PRIVACY POLICY
| Version No. | Date | Drafted by | Reviewed by | Approved by |
| 2.0 | 21 Apr 2025 | Credit and Compliance Team | Risk and Compliance | Board of the Directors |
| Other Particulars | Details |
| Classification | Public |
| Last Review date | 21 Apr 2025 |
| Approval Date | 21 Apr 2025 |
PRIVACY POLICY
R.K. Bansal Finance Private Limited (hereinafter referred to as the “Company” or “RKBFPL”) is committed to protecting the privacy and confidentiality of personal information and sensitive personal data or information of its customers, borrowers, users, and other stakeholders. The Company recognises the importance of safeguarding personal data and adopts appropriate measures to ensure its security, confidentiality, and lawful use.
This Privacy Policy has been framed in accordance with the provisions of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, applicable provisions of the Digital Personal Data Protection Act, 2023 (to the extent applicable), and the guidelines, directions, and circulars issued by the Reserve Bank of India (“RBI”) from time to time, including the Fair Practices Code and RBI Digital Lending Guidelines.
1. DEFINITIONS
For the purpose of this Policy:
- “Personal Information” means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with the Company, is capable of identifying such person.
- “Sensitive Personal Data or Information” shall have the meaning assigned to it under applicable law and shall form part of Personal Information for the purposes of this Policy.
- “Third Party” means any service provider, lending service provider (LSP), consultant, contractor, or agent engaged by the Company for providing operational, technological, or other support services.
2. PURPOSE OF COLLECTION OF PERSONAL INFORMATION
The Company may collect, store, process, and use personal information strictly for legitimate business and regulatory purposes, including but not limited to:
- Verification of identity and completion of Know Your Customer (KYC) requirements;
- Processing, sanctioning, servicing, and recovery of loans;
- Responding to customer requests, queries, and grievances;
- Credit appraisal, underwriting, and risk assessment;
- Fraud detection, prevention, and regulatory compliance;
- Improvement of products, services, and customer experience; and
- Compliance with applicable laws, RBI guidelines, and directions issued by statutory or regulatory authorities.
The Company shall collect only such data that is necessary, relevant, and proportionate to the stated purpose and shall not collect or retain data beyond such purpose.
3. COLLECTION OF PERSONAL INFORMATION
The Company and its authorised Third Parties may collect personal information directly from customers or through digital platforms, applications, websites, or other lawful means during the course of providing financial services.
Personal information collected may include, inter alia, name, date of birth, contact details, address, occupation, income details, bank account details, identity and address proof documents, and such other information as may be required for regulatory, credit, or operational purposes.
The Policy represents the minimum standards that R.K. Bansal has set with respect to data privacy. It aligns with (and in some cases exceeds) the requirements of applicable laws and regulations (i.e. Indian IT Act of 2000, IT Amendment Act of 2008, IT Rules of 2011 and Aadhaar Act 2016).
Sensitive Personal Data or Information may include passwords, financial information, biometric or authentication-related information, as may be required under applicable law.
4. DIGITAL APPLICATION AND DEVICE PERMISSIONS
Where the Company offers digital lending or related services through mobile or web-based applications, access to device resources such as camera, location, storage, SMS, or contacts shall be obtained only with the explicit, informed, granular, and revocable consent of the user.
- Camera and storage permissions may be used solely for uploading KYC and other required documents.
- Location data may be collected for address verification, fraud prevention, and regulatory compliance.
- Access to financial transactional SMS, if permitted, shall be limited strictly to credit assessment, cash-flow analysis, and fraud prevention.
The Company does not access or store personal, non-financial SMS, media files, or unrelated personal content. Denial or withdrawal of optional permissions shall not result in automatic rejection of loan applications, unless such data is essential for regulatory or credit assessment purposes, which shall be clearly disclosed to the customer.
5. USE OF COOKIES AND WEB TECHNOLOGIES
The Company’s websites and digital platforms may use cookies and similar technologies to enhance user experience, analyse usage patterns, and improve services. Users may manage cookie preferences through browser settings. Disabling cookies may affect certain website functionalities.
6. DISCLOSURE AND SHARING OF PERSONAL INFORMATION
6.1 Internal Use
Personal information may be accessed by authorised employees of the Company strictly on a need-to-know basis for legitimate business purposes.
6.2 Third Parties and Lending Service Providers
The Company may share personal information with Third Parties, including Lending Service Providers, strictly for purposes necessary to provide services to customers. The Company remains fully responsible for the actions of such Third Parties and ensures that appropriate contractual safeguards, confidentiality obligations, and security standards are in place in accordance with RBI guidelines.
6.3 Regulatory and Legal Disclosures
Personal information may be disclosed to government authorities, regulators, or law enforcement agencies as required under applicable law or RBI directions.
The Company does not sell or disclose personal information to unauthorised third parties.
7. DATA STORAGE AND RETENTION
All personal and financial data of customers shall be stored on servers located within India, unless otherwise permitted under applicable law or RBI directions.
Personal information shall be retained only for such period as is necessary to fulfil the stated purpose or as required under applicable laws and regulatory guidelines, after which it shall be securely deleted or anonymised.
8. SECURITY PRACTICES
The Company adopts reasonable security practices and procedures, including administrative, technical, and physical safeguards, aligned with recognised information security standards, to protect personal information against unauthorised access, disclosure, alteration, or destruction.
9. CUSTOMER RIGHTS AND CHOICE
Customers may access, review, and request correction of their personal information by contacting the Company. Customers may also withdraw consent for the use of personal information, subject to applicable legal and regulatory requirements.
Customers have the option to opt out of non-essential promotional communications without affecting the core financial services provided by the Company.
10. GRIEVANCE REDRESSAL
Any grievance or concern relating to privacy or protection of personal information may be addressed to the Grievance Officer:
Name: Mr. Samir Sethi
Contact Number: 9311417272
Email: samir@ramfincorp.com
Working Days: Monday to Friday
Working Hours: 11:30 a.m. to 5:30 p.m.
The Company shall endeavour to resolve grievances within 30 days from the date of receipt. If a customer is not satisfied with the resolution, the grievance may be escalated in accordance with the RBI Ombudsman framework, as applicable.
11. REVIEW AND AMENDMENT
This Privacy Policy shall be reviewed periodically and updated as necessary to reflect changes in laws, regulations, or business practices. Any material changes shall be appropriately communicated.
This Policy is approved by the Board of Directors or an authorised committee thereof and shall be available on the Company’s website and digital platforms.