or access your information, we offer the use of a secure server. Once your information is in our possession we adhere to strict security guidelines, protecting it against unauthorized access.
We intend to protect your information by implementing physical, administrative and technical safeguards from unauthorized access, use and disclosure. Some of the safeguards we use are
irewalls and bit data encryption using SSL, and information access authorization controls. We use reasonable safeguards to preserve the integrity and security of your information against loss, theft, unauthorized access, disclosure, reproduction, use or amendment. To achieve the same, we use reasonable security practices and procedures as mandated under applicable laws for the protection of your information. For example, we encrypt all information when we transmit over the internet. We also require that our registered third party service providers protect such information from
unauthorized access, use and disclosure and follow such standards as mandated under applicable laws.
This Policy does not apply to any information other than information collected by us through the Platform. This Policy will not apply to any unsolicited information provided by you through this Platform or through any other means this includes, but is not limited to, information posted on any public areas of the Platform. All such unsolicited information shall be deemed to be non-confidential and we will be free to use, disclose such unsolicited information without limitation.
IV. STORAGE OF INFORMATION
We shall store your information at servers located within India. We shall ensure our DLAs and LSPs store only basic personal information on a need basis. We will ensure that no biometric data belonging to you (to the extent applicable) shall be collected by our DLA’s or stored by our LSPs through DLAs, unless it is allowed under statutory guidelines. We shall further ensure that LSPs engaged by us comply with all mandatory technology standards, requirements on cybersecurity stipulated by RBI and other agencies, or as may be specified from time to time, for undertaking digital lending services. We will retain any data or information provided by you till the time we render our services towards you. Our data retention policy is restricted to the provision of our services towards you. You can request for the deletion of your information from us at any stage. Our data retention and deletion policy is in consonance with the applicable laws and guidelines of the RBI. Upon any request made by you or at the time of termination of services or a contract between Company and you, we shall make sure that all your data is deleted and the same is notified to you. We also protect your personal information offline other than as specifically mentioned in this Policy. Access to your personal information is limited to employees, agents or partners and third parties, who we reasonably believe will need that information to enable us to provide services to you. We collect NACH mandate registration using our vendor like Razorpay and sign the documents using our vendor like Signdesk.
In the event our LSPs and DLAs take any information from you, we ensure they take your explicit consent in a manner that can be evidenced through written records so that there is an auditable trail of your consent. Such explicit consent shall be collected from you by way of a separate form. The purpose of collecting such consent shall be disclosed to you at each stage of interface for the particular operation.
Option to Withdraw Consent : At any stage during the provision of Services, You shall have the right to:
1. Deny Consent: You shall have the right to deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the App delete/ forget the data.
2. Withdraw Consent: You may withdraw Your consent to contact You, for the continued collection, use or disclosure of Your information, at any time, or request for deletion of your account by raising a request by mailing Us at [.] or contacting Us at: [.]. However, if You have availed any loan facilities from Our financing partner, the financing partner shall have the right to continue processing Your information till such credit facility has been repaid in full, along with any interest and dues payable and/or for such period as may be allowed under applicable law. However, We shall not retain Your data and information if it is no longer required by Us and there is no legal requirement to retain the same. Do note that multiple legal bases may exist in parallel, and We may still have to retain certain data and information at any time.
3. Rectification: In the event that any personal data provided by You is inaccurate, incomplete or outdated then You shall have the right to provide Us with the accurate, complete and up to date data and have Us rectify such data at Our end immediately. We urge You to ensure that You always provide Us with accurate and correct information/data to ensure Your use of Our Services is uninterrupted.
4. Report an issue: You have a right to report a security incident to the GRO (detailed mentioned hereinbelow). You are entitled to prevent unauthorised usage of your information by our personnel/agents by informing us, within 10 days of being informed of the proposed use, that you do not wish to disclose such information. You can also exercise the right at any time by contacting us at firstname.lastname@example.org.
VI. DISCLOSURE OF INFORMATION
Any disclosure of us to third parties is subject to the following:
(a) We shall take your express consent in the event we share Your personal data with third parties.
(b) We shall share Your information with third-party only on a need basis and only for the purpose stated hereunder, as per the applicable laws.
(c) We shall additionally seek express consent through a separate consent for at appropriate stages of data collection, if so required under applicable laws.
(d) Usage of Your information by such third parties is subject to their privacy policies. We share limited information with them, strictly to the extent required. We recommend you to have a look at the privacy policies of such third parties.
(e) If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request, we shall not seek your explicit consent however we shall reasonably endeavour to notify the same to you accordingly as the case may be;
The disclosures made by us are listed below for which we will take your express consent:
(i) We disclose and share your information with our LSPs, partner banks or NBFCs and other third party partners for facilitation of a loan or facility or line of credit or purchase of a product;
(ii) We share Your information with our third party partners in order to conduct data analysis in order to serve you better and provide services;
(iii) We will disclose the information with other technology partners to track how the user interact with the website or platform on our behalf.
(iv) We and our affiliates may share your information with another business entity should we (or our assets) merge with, or be acquired by that business entity, or re-organization, amalgamation, restructuring of business for continuity of business. Should such a transaction occur than any business entity (or the new combined entity) receiving any such information from us shall be bound by this Policy with respect to your information.
(v) In order to enforce our service terms and other agreements or to investigate potential breaches; or for the purpose of publishing statistics relating to the use of the website.
(vi) We may disclose your information to credit bureaus or report defaulters to credit bureaus and for other reporting requirements as provided under applicable laws.
Here is the list of entities with whom your information is shared [.]
VII. GRIEVANCE REDRESSAL OFFICER
In accordance with the relevant provisions of the Information Technology Act, 2000 and Rules made thereunder, the Company has designated the Grievance Officer. Users can contact the Grievance Redressal Officer with respect to any complaints or concerns regarding the handling, storage, disclosure of User Information.
All issues can be addressed at the following:
Grievance Officer Name: Aditya Agrawal
Email address: email@example.com
The Grievance Officer can be contacted between 10:00AM and 6:00PM from Monday to Friday except on public holidays.
Nodal Officer Name: Aditya Agrawal
Email address: firstname.lastname@example.org