Stock price ticker

    logo
    Sign in Apply Now

    Privacy Policy

    decor decor decor decor
    🔒 PRIVACY POLICY

    Privacy Policy

    Last Updated: March 2025 | Version 2.0

    1. Introduction 2. Information Collection 3. How We Collect 4. Use of Information 5. Data Sharing 6. Data Security 7. Data Retention 8. Your Rights 9. Consent 10. Grievance Officer

    1. Introduction & Overview

    Shreedhan Finance ("Company", "We", "Us", or "Our") is a Non-Banking Financial Company (NBFC) registered with the Reserve Bank of India (RBI). We are committed to protecting your privacy and handling your personal information with utmost transparency and security. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you avail our financial services through our website, mobile applications, or any other digital platforms [citation:1].

    Company Details:
    Name: Shreedhan Finance
    Registered Office: B-123, Sector 18, Noida, Uttar Pradesh - 201301
    RBI Registration No.: N-XX.XXXXX | CIN: UXXXXXXXXX
    Type: RBI Registered NBFC - Base Layer

    This Privacy Policy is prepared in compliance with:

    • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
    • Digital Personal Data Protection Act, 2023
    • RBI Guidelines on Digital Lending (2022, updated 2025)
    • RBI Master Directions on NBFCs - Governance and Compliance
    • Other applicable laws and regulations [citation:2]

    2. Information We Collect

    We collect and process personal data in compliance with the principle of data minimization and only for legitimate business purposes. The categories of information we collect include [citation:1]:

    Category Details
    Identity Data Full name, date of birth, photograph, Aadhaar number, PAN card, voter ID, driving license, passport details, and other KYC documents as required under applicable laws [citation:2]
    Contact Information Phone number, alternate phone number, email address, residential address, correspondence address, and workplace address
    Financial Data Bank account details, income information, employment details, credit history, existing loan information, financial statements, GST details, ITR documents, salary slips, and credit bureau reports [citation:2]
    Transaction Data Information about your loan applications, disbursements, repayments, account activity, payment methods, and transaction history
    Device & Technical Data Device model, OS version, IP address, device identifiers (IMEI, device ID), location data (with consent), and network status [citation:2]
    Background Verification Data Information collected for employment verification, income verification, and risk assessment from third-party sources including credit information companies

    Note: We DO NOT access your contact list, call logs, SMS (except OTP sent by us), photos, or media files. This is strictly prohibited under RBI Digital Lending Guidelines [citation:7][citation:10].

    3. How We Collect Information

    Direct Collection

    Information you provide directly through our digital platforms, application forms, KYC processes, customer service interactions, and account support tickets [citation:1].

    Third-Party Sources

    Information from credit bureaus (CIBIL, Equifax, CRIF Highmark), banks, employers (with consent), government databases (NSDL, UIDAI), and other authorized sources for verification [citation:2].

    Device Permissions

    We may seek one-time access to camera, microphone, or location services for e-KYC, video verification, or onboarding purposes with your explicit consent for each instance [citation:2].

    Digital Consent Framework: All data collection through our Digital Lending Applications is need-based and obtained with your explicit, informed consent with a clear audit trail as required under RBI guidelines [citation:1].

    4. How We Use Your Information

    Loan Processing: Credit assessment, underwriting, loan approval, disbursement, and account management [citation:1]
    Legal Compliance: KYC/AML requirements, regulatory reporting, tax compliance, and credit reporting to CICs
    Customer Service: Responding to queries, providing support, handling grievances, and maintaining relationships
    Risk Management: Fraud prevention, portfolio monitoring, credit scoring, and recovery operations [citation:2]
    Business Operations: Product development, service improvement, analytics, and internal auditing
    Marketing Communications: With your consent, sending information about products and offers

    Legal Basis for Processing: We process your data based on: (a) Consent, (b) Contractual obligations, (c) Legal obligations (RBI/KYC laws), and (d) Legitimate interest (fraud prevention) [citation:1].

    5. Data Sharing and Disclosure

    We may share your information in the following circumstances [citation:2]:

    Recipient Purpose
    Credit Information Companies (CICs) As mandated by RBI for credit reporting to CIBIL, Equifax, CRIF Highmark, Experian [citation:2]
    RBI-Regulated Entities With other banks and NBFCs for co-lending arrangements or regulated activities
    Service Providers Technology vendors, collection agencies, verification agencies under strict confidentiality
    Legal Requirements When required by law, court orders, or regulatory authorities
    Government Agencies Income Tax, Enforcement Directorate, or other law enforcement agencies

    We do not sell or rent your personal information to any third party for marketing purposes. All sharing is on need-to-know basis and only for lawful purposes [citation:2].

    6. Data Security and Protection

    Encryption
    All data encrypted in transit (SSL/TLS) and at rest using industry-standard protocols [citation:5]
    Data Localization
    All customer data stored exclusively on servers located in India as per RBI requirements [citation:1][citation:7]
    Access Control
    Role-based access controls and strict need-to-know basis for employees [citation:5]
    Firewall & IDS
    Advanced firewalls and intrusion detection systems
    Regular Audits
    Annual cybersecurity audits by CERT-In empanelled auditors [citation:7]
    Backup & DR
    Regular backups and disaster recovery plan tested annually [citation:7]

    Data Breach Response: We have established incident response procedures to detect, contain, and respond to security breaches. In case of a personal data breach, we will notify affected individuals and regulatory authorities as required by law [citation:1].

    7. Data Retention and Deletion

    Data Type Retention Period
    KYC Documents Minimum 10 years (as per PMLA requirements) [citation:2]
    Loan Documentation Minimum 8 years after loan closure [citation:2]
    Customer Grievances Minimum 5 years
    Transaction Records 10 years as per RBI guidelines
    Non-Personal Data Retained indefinitely for research/analytics [citation:2]

    Data Deletion: Upon completion of retention period, we securely delete or anonymize your personal data unless required to be retained for legal or regulatory purposes. You may request deletion subject to our legal obligations [citation:1].

    8. Your Rights

    Right to Information: Know how your data is collected and processed [citation:1]
    Right to Access: Request copy of your personal data
    Right to Correction: Correct inaccurate or incomplete data [citation:1]
    Right to Deletion: Request deletion subject to legal requirements
    Right to Withdraw Consent: Withdraw consent for processing [citation:2]
    Right to Restrict: Restrict processing in certain circumstances

    To exercise these rights, please contact our Grievance Officer using the details in Section 10. We will respond within 30 days as per regulatory requirements [citation:2].

    9. Consent Management

    • Explicit Consent: We obtain your explicit consent before collecting sensitive personal data or sharing data with third parties (except where required by law) [citation:2]
    • Granular Consent: You have the option to provide or deny consent for specific data uses, restrict disclosure to third parties, and manage data retention preferences [citation:2]
    • Consent Withdrawal: You may withdraw consent at any time through our digital platforms or by contacting our grievance officer. However, withdrawal may affect your ability to access certain services [citation:2]
    • Consent Records: We maintain detailed records of consent obtained with audit trails as required under RBI guidelines [citation:1]

    Mobile App Permissions: We do not access your contact list, call logs, files, or media. We may seek one-time access to camera, microphone, or location services for KYC verification with your explicit consent for each instance [citation:2][citation:7].

    10. Grievance Redressal Mechanism

    Grievance Redressal Officer (GRO)

    Mr. Rajesh Kumar
    grievance@shreedhanfinanceltd.com
    9523112522 (Ext. 101)
    Mon-Sat: 10:00 AM - 6:00 PM

    Data Protection Officer (DPO)

    Ms. Priya Sharma
    dpo@shreedhanfinanceltd.com
    9523112522
    Mon-Fri: 10:00 AM - 5:00 PM

    Address for Written Correspondence:

    Grievance Redressal Officer
    Shreedhan Finance
    B-123, Sector 18, Noida
    Uttar Pradesh - 201301

    Response Time: We will acknowledge your complaint within 7 days and resolve it within 30 days of receipt. If unsatisfied, you may approach the RBI Integrated Ombudsman Scheme [citation:2][citation:10].

    11. Cookies and Tracking Technologies

    We use cookies and similar technologies to enhance user experience, remember preferences, and analyze usage patterns. You can manage cookie preferences through your browser settings. We do not permit third-party advertising cookies or behavioral trackers on our lending platforms, in compliance with RBI Digital Lending Guidelines [citation:2].

    12. Cross-Border Data Transfer

    We do not transfer personal data outside India. All data processing and storage occurs within India's territorial boundaries in compliance with RBI guidelines and data localization requirements [citation:1][citation:7].

    13. Children's Privacy

    Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal information, we will take steps to delete such information [citation:1].

    14. Changes to Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Significant changes will be communicated through our digital platforms, email, or SMS notifications. The updated policy will be effective from the date of posting on our website [citation:1].

    15. Governing Law

    This Privacy Policy is governed by Indian laws. All disputes shall be subject to the exclusive jurisdiction of courts in Noida, Uttar Pradesh, without prejudice to any remedy available under applicable laws including the RBI Integrated Ombudsman Scheme [citation:1].

    16. Our Digital Lending Apps (DLAs) and Service Providers (LSPs)

    As per RBI Digital Lending Guidelines, we declare the following entities associated with our lending operations [citation:2][citation:4]:

    Entity Name Type Role
    Shreedhan Finance Regulated Entity (NBFC) Balance Sheet Lender
    Shreedhan Loan App Digital Lending App (DLA) Customer Interface
    ABC Tech Solutions Lending Service Provider (LSP) Technology Support
    XYZ Verification Services LSP - Verification KYC & Document Verification

    All DLAs are registered on RBI's CIMS portal. LSPs store only minimal customer data (name, address, contact details) required for their operations and do not store biometric data [citation:2].

    Your Trust is Our Priority

    By using our services, you acknowledge that you have read and understood this Privacy Policy. For any questions, please contact our Grievance Officer.

    Last Updated: March 2025 | Version 2.0 | This Privacy Policy is effective immediately for all users.