DATA PROTECTION OF CUSTOMERS

HomeDATA PROTECTION OF CUSTOMERS

PREAMBLE & REGULATORY FRAMEWORK

This Policy on Protection of Credit Information of Customers (“Policy”) is framed in compliance with:

• Reserve Bank of India Act, 1934;

• Digital Personal Data Protection Act, 2023 (DPDP Act).

• Credit Information Companies (Regulation) Act, 2005 (CICRA);

• Credit Information Companies Regulations, 2006;

• Master Direction – RBI (Non-Banking Financial Company – Scale Based Regulation) Directions, 2023;

• RBI instructions on submission, correction and protection of credit information;

Ricavi Finance Private Limited (“the Company”) is a non-deposit-taking NBFC classified as NBFC – Investment and Credit Company (NBFC-ICC), Base Layer (NBFC-BL).
This Policy shall be read in conjunction with the Company’s Data Privacy Policy, IT & Cyber Security Policy, KYC Policy, Fair Practices Code, Grievance Redressal Policy, and Credit Policy

 

OBJECTIVES

The objectives of this Policy are to:

• Ensure confidentiality, accuracy and security of customer credit information;

• Comply with RBI and statutory requirements relating to credit information;

• Establish procedures for submission, correction and dissemination of credit information;

• Protect customer rights and privacy;

• Prevent unauthorised access, misuse or leakage of credit information.

 

SCOPE & APPLICABILITY

This Policy applies to:

• All customers of the Company, including individuals, proprietorships, firms, companies and other entities;

• All credit information collected, processed, stored or shared by the Company;

• All employees, directors, officers and authorised service providers handling credit information.

 

DEFINITIONS

• Credit Information means any information relating to the creditworthiness, credit history, repayment record or financial behaviour of a customer, as defined under CICRA.

• Credit Information Company (CIC) means a company registered with RBI under CICRA.

• Customer means any borrower or prospective borrower of the Company

 

COLLECTION & SUBMISSION OF CREDIT INFORMATION

• The Company shall collect and process credit information in accordance with applicable laws and based on customer consent or other lawful basis as permitted under regulatory requirements.

• Credit information shall be furnished to all Credit Information Companies (CICs) registered with RBI, as mandated.

• Data submitted shall be accurate, complete and updated on a regular basis;

• The Company shall ensure uniform reporting of credit information across all CICs.

 

CONSENT & DISCLOSURE TO CUSTOMERS

• Customers shall be informed at the time of loan application that their credit information may be shared with CICs;

• Consent shall be obtained through loan application forms/sanction letters;

• Customers shall be informed of their right to access their credit information from CICs.

 

CONFIDENTIALITY & DATA SECURITY

• Credit information shall be treated as strictly confidential;

• Access to credit information shall be restricted on a need-to-know basis;

• Appropriate technical, physical and administrative safeguards shall be implemented;

• Credit information shall not be disclosed to any unauthorised person or entity.

• Appropriate safeguards shall be implemented consistent with the Company’s Data Privacy & Information Security framework.

 

SHARING OF CREDIT INFORMATION

• Credit information shall be shared only with:

      o RBI-registered Credit Information Companies;
      o Regulators, courts or statutory authorities, as required by law;
      o Service providers, subject to confidentiality and data protection safeguards;

• No credit information shall be shared for commercial or non-permitted purposes.

 

GRIEVANCE REDRESSAL

• Customers may lodge complaints relating to credit information reporting or correction through the Company’s Grievance Redressal Mechanism;

• Complaints shall be addressed promptly and within regulatory timelines;

• If unresolved within 30 days, customers may approach RBI under the Integrated Ombudsman Scheme, 2021.

RECORD RETENTION

• Credit information records shall be retained for the period prescribed under CICRA, RBI guidelines and applicable laws;

• Secure disposal of records shall be ensured after expiry of the retention period.

 

 

TRAINING & AWARENESS

• Employees handling credit information shall be periodically trained on confidentiality, data protection and RBI requirements;

• Awareness shall be created regarding customer rights under CICRA and DPDP Act.

 

REVIEW & GOVERNANCE

• This Policy shall be reviewed at least annually or earlier if required due to regulatory changes.

• Any amendment shall require Board approval

 REGULATORY OVERRIDE

In the event of any inconsistency between this Policy and RBI directions or statutory provisions, RBI regulations shall prevail, and this Policy shall stand amended to that extent.

FOR AND ON BEHALF OF RICAVI FINANCE PRIVATE LIMITED

NAME: CHIRAG DESAI
DESIGNATION: WHOLE-TIME DIRECTOR
DIN: 08178002

All Rights Reserved © 2016 Ricavi Financial ,    Developed by The Signature Design & Web Solutions