a) The term ‘Company’ shall mean ‘Credenc Web Technologies Private Limited’ a Private Limited Company limited by shares and registered under the Companies Act, 2013 and having its registered office at 2nd Floor, DLF Centre, Sansad Marg, New Delhi – 110001
b) The term ‘website’ shall mean www.credenc.com
c) The term ‘You’, ‘Your’ &‘User’ shall mean any legal person or entity accessing or using the services provided on this Website, who is competent to enter into binding contracts, as per the provisions of the Indian Contract Act, 1872;
d) The terms ‘We’, ‘Us’& ‘Our’ shall mean the Website/domain/app (collectively referred to as the “Platform”) and/or the Company, as the context so requires.
a) We are committed to safeguarding your privacy and ensuring that you continue to trust us with your personal data. When you interact with us you may share personal information with us which allows identification of you as an individual. This is known as personal data.
a) This Policy applies to the personal data that we collect about you for the purposes of providing you with our services.
c) We reserve the right to change this Policy without prior notice. We encourage you to regularly review this policy to ensure that you are aware of any changes and how your personal data may be used.
While accessing our platform, we may ask you to provide us with certain Personally Identifiable Information that can be used to identify you. Collection of such data and information is essential for the purpose of serving the best version of our platform and services. We will have the right to use the data in accordance with the terms of this Policy, which may be in further shared with our lenders and third-party service providers, including but not limited to technical sub-contractors, analytics providers, etc. We may collect data about you from a variety of sources, including through:
a) Online and electronic interactions with us, including via the website, mobile applications, text messaging programs or through our pages on third party social networks.
b) Your interaction with online targeted content (such as advertisements) that we or service providers on our behalf provide to you via third party websites and/or applications.
This is data that you provide us with your consent for a specified purpose including:
a) Personal contact information, including any information allowing us to contact you in person. These information includes, but is not limited to, borrowers and co-borrowers KYC details, borrowers academic information and documents, co-borrowers financial documents, etc.
b) Demographic information, including date of birth, age, gender, location. We may also collect the location data, if enabled by you to do so. Geolocation includes country pf access, IP address, etc.
c) User image, for us to cross check and verify the authenticity of the User and for prevention of fraud.
d) Account login information including any information that is required for you to establish a user account with us. (e.g. login ID/email, user name, password and security question/answer);
e) Consumer feedback, including information that you share with us about your experience in using our services (e.g. your comments and suggestions, testimonials and other feedback)
f) We may collect the Usage data, including but not limited to access date and time, platform features and/or pages viewed, type of browser, hardware models, operating systems and versions, software, mobile network data, etc.
g) The data collected, as mentioned above, is solely restricted to the above-mentioned activities and will not be in further used for any other purpose. In case we use the data for any other purpose, explicit consent shall be taken from the customers.
h) We will desist from accessing mobile phone resources like file and media, contact list, call logs, telephony functions from borrower phone resources.
i) We will ensure that access to camera, microphone, location or any other facility necessary for the purpose of on-boarding/ KYC requirements and only with the explicit consent of the borrower.
j) We will ensure that no biometric data is stored/ collected in the systems , unless allowed under extant statutory guidelines.
k) We will ensure that all data is stored only in servers located within India , while ensuring compliance with statutory obligations/ regulatory instructions.
The app does use third party services that may collect information used to identify you.
We want to inform you that whenever you use our Service, in a case of an error in the app we collect data and information (through third party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.
Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.
This Service does not use these “cookies” explicitly. However, the app may use third party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.
We may employ third-party companies and individuals due to the following reasons:
We want to inform users of this Service that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
a) We may share your personal information with other corporate entities and affiliates to help detect and prevent identity theft, fraud and other potentially illegal acts; correlate related or multiple accounts to prevent abuse of our services; and to facilitate joint or co-branded services, where such services are provided by more than one corporate entity.
c) We and our affiliates may share / sell some or all of the your personal information with other business entities in the event that we merge or are acquired by such business entity, or in the event of re-organization, amalgamation, or restructuring of the our business. Such business entity or new entity will continue to be bound be the Terms and Policy, as may be amended from time to time.
We and our affiliated partners may use the personal information submitted by you to contact you in relation to the services offered. This shall override any calling preferences, which you may have registered in the NDNC.
Transactions on the Website are secure and protected. Any information entered by the User when transacting on the Website is encrypted to protect the User against unintentional disclosure to third parties. The User’s credit and debit card information is not received, stored by or retained by the Company / Website in any manner. This information is supplied by the User directly to the relevant payment gateway which is authorized to handle the information provided, and is compliant with the regulations and requirements of various banks and institutions and payment franchisees that it is associated with.
In accordance with Information Technology Act 2000 and rules made there under, contact details of the Data Protection Officer are provided below: Shijin Abraham Email: firstname.lastname@example.org
In order to keep your personal data secure, we have implemented a number of security measures including:
a) We store your data in secure operating environments accessible only to our employees, agents and affiliates on a need to know basis.
b) We use 256-bit encryption to provide protection for sensitive financial information, such as credit card information sent over the Internet.
c) Prior authentication for account access - We require our registered users to verify their identity (e.g. login ID and password) before they can access or make changes to their account. This is aimed to prevent unauthorized accesses.
d) Please note that these protections do not apply to personal data you choose to share in public areas such as on community websites.
e) Standards for handling security breach:
(i) All suspected or reported security breaches or violations shall be logged and tracked from initiation of the preliminary analysis to determine whether there was a security breach or violation till completion of actions taken;
(ii) Appropriate contacts with relevant authorities shall be maintained to escalate to respective authorities as required, including the local cyber cell information.
(iii) Below mentioned are the steps for handling security breach:
(iv) if any security breach comes to our knowledge, then we may take all steps required to protect misuse of such information and may attempt to notify you electronically so that you can take appropriate steps.
We will only retain your personal data for as long as it is necessary for the stated purpose, taking into account also our need to answer queries or resolve problems, provide improved and new services, and comply with legal requirements under applicable laws. This means that we may retain your personal data for a reasonable period after your last interaction with us. Kindly note that we do not sell your personal data to any third party and the use of your personal data is strictly restricted to the services provided by us, as mentioned herein.
When there is no longer a business, legal, or regulatory requirement to keep the data, then the data will be purged in a secure manner.
To ensure that personal data is kept for no longer than necessary, we shall delete the KYC documents like PAN, Aadhar and other OVD Documents of the user possessed for processing their loan application within 48 hours from date of disbursement or rejection of the application.
Data Destruction Protocol: All the data, including all the copies thereof will be destroyed post the completion of the business, legal or regulatory requirement. In case the data are stored in physical form, that is, CDs, DVDs, Pen Drive, tapes, etc., then the physical device storage shall be destroyed. In case the data are stored in digital form, then secure erasure of individual folders and/or files will be done.
As per the applicable data protection law, your principal rights are as follows:
a) Right to confirmation: You have the right to obtain a confirmation from us as to whether your personal data is being processed or not.
b) Right to rectification: In the event any personal data provided by you is inaccurate, incomplete, or outdated then you shall have the right to provide us with the accurate, complete and up to date data and have us rectify such data at our end immediately. We urge you to ensure that you always provide us with accurate and correct information/data to ensure your use of our services and/or platform is uninterrupted.
c) Right to erasure: You have the right to demand us to erase your personal data without undue delay and we will do so without undue delay, provided that the data is no longer required by us. However, rest assured that we will delete your personal data from our databases as soon as the legal basis for processing such personal data lapses. Do note that multiple legal bases for processing your personal data may exist in parallel and we may still have to retain some of your personal data at any time.
d) Right to the restriction of data processing: You have the right to require us to restrict the usage of data when the use of such data may be illegal or when such data is inaccurate.
e) Right to withdraw consent: You have the option, at any time while availing our Services or otherwise, to withdraw your consent given to us, for processing your data. In case of withdrawal of your consent, we reserve the option not to provide the Services for which such information was sought. In case the Services are already availed and then you raise a request to withdraw consent, then we have the right to retain all the necessary data required to carry out our operations.
You have the right to exercise any of the above rights by contacting our Data Protection Officer (“DPO”) at email@example.com. Once we receive your request and verify the same satisfactorily, we shall proceed with assisting you on your request.
Any controversy or claim arising out of or relating to this policy shall be decided by Arbitration in accordance with laws of India. The Arbitral Tribunal shall consist of one arbitrator who will be appointed by the Company. Any such controversy or claim shall be arbitrated on an individual basis, and shall not be consolidated in any arbitration with any claim or controversy of any other party. Any other dispute or disagreement of a legal nature will also be decided in accordance with the laws of India, and the Courts at New Delhi shall have exclusive jurisdiction in all such cases.
We keep our Policy under regular review and may update the same to reflect changes to our information related practices. We encourage you to periodically review this page for the latest information on our privacy practices, your continued use and access of our platform will be taken as acceptance of the updated policy.