This Privacy Policy (“Policy”) of GC Web Ventures Private Limited, a company incorporated under the Companies Act, 2013, having its registered office at Plot No.-55, Upper Ground Floor Saidulajab, Westend Marg, New Delhi -110030 (“Indialends”, “we”, “us”, “our” or “Company”), is intended to inform users, unregistered visitors, and any other person(s) (collectively, “Users”, “you”, “your” or “yours”) of our policies and practices regarding the collection, use, storage, and disclosure of information when you access or use the Indialends application and/or website (together, the “Platform”), for any purpose, including but not limited to availing of the Services (as defined under the Terms of Service).

At Indialends, we place the highest importance on safeguarding the privacy of our Users and customers. We are committed to using your Personal Data (as defined below) strictly in accordance with this Policy. For the purposes of this Policy, “Personal Data” shall include any information considered ‘Personal Information’ or ‘Sensitive Personal Information’ under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”).

This Policy is published in accordance with the provisions of Rule 3(1)(a) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal data or Information) Rules, 2011, framed under the Information Technology Act, 2000 (as amended from time to time). This Policy constitutes a binding and legally enforceable agreement between the Company and the User.

By using or accessing the Platform, you acknowledge and agree to the terms of this Policy, which is incorporated by reference into, the Terms of Service accessible at Score+ T&C and the Partner (as defined below) terms accessible at Score+ T&C (“Terms”) (as applicable to you). Subject to applicable laws, these terms (including any amendments) will apply from the date of your first use of the Platform.

The availability of the recurring and automated payment facility offered by payment aggregators partnered with Indialends (“Payment Partners”), and credit information reports made available to you by our credit bureau partners (“Bureau Partners”) (collectively, “Partners”), is contingent upon your acceptance of this Policy and the privacy policies of our Partners available at their respective platforms. You acknowledge that any collection, processing, or storage of your information, including Personal Data, by such Partners will be governed solely by their respective privacy policies, and Indialends has no control over the same to that extent.

We encourage you to read this Policy carefully before using the Platform and/or the Services, to understand how we handle your information, including any Personal Data.

IF YOU DO NOT AGREE TO THE TERMS OF THIS POLICY, PLEASE DO NOT ACCESS OUR PLATFORM OR THE SERVICES.

By using this Platform and/or the Services, you confirm that you either own, or have been duly authorized to use and share, any information you provide to the Platform. You further represent that your use of the Platform and/or the Services does not violate any applicable law and does not infringe upon or otherwise prejudice the rights of any third party. The User agrees to indemnify and hold harmless Indialends from and against any claims, losses, liabilities, or penalties arising out of or in connection with any breach of this representation.

You shall at all times, take adequate necessary precautions, at your end, to preserve the integrity and security of your data which shall include and not be limited to your Personal Data. All information disclosed by you shall be deemed to be disclosed willingly and without any coercion.

We place the highest importance on respecting and protecting your privacy. The objective of this Policy is for you to better understand:

● The type of information we may collect from you;

● The purpose for which the information may be collected by us;

● The use of such information by the third parties with whom we may share your information;

● The data retention and information security measures implemented by us;

● Changes and updates to this Policy; and

● Your rights under this Policy.

We aim for full transparency on how we gather, use, and share your information.

1. INFORMATION WE MAY COLLECT

1.1. When you use the Services or otherwise communicate with us, we collect Personal Data that you provide to us directly. For example, we collect Personal Data in the following circumstances: when you (i) use our Platform, (ii) register for the Services or create an account or profile (an “Account”) for availing the Services, (iii) disclose information during use of Services; (iv) request support; and/or (v) contact us via the Platform or when you otherwise communicate with us.

1.2. You can choose not to provide any Personal Data that is requested of you by us or ask us to delete any Personal Data provided by you; however, this may limit your ability to use or access the Services.

1.3. The Personal Data you provide to us directly or we collect, include without limitation, the following categories of data:

a) When you use or access our Platform for the purpose of obtaining our Services, we may seek or collect, amongst other information and User identifiers, your name, email id, phone number, date of birth, PAN number, gender. Such information will only be received by the Company when you voluntarily share it on the Platform and will be required for creating your Account and associated profile on the Platform. It may also be used for delivering credit score alerts, product updates, educational content via different communication channels and verification of User identity with a one-time password (OTP).

b) Financial data (fetched from Bureau Partner): We may collect or receive your financial information from or Bureau Partners, including but not limited to; (i) your credit score and credit history and; (ii) details of your active and closed loan accounts and; (iii) information on your credit card utilization and; (iv) records of your repayment behavior and details of any overdue accounts and; (v) details of your credit inquiries. This data is collected for the purpose of providing you credit reports, simulate credit scores, providing general insights, as well as other feature of our Services.

c) Payment data: We may receive certain payment-related information from payment gateway service providers, including; (i) your (United Payment Interface) UPI ID (only in tokenized form as stored and provided by the Payment Partners in compliance with the PCI-DSS standards). IndiaLends does not store your actual UPI credentials and this data is used solely to facilitate payments and transactions on our Platform, reconcile or verify successful payments you have made for availing the Services through our Payment Partners and for ensuring our legitimate interest in secure payment processing.

d) Indialends may collect certain data from you, including your IP address, and device information, in order to maintain technical and usage logs for the purposes of security monitoring and fraud prevention in compliance with applicable laws and to support the ongoing improvements to our Services and analytics.

1.4. The Company shall bear no liability for the authenticity or accuracy of any information provided by you. Furthermore, the Company has no obligation to verify, and shall not be held responsible for verifying, any information received from you.

1.5. Indialends may also collect certain non-personal information from the User. This information is used to enhance, improve, and personalize your experience with the Services, facilitate communication with you, monitor usage, and support other internal operational and business purposes.

2. HOW WE USE AND SHARE THE INFORMATION

2.1. We can only use your Personal Data if we have a proper reason for doing so. We will use your Personal Data, for one or more of these reasons:

● To fulfil a contract for providing the Services we have with you;

● If we have a legal duty to use your data for a particular reason;

● For any other purpose, when we get your consent to use it;

● to provide any support or assistance with respect to the Service basis your request;

● to enforce our Terms;

● to resolve any disputes or address any disputes in relation to the Services;

● to contact you to obtain feedback from you regarding the Services;

● to further our legitimate interests in monitoring and analyzing the use of the Services and for the technical administration of the Platform;

● To permit User to participate in interactive features/additional functionalities offered through the Platform;

● To verify User identity by sending a one-time password (OTP) to User’s registered mobile number or email address;

● To enable and process payments, manage subscription or Service renewals, and send you reminders regarding upcoming expiries;

● To send you timely alerts and communications regarding cancellations, payment status, and Service updates;

● To measure usage patterns, understand User preferences requirements, analyze User behaviour, improve our features and Services, and personalize product recommendations and user experience.

2.2. In collecting your information under this Policy, we confirm that all data is securely stored on servers located within India, fully compliant with statutory guidelines and regulatory instructions.

2.3. We do not sell or rent your Personal Data with anyone.

2.4. By using the Platform, and furnishing information in relation to the Platform, you hereby agree that you are interested in acquiring knowledge of and availing various products, services, offers, that we display on our Platform. Indialends may use email id or contact information provided by the User for furnishing information in relation to the Platform or information about various products, services, offers, that we display on our Platform or may offer in the future and for providing any support services in relation to the Services

2.5. We may be required to use and retain Personal Data for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; or fraud. We may also use Personal Data to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate:

● Under applicable laws;

● To respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities.

2.6. We endeavor to collect only such data/information that is reasonably necessary to perform Services for you or to respond to your inquiries. You are responsible for ensuring that the information you provide is accurate and complete.

3. HOW WE USE COOKIES AND OTHER TECHNOLOGIES

3.1. We may use a variety of tracking technologies, such as cookies, web beacons, and local shared objects on the Platform. These tools help us collect certain information about your device, browsing behavior, and usage of the Platform, including your browser type, search preferences, and interactions with advertisements (such as any ads shown to you or clicked by you).

3.2. This information helps us enhance and personalize your experience and supports our efforts to improve the Services. You have the option to manage or disable some of these technologies through your device or browser settings. Please note, however, that doing so may limit your ability to access certain features or functionality of the Platform or Services.

3.3. Some of these technologies may include unique identifiers that are stored on your device or embedded in communications we send to you. We are committed to protecting your privacy and will use any data collected strictly in accordance with applicable laws and regulations.

4. DATA RETENTION BY US

4.1. Company retains your Personal Data for as long as necessary to fulfill legitimate legal or business purposes and also as identified in this Policy. In determining appropriate retention periods, the Company considers applicable local laws, contractual obligations, and the expectations and requirements of its Users. Once the Personal Data is no longer required for these purposes, it is securely deleted or destroyed in accordance with applicable data protection standards.

4.2. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies, including the Terms.

4.3. We encourage you to review the information you share with us and inform us about any discrepancies. Please reach out to us at support@indialends.com in case you would like to review the information which is submitted by you to us.

5. THIRD PARTIES WE MAY SHARE YOUR PERSONAL DATA WITH

5.1. We may disclose or share certain Personal Data that you provide to us or that we collect automatically on the Platform and through our Services to the following categories of third parties in the following manner, but only if it is necessary and in compliance with relevant laws and regulations:

● Payment Partners: We may share certain Personal Data with our Payment Partners for enabling payment for the Services, reconciling transaction on the Platform and providing a seamless experience of the Services to you. These payment processors are responsible for the processing of your Personal Data and may use your Personal Data for their own purposes in accordance with their privacy policies. We encourage you to read the privacy policies of our Payment Partners before accessing or utilizing the Services.

● Bureau Partners: To obtain your credit reports, credit history for assessing your creditworthiness and facilitating the provision of Services to you.

●Communication partners: : We may share your contact details and limited message content with our authorized communication service providers who facilitate the delivery of our Service-related communications to you. This includes sending one-time passwords (OTPs) for authentication, transactional alerts, payment confirmations, account updates, expiry reminders, renewal notifications, promotional offers (where permitted), and other essential Service-related messages through SMS, WhatsApp, email, push notifications, or other digital channels.
These partners act as intermediaries solely for the purpose of transmitting communications on our behalf and are contractually obligated to protect the confidentiality and security of your data and not use it for any other purpose.

● Hosting providers/Cloud infrastructure providers: We use third-party hosting and cloud infrastructure service providers to host our Platform, maintain databases, and securely store and process Personal Data on our behalf. These providers may have access to Personal Data strictly to the extent necessary to provide infrastructure, backup, storage, content delivery, and related technical services. They are bound by strict contractual obligations and industry-standard security and compliance requirements to ensure the confidentiality, integrity, and availability of your data, and are prohibited from using your Personal Data for any purpose other than supporting our operations.

● Law enforcement agencies, public authorities or other judicial bodies and organizations: We disclose Personal Data if we are legally required to do so, or if we have a good faith belief that such use is reasonably necessary to comply with a legal obligation, process or request; enforce our Terms and other agreements, policies, and standards, including investigation of any potential violation thereof; detect, prevent or otherwise address security, fraud or technical issues; or protect the rights, property or safety of us, our Users, a third party or the public as required

● We disclose Personal Data or records reflecting Personal Data to our subsidiaries and affiliates, or a subsequent owner, co-owner or operator of our Platform and/or Services, and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, in accordance with this Policy and subject to the requirement under applicable laws.

● We may share certain Personal Data with trusted third-party service providers for the purpose of conducting identity verification and related checks. Such verification activities may include, but are not limited to, PAN verification, name similarity checks, email verification. These third parties process Personal Data strictly in accordance with our instructions and only to the extent necessary to perform the verification services. We ensure that such third parties are bound by appropriate contractual obligations to maintain the confidentiality, integrity, and security of the Personal Data shared with them.

5.2. We are committed to protecting the privacy of our Users and will only disclose any Personal Data to third parties when it is necessary and in compliance with relevant laws and regulations. We will also implement strict contracts and data processing agreements with third parties to ensure that they are only using Personal Data for the specific purposes outlined by us, and that they are protecting the privacy and security of the Personal Data they receive.

6. INFORMATION SECURITY

We work to protect your information from loss, misuse, or unauthorized alteration by using industry-recognized security safeguards, coupled with carefully developed security procedures and practices. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.

We comply with the data security requirements under applicable laws, and implement standards and best practices including, latest encryption standards etc. We implement certain security measures including encryption and firewalls to protect your Personal Data from unauthorized access, and such security measures are in compliance with the security practices and procedures as prescribed under the Information Technology Act, 2000 and the SPDI Rules thereunder, including ISO/IEC 27001:2022 for Our information security management systems.

7. DISCLAIMER

7.1. Company implements stringent security measures to safeguard the Personal Data you provide to us. All such information is stored securely to prevent its loss, misuse, unauthorized disclosure, alteration, or destruction. These security protocols are reviewed and updated periodically. However, Company shall not be liable for any breach of security during the transmission of User’s data over the internet, including any unintended loss, misuse, alteration, or disclosure of such information or any loss of such data caused due to reasons beyond the reasonable control of the Company.

●7.2. Furthermore, notwithstanding anything contained in this Policy, we shall not be responsible for any loss, damage, or misuse of data that arises due to (i) an event of force majeure, or (ii) any act or omission on your part or the Partners.

7.3. Visitors to this Platform and every third party is hereby informed that the owners of this Platform, do not collect any information unless it is explicitly provided by you.

8. DATA PURGING REQUESTS BY THE USERS AND OUR DATA PURGING POLICY

We will delete your Personal Data when it is no longer needed for the purposes for which it was collected, or when you request us to do so by writing to us at https://indialends.com/pl/Consent-Withdrawal-Process. You agree and acknowledge that notwithstanding anything to the contrary, your Personal Data will continue to be stored and retained by us as required or permitted by applicable laws or as required for defending future legal claims against us.

We provide the following mechanisms to support Personal Data deletion in line with User preferences and compliance requirements.

● User-initiated deletions: The User may permanently delete their Personal Data, with such deletion propagating immediately across all indexes and caches. You acknowledge that upon such deletion, Indialends, will be unable to make the Services, or any part thereof, available to you and any the User cannot make any Service-related claims post such deletion. This deletion is irreversible but Personal Data in relation to the Services and the Account may still be stored by Indialends post closure of Account to the extent required under law or to fulfill obligation/address any claims in a legal dispute or may be retained by the Partners in accordance with their privacy policies. User cannot raise any Service-related claims, once the data associated with your Account is deleted.

● Account profile data: all User profile related Personal Data is fully wiped from the systems post termination of an Account unless required to be retained in order to ensure that all billing or pending Service-related disputes are resolved. Personal Data in relation to the Services and the Account may be stored by Indialends post closure of Account as required under law or to fulfill obligation/address any claims in a legal dispute or may be retained by the Partners in accordance with their privacy policies. User cannot raise any Service-related claims, once the data associated with your Account is deleted.

● Retention of credit information obtained from the Bureau Partners: Any credit information or credit reports obtained from the Bureau Partners will be retained for up to 6 months from the date of collection solely for the limited purposes of; (i) enabling you to access your credit-related information through your Account, (ii) providing you with support or complaints related to your credit data during this period, and (iii) maintaining records required for audit, compliance, or regulatory purposes. After the expiry of this retention period, such credit information will be securely deleted, anonymized, or otherwise disposed of in accordance with applicable data protection laws and our internal data retention and destruction policies.

9. WITHDRAWAL OF CONSENT AND RESTRICTION ON PROCESSING OF PERSONAL DATA BY THE USER

You may choose to withdraw your consent provided hereunder at any point in time or object to or restrict the processing of your Personal Data. Such withdrawal of consent must be sent in writing to https://indialends.com/pl/Consent-Withdrawal-Process. In case you withdraw your consent, we request you not to access the Platform.

We will review and respond to all such requests in a timely manner, in accordance with applicable legal requirements.

10. THIRD-PARTY WEBLINKS

Users acknowledge that the Platform may contain links to other websites. If a User clicks on a third-party link, the User will be directed to that website. Note that these external sites are not operated by Indialends. Therefore, it is strongly advised that Users review the privacy policy of these websites/external links. Indialends has no control over and assumes no responsibility for the content, privacy policies, or practices of any third-party sites or services.

11. CHANGES TO THE PLATFORM AND THIS POLICY

We reserve the right to modify or amend the terms of our Policy from time to time. We shall post any changes to this Policy on our webpage and, if the changes are significant, we shall provide more prominent notice. While we will make reasonable efforts to keep you posted on any updates to this Policy, to make sure that you are aware of any changes, we recommend that you visit our website frequently to review this Policy periodically. In the event we modify this Policy, your continued use of the Platform will signify your acceptance of the modified Policy and will be adequate proof that you have expressly agreed to the terms of this Policy which shall apply from the date of your first use of the Platform.

12. GRIEVANCE REDRESSAL

12.1. In accordance with the provisions of applicable laws, the name and contact details of the Grievance Officer are provided below: 

● Name: Yojana Kumari

● Email ID:  grievance@indialends.com

12.2. If you have questions or concerns about this Policy or if you wish to make a complaint regarding any violation of the provisions of this Policy, please contact our Grievance Officer at the details provided hereinabove.

12.3. Response Timelines: The Grievance Officer can be contacted between 10:30 a.m. to 6:00 p.m. from Monday to Friday except on public holidays. We will acknowledge your complaint within 48 hours and aim to resolve it within 14 days from the date of receipt of the same, in accordance with the applicable law.

12.4. Any question or concerns with respect to the storage/processing/collection or sharing of your Personal Data by the Partner shall be addressed by the relevant Partner in accordance with their privacy policies and applicable laws.

13. GOVERNING LAW AND JURISDICTION

This Policy shall be governed by the laws of India and the courts of New Delhi, India shall have the exclusive jurisdiction to try any dispute arising thereof.