‘FatakPay®’ is a trademark applied for registration by FATAKPAY DIGITAL PRIVATE LIMITED, a company incorporated under the provisions of the Companies Act, 2013, having its registered office at FatakPay Digital Private Ltd, Technopolis Knowledge Park, Office No 1, Ground Floor, Mahakali Caves Road, Andheri (East), Mumbai, Maharashtra 400093. We are engaged in the business of providing digital creditworthy borrowers with short-term credit by connecting them with our NBFC partners and carrying out other incidental activities including collection on behalf of our NBFC partners.
Fatakpay (“our”, “us”, “we”, “Company”), various partner banks and financial institutions, as identified hereinbelow (“Lending Partner”) provide lending services, process your loan requests, and ultimately provide a loan to you (“Services”).
1. COLLECTION OF PERSONALLY IDENTIFIABLE INFORMATION
i. Part A: Information for Digital Lending Services: Consent based Information collected by the Platform for facilitation of Loans being disbursed by the financial lending partners whose details are available on the Website and the Application and who are registered with the Reserve Bank of India (“Lending Partners”).
ii. Part B: Consent based Information for Non-Lending Services: Information collected by Platform while registering a User on the Platform or while providing Value Added Services i.e. HRMS, an attendance tracking system for professionals using geolocation or selfie-based feature to mark attendance with regularisation & leave requests with a track of attendance records.
To support its lending and non-lending services, FatakPay may need to access, gather, and disclose Personal Information to its lending partners, such as banks or NBFCs registered with the Reserve Bank of India, or other third-party providers offering value-added services in collaboration with FatakPay. When sharing this information, FatakPay will ensure secure transmission and require all recipients to adhere to confidentiality, fidelity, and secrecy obligations by signing appropriate agreements. Additionally, FatakPay may share information with financial and non-financial companies, government agencies, courts, legal investigators, or other non-affiliated third parties when requested by You or Your authorized representative, or when legally required or permitted.
2. COLLECTION OF INFORMATION ABOUT YOU
User personal Data : We collect the data you provide to us when you create or update your Fatakpay Account. This includes your name, phone number, email ID, PAN, date of birth, pin code, nature of employment, official employment email address and name of employer, monthly income, and relationship with the co-applicant (in case the loan is being sought by more than a single applicant). We may require you to share further information at a later date to confirm the veracity of your information or under any additional features added to the App.
Financial and KYC Information : We and our Lending Partners collect the data you provide when you accept the tentative terms of the loans. This includes your photograph, Aadhar Number, PAN, parents’ names, bank account number, IFSC, proof of address (which can be your electricity bill, rental/lease agreement, gas bill, passport or driver’s license, or voter’s identity card or any other document the App may be able to record).
Location Data : We shall collect your device location information for verifying your address, for the KYC and onboarding process for the Services. We do not access your location when the app is running in the background.
SMS Data : With your permission, we collect and store SMS data on our Fatakpay servers (https://adminapi.fatakpay.com/platform_central/v1/view-sms-data) to monitor bank-related transactional SMS you get from service and product providers (like retail outlets, financial institutions, mobile carriers, utility companies, and more). We only check financial messages from 6-digit alphanumeric senders from your inbox, which helps us in identifying information related to bank transactions, parties' names, description of transactions and amount of transactions to aid in performing a credit risk assessment. This enables us to determine your eligibility and provide a quicker loan disbursal.
All user data is deleted once the purpose is met. All data is stored and consumed in India only. We do not collect, read, or store any of your personal SMSs data. We prioritize the security and privacy of our users and adhere to stringent data protection measures. Rest assured that your SMSs remain confidential, and we solely utilize the requested permissions for the aforementioned purposes..
Camera Data : We use your phone’s camera to capture your selfie for verification, for scanning the QR codes, and for uploading documents as per the instructions of our Lending Partners following applicable laws.
How we use this data: For Enabling the App and its Services; For Enabling Customer Support.
Credit Bureau Checks : With your consent, we conduct inquiries with Credit Bureaus, regulatory authorities, or any relevant third parties to verify your credit history or gather any other necessary information.
Device Information and Installed Apps data : Information that the Application collects, and its usage, depends on how you manage your privacy controls on your device.
i. Device Information: When you install the Application, we store the information we collect with unique identifiers tied to the device you are using. We collect information from the device when you download and install the Application and explicitly seek permission from You to get the required information from the device. Additionally, we also collect your Log information (via the domain server through which the User accesses the App Search queries, IP address, crashes, date, etc) to improvise the Application functionality. In addition to the above, we also track and collect the data related to the performance of the Application and other diagnostic data for identifying and resolving any technical glitches that may be identified from such data and also for improving the overall functionality of the Application.
How we use the information: We collect information about your device to provide automatic updates and additional security so that your account is not used on other people’s devices. We further collect other identifiable information such as your transaction history on the Platform when you set up a free account with us.
ii. Installed Application Data: We collect and transmit a list of specific installed applications’ metadata information which includes the application name, package name, installed time, updated time, version name, and version code of each installed application on your device. This data may be collected even when the app is closed or not in use.
How we use this information: We use this information for your onboarding and Know Your Customer (KYC) purpose with your explicit consent.
As part of using our services, you are required to provide data that enables us to provide the best possible services. The following outlines the data we collect from you:
i. Data provided by you through forms on the application or website.
ii. Data provided through correspondence with us, such as emails or chats.
iii. Data and information you provide when registering on the website, downloading or registering on our app, subscribing to services (such as loan applications), searching for services, or reporting problems.
iv. Data including your name, address, gender, date of birth, email address, phone number, username, password, and other registration information.
v. Documents such as PAN Card, Aadhaar Card, financial information (employer name, monthly salary, bank account details, bank statements), credit information, and identification documents provided for the onboarding process to avail of services from our lending partners.
vi. Data generated through your usage of our platform.
This data helps us create your profile, complete mandatory KYC procedures as required by our lending partners, facilitate loan approvals, and provide customized support when needed. Please note that we do not store all the data provided by you, except for basic information such as name, address, and contact details.
We indicate the mandatory and optional fields whenever possible. You have the choice not to provide certain information by opting out of specific services or features on the platform. While browsing some sections of the platform does not require registration, certain activities such as availing loans from third-party lenders do require registration and providing the mentioned details.
We do not collect any biometric data from you for any of our services or operations. If any of our representatives request such data, please refrain from providing it and notify our Grievance Officer (contact details provided below).
Storage of Personal Information
For lending services, we only store basic personal information necessary for carrying out consent based non-lending services. All data collected from you is stored on servers located in India and complies with statutory and regulatory obligations. Personal information collected as part of our outsourcing services for lending partners is collected based on their instructions and transferred to them upon completing the preliminary onboarding.
Collection of Certain Non-Personal Information
We automatically track certain information about you based on your behavior on our platform. This helps us understand and serve our users better, protect their interests, and improve our services. This information is analyzed on an aggregated basis.
If you purchase through the platform, we collect information about your buying behavior. We retain this information to resolve disputes, provide customer support, and troubleshoot problems as permitted by law. Correspondence sent by you or others regarding your activities on the website is also collected and stored in a specific file.
4. WHY WE COLLECT DATA?
We collect information from you to facilitate lending and non-lending services, and we ensure that the information is used solely for the intended purposes outlined below:
i. Establishing Identity: We collect information to establish and verify your identity accurately.
ii. Facilitating KYC: We use the information to facilitate the Know Your Customer (KYC) process as per the instructions of our lending partners.
iii. Troubleshooting and Platform Administration: The information is utilized to troubleshoot issues, monitor, improve, and administer our platform.
iv. Service Provision: We use the information to provide services such as facilitating loans or offering value-added and non-lending services to you.
v. Customization: The collected data enables us to design and offer customized products and services in collaboration with our third-party partners.
vi. Platform Analysis: We analyze the usage patterns of the platform, diagnose service or technical problems, and maintain security.
vii. Communication: We use the information to send communications, notifications, and information about requested products or services, and to process queries and applications made on the platform.
viii. Consumer Interest and Satisfaction: We measure consumer interest and satisfaction in our products and services, helping us manage our relationship with you.
ix. Marketing and Promotion: The information is used for marketing and promotional purposes, including sending promotional SMS, emails, and WhatsApp messages to inform you about online and offline offers, products, services, and updates.
x. Data Analysis: We conduct data analysis to improve the services and products provided to the users.
xi. Compliance with Laws and Regulations: We utilize user information to comply with applicable country laws and regulations.
xii. Financial Services: We use user information to enable you to access financial services from our lending partners under applicable laws.
xiii. Dispute Resolution and Fraud Prevention: The information is used to resolve disputes, detect and protect against suspicious or illegal activity, fraud, and other criminal activities.
xiv. Customized Experience and Terms Enforcement: We customize your experience on our platform and enforce our terms and conditions effectively.
We will only use and retain basic personal information such as your name, contact information, address details, and other necessary information to provide services on the platform, comply with legal obligations, resolve disputes, and enforce agreements.
2. DISCLOSURE TO 3rd PARTIES
We will only share your information with our trusted third parties, including regulated financial partners and vendors, to facilitate the services offered on our platform.Here is how we disclose and share your information:
i. Facilitation of Services: We may share your information with financial service providers, banks, NBFCs, and lending partners to facilitate loans, credit facilities, or product purchases.
ii. Data Analysis: We share your information with third-party partners to conduct data analysis, enabling us to better serve you and improve our platform's services.
iv. Tracking User Interaction: We may share user data/information with technology partners to track user interactions on our platform on our behalf.
vi. Third-Party Technology Providers: We may disclose your information to third-party technology or data source providers.
vii. Confidentiality Agreement: We share your information with third parties under a confidentiality agreement, ensuring that they only use the information for the purposes outlined in this policy. We guarantee that there will be no unauthorized disclosure of your information shared with third parties.
viii. Regulatory Compliance: We may disclose your KYC journey or related data to relevant regulatory authorities as part of our statutory audit process. Please note that your Aadhaar number will never be disclosed.
Please be assured that we take appropriate measures to ensure the security and confidentiality of your information when sharing it with third parties.Details of the third parties we and/or NTL share your personal information with are set out below:
Vendor’s Entity Name
12, 17th Cross
H 146 - 147, Second floor, H Block, Sector 63, Noida, Uttar Pradesh 201307
9, Mota Nagar, Andheri East, Mumbai, Maharashtra 400047
22, 1st Floor, Sjr Cyber, Laskar-Hosur Road, Adugodi, Bangalore- 560030
101, Silver metropolis Building, Bimbisar Nagar Rd, Bimbisar Nagar, Goregaon, Mumbai, Maharashtra 400063
CRIF High Mark Credit Information Services
B-04,05,06, 4th Floor, Art Guild House, Phoenix Market City, L.B.S Marg, Kurla (West), Mumbai Mumbai City MH 400070
ICICI Bank Tower, Near Chakli Circle, Old Padra Road Vadodara Vadodara GJ 390007
Think Analytics India Private Limited
Office No. 4072/4073, B Wing, Oberoi Garden Estate Chandivali Farm Road, Andheri East Mumbai Mumbai City MH 400072
Aarya Financial Services
F4, First Floor, Gokhale park, near mahila bank, Ashok stambh, Nashik-422002
D-110,RJ enterprises, Neptune magnet mall,lbs road,near mangatram petrol pump, Bhandup west. Mumbai - 400078.
2. OUR DATA SECURITY PRACTISES
The Platform is dedicated to protecting your information and maintaining its accuracy, as confirmed by you. We employ reasonable physical, administrative, and technical safeguards to prevent unauthorized access, use, and disclosure of your information. This includes encryption of transmitted data over the internet. We also require our registered third-party service providers to implement measures to protect your information.
Our Platform has robust security measures in place to safeguard against loss, misuse, and alteration of information under our control. We prioritize data and privacy security by incorporating state-of-the-art technology and multiple security layers throughout our products. This allows us to defend against a wide range of security threats, from basic vulnerabilities to sophisticated attacks.
Furthermore, the Website and App have obtained the following security certifications:
ISO 9001: This international standard outlines requirements for a quality management system (QMS), including security provisions. It demonstrates our commitment to providing products and services that meet customer and regulatory requirements with appropriate security protections.
ISO 27001: This standard specifies the requirements for an information security management system (ISMS), recommended under the Information Technology Act, 2000. An ISMS encompasses policies, procedures, and controls to manage information risk effectively.
To ensure the security and privacy of your data, we take the following measures:
i. Encryption: We utilize encryption techniques to maintain the privacy of your data during transmission.
ii. OTP Verification: We offer security features like One-Time Password (OTP) verification to enhance account protection.
iii. Regular Reviews: We regularly review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.
iv. Restricted Access: Personal information is restricted to employees, contractors, and agents who require access to process it. These individuals are bound by strict confidentiality obligations, and failure to comply may result in disciplinary action or termination.
v. Compliance with Regulations: We adhere to applicable regulations and laws, ensuring compliance with data protection requirements.
vi. Aadhaar Number Protection: We ensure that Aadhaar numbers are not disclosed in any manner.
vii. Data Transfers: We comply with legal frameworks relating to the transfer of data, as mandated by the Information Technology Act, 2000, and related rules and amendments.
viii. Complaint Resolution: In the event of formal written complaints, we promptly respond and collaborate with the appropriate regulatory authorities, including local data protection authorities, to resolve any data transfer-related concerns that cannot be resolved directly with you.
2. LINK TO THIRD-PARTY SDK AND OTHER SITES
The App contains links to registered third-party SDKs, API integrations, and redirections that collect data on our behalf. The collected data is securely stored on a protected server, in compliance with applicable laws. We ensure that our third-party service providers implement stringent security measures to safeguard your personal information against loss, misuse, or unauthorized alterations.
Our third-party service providers follow best practices such as separation of environments, segregation of duties, and role-based access control. They employ application-level encryption to protect stored data and enforce key management services to restrict data access.
Additionally, our registered third-party service providers implement hosting security measures, including industry-leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, and application control solutions. We do not permit unauthorized access to your non-public personal contacts or financial transaction SMS data by any third party, except our trusted lending partners about lending services.
However, for non-lending services such as Expense Tracker, with your explicit consent, we may allow third parties to access your financial transaction SMS data.
3. DATA RETENTION
At FatakPay, we are committed to protecting your data and ensuring it is not accessed, misused, or disclosed without authorization. We employ appropriate security measures based on the type of data and the way it is processed. We retain your information to provide you with a seamless experience, contact you regarding your account and support needs, and detect, prevent, mitigate, and investigate fraudulent or illegal activities related to our services. The retention period of your data is determined by the duration necessary to provide our services. We may also retain and use basic personal information such as your name, contact number, transactional details, and address details to fulfill our legal obligations, resolve disputes, and enforce our agreements, all under applicable laws. If you request the deletion of your data in writing, we will reasonably comply, although please note that after deletion, you may no longer be able to use our services.
4. OUR DATA DESTRUCTION PROTOCOLS
Upon completion of the retention period for each category of personal data as described above, we shall delete or destroy, to the extent technically possible, personal data in our possession or control, or render the personal data into anonymised data, so that it no longer constitutes personal data.
5. CHILDREN’S PRIVACY
Our Services are not directed to children, and we do not knowingly solicit or collect personal information from persons under the age of 18 (eighteen). If we find out that a child has given us personal information, we will take steps to delete that information and terminate the relevant Fatakpay Account.
6. COMMUNICATION FROM US
We may from time to time contact you via calls, SMS, emails, and other communication channels to provide you with information about our Services, notifications on updates vis-à-vis our Services (when we consider it necessary to do so), educational information, and promotions. Fatakpay may also notify you if Fatakpay needs to suspend the App for maintenance temporarily and keep you informed on security, privacy, or administrative-related communications. By setting up an account on Fatakpay, you consent to us contacting you via call, SMS, push notifications, or any other communication channel, as we may deem fit.
7. UPDATES TO THIS NOTICE
8. GRIEVANCE REDRESSAL
You may request deleting any information from the Platform at any stage upon requesting Us in the following manner:
Under Information Technology Act 2000 and the rules made there under, the name and contact details of the Grievance Officer are provided below for your reference:
Name: Ms. Adv. Varsha Manoharan
Email: [email protected]
Contact No: +91-9167872858