Data Privacy Policy

TABLE OF CONTENTS

1. Policy Scope 

2. Policy Objective 

3. Personal Information we collect 

4. Use of Personal Information 

5. Disclosure of Information 

6. Storage and Retention of Information 

7. Security of Personal Information 

8. What are your Rights and how you can exercise them 

9. Cookies 

10. Marketing and Promotional Activities 

11. Severability and Exclusion 

12. Disclaimer 

13. Governing Law and Dispute Resolution 

14. No Waiver 

15. Third Party Website and Services 

16. Changes to this Data Privacy Policy 

    Annexure 1 – References 

    Annexure 2 – Definitions 

1. ‌Policy Scope

   This Data Privacy Policy sets out the requirements for ensuring that Hero FinCorp Ltd. (hereinafter referred to as “HFCL” or “we” or “us”) collect, use, retain and disclose personal information in a fair, transparent and secured way.

   This Policy is applicable to personal information of all the users (hereinafter also referred to as “You”, “Your” or “User”) of HFCL’s services, including users of HFCL website, mobile application and its social media accounts. It excludes independent data held by third-parties, but includes:

   1. Personal information collected or processed by third parties on behalf of HFCL; and

   2. Personal information collected directly by HFCL.

   This Policy applies regardless of whether you use a computer, mobile phone, tablet, or any other media or electronic resource to access HFCL Services.

    

2. Policy Objective

   This Data Privacy Policy provides guidance on processing of personal information, which includes, but is not limited to, collecting, using, retaining/storing, accessing and/or disclosing such information by Hero FinCorp as often as is necessary.

   HFCL is committed to respecting the individual’s privacy rights and expectations and to protecting the individual’s personal information collected by HFCL from unauthorized access, use, retention/storage and/or disclosure. Meeting this commitment is a primary management objective and collective responsibility of all HFCL employees as well as third parties conducting business with or on behalf of HFCL.

    

3. ‌Personal Information we collect

   HFCL collects the following types of information:

   Information you provide us directly:

   1. Identification Information: Your name, email address, residential address, phone number, mobile number, signature and photograph, any other contact or demographic details, date of birth, gender, employment, educational background, government or other identity documents such as PAN, driver’s license number, passport number, or any other relevant KYC documents.

   2. Financial Information: Bank account or other payment instrument details, income details.

   3. Bio-metric Information: For EKYC authentication facility and with your explicit consent, we may use your Aadhaar number along with Biometric information for your identity verification purpose only. This biometric information is not stored by us and is used strictly in accordance with UIDAI guidelines.

   4. Device Information: After your explicit one-time consent, we may collect specific information about devices used to access our Services, such as hardware model and version, operating system and version, unique device identifier, network information and information about the device’s interaction with our services.

   5. Usage information: We may collect information about how you use our services, including your access time and Internet Protocol (“IP”) address.

   6. We may request for one-time access to your camera, microphone, location and mobile device only for the purpose of onboarding or KYC requirements, with your explicit consent. We do not access your other mobile phone resources including file and media, storage, contact list, call logs, telephony functions, etc.

    

   Information Hero FinCorp Collect from Other Sources:

   We may collect information about you from third parties, including third-party verification services, credit bureaus and publicly available sources. This may include without limitation credit-related information with any credit reporting agency or credit bureau, and any person or corporation with whom you have had, currently have, or may have a financial relationship, including without limitation past, present, and future places of employment in accordance with the applicable laws and wherever necessary with your authorization.

    

4. ‌Use of Personal Information

   Personal Information that we’ve collected from you may be used for providing you with services you’ve explicitly consented to, for complying with applicable laws and regulations, to enforce our terms and conditions as per loan agreement, or for any such legitimate purposes as listed below:

   1. To resolve disputes, troubleshoot concerns, help promote safe services, assess your interest in our services, inform you about offers, products, services, updates, customize your experience, detect and protect us against errors, fraud and other criminal activity, enforce our terms and conditions, etc.

   2. To send you communication regarding various services/facilities which HFCL or its group companies may, from time to time, launch.

   3. We also may use information about you to measure, customize, and enhance our Services, including the design, content, and functionality of our website or mobile application, or to track and analyse trends and usage relating to our Services.

   Further, HFCL or any third party, as may be authorized by HFCL may use information about you to provide, maintain, and improve our Services, such as:

   1. Perform your KYC

   2. Assess your credit worthiness & perform risk assessment

   3. Verify information that you’ve provided

   4. Investigate any complaints / claims / disputes

   5. Prevent fraud and other criminal activity

   6. Develop and test credit risk models, new products and features

   7. Facilitate collection of dues

   8. Diagnose or fix technology problems

   9. Establish contact with you, when necessary, by email, SMS, letter, telephone, etc. to deliver relevant information, including notices, security alerts, support and administrative messages

   10. Inform you of products or services that may be of interest to you

   11. Conduct statistical and market analysis

   12. Maintain records or fulfil the requirements of applicable laws / regulations and / or court orders / regulatory directives received by us

   Any unauthorized or unlawful usage of personal information is restricted.

    

5. ‌Disclosure of Information

   We may disclose information provided by you to:

   1. RBI, SEBI, or any judicial, government or regulatory body, statutory authorities, quasi-judicial authorities, as required and to the extent under applicable laws

   2. Credit bureaus, for credit rating and reporting purpose

   3. KYC registration agencies (KRAs)

   4. Another business entity, bank, NBFC or financial institutions to carry out any lawful business activity or re-organization, amalgamation, restructuring of business

   5. Our Auditors or professional advisors

   6. Limited information may be disclosed to authorized third parties for legitimate and lawful purposes such as verification of information provided by you

   7. With your explicit consent, personal information may be disclosed to authorized third parties for providing you with services you’ve opted

   We may share your information with third parties only under a confidentiality agreement for provision of Services which inter alia restricts such third parties from further disclosing the information unless such disclosure is for the lawful purpose as detailed under that confidentiality agreement.

   We may transfer sensitive personal data or information to any other entity or person that ensures the same level of data protection that is adhered to by HFCL under the IT Rules of 2011. Transfer of information shall be allowed only if it is necessary for the performance of lawful contract entered into between HFCL or any person on its behalf and the information provider or where the information provider has consented to such transfer. Adequate protection mechanism shall be provided for personal information when it is transferred outside HFCL’s network.

   Reasonable due diligence activities shall be conducted to ensure that the third party has appropriate security & privacy controls in place prior to sharing of any personal information (including sensitive personal data or information).

   Privacy risks shall be taken into consideration, before the collection, use, retention or disclosure of personal information, such as in a new system or as part of a project.

   You can restrict disclosure of your specific data to certain third parties through our DLA by denying the consent when it is sought from you, however, please note that this may affect your seamless access to such product/ service as opted by you.

    

6. ‌Storage and Retention of Information

   We store your personal information such as your identification information, financial information, credit history and any other relevant information associated with your loan application, in our secure servers located within the territory of India. We use reasonable safeguards to preserve the integrity and security of your information against loss, theft, unauthorised access, disclosure, reproduction, use or amendment. To achieve the same, we use reasonable security practices and procedures as mandated under applicable laws for the protection of your information.

   We shall not retain or store your information for periods longer than is required for the purposes for which it was collected, except when the information may lawfully be used or is otherwise required under any other law for the time being in force. Retention timelines for various records & are elaborated in ‘Preservation of documents and Archival policy’ hosted on HFCL website under ‘company policies’

   As per current policy, information records could be retained for a minimum period of 10 years from the date of cessation of transaction between borrower and HFCL, and for a minimum period of 12 years when the loan records involve mortgage of property, after which the records are erased securely as per HFCL’s data destruction protocol, ensuring that the records in physical form are shred or otherwise rendered unreadable, and records in digital format are securely deleted or destroyed.

    

7. ‌Security of Personal Information

   HFCL has expended considerable time, effort, and resources, and has implemented technical and organizational measures to maintain the security of your Personal Information. HFCL has adequate protection for the personal information collected, used, stored and disclosed to support our business activities by following the relevant usage, technical and organizational policies, standards and processes:

   1. HFCL has comprehensive documented information security program and information security policies that contain managerial, technical, operational and physical security control measures, ensuring that its incident response teams can detect, analyse, contain, eradicate and recover from any information security incidents.

   2. HFCL complies with ISO 27001:2022 Standard on ‘Information Technology – Security Techniques – Information Security Management System’ and has a comprehensive process aligned with this standard to ensure that qualifying security incidents or security breaches are reported / notified to the regulatory bodies within the prescribed timelines, and to the affected parties to the extent as required by applicable laws.

   However, HFCL will not be responsible for any loss, unauthorized access or any harm caused to the information provider by any misuse of his or her personal information, unless it is a direct and foreseeable consequence of negligence and non-compliance on the part of HFCL. The information provider hereby acknowledges that HFCL will not be responsible, in particular, for any external third-party action or action on the part of the information provider leading to loss, damage or harm to such information provider or any other person.

    

8. ‌What are your Rights and how you can exercise them

   By accepting this Privacy Policy, you hereby grant consent to HFCL to share, receive, record, store, and process your Personal Information and Sensitive Personal Information as outlined in this document. HFCL is committed to protecting your personal information and honouring all the rights provided to you under applicable laws. At any time while availing the services or otherwise, you have following rights:

   1. Right to Withdraw Consent / Data Erasure: You have an option to withdraw consent that was given earlier to HFCL, or request erasure of your data. These rights can be exercised by writing to HERO FINCORP on registered address: Hero FinCorp Ltd., A-44, Mohan Co-Operative Industrial Estate, Mathura Road, New Delhi – 110044; or through email - Customer.Care@HeroFinCorp.com.

         Further, all optional consents provided by you in HFCL’s DLA (mobile application) can be withdrawn directly by you through the DLA itself.

      In case the provider of information withdraws his / her consent in relation to personal information or requests deletion of their data, HFCL shall evaluate the request and take appropriate action. If an individual does not provide their personal information or subsequently, withdraws consent in relation to personal information, HFCL shall have the option to not provide services for which the said information was sought. In all such cases, HFCL may retain some data to meet its obligations under applicable law. This right is provided in accordance with RBI’s Digital Lending Directions and may not be applicable for every consent that was provided by you while availing HFCL services.

   2. Right to Correction of Information: HFCL has defined processes in place to enable the providers of information, as and when requested by them, to review the information they had provided and ensure that any personal information or sensitive personal data or information found to be inaccurate or deficient shall be corrected or amended as feasible. HFCL shall ensure that the data provided by customers is correct through verification of documents submitted by them as per process laid out in the ‘AML / KYC Policy’ / ‘Know your customer documentation checklist’ available on HFCL website under ‘company policies’.

      You must keep your Personal Information up to date, and intimate HFCL forthwith of any change in Personal Information.

      To review, correct or update their personal information, you can write to us at Customer.Care@HeroFinCorp.com or reach out to us on our registered address at Hero FinCorp Ltd., A-44, Mohan Co-Operative Industrial Estate, Mathura Road, New Delhi – 110044.

   3. Right to Grievance Redressal: HFCL has a structured grievance redressal mechanism in practice where all grievances will be attended as per a defined time schedule.

      Customers can write to us at Customer.Care@HeroFinCorp.com or reach out to us on our registered address at Hero FinCorp Ltd., A-44, Mohan Co- Operative Industrial Estate, Mathura Road, New Delhi – 110044.

      Complete details about HFCL’s grievance redressal policy and Nodal officer details are available on HFCL website under ‘DLG HIPL’, and in ‘Grievance Redressal Policy’ available on HFCL website under ‘Company Policies’.

       

9. ‌Cookies

   Cookies are small data files that a website stores on your computer. We may use cookies on our website similar to other lending websites and online marketplace websites. Use of this information helps us identify the user behaviour, the products that the user browses, in order to make our website more user friendly and to be able to provide you with information relating to products that may be of interest to you. We might also use this information to display advertising from third party companies. Most browsers will permit you to decline cookies but if you choose to do this it might affect service on some parts of our website.

    

10. ‌Marketing and Promotional Activities

    Marketing and promotional communications shall be sent to providers of information / customers after obtaining required consent from them in adherence with applicable law.

    At any time, if you want to discontinue receive marketing and promotional communications you may withdraw your consent by following steps mentioned in “Section 8 – What are your rights and how you can exercise them” of this document.

     

11. ‌Severability and Exclusion

    We have taken every effort to ensure that this Policy adheres with the applicable laws. The invalidity or unenforceability of any part of this Policy shall not prejudice or affect the validity or enforceability of the remainder of this Policy. This Policy does not apply to any information other than the information collected directly by HFCL, or by third parties on behalf of HFCL.

     

12. ‌Disclaimer

    HFCL does not collect personal information about you unless you use our website or mobile application or services. We may also receive information about you from third-party services if you are already connected with those services. HFCL shall, at all times, ensure to implement reasonable security practices and procedures (such as managerial, operational, physical and technical) for the purpose of protection and safeguarding of your personal data and information as the same is of vital importance to HFCL. At HFCL, we are strongly committed to protecting the personal and financial information that you submit to us. Personal information of individual users will not be sold or otherwise transferred to unaffiliated third parties.

    HFCL ensures to safeguard the security and confidentiality of any information you share with us. Any of your personally identifiable information obtained by us shall not be used or shared other than for the purposes to which you consent.

    Your information/inputs/queries as a registered user are required to serve you better and the same shall not be shared with anyone without your consent. However, we may disclose your personal data to agents or contractors of HFCL and/or its group companies/affiliates to enable processing of transactions or communications with you “on need” basis. Your aforesaid information may be further used for assessment and analysis of our market, customers, products, and services and to understand the way people use our Services so that we can improve them and develop new products and services. However, it shall be on the basis that the agents are required to keep the information confidential and will not use the information for any other purpose other than to carry out the services they are performing for HFCL and/or its group companies/affiliates.

     

13. ‌Governing Law and Dispute Resolution

    This Policy shall be governed by and construed in accordance with the laws of India. The courts at Delhi, India shall have exclusive jurisdiction in relation to any disputes arising out of or in connection with this Policy.

     

14. ‌No Waiver

    The rights and remedies available under this Policy may be exercised as often as necessary and are cumulative and not exclusive of rights or remedies provided by law. It may be waived only in writing. Delay in exercising or non- exercise of any such right or remedy does not constitute a waiver of that right or remedy, or any other right or remedy.

     

15. ‌Third Party Website and Services

    Hero FinCorp's website and services may contain links to third party services, and give the user the ability to access such third-party websites, products, and services. Please proceed to the use of such third-party website or service at your own risk. Hero FinCorp will not be held liable for any outcome or harm arising as a result of such use of such third-party websites or services. Please read the privacy policies of any third party before proceeding to use their websites, products or services.

     

16. ‌Changes to this Data Privacy Policy

    Hero FinCorp may periodically revise or update this Data Privacy Policy. Continued use of Hero FinCorp's website, mobile application and / or services after the effective date of the Data Privacy Policy means that the user accepts the revised Data Privacy Policy. If the user does not wish to agree with any such revised terms, at any time you can do so by withdrawing your consent and by no longer accessing Hero FinCorp's website, mobile application and / or services.

     

‌Annexure 1 – Governing Laws as amended from time to time:

Annexure 2 – Definitions