PRIVACY POLICY

1. DEFINITIONS

For the purpose of this Privacy Policy (hereinafter referred to as the “Policy”), wherever the context so requires

a) The term ‘Company’ shall mean ‘Credenc Web Technologies Private Limited’ a Private Limited Company limited by shares and registered under the Companies Act, 2013 and having its registered office at 2nd Floor, DLF Centre, Sansad Marg, New Delhi – 110001

b) The term ‘website’ shall mean www.credenc.com

c) The term ‘You’, ‘Your’ &‘User’ shall mean any legal person or entity accessing or using the services provided on this Website, who is competent to enter into binding contracts, as per the provisions of the Indian Contract Act, 1872;

d) The terms ‘We’, ‘Us’& ‘Our’ shall mean the Website/domain/app (collectively referred to as the “Platform”) and/or the Company, as the context so requires.

2. GENERAL

a) We are committed to safeguarding your privacy and ensuring that you continue to trust us with your personal data. When you interact with us you may share personal information with us which allows identification of you as an individual. This is known as personal data.

b) This document is an electronic record in terms of Information Technology Act, 2000 and rules there under as applicable and the amended provisions pertaining to electronic records in various statutes as amended by the Information Technology Act, 2000. This electronic record is generated by a computer system and does not require any physical or digital signatures. b) This document is published in accordance with the provisions of Rule 3 (1) of the Information Technology (Intermediaries guidelines) Rules, 2011 that require publishing the rules and regulations, privacy policy and Terms of Use for access or usage of Credenc.com c) This website is owned and operated by the Company, d) We confirm that our privacy policy is compliant with applicable laws, associated regulations and RBI guidelines.

3. SCOPE AND ACCEPTANCE OF THIS PRIVACY POLICY

a) This Policy applies to the personal data that we collect about you for the purposes of providing you with our services.

b) By using this website or by giving us your personal data, you accept the practices described in this Policy, its contents, and have provided your informed consent to us collecting, storing, processing, transferring and sharing your Personal Information with Lenders, partners, service providers for the purposes set out in this Policy. If you do not agree to this Privacy Policy, please do not use this website nor give us your personal data/documents for the purpose of facilitation of your loan application and/or any services offered by Credenc.

c) We reserve the right to change this Policy without prior notice. We encourage you to regularly review this policy to ensure that you are aware of any changes and how your personal data may be used.

4. DATA COLLECTED BY US

While accessing our platform, we may ask you to provide us with certain Personally Identifiable Information that can be used to identify you. Collection of such data and information is essential for the purpose of serving the best version of our platform and services. We will have the right to use the data in accordance with the terms of this Policy, which may be in further shared with our lenders and third-party service providers, including but not limited to technical sub-contractors, analytics providers, etc. We may collect data about you from a variety of sources, including through:

a) Online and electronic interactions with us, including via the website, mobile applications, text messaging programs or through our pages on third party social networks.

b) Your interaction with online targeted content (such as advertisements) that we or service providers on our behalf provide to you via third party websites and/or applications.

4.1 DATA THAT YOU PROVIDE US DIRECTLY

This is data that you provide us with your consent for a specified purpose including:

a) Personal contact information, including any information allowing us to contact you in person. These information includes, but is not limited to, borrowers and co-borrowers KYC details, borrowers academic information and documents, co-borrowers financial documents, etc.

b) Demographic information, including date of birth, age, gender, location. We may also collect the location data, if enabled by you to do so. Geolocation includes country pf access, IP address, etc.

c) User image, for us to cross check and verify the authenticity of the User and for prevention of fraud.

d) Account login information including any information that is required for you to establish a user account with us. (e.g. login ID/email, user name, password and security question/answer);

e) Consumer feedback, including information that you share with us about your experience in using our services (e.g. your comments and suggestions, testimonials and other feedback)

f) We may collect the Usage data, including but not limited to access date and time, platform features and/or pages viewed, type of browser, hardware models, operating systems and versions, software, mobile network data, etc.

g) The data collected, as mentioned above, is solely restricted to the above-mentioned activities and will not be in further used for any other purpose. In case we use the data for any other purpose, explicit consent shall be taken from the customers.

h) We will desist from accessing mobile phone resources like file and media, contact list, call logs, telephony functions from borrower phone resources.

i) We will ensure that access to camera, microphone, location or any other facility necessary for the purpose of on-boarding/ KYC requirements and only with the explicit consent of the borrower.

j) We will ensure that no biometric data is stored/ collected in the systems , unless allowed under extant statutory guidelines.

k) We will ensure that all data is stored only in servers located within India , while ensuring compliance with statutory obligations/ regulatory instructions.

4.2 DATA WE COLLECT WHEN YOU VISIT OUR WEBSITE

While using our assessment feature on our platform, we may record your video along with the audio. This is solely for internal evaluation and proctoring purpose. We also use cookies and other tracking technology which collect certain kinds of information when you interact with the website. We use cookies that store your preferences and give us data about your browsing behaviour, such as the pages you visited on the website, the amount of time you spend on the website etc. This information helps us understand the interests of our customers and also helps us improve our website.

4.3 DATA WE COLLECT WHEN YOU VISIT OUR MOBILE APP

Information Collection and Use

For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to User info. The information that we request will be retained by us and used as described in this privacy policy.

The app does use third party services that may collect information used to identify you.

Link to privacy policy of third party service providers used by the app

Log Data

We want to inform you that whenever you use our Service, in a case of an error in the app we collect data and information (through third party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.

Cookies

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.

This Service does not use these “cookies” explicitly. However, the app may use third party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.

Service Providers

We may employ third-party companies and individuals due to the following reasons:

  • To facilitate our Service;
  • To provide the Service on our behalf;
  • To perform Service-related services; or
  • To assist us in analyzing how our Service is used.

We want to inform users of this Service that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

Security

We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

Links to Other Sites

This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

5. DIVULGING/SHARING OF PERSONAL INFORMATION

a) We may share your personal information with other corporate entities and affiliates to help detect and prevent identity theft, fraud and other potentially illegal acts; correlate related or multiple accounts to prevent abuse of our services; and to facilitate joint or co-branded services, where such services are provided by more than one corporate entity.

b) We may disclose personal information if required to do so by law or if we in good faith believe that such disclosure is reasonably necessary to respond to subpoenas, court-orders, or other legal processes. We may also disclose your personal information to law enforcement offices, third party rights owners, or other third parties if we believe that such disclosure is reasonably necessary to enforce the ‘Terms of Use’ or Policy; respond to claims that an advertisement, posting or other content violates the rights of a third party; or protect the rights, property or personal safety of its users, or the general public.

c) We and our affiliates may share / sell some or all of the your personal information with other business entities in the event that we merge or are acquired by such business entity, or in the event of re-organization, amalgamation, or restructuring of the our business. Such business entity or new entity will continue to be bound be the Terms and Policy, as may be amended from time to time.

6. USE OF PERSONAL INFORMATION

We and our affiliated partners may use the personal information submitted by you to contact you in relation to the services offered. This shall override any calling preferences, which you may have registered in the NDNC.

7. SECURITY

Transactions on the Website are secure and protected. Any information entered by the User when transacting on the Website is encrypted to protect the User against unintentional disclosure to third parties. The User’s credit and debit card information is not received, stored by or retained by the Company / Website in any manner. This information is supplied by the User directly to the relevant payment gateway which is authorized to handle the information provided, and is compliant with the regulations and requirements of various banks and institutions and payment franchisees that it is associated with.

8. THIRD PARTY ADVERTISEMENTS / PROMOTIONS

We use third-party advertising companies to serve ads to the users of the Website. These companies may use information relating to the User’s visits to the Website and other websites in order to provide customised advertisements to the User. Furthermore, the Website may contain links to other websites that may collect personally identifiable information about the User. The Company/Website is not responsible for the privacy practices or the content of any of the aforementioned linked websites, and the User expressly acknowledges the same and agrees that any and all risks associated will be borne entirely by the User. We strongly advise you to review the privacy policy of every site you visit.

9. DATA PROTECTION OFFICER

In accordance with Information Technology Act 2000 and rules made there under, contact details of the Data Protection Officer are provided below:
Shijin Abraham
Email: dpo@credenc.com

10. DATA SECURITY & RETENTION

10.1 DATA SECURITY

In order to keep your personal data secure, we have implemented a number of security measures including:

a) We store your data in secure operating environments accessible only to our employees, agents and affiliates on a need to know basis.

b) We use 256-bit encryption to provide protection for sensitive financial information, such as credit card information sent over the Internet.

c) Prior authentication for account access - We require our registered users to verify their identity (e.g. login ID and password) before they can access or make changes to their account. This is aimed to prevent unauthorized accesses.

d) Please note that these protections do not apply to personal data you choose to share in public areas such as on community websites.

e) Standards for handling security breach:

(i) All suspected or reported security breaches or violations shall be logged and tracked from initiation of the preliminary analysis to determine whether there was a security breach or violation till completion of actions taken;

(ii) Appropriate contacts with relevant authorities shall be maintained to escalate to respective authorities as required, including the local cyber cell information.

(iii) Below mentioned are the steps for handling security breach:

(iv) if any security breach comes to our knowledge, then we may take all steps required to protect misuse of such information and may attempt to notify you electronically so that you can take appropriate steps.

10.2 RETENTION & DATA PURGING

We will only retain your personal data for as long as it is necessary for the stated purpose, taking into account also our need to answer queries or resolve problems, provide improved and new services, and comply with legal requirements under applicable laws. This means that we may retain your personal data for a reasonable period after your last interaction with us. Kindly note that we do not sell your personal data to any third party and the use of your personal data is strictly restricted to the services provided by us, as mentioned herein.

When there is no longer a business, legal, or regulatory requirement to keep the data, then the data will be purged in a secure manner.

To ensure that personal data is kept for no longer than necessary, we shall delete the KYC documents like PAN, Aadhar and other OVD Documents of the user possessed for processing their loan application within 48 hours from date of disbursement or rejection of the application.

Data Destruction Protocol: All the data, including all the copies thereof will be destroyed post the completion of the business, legal or regulatory requirement. In case the data are stored in physical form, that is, CDs, DVDs, Pen Drive, tapes, etc., then the physical device storage shall be destroyed. In case the data are stored in digital form, then secure erasure of individual folders and/or files will be done.

11. YOUR RIGHTS

As per the applicable data protection law, your principal rights are as follows:

a) Right to confirmation: You have the right to obtain a confirmation from us as to whether your personal data is being processed or not.

b) Right to rectification: In the event any personal data provided by you is inaccurate, incomplete, or outdated then you shall have the right to provide us with the accurate, complete and up to date data and have us rectify such data at our end immediately. We urge you to ensure that you always provide us with accurate and correct information/data to ensure your use of our services and/or platform is uninterrupted.

c) Right to erasure: You have the right to demand us to erase your personal data without undue delay and we will do so without undue delay, provided that the data is no longer required by us. However, rest assured that we will delete your personal data from our databases as soon as the legal basis for processing such personal data lapses. Do note that multiple legal bases for processing your personal data may exist in parallel and we may still have to retain some of your personal data at any time.

d) Right to the restriction of data processing: You have the right to require us to restrict the usage of data when the use of such data may be illegal or when such data is inaccurate.

e) Right to withdraw consent: You have the option, at any time while availing our Services or otherwise, to withdraw your consent given to us, for processing your data. In case of withdrawal of your consent, we reserve the option not to provide the Services for which such information was sought. In case the Services are already availed and then you raise a request to withdraw consent, then we have the right to retain all the necessary data required to carry out our operations.

You have the right to exercise any of the above rights by contacting our Data Protection Officer (“DPO”) at dpo@credenc.com. Once we receive your request and verify the same satisfactorily, we shall proceed with assisting you on your request.

12. APPLICABLE LAWS & DISPUTE RESOLUTION

Any controversy or claim arising out of or relating to this policy shall be decided by Arbitration in accordance with laws of India. The Arbitral Tribunal shall consist of one arbitrator who will be appointed by the Company. Any such controversy or claim shall be arbitrated on an individual basis, and shall not be consolidated in any arbitration with any claim or controversy of any other party. Any other dispute or disagreement of a legal nature will also be decided in accordance with the laws of India, and the Courts at New Delhi shall have exclusive jurisdiction in all such cases.

13. REGULAR REVIEW OF PRIVACY POLICY

We keep our Policy under regular review and may update the same to reflect changes to our information related practices. We encourage you to periodically review this page for the latest information on our privacy practices, your continued use and access of our platform will be taken as acceptance of the updated policy.