Last updated on: 25th October 2023
Si Creva Capital Services Private Limited is a private limited company incorporated under the provisions of the Companies Act, 2013 having Corporate Identification Number (CIN) U65923MH2015PTC266425 (“Si Creva”). Si Creva is a Systemically Important Non-Deposit taking Non-Banking Financial Company registered and regulated by the Reserve Bank of India (“RBI”) as a Non-Banking Finance Company (“NBFC”), bearing Registration no. N-13.02129 registered and regulated by Scale based regulations and such other RBI Directions as applicable to NBFCs, as amended from time to time and such other rules, regulations, directions, circulars, notifications, and orders issued in this regard from time to time (“RBI Directions”).
Si Creva is in the business of the provision of consumer and personal loans by using two digital lending applications viz; ‘Kissht’ and ‘PaywithRing’ which are owned by OnEMI Technology Solutions Private Limited. Besides this, it is also lending through the mobile app and web-based applications on the platforms of other Lending Service Providers (“LSPs”).
Si Creva recognizes the expectations of its customers and the visitors to its website with regard to privacy, confidentiality and security of their personal information which we receive while browsing/ using our website/ services. Si Creva is committed to maintaining the confidentiality, integrity and security of all the personal information of our users. Keeping Your personal information secure and using it solely for activities related to Company’s business is a top priority of the Si Creva.
We have taken adequate measures aimed at protecting the personal information entrusted and disclosed to us. This policy (Policy) is framed to inform you the privacy practice followed & the governing way in which the Company collects, uses, discloses, stores, secures and disposes your personal information and sensitive personal data or information.
To register with us, you must be 18 (eighteen) years of age or older and Indian resident. Individuals below the age of 18 (eighteen) years and minors are strictly forbidden from using the Service.
- "Personal Information" for purposes of this Policy means information that identifies you, directly or indirectly such as your name, address, phone number, mobile number, e-mail address or any other contact details and shall also include “Sensitive Personal Information”. By providing your number at https://paywithring.com/ https://kissht.com, you are authorizing PaywithRing/ Kissht & its representatives to give you a call to offer you our Services for the product you have opted for, imparting product knowledge, offering promotional offers running on the website. Irrespective of the fact that you have registered yourself under Do Not Disturb (“DND”) or Do Not Contact (“DNC”) service, you are still authorizing us, our representatives & our partners to communicate with you for the above-mentioned purposes. There is no DNC check required on a number you enter while using PaywithRing/ Kissht Services.
- “Processing” in relation to personal data or information means an automated operation or set of operations performed on personal data, and may include operations such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction;
- “Publicly available information” shall mean any information or data of the user which the Company reasonably believes is lawfully publicly available. All other information or data which is not publicly available shall be Non publicly available information for the purpose of this Policy.
“Sensitive personal data or information” of a User means such personal information which consists of information relating to:
- financial information such as Bank account or credit card or debit card or other payment instrument details
- medical records & history;
- biometric information
- any Other government-issued identification number such as country-identification
- “User” shall mean such Persons who are using the Company’s services or the Company’s website and to whom this Policy is applicable, and it shall include the words “you”, “customer” which are used interchangeably in this Policy.
This Policy is applicable with reference to the Personal Data or Personal Information of the User which is non publicly available, processing of which is done by or for the Si Creva whether manually or mechanically including automated means. Any information that is freely available or accessible in public domain or furnished under the RTI Act 2005 or any other law for the time being in force shall not be regarded as personal information for the purpose of this Policy.
Mode of collecting Information of users
If you intend to open a loan account by using PaywithRing/ Kissht with any of our lending partners, you would be required to provide details like your name, E-mail address, Residential address, Mobile number, PAN number, Aadhaar Card, and other such information which may be needed to assess your creditworthiness. Wherever possible, we indicate the mandatory and the optional fields. You always have the option to not provide any information by choosing not to use a particular Service or feature on the Platform. You shall be provided with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the App delete/ forget the data. The details of third parties for data sharing will be explicitly provided based on the request received. We also collect user account data which includes email address and user public profile information like name, photo, or information required solely for the purpose of identification, depending on the social media or networking platform used by You like Google or Facebook to log-into an App.
The data collected, as stated in this policy, is solely restricted to the above-mentioned activities and will not be in further used for any other purpose. In case we use the data for any other purpose, explicit consent shall be taken from the customers.
No biometric data is stored/ collected in the systems associated with the Digital Lending Application (“DLA”) of the Regulated Entities (“RE”)/“REs”)/ their Lending Service Provider(s) (“LSP(s)”), unless allowed under extant statutory guidelines. Our system comply with various technology standards/ requirements on cybersecurity stipulated by the Reserve Bank of India (“RBI”) and other agencies, or as may be specified from time to time, for undertaking digital lending and the Platform accesses SMS (to assess the income, financial expenses etc), one time location, device and phone number information such as your device hardware model, operating system, and version, unique device identifiers, user profiles, WiFi information, and mobile network information solely for the purpose of onboarding journey. Further, it is clarified that none of the aforementioned information/data is saved on its servers.
Access to your registration information, account information, and any other Personal Information you provide is strictly restricted and used only under specific internal procedures and safeguards governing access, to operate, develop or improve the Service. We may also use third-party service providers to help us provide the Service to you, such as sending e-mail messages or SMS on our behalf or hosting and operating a particular feature or functionality of the Service. We require such third parties to maintain the confidentiality of the information we provide to them. If you telephone us, we may also record and monitor calls for quality checks and staff training. Such recordings may also be used to help us combat fraud.
Lawful grounds for processing Personal Information
Si Creva will process your personal data in compliance with applicable data privacy laws in India by relying on one or more of the following lawful grounds:
- Consent - You have explicitly agreed to our processing for a specific reason
- Performance of a Contract - The processing is necessary to perform the agreement we have with you
- Legal Obligation - The processing is necessary for compliance with legal obligations under certain laws
- Legitimate Interest - The processing is necessary for the purposes of a legitimate interest pursued by the Company
Mode of Collecting Information
In order to provide seamless approval and determine instant creditworthiness of customers, we explicitly request for certain permissions after users complete the signup process:
PaywithRing/Kissht can access all SMSs to assess the income, financial expenses etc only for the purpose of loan onboarding journey. The assessment is automated and the SMSs are encrypted. Kissht/PaywithRing does not read or store any of your personal SMS data. Also, it does not share your SMSs with any third party.
PaywithRing/Kissht accesses the current location only once during the loan onboarding journey to verify the location of the borrower.
PaywithRing/Kissht collects the device location of the borrower and phone number information, such as your device hardware model, operating system, and version, unique device identifiers, user profiles, WiFi information, and mobile network information only once during loan onboarding journey. PaywithRing/Kissht assesses these to uniquely identify your devices and protect you from fraud by preventing unauthorised devices from misrepresenting you or misusing your information.
We require camera access to take selfie, scan and capture the required KYC documents thereby allowing us to auto-fill relevant fields. A one-time access can be taken for camera, microphone, location or any other facility necessary for the purpose of on-boarding/KYC requirements only, with the explicit consent of the borrower
If enabled, we may place cookies on your machine that store small amounts of data on your computer about your visit to any of the pages of this website. Cookies can identify the pages that are being viewed, and this can assist us in tracking which of our features appeal the most to you and what content you may have viewed on past visits.
INFORMATION SHARING WITH THIRD PARTIES
We may use third-party advertising companies and/or ad agencies to serve ads when you visit our website. These companies may use information (excluding your name, address, e-mail address, or telephone number) about your visits to https://paywithring.com/ https://kissht.com to provide advertisements on this Site and other sites about goods and services that may be of interest to you. Explicit consent will be taken from you before sharing Personal Information with any third party, except for cases where such sharing is required as per statutory or regulatory requirement. If you choose to apply for these separate products or services, disclose information to the providers, or grant them permission to collect information about you, then their use of your information is governed by their privacy policies. You should evaluate the practices of these external service providers before deciding to use their services. https://paywithring.com/ https://kissht.com is not responsible for their privacy practices. However, in case you wish to restrict sharing of information partially or completely with third party (other than statutory or regulatory authorities) you may reach out to us on email@example.com/ firstname.lastname@example.org.
3rd PARTY SERVICE PROVIDERS:
We work with third-party service providers to execute various functionalities of the App and we may share your information with such service providers to help us provide the App. Some of these functionalities may include:
- Validating and authenticating the official verification documents provided by you.
- Validating your preferred bank account, as well as transferring the loan amounts to you. E-signing of the User Loan Agreement, populating the User Loan Agreement. The information shared with these service providers is retained for auditing of the agreements. e-NACH set-up to enable autopay.
- Analyzing customer behaviour and to automate our marketing and outreach efforts. Detection and flagging of fraud.
- Gathering of additional information regarding your bank account and statement details in case adequate information has not been provided by you or through the other service providers we work with.
- For manually collecting any sums owed by you to our Lending Partner
However, usage of such third-party services is subject to their privacy policies and not within our control. We recommend that you have a look at their privacy policies before agreeing to use their services. Explicit consent will be taken from you before sharing personal information with any third party, except for cases where such sharing is required as per statutory or regulatory requirement.
LINK TO THIRD-PARTY SOFTWARE DEVELOPMENT KIT (SDK)
The App has a link to a registered third party SDK which collects data on our behalf and data is stored to a secured server to perform a variety of services such as analyzing your in-app actions, serving retargeting ads, do location based targeting on social media accounts, deliver personalized push notifications, perform credit assessment based on your information. We share limited information such as Device IDs, Android IDs, Page status, Location, Workflow events with analytics and marketing service providers who may use it to serve targeted, contextual ads to you. We ensure that our third party service provider takes extensive security measures in order to protect your Personal Information against loss, misuse or alteration of the data.
We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it using secure cryptographic techniques over HTTPS APIs. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. We use a combination of firewalls, encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect https://paywithring.com/ https://kissht.com accounts and systems from unauthorized access.
Furthermore, our registered third party service provider provides hosting security – they use industry-leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, and application control solutions.
We do not sell or misuse your data. We do not share your personal identifiable information and Government IDs such as PAN, Aadhaar Card, VID number with these 3rd parties. We also don't allow unauthorized access to your non-public personal contacts or financial transaction SMS data with any 3rd party.
To verify your creditworthiness and complete the KYC formalities, we request you to enter few government-issued ID numbers such as PAN Number, Aadhaar Card, or Virtual ID (VID) number. This data remains completely safe and secure with us and is never shared with any 3rd party. However, your information is passed to the authorized 3rd party APIs and government websites for you to fill up the information and help us validate your KYC credentials.
Purpose of Collection and use of personal information:
Si Creva collects and uses the financial information and other personal information. This information is collected and used for specific business purposes or for other related purposes designated by the Company or for a lawful purpose to comply with the applicable laws and regulations. Si Creva shall not divulge any personal information collected from the customer, for cross selling or any other purposes outside the Company. The authenticity of the personal information provided by the customer shall not be the responsibility of the Company.
The intended purpose of collecting information provided by you is to
- Establish identity and verify the same with or without help of third party(ies);
- To complete onboarding and KYC requirements for third party lending partners.
- Monitor, improve and administer our Platform;
- Provide our service i.e. perform credit profiling for the purpose of facilitating loans to You.
- Design and offer customized products and services offered by our third party financial partners;
- Analyse how the Platform is used, diagnose service or technical problems and maintain security;
- Send communication notifications, information regarding the products or services requested by You or process queries and applications that You have made on the Platform;
- Manage Our relationship with You and inform You about other products or services We think You might find of some use;
- Conduct data analysis in order to improve the Services / Products provided to the User;
- Use the User information in order to comply with country laws and regulations;
- Collect KYC for our third party lending partners based on the information shared by the User;
- Use the User information in other ways permitted by law to enable You to take financial services from our lending partners.
Retention of Information:
Si Creva shall not retain or store such information for periods longer than is required for the purposes except when the information may lawfully be used or is otherwise required under any other law for the time being in force.
We will use and retain the information for such periods as necessary to provide You the Services on the Platform, to comply with our legal obligations, to resolve disputes, and enforce our agreements.
By agreeing to avail the services offered by the company, you have agreed to the collection and use of your Sensitive Personal Data or Information, as well, by Si Creva. You always have the right to refuse or withdraw your consent to share/disseminate your Sensitive Personal Data or Information by contacting the customer care. However, in the event of your refusal or withdrawal of personal data, you shall not be able to avail any services of the Company to the fullest extent.
Data Destruction Protocol:
All the data, including all the copies thereof will be destroyed post the completion of the business, legal or regulatory requirement. In case the data are stored in physical form, that is, CDs, DVDs, Pen Drive, tapes, etc., then the physical device storage shall be destroyed. In case the data are stored in digital form, then secure erasure of individual folders and/or files will be done as the policies of the Company.
Disclosure of Personal Information
The personal information collected by the Company shall not be disclosed to any other organization except-
- Where the disclosure has been agreed in a written contract or otherwise
- Disclosure is required to the third party on a need to know basis, provided that in such case, the company shall also inform the third parties the confidentiality nature of the personal information and shall ensure that same standards of information/ data security is maintained.
- Disclosure to any governmental authority or law enforcement officers request or require any information and the company thinks disclosure is required or appropriate in order to comply with laws, regulations, or a legal process.
The user authorizes the Company to exchange, share, part with all information related to the details and transaction history of the User to its affiliates/ banks/ financial institutions/ credit bureaus/ agencies/ participation in any telecommunication or electronic clearing networks as may be required by law, customary practice, credit reporting, statistical analysis and credit scoring, verification or risk management or any of the aforesaid purposes and shall hold the Company liable for use or disclosure of this information.
Consent are required before we may collect, use or disclose your personal information, except in situations permitted by the law, such as during a fraud investigation, or where we are required to disclose information by court order.
You may also provide us with your implied consent for the collection, use, and disclosure of personal information necessary for the Identified Purposes. While we may rely on implied consent in certain circumstances, we will not collect, use or disclose your medical and health information, your employment and income information, or your banking, credit or financial information, without your express written or verbal consent.
You may withdraw your consent, subject to legal or contractual obligations and on reasonable notice, but this may limit our ability to provide you with the requested product or service. In the event that you wish to withdraw your consent, you should contact our Privacy Officer for information regarding the implications of such withdrawal, and then if you choose to proceed, give the requisite notice.
Where permitted by law, you may be given the option to give your express consent to us to access your credit information from a credit reporting agency. We will use this credit information for the purpose of assessing risk, providing you with a quote, and determining your eligibility for a premium discount. We may continue to retrieve your current credit score from time to time, while you remain a customer of ours, unless you withdraw your consent for us to do this.
Reasonable Security Practices and Procedures:
We keep your data secure:
We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. We use a combination of firewalls, encryption techniques, and authentication procedures, among others, to maintain the safety and security of your online session and to protect https://paywithring.com/ https://kissht.com accounts and systems from unauthorized access.
We maintain your information on servers located in India. Our databases are protected from general employee access, both physically and logically. We encrypt your Service password so that your password cannot be recovered, even by us. All backup drives and tapes also are encrypted. No employee may put any sensitive content on any unsecured machine (i.e., nothing can be taken from the database and put on an insecure laptop).
Encryption and secure communication:
All communications between your computer, tablet, mobile devices and https://paywithring.com/ https://kissht.com that contain any Personal Information are encrypted. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery.
Login id and password confidentiality:
All other information shall be treated as non-confidential and non-proprietary and PaywithRing/ Kissht shall be under no obligation of any kind concerning such information and shall be free to reproduce, use, disclose, and distribute the information to others without limitation. Additionally, PaywithRing/Kissht shall be free to use any ideas, concepts, know-how, or techniques contained in such information for any purpose whatsoever, including, but not limited to, developing or marketing services incorporating such information.
There is no legal obligation to destruct the data from the server upon you closing the account or non-usage of our Services from your end. The data will be retained securely on our server and shall help PaywithRing/ Kissht:
- To comply with legal duties and requirements, either statutory or regulatory;
- To avoid liability through "spoliation," the improper destruction or alteration of documents in a litigation situation;
- To support or oppose a position in an investigation or litigation;
- To protect from unnecessary expense and time during discovery;
- To maintain control over discovery and e-discovery;
- To keep documents confidential and avoid leakage to attackers or competitors;
- To enforce our Terms and Conditions
We may share your collected information with only our registered third parties including our regulated financial partners for provision of Services on the Website/ App wherever feasible. We may share your information with third parties only in such manner as described below:
- We may disclose and share your information with the financial service providers, banks or NBFCs and our third party partners for facilitation of a loan or facility or line of credit or purchase of a product;
- We may share your information with our third party partners in order to conduct data analysis in order to serve you better and provide Services our Platform;
- We will disclose the data / information provided by a User with other technology partners to track how the User interact with the Platform on Our behalf.
- We and our affiliates may share your information with another business entity should we (or our assets) merge with, or be acquired by that business entity, or re-organization, amalgamation, restructuring of business for continuity of business. Should such a transaction occur than any business entity (or the new combined entity) receiving any such information from us shall be bound by this Policy with respect to your information.
- We will disclose the information to our third party technology and credit partners to perform credit checks and credit analysis like Credit Bureaus or third party data source providers;
- We will share your information under a confidentiality agreement with the third parties and restrict use of the said Information by third parties only for the purposes detailed herein. We warrant that there will be no unauthorised disclosure of your information shared with third parties.
- By using the Platform, you hereby grant your consent to the Company to share/disclose your Personal Information (i) To the concerned third parties in connection with the Services; and (ii) With the governmental authorities, quasi-governmental authorities, judicial authorities and quasi-judicial authorities, in accordance with applicable laws of India.
- We shall disclose your KYC journey or any data with respect to the same to the relevant regulatory authorities as a part of our statutory audit process. Please note that your Aadhaar number shall never be disclosed.
Further, the data stored on our server shall be utilised only for the purpose and to the extent stated in the policy. In case we use or disclose your information for any purpose not specified above, we will take your explicit consent.
The Platform intends to protect your information and to maintain its accuracy as confirmed by you. We implement reasonable physical, administrative and technical safeguards to help us protect your information from unauthorized access, use and disclosure. For example, we encrypt all information when we transmit over the internet. We also require that our registered third party service providers protect such information from unauthorized access, use and disclosure.
Our Platform has stringent security measures in place to protect the loss, misuse and alteration of information under control. We endeavour to safeguard and ensure the security of the information provided by you. We use Secure Sockets Layers (SSL) based encryption, for the transmission of the information, which is currently the required level of encryption in India as per applicable law.
We blend security at multiple steps within our products with the state of the art technology to ensure our systems maintain strong security measures and the overall data and privacy security design allow us to defend our systems ranging from low hanging issue up to sophisticated attacks.
We aim to protect from unauthorized access, alteration, disclosure or destruction of information we hold, including:
- We use encryption to keep your data private while in transit;
- We offer security feature like an OTP verification to help you protect your account;
- We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems;
- We restrict access to Personal Information to our employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations;
- Compliance & Cooperation with Regulations and applicable laws;
- Data transfers;
- We ensure that Aadhaar number is not disclosed in any manner.
We or our affiliates maintain your information on servers located in India. Data protection laws vary among countries, with some providing more protection than others. We also comply with certain legal frameworks relating to the transfer of data as mentioned and required under the Information Technology Act, 2000 and rules made thereunder.
When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.
Your Rights regarding the Data
Right to Access
You may request to access your data provided by you (or) processed by us. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Right to rectification
In the event that any personal data provided by you is inaccurate, incomplete or outdated then you shall have the right to provide us with the accurate, complete and up to date data and have us rectify such data at our end immediately. We urge you to ensure that you always provide us with accurate and correct information/data to ensure your use of our Services is uninterrupted.
Right to withdraw consent
To prevent further sharing of your data, you can also uninstall the App. Your device may have controls that determine what information we collect. For example, you can modify permissions on your Android device for access to Camera or Audio permissions.
We may email or send push notifications to you from time to time about our latest offerings and updates. You may opt out of receiving such promotional emails from us by writing to us. You may also opt out of receiving emails and other messages from us by following the unsubscribe instructions in those messages. However, even if you have opted out of receiving information from us, we will still send non-promotional communications, such as repayment reminders and loan approvals message etc.
You can opt out of receiving push notifications through your device settings. Please note that opting out of receiving push notifications may impact your use of the App.
You are provided with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the App (as defined under the DLG Guidelines) delete/forget the data. In case of withdrawal or modification of your consent or your amendment of any of your choices in this regard, we reserve the option not to provide the services or modify the services provided to you for which such information was sought.
You have the right to exercise any of the above rights by contacting our Data Protection Officer(“DPO”) as stated in this Policy. Once we receive your request and verify the same satisfactorily, we shall proceed with assisting you on your request.
CONTACT INFORMATION OF DATA GRIEVANCES REDRESSAL OFFICER:
We and our Lending Partner have appointed a data grievances redressal officer. Our data grievance officer is: Suraj S, accessible via email at: email@example.com / firstname.lastname@example.org. You can contact the officer confidentially by email to enquire about the treatment of your data by us or our Lending Partner.
CHANGES TO PRIVACY STATEMENT AND YOUR DUTY TO INFORM US OF CHANGES:
This Privacy Statement may change or be amended over time. The recent version of this Privacy Statement is published on this App or Platform, as the case may be.
Please revisit this page periodically to stay aware of any changes to this Privacy Statement. We will notify you of any material changes to this Privacy Statement by publishing the same on our App or Platform, as applicable. Your continued use of our Services confirms your acceptance of this Privacy Statement, as amended. If you do not agree to the terms and conditions as contained in our Privacy Statement, as amended, you must stop using our Services and notify us.
It is very important that any Personal Information we hold/pass on to our lending partners about you is up to date and correct. Please inform us of any changes to your Personal Information.