“MPOKKET FINANCIAL SERVICES PRIVATE LIMITED” (“mPokket” “Company” “we”, “our”, “us”) is a company incorporated under the Companies Act, 2013 bearing CIN No. U65999WB2019PTC233120, having its registered office at PS Srijan Corp. Park, Unit-1204, Tower-I Plot-G2, Street No 25, GP Block, Sector V Kolkata -700091. Mpokket Financial is a registered non-banking financial company having a certificate of registration issued by the Reserve Bank of India (“RBI”) and is engaged in the business of providing unsecured personal loans and services through technology platforms such as Mobile/ Smartphone Applications. The mPokket App is owned, operated and made available by Maybright Ventures Private Limited (hereinafter referred to as “MVPL”), having its registered office at PS Srijan Corp. Park, Unit-1204, Tower-I Plot-G2, Street No 25, GP Block, Sector V Kolkata -700091, India.
We may revise this Policy as well as update the Services and the App from time to time, It is strongly recommended for you to return to this page periodically to review the most current version of this Privacy Statement which is amended by us from time to time. If you do not agree with any part of this Policy, please stop using our Services immediately.
This Policy, incorporates, and includes our Terms and the Agreement(s) executed by you for availing the lending products made available by us (“User Loan Agreement”). Words and phrases not defined in this Policy shall mean the same as provided in the Terms. We comply with all regulations on the protection of Personal Information specified in laws and regulations applicable to information and communication service providers.
1. Data collected by us:
By using the App, you consent to provide mPokket, your data in the ways listed below. mPokket collects the data you provide to ensure that you are provided with the Services in the best manner possible. We use this data to underwrite (i.e. assess the risk it will be taking) loan we might offer you and to determine the rates and tenure for such loans. The data being asked from you helps us to provide services to you in a robust and user-friendly manner.
We have detailed the manner in which data will be collected:
A. Data collected at the signup/ onboarding stage for using our services:
When You visit mPokket Website, the administrator processes technical data such as Your IP-address, Device ID or MAC-address, information about the manufacturer, model, operating system of Your mobile device, the internet browser you use to enable us to deliver the functionalities of the Website. In addition to this, in certain instances the browser may prompt you for your geo-location to allow us to provide you with an enhanced experience. With this technical data the Website administrator can manage the Website, for instance by resolving technical difficulties or improving the accessibility of certain parts of the Website. This way, we ensure that You can (continue to) find the information on the Website in a quick and simple manner.
We and MVPL collect the data you provide to us when you create or update your mPokket account. This includes your full name, phone number, email ID, gender, photograph, marital status, PAN, verifies Aadhaar Number linked with your Mobile Number, date of birth, pin code, nature of employment, official employment email address, name of employer, monthly income. We or MVPL may require you to share further information on a later date to confirm the veracity of your information or pursuant to any additional features added to the App.
We and MVPL use this data provided by you for enabling the App and its Services for a. Loan Processing and KYC Authentication, b. For Enabling Customer Support, c. For Research and Development, d. For Enabling Communications Between You and Us, e. For enabling Marketing and Outreach f. For Automated Decisions, g. For Legal Compliance and Requirements.
- Financial and KYC Information: For Loan Processing and KYC Authentication We and MVPL collect the data you provide when you accept the tentative terms of the loans. This includes your photograph, Aadhaar Number verification linked with your Mobile Number, PAN, parents’ names, bank account number, IFSC, One of Officially Valid Documents specified in RBI-KYC directions (Driving License, Voter’s ID, NREGA Job Card, Passport etc.) and transaction information, and any other KYC (Know Your Customer) information required by law to provide our Services. How we and MVPL use this data: For Enabling the App and its Services; For Loan Processing and KYC Authentication; For Legal Compliance and Requirements.
- Other Data Solicited for enhanced functionality and improved Service: You may be required to provide further information to us for the purposes of processing your loan application. Such additional information may include (without limitation) bank statements, goods and services tax returns, salary, income statements, type and version of the internet browser/operating system, type and manufacturer of the mobile phone, name and version of system and application software. This data shall be supplied to us through MVPL. How we and MVPL use this data: For Enabling the App and its Services; For Loan Processing and KYC Authentication; For assessing the quantum and interest rate of loan to be extended; For Legal Compliance and Requirements.
- Feedback Data and Other Data: This includes the following:
- If you call our call centers, we may record information provided by you to service you or record the calls for quality and training purposes.
- Data you input when you participate in our referral programs or use any discount codes offered by us.
- If you provide any feedback or comments to us on the App. How we and MVPL use this data: For Enabling the App and its Services; For Loan Processing and KYC Authentication; For Legal Compliance and Requirements.
B. Data we collect from Usage of Our Services:
- Geolocation Data: We and MVPL collect the location data from you in two ways: (i) when you add the pin code as part of your mPokket Account data; and (ii) from your mobile device when enabled by you to do so. The location data helps us to provide you with better loan offers, for KYC, reduce risk associated with your loan application and also to prevent any Fraud.
- User Personal Information: The app collects user account data which includes email address, name to log in to the app. This information is required as part of the registration process to access our service and it is also used to auto populate relevant fields in the course of the interface of the app. The app also collects mobile numbers for verification to check the active SIM status on the device uniquely identify you and prevent fraud and unauthorized access. We also collect the AAID for advertising and analytics.
- Financial SMS Data: MVPL collect all of the SMS data and transmits only financial and promotional SMS data to mPokket server while transmitting only your Financial transactional SMS data to us. We and MVPL monitors only your financial transactional SMS which helps us in identifying your bank accounts, cash flow patterns, names of transacting party, description and amount of the transactions undertaken by you to help us perform credit risk assessment enabling us to determine your risk profile and provide you with the appropriate credit analysis and to prevent fraud thereby helping us and MVPL to provide you with quicker loan disbursal. This data may be collected even when the app is not in use. No personal SMS data is stored by us and MVPL on the server. You will not be able to use the App if you disable this access.
- Device Data: The app collects and monitors specific information about your device including your hardware model, RAM, storage; unique device identifiers like IMEI, serial number, SSAID, SIM information that includes network operator, roaming state, MNC and MCC codes, WIFI information that includes MAC address and mobile network information to uniquely identify devices and to prevent fraud. This also helps in enriching your credit profile and providing you with the best loan offers according to your profile. How we and MVPL use this data: For Enabling the App and its Services; For Enabling Customer Support; For Research and Development; For Enabling Communications Between You and Us; For enabling Marketing and Outreach
- App Data: We and MVPL collect the data about your installed applications, including the applications and package name, installed and updated time, version name and version code for all applications installed on your device on and from the date you create your mPokket Account and the manner in which you use them. This also includes having access and permission to send you messages and notifications via your social media and instant messaging applications. We use this to assess your credit worthiness and provide you with pre-approved customised loan offers. You will not be able to use the App if you disable this access.
- Microphone: We require microphone permission to initiate two-way audio communication as a part of KYC journey. This may be stored for future verification purposes.
- Usage data: MVPL collects data about how you interact with their Services. This includes data such as interaction patterns, access dates and times, App features or pages viewed, App crashes and other system activity, type of browser, and third-party sites or services used before or in the course of interacting with the Services.
- Transaction information: MVPL collects transaction information related to the use of our Services, including the type of services requested, date and time the service was provided, loan availed, interest payable, EMI selected, and payment method.
- Storage: This permission is required so that users’ documents can be securely downloaded and saved on users’ phones and upload the right documents for a faster approval and disbursal of the loan. This helps provide a very smooth and seamless experience while using the app.
C. Information Received from other sources:
We and MVPL may also be working closely with third parties (including, for example, credit information bureaus, business partners, technical sub-contractors, analytics providers, Lending service providers) and may lawfully receive information about you from such sources. Such data may be shared internally and combined with data collected on the App.
How we and use this data: For Enabling the App and its Services; For Loan Processing and KYC Authentication; For Enabling Customer Support; For Research and Development; For Enabling Communications Between You and Us; For enabling Marketing and Outreach; For Automated Decisions; For Legal Compliance and Requirements
How we and use this data: For Enabling the App and its Services; For Loan Processing and KYC Authentication; For Enabling Customer Support; For Research and Development; For Enabling Communications Between You and Us; For enabling Marketing and Outreach; For Automated Decisions; For Legal Compliance and Requirements
2. Usage and Purpose of Data collected:
The data that is collected in accordance with Section 1 above will be used in the manner detailed below:
A. For enabling App & its Services:
The data collected is used to personalize, maintain and improve our Services. This includes using the data to:
- Create and update the mPokket Account.
- Analyze your loan eligibility and estimate your loan terms.
- Track the disbursement and repayment of the loan.
- Enable features that allow you to add and remove bank accounts for your loan repayment and disbursements from time to time.
- Enable features that help you check your loan history and other such App features as may be added from time to time.
- Perform internal operations necessary to provide Services, including to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and
- to monitor and analyze usage and activity trends.
B. For Loan Processing and KYC Authentication:
We use the data to analyze your creditworthiness, loan eligibility, KYC documents, current employment verification and the terms of your loans. While MVPL collects the Financial and KYC Information, we are required to individually process the loan requests and verify the KYC documentation received. Failing to process such data means that you cannot be provided any loans. You hereby grant us explicit consent to fetch your KYC (Know Your Customer) details from the Central KYC Records Registry using the details provided by you. We also use the data to track disbursement and repayment of your loan.
C. For Enabling Customer Support:
MVPL uses the information to provide customer support, including to resolve your concerns from the use of the Services, and train customer service executives.
D. For Research and Development:
The data so collected by us may be used for research, analysis, and product development to improve the UI/UX experience – all of which will ultimately improve how you experience the App. This also helps MVPL develop automated actions to be triggered in certain events, such as to identify if photographs uploaded are not clear, fraud takes place, IFSC is incorrect etc.
E. For Enabling Communications Between You and Us:
MVPL may add features that allow you to call us (through the App or otherwise), similarly, MVPL may also need to contact you (through the App or any other channels that you give us access to, such as WhatsApp).
F. For Marketing and Outreach:
MVPL may use the data collected to market the App and its Services. This includes sharing your feedback, ratings and screen names for purely promotion and marketing purposes. Such promotion and marketing may be done via hoardings, banners, pamphlets etc.
G. For Automated Decisions:
The App may provide automated features for customer responses, reimbursement tracking, etc. As the App grows, MVPL will keep adding more automated features to the App.
H. For Legal Compliance and Requirements:
We process your data to meet the requirements of applicable laws, regulations, standards, rules, codes and the requirements as may be applicable on non-banking financial institutions and other codes with which company must comply. This includes:
- authenticating and validating your access to your account or to mitigate and protect against identity theft or fraud. To do this, some of your data may be collected by us/ MVPL or our service partners. It will use this Information for the purpose of anti-fraud systems and this may be retained by us for our future use for reference and cross-reference of information.
- consulting and reporting your Information and behaviour on monetary obligations to legitimately constituted financial, commercial or service risk centres, or to other financial institutions, under applicable laws of India.
- verifying your identity and comparing your Information to verify accuracy for reporting obligations under applicable laws or KYC norms;
- processing your information for the purpose of ensuring compliance under applicable laws and for resolving or contesting any claims made by or against you /against us/ MVPL, our group companies, our service partners or any other third party;
- processing (including storing or using) your Information to ensure business continuity of our businesses and appropriate disaster recovery for the Websites, Apps, services and products.
We may use the data we collect to investigate or address claims or disputes relating to use of our Services, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries.
I. For Product Innovation:
MVPL may use the data collected to offer new products and services for your use.
3. Sharing of the Collected Information:
Personal information held by us will only be used for purposes directly related to one or more legitimate functions or activities in the provision of our services or as otherwise permitted by law. We are very protective about your data. We may enter into data-sharing agreements as Non-Disclosure Agreements or disclose the collected data in order to provide the Services and new product offerings to you. We have detailed the manner in which we and MVPL share the collected data below.
A. Sharing of Information with Third Parties:
- Service Providers: To trusted partners who work on behalf of or with us under confidentiality/non-disclosure agreements. These entities may use your Information which shall inter alia include one or more of the following services: for performing marketing services, delivering goods, administering promotions; analyzing transaction behavior and cashflows via your SMSs, bank statements, goods and services tax returns, salary and income statements, income tax returns, basis which your loan offer is generated; data validating and authenticating the official verification documents provided by you; processing credit/debit card payments; E-signing/ Digital signing of the User Loan Agreement or Sanction Letter, populating the User Loan Agreement or the Sanction Letter (the information shared with these service providers is retained for auditing of the agreement); analyzing customer behaviour and to automate our marketing and outreach efforts; Detection and flagging of fraud; Cloud Services; gathering of additional information regarding your bank account and statement detail in case adequate information has not been provided by you or through the other service providers we work with; operating the Service or providing support and maintenance services for the same; for collection and recoveries of any sum owed by you to us; validating and authenticating your employment status, employment information and employment duration; and/ or providing customer service. MVPL works with third party service providers to execute various functionalities of the App. Your information may be shared with such service providers to facilitate/enhance/complete the Services offered to you.
- Third Party Services: The App may allow you to connect with other websites, products, or services that we don’t have control over. You agree that we use other third parties such as payment gateway etc. to enable you to make payments for availing Services on Application. When You sign up for these Services, you may have the ability to save Your card details for future reference and faster future payments. In such cases, we may share Your relevant Personal Information as necessary for the third parties to provide such services, including your name, residence address and email address as available in our records. The processing of payments or authorization is solely in accordance with these third parties’ policies, terms and conditions and we do not have oversight of these third-party websites, plug-ins and applications and we are not in any manner responsible or liable to you or any third party for their processing or using of your information. Any information collected by a third party in this manner is subject to their data privacy policies and not within our control and you must make yourselves conversant with those. We recommend that you have a look at their privacy policies before agreeing to use their services.
- Credit bureaus to report financial information: We being an NBFC disclose your ‘Credit Information’ to Credit Information Companies viz. Transunion CIBIL, Equifax, CRIF, Experian as a mandatory requirement under applicable laws in India.
- CKYC (Central KYC Registry) as a mandatory requirement under applicable laws in India.
- Affiliates and Group Companies: Subject to applicable law, we may share any data we have collected or collect from you with our affiliates and group companies for product research and development, advertising relevant products to you, and to tailor the products for your benefit.
- Link to Third-Party SDK: The application has a link to a registered third party SDK which collects data on our behalf and data is stored to a secured server to perform a credit risk assessment.
- The list of Lending Service Provider, as updated from time to time is available at www.mpokketfinancial.in/lsps-dlas.
B. In some cases, we may be required to disclose personal information without consent.
- Specific instances include where: A warrant or notice issued by a court requires us to produce records or documents held by us. We may share the information with the government authorities or courts, pursuant to applicable laws and directives, for any investigation for offences in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of various terms and conditions or our policies.
- Sharing of your information is required as per statutory or regulatory requirement.
4. Data Security Practices including Standards for handling Security Breach and Data Destruction:
The security of your Personal Information is very crucial to us. It is our endeavour to protect your Personal Information against any type of unauthorized usage. To do this we take all reasonable steps to ensure personal information is protected from misuse, loss and unauthorised access, modification or disclosure in accordance with statutory requirements. This includes having security measures and controls in place to protect personal information including limiting access, cryptography, physical and environmental security and audit monitoring.
A. We take security procedure and technical and organizational measures to safeguard your Personal Information. In order to maximize the protection of data within our control, the following industry aligned best practice information security controls is implemented:
- Information Security Management System certified to an international standard
- Firewalls on the network perimeters
- Data Loss Prevention (DLP), Encryption, limited access, use of passwords, for better safety of the information given by you
- Secure-System Development Lifecycle (s-SDLC) controlling the internal developments
- Log Management and monitoring
- Monitoring of Vendor Alerts
- Penetration Tests and Vulnerability Assessments
- Anti-virus protection with regularly updated virus-definition data
- Application of available patches through regular patching cycles.
- If you take the payment gateway to make payments then the credit/debit card being used by you will be stored in compliance with industry standards/ recommended data security standards for security of financial information such as the Payment Card Industry Data Security Standard (PCI-DSS).
B. Measures for the Protection of Your Information: As cited above amongst others we take the following technical, administrative, and physical measures to prevent the loss, theft, leakage, external attacks on and hacking of information, and aims to have the highest level of security in relation to the processing of the personal information of the Users.
- Minimizing the number of managers processing personal information: We minimizes the number of managers processing personal information.
- Encryption of personal information: Password of User is managed and stored in encrypted manner. Confirming and changing password is only possible by the User who knows correct password.
- Technical measures against hackings, etc.: We use anti-virus solutions and inspects the solution on regular basis to prevent damages from computer viruses and hackings. We also use technical and physical measures including installation of systems with limited external access.
- Managing IDs and passwords: ID and password of a User can be used by the Authorized User only. We will not be responsible for personal information leakage by negligent act of the User or accidents from inherent weakness of the Internet.
- Due Diligence & Security: Data security is our priority. In order to prevent unauthorized access, we have the required procedures and firewalls (both electronic and physical) to safeguard your data.
The transfer of personal data between your end device and MVPL is generally carried out via best-in-class encryption protocols. If you communicate with us by e-mail, access by third parties cannot be ruled out. In the case of confidential information, we recommend using the mail, i.e., post or encrypted email communication (PGP).
5. Your Rights regarding the Data:
Users have the right, at any time, to know whether their personal information has been stored and can consult us to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for transformation into anonymous format or to block any data. It is important for us that you remain in control of your data. Please write to us at firstname.lastname@example.org if you wish to exercise any of your rights under the Policy. You shall have the following rights:
A. Right to rectification:
In the event that any personal data provided by you is inaccurate, incomplete or outdated then you shall have the right to provide us with the accurate, complete and up to date data and have us rectify such data at our end immediately. We urge you to ensure that you always provide us with accurate and correct information/data to ensure your use of our Services is uninterrupted.
B. Right to withdraw consent:
You have the right to withdraw your consent to this policy by uninstalling the App. However, if you have availed any loans from us, we shall have the right to continue processing your information till such loan has been repaid in full, along with any interest and dues payable. We hold your information in electronic form and will destroy or de identify personal information when it is no longer required or when we are no longer required by law to retain it (whichever is the later).
C. Right to opt-out:
Marketing opt-outs: We may email and notify you from time to time about our latest offerings and updates. You may opt out of receiving such promotional emails from us by writing to us. You may also opt out of receiving emails and other messages from us by following the unsubscribe instructions in those messages. However, even if you have opted out of receiving information from us, we will still send non-promotional communications, such as receipts for amount remittance etc
Push Notifications: You can opt out of receiving push notifications through your device settings. Please note that opting out of receiving push notifications may impact your use of the App.
We process your Information only when we have obtained your consent in the manner provided hereunder. For collecting, processing (including using and storing), disclosing or sharing your Personal Information as described in this Privacy Statement, we hereby through this Privacy Statement, seek your consent and give you a notice regarding collecting, processing (including using and storing), and sharing your Personal Information for one or more of the purposes detailed herein. For any purposes, where, as per applicable laws of India, a specific consent is required, we will seek such specific consent from you from time to time.
In relation to information obtained by third parties or group entities, we rely on the consent taken by these parties on their respective platforms in our favour for us to process the information.
you may, of course, decline to share certain information with us. If you do not agree with any of the terms of this Policy or the Terms or wish to restrict disclosure of your information to third parties, make the app delete/ forget your data or revoke any consent you have provided to us and/or MVPL, please write to us at email@example.com. However, please note that if you wish to revoke any mandatory permissions or revoke the consent to process and store information such as your mPokket Account data, Financial and KYC Information and/or any other information needed to facilitate your loan amounts, in which case we may not be able to provide to you some or all of the features and functionalities of the Websites/ Apps. This may also affect our ability to process your Personal Information and may therefore lead to the non-availability or discontinuation of the services for which such Personal Information are to be used or was being used, at our sole discretion.
6. Data Retention:
We and MVPL shall retain the information you provide to facilitate your smooth and uninterrupted use of the App, and (i) to provide, improve and personalize the Services; (ii) to contact you about your account and give customer service; (iii) to personalize our advertising and marketing communications; and (iv) to prevent, detect, mitigate, and investigate fraudulent or illegal activities. We and MVPL do not retain your personal data for longer than required for the purpose for which the information may be lawfully used. For any other information, we may entertain your request for deletion, however, you may not be able to use our Services at all after such deletion.
We may store your Personal Information for as long as the same is required for the fulfilment of purposes for which we collected it. The retention of Personal Information by us is determined by considering compliance with legal (contractual, statutory or regulatory requirements), accounting and compliance reporting requirements. For instance:
A. Your documents and information shall be retained by us for a period of ten years from the data of transaction.
Our Services are not directed to children, and we do not knowingly solicit or collect personal information from persons under the age of 18 (eighteen). If we find out that a child has given us personal information, we will take steps to delete that information and terminate the relevant mPokket Account.
8. Changes to Privacy Statement and Your duty to inform us of Changes:
This Privacy Statement may change or be amended over time. The recent version of this Privacy Statement is published on our Website or App, as the case may be. Please revisit this page periodically to stay aware of any changes to this Privacy Statement. We will notify you of any material changes to this Privacy Statement by publishing the same on our Website or App as applicable. Your continued use of our services confirms your acceptance of this Privacy Statement, as amended. If you do not agree to the terms and conditions as contained in our Privacy Statement, as amended, you must stop using our services and notify us.
It is very important that any Personal Information we hold about you is up to date and correct. Please inform us of any changes to your Personal Information.
9. Communication From us:
We and MVPL may from time to time contact you via calls, SMS, emails, and other communication channels to provide you with information pertaining to our Services, notifications on updates vis-à-vis our Services (when we consider it necessary to do so), educational information and promotions. MVPL may also notify you if MVPL needs to temporarily suspend the App for maintenance, and keep you informed on security, privacy, or administrative-related communications. By setting up an account on mPokket, you consent to us contacting you via call, SMS, push notifications, or through any other communication channel, as we may deem fit.
10. Grievance Redressal:
We are happy to address any of your queries, concerns or questions relating to processing (including storing and using) of your information which you can raise by writing to us at firstname.lastname@example.org.
You may address any complaints or discrepancies in relation to the processing of your Personal Information to:
– PS Srijan Corporate Park, Unit 1204, Sector V, Kolkata – 700091
11. Updates to this Notice
We may occasionally update this Policy. Use of our Services after an update constitutes consent to the updated notice to the extent permitted by law. Please take the time to periodically review this Policy for the latest information on our privacy practices.