logo
Contact Us

Privacy Policy

Introduction

 

ARTH “Arthimpact Digital Loans Private Limited” recognizes the expectations of its customers with regard to privacy, confidentiality, and security of their personal information that resides with the Company. Keeping personal information of customers secure and using it solely for activities related to the Company and preventing any misuse thereof is a foremost priority of the Company. The Company has adopted this privacy policy aimed at protecting the personal information entrusted and disclosed by the customers (hereinafter referred to as the “Policy”). This Policy governs the way in which the Company collects, uses, discloses, stores, secures, and disposes of personal information and sensitive personal data or information.

 

Definitions

 

“Digital Lending Apps” / “Platforms” / “DLA(s)” shall mean mobile and web-based applications with user interface that facilitate digital lending services. DLAs will include apps of the Company as well as those operated by LSPs engaged by the Company for extending any credit facilitation services in conformity with extant outsourcing guidelines issued by the RBI.

“LSP(s)” means an agent of the Company who carries out one or more of Company’s functions or part thereof in customer acquisition, underwriting support, pricing support, servicing, monitoring, recovery of specific loan or loan portfolio on behalf of the Company in conformity with extant outsourcing guidelines issued by the RBI.

“Personal Information” means any information that relates to a natural person, which is capable of identifying such person, either directly or indirectly, either independently or in combination with other information, either available or likely to be available with the Company.

“RBI” shall mean Reserve Bank of India.

“Sensitive Personal Data or Information” of a person or business legal entity means such personal / business information which consists of information relating to any or all of the following:

  • Password;
  • Financial information such as details pertaining to a Bank account or credit card or debit card or any other payment instrument;
  • Physical, physiological, and mental health condition;
  • Sexual orientation;
  • Medical records & history;
  • Biometric information;
  • Any detail relating to the above clauses as provided to the Company for providing service, or received by the Company for processing, stored or processed under lawful contract or otherwise.

Provided that the following shall not be regarded as sensitive personal data or information for the purposes of this policy:

  • Any information that is freely available or accessible in the public domain or furnished under the Right to Information act, 2005 or any other law for the time being in force;
  • Information obtained from a business legal entity in addition to “personal information”;
  • Know Your Customer (KYC) and other information provided by the customer at the time of commencing a relationship or any time thereafter;
  • Information about transactions with the Company;
  • Information obtained by the Company from a third person without any obligations of confidentiality;
  • Furnished pursuant to any directions of a governmental authority or court of law;
  • Was rightfully in the Company’s possession prior to receipt from the customer free of any obligation of confidence.

 

Applicability

 

This Policy is applicable to Personal Information and Sensitive Personal Data or Information collected by the Company or its affiliates directly from the customer or through the Company’s online portals, mobile apps, and electronic communications as also any information collected by the Company’s server from the customer’s browser.

 

Purpose & Objective

 

The Company collects and uses the Personal Information and Sensitive Personal Data or Information from its customers. This information is collected and used for specific business purposes or for other related purposes designated by the Company or for a lawful purpose to comply with the applicable laws and regulations. The Company shall not divulge any Personal Information or Sensitive Personal Data or Information collected from the customer, for cross-selling or any other purpose. This Policy serves to outline the privacy measures followed by the Company to safeguard the data entered by customers on its web portal and application. The authenticity of the Personal Information or Sensitive Personal Data or Information provided by the customer shall not be the responsibility of the Company.

 

Disclosures of Personal Information

 

The Personal Information or Sensitive Personal Data or Information collected by the Company shall not be disclosed to any other organization except:

  • Where the disclosure has been agreed upon in a written contract or otherwise between the Company and the customer;
  • Where the Company is required to disclose the personal information to a third party on a need-to-know basis, provided that in such case the Company shall inform such third party of the confidential nature of the personal information and shall keep the same standards of information/ data security as that of the Company;
  • Furnished pursuant to any directions of a governmental authority or court of law;

The inclusive list of the details of third parties (where applicable) allowed to collect personal information through the DLA will be updated from time to time.

In line with the mandate of the RBI, the Company has adopted and implemented the following requirements:

  • The Company shall ensure that LSPs/DLAs engaged by them do not store personal information of the customers except some basic minimal data (viz., name, address, contact details of the customer, etc.) that may be required to carry out their operations.
  • The Company shall carry out the responsibility of ensuring that the LSPs and DLAs maintain data privacy and security of the customer’s personal information.
  • The Company shall provide customers with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the app delete/forget the data.
  • The Company shall ensure that any collection of data by their DLAs and DLAs of their LSPs is need-based and with prior and explicit consent of the customers having an audit trail. The Company shall also ensure that DLAs desist from accessing mobile phone resources like file and media, contact list, call logs, telephony functions, etc.
  • The Company shall ensure that the customer shall be provided with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the app delete/forget the data.
  • The purpose of obtaining customers’ consent needs to be disclosed at each stage of interface with the customers.
  • Explicit consent of the customer shall be taken before sharing personal information with any third party, except for cases where such sharing is required as per statutory or regulatory requirement.
  • The Company shall ensure that clear policy guidelines regarding the storage of customer data including the type of data that can be stored, the length of time for which data can be stored, restrictions on the use of data, data destruction protocol, standards for handling security breach, etc., are put in place and also disclosed by DLAs of the REs and of the LSP engaged by the Company prominently on their website and the apps at all times.
  • The Company shall ensure that no biometric data is stored/collected in the systems associated with the DLA of the Company / their LSPs, unless allowed under extant statutory guidelines.
  • The Company shall ensure that they and the LSPs engaged by them comply with various technology standards/ requirements on cybersecurity stipulated by RBI and other agencies, or as may be specified from time to time, for undertaking digital lending.
  • All data (including personal data and information of the customers) shall be stored in India.
  • No information (including personal information or data of the borrowers) shall be collected by LSPs / DLAs without the prior explicit consent of the customers.

Nothing stated above shall preclude the Company from adhering to the mandate of disclosing/reports borrowers to the credit information companies in accordance with the Digital Lending Guidelines and/or the Outsourcing Policies and/or other extant instructions / guidelines / directions / circulars of the RBI.

 

Reasonable Security Practices and Procedures

 

The security of Personal Information or Sensitive Personal Data or Information is a priority and will be protected by maintaining physical, electronic, and procedural safeguards that meet applicable laws. The Company shall take reasonable steps and measures to protect the security of the customer’s Personal Information or Sensitive Personal Data or Information from misuse and loss, unauthorized access, modification, or disclosure. The Company will maintain its security systems to ensure that the Personal Information or Sensitive Personal Data or Information of the customer is appropriately protected and follows the extant standard encryption norms followed for the transmission of information. The Company will ensure that its employees and affiliates respect the confidentiality of any personal information held by the Company.

 

Data Retention

 

The Company is allowed to retain data for a longer period for the purpose set out in the policy and for legal or regulatory reasons. Customer may withdraw its consent or request the deletion of its Personal Information or Sensitive Personal Data by writing to our contact information. Whatever data is captured on the website, would not be shared with any third-party for promotional and/or marketing purposes.

 

Exclusions

 

Notwithstanding anything mentioned in the Policy, the Policy shall exclude information that is needed to be shared with others due to extant regulations e.g. credit bureaus, Central KYC Registry, Registrar of Companies and the RBI, and also where the Company is legally bound to disclose information including but not limited to Financial Intelligence Unit, Enforcement Directorate, Income Tax department or as required by a court of law or tribunal.

 

Contact Information

 

In order to address any discrepancies or queries related to the personal information residing with the Company, the customer may write to support@arthdigital.net.

Customers not satisfied with the response or resolution from the Customer Support may write to Grievance Officer at grievance@arthdigital.net.

The Website & DLA operated by the Company shall categorically provide the detail of the Customer Support & Grievance Redressal Mechanism established by the Company.

 

Implementation

 

This Policy shall be effective from the date of adoption by the Board.

 

Amendment

 

This Policy shall be amended and/or restated and updated from time to time and such amendments and/or restatements and updates shall be effective from the date of adoption by the Board.