Data Privacy Policy
TABLE OF CONTENTS
Policy Scope
This Data Privacy Policy sets out the requirements for ensuring that Hero FinCorp Ltd. (hereinafter referred to as “HFCL” or “we” or “us”) collect, use, retain and disclose personal information in a fair, transparent and secured way.
This Policy is applicable to personal information of all the users (hereinafter also referred to as “You”, “Your” or “User”) of HFCL’s services, including users of HFCL website, mobile application and its social media accounts. It excludes independent data held by third-parties, but includes:
Personal information collected or processed by third parties on behalf of HFCL; and
Personal information collected directly by HFCL.
This Policy applies regardless of whether you use a computer, mobile phone, tablet, or any other media or electronic resource to access HFCL Services.
Policy Objective
This Data Privacy Policy provides guidance on processing of personal information, which includes, but is not limited to, collecting, using, retaining/storing, accessing and/or disclosing such information by Hero FinCorp as often as is necessary.
It is the goal of Hero FinCorp to balance the benefits of a global and centralized business with the individual’s right to privacy and having his or her personal information protected. HFCL is committed to respecting the individual’s privacy rights and expectations and to protecting the individual’s personal information collected by HFCL from unauthorized access, use, retention/storage and/or disclosure. Meeting this commitment is a primary management objective and collective responsibility of all HFCL employees as well as third parties conducting business with or on behalf of Hero FinCorp.
Personal Information we collect
HFCL asks for and uses your personal information and is committed to keeping this information secure. HFCL has expended considerable time, effort, and resources, and has implemented technical and organizational measures to maintain the security of your Personal Information. Only personal information required for authorized and legitimate business activities shall be collected from the information provider.
HFCL collects the following types of information:
Information you provide us directly:
Identification Information: Your name, email address, phone number, mobile number, signature and photograph, any other contact details, government or other identity documents, date of birth, gender, employment, educational background, PAN, Aadhaar number, driver’s license number, passport number, your other relevant KYC documents as required by HFCL;
Media Information: Documents / Media files as may be required uploaded directly by users during user account management or transaction order placement;
Bank account or other payment instrument details;
Any other detail which may be required by HFCL for providing Services including but not limited to other historical, contact and demographic information;
We may request for one-time access to your camera, microphone, location and mobile device and store such information only for the purpose of onboarding or KYC requirements with your explicit consent. We do not access your other mobile resources including file and media, contact list, call logs, etc.
Information that HFCL may collect from Your use of Our Services, such as:
SMS Information: We may read SMS to retrieve OTP sent by HFCL during login or transaction related authentication;
Location Information: We may collect information about the location of device used to access our website or application(s);
Device Information: We may collect specific information about devices used to access our Services, such as hardware model and version, operating system and version, unique device identifier, network information and information about the device’s interaction with our services;
Use Information: We may collect information about how you use our Services, including your access time and Internet Protocol (“IP”) address.
Information Hero FinCorp Collect from Other Sources:
Hero FinCorp may collect information about you from third parties, including third-party verification services, credit bureaus and publicly available sources. This may include without limitation credit-related information with any credit reporting agency or credit bureau, and any person or corporation with whom you have had, currently have, or may have a financial relationship, including without limitation past, present, and future places of employment and personal reporting agencies in accordance with the applicable laws and wherever necessary with your authorization.
Use of Personal Information
As per regulatory requirement we collect personal information for performing KYC of the customer, bank account statements are collected to establish credit worthiness of the customer, bank account details are collected for collection of dues/loan repayment.
We use personal information to provide you with services you explicitly requested with your explicit consent for, including but not limited to –
To resolve disputes, troubleshoot concerns, help promote safe services, assess your interest in our services, inform you about offers, products, services, updates, customize your experience, detect and protect us against errors, fraud and other criminal activity, enforce our terms and conditions, etc.
To send you communication regarding various services/facilities which HFCL or its group companies may, from time to time, launch.
We also may use information about you to measure, customize, and enhance our Services, including the design, content, and functionality of our website or mobile application, or to track and analyse trends and usage relating to our Services.
Further, HFCL or any third party, as may be authorized by HFCL may use information about you to provide, maintain, and improve our Services, such as:
To develop credit risk models and perform risk assessment;
To detect and prevent fraud;
To diagnose or fix technology problems;
To conduct statistical and market analysis;
To develop and test new products and features;
To verify information that you have provided;
To process your financial and non-financial transaction requests;
To find adequate references for your loan application;
To deliver relevant information, including technical notices, security alerts, and support and administrative messages;
To establish contact with you when necessary by email, SMS, letter, telephone or in any other way to respond to your queries and feedback or inform about our products and services;
To provide you with the services that might be required by you;
To take up and investigate any complaints/claims/disputes;
To maintain records or fulfil the requirements of applicable laws / regulations and / or court orders / regulatory directives received by us;
For any other legitimate purpose.
The personal information shall be used for the purpose for which it has been collected. The privacy risks shall be taken into consideration, before the collection, use, retention or disclosure of personal information, such as in a new system or as part of a project.
Storage of Information
We store and process your personal information in a secured manner. We use reasonable safeguards to preserve the integrity and security of your information against loss, theft, unauthorised access, disclosure, reproduction, use or amendment. To achieve the same, we use reasonable security practices and procedures as mandated under applicable laws for the protection of your information. Information you provide to us may be stored on any of our secure servers located within India.
Disclosure of Information
The Information provided by you may be disclosed to:
RBI, SEBI, CIBIL, Credit Bureaus, Credit Rating Agencies, Databanks, KYC Registration Agencies (KRAs), collection partner and other such agencies,
Another business entity to carry out any business activity or re-organization, amalgamation, restructuring of business or for any other such reason;
Any actual or proposed assignee, transferee, participant or sub-participant of HFCL;
To comply with applicable law, directions from Government agencies mandated under law for prevention and investigation of offences, or to comply with an order issued by a competent court;
Any judicial, government or regulatory bodies, statutory authorities, quasi-judicial authorities;
Any other banks, NBFCs or financial institutions;
Auditors, professional advisors;
Any Affiliate, business partners, associate, office of HFCL and to their employees;
Any other authorized third-party service providers.
We may share your information with third parties under a confidentiality agreement for provision of Services which inter alia restricts such third parties from further disclosing the information unless such disclosure is for the purpose as detailed under that confidentiality agreement.
Hero FinCorp may transfer sensitive personal data or information to any other entity or person that ensures the same level of data protection that is adhered to by Hero FinCorp under the IT Rules of 2011. Transfer of information shall be allowed only if it is necessary for the performance of lawful contract entered into between Hero FinCorp or any person on its behalf and the information provider or where the information provider has consented to such transfer. Adequate protection mechanism shall be provided for personal information when it is transferred outside Hero FinCorp’s network.
Reasonable due diligence activities shall be conducted to ensure that the third party has appropriate security & privacy controls in place prior to sharing of any personal information (including sensitive personal data or information). You also have the ability to restrict disclosure of your information to third parties, however, please note that this may affect your seamless access to such product/ service as opted by you. Please refer to Section 9 of this policy for further information.
Retention of Information
HFCL shall not retain or store such information for periods longer than is required for the purposes except when the information may lawfully be used or is otherwise required under any other law for the time being in force.
Security of Personal Information
There shall be adequate protection for the personal information collected, used, retained and disclosed to support our business activities by following the relevant usage, technical and organizational policies, standards and processes:
Hero FinCorp has comprehensive documented information security program and information security policies that contain managerial, technical, operational and physical security control measures.
Hero FinCorp complies with ISO 27001:2022 Standard on ‘Information Technology – Security Techniques’.
However, Hero FinCorp will not be responsible for any loss, unauthorized access or any harm caused to the information provider by any misuse of his or her personal information, unless it is a direct and foreseeable consequence of negligence and non-compliance on the part of Hero FinCorp only. The information provider hereby acknowledges that Hero FinCorp will not be responsible, in particular, for any third-party action or action on the part of the information provider leading to loss, damage or harm to such information provider or any other person.
What are your Rights and how you can exercise them
By accepting this Privacy Policy, you hereby grant consent to HFCL to share, receive, record, store, and process your Personal Information and Sensitive Personal Information as outlined in this document. HFCL is committed to protecting your personal information and honouring all the rights provided to you under applicable laws. At any time while availing the services or otherwise, you have following rights:
Right to Withdraw Consent: You have an option to withdraw you consent that was given earlier. Such withdrawal of the consent shall be sent in writing to HERO FINCORP on registered address: Hero FinCorp Ltd., A-44, Mohan Co-Operative Industrial Estate, Mathura Road, New Delhi – 110044; or through email - Customer.Care@HeroFinCorp.com.
In case the provider of information withdraws his / her consent in relation to personal information, Hero FinCorp shall evaluate the request and take appropriate action. If an individual does not provide their personal information or subsequently, withdraws consent in relation to personal information, Hero FinCorp shall have the option to not provide services for which the said information was sought. In all such cases, Hero FinCorp may retain some data to meet its obligations under applicable law. This right is provided in accordance with RBI’s Digital Lending Guidelines for regulated entities and may not be applicable for every consent that was provided by you while availing HFCL services.
Right to Correction of Information: Hero FinCorp has defined processes in place to enable the providers of information, as and when requested by them, to review the information they had provided and ensure that any personal information or sensitive personal data or information found to be inaccurate or deficient shall be corrected or amended as feasible. Hero FinCorp shall not be responsible for the authenticity of the personal information or sensitive personal data or information supplied by the provider of information. Hero FinCorp shall ensure that the data provided by customers is correct through verification of documents submitted by them as per process laid out in the ‘AML / KYC Policy’.
You must keep your Personal Information up to date, and intimate HFCL forthwith of any change in Personal Information.
To review, correct or update their personal information, you can write to us at Customer.Care@HeroFinCorp.com or reach out to us on our registered address at Hero FinCorp Ltd., A-44, Mohan Co-Operative Industrial Estate, Mathura Road, New Delhi – 110044.
Right to Grievance Redressal: HFCL has a structured grievance redressal mechanism in practice where all grievances will be attended as per a defined time schedule.
Customers can write to us at Customer.Care@HeroFinCorp.com or reach out to us on our registered address at Hero FinCorp Ltd., A-44, Mohan Co- Operative Industrial Estate, Mathura Road, New Delhi – 110044.
For any grievances related to any part of this policy, the Grievance Officer Details are:
Mr. Anshul Mangla,
Email: datagrievance.officer@herofincorp.com
Address: Hero FinCorp Ltd., A-44, Mohan Co-Operative Industrial Estate, Mathura Road, New Delhi – 110044.
Cookies
Cookies are small data files that a Website stores on your computer. We may use cookies on our Website similar to other lending websites and online marketplace websites. Use of this information helps us identify the User behaviour, the products that the User browses, in order to make our Website more user friendly and to be able to provide you with information relating to Products that may be of interest to you. We might also use this information to display advertising from third party companies. Most browsers will permit you to decline cookies but if you choose to do this it might affect service on some parts of our Website.
Marketing and Promotional Activities
Marketing and promotional communications shall be sent to providers of information / customers after obtaining required consent from them in adherence with applicable law.
At any time, if you want to discontinue receive marketing and promotional communications you may withdraw your consent by following steps mentioned in “Section 9 – What are your rights and how you can exercise them” of this document.
Severability and Exclusion
We have taken every effort to ensure that this Policy adheres with the applicable laws. The invalidity or unenforceability of any part of this Policy shall not prejudice or affect the validity or enforceability of the remainder of this Policy. This Policy does not apply to any information other than the information collected by HFCL. This includes, but is not limited to, information posted in any public areas.
Disclaimer
Kindly note that HFCL does not collect personal information about you unless you use our website or mobile application or services. We may also receive information about you from third-party services if you are already connected with those services. HFCL shall, at all times, ensure to implement reasonable security practices and procedures (such as managerial, operational, physical and technical) for the purpose of protection and safeguarding of your personal data and information as the same is of vital importance to HFCL. At HFCL, we are strongly committed to protecting the personal and financial information that you submit to us. Personal information of individual users will not be sold or otherwise transferred to unaffiliated third parties.
HFCL ensures to safeguard the security and confidentiality of any information you share with us. Any of your personally identifiable information obtained by us shall not be used or shared other than for the purposes to which you consent.
Your information/inputs/queries as a registered user are required to serve you better and the same shall not be shared with anyone without your consent. However, we may disclose your personal data to agents or contractors of HFCL and/or its group companies/affiliates to enable processing of transactions or communications with you “on need” basis. Your aforesaid information may be further used for assessment and analysis of our market, customers, products, and services and to understand the way people use our Services so that we can improve them and develop new products and services. However, it shall be on the basis that the agents are required to keep the information confidential and will not use the information for any other purpose other than to carry out the services they are performing for HFCL and/or its group companies/affiliates.
Governing Law and Dispute Resolution
This Policy shall be governed by and construed in accordance with the laws of India. The courts at Delhi, India shall have exclusive jurisdiction in relation to any disputes arising out of or in connection with this Policy.
No Waiver
The rights and remedies available under this Policy may be exercised as often as necessary and are cumulative and not exclusive of rights or remedies provided by law. It may be waived only in writing. Delay in exercising or non- exercise of any such right or remedy does not constitute a waiver of that right or remedy, or any other right or remedy.
Third Party Website and Services
Hero FinCorp's website and services may contain links to third party services, and give the user the ability to access such third-party websites, products, and services. Please proceed to the use of such third-party website or service at your own risk. Hero FinCorp will not be held liable for any outcome or harm arising as a result of such use of such third-party websites or services. Please read the privacy policies of any third party before proceeding to use their websites, products or services.
Changes to this Data Privacy Policy
Hero FinCorp may periodically revise or update this Data Privacy Policy. Continued use of Hero FinCorp's website, mobile application and / or services after the effective date of the Data Privacy Policy means that the user accepts the revised Data Privacy Policy. If the user does not wish to agree with any such revised terms, at any time you can do so by withdrawing your consent and by no longer accessing Hero FinCorp's website, mobile application and / or services.
Annexure 1 – References
Sr. No. | Circular Reference Number / ISO Standard Reference | Description |
1 | IT Act of 2000 | An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication. |
2 | IT Amendment Act of 2008 | It is the substantial amendment to IT Act 2000. |
3 | IT Rules of 2011 | Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 made by Central Government in exercise of the powers conferred by clause of subsection (2) of section 87 read with section 43A of the Information Technology Act, 2000 (21 of 2000). |
4 | ISO 27001:2022 ISMS | It the requirements for establishing, implementing, maintaining and continually improving an ISMS (Information Security Management System). |
5 | RBI DLG (Digital Lending Guidelines) | These directions are issued under sections 21, 35A and 56 of the Banking Regulation Act, 1949, sections 45JA, 45L and 45M of the Reserve Bank of India Act, 1934, sections 30A and 32 of the National Housing Bank Act, 1987, section 6 of the Factoring Regulation Act, 2011 and section 11 of the Credit Information Companies (Regulation) Act, 2005. |
Annexure 2 – Definitions
Sr. No. | Terms | Definitions |
1 | Personal Information | Personal information refers to any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with Hero FinCorp, is capable of identifying such person. Personal information includes sensitive personal data or information. This includes things like your name, PAN card number, Driver’s license number, Bank Account number, Passport number, Email Address, Aadhaar Card and Account statement. |
2 | Sensitive Personal Data | Sensitive Personal data or information of a person means such personal information which consists of information relating to:
Provided that, any information which is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules. |
3 | Anti-Money Laundering | It is a complex of measures carried out by financial institutions and other regulated entities to prevent financial crimes. For more information, please refer our AML/KYC policy. |