2.1
Basic Information: We collect such basic personal information as may be necessary to provide our services, including name, address, email address, mobile number, date of birth, PIN code, city, state, employment or business details, annual income/turnover, and Permanent Account Number (PAN).
2.2
Credit Information: With your explicit consent, we may obtain your credit information report from authorized credit bureaus (such as CRIF) for the purpose of assessing eligibility with our lending partners and showing analytics on your credit information.
2.3
Prohibited Data Collection: We do not collect or store call logs, contact lists, telephony functions, media files or other mobile phone resources, or biometric data (such as fingerprints, facial recognition, or voice samples) except where expressly permitted under Applicable Laws and with your prior informed consent. Where one-time access (such as camera, microphone or location) is required for KYC, onboarding or verification, such access shall be requested separately and used strictly for the specified purpose.
The personal information collected from you is used strictly for the following lawful purposes:
(a)
To facilitate your application for loans and related services offered by partnered lenders;
(b)
To enable such lenders to undertake KYC, credit appraisal, anti-money laundering checks and other regulatory processes as mandated by Applicable Laws;
(c)
To respond to your queries and provide customer support;
(d)
To communicate important updates, notifications and service-related information;
(e)
To analyse and improve our services and develop new features; and
(f)
To comply with legal, regulatory and contractual obligations imposed under the laws of India.
No personal information shall be used for any purpose incompatible with the above without obtaining your specific consent.
4.1
Purpose-Specific Consent: At each stage of your loan journey, we shall disclose the specific purpose of data collection and obtain your explicit consent prior to processing or sharing such data.
4.2
Audit Trail: All consents obtained shall be recorded and maintained by us to evidence compliance with Applicable Laws, including the DLG.
4.3
Data Subject Rights:
(a)
grant or withhold consent for specific data uses;
(b)
restrict disclosure of your personal data to third parties;
(c)
revoke consent at any time; and
(d)
request rectification or deletion of your personal data, subject to contractual and regulatory obligations under the laws of India.
5.1
Personal information shall be shared only with:
(a)
Partnered banks, NBFCs and their authorised service providers strictly on a need-to-know basis for processing your application;
(b)
Third-party service providers engaged for KYC, verification, payment processing or other support services; or
(c)
Governmental or regulatory authorities where mandated under law or pursuant to valid legal processes.
5.2
Any such sharing shall be preceded by obtaining your explicit consent except where otherwise required under Applicable Laws.
5.3
We do not sell, rent or commercially exploit personal information.
6.1
Location of Storage: All personal data collected is stored on secure servers located within India in compliance with Applicable Laws. If, due to technical exigencies, data is processed outside India, it shall be deleted from such external servers and repatriated to India within twenty-four (24) hours.
6.2
Retention: Personal data shall be retained only for so long as is necessary for the provision of services or as required under Applicable Laws, including laws relating to prevention of money- laundering, taxation and record-keeping.
6.3
Destruction Protocol: Upon expiry of the retention period or fulfilment of the purpose for which data was collected, we shall permanently and irreversibly delete such data in accordance with our formal data destruction protocol, thereby preventing unauthorised access, recovery or misuse.
We employ industry-standard technical and organisational measures to safeguard personal information against unauthorised access, alteration, disclosure or destruction. These measures include encryption, secure server hosting, restricted access to data on a “need-to-know” basis, and regular monitoring and audit of security practices, all in conformity with the laws of the land. We undertake periodic external Vulnerability Assessment and Penetration Testing (VAPT) of our platform through independent experts.Identified vulnerabilities are promptly remediated in coordination with our technology teams. Employees undergo cybersecurity and privacy awareness training to ensure safe handling of personal data.
We do not access mobile phone resources such as files, media, contact lists, call logs or telephony functions. Any limited access (such as to camera or location services) required during onboarding or KYC verification shall be sought separately, used exclusively for that purpose, and revoked immediately thereafter.
We do not collect, store or use biometric data except where explicitly permitted under statutory guidelines and mandated by regulatory authorities. Should biometric authentication become necessary under law, prior informed consent shall be obtained before collection.
Any complaints or grievances relating to your personal data or loans sourced through the Platform may be addressed to the Company’s Grievance Officer Ms. Madhavi Ghadshi at grievance@choiceconnect.in Such grievances shall be handled promptly and in coordination with the relevant lending partner in accordance with the DLG and Applicable Laws.
We reserve the right to modify or update this Policy from time to time to reflect changes in legal, regulatory or operational requirements. Any material changes shall be notified on the Platform, and continued use of the services after such notification shall constitute acceptance of the revised Policy.
This Policy is intended to, and does, comply with the requirements of the Information Technology Act, 2000, the rules framed thereunder, the RBI’s Digital Lending Guidelines, and all other applicable laws of India relating to data privacy and security.
We are committed to maintaining the highest standards of IT and cybersecurity. Our approach is based on continuous improvement, adoption of industry best practices, and proactive measures to safeguard customer data against emerging threats.