Privacy Policy
INTRODUCTION
Welcome to Shubharambh Capital Finance Private Limited. Our official website, www.paisadost.com (referred to as the “Website”), is owned by Shubharambh Capital Finance Private Limited. The company is registered with The Reserve Bank of India as a non-deposit Non-Banking Financial Company (“NBFC”) under section 45-IA of the Reserve Bank of India Act, 1934. We are primarily involved in the lending business and have our registered and corporate office located at 402- 4th floor Okay Plus Tower, Hathroigari, Ajmer Road, Jaipur GPO, Jaipur, Rajasthan.
Shubharambh Capital Finance Private Limited specializes in asset financing, lending to Small and Medium Enterprises, and related activities. For additional details, kindly visit www.paisadost.com. At Shubharambh Capital Finance Private Limited, we are deeply dedicated to safeguarding the personal and financial information provided by our customers. We make every effort to protect this information from unauthorized use.
By utilizing this website, you indicate your acknowledgment and agreement to adhere to this Privacy Policy. Nevertheless, if you disagree with the utilization, processing, or transfer of Your Information by Shubharambh Capital Finance Private Limited in any manner, kindly refrain from sharing your information on the website.
TYPES OF PERSONAL INFORMATION COLLECTED
To facilitate the provision of our services, Shubharambh Capital Finance Private Limited may collect the following types of personal information:
Information provided directly by you, including:
- Identification Information: Name, gender, residential/correspondence address, telephone number, date of birth, marital status, email address, or other contact information.
- PAN (Permanent Account Number), KYC (Know Your Customer) Status, Signature, and Photograph.
- Bank account or other payment instrument details.
- Any additional details that may be necessary for the provision of our services.
INFORMATION THAT MAY BE COLLECTED THROUGH YOUR USE OF OUR SERVICES, INCLUDING:
- Transaction Information: We analyze, gather, and monitor financial transactional SMS exclusively for the purpose of describing transactions and corresponding amounts to assess credit risk. No access is made to other SMS data.
- Storage Information: Users may be enabled to download and display information, such as scheme commission details for reference, or upload pertinent documents during user account management or transaction order placement.
- Media Information: Users are facilitated to capture/upload relevant documents as required during user account management or transaction order placement.
- Device Information: We collect specific details about your device, including storage, hardware model, operating system and version, unique device identifier, mobile network information, and data concerning the device’s interaction with our services when accessed.
Additionally, we obtain personal data, including Aadhaar number/Virtual ID, directly from the Aadhaar number holder to conduct authentication with UIDAI during the provision of services. This information is collected for the purpose of authenticating the Aadhaar number holder, enabling services like e-KYC for customer onboarding and loan disbursement.
The Policy outlines the minimal requirements for data privacy that Shubharambh Capital Finance Private Limited has established. It complies with applicable rules and regulations (such as the Indian IT Act of 2000, IT Amendment Act of 2008, IT Rules of 2011, and Aadhaar Act of 2016).
SPI refers to Sensitive personal data or information about an individual that includes details about:
- Password;
- Health conditions—physical, physiological, and mental;
- Sexual orientation;
- Medical records and history;
- Biometric data;
- Aadhaar Number Holder
- Any information pertaining to the aforementioned clauses provided to Shubharambh Capital Finance Private Limited for the purpose of rendering services;
Any information obtained under the aforementioned clauses by Shubharambh Capital Finance Private Limited for processing, stored or processed under lawful contract or otherwise provided that, any information that is freely available or accessible in the public domain or provided under the Right to Information Act, 2005, or any other law for the time being in force shall not be considered sensitive personal data or information for the purposes of these rules.
Shubharambh Capital Finance Private Limited places significant importance on the Personal Data entrusted to it, and the company is dedicated to collecting, using, retaining, and disclosing Personal Data in a fair, transparent, and secure manner. This commitment is upheld by adhering to the following key principles:
- Collection Limitation: Personal Data will be obtained through fair, lawful, and transparent means. Shubharambh Capital Finance Private Limited is committed to being transparent with individuals about how their Personal Data will be utilized, the entities with whom it will be shared, and where it may be sent:
- Written consent will be obtained through application forms, agreements, or any other executed documents. Additionally, consent may be acquired through letters or emails from the provider of sensitive personal data or information, outlining the purpose of usage prior to the collection of such information.
- When gathering information directly from the concerned individual, it is imperative to ensure that the provider of information is cognizant of the following aspects:
- The fact that information is collected
- The purpose behind collecting the information
- The intended recipients of the information
- The names and addresses of agencies who are collecting and retaining the information.
- Before gathering information, including sensitive personal data or information, the provider of information must be given the option not to disclose the data or information sought for collection. Additionally, the provider of information retains the right, at any time while utilizing the services or otherwise, to withdraw consent previously given to Shubharambh Capital Finance Private Limited. It’s important to note that the revocation of consent does not apply to the sharing of information mandated by regulatory, statutory, or legal requirements, as dictated by the prevailing law of the land. Any withdrawal of consent should be communicated in writing to Shubharambh Capital Finance Private Limited. If the provider of information chooses not to provide or later withdraws consent, Shubharambh Capital Finance Private Limited reserves the right not to offer services for which the information was originally sought.
- Shubharambh Capital Finance Private Limited will additionally gather personal data, including the Aadhaar number/Virtual ID, directly from the Aadhaar number holder to conduct authentication with UIDAI during the provision of services.
- Identity information, such as the Aadhaar number/Virtual ID, will be collected to authenticate the Aadhaar number holder, enabling the provision of e-KYC services for customer onboarding and loan disbursement.
- Data Minimization: Only the sensitive personal data necessary for authorized business activities shall be collected from the provider. Personal data will not be disclosed to anyone, including internal staff, who is not authorized or does not have a legitimate business ‘need to know’ the information.
- Disclosure: The personal information, including sensitive personal data or information, collected or stored by Shubharambh Capital Finance Private Limited, may be accessible to any third party through an order under the prevailing law and to providers of information who have supplied information under a lawful contract.
The summary of this policy will be published on the Shubharambh Capital Finance Private Limited website and will encompass:
- Clear and easily accessible statements outlining its practices and policies.
- Types of personal or sensitive personal data or information collected.
- Purpose of collection and usage of such information.
- Disclosure of information, including sensitive personal data or information.
- Reasonable security practices and procedures for the protection of PII/SPI.
The Aadhaar number holder will be notified of the authentication, either through email, phone, or SMS, at the time of authentication, and Shubharambh Capital Finance Private Limited will maintain logs of the same.
- Use Limitation: Personal information shall only be used for the purpose for which it has been collected. Privacy risks will be duly considered before the collection, use, retention, or disclosure of personal information, especially in new systems or as part of a project.
- Security: Adequate protection measures shall be implemented for the personal data collected, used, retained, and disclosed to support our business activities. This will be achieved by adhering to relevant usage, technical, and organizational policies, standards, and processes.
- Shubharambh Capital Finance Private Limited is required to possess a thoroughly documented information security program and policies encompassing managerial, technical, operational, and physical security control measures.
- Shubharambh Capital Finance Private Limited shall comply with ISO 27001 standard on ‘Information Technology – Security Techniques’
- Data Security Related to Aadhaar:
- The Aadhaar number will be obtained through a secure application, transmitted via a secure channel according to UIDAI specifications, and the identity information provided by UIDAI will be securely stored.
- Biometric information, when applicable, will be gathered using the registered devices specified by UIDAI. These devices encrypt the biometric data at the device level, and the application securely transmits it over a secure channel to UIDAI for authentication.
- OTP information will be collected through a secure application and encrypted on the client device before being transmitted over a secure channel, following UIDAI specifications.
- Aadhaar/VID numbers submitted by the resident/customer/individual to the requesting entity, and the subsequently created PID block, will not be retained under any circumstances. The entity will only retain the parameters received in response from UIDAI.
- Information from e-KYC will only be stored in an encrypted form. This encryption will adhere to UIDAI encryption standards and comply with the latest industry best practices.
- To uphold privacy and security, Shubharambh Capital Finance Private Limited refrains from retaining the Aadhaar numbers ofcustomers/individuals/residents.
- The keys utilized for digitally signing the authentication request and encrypting Aadhaar numbers in the Data vault will exclusively be stored in HSMs, in accordance with the HSM and Aadhaar Data vault circulars.
- Shubharambh Capital Finance Private Limited will exclusively employ Standardisation Testing and Quality Certification (STQC) / UIDAI certified biometric devices for Aadhaar authentication (if biometric authentication is utilized).
- Every application utilized for Aadhaar authentication or e-KYC will undergo testing for compliance with the Aadhaar Act 2016 before deployment in production and following any change affecting the processing of Identity information. Annual audits of these applications will be conducted by information systems auditors certified by STQC, CERT-IN, or any other UIDAI recognized body.
- In case of a breach in identity information, the organization is required to notify UIDAI of the following:
- A description and the consequences of the breach;
- A description of the number of Aadhaar number holders affected and the number of records affected;
- Contact information for the privacy officer;
- Actions implemented to alleviate the breach of identity information.
- Non-disclosure agreements (NDAs) with employees, contractual agencies, consultants, advisors, and other personnel responsible for handling identity information shall include suitable security and confidentiality obligations.
- Access to the Authentication application, audit logs, authentication servers, applications, source code, and information security infrastructure will be restricted to authorized individuals only. The organization will maintain and routinely update an access control list.
- We will adhere to best practices in data privacy and data protection, in alignment with international standards.
- The response received from CIDR in the form of authentication transaction logs shall be stored with the following details:
- The Aadhaar number against which authentication is sought. In case of Local AUAs where the Aadhaar number is not returned by UIDAI and storage is not permitted, the respective UID token shall be stored in place of the Aadhaar number;
- Specified parameters received as authentication response;
- The record of disclosure of information to the Aadhaar number holder at the time of authentication; and
- Record of consent of the Aadhaar number holder for authentication but shall not, in any event, retain the PID information.
- A comprehensive Information Security policy, aligned with ISO 27001 standards, UIDAI-specific Information Security Policy, and the Aadhaar Act 2016, will be developed to safeguard the security of identity information.
- Aadhaar numbers will exclusively be stored in the Aadhaar Data vault, following the specifications provided by UIDAI.
- Access, Correction, and Update: Procedures will be established to allow information providers, upon request, to review the information they supplied. Shubharambh Capital Finance Private Limited ensures that any inaccurate or deficient personal information or sensitive personal data will be corrected or amended as feasible. The company is not liable for the authenticity of the personal information or sensitive personal data provided by the information provider unless there is a mechanism in place to verify the information submitted by customers, following the process outlined in the ‘KYC/AML Policy.’
- Retention: Personal Data will be retained following the Preservation of Records policy to support specific business activities or legal/regulatory/statutory requirements, as outlined in the Retention and Disposal Schedule in the Information Technology Policy. The individual collecting the information must not retain it beyond the necessary usage requirements or legal obligations.
Aadhaar authentication transaction logs will be stored for two years, after which they will be archived for an additional five years and deleted upon the expiration of this period, except in cases of court orders or pending disputes.
Shubharambh Capital Finance Private Limited may transfer Sensitive Personal Information (SPI) to any entity or individual, whether located in India or any other country, that ensures an equivalent level of data protection through defined controls. Information transfer will be permitted only if deemed necessary according to contracts, and consent from the information provider has been obtained.
- Third Parties: Access to and transfers of Personal Data (in the email body or as attachments) to third parties will only be carried out when necessary for the performance of a lawful contract between Shubharambh Capital Finance Private Limited or any person on its behalf and the information provider, or when the information provider has given consent to data transfer with appropriate contractual protections in place. Prior to sharing any Personal Identifiable Information (PII) / Sensitive Personal Information (SPI) data, due diligence activities will be conducted to ensure that the third party has suitable security and privacy controls in place. Disclosure of SPI to any third party, other than regulatory/statutory bodies/agencies or reporting mandated under the law/applicable rules/regulations/guidelines, requires prior (one-time) approval from the Data Privacy Officer.
Identity information will not be shared in violation of the Aadhaar Act 2016, UIDAI circulars, and biometric data transmission will not occur without encrypted PID blocks. Shubharambh Capital Finance Private Limited mandates secure transmission of Aadhaar numbers, except for correction or grievance redressal purposes.
- Marketing and Promotional Activities: Sending marketing and promotional communications will only be done after obtaining the necessary consent from providers of information/customers.
Requirements for Sharing and Processing of PII
This policy establishes requirements for collecting, processing and disseminating personal data to ensure compliance with legal requirements.
- Collecting Personal Data: Before gathering personally identifiable information, the data collector must submit a formal request to the ‘Data Privacy Officer’ for approval. The formal request should include the following details:
- Business purpose for which the information will be used
- Nature of the personal data being collected
- Duration for which the information will be retained
- Methods for maintaining the data
- Potential consequences in the event of unintended disclosure or data deletion
- Identity information, such as the Aadhaar number and Virtual ID, is gathered for authentication purposes and processed strictly in accordance with the Aadhaar Act 2016 or its amendments. It should not be utilized beyond the specified purpose without obtaining consent from the Aadhaar number holder. A process is in place to ensure that identity information is not used beyond the purposes outlined in the notice/consent form.
- Disseminating Personal Information: When sharing PII/SPI data, the following precautions must be taken:
- Information should only be shared with authorized personnel who have a legitimate business need for access.
- Ensure that all necessary security controls are in place and operational to safeguard the shared information.
- Under no circumstances should such information be disseminated on Social Media. Users must be informed about the consequences of such actions.
- If PII/SPI is shared with third parties, all requirements outlined in this policy must be met before information dissemination.
- For sharing information with law enforcement agencies, a written advisory from the legal team shall be obtained by the Data Privacy Officer prior to approving such dissemination of PII / SPI data.
LOG FILE INFORMATION, WHICH SHALL BE STORED AUTOMATICALLY:
When you visit or log into our website for browsing, reading pages, or downloading information, specific details about your visit are automatically stored on our systems. Importantly, this information does not personally identify you.
The automatically gathered information includes, but is not limited to:
- The type of browser you are using (e.g., Internet Explorer, Firefox, etc.).
- The type of Operating System you are using (e.g., Windows or Mac OS).
- The domain name of your Internet Service Provider, the date and time of your visit, and the pages on our website.
We utilize this information at times to enhance the design and content of our website(s), primarily to provide you with an improved browsing experience. It’s important to note that this Policy does not aim to, and does not establish any contractual or other legal rights for any user or viewer of www.paisadost.com or on behalf of any other party.
PURPOSE OF COLLECTION AND USAGE OF INFORMATION
On our website, we gather, retain, and utilize information about you only when we reasonably believe that it will contribute to administering our business or providing products, services, and other opportunities to you. The collection of such information serves specified business purposes, including but not limited to:
- RBI/SEBI/ Collecting Banks / KYC Registration Agencies (KRAs)/ Aadhar and other such agencies, solely for the purpose of processing your transaction requests to serve you better.
- Offering services based on your requirements.
- To process your financial and non-financial transaction requests.
- Conducting research and analytics for offering and improving our services.
- Reviewing and processing applications submitted for availing financial services.
- Communicating updates/changes to services and their terms and condition
- Handling and investigating complaints/claims/disputes.
- Responding to queries and feedback submitted by you.
- Verifying your identity and other relevant parameters.
- Meeting the requirements of applicable laws/regulations and/or complying with court orders/regulatory directives received by us.
DISCLOSURE OF INFORMATION
The information you provide may be disclosed to:
- RBI/SEBI/Collecting Banks/KYC Registration Agencies (KRAs)/Aadhaar, and similar entities, exclusively for the purpose of processing your transaction requests to enhance service delivery.
- Another business entity for the execution of any business activity, reorganization, amalgamation, business restructuring, or any other relevant reason.
- Any judicial or regulatory body.
- Auditors.
- Other third-party service providers.
We will not publicly disclose or publish sensitive personal data or information without your consent for any purpose other than the ones mentioned above. We may engage third-party service providers and individuals for the following reasons:
- To facilitate our services.
- To provide services on our behalf.
- To perform service related services.
- To assist us in analysing how services are used.
You are hereby notified that third-party service providers/agents/agencies will have access to your personal information on a need basis to assist Shubharambh Capital Finance Private Limited in providing services and are strictly prohibited from using the information for any other purpose. The third-party service provider is obligated not to disclose or utilize the information for any other purpose.
Retention of Information
Shubharambh Capital Finance Private Limited will not retain or store such information for periods longer than necessary for the specified purposes unless the information can lawfully be used or is otherwise required under any other applicable law.
By agreeing to avail of the services offered by Shubharambh Capital Finance Private Limited, you consent to the collection and use of your Sensitive Personal Data or Information by Shubharambh Capital Finance Private Limited. You retain the right to refuse or withdraw your consent to share/disseminate your Sensitive Personal Data or Information by contacting customer care.
However, in the event of your refusal or withdrawal of personal data, you may not be able to fully avail of any services offered by Shubharambh Capital Finance Private Limited.
Communications & Notifications
When You use the Website or send emails or other data, information or communication to us, You agree and understand that You are communicating with us through electronic mode and You consent to receive communications from us periodically. We may send notifications to you via email or in writing as a hard copy notice, or through conspicuous posting of such notice on our Website page. You may choose to opt out of certain means of notification as you may deem fit. Updating or Reviewing Your Information
Upon written request to us, you have the right to review the personal data or information provided by you. Shubharambh Capital Finance Private Limited will ensure that any personal information or sensitive personal data or information found to be inaccurate or deficient is corrected or amended as feasible.
REASONABLE SECURITY PRACTICES FOR PROTECTING YOUR INFORMATION
Shubharambh Capital Finance Private Limited employs commercially reasonable physical, managerial, and technical safeguards to maintain the integrity and security of your personal information. This encompasses internal assessments of our data collection, storage, and processing practices, along with security measures like appropriate encryption and physical security protocols to prevent unauthorized access to systems where we store personal data.
All information collected on the mentioned website is securely stored within the controlled database of Shubharambh Capital Finance Private Limited. The database is housed on secured servers, access to which is password-protected and strictly limited.
To safeguard your privacy and security, Shubharambh Capital Finance Private Limited implements reasonable measures, such as requesting a unique password, to verify your identity before providing access to your account. It is your responsibility to maintain the confidentiality of your unique password and account information, as well as to control access to your email communications from Shubharambh Capital Finance Private Limited at all times.
While we employ security measures to assist in protecting your personal information from unauthorized disclosure, misuse, or alteration, it’s important to note that, like all computer networks connected to the internet, Shubharambh Capital Finance Private Limited cannot guarantee the security of any information transmitted to us. You transmit information to Shubharambh Capital Finance Private Limited at your own risk. Upon receiving your information, Shubharambh Capital Finance Private Limited will make commercially reasonable efforts to ensure its security.
Data Privacy Officer
The complaints or discrepancies reported by the customer regarding the processing of information will be addressed in a timely manner by the designated ‘Data Privacy Officer.’
Name of Privacy Officer: Ronak Agarwal
Email: [email protected]
Links to Other Websites: Please be aware that this Privacy Policy does not cover third-party websites linked to this site. Shubharambh Capital Finance Private Limited is not accountable for the content and privacy practices of such linked websites. It is recommended to review the privacy policy of each linked website before sharing any information.
Changes to Our Privacy Policy: Kindly be informed that this policy may be subject to changes periodically. If we modify our privacy policies and procedures, we will communicate these changes on the Website to keep you informed. The revisions to this Policy will take effect on the day they are posted on this page. We encourage you to visit our website regularly to stay updated on any modifications to this Policy.