For the purpose of this Privacy Policy (hereinafter referred to as the “Policy”), wherever the context so requires:
This Policy describes generally acceptable privacy principles for the protection and appropriate use of personal information at the Company.. These principles shall govern the use, collection, disposal and transfer of personal information and sensitive and personal information.
The key data privacy principles are:
To create an account on the App or website, you must provide us with the basic details and information required as part of our Customer Identification process and you agree to our User Terms and Conditions and this Privacy Policy, which governs how we treat your information. App/website collects basic information required to provide customized services (for example: offers, content, more relevant ads), including your name, mailing address, postal code, job title, family details, employer details, phone number, PAN No., employment information, salary slips, declarations, your description and details in your account, financial information such as bank account etc. Such data is stored in our systems in accordance with Rule 3(h) of the Intermediary Rules and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (“IT (RSP) Rules”).
You will register with us using your Facebook or LinkedIn account or Google identity or any other third-party website mentioned on our Platform (“Third Party Sites”). You understand that, by creating an account or by registering through Third Party Sites, we and others will be able to identify you by your profile. We will also not be liable for the photographs and data that the users might upload, which are not in accordance with applicable law. We will ask for your bank account details only for the service provided by us. Such data is stored in our systems in accordance with the IT (RSP) Rules.
All the information that you shall provide us is voluntary, including sensitive personal information. You understand that we may use certain information of yours, which has been designated as ‘personal information’ or ‘sensitive personal data or information’ under the IT RSP Rules for the purpose of providing you the services and for sharing the information only with affiliates such persons who are identified in this Privacy Policy who are subject to this Privacy Policy, as will be explained further below.
Please note that we always ask for your permission before accessing the information on your phone. We may collect and monitor only your financial transaction, SMS, names of transacting parties, transaction description and amount to perform a risk assessment. Such data is stored in our systems in accordance with Rule 3(h) of the Intermediary Rules and the IT (RSP) Rules. No personal SMS data is collected, read or stored.
We hereby confirm that we do not store your personal information, except the personal information provided in following Clause of the Policy which is necessary to carry out our business operations which may be shared with third parties.
We may collect data about you from a variety of sources, including through:
This includes the types of personal or sensitive personal data that you provide us, in addition to the data mentioned in Section 4 above, with your consent for a specified purpose of providing you the services as mentioned in the Platform and/or other business/marketing purposes of the Company and its group companies, or any purpose agreed to you under contract (including our terms and conditions) including the following, under Rule 3 of the IT (RSP) Rules.
Some of these may be regarded as sensitive personal data or information under Rule 3 of the IT (RSP) Rules. We shall use the information collected by us only for the purpose for which it has been collected, for a specified purpose of providing you the services as mentioned in the Platform.
We may collect the following information from you, including:
SMS Permission: We will request permission to view all SMS messages and identify financial transactions only in order to determine your income and expense profile. Website and/ or the App will only store financial SMSs sent by 6- digit alphanumeric senders from the inbox which helps us identify the various accounts held by the user and to help perform an optimal ‘risk assessment’ of the user.
The data is accessed by our machine learning models only. We will only access those messages that are relevant to this purpose and will not read / store/share irrelevant or personal messages in any form or manner. The permission is voluntary and can be revoked at any time. However, denying access may lead to an inaccurate assessment of the user’s assessment on the platform. The data accessed by the said permission is stored in our systems in accordance with Rule 3(h) of the Intermediary Rules and the IT RSP Rules.
Phone Permission: Collect and monitor specific information about your device including your hardware model, operating system and version, unique device identifiers like IMEI and serial number, user profile information and mobile network information to uniquely identify the devices and ensure that unauthorized devices are not able to act on your behalf to prevent frauds. The data accessed by the said permission is stored in our systems in accordance with Rule 3(h) of the Intermediary Rules and the IT RSP Rules.
We request the users to provide us with contact references for the purpose of filling the reference details screen during the application stage. The data accessed by the said permission is stored in our systems in accordance with Rule 3(h) of the Intermediary Rules and the IT RSP Rules.
App/website will request permission to capture the user’s location for verification, risk analysis and operational purposes. The user’s location will enable website and/ or the App to verify addresses, determine serviceability and expedite the KYC process. The data accessed by the said permission is stored in our systems in accordance with Rule 3(h) of the Intermediary Rules and the IT RSP Rules.
Collect and monitor a list of installed apps on your device for profile enrichment Accounts Permissions Collect and monitor the list of accounts on your device for profile enrichment. The data accessed by the said permission is stored in our systems in accordance with Rule 3(h) of the Intermediary Rules and the IT RSP Rules.
For a better experience, while using our service, we may require you to provide us with certain personally identifiable information, including but not limited to User info. The information that we request will be retained by us and used as described in this privacy policy.
The app does use third party services that may collect information used to identify you. Certain third-party providers’ services are used by the App including the following: (i) Google; (ii) Facebook; (iii) IOs/ Apple, (iv) LinkedIn etc.
We want to inform you that whenever you use our service, in a case of an error in the app we collect data and information (through third party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol(“IP”) address, device name, operating system version, the configuration of the app when utilizing our service, the time and date of your use of the service, and other statistics.
Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device’s internal memory.
We may set cookies to track your usage on our web application platforms. We use data collection devices such as “cookies” on certain pages of the App and Website to help analyze our web page flow, measure promotional effectiveness, and promote trust and safety.
These are used to enhance your experience with our App. We use cookies to help us identify who you are, so your login experience is smooth each time. Cookies also allow us to collect Non-Personally Identifiable Information from you, like which pages you visited and what links you clicked on. Use of this information helps us to create a more user-friendly experience for all visitors. In addition, we may use Third Party Advertising Companies to display advertisements on our App. By using the app, you signify your consent to our use of cookies.
Please note that if you decline or delete these cookies, some parts of the App may not work properly.
We may employ third-party companies and individuals due to the following reasons:
We want to inform users of this service that these third parties have access to your personal information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security but we shall endeavour to use reasonable security measures to prevent any lapses.
You can access your personal identity details on our App/website through your login and password. We recommend that you do not share your password with anyone. In addition, your personal details are stored on a secure server located in India that only selected personnel contractors and authorised Agencies have access to on a need- to- know basis. We encrypt certain sensitive information using Secure Socket Layer (SSL) technology to ensure that your personal details are safe as it is transmitted to us.
Protection of your privacy and your data security is a top priority for us. We encrypt your data and store it in multiple databases. There are security group and firewall checks to control the APIs with multi-level authentication, authorisation and verifications.
However, you understand and accept no data transmission over the Internet can be guaranteed to be completely secure. We cannot ensure or warrant the security of any information that you transmit to us and you do so at your own risk. Data pilferage due to unauthorized hacking, virus attacks, technical is possible and we take no liabilities or responsibilities for it, except to the extent permitted in law. In case such security breach happens, we take the following steps as mentioned in this Policy.
This service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
All staff and contractors shall be granted access to the data and applications required for their job roles on a need basis. Access control applies to all networks, servers, workstations, laptops, mobile devices, web applications and websites, cloud storages, and services.
All staff and contractors shall access sensitive data and systems only if there is a business need to do so, and they have approval from higher management. Sensitive systems shall be physically or logically isolated to restrict access to authorized personnel only.
Access to data classified as ‘Confidential’ or ‘Restricted’ shall be limited to authorized persons whose job responsibilities require it and as approved by the higher/senior management.
The responsibility to implement access restrictions lies with the IT Security department.
We have reasonable management, technical and administrative measures in place to protect information within us.
Each user shall be identified by a unique user ID so that individuals can be held accountable for their actions and access shall be granted based on the principle of least privilege, which means that each program and user will be granted the fewest privileges necessary to complete their tasks.
Role-based Access Control (RBAC) shall be used to secure access to all file-based resources in Active Directory domains.
The use of shared identities shall be permitted only where they are suitable, such as training accounts or service accounts.
All employees and contractors shall be given network access in accordance with business access control procedures and the least-privilege principle.
All staff and contractors who have remote access to company networks shall be authenticated using the VPN authentication mechanism only. Two-factor authentication should also be evaluated. segregation of networks shall be implemented as recommended by the company's network security assessment. Network administrators shall group together information services, users, and information systems as appropriate to achieve the required/adequate segregation.
All users must keep their passwords confidential and should not share any person.
We will not be liable / responsible for any breach of privacy owing to Users negligence.
User shall only use Our official application/website/links for availing product/services by inputting the domain information on the address bar. User is completely aware of the potential risk of data/privacy breach and User shall be solely liable for any unauthorized disclosure/ breach of personal/ sensitive personal information etc. and any direct/ indirect loss suffered by User due to User’s conduct. Hence, User shall exercise utmost caution to ensure that User’s personal data/ Sensitive personal data (including but not limited to any passwords, financial information, account details, etc.) are not shared/stored/made accessible through any physical means with or without User’s knowledge (disclosure to any person/third-party etc.) or through any electronic mode.
Transactions on the Website/App are secure and protected. Any information entered by the User when transacting on the Website/App is encrypted to protect the User against unintentional disclosure to third parties. The User’s credit and debit card information is not received, stored by or retained by the Company/Website/App in any manner. This information is supplied by the User directly to the relevant payment gateway, which is authorized to handle the information provided, and is compliant with the regulations and requirements of various banks and institutions and payment franchisees that it is associated with.
We use third-party advertising companies to serve ads to the users of the Website. These companies may use information relating to the User’s visits to the Website and other websites in order to provide customised advertisements to the User. Furthermore, the Website may contain links to other websites that may collect personally identifiable information. The Company/Website is not responsible for the privacy practices or the content of any of the aforementioned linked websites, and the User expressly acknowledges the same and agrees that any and all risks associated will be borne entirely by the User. We strongly advise you to review the privacy policy of every site you visit.
If you have any complaint under the Information Technology Act 2000, the IT RSP Rules or any FinTechcomplaints/issues, the contact details of the Data Protection Officer and Grievance Redressal Officer are provided below.
The Data Protection and Grievance Redressal Officer should acknowledge the complaint within 24 (twenty-four) hours and dispose of such complaint within a period of 30 (thirty) days from the date of its receipt.
Mr. Rohit Shetty
5th Floor, Paville House, Twin Towers Lane,
Off Veer Savarkar Marg, Prabhadevi,
Mumbai-400025.
Phone number: 022-46047350
E-Mail ID: support@aeriesfinancialtechnologies.com
In order to keep your personal data secure, we have implemented a number of security measures including: We value your Personal Information, and protect it on the Platform against loss, misuse or alteration by taking extensive security measures. In order to protect your Personal Information, we have implemented adequate technology and will update these measures as new technology becomes available, as appropriate. All Personal Information is securely stored on a secure cloud setup and all communication happens via secure SSL communication channels.
You are responsible for all actions that take place under your User Account. If you choose to share your User Account details and password or any Personal Information with third parties, you are solely responsible for the same. If you lose control of your User Account, you may lose substantial control over your Personal Information and may be subject to legally binding actions.
No data collected and allowed to be stored by us shall be stored in any server which is not located in India.
Standards for handling security breach:
a. if any security breach comes to our knowledge, then we may take all steps required to protect misuse of such information and may attempt to notify you electronically so that you can take appropriate steps.
b. As per the Indian Computer Emergency Response Team (“CERT-In”) cyber-security directions under Section 70B (6) of the Information Technology Act, 2000 (CERT Directions), we shall report cyber incidents (as mentioned in Annexure I of the CERT Directions) within 6 (six) hours of noticing such incidents or being brought to notice about such incidents. For incidents not covered herein, we shall report cyber security incidents within a reasonable time of occurrence or noticing the incident to have scope for timely action under Rule 12(1)(a) of the CERT Rules, any entity affected by cyber-security incidents should. We shall report the cyber security incidents if they arise to: CERT- In via an email (incident@cert- in.org.in), Phone (1800-11-4949) and Fax (1800-116969). We shall comply with the Information Technology Act 2000 and the rules thereunder with respect to the applicable cyber security standards.
We will only retain your personal data for as long as it is necessary for the stated purpose, taking into account also our need to answer queries or resolve problems, provide improved and new services, and comply with legal requirements under applicable laws. This means that we may retain your personal data for a reasonable period after your last interaction with us. Kindly note that we do not sell your personal data to any third party and the use of your personal data is strictly restricted to the services provided by us, as mentioned herein. Your data will be stored in our systems in accordance with the Information Technology Act, 2000, Rule 3(h) of the Intermediary Rules and the IT RSP Rules (“IT RSP Rules”). When there is no longer a business, legal, or regulatory requirement to keep the data, then the data will be purged in a secure manner.
Data Destruction Protocol: All the data, including all the copies thereof will be destroyed post the completion of the business, legal or regulatory requirement. In case the data are stored in physical form, that is, CDs, DVDs, Pen Drive, tapes, etc., then the physical device storage shall be destroyed. In case the data are stored in digital form, then secure erasure of individual folders and/or files will be done.
Users are permitted to request the deletion of their accounts from the application by initiating an account deletion request. However, such requests will not be considered if the customer falls under any of the following criteria:
We will delete the user data associated with the user’s account in accordance with our retention clause mentioned in this policy and the following conditions:
Data shall be retained for an extended period of time:
The customer account shall be deleted on the 30th day from the date of submission of request for data deletion.
If the customer logs into the account before the 30th day, it shall be treated as an automatic cancellation of the deletion request. If the user logs in to the app post the completion of the 30 days period, he/she shall be treated as a new customer.
When a user’s account deletion request is successfully submitted, the following details shall be deleted from our database:
However, for regulatory and legal compliance reasons, other details related to the user’s account, including user-submitted data, service history, transaction history, investment history, KYC and CIBIL data shall be retained as per any applicable law.
We may retain User’s Information if it is required to provide services or as long as it is required for business purposes. Retention of Information will be as per applicable law/regulatory requirements in India.
Information may be retained for an extended period:
As per the applicable data protection law, your principal rights are as follows. Please read this in in conjunction with the Policy,
Right to withdraw consent: You have the option, at any time while availing our Services or otherwise, to withdraw your consent given to us, for processing your data. In case of withdrawal of your consent, we reserve the option not to provide the Services for which such information was sought. In case the Services are already availed and then you raise a request to withdraw consent, then we have the right to retain to stop the provision of the Services.
By agreeing to avail of the services offered by us, the User’s agrees to the collection and use of their Sensitive Personal Data or Information by us. The User always has the right to refuse or withdraw their consent to share/disseminate their Personal Data or Sensitive Personal Data or Information by contacting customer care. The user also has the right to request for correction of data they believe is inaccurate or deficient and we shall endeavour to do the same as soon as practicable.
You have the right to exercise any of the above rights by contacting our Data Protection and Grievance Redressal Officer (“DPRO”) as mentioned under Clause XIV of this Policy. Once we receive your request and verify the same satisfactorily, we shall proceed with assisting you on your request.
[Note:It is specified that the withdrawal request shall be routed through the DPRO and not customer care (as mentioned in the other policies)].
Any controversy or claim arising out of or relating to this policy shall be decided by Arbitration in accordance with the Arbitration and Conciliation Act 1996 and the governing law shall be the laws of India. The Arbitral Tribunal shall consist of one arbitrator who shall be appointed in accordance with the Arbitration and Conciliation Act 1996. Any such controversy or claim shall be arbitrated on an individual basis and shall not be consolidated in any arbitration with any claim or controversy of any other party. Any other dispute or disagreement of a legal nature will also be decided in accordance with the laws of India, and the Courts at Mumbai shall have exclusive jurisdiction in all such cases, subject to the foregoing.
We keep our Policy under regular review and may update the same to reflect changes to our information related practices. We encourage you to periodically review this page for the latest information on our privacy practices, your continued use and access of our platform will be taken as acceptance of the updated policy.
This Policy shall be reviewed by the Committee/Board as and when any changes are to be made in the Policy or at such intervals as may be considered necessary to ensure compliance with any regulatory or statutory requirement from time to time. Any changes in or modifications to the Policy as recommended by the Committee shall be presented to the Board for approval.