The following capitalised terms shall have the meanings assigned to them as under:
“HDFC Bank” or “Bank” shall mean HDFC Bank Limited having its registered office at Senapati Bapat Marg, Lower Parel (West), Mumbai 400013, Mumbai, India.
“Product(s)” shall mean the products and services of HDFC Bank, including where the initiation of any request, application or transaction is through us or any service provider of the Bank or through any Processing Entity or where HDFC Bank is acting as distributor or agent or acting under any referral arrangement for products or services of any other person or as an intermediary or a sponsor bank.
“Specified Purposes” shall collectively mean purposes of credit assessment, risk assessment, risk analysis, obtaining credit information reports, scores, scrubs, fraud checks, fraud detections, fraud prevention, detecting and preventing crime including crime/ terror funding, detecting malpractices or discrepant documents or information, prevention of misuse, assessment of credit worthiness, financial standing, due diligence, background check, physical and other inspections, verifications, obtaining any reports for any of the above, KYC/ AML checks, customer service, monitoring, collections, default detection, default prevention, default investigation, recovery, any legal proceedings, actions, enquiries, investigations, pursuing any remedies, enforcing rights, reporting including credit reporting, KYC reporting, default reporting, filing, perfections etc., whether any of these are undertaken internally by the Bank or through any of its Processing Entities including us, as applicable, or through a combination of multiple options.
Who we are
Throughout this document, “we”, “us”, “our” and “ours” or any cognate variations thereof refer to Credilio Pro,
Website : http://www.credilio.in
The personal data collected or received falls into various categories as under:
- Identity & contact information
- Name, address, signatures, biometric data, date of birth, copies of identity cards (ID), contact details including email id and phone number, address, previous names, maiden names, marital status, relatives information, nomination, medical condition, domicile, origin, citizenship, nationality, residence, any legal or other identifiers like Permanent Account Number (PAN)/ Taxpayer Identification Number (TIN)/ National ID/ Social Security Number/ or its equivalent, Photograph and Gender.
- Data that identifies (whether directly or indirectly) a particular individual, such as information you provide on any forms, surveys, online applications or similar online fields.
- Demographic information that you provide and aggregated or de-identified Data.
- Financial details/circumstances
- Bank account details, investments history, credit/debit card details, prepaid payment instrument details, any other instrument/ modality/ function details, UPI handles, income details, history in relation to these, to the extent applicable.
- Employment/ occupational information.
- Residential status under banking, general and tax laws.
- Spending/saving/investing/payments/receipts/borrowing history.
- Risk profile, financial objectives, financial knowledge and experience, preferences and any other information to assess the suitability of the Products to you.
- Information collected when you make or receive payments.
- Other information such as information relating to occupation and financial situation such as employer’s name and address, if self-employed, type of account, and nature and volume of anticipated business dealings, with the conventional bank licensee, income proof, bank statements, income tax returns, salary slip, contract of employment, passbook, expenditure, assets and liabilities, source of wealth and signature.
- Data that is collected when you make financial and non-financial transactions. Data may include information associated with the transaction such as amount sent or requested, amount paid for Products or merchant information and/or loan related information such as loan amount applied for, interest rate, tenure, repayment schedule, security etc.
- Information you provide about others or others provide about you
- Your Data from third party providers: In order to enhance our ability to provide relevant marketing, offers, and services to you, Data about you is obtained from other sources with your consent, such as email service providers, public databases, joint marketing partners, social media platforms, as well as from other third parties as appropriate.
- Information including Data from credit information companies/ credit reference agencies, risk management and fraud prevention agencies, national and government databases.
- Information including Data from other parties and entities where we are a part of a transaction in one or more roles even though we may not be directly interfacing you.
- Data of authorised signatories or authorised persons or representatives of non-individual applicants/ customers/ users of any services, whether direct or indirect.
- Information from online activities.
- Your digital and electronic devices where various checks are performed are designed to ascertain and verify your residency to ensure we meet our regulatory obligations. These checks include identifying and collecting your location (with your specific permission) and the IP address your device connects from and the collection of information about your use of the website or mobile app (including device type, operating system, screen resolution, and the way you interact with us).
- Information about your Internet browser, IP address, information collected through tracking technologies.
- Unique device identifier such as International Mobile Equipment Identity (IMEI) number, technical usage data, contact lists (in some cases where specific permission is obtained), technical data about your computer and mobile device including details regarding applications and usage details.
- Generation and storing password or PIN in encrypted form, for any of our apps/ platforms.
- Other personal information
- Information in relation to data access, correction, restriction, deletion, porting requests and complaints.
- CCTV images and Data at our offices (but only for security reasons and to help prevent fraud or crime).
- Conversations during meetings/calls/correspondences/discussions with our staff.
- Social relationships detail such as your father’s name, spouse’s name and mother’s name.
- Behavioural details as to how to utilise our Products, offers etc., your browsing actions, patterns and online activity.
- Records of correspondence and other communications with you, including email, telephone conversations, live chat, instant messages and social media communications containing information concerning your grievances, complaints and dispute.
- Any other information, Data or records which you may consent to be collected or used.
Out of the aforesaid data points, the following are ‘sensitive personal data or information’:
- Password for any of our apps/ platforms;
- financial information such as Bank Account or Credit Card or Debit Card or other payment instrument details;
- physical, physiological and mental health condition;
- sexual orientation;
- medical records and history; and
- any detail relating to the above clauses as provided by you.
Provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as ‘sensitive personal data or information’.
Any of the aforesaid data (whether personal data or sensitive personal data or information), information, know your customer (KYC) related data, any derivative thereof (“Derivative Data”) like any credit scores or behavioural projections, profiling, analytical results, reports (prepared by us or others) including through any algorithms, analytics, software, automations, profiling etc., and whether such derivative is from the information collected from you or in combination with any other information sourced from any other person, database or source whether by us or HDFC Bank or others, shall collectively be referred to as “Data” and any part of the process relating to arriving at the Derivative Data as above, whether through internal or external sourcing, shall be referred to as “Derivation”.
When and how your Data is collected?
We and/or HDFC Bank may collect or possess the Data through any of the following:
- When you submit the Data including when you ask or request us or HDFC Bank (directly or through any Processing Entity) to provide you with certain Products.
- When you use the Products.
- During the course of transactions.
- When you apply for the Products, make enquiries or engage with us or HDFC Bank or with any other person where we or HDFC Bank are involved for any other person in the transaction concerning you.
- Data collected during credit assessment, risk assessment, fraud checks, fraud detections, processes undertaken for fraud prevention, detecting malpractices or discrepant documents or information, prevention of misuse, assessment of credit worthiness, evaluation of financial standing, due diligence, background check, physical and other inspections, verifications, KYC/ Anti Money Laundering (AML) checks, monitoring, collections, recovery, customer service etc.
- When you use our website and online products/ services provided by us or HDFC Bank (including mobile applications) and visit our/ HDFC Bank’s branches, offices, stores or premises.
- When you email or call or respond to our or HDFC Bank’s emails/phone calls or during meetings with our or HDFC Bank’s staff or service providers or representatives.
- When you or HDFC Bank or others give the Data verbally or in writing. This Data may be on application forms, in records of your transactions with us or HDFC Bank or if you make a complaint.
- From information publicly available about you. When you make Data about yourself publicly available on your social media accounts or where you choose to make the Data available to us or HDFC Bank through your social media account, and where it is appropriate for us or HDFC Bank to use it.
- During or as a result of Derivation, from any person possessing the same or sourcing any Data therefor.
- Data collected through cookies.
[Our apps may be required by you to delete/ forget the Data submitted by you on such App which is specified as ‘Non-Mandatory Data’ during the application process for a digital lending Product (“Non-Mandatory Data”) (however subject to any contrary legal/ regulatory requirements), by following the process in this regard.]
How is your Data processed?
Purposes of processing Data
The processing of the Data may be done by HDFC Bank (directly or through its service providers including us to the extent allowed by HDFC Bank) or any of the Processing Entities for any of the following purposes, and you agree and consent to the same:
- To provide you with Products.
- To process your loan application and for undertaking related processes such as loan sanction/ approval, disbursement, recovery and customer service.
- To manage relationships with you.
- For enabling your use of Products.
- For processing, executing transactions.
- For enabling any applications/ requests for any Products, for processing any such applications/ requests, for performing any contract pursuant thereto and for undertaking any Specified Purposes in relation to any of the abov
- To perform activities such as data analysis, audits, usage trends to determine the effectiveness of HDFC Bank’s campaigns and as input into improving Products.
- For credit scoring, credit analysis, risk analysis, obtaining any reports, credit scores, credit information, scrubs, for assessing and undertaking/ evaluating financial standing, fraud check, fraud probability, reference checks, due diligence, inspections, etc. including from or through any credit information companies, bureaus, fintech entities or service providers.
- For enabling use of our website, platforms, and online services (including mobile or web applications) and visiting our branches, offices.
- To contact you or to establish contact with you or your whereabouts.
- To allow you to utilize features on platforms/ apps by granting us access to Data from your device.
- For security, business continuity and risk management.
- For system or product development and planning, audit and administrative purposes.
- To personalize your platform/ app experience.
- To improve customer/ user experience.
- To inform you about important information regarding our Products, changes to terms, conditions, and policies and/or other administrative information; Where processing is necessary for the performance of a contract to which you are a party or in order to take steps prior to entering into a contract. To allow HDFC Bank to take actions that are necessary in order to provide you with the Products (performance of a contract), for example, to make and receive payments.
- Where processing is necessary because of a legal or regulatory obligation that applies to us or HDFC Bank.
- Where processing is necessary for the purposes of the legitimate interests pursued by HDFC Bank. Processing may be required by HDFC Bank or its service providers to meet HDFC Bank’s legitimate interests, for example, to understand the customer behaviour, customer expectations, to build analytical models, or to understand how customers use or respond to the Products, or to develop new Products, as well as improve the Products. This may also include sharing of your Data by HDFC Bank either as part of a sample or specifically or generally with its potential or actual service provider or consultant or vendor or third party or Processing Entity, for the purposes of testing by HDFC Bank of proof of concept, where HDFC Bank may test the utility, workability, efficacy, authenticity of any solution or service proposed or being rendered by any such person, and any such person may process such Data along with any other data it may have or source externally, for the purpose of running or pilot running or testing of the proposed solution or service and to submit the results to HDFC Bank along with the Data and any other data which such person may have or source. You agree that such sharing of Data and processing thereof and testing of proof of concept is in HDFC Bank’s legitimate interest to improve HDFC Bank’s efficiency, customer service, product delivery, to prevent frauds, etc. and ultimately is a necessary part of developing the ecosystem where its customers and potential customers including you, benefit.
- To allow you to apply for Products including to pre-populate any Data during any application whether directly by us or through any service provider on any platform.
- Where we or HDFC Bank have your consent to do so.
- In connection with Products, we or HDFC Bank may also contact you or send you messages, notifications or alerts by post, telephone, text, email, through social media POS machines and other digital methods, including for example via ATMs, mobile applications or push notifications, or online banking services (and new methods that may become available in the future).
- For assessing, examining and/or determining by HDFC Bank, whether directly or through us (to the extent allowed by HDFC Bank), from time to time, your eligibility (including pre-eligibility), suitability or credit worthiness for any of the Products from time to time (and to undertake Specified Purposes therefor).
- For any purposes which are incidental or necessary to any of the aforesaid purposes.
The purposes where it has been expressly specified above that such purpose is a non-mandatory purpose, shall be referred to as “Non-Mandatory Purposes”.
The way HDFC Bank (directly or through its service providers including us to the extent allowed by HDFC Bank) analyses personal information in relation to the Products including applications, credit decisions, determining your eligibility for the Products, may involve automated profiling and decision making, this means that HDFC Bank may process your Data using software that is able to evaluate your personal aspects and predict risks or outcomes as also where the decision making may be automated.
HDFC Bank may, directly or through us or through its service providers, also carry out automated anti-money laundering and sanctions checks. This means that it may automatically decide that you pose a fraud or money laundering risk if the processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity.
Who we share your Data with?
We may share the Data with the following persons and/or in the following circumstances:
- With HDFC Bank in relation to or in connection with the Products.
HDFC Bank (either directly or through its service providers) may share the Data with the following persons and/or in the following circumstances:
- With HDFC Bank’s subsidiaries and/or affiliates in an effort to bring you improved services across its family of Products, when permissible under relevant laws and regulations or with consent.
- With HDFC Bank’s service providers, vendors, agents etc. who perform services for it or assists it/ its subsidiaries/ affiliates to operate the business or provide the Products or services (own or where it/ its subsidiaries/ affiliates distribute, refer or act as agent etc.), intermediaries or consultants.
- Entities or persons with whom HDFC Bank has tie-ups for the co-branded services, products or programs, any rewards programs or loyalty programs, any benefits, offers, features or any similar arrangements.
- With co-lenders, co-originators, collaborators, and persons with whom HDFC Bank may have a tie-up for any Products.
- HDFC Bank may share your Data, without obtaining your consent or without intimating you: (a) with governmental, statutory, regulatory, executive, law-enforcement, investigating or judicial/ quasi-judicial authorities, departments, instrumentalities, agencies, institutions, boards, commissions, courts, tribunals, who ask for such Data including by way of an order, direction, etc; or (b) with any person, where disclosure is necessary for compliance of any legal or regulatory obligation. Wherever the Data is shared by HDFC Bank as above, it will not have control over how such Data is further processed by such authorities, persons, etc. (both under ‘a’ and ‘b’ above).
- Credit information companies, bureaus, fintech entities or service providers for the purposes of obtaining any reports, credit scores, credit information, scrubs, financial standing, fraud check, fraud probability, reference checks, due diligence, inspections, risk analysis etc.
- With any persons involved in Derivation.
For further information, please refer to the Products’ specific terms and conditions and application form.
Period of storage of the Data
[Implications of not providing Data or Withdrawing Consent
Reasonable security practices and procedures
[●] is ISO 27001:13 compliant. HDFC Bank is ISO 27001:13 compliant. We and HDFC Bank seek to use reasonable organizational, technical and administrative measures to protect Data within our respective organizations. However, if you have reason to believe that your interaction with us/ HDFC Bank is no longer secure, please immediately notify us/ HDFC Bank in accordance with the ‘How to contact us/ HDFC Bank’ section.
Links/ Re-direction to Other Websites/ Platforms
From time to time, our/ HDFC Bank’s website/ webpage/ platform/ apps may contain links or have a mechanism of re-direction to and from other websites/ webpages/ platforms/ apps of other networks, advertisers, affiliates and Processing Entities. If you follow a link or such re-direction to any of these websites/ webpages/ platforms/ apps, please note that these websites/ webpages/ platforms/ apps may have their own privacy notices and that HDFC Bank and we do not accept any responsibility or liability for any such notices. Please check such notices, where available, before you submit any Data to these websites/ webpages/ platforms/ apps.
Right to review
Please note that the accuracy of the Data provided is essential, among others, for the provision of Products to you. It is therefore mandatory that you ensure the accuracy and completeness of all Data disclosed or shared. Without prejudice to any rights and remedies of the Bank under any contract in this regard, you shall be able to review the Data that you had provided and correct or amend as feasible any such Data which you find to be inaccurate or deficient. You may do this by following the process prescribed by HDFC Bank in this regard. For knowing the process you may contact HDFC Bank.
Provided that HDFC Bank/ we shall not be responsible for the authenticity of the Data supplied by you to us / HDFC Bank or any other person acting on behalf of HDFC Bank.
How to contact us/ HDFC Bank
You may contact our Privacy Contact at Mr. Avishek Gupta, by email at email@example.com by phone at 022-49616121 (between 10.00 AM to 6.00 PM from Monday-Friday)
You may contact HDFC Bank’s Privacy Contact at firstname.lastname@example.org