This Privacy Policy is issued by ZustCash, a registered NBFC operating in India, in compliance with RBI Digital Lending Guidelines, RBI Master Directions on KYC, and applicable Indian data protection laws.
1. INTRODUCTION & PURPOSE
1.1 This Privacy Policy outlines how ZustCash collects, processes, stores, shares, and safeguards personal information obtained through digital lending operations conducted in India.
1.2 This Policy applies to personal loan applicants, business loan applicants, guarantors, co-applicants, and any individual interacting with the Companyβs digital infrastructure.
1.3 By accessing our website, mobile interface, or digital loan application system, users provide informed and explicit consent for data processing activities described herein.
1.4 This Policy forms an integral part of our legally binding Terms & Conditions governing lending relationships and digital platform access.
1.5 If you do not agree with the data practices described in this Policy, you must immediately discontinue use of the Platform and services.
2. REGULATORY COMPLIANCE FRAMEWORK
2.1 ZustCash operates under regulatory supervision of the Reserve Bank of India and adheres to Digital Lending Guidelines applicable to Non-Banking Financial Companies.
2.2 All data collection and KYC verification processes comply with RBI Master Direction on Know Your Customer requirements.
2.3 Anti-Money Laundering obligations are implemented in accordance with Prevention of Money Laundering Act, 2002 and associated reporting frameworks.
2.4 Electronic consent and digital agreements are executed in compliance with the Information Technology Act, 2000.
2.5 Regulatory disclosures may be made to competent authorities whenever mandated under statutory or supervisory requirements.
3. PERSONAL INFORMATION COLLECTED
3.1 We collect personal identification information including full legal name, date of birth, gender, address, and government-issued identity numbers.
3.2 Financial information including bank statements, income documents, employment details, and existing liabilities may be collected for underwriting assessment.
3.3 Credit bureau information including credit score and repayment history is accessed with explicit borrower authorization.
3.4 Technical data including IP address, browser type, device identifiers, and login timestamps may be collected for security monitoring.
3.5 Communication records including emails, SMS confirmations, and customer service interactions may be stored for audit purposes.
4. PURPOSE OF DATA PROCESSING
4.1 Personal data is processed for credit risk evaluation and loan eligibility determination based on internal underwriting models.
4.2 Data is used to comply with KYC, AML, and regulatory reporting requirements applicable to NBFC operations.
4.3 Fraud detection systems analyze financial and behavioral patterns to mitigate financial crime risks.
4.4 Operational data is used to improve digital lending processes and customer service efficiency.
4.5 Marketing communications may be issued only where legally permissible and subject to explicit consent.
5. ADDITIONAL DATA PROTECTION PROVISIONS
5.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
5.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
5.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
5.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
5.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
6. ADDITIONAL DATA PROTECTION PROVISIONS
6.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
6.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
6.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
6.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
6.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
7. ADDITIONAL DATA PROTECTION PROVISIONS
7.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
7.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
7.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
7.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
7.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
8. ADDITIONAL DATA PROTECTION PROVISIONS
8.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
8.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
8.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
8.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
8.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
9. ADDITIONAL DATA PROTECTION PROVISIONS
9.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
9.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
9.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
9.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
9.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
10. ADDITIONAL DATA PROTECTION PROVISIONS
10.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
10.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
10.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
10.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
10.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
11. ADDITIONAL DATA PROTECTION PROVISIONS
11.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
11.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
11.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
11.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
11.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
12. ADDITIONAL DATA PROTECTION PROVISIONS
12.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
12.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
12.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
12.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
12.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
13. ADDITIONAL DATA PROTECTION PROVISIONS
13.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
13.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
13.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
13.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
13.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
14. ADDITIONAL DATA PROTECTION PROVISIONS
14.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
14.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
14.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
14.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
14.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
15. ADDITIONAL DATA PROTECTION PROVISIONS
15.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
15.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
15.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
15.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
15.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
16. ADDITIONAL DATA PROTECTION PROVISIONS
16.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
16.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
16.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
16.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
16.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
17. ADDITIONAL DATA PROTECTION PROVISIONS
17.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
17.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
17.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
17.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
17.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
18. ADDITIONAL DATA PROTECTION PROVISIONS
18.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
18.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
18.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
18.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
18.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
19. ADDITIONAL DATA PROTECTION PROVISIONS
19.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
19.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
19.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
19.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
19.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.
20. ADDITIONAL DATA PROTECTION PROVISIONS
20.1 Personal data may be shared with regulated partner institutions strictly for underwriting, servicing, compliance, and statutory audit purposes.
20.2 Data retention periods are determined based on regulatory mandates, financial record retention requirements, and dispute resolution obligations.
20.3 Appropriate technical safeguards including encryption, role-based access controls, and network security monitoring are implemented to protect data integrity.
20.4 Users may request correction of inaccurate personal information subject to verification and regulatory restrictions.
20.5 The Company reserves the right to amend this Policy periodically in response to evolving regulatory frameworks or operational enhancements.