M/S. Canfin Services Private Limited (“Company”, “we”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website or apply for loan products.
1. Information We Collect
1.1. Information You Provide Directly
– KYC Details: Name, DOB, PAN, Aadhaar, address, photograph, signature
– Contact Data: Mobile, email, residential/business address
– Financial Data: Income, ITR, bank statements, GST returns, business financials, existing loan details
– Business Data: Entity name, registration docs, vintage, nature of business, vendor/buyer details
– Documents Uploaded: ID proofs, property papers, license copies
1.2. Information Collected Automatically
– IP address, browser type, device ID, OS, access time, pages viewed
– Cookies and similar tracking technologies for site functionality and analytics
1.3. Information from Third Parties
– Credit information from bureaus like CIBIL, Experian, CRIF High Mark, Equifax
– Bank statement analysis via account aggregators, with your consent
– Data from fraud prevention agencies, legal databases, and reference contacts
1.4. Sensitive Personal Data
We collect financial data, credit history, and biometric data only with explicit consent and as permitted under law. We do not collect Aadhaar number unless masked or voluntarily provided for KYC as per UIDAI guidelines.
2. How We Use Your Information
2.1. Loan Processing: Credit assessment, underwriting, KYC verification, fraud checks, eligibility determination
2.2. Servicing: EMI management, repayment reminders, statement generation, customer support
2.3. Legal Compliance: RBI reporting, AML/KYC norms, audit, responding to legal/regulatory requests
2.4. Communication: Updates on application status, offers, and service messages via SMS, email, WhatsApp, calls
2.5. Improvement: Analytics to enhance website, products, and user experience
2.6. Marketing: With consent, to send promotional offers on loan products. You can opt-out anytime
3. Legal Basis for Processing
We process data based on:
a) Your consent for loan application and marketing
b) Contractual necessity to evaluate and service your loan
c) Legal obligation under RBI, PMLA, IT Act, and other laws
d) Legitimate interest for fraud prevention and business analytics
4. Sharing & Disclosure of Information
4.1. Service Providers: Credit bureaus, KYC agencies, legal/technical valuers, collection agencies, IT vendors, account aggregators – all bound by confidentiality
4.2. Regulatory Bodies: RBI, FIU-IND, Income Tax Dept, CERSAI, law enforcement when required by law
4.3. Group Companies: For internal operations and cross-sell, with safeguards
4.4. Business Transfers: In case of merger/acquisition, data may be transferred with notice
4.5. With Consent: To references or co-applicants you provide
We do not sell your personal data to third parties for their marketing.
5. Data Retention
5.1. Loan data retained for 8 years post closure or as required under PMLA and RBI guidelines
5.2. KYC records retained for 5 years after end of relationship
5.3. Rejected application data retained for 1 year for audit purposes
5.4. Website logs retained for 6 months unless needed for investigation
6. Data Security
6.1. We use SSL encryption, firewalls, access controls, and secure servers to protect data
6.2. Employee access is role-based and under NDA
6.3. Regular VAPT and audits as per RBI IT Framework for NBFCs
6.4. Despite safeguards, no internet transmission is 100% secure. You share data at your own risk
7. Your Rights
7.1. Access: Request a copy of your personal data held by us
7.2. Correction: Update inaccurate or incomplete information
7.3. Withdrawal: Withdraw consent for marketing; note this may impact loan processing if consent is for mandatory KYC
7.4. Grievance: Raise complaints regarding data handling to our Grievance Officer
8. Cookies & Tracking
8.1. We use essential cookies for login and session management
8.2. Analytics cookies help us understand traffic via Google Analytics
8.3. You can disable cookies in browser settings, but some features may not work
9. Third-Party Links
Our site may contain links to other websites. We are not responsible for their privacy practices. Read their policies before sharing data.
10. Children’s Privacy
We do not knowingly collect data from persons below 18 years. Loan products are not offered to minors.
11. Grievance Redressal
Grievance Officer – Data Protection
Name:
Email:
Response Time: We will resolve complaints within 30 days as per IT Rules, 2011[Name]
For RBI-regulated grievances, you may also approach RBI Ombudsman under Integrated Ombudsman Scheme, 2021.
12. Changes to Policy
We may update this policy to reflect legal or operational changes. The “Effective Date” will be revised. Continued use of the site after changes constitutes acceptance.
13. Governing Law
This policy is governed by laws of India, including Information Technology Act, 2000, SPDI Rules 2011, and RBI Digital Lending Guidelines