Your privacy is important to Mahindra & Mahindra Financial Services Limited ("MMFSL")/ "Mahindra Finance". This policy describes what type of information is collected, how the information is used, with whom the information is shared, and how the information is protected.
For the purposes of this Privacy Policy, the terms "we", "us" and "our" refer to MMFSL/ Mahindra Finance/Mahindra and Mahindra Financial Services Limited and/or our subsidiaries and affiliates. "You", "Your" "Customer" or "User" refers to the individual and or the authorised signatory of an entity accessing MMFSL's online platform.
We have designed this policy keeping in mind certain fundamental principles to protect and preserve the integrity of the Information shared by the User including:
This policy applies to information collected by Mahindra Finance while allowing access to its online platform, which shall be browsed before and after your loan is sanctioned by us.
Please read this policy carefully to understand our policies and practices regarding your information and how we shall treat it. If you do not agree with our policies and practices, it is your choice to not to browse/ access our platform. By accessing or using our platform, you agree to this privacy policy. This policy may change from time to time, your continued use of our platform after we make changes is deemed to be acceptance of those changes.
Information Relevant to the financial assistance provided by MMFSL.
Pursuant to your request for financial assistance from MMFSL/the financial assistance extended by MMFSL to You, we will collect information which will include your SMS,location,registered address, mobile phone number and Date of birth. No passwords will be collected by us. You consent to providing one-time access of location for the purpose of on-boarding/ KYC requirement.
When you commence using MMFSL’s online platform, MMFSL may ask you to provide certain information as part of the registration process / login process / sign-up process.
At the time of registration / login / sign-up to MMFSL’s online platform and / or while availing MMFSL’s online platform, MMFSL may ask including but not limited the following information:
We may use cookies (If not selected may affect certain or all functionalities), Web Beacons / Web bugs or other technologies to automatically collect certain information when You will use our application. We may combine your information, automatically gathered information and the information we collect through cookies/web beacons / web bugs, including information that we have collected about you, or information that we have obtained from other sources.
We may aggregate any statistics or data that are collected for optimising the platform/services, but we are under no obligation to do so.
We may automatically collect certain non-personal information from You such as Your browser type, operating system, software version, Internet Protocol (IP) address, General geographic location indicated by your IP address, Website that referred you to us, and similar information. We may also collect information about your use of the Site, including the date and time of access, the areas or pages that You visit, the number of times You return, and other Site usage data.
You acknowledge and agree that all information collected by MMFSL is on an "as-is" basis and MMFSL shall not be responsible for the authenticity of the information provided by You.
MMFSL collects your information as per your use and browsing on MMFSL’s online platform through various technologies. This includes transaction details related to you, including the manner of use of MMFSL’s online platform, the type of services requested by you, the payment method/amount and other related transactional and financial information.
MMFSL may from time to time, during the course of your utilisation / access of MMFSL’s online platform, require access to certain additional information.
Such additional information may include: (i) Your SMS information stored on your device, (ii) Your location information (IP address, longitude and latitude information), for verifying the location and to check the feasibility of MMFSL's online platform.
MMFSL uses data collection devices such as "cookies", etc. on certain parts of MMFSL’s online platform to help and analyse the MMFSL services. The MMFSL services may be offered you based on your access or interaction to MMFSL’s online platform. For the sake of clarity, "cookies" are small files which are accessed either on the web / mobile platform and / or placed on your device hard-drive / storage that assist in providing the services. Please be informed that MMFSL may offer certain features via MMFSL’s online platformthat may only be available through use of a "cookie".
There are many functions cookies serve. For example, they can help us to remember your username and preferences, analyse how well MMFSL’s online platform is performing, or even allow us to recommend content we believe will be most relevant to You.
Once you access/browse MMFSL’s online platform on your device, MMFSL will gain access to the relevant applications on your device which will enable MMFSL’s online platformto collect the information (discussed above). By agreeing to this privacy policy after browsing the services, you will allow us to collect the information mentioned above about you available on your device.
The information collected by us will be used for the following purposes.
Service Providers
We may share personal information with organizations or individuals that perform functions on our behalf. For example, service providers may process payments for our products and services or may store and process data on our behalf. These service providers are granted access to personal information for the purpose of performing their functions for Mahindra Finance.
Marketing
Mahindra Finance may share collected personal information with group companies whose products and services we believe you may find of interest. If you would prefer that we not share your personal information with any third parties for the third parties marketing purposes, you can notify us of your preference by contacting us.
Legal Matters
Mahindra Finance may share personal information in response to a court order, a request for cooperation from a law enforcement or other government agency, or as otherwise required by law to persons acting as representative capacity on your behalf to defend against legal claims to investigate, prevent, or take other action regarding illegal activity, suspected fraud, suspected violations of terms and conditions associated with any of our products or services, or other wrongdoing or to protect and defend the rights, property or safety of our company, our users, our employees, or others. You provide your consent with respect to sharing of information pursuant to this clause.
Transactions
Mahindra Finance may share personal information in connection with a substantial corporate transaction, such as mergers, acquisition, the sale of our business, a divestiture, consolidation, or asset sale, or in the unlikely event of bankruptcy. You provide your consent with respect to this clause.
Other Purposes
Mahindra Finance may share personal information as otherwise described to you at the point of collection or pursuant to your consent.
We take the security of your Information very seriously and have implemented policies and procedures that are designed to help safeguard your Information from unauthorized access, use or modification including:
Submitting information provided by you, through a secured transmission restricting access to your Information only to those employees who are required to know such information in order provide our Services to You and ensuring that all of our employees receive appropriate training on all of our security procedures and conducting regarding audits to verify compliance.
Mahindra Finance use commercially reasonable security measures (including physical, electronic and procedural measures) to help safeguard personal information against loss, misuse, damage or modification and unauthorized access or disclosure. However, no system for transmitting or storing information electronically can be completely secure. Therefore, we cannot guarantee that personal information or other communications will always remain secure
RETENTION OF INFORMATION
We are required under applicable laws to retain certain records for a period of at least 5 (five) years after closure of your MMFSL account, which will include your personal data such as your name, contact details and customer number, etc. ("Retained Data"). We will, in any case, retain your Personal Information for as long as there are statutory retention obligations or until potential legal claims are not yet time barred. Other than the Retained Data, we will delete and destroy all Personal Information that we hold about you when you (or we) terminate your MMFSL account.
DISCLAIMER
Kindly note that MMFSL does not collect Personal Information about individuals, except when such individuals specifically provide such information on a voluntary basis. Upon such voluntary disclosure of Personal Information, we may further verify, collate, or receive information about you from publicly and commercially available sources (as permitted by law), which we may combine with other information we receive from you. We may also receive information about you from third-party social networking services if you are already connected with those services. MMFSL shall, at all times, ensure to implement reasonable security practices and procedures (such as managerial, operational, physical and technical) for the purpose of protection and safeguarding of your Personal Information and information as the same is of vital importance to MMFSL. At MMFSL, we are strongly committed to protecting the personal and financial information that you submit to us. Personal Information of individual users will not be sold or otherwise transferred to unaffiliated third parties without your approval at the time of collection. However, please note that although we take reasonable steps to protect your information, no website, internet transmission, computer system or wireless connection is completely secure.
MMFSL shall ensure to safeguard the security and confidentiality of any Personal Information you share with us. Any of your personally identifiable information obtained by us shall not be used or shared other than for the purposes to which you consent. However, despite our utmost efforts to protect your Personal Information, MMFSL cannot warrant the security of any information you transmit to us through our online services / applications. By accepting this Privacy Policy, you accept that such transmission of your Personal Information is done at your own risk.
Your information / inputs / queries are required to serve you better and the same shall not be shared with anyone without your consent. However, we may disclose your Personal Information to agents or contractors of MMFSL and/or its group companies/affiliates to enable processing of transactions or communications with you “on need” basis. Your aforesaid information may be further used for assessment and analysis of our market, customers, products, and services and to understand the way people use our services so that we can improve them and develop new products and services. However, it shall be on the basis that the agents are required to keep the information confidential and will not use the information for any other purpose other than to carry out the services they are performing for MMFSL and/or its group companies/affiliates.
THIRD-PARTY LINKS AND CONTENT ON OUR SERVICES
The platform may have links to third-party websites and services that are outside our control. Further, MMFSL, its group companies, its affiliates, and their directors and employees (collectively, “MMFSL Group”) accept no liability and will not be liable for any loss or damage arising directly or indirectly (including but not limited to any special, incidental or consequential, punitive, or exemplary loss, damage or expenses) from the use of the platform (through the Merchant / MMFSL Representative, as the case may be, or otherwise) or your data being stored / uploaded on the platform or any site or inability to use by any party, howsoever arising, and including any loss, damage or expense arising from, but not limited to, any defect, error, omission, interruption, imperfection, fault, mistake or inaccuracy with any mobile or online application/site/services, its contents (material, information, data, money market movements, news items, etc.) or associated services, or due to unavailability of any platform or any part thereof or any contents or associated services, even if MMFSL Group are advised of the possibility of such damages, losses or expenses.
CUSTOMER COMMUNICATION
The Customer hereby gives its express consent to receive communications and to be contacted / notified, from time to time, through any Communication Mode(s) at any contact number, physical and / or electronic address provided by the Customer (either at the time of registering the Customer's Account / on boarding on the platform, or as may be updated thereafter) by us, our Representatives, affiliates, MMFSL Group and / or anyone authorised by us to communicate with the Customer on our behalf, in relation to the Customer’s account with MMFSL (if any), the services or products availed / sought by the Customer, or otherwise in relation to the products, services, facilities or offers provided by MMFSL, including but not limited to any communications in the nature of updates, notifications, reminders for repayment of the loan / facility / EMI / outstanding dues, information, alerts and updates, to be provided to the Customer.
For the purposes of this Policy, the term “Communication Mode,” shall mean any one or more modes that may be used for communicating with, updating or / notifying the Customer, in any form or manner, including without limitation, electronic mails, SMS messages (including text messages), calls using pre-recorded messages or artificial voice, calls, messages delivered using auto telephone dialling system or an automatic texting system, messages via WhatsApp Messenger, and notifications sent via the App. The following shall also be construed as a valid communication by MMFSL: (a) automated messages that may be played when the telephone call made to a phone / mobile number provided by the Customer, is answered by the Customer or anyone else; and / or (b) in the event that an agent or representative calls, he or she may also leave a message on the Customer’s answering machine, voice mail, or send a message via SMS.
From time to time, MMFSL may monitor and/or record telephone calls and other Communication Modes between MMFSL and the Customer, to ensure the quality of MMFSL’s customer service. The Customer hereby agrees and grants its consent to MMFSL for the same.
The Customer certifies, warrants, and represents that the telephone numbers, mobile number, postal address and/or email addresses and any other information that Customer has provided to the Merchant / MMFSL Representative, as the case may be, are their own and not someone else’s, and are true, accurate, current and complete. The Customer represents that they are permitted to receive calls, emails, and posts at each of the telephone numbers, email addresses and postal addresses they have provided us.
Mahindra and Mahindra Financial Services Limited (MMFSL) is committed to protecting the privacy and security of the personal and sensitive data of its customers. The purpose of this Data Security Policy (the ‘Policy’) is to set out responsibilities of MMFSL and to lay down clear guidelines for protecting and safeguarding the personal data of its customers against data security and privacy related incidents.
This Policy applies to MMFSL staff and business processes including Digital Lending Applications/Platforms (DLAs) of MMFSL as well as those operated by Lending Service Providers (LSPs) engaged by MMFSL for extending any credit facilitation services where personal data of customers is collected, stored, processed, shared, or transferred digitally.
Data Protection Principles
MMFSL shall ensure that processing of personal and sensitive data by its DLAs and the DLAs of its LSPs follow data protection principles while collecting, using, storing, and sharing personal data such as:
Rights of the Customers
Customers shall have the following rights with respect to their personal data:
Collection, Usage and Sharing of data with third parties.
MMFSL shall ensure that there is an audit trail of any collection of data which is collected on a need basis with the prior and explicit consent of the customer. The customers shall also be given the option to deny consent for use of specific data.
MMFSL shall ensure that DLAs do not access customers’ mobile phone resources like files and media, contact lists, call logs, telephone functions, etc. However, explicit consent of the customer will be required for a one-time access to the customer’s mobile camera, microphone, location, or any other facility necessary for the purpose of on-boarding/KYC requirements only.
MMFSL shall ensure that explicit consent of the customer is taken before sharing personal information with any third party except for cases where such sharing is required as per statutory or regulatory requirement.
Storage of Data
MMFSL shall ensure that LSPs/DLAs engaged by them do not store personal information of customers except some basic minimal data (viz., name, address, contact details of the customer, etc.) that may be required to carry out their operations.
MMFSL shall ensure that no biometric data is stored/ collected in the systems associated with the DLAs/LSPs of MMFSL, unless allowed under extant statutory guidelines.
MMFSL shall ensure that all data is stored only in servers located within India, while ensuring compliance with statutory obligations and/or regulatory instructions.
Personal Data Retention
The records pertaining to the identification of the customers and their addresses obtained while opening an account with MMFSL and during the course of business relationship, shall be preserved for at least five years after the end of the business relationship.
Personal Data Disposal or Destruction
MMFSL shall dispose or destroy all personal data if the purpose for which personal data was collected is fulfilled and personal data is no longer required for further processing.
MMFSL shall ensure that any personal data that is disposed/destroyed cannot be recovered back in its original form:
Standards for handling Data Security Breach
MMFSL along with LSPs engaged by it shall comply with various technology standards and/or requirements on cyber security stipulated by the Reserve Bank of India and other agencies, or as may be specified from time to time, for undertaking digital lending.