Privacy Policy

At KredX, we put our top priority on protecting your personal information. We have created this Privacy Policy to demonstrate our commitment to your right to data protection and privacy. This Privacy Policy is updated and effective from 27 October 2023.

Interpretation

For the purpose of understanding and interpreting various terms used in the Privacy Policy (Hereinafter referred to as “Policy”) as stated hereunder, the defined terms as stated hereunder shall be interpreted as per the definition give below:

Affiliates” shall mean any Person that, directly or indirectly, through one or more intermediaries, Controls, is Controlled by, or is under common Control with a Party and shall include a subsidiary or a holding company of such Person, and, in case of a Party being a natural person, the Relative of such Party.

Force Majeure Event” shall mean any event that is beyond our reasonable control and shall include, without limitation, sabotage, fire, flood, explosion, acts of God, civil commotion, strikes or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, unauthorized access to your mobile or storage device, crashes, breach of security and encryption.

KredX” shall mean and refer to Minion Ventures Private Limited (CIN) U74900KA2015PTC080305, a Company constituted under the Companies Act, 2013 having its registered office at Wing A, Ground Floor, Office-1 Block A, Salarpuria Softzone, Bellandur Village Varthur Hobli Bangalore, India and its subsidiaries and group companies namely KredX Finance Private Limited (CIN U65990KA2022PTC157708), KredX Ventures IFSC Private Limited (CIN U67110GJ2022PTC128919  ) and KredX Platform Private Limited(CIN U72900KA2021PTC147215)

Personal Information” refers to any information that identifies or can be used to identify, contact or locate the person, to whom such information pertains including, but not limited to, name, address, phone number, email address, identification number or documents and any other information disclosed by you in relation to the Services.

Sensitive Information” means sensitive personal data or information of a person means such personal information which consists of information relating to passwords, financial information such as bank account or credit card or debit card or other payment instrument details, biometric information, details of nominees and national identifiers including but not limited to: Aadhaar card, passport number, PAN, etc. For customers enrolled in Services provided by KredX, personal information about the transaction is collected. Provided any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or Sensitive Information for the purpose of these terms and conditions.

Third Party” refers to any person or entity other than you or us.

Introduction

Fully acknowledging the fact that your personal information belongs to you, we do our best to securely and carefully process the information you share with us. We place our highest value on your trust. We hence collect a minimal amount of information only with your permission and use it solely for its intended purposes. 

We at KredX devote best efforts to ensure your data is protected. In order to do so, your trust is paramount and thus, we will do our best to protect your personal information. The privacy policy aims to explain what type of personal information is collected, how the information is collected, how the information is used and with whom it is shared, how your consent to use your personal information can be altered, modified or rescinded, Grievance Redressal provisions and matters incidental thereto. 

This document is an electronic record in terms of Information Technology Act, 2000 and rules there under as applicable and the amended provisions pertaining to electronic records in various statutes as amended by the Information Technology Act, 2000. This electronic record is generated by a computer system and does not require any physical or digital signatures. This document is published in accordance with the provisions of Rule 3 (1) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediary Rules”) that require publishing the rules and regulations, privacy Policy and Terms of Use for access or usage of the Platform. This website is owned and operated by KredX. We confirm that our privacy Policy is compliant with applicable laws, rules and regulations. Further, this Privacy Policy shall be governed by the provisions of the Digital Personal Data Protection Act, 2023, rules and amendments made thereunder from time to time.

Additional terms and conditions applicable to specific areas of this Website or to particular content or transactions are also posted in particular areas of the Website and, together with these terms, govern your use of those areas, content or transactions. By using the Website, you signify your acceptance to the Policy terms which takes effect immediately upon your use of the Services, and create a legally binding arrangement to abide by the same.

Scope and Applicability

The terms and provisions of this Policy apply to the personal data and the sensitive personal data that we collect about you for the purposes of providing you with our services. Personal data or information as used in this Policy shall include sensitive personal data or information, as applicable. This Policy is formulated under the Information Technology Act 2000, the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (“IT RSP Rules''), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediary Rules”), guidelines, rules and regulations issued by regulatory/statutory authorities 

By using this website or by giving us your personal data and sensitive personal data, you accept the practices described in this Policy, its contents, and have provided your informed consent to us collecting, storing, processing, transferring and sharing your Personal Information with lenders, partners, service providers for the purposes set out in this Policy. If you do not agree to this Privacy Policy, please do not use this website or give us any personal data or sensitive personal data.

We reserve the right to change this Policy without prior notice due to changes in applicable laws, promulgation of new statutes/laws/regulations or basis directions issued by competent statutory/regulatory authorities. For ensuring that you are updated on the Policy terms, We encourage you to regularly review this policy to ensure that you are aware of any changes and how your personal data may be used.

Please note that KredX might engage in business activities which might be interpreted as “digital lending activity” as covered under the Digital Lending Guidelines (“DLG Guidelines”) issued by Reserve Bank of India (“RBI”). Please note that with respect to digital lending under the DLG Guidelines, KredX shall ensure that it will not store personal information of borrowers or financiers except some basic minimal data (viz., name, address, contact details of the customer, etc.) that may be required to carry out their operations. A one-time access can be taken for camera, microphone, location or any other facility necessary for the purpose of on-boarding/KYC requirements only, with the explicit consent of the borrower or financier. 

Personal Information / Sensitive Information that may be collected and manner of its use:

Personal Information provided by you in relation to the use of the Website: In order for you to access the Website, we may collect your Personal Information and / or Sensitive Information as may be required for the purposes connected thereto. We endeavor to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.

We may collect information from you through a variety of sources including;

Device information —We collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number).

Log information —When you use our Services or view content provided by us, we automatically collect and store certain information in server logs. This includes:

  • Internet Protocol (IP) address.
  • Device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
  • Cookies that may uniquely identify your browser or your account.

Purpose and Usage

KredX uses the information collected and appropriately notifies you to manage its business and offer an enhanced, personalised online experience on its website. Further, it enables KredX to:

  • Process applications, requests and transactions
  • Maintain internal records as per regulatory guidelines
  • Provide services to customers, including responding to customer requests
  • Comply with all applicable laws and regulations
  • Recognise the customer when he conducts online transactions
  • Understand the needs and provide relevant product and service offers
  • Obtain necessary rankings / ratings from various agencies (including CIBIL)

Cookies

Cookies are small pieces of information saved by your browser onto your electronic devices. Cookies are used to record various aspects of your visit and assist us to provide you with uninterrupted service. Cookies may be set in your browser by us when you access the Services or may be set in when you visit Third Party websites.
This anonymous information is maintained distinctly and is not linked to the Personal Information that you submit to us. We use cookies collected to:

  • Authenticate your login information
  • Enable our security features;
  • Show you advertising; and
  • Improve and develop the features of the Website.

Please feel free to change your browser settings if you do not wish to accept cookies. However, please note that changing your browser setting may affect your experience on the Services.

Others

In addition to the cookies, we may also collect information to enable us to better understand you so that we can improve your user experience; to assist our customer service and technical support personnel; and put processes in place to prevent fraud and unlawful use. In an effort to make the Website effective and improve the Website, certain information may be collected each time you access the Website. Such information may be saved in server logs in an encrypted form which may not identify you personally. In addition to cookies, we use web beacons, ad tags, and pixels to advertise as part of the Services. The above- mentioned data may be used by us and may be shared with our sponsors, investors, advertisers, developers, strategic business partners or other associates to enhance and grow the user experience in relation to the Website.

You might register with us using your Facebook or LinkedIn account or Google identity or any other third party website mentioned on our website (“Third Party Sites''). You understand that, by creating an account or by registering through Third Party Sites, we and others will be able to identify you by your profile. We will also not be liable for the photographs and data that the users might upload, which are not in accordance with applicable law. We will ask for your personal information details only for the service provided by us. Such data is stored in our systems in accordance with Rule 3(h) of the Intermediary Rules and the IT RSP Rules. 

All the information that you shall provide us is voluntary, including sensitive personal information. You understand that we may use certain information of yours, which has been designated as ‘sensitive personal data or information’ under the IT RSP Rules for the purpose of providing you our services and for sharing the information only with affiliates such persons who are identified in this Privacy Policy who are subject to this Privacy Policy, as will be explained further below.

Please note that we always ask for your permission before accessing the information. We hereby confirm that we do not store your personal information, except the personal information provided in this Policy which is necessary to carry out our business operations which may be shared with third parties. The website and our App does not store personal information of users except some basic minimal data (viz., name, address, contact details of the customer, etc.) that may be required to carry out business operations.

Some of the data collected by us may be regarded as sensitive personal data or information under Rule 3 of the IT RSP Rules. We shall use the information collected by us only for the purpose for which it has been collected, for a specified purpose of providing you the services as mentioned in the Platform.

  1. Personal contact information, including any information allowing us to contact you in person. It would include, but is not limited to, users’ KYC details, borrowers or financiers/users’ academic information and documents, co-borrowers/financiers/users’ financial documents, etc.
  2. Demographic information, including date of birth, age, gender, location. We may also collect the location data, if enabled by you to do so. Geolocation includes country of access, IP address, etc.
  3. User image, for us to cross check and verify the authenticity of the User and for prevention of fraud.
  4. Account login information including any information that is required for you to establish a user account with us. (e.g. login ID/ email, user name, password and security question/answer);
  5. Consumer feedback, including information that you share with us about your experience in using our services (e.g. your comments and suggestions, testimonials and other feedback)
  6. We may collect the Usage data, including but not limited to access date and time, platform features and/or pages viewed, type of browser, hardware models, operating systems and versions, software, mobile network data, etc.
  7. The data collected, as mentioned above, is solely restricted to the above-mentioned activities and will not be used for any other purpose. In case we use the data for any other purpose, explicit consent shall be taken from the users.
  8. We will desist from accessing mobile phone resources like file and media, contact list, call logs, telephony functions from user phone resources.
  9. We will ensure that access to camera, microphone, location or any other facility necessary for the purpose of on-boarding/ KYC requirements and only with the explicit consent of the user.
  10. We will ensure that biometric data is stored/collected in the systems, only in accordance with applicable law and the IT RSP Rules.
  11. We will ensure that all data is stored only in servers located within India, while ensuring compliance with statutory obligations/ regulatory instructions.
  12. You are provided with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the App (as defined under the DLG Guidelines) delete/forget the data. In case of withdrawal or modification of your consent or your amendment of any of your choices in this regard, we reserve the option not to provide the services or modify the services provided to you for which such information was sought.
  13. We and our affiliated partners may use the personal information submitted by you to contact you in relation to the services offered. This shall override any calling preferences.

Engaging Third Party Service Providers

KredX may engage or use the service of third party Service Providers while providing various services due to the following reasons:

  • To facilitate our service.
  • To provide the service on our behalf.
  • To perform service-related services; or
  • To assist us in analyzing how our service is used.

KredX wishes to inform users that these third parties have access to your personal information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

Sharing of Personal Information

  1. We may share your personal information with other corporate entities and affiliates to help detect and prevent identity theft, fraud and other potentially illegal acts; correlate related or multiple accounts to prevent abuse of our services, to facilitate joint or co-branded services, where such services are provided by more than one corporate entity, or if required to do so in course of our business operations. The third parties to whom your data may be disclosed shall not disclose the data further.
  2. We may disclose personal information if required to do so by law or if we in good faith believe that such disclosure is reasonably necessary to respond to subpoenas, court-orders, or other legal processes.
  3. If we are involved in a merger, acquisition, or sale of assets, we’ll continue to ensure the confidentiality of your personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy. Business Transfers: As we continue to develop our business, we might sell or buy business units. In such transactions, customer information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Policy (unless, of course, the customer consents otherwise). Also, in the event that KredX’s assets or substantially all of its assets are acquired, customer information maybe one of the transferred assets.
  4. We may employ other companies and individuals, call centres, payment gateways, banks to perform functions on our behalf. Examples include delivering e-mail, analyzing data, providing marketing assistance, providing search results and links (including paid listings and links) and providing customer service. They have access to personal information needed to perform their functions but may not use it for other purposes. Further, they must process the personal information in accordance with this Privacy Policy and as permitted by applicable law.
  5. We release personal information when we believe, release is appropriate to comply with the law; enforce or apply our User Terms and Conditions and other agreements; or protect the rights, property or safety of App, our users or others. This includes exchanging information with other companies, organizations, government or regulatory authorities for fraud protection and credit risk reduction.

DISCLAIMERS

  • The website may be under constant upgrades, and some functions and features may not be fully operational.
  • We disclaim any liability arising due to the vagaries that can occur in the electronic distribution of information.
  • You acknowledge that third party services are available on the website. We may have formed partnerships or alliances with some of these third parties from time to time in order to facilitate the provision of certain services to you. However, you acknowledge and agree that at no time are we making any representation or warranty regarding any third party's services nor will we be liable to you or any third party for any consequences or claims arising from or in connection with such third party including, and not limited to, any liability or responsibility for, death, injury or impairment experienced by you or any third party. You hereby disclaim and waive any rights and claims you may have against us with respect to third party’s services.
  • We do not, in any way, endorse any information or service offered or described herein. In no event shall we be liable to you or any third party for any decision made or action taken in reliance on such information.
  • You assume all responsibility and risk with respect to your use of the website. The services are available “as is,” and “as available”. you understand and agree that, to the fullest extent permitted by law, we disclaim all warranties, representations and endorsements, express or implied, with regard to the website, including, without limitation, implied warranties of title, merchantability, non-infringement and fitness for a particular purpose.
  • We do not warrant that use of the website will be uninterrupted or error-free or that errors will be detected or corrected. We do not assume any liability or responsibility for any computer viruses, bugs, malicious code or other harmful components, delays, inaccuracies, errors or omissions, or the accuracy, completeness, reliability or usefulness of the information disclosed or accessed through the services.
  • In no event, under no legal or equitable theory (whether tort, contract, strict liability or otherwise), shall we or any of our respective employees, directors, officers, agents or affiliates, be liable hereunder or otherwise for any loss or damage of any kind, direct or indirect, in connection with or arising from the use of the website / services or our agreement with you concerning the services, including, but not limited to, (i) the use of or inability to use the site, the service, or the content, (ii) any transaction conducted through or facilitated by the site; (iii) any claim attributable to errors, omissions, or other inaccuracies in the site, the service and/or the content, (iv) unauthorized access to or alteration of your transmissions or data, or (v) any other matter relating to the site, the service, or the content, and any compensatory, direct, consequential, incidental, indirect, special or punitive damages, lost anticipated profits, loss of goodwill, loss of data, business interruption, accuracy of results, or computer failure or malfunction, even if we have been advised of or should have known of the possibility of such damages.

Data Security

We strive to ensure the security, integrity and privacy of your Personal Information and Sensitive Information. To protect your Personal Information / Sensitive Information against unauthorized access or unauthorized alteration, disclosure or destruction.

You can access your personal identity details on our website/App through your login and password. We recommend that you do not share your password with anyone. In addition, your personal details are stored on a secure server located in India that only selected personnel contractors and authorised Agencies have access to on a need- to- know basis. We encrypt certain sensitive information using Secure Socket Layer (SSL) technology to ensure that your personal details are safe as it is transmitted to us.

We are not responsible for any breach of security or for any actions of any Third Parties that receive your Personal Information / Sensitive Information. We are not/shall be not responsible for their privacy policies or practices as it is beyond our control.

You are responsible for all actions that take place under your User Account. If you choose to share your User Account details and password or any Personal Information with third parties, you are solely responsible for the same. If you lose control of your User Account, you may lose substantial control over your Personal Information and may be subject to legally binding actions.

No data collected and allowed to be stored by us shall be stored in any server which is not located in India.

Standards for handling security breach:

  1. All suspected or reported security breaches or violations shall be logged and tracked from initiation of the preliminary analysis to determine whether there was a security breach or violation till completion of actions taken.
  2. Appropriate contacts with relevant authorities shall be maintained to escalate to respective authorities as required, including the local cyber cell information.
  3. Below mentioned are the steps for handling security breach:
    • Move quickly to secure the systems and fix vulnerabilities that may have caused the breach.
    • Switch off the servers and change the access code to prevent additional data loss.
    • Mobilize the breach response team right away to prevent additional data loss.
    • Additional security required will be placed.
    • Securely delete personally identifiable information (PII) and other sensitive data when it is no longer needed for business purposes.
  4. If any security breach comes to our knowledge, then we may take all steps required to prevent misuse of such information and may attempt to notify you electronically so that you can take appropriate steps.
  5. As per the Indian Computer Emergency Response Team (“CERT-In”) cyber-security directions under Section 70B (6) of the Information Technology Act, 2000 (CERT Directions), we shall report cyber incidents (as mentioned in Annexure I of the CERT Directions) within stipulated time lines of noticing such incidents or being brought to notice about such incidents. For incidents not covered herein, we shall report cyber security incidents within a reasonable time of occurrence or notice of the incident to have scope for timely action under Rule 12(1)(a) of the CERT Rules, any entity affected by cyber-security incidents should. We shall report the cyber security incidents if they arise to: CERT- In via an email (incident@cert- in.org.in), Phone (1800-11-4949) and Fax (1800-116969). We shall comply with the Information Technology Act 2000 and the rules thereunder with respect to the applicable cyber security standards.

Notwithstanding anything contained in this Privacy Policy or elsewhere, we shall not be held responsible for any loss, damage or misuse of your Personal Information / Sensitive Information, if such loss, damage or misuse is attributable to a Force Majeure Event.

Data Retention

Information may be retained for a duration, required under applicable statutes/by regulations, rules or guidelines or as long as required to achieve the identified (and notified) purpose. 

We will only retain your personal data for as long as it is necessary for the stated purpose, taking into account also our need to answer queries or resolve problems, provide improved and new services, and comply with legal requirements under applicable laws. This means that we may retain your personal data for a reasonable period after your last interaction with us. Kindly note that we do not sell your personal data to any third party and the use of your personal data is strictly restricted to the services provided by us, as mentioned herein. Your data will be stored in our systems in accordance with the Information Technology Act, 2000, Rule 3(h) of the Intermediary Rules and the IT RSP Rules (“IT RSP Rules”).

When there is no longer a business, legal, or regulatory requirement to keep the data, then the data will be purged in a secure manner.

Data Destruction Protocol: All the data, including all the copies thereof will be destroyed post the completion of the business, legal or regulatory requirement. In case the data are stored in digital form, then secure erasure of individual folders and/or files will be done.

If you have any questions about this Privacy Policy, please feel free to write to us at pay.support@kredx.com

Other uses of the information provided:

We make all efforts to ensure that we collect only such Personal Information that we believe to be relevant in order to record, support, and facilitate your access to the Website.

Communication:

We may offer email, short message service (sms), multimedia message service (mms) or other forms of communication to share information with you about certain promotions or features the Services may choose to offer or about our affiliates, subsidiaries, business partners, advertisers and sponsors. You may receive such communication when you have registered as a User.

Disclosure of Information:

KredX may make disclosures of information diligently which is required pursuant to law or court order or under any legal procedure. We may or may not notify you for the same.

Third Party content:

We cannot and will not assure that other Users are or will be complying with the foregoing rules or any other provisions of this T&C, and, as between you and us, you hereby assume all risk of harm or injury resulting from any such lack of compliance.

You acknowledge that when you access a link when accessing the Website, the site you will enter into is not controlled by us and different terms of use and privacy policy may apply. By assessing links, you acknowledge that we are not responsible for those sites. We reserve the right to disable links to and / or from third-party sites to the Website, although we are under no obligation to do so. If you have any queries, concerns or complaints about such third party websites or mobile applications you must direct them to the operator of that third party website or mobile application.

We have no control over and accept no responsibility for the content of any website or mobile application to which a link from the Website exists (unless we are the provider of those linked websites or mobile applications). Such linked websites and mobile applications are provided “as is” for your convenience only with no warranty, express or implied, for the information provided within them.

Right to Withdraw Consent and Incidental Rights

You have the option, at any time while availing our Services or otherwise, to withdraw your consent given to us, for processing your data. In case of withdrawal of your consent, we reserve the option not to provide the Services for which such information was sought. In case the Services are already availed and then you raise a request to withdraw consent, then we have the right to retain to stop the provision of the Services.

You have the right to exercise any of the above rights by contacting the Official specified in “Grievance Redressal” clause of this Policy. Once we receive your request and verify the same satisfactorily, we shall proceed with assisting you on your requests.

Grievances Redressal

If you have any complaint under the Information Technology Act 2000, the IT RSP Rules or any FinTech/ digital lending related complaints/issues, the contact details of the Grievance Redressal Officer are provided below.

Nodal Officer 

Name: Amrutha A

Ph: 08061799200, IVR-9

Email: Amrutha@Kredx.Com

Governing Law and Dispute Resolution

Any controversy or claim arising out of or relating to this policy shall be decided by Arbitration in accordance with the Arbitration and Conciliation Act 1996 and the governing law shall be the laws of India. The Arbitral Tribunal shall consist of one arbitrator who shall be appointed by an Arbitral Institute nominated by the Parties hereto in accordance with the Arbitration and Conciliation Act 1996.Any such controversy or claim shall be arbitrated on an individual basis and shall not be consolidated in any arbitration with any claim or controversy of any other party. Any other dispute or disagreement of a legal nature will also be decided in accordance with the laws of India, and the Courts at Bengaluru shall have exclusive jurisdiction in all such cases, subject to the foregoing.