Policies

1. Preamble

The Board of Directors (the “Board”) of Vayana Finserv Private Limited (the “Company” or “VFPL”), has adopted the following policy regarding privacy of data collected through any website, digital lending App, mobile application, platform or otherwise collected on the platform/ website and / or by any other means. VFPL, respects the privacy of everyone who visits VFPL’s website and is committed to protecting their personal information. This Privacy Policy applies to VFPL and to all visitors on the Website.

2. Introduction

This privacy policy explains how VFPL uses the personal data that it collects from the user/clients when they use its services and describes the practices and policies of VFPL in relation to collection, use, processing, storage, retrieving, disclosure, or transfer of information, including personal information and sensitive personal data or information that VFPL may receive through access, interaction or use of VFPL website and all customer facing applications and back office Operations applications.

3. Applicability

This Policy is applicable with reference to the Personal Data or Personal Information of the User which is non-public and collected by the VFPL whether manually or automated means. Please note that VFPL provides several products and services, each with their own personal data processing needs, some of which are more extensive than others. The personal data that is collected is limited to the specific products and services signed up for, and therefore, some clauses in this privacy policy may not be applicable to other users (those who avail VFPL services).

4. Type of Information Collected

To provide its services, the VFPL collects the following personal data:

• Information that may be provided by the user directly, such as:
  • Identification Information: Name, gender, residential/communication address, contact number, date of birth, marital status, email address or any other contact information.
  • PAN, KYC, Signature and Photograph.
  • Bank account or other payment instrument details.
  • Any other detail which may be required by VFPL for providing such services.

• Information that VFPL may collect for the use of its services, such as:
  • Personal Data/ Information
  • Sensitive Personal Data/ Information
  • Location Information
  • Other Information
  • Generation and storing Password or One-Time password based on user’s request on VFPL’s Digital Platform(s).
  • PAN details, copy/ details of Identity Proof & Address Proof and photograph(s).
  • Financial data and transaction data pertaining to the user collected from Credit Information Companies, bankers & lenders and VFPL’s partnering merchants.
  • Social relationships detail such as father’s name, spouse’s name, and mother’s name.
  • Device Information. It shall also include Unique mobile device identifier (e.g. IDFA or other device IDs on Apple devices like the iPhone and iPad), while using VFPL’s Digital Platform(s) on a mobile device, VFPL may use mobile device IDs (the unique identifier assigned to a device by the manufacturer), instead of cookies, to recognize the user of such services. Unlike cookies, mobile device IDs cannot be deleted from records. VFPL may share it with advertising companies, and they may use device IDs to track the use of VFPL applications, track the number of advertisements displayed, measure advertising performance and display advertisements that are more relevant to the user. VFPL may also share such information with analytics companies which may use mobile device IDs to track the usage of VFPL applications/ Platforms.
  • All other information, provided to VFPL through third-party sign-in services such as Facebook, Google etc. In such events/ cases, VFPL will fetch and store whatever information is made available by the user through these sign-in services.
  • Communications between user / client and other lenders, merchants, and other third parties through VFPL Platforms; participation by user/client in a survey, poll, sweepstakes, contest, or promotion scheme; request for certain features (e.g., newsletters, updates, or other products/ services).
  • Preferences including settings such as time zone and language.
  • Behavioural details as to how to utilize VFPL products, services, offers etc., browsing actions, patterns, and online activity. It may also include user/client’s online activity, such as search queries, comments, domain names, search results selected, number of clicks, pages viewed and the order of those pages, how long one visited VFPL Digital Platform(s), the date and time one used the Platforms, error logs, and other similar information.
  • Records of correspondence and other communications between VFPL and user / client, including email, telephone conversations, live chat, instant messages, and social media communications containing information concerning grievances, complaints and dispute.
  • Personal data provided to VFPL about others or others providing data with respect to the user / client : VFPL may collect and store information to process requests and automatically complete forms for future transactions, including (but not limited to) phone number, address, email, billing information and credit or debit/ payment card information. This information may be shared with third parties which assist in processing and fulfilling Requests, including PCI compliant payment gateway processors, card associations, payment aggregators, lenders, etc. When one submits credit or payment card information, VFPL will encrypt the information using industry standard technologies. If user / client writes reviews about businesses/ services with which one transacts through VFPL’s Digital Platform(s), VFPL may publicly display such information transacted with those businesses/ services.
  • The information provided by user / client such as ratings, reviews, tips, photos, comments, likes, bookmarks, friends, lists, etc. to be published or displayed (hereinafter, “posted”) on publicly accessible areas of VFPL Digital Platform(s),or transmitted to other Users of VFPL Platforms or third-parties (collectively, “User Inputs”). User Inputs are posted on and transmitted to others at their own risk. Although VFPL limits access to certain pages, one may set certain privacy settings for such information through the account profile. Please be aware that no security/ data protection measures are perfect or impenetrable. additionally, VFPL cannot control the actions of other users of its platforms with whom one may choose to share the user contributions. therefore, VFPL cannot and do not guarantee that user inputs will not be viewed by unauthorized persons. VFPL may display this information on the VFPL Digital Platform(s), share it with businesses, and further distribute it to a wider audience through third party sites and services. User / Client should be careful about revealing any sensitive details in such postings; and
  • Locations details including the latitude, longitude or altitude of mobile device, GPS location.
  • Information collected through cookies.
  • In case of mobile application users, the online or offline status of application.
  • The information that one agrees to share with VFPL for the availing of services.

VFPL, wherever possible, shall indicate which fields are mandatory and which fields are optional to be filled on its Digital Platform(s). One always has the option to not provide information by choosing not to submit particular information or feature on VFPL’s Digital Platform(s).

By using VFPL’s Digital Platform(s), the user/client consent to the collection, storage, and use of the User Information that is provided for any of the services offered, and user/client consents to VFPL’s collection of any changes or updates provided to the User Information. VFPL collects only such User Information that VFPL believes to be relevant for the purpose of identification and verification and is required to understand the user/client and their interests or provide services that may be required or requested by the user/client. it is clarified that VFPL shall not be liable, for any reason whatsoever, for the authenticity of any user information provided to it. The User / Client hereby represents, warrants and confirms that the user information provided is and shall continue to be valid, true and accurate.

•  Log File Information which shall be stored automatically:

If the user/client log into VFPL’s Digital Platform just to browse, read pages or download information, certain information regarding this visit is automatically stored on VFPL systems. This information cannot and does not identify the user / client personally.

The kind of information that is gathered automatically includes without limitation:

• • the type of browser (e.g. Internet Explorer, Firefox, etc.);
  • the type of Operating System (e.g. Windows or Mac OS);
  • the domain name of the Internet Service Provider, the date and time of the visit and the pages on VFPL Digital Platform.

VFPL may use this information to improve its digital platform’s design, and content, primarily to provide with a better browsing experience.

5.Usage of personal data

VFPL will not sell or rent the user/client’s data to any other party, for any reason, at any time. VFPL collects the user/client’s data so that VFPL can:

• Provide the user/client with VFPL’s products or services and manage the account.
• Share marketing communications and newsletters, contact the user/client with special offers on other products and services VFPL believes the user/client might like and let them know about its policies and terms. VFPL also use the user/client’s information to respond to them when they contact VFPL.
• To deliver marketing communications that VFPL believe may be of interest to the user/client ;
• To inform the user/client about important information regarding Digital Platforms, changes to terms, conditions, and policies and/or other administrative information;
• To offer the user/client VFPL’s products or services which they may have applied for or shown interest in;
• To allow the user/client to apply for VFPL’s products or services,
• To evaluate the user/client’s eligibility for VFPL’s products or services;
• To perform or execute transactions
• To perform VFPL’s obligations under KYC norms (e.g. sharing the user/client’s information with third parties to verify details they have provided to VFPL like the user/client’s identity, to authenticate and verify the information);
• To allow the user/client to participate in surveys and other forms of market research, contests and similar promotions and to administer these activities. Some of these activities have additional rules, which may contain additional information about how personal information is used and shared.
• To perform activities such as data analysis, audits, usage trends to determine the effectiveness of VFPL’s campaigns and as input into improving products and services and enhancing VFPL’s Digital Platforms;
• To improve risk control for fraud detection and prevention, to comply with laws and regulations, and to comply with other legal processes and law enforcement requirements;
• To allow the user/client to utilise VFPL’s Platform/app features by granting VFPL access to information from them device when they  request certain services;
• To enforce VFPL’s terms of use.
• Fulfil the user/client requests for certain products and services.
• For credit scoring, credit analysis, risk analysis, obtaining any reports, credit scores, credit information, scrubs, for assessing and undertaking/ evaluating financial standing, fraud check, fraud probability, reference checks, due diligence, inspections, etc. including from or through any credit information companies, bureaus, fintech entities or service providers.

6. How does VFPL store the user/client data?

VFPL stores the user/client data in a secure third-party facility. VFPL’s databases are protected from general employee access, both physically and logically. VFPL stores a salted digest for the password so that it cannot be recovered even by VFPL. All backup storage devices are encrypted.

VFPL uses a combination of firewall barriers, encryption techniques and authentication procedures, among others, to maintain the user/client’s online session’s security and protect accounts and systems from unauthorised access. When the user/client register for VFPL’s products and services, VFPL requires them to set a password for their privacy and security. To access the user/client’s account, VFPL will also generate a pseudonymous username to protect their privacy.

From the time the user/client submits their login information, including their username and password, the communication between their device and VFPL is encrypted using Transport Layer Security (TLS) technology. TLS enables the user / client and VFPL’s systems to communicate in a way that is designed to prevent eavesdropping, tampering and message forgery. In addition, TLS encryption protects data transmissions between the user/client’s browser and VFPL’s servers, such as your registration information for VFPL’s products and services and user/client’s account credentials.

VFPL will keep the user/client’s personal information and transaction data until it is no longer necessary to provide VFPL’s products and services. This is a case-by-case determination that depends on the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. VFPL stores all transaction data and identifiable information related to those transactions separately. Once the case-by-case determination has been made, or upon the user/client’s request to delete user/client’s data, whichever is earlier, VFPL will delete the user/client’s data by permanently expunging all identifiable information from VFPL’s primary production servers, and further access to the user/client’s account will not be possible. As part of VFPL’s “privacy by design” strategy, VFPL will also promptly disconnect any connection VFPL had established to the user/client’s account information and delete all account credentials. Once this process is complete, anonymised data, consisting of aggregated data and any remaining transactional or other data that has been stripped of any identifiable information, may remain on VFPL’s production servers indefinitely.

Separately, in order to improve VFPL’s products and services, VFPL also stores pseudonymised and anonymised data derived from the data VFPL collects from the user/client. Data pseudonymisation is the process of replacing personal information with a pseudonym or code. This makes it much harder for anyone who may see the data to identify the actual person behind the data. Pseudonymisation helps to protect privacy while still allowing the data to be used for research or analysis purposes.

Data anonymisation is the process of removing or obscuring personally identifiable information from a dataset so that the individuals represented in the data cannot be identified. This is typically done by replacing or removing any direct identifiers, such as names, addresses, or social security numbers, and aggregating or generalizing the remaining data so that it cannot be linked back to any specific individual. The purpose of data anonymisation is to protect the privacy and confidentiality of individuals while still allowing the data to be used for research, analysis, or other purposes. Anonymised data can be used to identify trends or patterns in a population without revealing any personal information about the individuals in that population.

VFPL takes specific technological measures, such as salting and data masking, and organisational measures, such as restricting general employee access, to ensure that any anonymised or pseudonymised data cannot be attributed to a particular individual or business entity without requiring additional information.

The user/client’s  data may also remain on a backup server or other storage media. VFPL will keep these backups to ensure VFPL’s continued ability to provide its products and services in the event of malfunction or damage to VFPL’s primary production servers. VFPL will also keep audit data on its servers to comply with its legal obligations.

7. Who does VFPL share the user/client’s information with?

• With any third-party service providers, vendors, affiliates, data processors and/or agents who perform services for VFPL and help operate its business;

• With co-lenders, co-originators, collaborators, and persons with whom VFPL may have a tie-up for any Products.

• With any person/s involved in derivation;

• Other companies to bring the user/client co-branded services, products or programs;

• Other third parties to comply with legal requirements such as the demands of applicable warrants, court orders; to verify or enforce VFPL’s terms of use, other rights, or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise to protect the rights, property or security of our customers or third parties. (in these scenarios we may share the user/client’s Data without obtaining their consent or intimating them further VFPL will have no control over how such Data is further processed by such authorities, persons etc.)
• VFPL may share the user/client’s Data, without obtaining their consent or without intimating them:
  • with governmental, statutory, regulatory, executive, law-enforcement, investigating or judicial/ quasi-judicial authorities, departments, instrumentalities, agencies, institutions, boards, commissions, courts, tribunals, who ask for such Data including by way of an order, direction, etc.; or
  • with any person, where disclosure is necessary for compliance of any legal or regulatory obligation. Wherever the Data is shared as above, we will not have control over how such Data is further processed by such authorities, persons, etc. (both under ‘a’ and ‘b’ above).

• Credit information companies, bureaus, fintech entities or service providers for the purposes of obtaining any reports, credit scores, credit information, scrubs, financial standing, fraud check, fraud probability, reference checks, due diligence, inspections, risk analysis etc.

The Data may also be shared by any of the aforesaid entities/persons with their service providers, consultants, agents, subsidiaries, affiliates, co-branded entity/partner, distributors, selling/marketing agents, any partners, fintech companies other layers/intermediaries in any ecosystem in which VFPL is a part, collaborators, co-lenders, co-originators, merchants, aggregators, lead generators, sourcing entities, clients, customers or other persons with whom VFPL have a tie-up or contract for any products or services etc. for any of the aforesaid purposes or any purposes incidental or necessary thereto.

8. How do we share Your information:

• To operate VFPL’s products and services, it works with trading partners, banking partners, and a Credit Bureau established under the rules and regulations of the country and therefore share the user/client personal information with these entities to the extent necessary.
• VFPL also work with third-party contractors providing VFPL services to operate its products and services. VFPL will share the user/client’s personal information with these third-party contractors to operate its products and services and require them to be bound by the same privacy restrictions described in this privacy policy.
• VFPL may use third-party service providers to provide advertising, measurement, marketing and analytics services to VFPL, and these providers may use cookies to provide those services to VFPL. VFPL do not share any personal information about its customers with these third-party service providers, and these service providers do not collect any personal information on VFPL’s behalf.

9. Retention of Personal Data:

• VFPL may retain the user/client’s Personal information for as long as required under applicable law or to provide them with services such as managing their account and dealing with any concerns that may arise or otherwise if required for any legal or regulatory requirements or for establishment, exercise or defence of legal claims or till the time as required under any contract, by applicable law.
• VFPL may need to retain the user/client’s information for a longer period where it needs the information for its legitimate purposes for e.g. to help respond to queries or complaints, combating fraud and financial crime, responding to requests from regulators, etc. If VFPL doesn’t need to retain information after a period of time, it may destroy, delete or anonymise it as decided from time to time.

10. Deletion / Forget of Data

The right to forget/delete data only applies to data held at the time such a request is received. It does not apply to data that may be created in the future. VFPL will keep the Data it collects on its systems or with third parties for as long as required for the purposes set out above or even beyond the expiry of transactional or account-based relationship with the user/client :

• as required to comply with any legal and regulatory obligations to which VFPL is subject, or
• for establishment, exercise or defence of legal claims, or
• as specified in this Privacy Policy, or
• in accordance with specific consents.

In case the user/client intends to erase their Personal information then please write to us at customercare@vayanafinserv.com. On receipt of request from User/Client, VFPL will delete User/Client’s Personal information or forget the customer, as long as the personal data is no longer required for legal / regulatory purpose of VFPL (currently about 8 years from date of cessation of the contract / interaction).

11. Cookies

• “Cookies” are small pieces of text sent to the user/client’s browser by a website/ customer facing systems and backoffice systems that are visited. They help these systems remember information about the user/client’s visit to improve their browsing experience next time they visit the site. VFPL may use cookies to improve their experiences when visiting or using its websites, all such customer facing applications, and in its emails. VFPL may use cookies to anonymously track interests and collect aggregate information when the user/client uses or visits VFPL’s websites, customer facing systems and backoffice systems, and in emails. VFPL do not use cookies to store or transmit any Personal Data.

• Temporary “session” cookies are also used to facilitate customer navigation within VFPLS’s websites, customer facing systems and backoffice systems, and in emails during the user/client ‘s visit. “Session” cookies are deleted once the user/client close their internet browser. VFPL may also use “persistent” cookies that are retained on the user/client’s computer after their visit ends so VFPL can identity their preferences and enhance their future visits to its websites, customer facing systems and backoffice systems, and emails.

• “Log files” are files that anonymously log actions that take place on a website. VFPL may use log files to gather statistics about the user/client’s browsing habits and to assess overall digital activity, including how many “hits” a particular web page is getting. Log files enable the user/client to track interest in specific promotions, troubleshoot technical concerns, and provide content that may be of interest. VFPL also use the log file entries for its internal marketing and demographic studies, so to improve its websites, customer facing systems and backoffice systems, and emails, it provides to customers and visitors. Log files are used internally only, are anonymous, and are not associated with any particular user, device, computer, or browser

• Keeping the user/client’s account information up to date is very important. If the user/client believe that their account information is incomplete or inaccurate, they should contact VFPL through available channels. The accuracy of the Data provided to VFPL is essential, among others, for the provision of Products to the user/client. It is therefore mandatory that the user/client ensures the accuracy and completeness of all Data disclosed or shared. Without prejudice to any rights and remedies of the user/client under any contract in this regard, the user/client shall be able to review the Data that they had provided and correct or amend as feasible any such Data which they find to be inaccurate or deficient. Provided that VFPL shall not be responsible for the authenticity of the Data supplied by them to it or any other person acting on behalf of it.

12. Consent

By visiting the website, online portals, electronic communications, application forms or through any other means whether physical or digital, the user/client hereby consent to the collection and use of the information they disclose to VFPL in accordance with this Privacy Policy, including but not limited to their consent for sharing their information as per this Privacy Policy.

13. Changes to our policy

Please note that VFPL’s Privacy Policy may change from time to time. If VFPL changes its privacy policies and procedures, it will post the changes on the Website to keep the user/client updated. Changes to this Policy shall become effective on the day they are posted on this page. The user/client should visit VFPL’s Website to keep themselves abreast of any changes to the Privacy Policy.

14. Grievance Redressal

Any discrepancies and grievances related to the processing and use of the user/client’s information can be raised to the Grievance Officer appointed by VFPL. For further details please visit Grievance Redressal Policy.