Data Usage & Protection Policy
As part of our data usage & protection principles, we have a stringent policy in place to protect our client data & its usage across process cycles right from processing a loan application to disbursement, repayments & finally it’s closure. The access rights to sensitive information pertaining to the participant on the platform is restricted only to authorised personnel based on specific requirements. The process of collecting, storing & accessing data of participants is as follows.
Collection of participant documents:
- KYC documents for borrowers are collected through Impact Partners via our online portal.
- The original documents are scanned & uploaded by the partners on to our systems without any local storage made available.
- Signed ECS forms from borrowers are collected through the partners to initiate auto debit of repayments.
- The ECS forms are further addressed to Rang De authorized personnel which on reception by the admin officer shall be handed over to the concerned personnel with an entry in the postal register.
- The ECS forms so received are physically couriered to the bank for further processing by Rang De personnel.
- No ECS form shall be retained at the office premises of Rang De.
- No physical documents with respect to KYC are collected from the borrowers at any point of time.
- Impact Partners are audited periodically (quarterly) to ensure compliance with our policies and procedures as put down in the service agreement with them.
- KYC documents for lenders are collected through upload of documents by lenders themselves via our online portal through their respective virtual accounts.
- Loan agreements are digitally signed by both lenders and borrowers and are stored in our database just before the disbursement of funds.
- No physical documents with respect to KYC are collected from lenders at any point of time.
Storage & Access
- The documents collected online are stored in our database which is securely encrypted as per information security guidelines prescribed by RBI for NBFC-P2P platforms.
- The access to data is restricted only to authorized roles as per specific requirements.
- The access to information is only through a frontend portal using role based log-in credentials provided only to certain authorized roles.
- Borrower data collected & stored shall be shared with credit bureaus for fetching & sharing of borrower data as per RBI guidelines. To do this, due consent would be obtained from the borrowers beforehand.
- The loan agreements are made available to lenders in their virtual Rang De accounts accessed through their login credentials.
- The borrowers shall have access to their loan agreements through the partners.
The Chief Impact Officer is the custodian of all the documents pertaining to the participants on the platform & shall use their discretion to share information with the below mentioned representatives with necessary approvals from appropriate authorities.
Authorized Personnel to access data
- Authorized company personnel
- Internal auditors of the company
- Company appointed statutory auditor
- Credit bureau representative
- RBI representatives
- Board of directors of the company