Privacy Policy

INTRODUCTION 

Welcome to SK Finance Limited. The domain name www.skfin.in (hereinafter referred to as "Website") is owned by SK Finance Limited, registered with The Reserve Bank of India as a middle layer non deposit taking Non-Banking Financial Company ("NBFC") as defined under section 45-IA of the Reserve Bank of India Act, 1934 and is primarily engaged in the business of lending having its Registered Office and Corporate Office in Jaipur (Rajasthan). SK Finance Limited is engaged in the business of vehicle financing, lending to Small and Medium Enterprises and allied activities. For more information, please visit www.skfin.in. We, at SK Finance Limited are strongly committed to protect the personal and financial information that the customer submits to us and would endeavour to protect it from unauthorised use. Use of this Website signifies your acknowledgement and consent to this Privacy Policy. If, however, you object to Your Information being used, processed and transferred by SK Finance in any way, please do not share your information on the Website.

TYPE OF PERSONAL INFORMATION COLLECTED

SK Finance may for the purpose of rendering its services, collect personal information as described below: 

Information that may be provided by you directly, such as: 

   a. Identification Information: Name, gender, residential / correspondence address, telephone number, date of birth, marital status, email address or other contact information.

     b. PAN, KYC Status, Signature and Photograph.

     c. Bank account or other payment instrument details.

     d. Any other detail, which may be required by us for providing services.

INFORMATION THAT WE MAY COLLECT FROM YOUR USE OF OUR SERVICES, SUCH AS:

     A. Transaction Information: We read, collect and monitor only financial transactional SMS for description of the transactions and the corresponding amounts for credit risk assessment. Other SMS data is not accessed.

     B. Storage Information: We may facilitate user to download and display information such as scheme commission details which a user may refer to, or to upload relevant documents as per various processes during user account management or transaction order placement.

    C. Media Information: We facilitate users to capture / upload relevant documents as may be required to be uploaded during user account management or transaction order placement.

    D. Device Information: We collect specific information about your device when you access our Services, including your storage, hardware model, operating system and version, unique device identifier, mobile network information, and information about the device's interaction with our services.

     E. We also collect the personal data including Aadhaar number/Virtual ID, directly from the Aadhaar number holder for conducting authentication with UIDAI at the time of providing the services. IT will be collected for the purpose of authentication of Aadhaar number holder to provide services of e-KYC for customer on boarding and loan disbursement.

Key Data Privacy Principles

The Policy represents the minimum standards that SK Finance has set with respect to data privacy. It aligns with (and in some cases exceeds) the requirements of applicable laws and regulations (i.e. Indian IT Act of 2000, IT Amendment Act of 2008, IT Rules of 2011 and Aadhaar Act 2016).

SPI refers to Sensitive personal data or information of a person means such personal information which consists of information relating to; —

      1. Password;

      2. Physical, physiological and mental health condition;

      3. Sexual orientation;

      4. Medical records and history;

      5. Biometric information;

      6. Aadhaar Number Holder

      7. Any detail relating to the above clauses as provided to SK Finance for providing service; and

Any of the information received under above clauses by SK Finance for processing, stored or processed under lawful contract or otherwise provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.

SK Finance values the Personal Data entrusted to it and the Company is committed to collecting, using, retaining and disclosing Personal Data in a fair, transparent and secure way by adhering to the following key principles:

A. Collection Limitation: Personal Data shall be collected by fair, lawful and transparent means.  SK Finance shall be open with individuals about how the Company will use their Personal Data, with whom it shares and where it may be sent

1. Consent shall be taken in writing through the application form/ agreement or any other documents executed or through letter or email from the provider of the sensitive personal data or information regarding purpose of usage shall be obtained before collection of such information. 

2. While collecting the information directly from the concerned person, it shall be ensured that the provider of information is aware of the following aspects:

a. The fact that information is collected

b. The purpose for collecting information

c. The intended recipients of the information

d. The name and address of agencies who are collecting and retaining the information

3. Prior to the collection of information including sensitive personal data or information, an option shall be provided to the provider of the information not to provide the data or information sought to be collected. The provider of information shall, at any time while availing the services or otherwise, also have an option to withdraw its consent given earlier to SK Finance. The revocation of consent shall not be applicable for sharing of information under any regulatory/ statutory or legal requirements as applicable in accordance with the prevailing law of the land. Such withdrawal of the consent shall be sent in writing to SK Finance. In case, provider of information not providing or later on withdrawing his consent, SK Finance shall have the option not to provide services for which the said information was sought. 

4. SK Finance Limited shall also collect the personal data including Aadhaar number/Virtual ID, directly from the Aadhaar number holder for conducting authentication with UIDAI at the time of providing the services; 

5. The Identity information including Aadhaar number / Virtual ID shall be collected for the purpose of authentication of Aadhaar number holder to provide services of e-KYC for customer on-boarding and loan disbursement.

B. Data Minimization: Only the Sensitive Personal Data required for authorized business activities shall be collected from the provider. Personal Data shall not be made available to anyone (including internal staff) who are not authorized, or do not have a business ‘need to know’ the information

C. Disclosure: The Personal Information (including sensitive personal data or information) collected or stored by SK Finance, shall be available for view by any third party by an order under the law for the time being in force and the providers of information who provided information under lawful contract.

The summary of this policy shall be published on SK Finance website and shall provide for—

1. Clear and easily accessible statements of its practices and policies;

2. Type of personal or sensitive personal data or information collected;

3. Purpose of collection and usage of such information;

4. Disclosure of information including sensitive personal data or information; and

5. Reasonable security practices and procedures for protection of PII / SPI

Aadhaar number holder shall be notified of the authentication either through the e-mail or phone or SMS at the time of authentication and the SK Finance Limited shall maintain logs of the same.

D. Use Limitation: The Personal Information shall be used for the purpose for which it has been collected. The privacy risks shall be taken into consideration, before the collection, use, retention or disclosure of Personal Information, such as in a new system or as part of a project.

E. Security: There shall be adequate protection for the Personal Data collected, used, retained and disclosed to support our business activities by following the relevant usage, technical and organizational policies, standards and processes:

1. SK Finance shall have comprehensive documented information security program and information security policies that contain managerial, technical, operational and physical security control measures

2. SK Finance shall comply with ISO 27001 standard on ‘Information Technology – Security Techniques’

3. Data Security associated with Aadhaar

a) The Aadhaar number shall be collected over a secure application, transmitted over a secure channel as per specifications of UIDAI and the identity information returned by UIDAI shall be stored securely; 

b) The biometric information shall be collected, if applicable, using the registered devices specified by UIDAI. These devices encrypt the biometric information at device level and the application sends the same over a secure channel to UIDAI for authentication. 

c) OTP information shall be collected in a secure application and encrypted on the client device before transmitting it over a secure channel as per UIDAI specifications; 

d) Aadhaar /VID number that are submitted by the resident / customer / individual to the requesting entity and PID block hence created shall not be retained under any event and entity shall retain the parameters received in response from UIDAI; 

e) e-KYC information shall be stored in an encrypted form only. Such encryption shall match UIDAI encryption standards and follow the latest Industry best practice; 

f) SK Finance Limited has been classified as a Local AUA by UIDAI and does not store Aadhaar numbers of the customers / individuals / residents to maintain their privacy and security; 

g) The keys used to digitally sign the authentication request and for encryption of Aadhaar numbers in Data vault shall be stored only in HSMs in compliance to the HSM and Aadhaar Data vault circulars; 

h) SK Finance Limited shall use only Standardisation Testing and Quality Certification (STQC) / UIDAI certified biometric devices for Aadhaar authentication (if biometric authentication is used); 

i) All applications used for Aadhaar authentication or e-KYC shall be tested for compliance to Aadhaar Act 2016 before being deployed in production and after every change that impacts the processing of Identity information; The applications shall be audited on an annual basis by information systems auditor(s) certified by STQC, CERT-IN or any other UIDAI recognized body; 

j) In the event of an identity information breach, the organisation shall notify UIDAI of the following: 

k) A description and the consequences of the breach; 

1. A description of the number of Aadhaar number holders affected and the number of records affected; 

2. The privacy officer’s contact details; 

3. Measures taken to mitigate the identity information breach;

l) Appropriate security and confidentiality obligations shall be implemented in the non-disclosure agreements (NDAs) with employees/contractual agencies /consultants/advisors and other personnel handling identity information; 

m) Only authorized individuals shall be allowed to access Authentication application, audit logs, authentication servers, application, source code, information security infrastructure. An access control list shall be maintained and regularly updated by organisation; 

n) Best practices in data privacy and data protection based on international Standards shall be adopted; 

o) The response received from CIDR in the form of authentication transaction logs shall be stored with following details: 

1. The Aadhaar number against which authentication is sought. In case of Local AUAs where Aadhaar number is not returned by UIDAI and storage is not permitted, respective UID token shall be stored in place of Aadhaar number; 

2. Specified parameters received as authentication response; 

3. The record of disclosure of information to the Aadhaar number holder at the time of authentication; and 

4. Record of consent of the Aadhaar number holder for authentication but shall not, in any event, retain the PID information. 

p) An Information Security policy in-line with ISO27001 standard, UIDAI specific Information Security policy and Aadhaar Act 2016 shall be formulated to ensure Security of Identity information.  

q) Aadhaar numbers shall only be stored in Aadhaar Data vault as per the specifications provided by UIDAI. 

F. Access, Correction and Update: Processes shall be defined to enable the providers of information, as and when requested by them, to review the information they had provided and ensure that any personal information or sensitive personal data or information found to be inaccurate or deficient shall be corrected or amended as feasible. SK Finance shall not be responsible for the authenticity of the personal information or sensitive personal data or information supplied by the provider of information except in cases where the Company has the mechanism to verify the information submitted by customers as per process laid out in the ‘KYC/ AML Policy’.

G. Retention: Personal Data shall be retained in accordance with the Preservation of Records policy , to support a specific business activity or legal/ regulatory/ statutory requirement.(if any) as per the defined Retention and Disposal Schedule as mentioned in Information Technology Policy. The person who has collected the information shall not retain the information for longer than is required for usage as per requirement or law.

Aadhaar authentication transaction logs shall be stored for two years, subsequent to which the logs shall be archived for five years, and shall be deleted after expiry of the said period, except for court orders or pending disputes. 

SK Finance may transfer SPI to any other entity or person located in India or any other country that ensures the same level of data protection through defined controls. Transfer of information shall be allowed only if it’s necessary as per the contracts and the information provider has consented to it.

H. Third Parties: It shall be ensured that access to and transfers of Personal Data (in email body or as attachments) to third parties are carried out only if it is necessary for the performance of the lawful contract between SK Finance or any person on its behalf and provider of information or where such person has consented to data transfer and with suitable contractual protections. Due diligence activities shall be conducted to ensure that the third party has appropriate security & privacy controls in place prior to sharing of any PII / SPI data. Disclosure of SPI to any third party, other than to regulatory/ statutory bodies/ agencies or reporting as mandated under the law/ applicable rules/regulations/guidelines etc., would require prior (one time) approval from the Data Privacy Officer.

Identity information must not be shared without violating Aadhaar Act 2016, UIDAI circulars, and biometric data transmission without encrypted PID blocks. SK Finance Limited requires secure Aadhaar number transmission, except for correction or grievance redressal.    

I. Marketing and Promotional Activities: Marketing and promotional communications shall be sent to providers of information / customers only after obtaining required consent from them.

Requirements for Sharing and Processing of PII

This policy establishes requirements for collecting, processing and disseminating personal data to ensure compliance with legal requirements.

A. Collecting Personal Data: Prior to collecting personally identifiable information, the collector of the data shall submit a formal request to the ’Data Privacy Officer’ for approval. The formal request shall contain the following information: 

1. Business purpose for which the information shall be used 

2. Nature of the personal data being collected 

3. Length of time the information shall be held 

4. Manner in which the data shall be maintained 

5. Possible consequences in case of unintended disclosure or deletion of data

6. Identity information, including Aadhaar number and Virtual ID, is collected for authentication purposes and processed only under the Aadhaar Act 2016 or its amendments. It must not be used beyond the specified purpose without consent from the Aadhaar number holder. A process is implemented to ensure identity information is not used beyond the purposes specified in the notice/consent form. 

B. Disseminating Personal Information: While disseminating PII / SPI data, it shall be ensured that: 

1. It is shared with authorized personnel only, who have a business requirement to access this information.

2. All required security controls are in place and working effectively, to protect the information being shared.

3. In no case should such information be shared on Social Media. Users should be made aware of the repercussions of such actions.  

4. In case the PII / SPI is shared with third parties, it needs to be ensured that all requirements mentioned in this policy are fulfilled prior to the dissemination of the information.

5. For sharing information with law enforcement agencies, written advisory from legal team shall be obtained by the Data Privacy Officer prior to approving such dissemination of PII / SPI data.

LOG FILE INFORMATION, WHICH SHALL BE STORED AUTOMATICALLY:

If you visit/ log into our website just to browse, read pages or download information, certain information regarding your visit is automatically stored on our systems. This information cannot and does not identify you personally.

The kind of information that is gathered automatically include without limitation:

a. The type of browser you are using (e.g. Internet Explorer, Firefox, etc.).

b. The type of Operating System you are using (e.g. Windows or Mac OS).

c. The domain name of your Internet Service Provider, the date and time of your visit and the pages on our website.

We sometimes use this information to improve our website(s) design, and content primarily to give you a better browsing experience. This Policy is not intended to and does not create any contractual or other legal rights in favour of any user or viewer of www.skfin.in or on behalf of any other party.

PURPOSE OF COLLECTION AND USAGE OF INFORMATION

On our site we collect, retain, and use information about you only when we reasonably believe that it will help administer our business or provide products, services, and other opportunities to you. Such information is collected for specified business purposes, such as:

1. RBI/SEBI/ Collecting Banks / KYC Registration Agencies (KRAs)/ Aadhar and other such agencies, solely for the purpose of processing your transaction requests for serving you better.

2. To provide you with the services that might be required by you.

3. To process your financial and non-financial transaction requests.

4. To undertake research and analytics for offering or improving our services.

5. To check and process your applications which may be submitted for availing any financial services.

6. To share with you any updates/changes to the services and their terms and conditions. 

7. To take up and investigate any complaints/claims/disputes.

8. To respond to your queries and feedback submitted by you.

9. For verification of your identity and other parameters.

10. To fulfil the requirements of applicable laws / regulations and / or court orders / regulatory directives received by us.

DISCLOSURE OF INFORMATION

The information provided by you may be disclosed to:

1. RBI/SEBI/ Collecting Banks / KYC Registration Agencies (KRAs) Aadhaar and other such agencies, solely for the purpose of processing your transaction requests for serving you better.

2. Another business entity to carry out any business activity or re-organization, amalgamation, restructuring of business or for any other reason whatsoever.

3. Any judicial or regulatory body.

4. Auditors

5. Other third party service providers.

We shall not publish the sensitive personal data or information or disclose it further, without your consent, for any purpose other than stated above. Service Providers We may employ third party Service providers and individuals due to the following reasons:

A. To facilitate our services.

B. To provide services on our behalf.

C. To perform service related services.

D. To assist us in analysing how services are used.

You are hereby informed that the third party service provider/ agents/ agencies will have access to your personal information on a need basis to assist SK Finance in rendering service and are restricted from using the same day for any other reason. The third party service provider is obligated not to disclose or use the information for any other purpose.

Retention of Information

SK Finance shall not retain or store such information for periods longer than is required for the purposes except when the information may lawfully be used or is otherwise required under any other law for the time being in force.

By agreeing to avail the services offered by SK Finance, you have agreed to the collection and use of your Sensitive Personal Data or Information, as well, by SK Finance. You always have the right to refuse or withdraw your consent to share/disseminate your Sensitive Personal Data or Information by contacting the customer care.

However, in the event of your refusal or withdrawal of personal data, you shall not be able to avail any services of SK Finance to the fullest extent.

Communications & Notifications

When You use the Website or send emails or other data, information or communication to us, You agree and understand that You are communicating with us through electronic mode and You consent to receive communications from us periodically. We may send notifications to you via email or in writing as a hard copy notice, or through conspicuous posting of such notice on our Website page. You may choose to opt out of certain means of notification as you may deem fit. Updating or Reviewing Your Information

You may upon written request to us review the personal data or information provided by you. SK Finance shall ensure that any personal information or sensitive personal data or information found to be inaccurate or deficient shall be corrected or amended as feasible.

REASONABLE SECURITY PRACTICES FOR PROTECTING YOUR INFORMATION

SK Finance uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. These include internal reviews of our data collection, storage and processing practices and security measures, such as appropriate encryption and physical security measures to guard against unauthorized access to systems where we store personal data.

All information gathered on said website is securely stored within the SK Finance controlled database. The database is stored on secured servers; access to which is password-protected and is strictly limited.

To protect your privacy and security, SK Finance takes reasonable steps (such as requesting a unique password) to verify your identity before granting you access to your account. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications from SK Finance, at all times.

Although we use security measures to help protect your personal information against unauthorised disclosure, misuse or alteration, as is the case with all computer networks linked to the internet, SK Finance cannot, however, ensure or guarantee the security of any information you transmit to SK Finance and you do so at your own risk. Once we receive your transmission of information, SK Finance makes commercially reasonable efforts to ensure the security of such information. 

Data Privacy Officer

The grievances or discrepancies reported by Customer of information with respect to processing of information shall be addressed in a time bound manner by the designated ‘Data Privacy Officer’.

Name of Privacy Officer:   Mr. Bhavesh Kumar

Email:  dpo@Skfin.in 

Links to Other Web Sites

Please note that this Privacy Policy does not extend to third party sites linked to this website. SK Finance is not responsible for the content and the privacy practices of such linked websites. It is advisable to read each such linked website's privacy statement prior to sharing any information.

Changes to Our Privacy Policy

Please note that this policy may change from time to time. If We change our privacy policies and procedures, We will post the changes on the Website to keep You updated. Changes to this Policy shall become effective on the day they are posted on this page. Please visit our website to keep yourself abreast of any changes to this Policy.