Privacy Policy

This Privacy Policy explains our policy regarding the collection, use, disclosure and transfer of your information by India Shelter Finance Corporation Limited and/or its subsidiary (ies) and / or its associates and/or its affiliate(s) (collectively referred to as the “Company”), which operates the website (“Website”), the mobile and web applications and other allied services (“India Shelter Apps” or “Apps”). It applies regardless of whether you use a computer, mobile phone, tablet, or television or any other media or computer resource to access our platforms. It also applies to those who register on our platforms in connection with the use of our services. It is important that you read the Privacy Policy carefully because whenever you use our platforms, your personal data may be processed (if at all) in accordance with this policy. This Policy forms part and parcel of the ‘Terms of Use’ as relevant for the Apps and Website services (“Apps and Website Services”).
The Company respects the privacy of the users of the Apps and Website Services and is committed to reasonably protect it in all respects. The information about the user as collected by the Company is:
a) Information supplied by users on the Apps and / or the Website, as the case may be
b) Information automatically tracked while using our Apps and Website Services.
Mandatory Registration for Apps:
It is mandatory to register yourself in order to use the App where possible. We indicate which fields are mandatory and which are optional. You would be given an option to accept or decline the terms of this Policy. We will not be able to register you if you are not in agreement with the terms of this Policy.
It is clarified that registration is not mandatory for using the Website. If you access and use the Website, you would be deemed to give your consent for collection, storage, and use of Personal Information in terms of the provisions of this Policy.
As we update, improve, and expand our services pertaining to App and Website Services, this Policy may change, so please check the same periodically. By accessing and/or using our App and Website Services, you consent to collection, storage, and use of your Personal Information (as defined below) including any changes thereto as provided by you, from time to time) for any of the services that we offer.
Collection and use of Personal Information
When you register for our apps and / or use our Apps, we collect and store your personal information such as, but not limited to, your name, demographics, behavior patterns, financial transaction details ( excluding any Debit Card/Credit Card/third party user credentials details) and/or such other information as may be provided by you from time to time such as billing address, details of recipients, his or her location, etc. on the website and / or App (“Personal Information”), which is provided by you from time to time. Our primary goal in doing so is to provide you with a safe, efficient, smooth, and customized experience of the services rendered or to be rendered by us. This also allows us to provide our services and features that most likely meet your needs, and to customize our App and / or Website to make your experience safer and easier. More importantly, while doing so we collect Personal Information from you that we consider necessary for achieving this purpose.
Personal Data we Collect from the website
Following data points are collected by our website-
•    Name
•    Phone/mobile
•    Email ID
•    Address (City, State, Pin code)
•    PAN Card
•    Google Analytics data
•    IP Address
Cookies
We use data collection devices such as ‘Cookies’ etc. on certain pages of our Apps and Website to help analyze page flow, measure promotional effectiveness, and promote trust and safety in relation to the Apps and Website. ‘Cookies’ are small files placed on your device hard-drive/storage that assist us in providing our App and Website Services. We offer certain features on our Apps and Website that are only available through the use of ‘Cookies’.
Most of the ‘Cookies’ are ‘session cookies ‘, meaning that they are automatically deleted from your device hard-drive/storage at the end of a session. You are always free to decline our ‘Cookies if your device permits, although in that case you may not be able to use certain features on our Apps.
Use of Personal Data
We will only use your information in a fair and reasonable manner, and where we have a lawful reason to do so:
•    To provide you with our services and products and in the course of provision, we may share your information with third-party agents/contractors we may appoint.
•    To improve your user experience and the overall quality of our services. For e.g. We use your data collected from cookies and other tracking technologies.
•    To send you updates on promotional/special offers, products, services, news and events from us or our associate(s)/partner(s) or third-party(ies) with which we may share your information from time to time.
•    Communicate with you concerning our service so that ISFC can send you details about ISFC promotional announcements, marketing purposes and surveys, and other services of ISFC affiliates.
•    To improve our platforms and content thereon to provide better features and services.
•    To conduct market research and surveys with the aim of improving our products and services.
•    To prevent, detect, investigate, and act against crimes (including but not limited to fraud and other financial crimes), any other illegal activities, suspected fraud or violations of our Terms of Use
•    To the extent required for identity verification, compliance with subpoenas, court orders, requests/orders from legal authorities or regulators or law enforcement agencies requiring such disclosure, regulatory requirements, and due diligence checks.
•    To establish, exercise, or defend legal rights in connection with legal proceedings (including any prospective legal proceedings) and seeking professional or legal advice in relation to such legal proceedings.
•    To help advertisers understand our audiences and confirm the value of advertising on our platforms.
•    To notify you about changes in terms of service or privacy policy
•    To provide you with customer support
We will occasionally ask you to complete optional online surveys. These surveys may ask you for contact information and demographic information (like zip code, age, or income level). We use this data to tailor your experience at our App, providing you with content that we think you might be interested in and to display content according to your preferences.
Due diligence will be performed at regular intervals to ensure that the usage of data is consistent with the purpose for which it has been collected. You can also post messages on our message boards, chat rooms or other message areas or leave feedback. We retain this information as necessary to resolve disputes, provide customer support and troubleshoot problems as permitted by law.
If you send us personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities on the App, we may collect such information into a file specific to you.
Information sharing and Disclosure
We restrict access to your information to our employees who we believe reasonably need to know that information in order to fulfil their jobs to provide, operate, develop, or improve our products or services.
ISFC does not rent, sell, or share Personal Data about you with other people or non-affiliated companies except:
a) to provide products or services you've requested,
b) when ISFC have your permission,
c) or under the following circumstances:
•    ISFC provides information to trusted partners who work on behalf of or with ISFC under confidentiality agreements. These companies may use your Personal Data to help ISFC communicate with you about offers from ISFC and our marketing partners. However, these companies do not have any independent right to share this data.
•    ISFC may disclose your Personal Data to agents or contractors of ISFC and/or its group companies/affiliates to enable processing of transactions or communications with you on a need basis. However, it shall be on the basis that the agents are required to keep the information confidential and will not use the information for any other purpose other than to carry out the services they are performing for ISFC and/or its group companies/affiliates.
•    RBI/NHB/ Registrar and transfer Agents/ KYC Registration Agencies (KRAs) and other such agencies, solely for the purpose of processing your transaction requests for serving you better.
•    Any judicial or regulatory body, Auditors.
Links to Other Platforms
Our Apps and/or Website may be linked to other platforms that may collect personally identifiable information about you. The Company is not responsible for the privacy practices or the content of those linked platforms.
Security Precautions
Our Apps and Website has stringent security measures in place to protect the loss, misuse, and alteration of your Personal Information under our control. Whenever you change or access your account information, we offer the use of a secure server. Once your Personal Information is in our possession we adhere to strict security guidelines, protecting it against unauthorized access.
Consent (applicable only for Apps)
Your consent will be obtained at the time of mandatory registration process as mentioned above, which consent shall remain valid until withdrawn by you, for all the Applications / functions as mentioned within the Apps or displayed on the Website. You may provide your consent through a click on the tab ‘I Agree’ that would be displayed on your screen prior to usage of such Apps by you. Such acceptance would be deemed to be a valid written consent in the form of letter or any other mode as specified under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
Changes to this Privacy Policy
We reserve the right to change or update this Privacy Policy or any other of our policies/practices at any time without giving any prior notification; hence, you are requested to review the Privacy Policy periodically, to make sure that you are aware of any such changes.
If we decide to change our Policy, we will upload the revised policy on the Website and link the same to our Apps.
Choice of denial or withdrawal of consent (applicable only for Apps)
You will be provided with an option to decline or deny providing of data/ information if you may so desire.
Further, if at a later date, you wish to withdraw your consent given earlier, you may do so by writing to the Grievance Officer as per details provided on the website of the Company.
Information Security
We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure, and destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorized access to systems where we store personal data. All Personal Information gathered on the India Shelter App and / or Website is securely stored within the controlled database. Access to the servers is password protected and is strictly limited.
Grievance redressal
If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site or have any complaints in the subject matter, please contact our grievance officer whose details are mentioned below.
Name of Grievance officer – Mr. Rohit Gaur
Phone Number – +91-9356661616
Email Id – rohit.gaur@indiashelter.in
Disclaimer
We do not store any bank account related information or any credit / debit card details. We shall not be liable for any loss or damage sustained by Users as a result of any disclosure (inadvertent or otherwise) of any information concerning the User's account, credit cards or debit cards in the course of any online transactions or payments made for any products and/or services offered through the Platform.
In case any Personal Information is shared by you with us, which is not requested by us, we will not be liable for any information security breach or disclosure in relation to such information.
Aadhaar Based Authentication: -
Aadhar Personal Data collection
INDIA SHELTER FINANCE CORPORATION LIMITED shall collect the personal data including Aadhaar number/ Virtual ID, directly from the Aadhaar number holder for conducting authentication with UIDAI at the time of providing the services.
Specific purpose for collection of Personal data
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall collect the identity information including Aadhaar number/ Virtual ID for the purpose of authentication of Aadhaar number holder to provide financial services.
•    The identity information collected and processed shall only be used pursuant to applicable law and as permitted under the Aadhaar Act 2016 or its Amendment and Regulations.
•    The identity information shall not be used beyond the mentioned purpose without consent from the Aadhaar number holder and even with consent use of such information for other purposes should be under the permissible purposes in compliance to the Aadhaar Act 2016.
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall implement a process to ensure that identity information is not used beyond the purposes mentioned in the notice/ consent form provided to the Aadhaar number holder.
Notice/ Disclosure of Information to Aadhaar number holder
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall provide relevant information prior to collection of identity information/ personal data from Aadhaar number holder. These shall include:
a) The purpose for which personal data/ identity information is being collected.
b) The information that shall be returned by UIDAI upon authentication.
c) The information that the submission of Aadhaar number or the proof of Aadhaar is c) mandatory or voluntary for the specified purpose and if mandatory the legal provision c) mandating it.
d) The alternatives to submission of identity information (if applicable).
e) Details of Section 7 notification (if applicable) by the respective department under the Aadhaar Act, 2016, which makes submission of Aadhaar number as a mandatory or necessary condition to receive subsidy, benefit, or services where the expenditure is incurred from the Consolidated Fund of India or Consolidated Fund of State. Alternate and viable means of identification for delivery of the subsidy, benefit or service may be provided if an Aadhaar number is not assigned to an individual.
f) The information that Virtual ID can be used in lieu of Aadhaar number at the time of Authentication.
g) The name and address of INDIA SHELTER FINANCE CORPORATION LIMITED collecting and processing the personal data.
•    Aadhaar number holder shall be notified of the authentication either through the e-mail or phone or SMS at the time of authentication and INDIA SHELTER FINANCE CORPORATION LIMITED shall maintain logs of the same.

Obtaining Consent
•    Upon notice/ disclosure of information to the Aadhaar number holder, INDIA SHELTER FINANCE CORPORATION LIMITED shall take consent in writing or in electronic form on the website or mobile application or other appropriate means and shall maintain logs of disclosure of information and Aadhaar number holder’s consent.
•    The legal department shall be responsible for developing and sharing the consent statement.
Processing of Personal data
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall use the identity information, including Aadhaar number, biometric/ demographic information collected from the Aadhaar number holder only for the Aadhaar authentication process by submitting it to the Central Identities Data Repository (CIDR).
•    Aadhaar authentication or Aadhaar e-KYC shall be used for the specific purposes declared to UIDAI and permitted by UIDAI. Such specific purposes shall be notified to the residents/ customers/ individuals at the time of authentication through disclosure of information notice.
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall not use the identity information including Aadhaar number or e-KYC for any other purposes than allowed under Section 11 A of Prevention of Money Laundering Act, 2002 and informed to the residents customers individuals at the time of Authentication.
•    For the purpose of e-KYC, the demographic details of the individual received from UIDAI as a response shall be used for identification of the individual for the specific purposes of providing the specific services for the duration of the services.
Retention of Personal Data
INDIA SHELTER FINANCE CORPORATION LIMITED shall store the authentication transaction logs for a period of two years subsequent to which the logs shall be archived for a period of five years as per applicable regulations and upon expiry of the period, barring the authentication transaction logs required to be maintained by a court order or pending dispute, the authentication transaction logs shall be purged.

Sharing of Personal data
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall not share identity information in contravention to the Aadhaar Act 2016, its Amendment, Regulations, and other circulars released by UIDAI from time to time.
•    Biometric information collected shall not be transmitted over any network without the creation of encrypted PID block as per Aadhaar Act and regulations.
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall not require an individual to transmit the Aadhaar number over the Internet unless such transmission is secure and the Aadhaar number is transmitted in encrypted form except where transmission is required for correction of errors or redressal of grievances.
Data Security
•    The Aadhaar number shall be collected over a secure application, transmitted over a secure channel as per specifications of UIDAI and the identity information returned by UIDAI shall be stored securely.
•    The biometric information shall be collected, if applicable, using the registered devices specified by UIDAI. These devices encrypt the biometric information at device level and the application sends the same over a secure channel to UIDAI for authentication.
•    OTP information shall be collected in a secure application and encrypted on the client device before transmitting it over a secure channel as per UIDAI specifications.
•    Aadhaar/ VID number that are submitted by the resident/ customer/ individual to INDIA SHELTER FINANCE CORPORATION LIMITED and PID block hence created shall not be retained under any event and entity shall retain the parameters received in response from UIDAI.
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall store e-KYC information in an encrypted form only. Such encryption shall match UIDAI encryption standards and follow the latest Industry best practice.
•    INDIA SHELTER FINANCE CORPORATION LIMITED has been classified as a Local e-KYC User Agency (KUA) by UIDAI and shall not store Aadhaar numbers of the customers/ individuals /residents to maintain their privacy and security.
•    INDIA SHELTER FINANCE CORPORATION LIMITED (if classified as Global AUAs and KUAs) shall, as mandated by law, encrypt, and store the Aadhaar numbers and any connected data only on the secure Aadhaar Data Vault (ADV) in compliance to the Aadhaar data vault circular issued by UIDAI.
•    The keys used to digitally sign the authentication request and for encryption of Aadhaar numbers in Data vault shall be stored only in HSMs in compliance to the HSM and Aadhaar Data vault circulars.
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall use only Standardization Testing and Quality Certification (STQC)/ UIDAI certified biometric devices for Aadhaar authentication (if biometric authentication is used).
•    All applications used for Aadhaar authentication or e-KYC shall be tested for compliance to Aadhaar Act 2016 before being deployed in production and after every change that impacts the processing of identity information; The applications shall be audited on an annual basis by information systems auditor(s) certified by STQC, CERT-IN or any other UIDAI recognized body.
•    In the event of an identity information breach, INDIA SHELTER FINANCE CORPORATION LIMITED shall notify UIDAI of the following:
a) A description and the consequences of the breach.
b) A description of the number of Aadhaar number olders affected and the number of records affected.
c) The Privacy Officer’s contact details.
d) Measures taken to mitigate the identity information breach.
•    Appropriate security and confidentiality obligations shall be implemented in the non-disclosure agreements (NDAs) with employees/ contractual agencies/ consultants/ advisors and other personnel handling identity information.
•    Only authorized individuals shall be allowed to access Authentication application, audit logs, authentication servers, application, source code, information security infrastructure. An access control list shall be maintained and regularly updated by the organization.
•    Best practices in data privacy and data protection based on international standards shall be adopted.
•    The response received from CIDR in the form of authentication transaction logs shall be stored with following details:
a) The Aadhaar number against which authentication is sought. In the case of Local AUAs where Aadhaar number is not returned by UIDAI and storage is not permitted, respective UID token shall be stored in place of Aadhaar number.
b) Specified parameters received as authentication response.
c) The record of disclosure of information to the Aadhaar number holder at the time of authentication.
d) Record of consent of the Aadhaar number holder for authentication. but shall not, in any event, retain the PID information.
•    An Information Security policy in-line with ISO27001 standard, UIDAI specific Information Security policy and Aadhaar Act 2016 shall be formulated to ensure security of identity information.
•    Aadhaar numbers shall only be stored in Aadhaar Data vault as per the specifications provided by UIDAI.
Rights of the Aadhaar Number Holder
The Aadhaar number holder has the right to obtain and request update of identity information stored with INDIA SHELTER FINANCE CORPORATION LIMITED, including authentication logs. The collection of core biometric information, storage and further sharing is protected by Section 29 of the Aadhaar Act 2016, hence the Aadhaar number holder cannot request for the core biometric information.
INDIA SHELTER FINANCE CORPORATION LIMITED shall provide a process for the Aadhaar number holder to view their identity information stored and request subsequent updating after authenticating the identity of the Aadhaar number holder. In case the update is required from UIDAI, same shall be informed to the Aadhaar number holder.
The Aadhaar number holder may, at any time, revoke consent given to INDIA SHELTER FINANCE CORPORATION LIMITED for storing his e-KYC data, and upon such revocation, INDIA SHELTER FINANCE CORPORATION LIMITED shall delete the e-KYC data in a verifiable manner and provide an acknowledgement of the same to the Aadhaar number holder.
The Aadhaar number holder has the right to lodge a complaint with the Privacy Officer who is responsible for monitoring of the identity information processing activities so that the processing is not in contravention of the law.
Aadhaar Number Holder Access request
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall formulate a process to handle the queries and process the exercise of rights of Aadhaar number holders with respect to their identity information/ personal data. As part of the process, it shall be mandatory to authenticate the identity of the Aadhaar number holder before providing access to any identity information.
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall formally record and respond to all requests from the Aadhaar number holder within a reasonable period.
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall ensure compliance to the relevant data protection/ privacy law(s).
Privacy by Design
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall establish processes to embed privacy aspects at the design stage of any new systems, products, processes, and technologies involving data processing of identity information of Aadhaar number holders.
•    INDIA SHELTER FINANCE CORPORATION LIMITED, in possession of the Aadhaar number of Aadhaar number holders, shall not make any database or records of the Aadhaar numbers public unless the Aadhaar numbers have been redacted or blacked out through appropriate means, both in print and in electronic form.
•    Before going live with any new process that involves processing of identity information, INDIA SHELTER FINANCE CORPORATION LIMITED shall ensure that disclosure of information/ privacy notice in compliance to the Aadhaar Act 2016 is provided to the resident/ customer/ individual and that consent is taken and recorded in compliance to Aadhaar Act 2016.
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall conduct quarterly self-assessments to ensure compliance to disclosure of information and consent requirements.
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall implement privacy enhancing organizational and technical measures like anonymization, and minimization to make the collection of identity information adequate, relevant, and limited to the purpose of processing.
Governance and Accountability Obligations
•    A Privacy committee shall be established to provide strategic direction on privacy matters.
•    A person (Privacy Officer or Data Protection Officer as identified within the context of INDIA SHELTER FINANCE CORPORATION LIMITED) responsible for developing, implementing, maintaining, and monitoring the comprehensive, organization-wide governance and accountability shall be designated to ensure compliance with the applicable laws.
•    The name of the Privacy Officer and contact details shall be made available to UIDAI and other external agencies through an appropriate channel.
•    The Privacy Officer shall be responsible to assess privacy risks of processing identity information/ personal data and mitigate the risks.
•    The Privacy Officer shall be independent and shall be involved in all the issues relating to the processing of identity information.
•    The Privacy Officer shall be an expert in data protection and privacy legislations, regulations, and best practices.
•    The Privacy Officer shall advise the top management on the privacy obligations.
•    The Privacy Officer shall advise on high-risk processing and the requirement of data privacy impact assessments.
•    Privacy Officer shall act as a point of contact for UIDAI for coordination and implementation of privacy practices and other external agencies for any queries.
•    The Privacy Officer shall be responsible for managing privacy incidents and responding to the same.
•    The Privacy Officer shall also be responsible for putting in place measures to create awareness and training of staff involved in processing identity information, about the legal consequences of data breach to the reputation of INDIA SHELTER FINANCE CORPORATION LIMITED.
•    Privacy Officer shall ensure that the authentication operations, systems, and applications are audited by CERT-IN (Indian Computer Emergency Response Team), Standardization Testing and Quality Certification (STQC) empaneled auditors or any other UIDAI recognized body at least on an annual basis.
•    Privacy Officer shall conduct internal audits (through internal audit team) on a quarterly basis and monitor compliance through these audits against Aadhaar Act 2016. Privacy Officer shall ensure that the front-end operators interacting with Aadhaar number holders are trained on a periodic basis to ensure they communicate the disclosure of information to the Aadhaar number holder, take consent appropriately after showing the screen to the Aadhaar number holder and ensure Security of identity information. Such trainings shall be documented for audit purposes.
•    Aadhaar specific trainings to developers, systems admins and other users shall be provided to ensure they are aware of the obligations for their respective roles; completion of such trainings shall be documented.
•    Privacy Officer shall be responsible to formally communicate this policy to all stakeholders and staff who need to comply with this policy; Any changes to the policy shall be communicated immediately.
•    Privacy Officer shall facilitate formal privacy performance reviews with the relevant stakeholders / Privacy Committee and suggest improvements. The reviews shall consider the results of various audits, privacy incidents, privacy initiatives, UIDAI requirements etc.
Transfer of identity information outside India is prohibited
•    INDIA SHELTER FINANCE CORPORATION LIMITED shall not host or transfer identity information outside the territory of India in compliance to the Aadhaar Act and its Regulations.
Grievance Redressal Mechanism
•    Aadhaar number holders with grievances about the processing can contact the Privacy Officer (i.e., Data Protection Officer as identified within the context of INDIA SHELTER FINANCE CORPORATION LIMITED) via multiple channels like on the website, through phone, SMS, mobile application etc.
•    Reasonable measures shall be taken to inform the residents/ customers/ individuals about the Privacy Officer and his contact details.
•    The contact details of Privacy Officer and the format for filing the complaint shall be displayed on INDIA SHELTER FINANCE CORPORATION LIMITED’s website and other such mediums that are commonly used for interaction with the residents/ customers/ individuals.
•    Where the medium of interaction is not electronic (such as physical), poster/ notice board that is prominently visible shall be used to display the name of Privacy Officer and contact details.
•    If any issue is not resolved through consultation with the management of INDIA SHELTER FINANCE CORPORATION LIMITED, Aadhaar number holders can seek redressal by way of mechanisms as specified in Section 33B of the Aadhaar Act, 2016.
Responsibility for implementation and enforcement of the policy

•    The overall responsibility of monitoring and enforcement of this policy through various mechanisms such as audits etc. shall be with the Privacy Officer.
•    Responsibility of the implementation of controls of this policy shall be with the Privacy Officer.
•    Responsibility of review of disclosure of information notice, consent clause, method of consent, logging of consent etc. shall be with the Privacy Officer.

Relevant Provisions of Aadhaar Act and Supreme court judgement

INDIA SHELTER FINANCE CORPORATION LIMITED shall refer to the following relevant documents for ensuring compliance to the Aadhaar requirements:
a) Judgement of Honorable Supreme Court dated September 2018
b) Aadhaar Act 2016
c) Aadhaar and Other Laws (Amendment) Act 2019
d) Aadhaar (Authentication) Regulations 2016
e) Aadhaar (Data Security) Regulations 2016
f) Aadhaar (Sharing of Information) Regulations 2016
g) Any other Regulations or notices or Circulars issued by UIDAI from time to time