Privacy Policy

1. Introduction and Acceptance

Welcome to Sahay Loan ("we," "our," or "us"). This Privacy Policy describes how Sahay Loan Ltd., a registered Non-Banking Financial Company (NBFC) licensed and regulated by the Reserve Bank of India (RBI), collects, uses, stores, shares, and protects your personal information in compliance with:

• The Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• The Digital Personal Data Protection Act, 2023
• Reserve Bank of India's Master Direction on Information Technology Framework for the NBFC Sector
• Prevention of Money Laundering Act, 2002 (PMLA)
• Know Your Customer (KYC) Guidelines issued by RBI

By accessing or using our website, mobile application, or services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. This is a legally binding agreement between you and Sahay Loan Ltd.

2. Information We Collect

As a licensed NBFC, we are legally required to collect certain information to comply with KYC norms, anti-money laundering regulations, and creditworthiness assessment. The information we collect includes:

2.1 Personally Identifiable Information (PII)

• Full legal name as per government-issued documents
• Date of birth, age, and gender
• Permanent and current residential address with proof
• Contact information including mobile number and email address
• Aadhaar number (in compliance with Aadhaar and Other Laws Amendment Act, 2019)
• PAN (Permanent Account Number) as mandated by Income Tax Act
• Passport, Voter ID, Driving License (if provided as identity proof)
• Photographs for identity verification

2.2 Financial Information

• Bank account details including account number, IFSC code, and bank statements
• Income details including salary slips, income tax returns, Form 16
• Employment details including employer name, designation, and work history
• Credit history and credit score from credit bureaus (CIBIL, Experian, Equifax, CRIF High Mark)
• Details of existing loans, credit cards, and financial obligations
• Transaction history related to loan applications and repayments

2.3 Technical and Usage Information

• IP address, device information, browser type, and operating system
• Cookies and similar tracking technologies
• Location data (with explicit consent)
• Usage patterns, pages visited, and interaction with our services
• Communication logs including emails, chat transcripts, and call recordings

2.4 Information from Third Parties

• Credit information from authorized credit bureaus
• Identity verification through government databases (DigiLocker, Aadhaar authentication)
• Bank account verification through Account Aggregator framework (with consent)
• Professional references and employment verification

3. How We Use Your Information

We use your personal information for legitimate business purposes as authorized under applicable laws:

3.1 Primary Purposes (Essential for Service Delivery)

• Loan Processing: Evaluating your creditworthiness, processing loan applications, and disbursing approved loans
• KYC Compliance: Verifying your identity as mandated by RBI's KYC guidelines and PMLA requirements
• Credit Assessment: Analyzing your financial profile to determine loan eligibility and appropriate interest rates
• Account Management: Managing your loan account, processing EMI payments, and maintaining transaction records
• Legal Obligations: Complying with statutory requirements including tax laws, RBI directives, and court orders
• Fraud Prevention: Detecting and preventing fraudulent activities, identity theft, and unauthorized transactions

3.2 Secondary Purposes (With Consent)

• Sending promotional offers, product updates, and marketing communications (you may opt-out anytime)
• Conducting market research and customer satisfaction surveys
• Improving our services through data analytics and user behavior analysis
• Personalizing your experience on our platform

3.3 Communication Purposes

• Sending loan status updates, payment reminders, and account alerts via SMS, email, or push notifications
• Providing customer support and responding to your inquiries
• Notifying you about changes to our terms, policies, or services
• Collection activities for overdue payments (in accordance with RBI's Fair Practices Code)

4. Information Sharing and Disclosure

We respect your privacy and share your information only when legally required or with your explicit consent:

4.1 Mandatory Disclosures

• Credit Bureaus: We report your credit information to CIBIL, Experian, Equifax, and CRIF High Mark as required by RBI guidelines
• Regulatory Authorities: Disclosure to RBI, Ministry of Finance, Income Tax Department, Financial Intelligence Unit (FIU), and other government agencies as mandated by law
• Law Enforcement: Sharing information with police, courts, and legal authorities pursuant to valid legal requests, subpoenas, or court orders
• Credit Guarantee Institutions: Sharing with Credit Guarantee Fund Trust for Micro and Small Enterprises (CGTMSE) if applicable

4.2 Service Providers and Business Partners

• Payment Processors: Banks, payment gateways, and UPI providers for processing transactions
• Verification Agencies: Third-party agencies for identity verification, employment verification, and address verification
• Collection Agencies: Authorized debt collection agencies for recovery of overdue loans (operating under strict guidelines)
• Technology Partners: Cloud service providers, data storage services, and IT infrastructure providers (with robust data protection agreements)
• Insurance Companies: For loan insurance products if opted by you
• Co-lending Partners: Banks or NBFCs with whom we have co-lending arrangements approved by RBI

4.3 Corporate Transactions

In the event of a merger, acquisition, restructuring, or sale of assets (subject to RBI approval), your information may be transferred to the successor entity, subject to the same privacy protections.

5. Data Security and Protection

Protecting your information is our top priority. We implement industry-standard security measures:

5.1 Technical Security Measures

• Encryption: 256-bit SSL/TLS encryption for all data transmissions and AES-256 encryption for data at rest
• Secure Infrastructure: ISO 27001 certified data centers located in India with redundant backup systems
• Access Controls: Multi-factor authentication, role-based access controls, and regular access audits
• Network Security: Firewalls, intrusion detection/prevention systems, and continuous security monitoring
• Secure Development: Following OWASP guidelines and conducting regular security code reviews
• Vulnerability Management: Regular penetration testing, vulnerability assessments, and security patches

5.2 Organizational Security Measures

• Comprehensive Information Security Policy compliant with RBI guidelines
• Employee training on data protection and confidentiality obligations
• Non-disclosure agreements with all employees and contractors
• Dedicated Information Security Officer and Data Protection Officer
• Regular security audits by independent third parties
• Incident response plan for data breach management

5.3 Data Retention and Disposal

• We retain your data for as long as legally required (typically 10 years for loan records as per RBI norms)
• After the retention period, data is securely disposed using industry-standard methods
• Backup data is purged according to our retention schedule
• You may request data deletion subject to our legal obligations to retain certain records

6. Your Rights and Choices

Under the Digital Personal Data Protection Act, 2023, and other applicable laws, you have the following rights:

6.1 Access and Portability

• Right to Access: Request a copy of your personal information held by us
• Right to Portability: Receive your data in a structured, machine-readable format (subject to technical feasibility)
• Data Correction: Request correction of inaccurate or incomplete information

6.2 Consent Management

• Withdraw Consent: Withdraw consent for optional data processing activities (note: this may affect service availability)
• Opt-Out of Marketing: Unsubscribe from promotional communications at any time
• Cookie Preferences: Manage cookie settings through your browser

6.3 Deletion and Restriction

• Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
• Restrict Processing: Request limitation of how we use your data in certain circumstances

6.4 How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer:

• Email: privacy@sahayloan.com
• Phone: +917462056645 (toll-free)
• Postal Address: Data Protection Officer, Sahay Loan Ltd., Financial District, Gachibowli, Hyderabad - 500032

We will respond to your request within 30 days as mandated by law.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

7.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality and security
• Performance Cookies: Help us understand how visitors interact with our website
• Functional Cookies: Remember your preferences and settings
• Advertising Cookies: Used to deliver relevant advertisements (with consent)

7.2 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality. Most browsers accept cookies automatically, but you can modify your settings to decline cookies if you prefer.

8. Third-Party Links and Services

Our website may contain links to third-party websites or integrate third-party services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.

Third-party services integrated into our platform (such as payment gateways) are carefully selected and vetted for security and compliance. However, their data practices are governed by their own privacy policies.

9. Children's Privacy

Our services are intended for individuals aged 18 years and above. We do not knowingly collect personal information from minors. If you are under 18, please do not use our services or provide any information to us.

If we become aware that we have inadvertently collected information from a minor, we will take immediate steps to delete such information from our records.

10. International Data Transfers

Your personal information is primarily stored and processed within India. In the event we need to transfer data outside India (for example, to cloud service providers with international operations), we ensure adequate safeguards are in place, including:

• Standard contractual clauses approved by regulatory authorities
• Ensuring the recipient country has adequate data protection laws
• Obtaining your explicit consent for cross-border transfers

All such transfers comply with RBI guidelines and the Digital Personal Data Protection Act, 2023.

11. Grievance Redressal

We are committed to addressing your privacy concerns promptly and effectively.

11.1 Internal Grievance Mechanism

Grievance Officer:
Name: Mr. Rajesh Kumar
Designation: Chief Privacy Officer
Email: grievance@sahayloan.com
Phone: +91-40-1234-5678
Address: Sahay Loan Ltd., Financial District, Gachibowli, Hyderabad - 500032, Telangana, India

We aim to resolve all grievances within 30 days of receipt. You will receive an acknowledgment within 48 hours.

11.2 External Recourse

If you are not satisfied with our response, you may escalate your complaint to:

• Reserve Bank of India (RBI): File a complaint through the RBI's Complaint Management System (CMS) at https://cms.rbi.org.in
• Data Protection Board of India: File a complaint with the Data Protection Board (once operational under DPDP Act, 2023)
• Ombudsman: Approach the relevant ombudsman scheme as per RBI guidelines

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Material changes will be notified through:

• Prominent notice on our website
• Email notification to your registered email address
• SMS alert to your registered mobile number

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes are posted constitutes your acceptance of the revised policy.

13. Legal Compliance and Jurisdiction

This Privacy Policy is governed by the laws of India. Any disputes arising from this policy or our data practices shall be subject to the exclusive jurisdiction of courts in Hyderabad, Telangana, India.

We comply with all applicable Indian laws including but not limited to:

• Information Technology Act, 2000 and Rules thereunder
• Digital Personal Data Protection Act, 2023
• Reserve Bank of India Act, 1934
• Prevention of Money Laundering Act, 2002
• Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016
• Indian Contract Act, 1872

14. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: