- The way in which we can collect and receive Your personal data
- Kinds of personal (and nonpersonal) data we are authorized to collec
- The way in which we use, exchange and protect these data
- How long do we keep these data
- Your rights; and
- The way in which You may contact us regarding our practice of personal data and confidential information protection and grievance.
Collection of Information
- Registration: During Your registration as User, the company SelFin collects Your personal data provided in registration form which You fill in and send to us electronically on the website www.selfinindia.com (hereinafter referred to as the “Website”).
- Visiting the Website: When You visit the Website, common non-personal information (Your browser’s identifier, the Website’s visiting frequency, average time spent on the Website, viewed pages, device information) shall be recorded automatically. Such information shall be used with the purpose to receive information on attractiveness of our Website and to improve its content and functionality. Your data will not be transferred further to third parties.
- Entering the Website as the User: In situation when You enter the Website as the User, we are entitled to obtain from Your personal data, for instance, when You use our services.
- Additional information with the Users consent: With Your explicitly given consent we can collect information on your bank account balance transaction history as well as your mobile phone data or credit history in credit bureaus.
- Communication with us: You can choose different means of communication indicated on the Website in section “Contact information” to contact us. Your personal data and other information, for instance, e-mail addresses, telephone number, etc. of the company will be kept confidential.
- Audit Trail: The provisions of RBI guidelines dated 02nd September 2022 that Regulated Entities shall ensure of any collection of data by their Digital Lending Apps (DLAs) and DLAs of the Lending Service Providers (LSPs) of Regulated Entity is need-based and with the prior and explicit consent of the borrower having an audit trail is not applicable to the Company as the Company does not have any DLAs neither any of their LSPs have DLAs to collect data of the borrower.
- As per the provisions of RBI guidelines dated 02nd September, 2022, the Company shall ensure that any collection of data by their Digital Lending Apps (DLAs) of Company which are on need-based should be taken with prior and explicit consent of the borrower having an audit trail of the borrower.
- As per the provisions of RBI Guidelines dated 02nd September, 2022, user is hereby informed that the third party service provider will have access to your Information on a need to know basis to assist the Company in rendering service and are restricted from using the same for any other reason. The third-party service provider is obligated not to disclose or use the Information for any other purpose.
Kinds of personal data we are entitled to collect
We are entitled to collect following categories of personal data:
- Personal information: first name, last name, personal code;
- Contact information: postal or e-mail addresses, telephone number;
- Demographic data: gender, age, nationality, date and place of birth, family status;
- User data: user name and password (if required for processing any request);
- Data for KYC (Passport, PAN card, Driver’s license, Voter ID etc.) in so far as such information is necessary for providing You with our services and in amount allowed and set forth in the law;
- Socio-economic data: the bank account number and number of credit card, income level;
- Preferences regarding means of communication;
- History of Your use of the Website, Your IP-address, browser’s and operational system’s type;
- Other sort of information given by You on voluntary basis;
We are entitled to collect Your personal data in exceptional situations only. If we really have to process Your personal data, we will make sure, that there is a valid legal base (for instance, Your univocal consent).
Usage of Information
The company SelFin does not use Your personal information excluding situations than You have provided it yourself, for instance, with the purpose to receive services or information on news. We can use personal data and other confidential information received from You with following purposes:
- Processing of Your ordered services;
- To confirm your identity
- Your creditworthiness assessment regarding Law on the Prevention of Laundering the Proceeds from Criminal Activity (Money Laundering) and of Terrorist Financing;
- Communication with You;
- Creation and administration of Your account and answering Your questions;
- Improving of our Website, particularly by tracking and monitoring of Your use of the Website with the help of cookies, as well as for diagnostic of problems with software and hardware we use.
- Undertake Know Your Customer (KYC) compliance as required under applicable laws;
- We may use data for internal purposes such as auditing, data analysis, improvement relating to the services provided through the Platform;
- For sharing such information with any third party, including any service providers and any group companies of the Company, in the course of providing the services through the Platform;
- To share data with the regulatory authorities from time to time as per applicable laws.
- The provisions of RBI guidelines dated 02nd September 2022 that Regulated Entities shall ensure that their Digital Lending Apps (DLAs) DLAs desist from accessing mobile phone resources like files and media, contact list, call logs, telephony functions, etc.
- A one-time access can be taken for the camera, microphone, location, or any other facility necessary for the purpose of onboarding/ KYC requirements only, with the explicit consent of the borrower is not applicable to the Company as the Company does not have any DLAs neither any of their LSPs have DLAs to collect data of the borrower.
- As per the provisions of RBI guidelines dated 02nd September, 2022, the User are informed that the Digital Lending Apps (DLAs) of the Company desist from accessing mobile phone resources like file and media, contact list, call logs, telephony functions, etc.
The data we gather may also be used for any incidental use which is not listed above and for any other reason with your consent.
Collection of Information by Third-Party Sites and Advertisers
The company SelFin does not sell, release on loan and publish Your personal data. Following the letter of the law, the company SelFin is entitled to provide Your personal data to any third persons or organizations in the following cases:
- If the disclosing of information to the state organizations or other third persons is required in accordance with the Indian law;
- It is not possible to provide services to you without the transfer of data; and
- By the relevant agreement between You and the company SelFin.
To ensure providing services to You we do transfer Your data to the companies and enterprises related to SelFin or which directly or indirectly have obtained a significant share in the share capital of SelFin, or in which SelFin has obtained direct or indirect participation, in so far as such information is necessary for the performance of functions delegated to them.
SelFin can transfer Your data to:
- Any person related to the fulfilment of commitments arising to SelFin from the Agreement (including, but not limited, to communications service providers, IT service providers, payment intermediaries, credit institutions etc.), ensuring the person related commitment to protect and do not disclose personal data received;
- Outsourced service providers that SelFin has engaged in the provision of services arising from the Agreement, insofar as such information is necessary for the performance of functions delegated to them, ensuring the recipient’s commitment to protect and do not disclose personal data received;
- - Upon handing over (transferring) the claim, ensuring the recipient’s commitment to protect and do not disclose personal data received;
- Third parties, who is taking legal actions in connection with debt collection from the User (Investor) (for instance, debt collectors, lawyers, court bailiffs, insolvency administrators), ensuring the recipient`s commitment to protect and do not disclose personal data received;
- Legal, accounting and auditing service providers to SelFin, ensuring that the said persons have undertaken not to divulge such information, ensuring the recipient’s commitment to protect and do not disclose personal data received.
Data Governance and trainings
Securing User’s Information is of paramount importance to Selfin. Following are some of the initiatives by Selfin to security privacy of the User’s Information:
a) Selfin has reasonable management, technical and administrative measures in place to protect Information within Selfin.
b) Sound technical controls around Information and underlying systems are in place.
c) Selfin adheres to multiple regulatory and statutory requirements like RBI’s Master Direction for NBFC, Guidelines for Prepaid payment instruments, NPCI guidelines for Data localization, CKYC etc. to name a few.
d) Selfin conducts periodic internal and external audits of its systems.
e) In all contractual arrangements, we require Selfin employees, third party agencies/service providers to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.
f) Any acts involving (i) unauthorized usage/ sharing of Information, (ii) breach of security procedures; (iii) usage of Information for unlawful gain (iv) breach of IT policy/procedure; and (v)breach of confidentiality as per employment terms and/or Code of Conduct, shall warrant appropriate disciplinary action as per Company’s Policy.
We maintain corresponding technical and organizational security measures worked out for personal data provided by You, protection from accidental, illicit or unauthorized destruction, loss, change, access, disclosure or use, including using firewalls, intrusion detection, analysis software and data encryption.
Access to Your personal data is limited to a narrow scope of qualified employees that have passed appropriate training and continue to improve their knowledge.
SelFin processes your personal data in accordance with IT security policy and compliances laid down by the regulators.
The provisions of RBI Guidelines dated 02nd September 2022, stating that the Regulated Entities shall ensure that no biometric data is stored/collected in the systems associated with the DLAs of Regulated Entities and their LSPs unless allowed under the extent of statutory guidelines is not applicable to the Company as the Company and any of their LSPs have any DLAs.
All personal data obtained from You is stored for as long as you use our Services or until You cancel Your consent if your personal data is processed on that basis. A longer period of storage of personal data is permissible in order to comply with the statutory requirements for a minimum period of storage of documents or information or to protect our legitimate interests.
Once this period has expired, we will erase Your personal data in a secure way or make it unavailable (archiving) or unidentifiable, so that it can no longer be linked to You.
You may decide to opt out of any promotional emails by following the instructions mentioned on that e-mail. The company may still continue to send non-promotional emails like your account related information, collection reminders.