1. INTRODUCTION

The Reserve Bank of India (“RBI”) vide its Master Direction – Reserve Bank of India (Non-Banking Financial Company – Scale Based Regulation) Directions, 2023 dated October 19, 2023, as updated from time to time, (“SBR-MD”) and its Guidelines on Digital Lending dated September 02, 2022, as updated from time to time, requires non-banking financial companies to adopt guidelines regarding the storage of customer data including the type of data that can be stored, the length of time for which data can be stored, restrictions on the use of data, data destruction protocol and standards for handling security breach. Respo Financial Capital Private Limited (“Company”) is a non-banking finance company that offers unsecured personal loans to its customers/ borrowers.

The board of directors of the Company (“Board”) have formulated and approved the present policy regarding the handling and storage of customer data.

2. KEY OBJECTIVE 

This Digital Lending-Customer Data Policy (“Policy”) discloses the practices adopted by the Company for storing information it may receive from using mobile applications (hereinafter, collectively referred to as (“Digital Lending Platforms”) or from the lending service provider(s) (“LSP(s)”) for the purposes of providing loans/ credit facilities to the customers/ borrowers (“Services”).

3. INFORMATION STORED BY THE COMPANY

• The borrowers/customers are required to provide to the LSPs/ Digital Lending Platforms, certain information including but not limited to (a) name, user IDs, signature, email addresses, phone numbers, addresses, know your customer (“KYC”)/identity documents, communications; (b) bank account details, financial information, payment credentials, loan details such as amounts, lending history, repayments, credit history and income details; and (c) any other information as may be required by the Company (collectively “Customer Data”) in connection with the Services.
• The Digital Lending Platform / LSP will collect, view, undertake the processing and storage of such Customer Data only on a need-basis and will store only minimal data as is required for the performance of its obligations and/or Services.
• The Company will ensure that the Customer Data is stored on a secure server located in India.
• The Company will continue to retain Customer Data until the customers/borrowers specifically request the Company in writing to destroy such Customer Data (provided that the borrower/customer has no outstanding loan amount, unless otherwise required under applicable law.
• The Company will ensure that any collection of data by LSPs, Digital Lending Platforms and Digital Lending Platforms of LSPs is need-based and with prior and explicit consent of the borrower having an audit trail.

4. RESTRICTIONS ON USE OF CUSTOMER DATA

The Company will not use Customer Data for any purpose other than as set out in the Company’s Privacy Policy https://respo.co.in/privacy-policy/ or for providing the Services. 

5. SECURITY

The Company endeavours to safeguard and ensure the security of the Customer Data using appropriate measures to protect it from unauthorised access, and follow standards prescribed by applicable law. The Company uses appropriately secure encryption for the transmission of Customer Data.

All Customer Data will be protected in safe and secure conditions. Further, the Customer Data will be stored and preserved so as to ensure that there is no tampering, alteration, destruction or anything which endangers the content, authenticity, utility or accessibility of the Customer Data.

If any security breach comes to the Company’s knowledge, then Company will take all steps as set out in its Information Technology Framework and as may be required to protect misuse of such information. All suspected or reported security breaches or violations will be logged and tracked from initiation of the preliminary analysis to determine whether there was a security breach or violation till completion of necessary actions in relation thereto.

The Company will not be responsible for any breach of security or for any actions of any third parties or events that are beyond their reasonable control including computer hacking, unauthorized access to computer data and storage device, computer crashes, breach of security and encryption, poor quality of internet service or telephone service of the user, etc.

6. AMENDMENTS

The Company reserves the right to amend, modify or revise this Policy at any time with approval of Board. Where any amendment is required by way of any change in law, such change in law will be deemed to be incorporated into this Policy until the required amendment of this Policy is made.