1.Introduction

This Data Privacy Policy sets forth the reasonable security practices and procedures adopted by IKF Group (“IKF”) and shall apply to use and disclosure and sharing of User’ or Customer’s Data on the website/ web application, mobile application or otherwise and in scope includes Cloud IT environment as well (“IKF’s information resources”). This privacy policy shall be read in conjunction with the terms of use agreed by the Customer or User while registering with IKF for availing its Services.

2.Important Definitions

Customer shall mean any individual who has been sanctioned a loan or any other facility provided by the Company.

User shall mean any individual who interacts with the IKF’s Mobile App, Web-based application, or any other IKF information resource, including registered users who have not yet availed of any loan or facility from the Company.

Data for the purpose of this Policy (except where specifically defined otherwise) shall mean and include all information and details supplied by the Customer or User or accessed by IKF or Third Party as per the Consent provided including sensitive personal data/ information that identifies individuals, such as individual’s Name, Address, Date of birth, Bank Account details, Phone number, Fax number or Email address.

Services means any of the service(s) that are provided by IKF to its Customers and/or users by way of any IKF information resources including lending services.

Third Party shall mean and include IKF’s group entity(ies), third party vendors (of any nature whatsoever) and/or consultants, advisors, partners, banks, financial institutions, credit bureau/ agencies, identity authenticating agencies (NSDL, UIDAI, State Transport Department, etc., regulatory or statutory bodies

3.Consent

By visiting the Website, the Customer or User agrees to be bound by the terms and conditions of this Privacy Policy. If the Customer or User disagrees with the terms and conditions of the Privacy Policy, the Customer/User shall not use or access this Website.

IKF shall obtain a Customer’s or user’s consent in writing or electronically accessed by IKF or Third Party as per the Consent provided by the Customer or user to Access the Data with an audit trail of the purpose or usage to provide Services under the terms of use. This personal Data collected from Customers or users is solely for the Purposes provided under this Policy and the Consent provided by the Customer or user. Access, storage and usage of Data by IKFshall be as permitted/ allowed under extant statutory and regulatory guidelines. For the purpose of this Policy, ‘Access’ shall mean and include access, collection, storage, sharing, monitoring.

Data shall be collected on need basis and as provided will be on ‘as on basis’. IKF shall not be responsible for unverified personal information or Data supplied by Customers.

To onboard the Customer or user through the use of mobile or web application and KYC regulatory requirements, mobile resource access for camera, microphone, location or any other facility necessary, shall be requested from the Customer or user. Users have the option to not agree to the collection of Data by rejecting the access permissions to mobile resources like camera, microphone, location or any other facility. Purpose and Usage of Data:

4.Purpose and Usage of Data:

IKF requires Customer’s Data to operate and provide various Services. IKF may Access, share, transfer or use the Data only for the purpose as follows:

  • To fulfill the Customer requests for products and services offered and subscribed and accepted by Customer.
  • To deliver to Customer any administrative notices, alerts, advice and communications relevant to Customer’s use of the Service.
  • Customer data may be shared with third parties strictly as necessary for the provision of additional or similar services, including value-added services, to enhance the customer experience. .
  • For market research, project planning, troubleshooting problems, detecting and protecting against error, fraud or other criminal activity.
  • To Third-Party contractors of IKF. The Third-Party contractors are bound by similar privacy restrictions.
  • Verifying Customer identity and address details and find nearest branches.
  • Enabling secure downloads and uploads of documents related to loan, KYC, otherwise.
  • Managing phone calls and SMS/texts, Sending reminders, etc.
  • Analyzing Customer’s financial position or credit risk assessment or credit appraisal.
  • “Know Your Customer” (KYC) requirements like verification or authentication (any nature).
  • Data enrichment; Making personalized offers of products and services, credit rating, promotion or marketing of IKF’s product or its group companies or Third Party.
  • For the purposes connected with IKF’s ‘Terms of Use’ on any of the Company information resource.
  • To undertake activities as may be permitted under law/regulations/directions/guidelines or by any authority or under any license or registration of the Company.
  • The Data so collected shall be used only for the purpose otherwise as may be expressly consented by the Customer.
  • All such Data collected shall be retained so long as Customers are having account with IKF and remain active to avail various services and/or as may be required under the law or by any authority..

5.Update of Data

IKF encourages the Customers to update this information as and when there are any changes. The Customer is also entitled to review the information provided and ensure that any Data/ personal information found to be inaccurate or deficient be corrected or amended as feasible. However, IKF shall not be responsible for unverified, inaccurate or un-updated Data supplied from the Customers.

6.Sharing or Transfer or Disclosure of Data

Data of the Customers will not be sold or otherwise transferred to unaffiliated third parties except if otherwise stated at the time of collection or or under Consent obtained from the Customer or as required under law. However, IKF can share, exchange and disclose Data of the Customer to Third Parties with prior consent of the Customer or as may be permitted under applicable laws.

IKF treats Customer’s Data as private and confidential and does not check, edit, or reveal it to any third parties except as provided under this Policy or where it is expressly agreed and where it believes in good faith, such action is necessary to comply with the applicable legal and regulatory processes or to enforce the terms of service. IKF may disclose personal information where it is under legal obligation to do so or where it is mandated under law or directed by any authority. Subject to the provisions of this Policy, IKF may transfer Data to another Indian or overseas body corporate that ensures the same level of data protection that is adhered to by IKF, if it is necessary for the performance of a lawful contract between IKF or any person on Customer’s behalf or where Customer have consented to the data transfer.

Lending Service Providers (as defined under law) or Third Parties are also bound by a contractual obligation to ensure confidentiality of shared data and to comply with various technology standards/ requirements on cybersecurity stipulated by ‘Reserve Bank of India’ and other authorities, as may be specified from time to time.

7.Unsolicited Information

Except where specifically agreed or necessary for operational or regulatory reasons, IKF will not send the Customer any unsolicited information. However, to help the Customer to take full advantage of the service offerings of IKFthe Customer will have the opportunity to indicate whether the individual would like to "opt out" of receiving promotional and/or marketing information about other products, services and offerings from Company and/or any Third Parties etc. Unless the Customer opts out, IKF may send occasional communications to Customers Email address. . The Customer can nevertheless unsubscribe from receipt of such emails by following instructions therein or by communicating accordingly to IKF.

8.Storage and Retention of Data

IKF shall retain Data of Customer as may be required to carry out their operations under applicable laws or regulations or licenses or under the Consent provided by the Customer. The Data will be stored only in servers located within India and shall be retained for a period of 10 years from the date it is Accessed or obtained by IKF or so long as Customers are having account with IKF and remain active to avail various services, whichever is later.

9.Disposal, Destruction and Redaction of Data

IKF Data Retention and Disposal require managerial approval for the disposal, destruction and deletion of any Data. Our disposal, destruction and redaction procedures prevent the recovery, theft, misuse or unauthorized access of Data. The same is governed under existing regulatory directions.

10.Use of Cookies

IKF’s websites may use "cookies" (information stored on an individual's computer by an individual's browser at our request). "Cookies" is a term generally used for small text files a website can use to recognize repeat users, facilitate the user's ongoing access to and use of the site, allow a site to track usage behavior and compile aggregate data that will allow content improvements and targeted advertising etc. If a user does not want information collected through the use of cookies, there is a simple procedure in most browsers that allows the user to deny or accept the cookie feature.

11.Security of Data

  • IKF follows information security policy and deals with mostly personal identifiable information (PII) of users, it becomes imperative to protect such information as soon as they are in the IKF network. The ownership of the data lies with the skilled IT Function Team. Below are the security measures taken to prevent misuse of this type of information.
  • IKF has implemented physical, administrative and technical security measures across the organization which are designed to prevent data loss, unauthorized Access to Data and misuse, disclosure, alteration, damage or destruction of Data.
  • Sensitive PII data are encrypted at rest using strong encryption algorithms. The keys used for such encryption algorithms are stored securely and access to keys are restricted to authorized entities only.
  • IKF fully understands that the Data collected from Customer’s or User’s is under our guardianship. Therefore, IKF trains its employees on the privacy policy as well as information security procedures regarding the appropriate access, use, and disclosure of Data.
  • IKF also conducts periodic risk assessments on the processes and information systems and audits of material third-party vendors dealing with Data of the customer..
  • IKF also conducts third party audit & assessment on periodic intervals for material vendors
  • IKF has in place an incident response plan with trained personnel to respond to, investigate and mitigate the impact of any incident.
  • IKF also maintains adequate plans for business continuity management, as well as disaster recovery processes for testing databases, servers, information systems and processes that handle personal data.

This Privacy policy shall be read in conjunction with IKF Information Security and Information technology policies and procedures, as may be existing and applicable.

12.Quality

IKF informs individuals or users that it is the responsibility of the individuals or users to provide accurate, complete and relevant information in order to maintain the quality and integrity of the Data available with IKF. Customers may contact IKF designated personnel and have the personal information or Data amended, as required to ensure accuracy following standard procedures & regulations.

13.Compliance and Reporting

IKF is committed to comply with this Policy and with applicable privacy laws, regulations and applicable guidelines from authorities. IKF conducts regular audits of our compliance with applicable privacy policies, procedures, laws, regulations, contracts and standards under applicable regulations.

14.Change in Privacy Policy

IKF reserves the right to change Privacy Policy at any time. Users or customers may note that this Policy itself and any such change of Policy will be effective from the date of posting on www.ikffinance.com and shall be considered disclosed to the users orcustomers.

15.Grievance Redressal

As per rule 5(9) of the Indian Information Technology rules, Manager of IT Department has been designated as Grievance Officer. The contact details are as below:

E‐mail id: privacy@ikffinance.com

All the grievances and any discrepancies of the provider of information shall be redressed within one month (30 days) from the date of receipt of notice of grievance

16.Review / Revision of Policy

If at any point a conflict of interpretation or information between the Policy and any regulations, rules, guidelines, notification, clarifications, circulars, master circulars or directions issued by relevant authorities (“Regulatory Provisions”) arises, then interpretation of the Regulatory Provisions shall prevail. In case of any amendment(s) and/or clarification(s) to the Regulatory Provisions, the Policy shall stand amended accordingly from the effective date specified as per the Regulatory Provisions.