You can view the policy document below, or download a PDF of it here: English
B) Definitions used in the Policy
• Customer refers to all members who have taken a loan from Svasti or from any other bank/NBFC/Other financial institution through Svasti acting as agent/banking correspondent. This includes those members who have current loan outstanding and those who have taken a loan earlier, but since have dropped out of the programme.
• Information/Data includes any financial and personal data collected from the members at the time of loan application.
o Financial information includes any data collected from the customer regarding her businesses, income, expenses, loans outstanding, repayment history, guarantors, or collateral.
o Personal information includes any data collected from the customer that is about her family, health, consumption behaviour, personal preferences, attitudes, beliefs or living conditions.
• Records are can be either a tangible object or digital information.
• Records Management is the practice of maintaining the records of an organisation from data collection stage till the data disposal stage. This includes: classification, storage, securing and destruction or archival preservation of records.
• Credit Bureau is an independent organisation that compiles information from credit grantors and other sources regarding individuals’ credit applications and payment behaviour.
C) Principles of Policy Design
The following are the set of principles to be followed in each of these circumstances
|Internal||Collecting information||Discretion and adherence to RBI regulations in the collection of documentation from customers|
|Using customer information||Protection of customer interest from misuse internally|
|External||Sharing information with Third parties||Any sharing of information will be with customer’s knowledge and consent|
D) Implementation details:
Information collected at origination
Discretion and adherence to regulations in the collection of documentation from customers:
- Only those documents as required and as per KYC norms for identity proof and address proof will be collected from customers.
- Three photos will be collected from the customer when applying for a loan. These are for Svasti’s records only, and will be used by staff to identify customers. If a photo or picture of a customer is to be used as part of marketing or other material, written permission will be obtained from the customer. Additionally, Svasti will not permit the re-use of customer photos by any other institution without written consent from the customer.
- Provided that documents/ data/ photos/ information collected by Svasti from customers may be used by Svasti to process loans of customers through any other bank/NBFC/Other financial institution where Svasti is acting as agent/banking correspondent.
Sharing customer information externally
A. Disclosure / Sharing of customer’s personal information only under the following circumstances:
- As per the legal requirements or to comply with any legal process
- As part reciprocal information exchange with other financial institutions (such as a credit bureau)
- To process loans with any other bank/NBFC/Other financial institution where Svasti is acting as agent/banking correspondent.
- Disclosure / Sharing of customer’s personal information by Svasti in compliance with legal processes/regulatory authorities, self-regulatory organizations and other government agencies.
- Ensuring MoUs with service providers/research agencies/external consultants etc. and non-disclosure agreements cover client confidentiality
B. In any other circumstance, customer information will be shared only if:
- The customer has directed Svasti to share it with a third party
- There is written permission from the customer authorising the disclosure
In the customer training module:
- Customers are made aware of their privacy rights and responsibilities before they receive their loans.
- Their responsibilities include: understanding Svasti’s privacy of customer data clause and their rights; keeping their information updated; storing their loan cards in a safe place; informing Svasti if their information has been misused; and keeping the group’s financial data confidential
- Emphasizes the importance of keeping confidential information safe within the group.
Channel for complaints
- Customers can contact the customer complaint number (which will available on their loan card) to record any complaint.
Promoting Awareness among the staff
- At the time of appointment, each staff will be made to sign a non-disclosure/confidentiality clause, thereby agreeing to protect Svasti’s and clients’ data.
E) Information Security Mechanisms and Records Management:
Svasti maintains physical and electronic safeguards to protect customers’ personal and financial information including their photos. Svasti has placed the following mechanisms in place to ensure information – both physical and electronic data storage, access, retrieval, sharing of data:
Records Management and Physical Data Security
- Svasti keeps customers’ physical files at the branch that received the initial loan application/ CDL/ other Svasti offices in a safe manner and only authorised branch staff are permitted to access the data. Svasti may engage the services of reputed third-party service providers for record/ data storage/ management purposes under SLAs agreed by Svasti with such third parties in writing. Such SLAs would cover aspects of client data confidentiality and related compliance requirements
- Records may be transferred from branches to other offices of Svasti/ third party service providers for record keeping purposes
- The database of customers who do not have any current loan outstanding with Svasti are properly archived and kept and stored in the same manner as we store data/ documents of our customers.
- All customer data/ records/ documents/ information shall be maintained by Svasti for such time period as may be required as per applicable laws, including the Prevention of Money Laundering Act and rules thereunder
Information/IT Security Mechanisms
- Branches enter and modify the customer data but cannot access other branch data or files preventing unauthorised sharing of data. Staff at Headquarters can see data from all the branches, but rights to edit or modify the data is given to select staff with specific login access.
- Svasti has a policy that requires customer data base changes require the branch manager/ Assistant Branch Manager to authorise/ approve the changes.
- Each person who accesses the database uses an individual username and password. Users must change their passwords from time to time. Whenever an employee logs into the database, their name, the information they query, and the time when the request is made, are all recorded in a query log.
- Svasti has a strong back-up system in which it uses a combination of hardcopy and digital backups of customer information. Svasti’s system backs-up all information on our cloud servers periodically. Only the IT team of Svasti can access such data.