PRIVACY POLICY

Objective of this Policy
This policy is framed in compliance with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (the “IT Rules”) contained in the Information Technology Act 2000, which mandate that any “body corporate or any person who on behalf of body corporate collects, receives, possess, stores, deals or handle information of provider of information, shall provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information and ensure that the same are available for view by such providers of information who has provided such information under lawful contract”.

Collection of Information
As part of its loan processing activity, Mahaveer Finance India Limited (“Company”) collects information from potential borrowers and others (hereinaŌer referred to as “Customer”), which would include “Personal Data” or “Sensitive Personal Data or Information” (collectively referred to as “Personal Information”). The Company is commiƩed to ensuring that such Personal Information is duly protected and is not used against the interests of the providers of such Personal Information nor is it shared with any Third Parties without the consent of the providers of such Personal Information. In this context,

“Personal Data” means any data or information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available is capable of identifying such person.

“Sensitive Personal Data or Information” of a person means such personal information which consists of information relating to:
a. Password
b. Financial information such as Bank account or credit card or debit card or other payment instrument details
c. Physical, physiological and mental health condition
d. Sexual orientation
e. Medical records and history
f. Biometric information
Provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for these purposes.

Sources or Means of Data Collection

The Company collects Personal Data or Sensitive Personal Data or Information from multiple sources, which includes the following sources:
a. Data declared by the Persons either as part of their discussions with Company officials or through the application form submiƩed by them to the Company.
b. Data submiƩed by the Persons through the website of the Company.
c. Data collected from third party sources including, but not limited to, credit bureaus, NSDL, other banks or financial institutions, etc.
Such Personal Information or Sensitive Personal Data or Information is collected by the Company to evaluate the credit worthiness of the potential borrowers, adherence to KYC requirements laid down under various laws and regulations, etc. Such Personal Information or Sensitive Personal Data or Information collected by the Company shall be used only for the purpose loan processing, Customer communication, regulatory compliance, online payment authentication, etc and not for any other purposes.

Sharing of Information
The Company does not disclose Personal Information or Sensitive Personal Data or Information of Customers or potential borrowers without their prior consent unless disclosure is necessary to comply with the applicable legal and regulatory processes or to protect and defend the rights, interests and properties of the Company’s employees or to enforce the terms of service which are binding on all the Persons. The Company may also share Personal Information or Sensitive Personal Data or Information as part of reciprocal information exchange where there is a mandatory need to submit such Personal Information or Sensitive Personal Data or Information. Under all other circumstances, Personal Information or Sensitive Personal Data or Information shall be shared with others only with the explicit consent of the Customer.

Data Security
Security of Customer data is paramount and is taken very seriously by the Company. The Company shall ensure security of Personal Information or Sensitive Personal Data or Information by maintaining physical, electronic, and procedural safeguards that meet applicable laws to protect Personal Information or Sensitive Personal Data or Information against loss, misuse, damage and unauthorized access, modifications or disclosures. Employees shall be trained in the proper handling of Personal Information or Sensitive Personal Data or Information.

Records Management
The Company shall maintain Customers’ Personal Information or Sensitive Personal Data or Information at the branch where such documents were submiƩed. The electronic information shall be duly entered into the system and maintained in the servers of the Company. The Company may host these servers in the Company’s premises or use the services of reputed third-party service providers for hosting such servers. Such files / electronic data shall be stored safely and securely and only authorised branch staff shall be permiƩed to access the data. Post sanction of the loan, the files may be stored at the Head Office of the Company or the Company may engage the services of reputed third-party service providers for record/ data storage/ management purposes under SLAs agreed by the Company with such third parties in writing. Such SLAs would cover aspects of client data confidentiality and related compliance requirements.

The servers shall contain the data of both active and closed accounts. Such data shall be maintained for the timelines as stipulated under various laws and regulations.

Usage of Company Website
This Policy also governs the use of the Company’s website www.mahaveerfinance.com.

Submission of information to the Company through its Website and pages thereon shall be deemed to be the property of the Company. The Company does not warrant that any e-mail from its website is secure and does not guarantee that any such e-mail from any Persons or from the Company are secure during Internet transmission.

All that has been stipulated under Sharing of Information, Data Security, and Records Management shall apply to Personal Information or Sensitive Personal Data or Information submiƩed by Customers through the Website of the Company. However, Customers should exercise caution when deciding to disclose Personal Information or Sensitive Personal Data or Information and ensure that no third party is able to access such personal information as it is being submiƩed on the Company’s Website or view it on the screen of Customers’ computer. This caution is to be exercised in respect of the information that Customers may provide, to apply to become a Customer of the Company.

Customer Consent

The Customer authorises the Company to exchange, share, part with all information related to the details and transaction history of the Customers to its Associates / banks / financial institutions / credit bureaus / agencies/participation in any telecommunication or electronic clearing network as may be required by law, customary practice, credit reporting, statistical analysis and credit scoring, verification or risk management and shall not hold the Company liable for use or disclosure of this information.

Update to Policy
The Company shall review and update this policy on a need basis. This Policy is subject to change without notice. The final version of the policy will be available on the Company’s Website and Customers are advised to review this Privacy Policy every time the Company’s Website is used by them. Customers are also advised to review this Privacy Policy before submission of Personal Information or Sensitive Personal Data or Information with any of the Company’s officials.

Grievance Redressal
In case of any grievances, Customers may reach out to the Grievance Redressal Officer of the Company. The details are available on the Website of the Company under https://www.mahaveerfinance.com/head-office.php.

***