Privacy Policy
Privacy Policy
Finova Capital Private Limited (“Finova Capital” or “FCPL”) recognizes the expectations of its Customer, Employee, Vendor or any natural person with regard to privacy, confidentiality and security of their personal information that resides with the Company. It is the policy of the Finova Capital to keep the personal information secure and use the same solely for the activities related to the Finova Capital.
This Privacy Policy governs the way in which the Company collect, receive, possess, store, deal or handle Personal Information including and Sensitive Personal Data or Information.
Applicability
This Privacy Policy applies to the Personal Information and Sensitive Personal Data or Information collected by Finova Capital or its affiliates from the Customer, Employee, Vendor or any natural person (hereinafter referred to as “Provider”) through Finova Capital’s website, mobile applications, offline interactions and electronic communications. This includes information collected directly from provider, as well as information collected automatically by Finova Capital’s server from their browser.
For the purpose of this Privacy Policy, the term "You", “Your”, shall mean Provider and the term "We", "Us", "Our" shall mean Finova Capital.
Definitions
The following terms shall have the meanings assigned to them herein below:
"Personal information" or “PI” - means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with the Finova Capital, is capable of identifying such person.
“Sensitive personal data or information” or “SPDI” - Sensitive personal data or information of a person means such personal information which consists of information relating to:
- password;
- financial information such as Bank account or credit card or debit card or other payment instrument details;
- physical, physiological and mental health condition;
- sexual orientation;
- medical records and history;
- Biometric information;
- any detail relating to the above clauses as provided to Finova Capital for providing service; and
- any of the information received under above clauses by Finova Capital for processing, stored or processed under lawful contract or otherwise.
Provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as SPDI for the purposes of these rules.
Purpose of Collection and Usage of Information
Finova Capital collects the PI and SPDI from its provider and uses the same for specific business purposes or for other related purposes designated by Finova Capital or for a lawful purpose to comply with the applicable laws and regulations. Our use of or processing of your personal data depends on the nature of service and your interactions with us. FCPL processes the information based on your consent, in order to process your PI in certain situations.
Type of Personal Information Collected
Finova Capital may, for the purpose of rendering its services, collect PI as described below:
Identity and contact information
- Name, address, signatures, date of birth, copies of Identity Cards (ID), contact details including email id and phone number, address, previous names, maiden names, marital status, relatives’ information, nomination, medical condition, domicile, origin, citizenship, nationality, residence, any legal or other identifiers like Permanent Account Number (PAN)/ Taxpayer Identification Number (TIN)/ Aadhaar/ National ID/ Social Security Number/ or its equivalent, Photograph and Gender.
- Data that identifies (whether directly or indirectly) a particular individual, such as information you provide on any forms, surveys, online applications or similar online fields.
- Demographic information that you provide and aggregated Data.
Financial details
- Bank account details and financial details.
- Risk profiling Spending/saving/investing/payments/receipts/borrowing history.
Information you provide about others or others provide about you
- If you give information or data about someone else or someone gives information about you, may be added to any Data that is already held about you and can be used in the ways described in this Privacy Policy.
- Information including Data from credit information companies/ credit reference agencies, vendors, references, risk management and fraud prevention agencies, national and government databases.
- Data of authorised signatories or authorised persons or representatives of non-individual applicants/ customers/ users of any services, whether direct or indirect.
Information from online activities.
- Information about your internet activity is collected using technology known as cookies, which can often be controlled through internet browsers.
- Your digital and electronic devices where various checks are performed are designed to ascertain and verify your residency to ensure we meet our regulatory obligations. These checks include identifying and collecting your location (with your specific permission) and the IP address your device connects from and the collection of information about your use of the website or mobile application (including device type, operating system, screen resolution, and the way you interact with us).
- Information about your Internet browser, IP address, information collected through tracking technologies.
- Unique device identifier such as International Mobile Equipment Identity number, technical usage data, contact lists (in some cases where specific permission is obtained), technical data about your computer and mobile device including details regarding applications and usage details.
- Generation and storing password or PIN in encrypted form.
Any of the aforesaid data (whether personal data or sensitive personal data or information), information, Know Your Customer related data, any derivative thereof ("Derivative Data”) like any credit scores or behavioural projections, profiling, analytical results, reports (prepared by us or others) including through any algorithms, analytics, software, automations, profiling etc., and whether such derivative is from the information collected from you or in combination with any other information sourced from any other person, database or source whether by us or others, shall collectively be referred to as “Data” and any part of the process relating to arriving at the Derivative Data as above, whether through internal or external sourcing, shall be referred to as “Derivation”.
When and how your Data is collected?
Your Data may be collected or processed through any of the following:
- When you submit the Data to us including when you ask for certain Products.
- When you use/apply for the Products.
- During the course of transactions.
- Data collected during credit assessment, risk assessment, fraud checks, fraud detections, processes undertaken for fraud prevention, detecting malpractices or discrepant documents or information, prevention of misuse, assessment of credit worthiness, evaluation of financial standing, due diligence, background check, physical and other inspections, verifications, Know Your Customer/Anti Money Laundering checks, monitoring, collections, recovery, customer service etc.
- When you use our website and online services provided by us (including mobile applications) and visit our branches or offices.
- When you email or call or respond to our emails/phone calls or during meetings with our staff or its service providers or representatives.
- When you or others give the Data verbally or in writing. This Data may be on application forms, in records of your transactions or if you make a complaint.
- From information publicly available about you. When you make Data about yourself publicly available on your social media accounts or where you choose to make the Data available through your social media account, and where it is appropriate to be used.
- During or as a result of Derivation, from any person possessing the same or sourcing any Data therefor.
- Data collected through cookies.
How we process your Data?
Whether we’re using it to confirm your identity, to help in the processing of an application for any Products or to improve your experiences with us, your Data is always handled with care and the principles outlined in this Privacy Policy are always applied.
Purposes of processing Data
The processing of the Data may be done by us or any of the processing entities for any of the following purposes, and you agree and consent to the same:
- To provide you with Products.
- To manage relationships with you.
- For credit scoring/credit analysis/risk analysis, obtaining any reports, credit scores, credit information, scrubs, for assessing and undertaking/ evaluating financial standing, fraud check, fraud probability, reference checks, due diligence, inspections, etc.
- For enabling use of our website, platforms, and online services (including mobile or web applications) and visiting our branches or offices.
- For security, business continuity and risk management.
- To improve provider experience.
- Where processing is necessary because of a legal or regulatory obligation that applies to us.
- We may also contact you or send you messages, notifications or alerts by post, telephone, text, email, and other digital methods, including for example via mobile applications, push notifications.
- For any purposes which are incidental or necessary to any of the aforesaid purposes.
- You agree that FCPL may engage with any Processing Entity, for any of the aforesaid purposes or part thereof for any incidental or ancillary purposes, and may accordingly share Data with any of them and allow them to further process/ share the same, for the said purposes.
Automated processing
The way your personal information is analysed in relation to the Products including applications, credit decisions, determining your eligibility for the Products, may involve automated profiling and decision making, this means that your Data may be processed using software that is able to evaluate your personal aspects and predict risks or outcomes as also where the decision making may be automated.
We may also carry out automated anti-money laundering and sanctions checks. This means that we may automatically decide that you pose a fraud or money laundering risk if the processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity.
Who we share your Data with?
We may share the Data with the following persons and/or in the following circumstances:
- With service providers, vendors, agents etc. who perform services for us or assist us to operate the business or provide the Products or services, intermediaries or consultants.
- Other third parties to comply with legal requirements such as the demands of applicable warrants, court orders; to verify or enforce our terms of use, our other rights, or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise, to protect the rights, property or security of our customers or third parties.
- We may share your Data, (a) with governmental, statutory, regulatory, executive, law-enforcement, investigating or judicial/ quasi-judicial authorities, departments, instrumentalities, agencies, institutions, boards, commissions, courts, tribunals, who ask for such Data including by way of an order, direction, etc; or (b) with any person, where disclosure is necessary for compliance of any legal or regulatory obligation. Wherever the Data is shared as above, we will not have control over how such Data is further processed by such authorities, persons, etc.
- Credit information companies, bureaus, fintech entities, Central KYC Records Registry, or service providers for the purposes of obtaining any reports, credit scores, credit information, scrubs, financial standing, fraud check, fraud probability, reference checks, due diligence, inspections, risk analysis etc.
- With any persons involved in Derivation.
- For further information, reference could be given to the Products’ specific terms and conditions and application form.
We shall not publish the SPDI or disclose it further, without your explicit consent, for any purpose other than stated above.
Access, Correction and Update
Processes shall be defined to enable the provider of information, as and when requested by them, to review the information they had provided and ensure that any PI or SPDI found to be inaccurate or deficient shall be corrected or amended as feasible. Finova Capital shall not be responsible for the authenticity of the PI or SPDI supplied by the provider of information except in cases where Finova Capital has the mechanism to verify the information submitted by customers as per process laid out in the Know Your Customer and Anti Money Laundering Policy.
Period of Storage of the Data
We will keep the Data we collect on our systems or with third parties for as long as required for the purposes set out above or even beyond the expiry of transactional or account-based relationship with you: (a) as required to comply with any legal and regulatory obligations to which we are subject to, or (b) for establishment, exercise or defence of legal claims, or (c) as specified in the Record Retention Policy of Finova Capital, or (d) in accordance with specific consents.
Reasonable Security Practices and Procedures
At Finova Capital, we prioritize protecting your PI. We use robust physical, electronic, and procedural safeguards to keep your data secure and meet industry standards. This includes encryption for data transmission and access controls to limit who can view your information.
While we take reasonable measures to secure your information, no online transmission is completely risk-free. We recommend staying vigilant about online security practices, such as using strong passwords and being cautious about what information you share online. Once we receive your information, we make commercially reasonable efforts to ensure its security.
Links/ Re-direction to Other Websites/ Platforms
From time to time, our website/ webpage/ platform/ apps may contain links or have a mechanism of re-direction to and from websites/ webpages/ platforms/ apps of other networks, advertisers, affiliates and Processing Entities. If you follow a link or such re-direction to any of these websites/ webpages/ platforms/ apps, please note that these websites/ webpages/ platforms/ apps may have their own Privacy Policy and that we do not accept any responsibility or liability for any such policy.
Tracking Technologies and Cookies
We use Cookies and similar tracking technologies to track the activity on our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service. The technologies we use may include Cookies and Web beacons.
Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are deleted as soon as you close your web browser.
Grievance Officer
Any discrepancies and grievances related to the processing and use of your information can be raised to the grievance officer designated by Finova Capital:
Name of Grievance Officer: Mr. Arpit Gupta
Email ID: arpit.gupta@finova.in
Changes to Our Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the updated Privacy Policy on the Website.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are updated on the Website.