Hytone Holdings Private Limited (hereinafter referred to as the “Company”) recognizes the expectations of its customers with regard to privacy, confidentiality and security of their personal information that resides with the Company. Keeping personal information of customers secure and using it solely for activities related to the Company and preventing any misuse thereof is a foremost priority of the Company. The Company has adopted this privacy policy aimed at protecting the personal information entrusted and disclosed by the customers (hereinafter referred to as the “Policy”). This Policy governs the way in which the Company collects, uses, discloses, stores, secures and disposes of personal information and sensitive personal data or information.
“Digital Lending Apps” / “Platforms” / “DLA(s)” shall mean mobile and web-based applications with user interface that facilitate digital lending services. DLAs will include apps of the Company as well as those operated by LSPs engaged by the Company for extending any credit facilitation services in conformity with extant outsourcing guidelines issued by the RBI. "LSP(s)” means an agent of the Company who carries out one or more of Company’s functions or part thereof in customer acquisition, underwriting support, pricing support, servicing, monitoring, recovery of specific loan or loan portfolio on behalf of the Company in conformity with extant outsourcing guidelines issued by the RBI. “Personal Information” means any information that relates to a natural person, which is capable of identifying such person, either directly or indirectly, either independently or in combination with other information, either available or likely to be available with the Company. “RBI” shall mean Reserve Bank of India. “Sensitive Personal Data or Information” of a person or business legal entity means such personal / business information which consists of information relating to any or all of the following: 1. password; 2. financial information such as details pertaining to a Bank account or credit card or debit card or any other payment instrument; 3. physical, physiological, and mental health condition; 4. sexual orientation; 5. medical records & history; 6. biometric information; 7. any detail relating to the above clauses as provided to the Company for providing service, or received by the Company for processing, stored or processed under lawful contract or otherwise. Provided that the following shall not be regarded as sensitive personal data or information for the purposes of this policy: 1. any information that is freely available or accessible in the public domain or furnished under the Right to Information act, 2005 or any other law for the time being in force; 2. information obtained from a business legal entity in addition to "personal information" 3. Know Your Customer (KYC) and other information provided by the customer at the time of commencing a relationship or any time thereafter; 4. information about transactions with the Company; 5. has been obtained by the Company from a third person without any obligations of confidentiality; 6. furnished pursuant to any directions of a governmental authority or court of law; 7. was rightfully in the Company’s possession prior to receipt from the customer free of any obligation of confidence.
This Policy is applicable to Personal Information and Sensitive Personal Data or Information collected by the Company or its affiliates directly from the customer or through the Company’s online portals, mobile apps, and electronic communications as also any information collected by the Company’s server from the customer’s browser.
The Company collects and uses the Personal Information and Sensitive Personal Data or Information from its customers. This information is collected and used for specific business purposes or for other related purposes designated by the Company or for a lawful purpose to comply with the applicable laws and regulations. The Company shall not divulge any Personal Information or Sensitive Personal Data or Information collected from the customer, for cross-selling or any other purpose. The authenticity of the Personal Information or Sensitive Personal Data or Information provided by the customer shall not be the responsibility of the Company.
The Personal Information or Sensitive Personal Data or Information collected by the Company shall not be disclosed to any other organization except: 1. where the disclosure has been agreed upon in a written contract or otherwise between the Company and the customer; 2. where the Company is required to disclose the personal information to a third party on a need- to-know basis, provided that in such case the Company shall inform such third party of the confidential nature of the personal information and shall keep the same standards of information/ data security as that of the Company; 3. furnished pursuant to any directions of a governmental authority or court of law. 4. information through the DLA will be updated from time to time. In line with the mandate of the RBI, the Company has adopted and implemented the following requirements: 1. The Company shall ensure that LSPs/DLAs engaged by them do not store personal information of the customers except some basic minimal data (viz., name, address, contact details of the customer, etc.) that may be required to carry out their operations. 2. The Company shall carry out the responsibility of ensuring that the LSPs and DLAs maintain data privacy and security of the customer’s personal information. 3. The Company shall be provided with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the app delete/ forget the data. 4. The Company shall ensure that any collection of data by their DLAs and DLAs of their LSPs is need-based and with prior and explicit consent of the customers having an audit trail. The Company shall also ensure that DLAs desist from accessing mobile phone resources like file and media, contact list, call logs, telephony functions, etc. 5. The Company shall ensure that the customer shall be provided with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the app delete/ forget the data. 6. The purpose of obtaining customers’ consent needs to be disclosed at each stage of interface with the customers. 7. Explicit consent of the customer shall be taken before sharing personal information with any third party, except for cases where such sharing is required as per statutory or regulatory requirement. 8. The Company shall ensure that clear policy guidelines regarding the storage of customer data including the type of data that can be stored, the length of time for which data can be stored, restrictions on the use of data, data destruction protocol, standards for handling security breach, etc., are put in place and also disclosed by DLAs of the REs and of the LSP engaged by the Company prominently on their website and the apps at all times. 9. The Company shall ensure that no biometric data is stored/ collected in the systems associated with the DLA of the Company / their LSPs, unless allowed under extant statutory guidelines. 10. The Company shall ensure that they and the LSPs engaged by them comply with various technology standards/ requirements on cybersecurity stipulated by RBI and other agencies, or as may be specified from time to time, for undertaking digital lending. 11. All data (including personal data and information of the customers) shall be stored in India. 12. No information (including personal information or data of the borrowers) shall be collected by LSPs/ DLAs without the prior explicit consent of the customers. Nothing stated above shall preclude the Company from adhere to the mandate of disclosing / reports borrowers to the credit information companies in accordance with the Digital Lending Guidelines and/or the Outsourcing Policies and/or other extant instructions / guidelines / directions / circulars of the RBI
The security of Personal Information or Sensitive Personal Data or Information is a priority and will be protected by maintaining physical, electronic, and procedural safeguards that meet applicable laws. The Company shall take reasonable steps and measures to protect the security of the customer’s Personal Information or Sensitive Personal Data or Information from misuse and loss, unauthorized access, modification, or disclosure. The Company will maintain its security systems to ensure that the Personal Information or Sensitive Personal Data or Information of the customer is appropriately protected and follows the extant standard encryption norms followed for the transmission of information. The Company will ensure that its employees and affiliates respect the confidentiality of any personal information held by the Company.
Notwithstanding anything mentioned in the Policy, the Policy shall exclude information that is needed to be shared with others due to extant regulations e.g. credit bureaus, Central KYC Registry, Registrar of Companies and the RBI, and also where the Company is legally bound to disclose information including but not limited to Financial Intelligence Unit, Enforcement Directorate, Income Tax department or as required by a court of law or tribunal.
The Company shall have at all times during the tenure of this Agreement, a nodal grievance redressal officer and display the details of such nodal grievance redressal officer on its website and on the DLA. The DLA owned and operated by the Company shall categorically provide the detail of the grievance redressal mechanism established by the Company. In order to address any discrepancies or grievances related to the personal information residing with the Company, the customer may write to grievance.officer@hytone.in
The Company may, from time to time, change this Policy. The effective date of this Policy, as stated below, indicates the last time this Policy was revised or materially changed.
The Company digital platforms use various third-party analytical tools. These tools use cookies that are downloaded to your device when you visit a website in order to provide a personalized browsing experience. Cookies are used for lots of tasks like remembering your preferences and settings, provide a personalized browsing experience and analyse site operations. These cookies collect information about how users use a website, for instance, how often visited pages. All information collected by third- party cookies is aggregated and anonymous. By using our website user/s agree that these types of cookies can be placed on his/her device. User/s is free to disable/delete these cookies by changing his/her device/browser settings. The Company is not responsible for cookies placed in the device of user/s by any other website and information collected thereto.
This Policy shall be effective from the date of adoption by the Board.
This Policy shall be amended and/or restated and updated from time to time and such amendments and/or restatements and updations shall be effective from the date of adoption by the Board.
2021 Techvio - All Rights Reserved.