CRIF connect Header logo.jpg
  • Home
  • Privacy policy

Privacy policy

THIS DOCUMENT IS AN ELECTRONIC RECORD IN TERMS OF INFORMATION TECHNOLOGY ACT, 2000 AND RULES THERE UNDER AS APPLICABLE AND THE AMENDED PROVISIONS PERTAINING TO ELECTRONIC RECORDS IN VARIOUS STATUTES AS AMENDED BY THE INFORMATION TECHNOLOGY ACT, 2000. THIS ELECTRONIC RECORD IS GENERATED BY A COMPUTER SYSTEM AND DOES NOT REQUIRE ANY PHYSICAL OR DIGITAL SIGNATURES.

Purpose

CRIF CONNECT PRIVATE LIMITED (“CRIF”) is a Non-Banking Financial Company Account Aggregator (“NBFC-AA”), set up under the licensing terms of the Reserve Bank of India (“RBI”) to provide financial information aggregation services from the visitor or a registered user of CRIF Connect web application (“Website”), from one or more Financial Information Providers (“FIPs”) where their account(s) exist, based on the explicit consent obtained.

This Privacy Policy of CRIF gives you a complete understanding of how your data/information provided to CRIF is being collected, accessed and managed by CRIF.

Privacy Policy

CRIF respects and protects the privacy of the individuals that access the information and use the services provided through them. Individually identifiable information about the User is not wilfully disclosed to any third party without first receiving the User’s permission, as covered in this Privacy Policy.

However, when you use the Website,

This Privacy Policy describes CRIF’s treatment of personally identifiable information that CRIF collects when User is on the CRIF’s website. CRIF does not collect any unique information about the User (such as User’s name, email address, age, gender etc.) except when the User specifically and knowingly provide such information on the Website. We collect and store your personal information which is provided by you from time to time in order to provide you a more accuracy keeping view of the nature of our service provided through this website. Our primary goal in doing so is to provide you a safe, efficient, smooth and customized experience. This allows us to provide services and features that most likely meet your needs, and to customize our Website to make your experience safer and easier. Please note that, while doing so we collect personal information from you that we believe is necessary for achieving this purpose.

Please be aware that CRIF will release specific personal information about the User if required to do so in the following circumstances:

  1. In order to comply with any valid legal process such as a search warrant, statute, or court order, or
  2. If any of User’s actions on CRIF website violate the Terms of Service or any of CRIF’s guidelines for specific services, or
  3. To protect or defend CRIF’s legal rights or property, the CRIF site, or CRIF Users; or
  4. To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the security, integrity of CRIF website/offerings.

How we use your personal information

  • For the purpose of providing the Account Aggregation Services, We may use your personal information, including date of birth, to verify identity, assist with identification of users, and to determine appropriate services.
  • For the purpose of providing the Account Aggregation Services, CRIF is required to fetch your sensitive information from the pre-approved FIPs and share such information with the pre-approved FIUs as per the consent provided by you in accordance to the applicable RBI Master Directions in such form and manner as maybe prescribed by RBI from to time. Your Consent for collecting your personal sensitive information from the relevant FIP and sharing the same with concerned FIU shall be the basis upon which the Account Aggregation Services will be performed by us as per the consent provided in the Website. It is clarified that CRIF shall have no access to your personal sensitive information

Collection And Use of Non-Personal Information

The personal data concerning you in the possession of CRIF is collected directly from you, including through telematic methods, as part of the execution of the Account Aggregator Service.

In addition to the above, we will collect information such as the IP address from which visitors login to their account. Besides, details about failed logon attempts for the purpose of possible investigation into misuse or abuse of the website may also be collected.

Cookies and other technologies

A “cookie” is a small piece of information stored by a web server on a web browser so it can be later read back from that browser. Cookies are useful for enabling the browser to remember information specific to a given user. We place both permanent and temporary cookies in your computer’s hard drive. The cookies do not necessarily contain any of your personally identifiable information.

CRIF use data collection devices such as “cookies” on certain pages of the Website to understand and analyse trends, to administer the site, to learn about user behaviour on the site, to improve our product and services, measure promotional effectiveness, and promote trust and safety and to gather demographic information about our user base as a whole. CRIF may use this information in our marketing and advertising services.

In some of our email messages, we use a “click-through URL” linked to content on the Website. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to determine interest in particular topics and measure the effectiveness of our customer communications.

“Cookies” are small files placed on your hard drive that also assist us in providing our services. We may offer certain features that are only available through the use of a “cookie”.

We also use cookies to allow you to enter your password/PINs and other inputs authenticating you/user less frequently during a session. Cookies can also help us provide information that is targeted to your interests. Most cookies are “session cookies,” meaning that they are automatically deleted from your hard drive at the end of a session. You are always free to decline our cookies if your browser permits, although in that case you may not be able to use certain features on the Website and you may be required to re-enter your password more frequently during a session.

Disclosure to third parties

At times CRIF may make certain personal information available to regulatory authorities or other entities, as obligated under applicable laws.

Integrity and retention of personal information

CRIF makes it easy for you to keep your personal information accurate, complete, and up to date. We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is obligated by applicable law.

Access to personal information

You can help ensure that your contact information and preferences are accurate, complete, and up to date by logging in to your account. For other personal information we hold, we may provide you with access for any purpose including to request that we may modify the data if it is inaccurate or delete the data if CRIF is not required to retain it by law or for legitimate business purposes. We may decline to process requests that are frivolous/vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law.

Data security

We make strong efforts to safeguard any information we collect about our users. Passwords or PINs are never stored in plaintext and employee access to sensitive information is limited. All reasonable efforts are made to appropriately firewall our servers and prevent unauthorized access to any machines/databases containing sensitive information. For purchases made on our website through the payment gateway, credit/debit card details are never stored on our servers. We only store transaction authorization data while card details are recorded with the merchant bank. In conjunction to the same, you understand and agree that you are responsible for maintaining the confidentiality of all registration details input and provided by you while registering yourself, which includes your login identification details, e-mail addresses/mobile and other contact number(s) and the passwords/PINs for the purpose of accessing CRIF Website and do not share such details with any person/officer/entity not authorised under applicable law.