What information do we collect and how is it used?
We collect personal and financial information about you when you provide it to us. For example, when you create a either a Lender/ Investor Account or a Borrower Account, we may collect your name, date of birth, tax identification number, mailing address, email address, credit card number, pan number, tan number, income tax returns, bank account number, passport details, photographs, identity proofs, date of birth proofs, signature proofs, photograph, address proof, contact proofs, bank statement, proof of income, credit card statements, statement of investments, name of business(if self-employed), type of business, financial statement of business, ITR of business, bank statements of business, total employee base of business, evidence of employee related compliances, years since incorporation of business, type of residence whether owned or rented, type of family, highest level of education, source of income, number of dependents, time at residence and current city, company name and designation, amount of loan required, purpose of loan required driving license details, personal statements, reasons for seeking finance, income sources and other information that we request during the registration process, and any information that you provide on your Lendbox.
The collected information is necessary to provide the services we offer and also assess financial stability and perform a credit assessment of the user.
For obtaining the aforesaid information, we may also require you to submit the following documents: Pan card, passport, voter id, aadhar card, bank statement, postpaid mobile bill, email verification, OTP etc.
There is some information that members are required to provide and other information that they provide voluntarily. Additional information may be gathered during your subsequent use of the site, whenever you choose to provide it. We also collect information about your loan account balance and payment history. This information is necessary for providing the services which we offer.
We might also collect information such as the IP addresses from which the users access our website, the browser types and the versions used, and the operating system of their computers. This information is collected to improve our website, for the improvement of our services, to help diagnose technical problems and to administer our website. Lendbox reserves the right to share information with OneAssist Consumer Solutions Pvt Ltd to reach out to Lendbox's users.
We may also collect certain information from your device through our mobile application/s. The details of information collected is as follows:
Financial SMS information
We don’t read or collect your personal SMS’s from your inbox.
After obtaining your explicit consent, we may collect and monitor financial SMS you receive from 5-6 digit alphanumeric senders which helps us in assessing the different bank accounts you hold and your cash flow patterns. This helps us accurately assess your profile for credit risk and provide you with the credit services that are appropriate for you. We only use financial SMS information (current and historical) to perform an updated, accurate credit risk assessment to determine your creditworthiness.
While you are using the Lendbox application/s, it periodically sends this financial SMS information to us and to our affiliate server.
Upto three references are required before approval and disbursal of a loan. For this purpose, our app requires your permission to collect and monitor your contacts’ information (including name, phone number, contact last modified, account type, favourites and optional data such as relationship and structural address) so as to enable you to autofill the data during the loan application process. It is essential for the purpose of credit risk assessment to obtain reliable reference information for a successful loan application.
We also utilize this information to allow you to easily share app invites with your contacts as part of our referral policy.
Device Location and Device Information
We require your consent for collecting and monitoring the information about the location of your device to determine serviceability of your loan application. This also helps us to verify your submitted address and expedite Know-your-customer (KYC) process, thereby reducing the risk associated with your application.
The collection and usage of data by our app can be controlled and managed through the privacy controls of your mobile device. The information we collect is assigned unique identifiers linking it to your mobile device. Upon downloading and installation of our app, we always get explicit permission from you before collecting any information.
The information we collect from your device includes the hardware model, build model, RAM, storage; unique device identifiers like IMEI, serial number, SSAID; SIM information that includes network operator, roaming state, MNC and MCC codes, WIFI information that includes MAC address and mobile network information.
We collect this information to uniquely identify your device, provide automatic updates and to provide additional security, ensuring no one else uses your account on their device in an unauthorized manner or in an act of fraud. In addition, the information provides us valuable feedback on your identity as a device holder as well as your device behaviour, thereby allowing us to improve our services and provide an enhanced customer experience to you.
Sensitive personal data or information
Any information which is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data and will not qualify for our safeguard and protection measures.
The user, by providing us with the details (while registration etc.) shall be assumed to have expressly consented to furnish such information to us of his/her own free will and also that he/she acknowledges the fact that the data furnished shall be retained in our database for as long as it is required for the purpose for which the information has been furnished. By providing the sensitive personal information, the user also acknowledges to be aware of the purpose for which the information has been furnished and will be utilized as such.
We will not be responsible for the authenticity of the personal information or sensitive personal data or information supplied by the user to us.
Disclosure of information
We do not disclose the sensitive personal data or information provided to us, to any third party, except i) with express prior permission of the user whose information is being disclosed; ii) if such disclosure is necessary for compliance of a legal obligation.
The information can only be shared by us without the prior permission of the user, on receiving a request to the effect from a Government agency.
Information provided by users may be viewed or accessed by us, our associated companies, our associates based outside India or our auditors. Our staff can also access this information for the purpose of resolving a problem, addressing a support issue, investigating a suspected violation of the Terms & Conditions, or, as may be required by law.
We may provide certain information to our channel partners and third-party intermediaries that manage credit or debit card processing and perform financial analysis and credit assessment. Such intermediaries are solely a link in the distribution chain, and are not permitted to store, retain, or use the information provided, except for the sole purpose of credit card and/or debit card processing.
Our employees and any third-party intermediaries that have access to information described herein are subject to a non-disclosure agreement or policy consistent with the terms in this Privacy Statement.
We undertake that the information of the users shall be used, only for purposes related to the services provided by us and nothing else. We will stop using the information and will either terminate or return the said information, as agreed, within thirty days of the termination of the agreement between us and a user.
Whenever we obtain your personal information, we use commercially reasonable efforts to protect it from unauthorized access or disclosure. However, we are not insurers of the security of your personal information. Accordingly, we assume no liability for any disclosure of data due to errors in transmission, unauthorized third party access or other acts of third parties, or acts or omissions beyond our reasonable control.
Link to Third Party SDK
Our App has a link to a registered third party SDK which collects data on our behalf. Data is stored to a secured server to perform credit risk assessment in order to provide credit services in line with your creditworthiness. We ensure that our third party service provider takes extensive security measures thereby protecting your personal information against loss, misuse or alteration of any kind.
Our registered third-party service provider employs separation of environments and segregation of duties and has strict role-based access control on a documented, authorized, need-to-use basis. The stored data is protected and stored by application-level encryption. They enforce key management services to limit access to data.
Additionally, our registered third party service provider provides hosting security – they use industry-leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, and application control solutions.
How can you correct or update your information?
Users can update or change their information by contacting us or by following the instructions provided on our website for updating or changing the information furnished by them.
Your Privacy Controls
Every piece of information and data we collect and monitor is only after your explicit consent. You can control if/when we collect that data and how we use it -
Withdrawal Of Consent
A user can anytime withdraw his/her consent for the retention and usage of his/her personal information by us. However, the user shall then, not be eligible to avail the service/s for which the information was furnished.
We are committed to having security measures in place to help protect against the loss, misuse and alteration of the data in our database. We have complied with reasonable security practices and procedures, and have a comprehensively documented information security programme and information securing policies. We intend to protect your information and to maintain its accuracy as confirmed by you. We implement reasonable physical, administrative and technical safeguards to help us protect your information from unauthorized access, use and disclosure. For example, we encrypt all information when we transmit over the internet. We also require that our registered third party service providers protect such information from unauthorized access, use and disclosure.
Our Platform has stringent security measures in place to protect the loss, misuse and alteration of information under control. We endeavour to safeguard and ensure the security of the information provided by you. We use Secure Sockets Layers (SSL) based encryption, for the transmission of the information, which is currently the required level of encryption in India as per applicable law.
We blend security at multiple steps within our products with the state of the art technology to ensure our systems maintain strong security measures and the overall data and privacy security design allow us to defend our systems ranging from low hanging issues up to sophisticated attacks.
We work hard to protect you from unauthorized access, alteration, disclosure or destruction of information we hold, including:
We or our affiliates maintain your information on servers located in India. Data protection laws vary among countries, with some providing more protection than others. We also comply with certain legal frameworks relating to the transfer of data as mentioned and required under the Information Technology Act, 2000 and rules made thereunder
When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.
We assume no liability for any disclosure of data due to errors in transmission, unauthorized third party access or other acts of third parties, or acts or omissions beyond our reasonable control.
The services we provide may contain links to other websites. We do not control and are not responsible for the privacy practices or the content of these other websites. Users should check the policy statement of these websites to understand their policies, because those who access a linked site or integrated third-party service may be disclosing their private information to third parties. It is the responsibility of customers and users to keep such information private and confidential.
Opt Out Policy
Except with respect to essential communications regarding the services we provide and accounts such as transaction confirmation and password change messages, we allow users to opt out of receiving e-mail messages from us. Newsletters, announcements, and other e-mail messages that we send to a group of customers or users, other than essential communications regarding the services we provide and accounts, include instructions for opting out of future similar communications. We do not send e-mail messages to users on behalf of third parties.
We shall timely address and attempt to rectify any discrepancies and grievances of our users pertaining to the sensitive personal information furnished by them. For this purpose, we have designated a 'Grievance Officer' whose details are as follows: Tamanna Mehta The Grievance Officer shall redress the grievances of the users furnishing the information within one (1) month from the date of receipt of the grievance. You can call the Grievance Officer on +91-8860628026. If the complaint/dispute is not redressed within a period of one month, the participants may appeal to CEPD of the Reserve Bank of India