PRIVACY POLICY
Objective of this Policy
This policy is framed in compliance with the Information Technology (Reasonable security practices
and procedures and sensitive personal data or information) Rules 2011 (the “IT Rules”) contained in
the Information Technology Act 2000, which mandate that any “body corporate or any person who on
behalf of body corporate collects, receives, possess, stores, deals or handle information of provider of
information, shall provide a privacy policy for handling of or dealing in personal information including
sensitive personal data or information and ensure that the same are available for view by such
providers of information who has provided such information under lawful contract”.
Collection of Information
As part of its loan processing activity, Mahaveer Finance India Limited (“Company”) collects
information from potential borrowers and others (hereinaŌer referred to as “Customer”), which would
include “Personal Data” or “Sensitive Personal Data or Information” (collectively referred to as
“Personal Information”). The Company is commiƩed to ensuring that such Personal Information is duly
protected and is not used against the interests of the providers of such Personal Information nor is it
shared with any Third Parties without the consent of the providers of such Personal Information.
In this context,
“Personal Data” means any data or information that relates to a natural person, which, either directly
or indirectly, in combination with other information available or likely to be available is capable of
identifying such person.
“Sensitive Personal Data or Information” of a person means such personal information which consists
of information relating to:
a. Password
b. Financial information such as Bank account or credit card or debit card or other payment instrument
details
c. Physical, physiological and mental health condition
d. Sexual orientation
e. Medical records and history
f. Biometric information
Provided that, any information that is freely available or accessible in public domain or furnished
under the Right to Information Act, 2005 or any other law for the time being in force shall not be
regarded as sensitive personal data or information for these purposes.
Sources or Means of Data Collection
The Company collects Personal Data or Sensitive Personal Data or Information from multiple sources,
which includes the following sources:
a. Data declared by the Persons either as part of their discussions with Company officials or
through the application form submiƩed by them to the Company.
b. Data submiƩed by the Persons through the website of the Company.
c. Data collected from third party sources including, but not limited to, credit bureaus, NSDL, other
banks or financial institutions, etc.
Such Personal Information or Sensitive Personal Data or Information is collected by the Company to
evaluate the credit worthiness of the potential borrowers, adherence to KYC requirements laid down
under various laws and regulations, etc. Such Personal Information or Sensitive Personal Data or
Information collected by the Company shall be used only for the purpose loan processing, Customer
communication, regulatory compliance, online payment authentication, etc and not for any other
purposes.
Sharing of Information
The Company does not disclose Personal Information or Sensitive Personal Data or Information of
Customers or potential borrowers without their prior consent unless disclosure is necessary to comply
with the applicable legal and regulatory processes or to protect and defend the rights, interests and
properties of the Company’s employees or to enforce the terms of service which are binding on all the
Persons. The Company may also share Personal Information or Sensitive Personal Data or Information
as part of reciprocal information exchange where there is a mandatory need to submit such Personal
Information or Sensitive Personal Data or Information. Under all other circumstances, Personal
Information or Sensitive Personal Data or Information shall be shared with others only with the explicit
consent of the Customer.
Data Security
Security of Customer data is paramount and is taken very seriously by the Company. The Company
shall ensure security of Personal Information or Sensitive Personal Data or Information by maintaining
physical, electronic, and procedural safeguards that meet applicable laws to protect Personal
Information or Sensitive Personal Data or Information against loss, misuse, damage and unauthorized
access, modifications or disclosures. Employees shall be trained in the proper handling of Personal
Information or Sensitive Personal Data or Information.
Records Management
The Company shall maintain Customers’ Personal Information or Sensitive Personal Data or
Information at the branch where such documents were submiƩed. The electronic information shall be
duly entered into the system and maintained in the servers of the Company. The Company may host
these servers in the Company’s premises or use the services of reputed third-party service providers
for hosting such servers. Such files / electronic data shall be stored safely and securely and only
authorised branch staff shall be permiƩed to access the data. Post sanction of the loan, the files may
be stored at the Head Office of the Company or the Company may engage the services of reputed
third-party service providers for record/ data storage/ management purposes under SLAs agreed by
the Company with such third parties in writing. Such SLAs would cover aspects of client data
confidentiality and related compliance requirements.
The servers shall contain the data of both active and closed accounts. Such data shall be maintained
for the timelines as stipulated under various laws and regulations.
Usage of Company Website
This Policy also governs the use of the Company’s website www.mahaveerfinance.com.
Submission of information to the Company through its Website and pages thereon shall be deemed
to be the property of the Company. The Company does not warrant that any e-mail from its website is
secure and does not guarantee that any such e-mail from any Persons or from the Company are secure
during Internet transmission.
All that has been stipulated under Sharing of Information, Data Security, and Records Management
shall apply to Personal Information or Sensitive Personal Data or Information submiƩed by Customers
through the Website of the Company. However, Customers should exercise caution when deciding to
disclose Personal Information or Sensitive Personal Data or Information and ensure that no third party
is able to access such personal information as it is being submiƩed on the Company’s Website or view
it on the screen of Customers’ computer. This caution is to be exercised in respect of the information
that Customers may provide, to apply to become a Customer of the Company.
Customer Consent
The Customer authorises the Company to exchange, share, part with all information related to the
details and transaction history of the Customers to its Associates / banks / financial institutions / credit
bureaus / agencies/participation in any telecommunication or electronic clearing network as may be
required by law, customary practice, credit reporting, statistical analysis and credit scoring, verification
or risk management and shall not hold the Company liable for use or disclosure of this information.
Update to Policy
The Company shall review and update this policy on a need basis. This Policy is subject to change
without notice. The final version of the policy will be available on the Company’s Website and
Customers are advised to review this Privacy Policy every time the Company’s Website is used by them.
Customers are also advised to review this Privacy Policy before submission of Personal Information or
Sensitive Personal Data or Information with any of the Company’s officials.
Grievance Redressal
In case of any grievances, Customers may reach out to the Grievance Redressal Officer of the
Company. The details are available on the Website of the Company under
https://www.mahaveerfinance.com/head-office.php.
***