- INTRODUCTION
1.1 Whizdm Finance Private Limited (hereinafter referred to as “WFPL” or “We” or “Us”) is a non-banking financial institution duly licensed by the Reserve Bank of India and offers various credit facilities to potential borrowers based on the credit worthiness and eligibility of the borrowers (hereinafter referred to as the “Services”). WFPL operates a website, https://whizdmfinance.com/ (“Website”).
1.2 In order to avail the Services offered by us, you are required to share certain personal information with us. This Privacy Policy (“Policy”) outlines our practices in relation to storage, use, processing, and disclosure of personal data that you have chosen to share with us when you avail our Service. We are committed to protecting your personal data and respecting your privacy. Please read the following terms of the Policy carefully to understand our practices regarding your personal data and how we will treat it. This Policy sets out the details of personal data that is collected, the manner in which it is stored, the purposes for which it is used, the third parties that gain access to such data and the security measures that are implemented to protect your data. By using all or a part of the Services, you agree and consent to the collection, storage, use, and disclosure of your personal data in accordance with this Policy.
2. THE DATA WE COLLECT ABOUT YOU
2.1 We collect, use, store, and transfer personal data about you to provide you with, or in connection with, the Services. Such personal data includes:
- Identity and profile-related data: This includes your first and last name, date of birth, username or similar identifiers, gender, title, photographs, educational qualifications and background, marital status, feedback, and survey responses.
- Contact data: This includes your email addresses, phone numbers, and residential address.
- Financial data:: this includes employer name, monthly salary, bank account no., bank statements, credit information, copies of identification documents.
- Device data: This includes your IP address, browser types and versions, etc.
- Usage data: This includes information about how you use the Website.
- KYC data: This includes PAN, Aadhar and KYC documents as specified under the KYC Master Directions issued by the RBI from time to time.
2.2 We are required to collect your personal data to provide you with access to the Website or the Services. In certain cases, we are required to collect personal data as required by law. If you fail to provide us that data as and when requested by us, we will not be able to perform our obligations under the applicable laws or provide you with Services. In this case, we may have to cancel or limit your access to the Services (or part thereof).
3. HOW WE COLLECT DATA ABOUT YOU
3.1 We use different methods to collect and process personal data about you. This includes
- Information you provide us: This is the information (including identity, contact, and device data) you consent to give us when you use our Website or as part of the loan journey initiated on our lending service provider’s application, or information provided to us as part of loan application submitted by you for availing the Service or when you correspond with us (for example, by email or chat, or through the Website). It includes information you provide when use a Website feature, share data through the Website, or when you report a problem with the Website and our Services. If you contact us, we will keep a record of the information shared during the correspondence.
- Information we collect about you and your device: Each time you visit the Website or use the Services, we will automatically collect personal data through the use of tools like cookies. Notwithstanding the foregoing and except to the extent expressly provided herein, we do not access mobile phone resources like file and media, contact list, call logs, telephony functions and others or collect any biometric data. However, we may take a one-time access of your camera for uploading a selfie image, microphone, for the purpose of KYC and loan onboarding journey. Information we receive from other sources including third parties and publicly available sources: We will receive personal data about you from various third parties and public sources including our third parties, Google analytics for advertising and user analytics purposes, and other publicly available sources.
- Information we receive from credit information companies include your credit score and report and other financial information received from credit information companies. You hereby acknowledge that we require to obtain this information in order to provide you with the Services and accordingly, expressly consent to the same. Credit information obtained from credit information companies are used solely for the purpose of provision of Services and shall not be shared with any third party.
3.2 Please note that we do not have any control over personal data that you may choose to make publicly available. For example, if you post reviews, comments, or messages on public sections of the Website or on other platforms, you do so at your own risk. We are not liable for third-party misuse of such data.
4. HOW WE USE YOUR PERSONAL DATA AND FOR WHAT PURPOSES
4.1 We will only use your personal data in accordance with the applicable law. Most commonly, we will use your personal data to provide you with the Services, or where we need to comply with a legal obligation. In general, we use your personal data for the following purposes and activities undertaken without direct human supervision or control:
- To verify and establish your identity;
- To provide you with details of our Services;
- For completion of KYC necessary for provision of Services;
- To manage our relationship with you, including notifying you of changes to any Services;
- To administer and protect our business and the Website, including troubleshooting, data analysis, system testing, and performing internal operations;
- To monitor trends so we can improve the Website and Services;
- To conduct data analytics to improve our business, product and delivery models;
- To perform our obligations that arise out of the arrangement we are about to enter or have entered with you;
- To provide customer support;
- To resolve disputes and identify and investigate into illegal or fraudulent activity;
- To respond to court orders, establish or exercise our legal rights, or defend ourselves against legal claims.
5. HOW WE SHARE YOUR PERSONAL DATA
You agree and acknowledge that any and all information pertaining to you, whether or not you directly provide it to us (via the Services or otherwise), including but not limited to personal correspondence such as emails, instructions from you, etc., may be collected, compiled, and shared by us in order to render the Services to you. This may include but not be limited to storage providers, data analytics providers, consultants, lawyers, and auditors. We may also share this information with other entities in the group in connection with the abovementioned purposes. We may further share your information with our outsourced third party service providers in relation to the Services availed by you. You agree and acknowledge that we may share data where we are required by law, any court, a government agency, or authority to disclose such information. Such disclosures are made in good faith and belief that it is reasonably necessary to do so for enforcing this Policy, or in order to comply with any applicable laws and regulations.
6. ACCESS AND UPDATING YOUR PERSONAL DATA
You hereby warrant that all personal data that you provide us with is accurate, up-to-date, and true. When you use our Website, we make best efforts to provide you with the ability to access and correct inaccurate or deficient data, subject to any legal requirements.
7. YOUR LEGAL RIGHTS
7.1 Under certain circumstances, you have the right to:
- Request the erasure of your personal data: This enables you to ask us to delete or remove personal data. We shall comply with such request, subject to applicable laws and the terms of the loans pursuant to the Services that are sanctioned through the Website.
- Right to deny consent: This enables you to deny us the consent necessary to process your personal data. If you exercise this right, it may impact or restrict our ability to provide Services to you.
- Right to revoke consent: This enables you to withdraw consent provided to us previously for specific use of information, storing of information, sharing your information with third parties and consent to contact you. We shall comply with any request, subject to applicable laws and the terms of the loans pursuant to Services that are sanctioned through the Website.
- Right to rectify: You have the right to review and correct, update and/or amend your information provided to us previously for it to be accurate, complete and up to date. However, kindly note that in a situation where you deny consent, withdraw consent, avail the right to be forgotten, or provide inaccurate information, you may not be able to avail the entire scope of our Services, and in such instance, we reserve the right to not provide you access to our Services or any part thereof.
7.2 Notwithstanding your right 7.1 (a) and (c), we reserve the right to retain information to the extent required for below mentioned purposes:
- Comply with applicable laws;
- Enforce our legal rights; or
- To provide any information required by regulatory authorities investigating any fraud or illegal activities.
7.3 Further, we may contact you regarding the loan application and payment of dues and shall continue processing your information, if your application for provision of loan has been received or if you have availed any loan from us till all dues of loan are paid. We may store your information for as long as required to be stored per applicable laws. We may also require our third-party service providers to retain information in circumstances we have outsourced any services in relation to loan product, such as collection of dues, and in such cases, our service providers will be required to retain Your information for the period as deemed necessary.
7.4 If you wish to exercise any of the rights set out above, please write an email to the Grievance Officer, whose details are mentioned in Section 14 of this Policy, providing in as much detail as possible, the right(s) you wish to exercise. Please also include a description of the personal data you believe we hold or process about you, so that we may be able to locate such personal data. In the event that we need additional information from you, our Grievance Officer will contact you further.
7.5 We will be able to reply to your request(s) within 30 (Thirty) days of raising the request. In the event that we are not able to respond to or acknowledge your request within 30 (Thirty) days of receipt due to any reason, we will inform you.
8. DATA SECURITY
8.1 We implement appropriate security measures to protect your personal data from unauthorised access, and follow standards prescribed by applicable law, including the Information Technology Act, 2000 and rules thereunder the RBI ensuring up-to-date physical security, such as secure areas in offices; electronic safeguards, such as passwords, firewalls, and encryption; and secure development procedures. Our safety and security processes are audited by a third party cyber security audit agency from time to time.
8.2 In the scenarios where personal information collection is mandatory, for instance any information required to pull bureau report or for loan application, we encrypt the data with the latest security algorithms before transmitting the data. All such data is encrypted at rest.
8.3 Information you provide and receive during the Services is transmitted through a secure sockets layer (SSL) transmission. We encrypt and store personal information wherever it is possible. No data is shared with any third party unless until it is necessary for performance of Services or necessary consent is obtained from you.
8.4 We restrict access to your personal information only to those employees who are required to know such information in order to provide our Services to you. We train our employees on all our security procedures.
8.5 We have internal processes and policies in place to tackle incidents of information security breach. This process enables the incident response team to detect, analyse, contain, eradicate and recover from information security breach incidents. In the event there is a security breach, we will take adequate timely measures to mitigate any risk to the data collected/ stored and take all necessary actions required under applicable law. In the event your data is impacted, we will take reasonable measures to keep you informed.
9. DATA RETENTION
You agree and acknowledge that your personal data will continue to be stored and retained by us for as long as necessary to fulfil our stated purpose(s) and for a reasonable period after termination of your account on the Website or access to the Services.
10. TRANSFER OF PERSONAL DATA
We comply with applicable laws in respect of storage and transfers of personal data. Please note that your data, including financial information (if any), is only stored on systems located in India.
11. LINKS TO THIRD PARTY WEBSITES
Our Services may, from time to time, contain services provided by or links to and from the websites of our partner networks, service providers, financial institutions, advertisers, and affiliates (“Third Party Services”). Please note that the Third Party Services that may be accessible through our Services are governed by their own privacy policies. We do not accept any responsibility or liability for the policies or for any personal data that may be collected through such Third Party Services. Please check their policies before you submit any personal data to such websites or use their services.
12. COOKIES
Cookies are small data files that are stored on your device. We use cookies and other tracking technologies to distinguish you from other users of the Website and to remember your preferences. This helps us provide you with a good experience when you use our Website and also allows us to improve the Services. We identify you by way of using cookies. The cookies shall not provide access to data in your device such as email addresses or any other data that can be traced to you personally. The data collected by way of cookies will allow us to administer the Website and provide you with a tailored and user-friendly service. Most devices can be set to notify you when you receive a cookie or prevent cookies from being sent. If you prevent cookies from being sent, it may limit the functionality that we can provide when you visit the Website or try to access some of the Services. Additionally, you may encounter cookies or other similar technologies on certain pages of the Website that are placed by third parties. We do not control the use of cookies by such third parties.
13. BUSINESS TRANSITIONS
You agree and acknowledge that in the event we go through a business transition, such as a merger, acquisition by another organisation, or sale of all or a portion of our assets, your personal data might be among the assets transferred.
14. CHANGE IN PRIVACY POLICY
We keep our Policy under regular review and may amend it from time to time, at our sole discretion. The terms of this Policy may change and if it does, these changes will be posted on this page and, where appropriate, notified to you by email. The new Policy may be displayed on-screen and you may be required to read and accept the changes to continue your use of the Services.
15. GRIEVANCE OFFICER
You may contact our Grievance Officer, established in accordance with the Information Technology Act, 2000 and rules made thereunder, with any enquiry relating to this Policy or your personal data.
Name: Saurav Goyal
Address: No 17/1, Kadubeesanahalli Outer Ring Road Bangalore Bangalore KA 560087
Email Address: Head.GR@whizdmfinance.com
16. GOVERNING LAW AND DISPUTE RESOLUTION
The provisions of governing law and dispute resolution mechanism as specified in the Terms shall be applicable to this Privacy Policy.