This document is an electronic record in terms of Information Technology Act, 2000 and rules there under as applicable. This electronic record is generated by a computer/electronic system and does not require any physical or digital signatures.
This Document is published in accordance with the provisions of Rule 3(1) of the Information Technology (Intermediaries Guidelines and Digital Media ethics Code) Rules, 2021 that requires publishing the rules and regulations, privacy policy and terms of use for access or usage of the platform.
Progfin Private Limited (formerly known as Hytone Holdings Private Limited) hereinafter referred to as the “Company”) recognizes the expectations of its customers with regard to privacy, confidentiality and security of their personal information that resides with the Company. Keeping personal information of customers secure and using it solely for activities related to the Company and preventing any misuse thereof is a foremost priority of the Company. The Company has adopted this privacy policy aimed at protecting the personal information entrusted and disclosed by the customers (hereinafter referred to as the “Policy”). This Policy governs the way in which the Company collects, uses, discloses, stores, secures and disposes of personal information and sensitive personal data or information.
“Digital Lending Apps” / “Platforms” / “DLA(s)” shall mean and include each website, mobile application of each of the entities as listed in the following link: https://progfin.in/lsps.html and shall also include any successor website/ applications of the foregoing, any website of related entity or any other channel facilitated and permitted by the Company or any other digital medium including phone, displays, emails, social media interfaces, messaging interfaces, wallet, payment intermediaries using electronic interface.
"LSP(s)” means an agent of the Company who carries out one or more of Company’s functions or part thereof in customer acquisition, underwriting support, pricing support, servicing, monitoring, recovery of specific loan or loan portfolio on behalf of the Company in conformity with extant outsourcing guidelines issued by the RBI. The list of LSPs engaged by Company may be accessed at the following link: https://progfin.in/lsps.html
“Personal Information” means any information that relates to a natural person, which is capable of identifying such person, either directly or indirectly, either independently or in combination with other information, either available or likely to be available with the Company.
“RBI” shall mean Reserve Bank of India.
“Sensitive Personal Data or Information” of a person or business legal entity means such Personal Information which consists of information relating to any or all of the following:
1. password;
2. financial information such as details pertaining to a Bank account or credit card or debit card or any other payment instrument;
3. physical, physiological, and mental health condition;
4. sexual orientation;
5. medical records & history;
6. biometric information;
7. any detail relating to the above clauses as provided to the Company for providing service, or received by the Company for processing, stored or processed under lawful contract or otherwise.
Provided that the following shall not be regarded as Sensitive Personal Data or Information for the purposes of this Policy:
Any information that is freely available or accessible in the public domain or furnished under the Right to Information act, 2005 or any other law for the time being in force;
This Policy is applicable to Personal Information and Sensitive Personal Data or Information collected by the Company from the persons (natural or juristic) who seek to or have availed loan from Company or from any other financial institution wherein Company acts in the capacity of business correspondent or any other similar capacity (“Customer”). Personal Information may be collected directly or through the Company’s affiliate online portals including Platform, mobile apps, and electronic communications as also any information collected by the Company’s server from the customer’s browser.
The Personal Information is collected and used for specific business purposes including but not limited to:
1. to process financial and non-financial transaction request;
2. to undertake research and analytics for offering or improving Company services;
3. to check and process Customer’s applications which may be submitted for availing any financial services;
4. to share any updates/changes to the services and their terms and conditions with Customer;
5. to take up and investigate any complaints/claims/disputes;
6. to respond to Customer’s queries and feedback submitted by Customer;
7. for verification of Customer’s identity and other parameters;
8. to fulfil the requirements of applicable laws / regulations and / or court orders /regulatory directives.
The Company shall not divulge any Personal Information or Sensitive Personal Data or Information collected from the Customer, for cross-selling or any other purpose without Customer’s prior consent. The authenticity of the Personal Information or Sensitive Personal Data or Information provided by the customer shall not be the responsibility of the Company.
Company may, for the purpose of providing services to Customers, collect the following types of Personal Information:
1. Financial Information: Includes any information collected from the Customer regarding his/her businesses, income, expenses, immoveable assets, moveable assets, loans outstanding, repayment history, guarantors, or collateral Bank account or other payment instrument details; or any other detail which may be required by Company for providing services.
2. Non-Financial Information: Includes any information collected from the Customer that is about his/her family, health, consumption behaviour, personal preferences, attitudes, beliefs or living conditions. It may include the following: Name, gender, residential / correspondence address, telephone number, date of birth, marital status, email address, PAN, KYC (Business & Personal) details, transaction details from bank statement, Credit bureau details, signature and/or photograph
The Personal Information or Sensitive Personal Data or Information collected by the Company shall not be disclosed to any other organization except in the following cases:
1. where the disclosure has been agreed upon in a written contract or otherwise between the Company and the Customer, except where the disclosure is required under law;
2. disclosure is to RBI/SEBI/ NSE/ BSE/ MCX / Credit Information Companies, Asset Management Companies of Mutual Funds /Registrar and transfer Agents / Collecting Banks / KYC Registration Agencies and other such agencies, solely for the purpose of processing Customer’s transaction requests;
3. to process loans with any other bank/non-banking financial company/other financial institution where Company is acting as agent/banking correspondent or in any similar capacity under a valid contract;
4. as part of valid contracts with service providers/research agencies/external consultants, etc.;
5. where the Company is required to disclose the personal information to a third party on a need- to-know basis, provided that in such case the Company shall inform such third party of the confidential nature of the Personal Information and shall keep the same standards of information/ data security as that of the Company; and/or
6. furnished pursuant to any directions of a governmental authority or court of law.
Company shall not retain or store Personal Information for periods longer than is required except when such information may lawfully be used or is otherwise required under any other law for the time being in force or for the purpose of fraud prevention or regulatory compliance.
By agreeing to avail the services offered by Company, Customer has agreed to the collection and use of Personal Information by Company. Customer has the right to refuse or withdraw his/her consent to share/disseminate Personal Information by contacting the Grievance Redressal Officer (the details specified as below)[] of the Company. However, in the event of Customer’s refusal or withdrawal of consent, Customer shall not be able to avail any services of Company to the fullest extent.
All computer desktops, laptops, hard drives, and portable media are processed for proper disposal. Paper and hard copy records shall be disposed of in a secure manner. The destruction of data shall address the following:
1. evaluation and final disposition of sensitive information, hardware, or electronic media
2. regardless of media format or type.
3. procedures may include shredding, incinerating, or pulp of hard copy materials so that Sensitive Personal Data or Information cannot be reconstructed.
4. Electronic Media (physical disks, printer and copier hard drives, etc.) shall be disposed of by one of the methods:
5. Hard drives are formatted on zero level [OR] Hard drive is crashed
6. AWS Server – Data is stored on virtual drives, upon termination of instance the virtual drive is permanently deleted.
The security of Personal Information or Sensitive Personal Data or Information is a priority and will be protected by maintaining physical, electronic, and procedural safeguards that meet applicable laws. The Company shall take reasonable steps and measures to protect the security of the customer’s Personal Information or Sensitive Personal Data or Information from misuse and loss, unauthorized access, modification, or disclosure. The Company will maintain its security systems to ensure that the Personal Information or Sensitive Personal Data or Information of the customer is appropriately protected and follows the extant standard encryption norms followed for the transmission of information. The Company will ensure that its employees and affiliates respect the confidentiality of any personal information held by the Company.
Notwithstanding anything mentioned in the Policy, the Policy shall exclude information that is needed to be shared with others due to extant regulations e.g. credit bureaus, Central KYC Registry, Registrar of Companies and the RBI, and also where the Company is legally bound to disclose information including but not limited to Financial Intelligence Unit, Enforcement Directorate, Income Tax department or as required by a court of law or tribunal.
The Company shall have at all times during the tenure of this Agreement, a nodal grievance redressal officer and display the details of such nodal grievance redressal officer on its website and on the DLA.
The DLA owned and operated by the Company shall categorically provide the detail of the grievance redressal mechanism established by the Company. In order to address any discrepancies or grievances related to the personal information residing with the Company, the customer may write to support@progfin.in
The Company may, from time to time, change this Policy without notice to Customer. To ensure that Customer is aware of the changes, Customer is requested to review this Policy and all the documents referred to hereunder periodically. Company shall not be liable for any failure or negligence on Customer’s part to review the updated Policy before accessing Company's website or Platform. Customers continued access / usage of website or Platform, following changes to this Policy, will constitute Customer’s acceptance of those changes.
The Company’s digital platforms use various third-party analytical tools. These tools use cookies that are downloaded to your device when you visit a website in order to provide a personalized browsing experience. Cookies are used for lots of tasks like remembering your preferences and settings, provide a personalized browsing experience and analyse site operations. These cookies collect information about how Customers and other users use Company’s website (“Users”), for instance, how often visited pages. All information collected by third- party cookies is aggregated and anonymous. By using Company’s website / Platform, User/s agree that these types of cookies can be placed on his/her device. User/s is free to disable/delete these cookies by changing his/her device/browser settings. The Company is not responsible for cookies placed in the device of User/s by any other website and information collected thereto.
This Policy shall be effective from the date of adoption by the Board.
This Policy shall be amended and/or restated and updated from time to time and such amendments and/or restatements and updation shall be effective from the date of adoption by the Board. The effective date of this Policy, as stated below, indicates the last time this Policy was revised or materially changed.
2023 Progfin - All Rights Reserved.