1.INTRODUCTION

1.1. This Privacy Policy (“Policy”) outlines the practices of UFS Digital Empowerment Foundation (“UFS-DEF”, “we”, or “us”) in relation to the storage, use, processing, and disclosure of personal data that you have chosen to share with us when you access and utilize our services through our mobile application “UFS-DEF: Empowerment App” or through our website www.ufsdef.com (the app is referred to as the “App” and the App and the website are collectively referred to as the “Platform”).

1.2. The services we offer you on or through the Platform are referred to as “Services”. Please note that unless specifically defined in this Policy, capitalized terms shall have the same meaning ascribed to them in our Terms and Conditions, available at https://ufsdef.com/terms-conditions (“Terms”). Please read this Policy in consonance with the Terms.

1.3. At UFS-DEF, we are dedicated to safeguarding your personal data and upholding your privacy rights. Please carefully review the following terms of the Policy to comprehend our practices concerning your personal data and how we will handle it. This Policy delineates the basis on which any personal data we collect from you, that we collect about you, or that you provide to us, will be processed by us.

1.4. By consenting to the processing of your personal data, you acknowledge that we will collect, store, use, and disclose your personal data in accordance with this Policy.

2.THE DATA WE COLLECT ABOUT YOU

2.1. We collect, transmit, and store personal data about you on our secured UFS-DEF server (https://ufsdef.com) after obtaining your consent, to provide you with, or in connection with, the Services. Please note that we only collect and process a minimal amount of your personal data to provide you with the Services. Such personal data includes: Identity and profile-related data: This includes details such as your name, date of birth, gender, photographs, educational qualifications, employment status, contact information (including addresses, email IDs, and phone numbers), and marital status.

  • KYC data: This includes identification documents issued by the government or other authorities, and includes details of or pertaining to your Aadhaar, PAN card, voter ID, etc.
  • Transaction data: This includes details of transactions that may occur through the Platform or in connection with the Services. For example, transaction data may include the services you have sought or availed through the Platform or confirmations of such services.
  • Financial data: This includes your past credit history (if available), income details, details of loans applied for or issued through the Platform, payments, and repayments thereof, bank account details, and bank account statements.
  • App Data: We collect, transmit, and store information regarding the applications installed on your device on our secured UFS-DEF server (https://ufsdef.com). We solely utilize the package name of each installed application to assess creditworthiness and provide customized loan offers.
  • 2.2. We do not access additional data beyond what is necessary to provide you with the Services. We do not collect biometric data. However, we may access certain device features such as camera, microphone, or location solely for the purpose of onboarding or KYC checks, after obtaining your explicit consent. We collect, transmit, and store the aforementioned data on our secured UFS-DEF server (https://ufsdef.com).

    2.3. We are required to collect your personal data to provide you with access to the Platform and Services. In certain cases, we are required to collect personal data as mandated by law or under the Terms. If you fail to provide us with the necessary data as and when requested, we may not be able to fulfill our obligations under the arrangement we have with you or are trying to enter into with you. In such cases, we may have to cancel or limit your access to the Services (or part thereof).

3.HOW WE COLLECT DATA ABOUT YOU

3.1. We employ various methods to collect and process personal data about you, which include:

  • Information Provided by You: This encompasses the data (including identity, contact, KYC, financial, and device data) you consent to furnish us with when utilizing our Services or when engaging in correspondence with us (for instance, via email, chat, or through the Platform). It encompasses information provided during registration for the Services, utilization of Platform features, sharing of data through the Platform, or when reporting issues with the Platform and our Services. Any correspondence with us results in the retention of the information exchanged.
  • Information Automatically Collected: Whenever you access the Platform or use the Services, personal data is automatically collected through tools such as cookies.
  • Information Received from Other Sources: We receive personal data about you from various third parties and publicly available sources, including our third-party partners, Google Analytics for advertising and user analytics purposes, and other publicly available sources. This information is utilized for conducting fraud checks, enhancing the Services, and offering credit products that are most suitable for you.

3.2. It is important to note that we do not have control over personal data that you may choose to make publicly available. For instance, if you post reviews, comments, or messages on public sections of the Platform or on an application store (such as the Play Store), you do so at your own risk. We are not responsible for any misuse of such data by third parties.

4.HOW WE USE YOUR PERSONAL DATA AND FOR WHAT PURPOSES

4.1. We will utilize your personal data in accordance with applicable laws. Primarily, we use your personal data to provide you with the Services, or where necessary to comply with legal obligations.

4.2. By utilizing our Services and creating an account on the Platform, you consent to us, our associated partners, and affiliates contacting you via email, phone, or other means regarding the Services provided to you. This includes but is not limited to educating you on available credit products, providing customer support, resolving grievances/disputes related to the Service or credit products availed by you, and pursuant to the collection services offered to the Lender for the credit facilities availed by you.

4.3. In general, we use your personal data for the following purposes:

    To register you as a user of the Platform;
  • To provide you with the Services;
  • To communicate details of products and services as requested by you or to process queries raised by you on the Platform;
  • To facilitate your KYC as per the instructions of the Lender;
  • To facilitate your application to avail loans and other credit facilities from regulated entities, including our lending partners;
  • To manage our relationship with you, including notifying you of changes to any Services;
  • To administer and protect our business and the Platform, including troubleshooting, data analysis, system testing, and performing internal operations;
  • To send you communication, including through WhatsApp business messages, regarding your use of the Platform or Services;
  • To conduct data analytics and monitor trends to improve the App and Services;
  • To improve our business and delivery models;
  • To perform obligations arising from the arrangement we are about to enter or have entered with you;
  • To enforce our Terms;
  • To undertake marketing services, including sending you promotional messages regarding Services offered by us presently or in the future;
  • To respond to court orders, establish or exercise our legal rights, or defend against legal claims;
  • In compliance with Reserve Bank of India’s norms, to contact you or locate you in case of any default; and
  • To ensure compliance with applicable laws.

5. HOW WE SHARE YOUR PERSONAL DATA

5.1. You agree and acknowledge that any and all information pertaining to you, whether directly provided to us via the Services or otherwise, including personal correspondence such as emails and instructions from you, may be collected, compiled, and shared by UFS Digital Empowerment Foundation (UFS-DEF) with third parties after obtaining your explicit consent. This sharing is solely to facilitate the provision of Services to you, particularly in connection with loan applications and your loan journey. Such third parties may include Lenders (as defined in the Terms), storage providers, data analytics providers, consultants, lawyers, and auditors. Additionally, UFS-DEF may share this information with other entities within the UPICON group for the aforementioned purposes. Failure to provide consent for sharing such data when requested may result in UFS-DEF being unable to perform its obligations under the arrangement with you or any intended arrangement.

5.2. By using our Services and creating an account on the Platform, you authorize UFS-DEF, its associate partners, and affiliates to contact you via email, phone, or other means. This is to ensure that you are kept informed of all the features of the Services.

5.3. You agree and acknowledge that UFS-DEF may share data where required by law, court order, government agency, or authority. Such disclosures are made in good faith and belief that it is reasonably necessary to enforce this Policy or the Terms, or to comply with applicable laws and regulations.

6. ACCESS AND UPDATING YOUR PERSONAL DATA

You hereby warrant that all personal data you provide to UFS Digital Empowerment Foundation (UFS-DEF) is accurate, up-to-date, and true. When utilizing our Services, we endeavor to offer you the capability to review and rectify any inaccurate or deficient data, subject to any legal requirements. UFS-DEF shall verify the accuracy of any new personal data you provide to us.

7.DATA SECURITY

7.1. UFS Digital Empowerment Foundation (UFS-DEF) implements appropriate security measures and access controls to safeguard your personal data from unauthorized access. We adhere to technology standards prescribed by applicable laws, including the Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and regulations by RBI. These measures include up-to-date physical security, such as secure areas in offices; electronic safeguards, such as passwords, firewalls, and encryption; and secure development procedures. Our safety and security processes undergo regular audits by third-party cybersecurity audit agencies.

7.2. In scenarios where the collection of personal information is mandatory, such as for pulling bureau reports or loan applications, we encrypt the data using the latest security algorithms before transmitting it. All such data is encrypted at rest.

7.3. Information exchanged between you and Lenders during the Services is transmitted through a secure sockets layer (SSL) transmission. We encrypt and store personal information wherever possible. No data is shared with any third party unless it is essential to serve the end-user, and in all such scenarios, user consent is obtained.

7.4. Access to your personal information is restricted to employees who require such information to provide our Services to you. We provide comprehensive training to our employees on all security procedures.

8.DATA RETENTION AND DESTRUCTION

For information about our retention and destruction practices, please refer to the Schedule attached to this Policy, as maintained by UFS Digital Empowerment Foundation (UFS-DEF).

9.YOUR LEGAL RIGHTS

9.1. Under certain circumstances, you have the right to:

  • Request the erasure of your personal data: This allows you to ask UFS Digital Empowerment Foundation (UFS-DEF) to delete or remove personal data. We will comply with any such request, subject to applicable laws and the terms of loans sanctioned through the Platform.
  • Right to deny consent: You have the right to deny us the consent necessary to process your personal data. Exercising this right may impact or restrict our ability to provide Services to you.
  • Right to revoke consent: You can withdraw consent previously provided for specific use, storage, sharing of your information with third parties and Lenders, and consent to contact you. We will comply with any such request, subject to applicable laws and the terms of loans sanctioned through the Platform.
  • Right to rectify: While we disclaim liability and responsibility for the authenticity of information provided by you, you have the right to review and correct, update, and/or amend your information to ensure accuracy, completeness, and currency. However, please note that denial of consent, withdrawal of consent, assertion of the right to be forgotten, or provision of inaccurate information may limit your access to our Services, and in such cases, we reserve the right to restrict or deny access to our Services.
  • 9.2. Notwithstanding your rights under 9.1(a) and (c), we reserve the right to retain information as required:

  • To comply with applicable laws;
  • To enforce our legal rights; or
  • To provide information required by regulatory authorities investigating fraud or illegal activities.
  • 9.3. However, our Lenders may continue to contact you regarding loan applications and payment of dues. They will continue processing your information if your application for a loan was sent to the Lender or if you have availed any loan from our Lenders until all dues are paid. The Lenders may store your information for the period required by applicable laws or as required for outsourced services related to loan products.

    9.4. If you wish to exercise any of the rights above, please email the Grievance Officer, details of whom are mentioned in Section 15 of this Policy. Please provide as much detail as possible regarding the right(s) you wish to exercise, and include a description of the personal data you believe UFS-DEF holds or processes about you.

    9.5. We will respond to your request(s) within 30 (thirty) days. If we are unable to respond within this timeframe due to any reason, we will inform you accordingly.

10. TRANSFER OF PERSONAL DATA

10.1. Please be aware that all your data, including financial data, is solely stored on systems located within India. We do not transfer your personal data to any third country.

10.2. We may share your information with Lenders and third parties for various purposes, including but not limited to contacting you regarding any loan product you express interest in, completing a loan application, conducting KYC checks, collecting KYC documents, bank authentication purposes, performing employment checks, facilitating NACH registrations, and managing loan repayment.

10.3. A list of our Lenders is available at https://ufsdef.com/our-lending-partners. The list of key third-party service providers that access your information during the loan journey is provided [here].

11. LINKS TO THIRD-PARTY WEBSITES

Our Services may, from time to time, contain services provided by or links to and from the websites of our partner networks, service providers, financial institutions, advertisers, and affiliates (“Third Party Services”). Please note that the Third Party Services that may be accessible through our Services are governed by their own privacy policies. We do not accept any responsibility or liability for the policies or for any personal data that may be collected through such Third Party Services. Please check their policies before you submit any personal data to such websites or use their services. change according to ufs def

12. COOKIES

12.1. Cookies are small data files stored on your device. UFS Digital Empowerment Foundation (UFS-DEF) uses cookies and other tracking technologies to distinguish you from other users of the Services and remember your preferences. This helps us provide you with a good experience and improve the Services.

12.2. We use cookies to identify you without accessing personal data such as email addresses. Data collected via cookies helps us administer the Services and offer you a tailored and user-friendly experience. Cookies enable access to certain features of the Services. Most devices can be configured to notify you when you receive a cookie or prevent cookies from being sent. If you prevent cookies, it may limit our functionality when you visit the Platform or attempt to access some Services.

12.3. You may encounter cookies or similar technologies on certain Platform pages placed by third parties. UFS-DEF does not control the use of cookies by such third parties.

13. BUSINESS TRANSITIONS

You agree and acknowledge that in the event of a business transition, such as a merger, acquisition, or sale of assets, your personal data may be among the transferred assets.

14. CHANGE IN PRIVACY POLICY

14.1. UFS-DEF periodically reviews and may amend this Policy at its sole discretion.

14.2. Any changes to this Policy will be posted on this page and, if appropriate, notified to you via email or SMS.

15. GRIEVANCE OFFICER

For enquiries regarding this Policy or your personal data, you may contact our Grievance Officer:

Name: [Name of Grievance Officer]

Address: [Address of Grievance Officer]

Email Address: [Email Address of Grievance Officer]

16. GOVERNING LAW AND DISPUTE RESOLUTION

The governing law and dispute resolution mechanisms specified in the Terms shall apply to this Privacy Policy.


SCHEDULE

DATA RETENTION AND DESTRUCTION POLICY


1. OVERVIEW

This Data Retention and Destruction Policy outlines UFS Digital Empowerment Foundation's (UFS-DEF) approach to data retention and destruction.

2. HOW LONG DO WE STORE YOUR DATA

You acknowledge and agree that your personal data will be stored and retained by UFS-DEF as required or permitted by applicable laws, regulatory requirements, or for the defense of future legal claims. Details related to KYC, device location, and SMS data will be deleted or anonymized within the legally prescribed timeframe after the closure of the loan. All other details will be deleted or anonymized upon the customer's request for data deletion, provided there is no active loan or service being availed. However, in some cases, we may be unable to fulfill deletion requests due to legal obligations or requirements under applicable laws, which may necessitate data storage for longer periods.

3. OUR DATA DESTRUCTION PROTOCOLS

Upon the completion of the retention period for each category of personal data outlined above, UFS-DEF will delete or destroy, to the extent technically feasible, personal data within our possession or control. Alternatively, we will render the personal data into anonymized data, ensuring it no longer constitutes personal data.