Privacy Policy

1. Title & Introduction

  • Title: “NRB FINANCE — Privacy Policy”

  • Synonyms: “Nrb Finance”, “Nrb Finance App”, “Nrb Fin”, “Nrb Fin application” shall all mean the same.

  • Company details: NRB FINANCE (a company incorporated under the Companies Act, 2013, having its registered office at Sorathiya Park, Mavdi, Rajkot, India).

  • This Privacy Policy is an electronic record under the Information Technology Act, 2000.

  • “You”, “User”, “Customer”, or “Borrower” shall refer to any individual using the platform.

  • By accessing or using the services, you agree to this Privacy Policy.

2. Scope of the Policy

  • Applies to:

    • The Nrb Finance website

    • The Nrb Finance mobile application

    • Any services provided via e-mail, SMS, or electronic communication.

  • Loan services are also provided via Nrb Fin (a wholly-owned subsidiary). For loan-specific services, Nrb Fin’s Privacy Policy applies (link: https://www.nrbfinance.in).

3. Acknowledgement & Consent

  • By using the Platform, you provide express and unconditional consent for collection, use, and sharing of your data.

  • Consent is taken in accordance with Sections 43A and 72A of the IT Act, 2000.

  • You may withdraw consent, but withdrawal may limit services or prevent us from fulfilling legal/regulatory requirements.

4. Definitions (A)

Includes: Account, Application, Company/NRB, Country (India), Device, Lending Partner, Loan, Loan Application, Personal Data, Service, Service Provider, Usage Data, User/You etc.

5. Types of Data Collected (B)

  • Identity Data: Name, Date of Birth, Gender, Username, Password.

  • Contact Data: Email, Phone number, Residential address.

  • Location Data: Approximate device location (for serviceability, fraud prevention).

  • KYC Data: Aadhaar, PAN, Passport, Voter ID, Driving License (camera access only with consent).

  • Transaction Data: Loan applications, repayments, transaction history.

  • SMS Data: Through Finbox/authorized partner – only financial SMS (alphabetic or numeric <10 characters) are accessed. Used for credit assessment.

  • Financial Data: Income, bank details, credit history, statements.

  • Marketing & Communication Data: Preferences for updates and offers.

  • Usage & Device Data: IP, device ID, crash logs, installed apps (fraud prevention), app performance metrics.

  • Media & Documents: KYC scans, proofs, user-uploaded documents (not auto-stored, only uploaded by user).

  • Other Data: Last 4 digits of cards, Wi-Fi details, public domain data, RTI data.

  • From third-party sources: social media, commercial sources, partners (with user authorization).

6. Purpose of Data Use

  • To verify identity and process loan applications.

  • KYC, underwriting, and credit scoring.

  • Fraud detection, risk assessment, and analytics.

  • Customer support and communication.

  • Sending reminders, updates, and promotional offers.

  • Compliance with contractual and regulatory obligations.

  • Business transfers (mergers, sales, restructuring).

  • Any other use with your explicit consent.

7. Data Sharing & Disclosure (D)

  • Service Providers: Hosting, analytics, SMS delivery, payment gateways, Finbox.

  • Business Partners / Affiliates: Marketing, promotions, maintenance.

  • Payment Gateways: Card processing (we store only last 4 digits).

  • Lending Partners / Nrb Fin: Data shared only if you apply for a loan.

  • Government & Law Enforcement: As per legal obligation.

  • Business Transfers: Mergers, acquisitions, restructuring.

  • Other Users: If you voluntarily post data in public areas.

  • With Consent: For other purposes only with explicit approval.

NRB ensures third-party contracts contain adequate data protection obligations but is not liable for independent third-party breaches.

8. Storage & Transfer

  • All data is stored and processed in India.

  • Sharing with third parties requires compliance with RBI and Indian data protection standards.

  • Customers may restrict sharing with third parties (option available in the App).

  • Transfers take place only with adequate contractual safeguards.

9. Data Retention (C)

  • Data is retained only as long as necessary.

  • Usage data: typically short-term, unless needed for security or functionality.

  • KYC & Borrower Identification Records: minimum 5 years after the relationship ends (mandatory).

  • May be retained longer for legal or dispute resolution.

10. Data Disposal (G)

  • After purpose is fulfilled, data will be securely disposed.

  • Paper records: shredding or incineration.

  • Digital data: permanent, unrecoverable deletion.

  • User may request correction or deletion (subject to legal/regulatory restrictions).

  • Verified KYC cannot be deleted or altered without fresh re-KYC.

11. Security of Data (E)

  • Technical measures: firewalls, encryption, password policies, WAF, antivirus, SOC monitoring.

  • Management measures: NDAs, access control, log reviews, incident management.

  • Cards: Only last 4 digits stored; full details not kept.

  • Aadhaar: Only Aadhaar Reference Number is stored, not the actual number.

  • NRB is not responsible for breaches at third-party sites despite contractual safeguards.

  • Incident management and breach notification process in place.

12. Children’s Privacy (F)

  • Services not intended for minors under 18 years.

  • If we inadvertently collect a minor’s data, it will be deleted upon notice from parent/guardian.

13. Cookies & Tracking (I)

  • Cookies are used for user experience and analytics.

  • No direct personal data is collected, but cookies may link to existing info.

  • Aggregate data may be shared with third-party analytics providers.

  • Users should review third-party cookie policies.

14. User Rights (M)

  • Right to access, correct, delete your data (subject to law).

  • Right to know source, content, and purpose of stored data.

  • Right to withdraw consent at any time (may affect services).

  • Right to restrict sharing with third parties.

  • “Do Not Track” requests are not supported by our platform.

15. Third-Party Sites (K)

  • Payment gateways and linked websites are beyond NRB’s control.

  • NRB is not responsible for their accuracy or data handling.

  • Users must read third-party privacy policies.

16. Governing Law & Dispute Resolution (I)

  • Governed by Indian Law.

  • Jurisdiction: Courts in Rajkot, India.

  • Arbitration: under the Indian Arbitration & Conciliation Act, 1996, seat at Rajkot, one arbitrator.

17. Disclaimer, Indemnity & Force Majeure

  • Services are provided on an “as is” basis with no warranties.

  • NRB shall not be liable for indirect or consequential damages.

  • Users indemnify NRB against misuse or breach.

  • Force Majeure: NRB not liable for delays or failures due to natural disasters, war, strikes, or internet outages.

18. Amendments (N)

  • Policy may be updated from time to time.

  • Updates will be notified on the website/app.

  • Continued use = deemed acceptance of changes.

19. Grievance & Contact (H, O)

  • Administrator & Grievance Officer:

  • Users can raise complaints, which will be addressed per the Grievance Redressal Policy (available on website).

20. Effective Date

  • Effective Date: 01 AUGUST 2024

  • Last Amended: 01 AUGUST 2024