Privacy Policy
3469 words · 17 mins read · Time it takes to have a haircut
This Privacy Policy (“Policy”) provides information about how we, OneBanc Technology Private Limited, a company incorporated under the Companies Act, 2013 (“Company” / “we” / “us”) collects, uses, stores, shares, transfers and discloses information / data (used interchangeably hereafter) received from visitors / users of our website located at https://onebanc.ai/ and the OneBanc mobile application (“OneBanc” / “Platform”). This Policy is to be read with the Terms of Use and forms an integral part thereof.
About OneBanc and Our Policies
OneBanc is a proprietary mobile application developed, operated, and managed by the Company, whereby the Company brings the “neo banking experience” to India’s 150M+ young and emerging consumers. A neo bank is a platform which delivers an intelligent banking experience to such consumers in partnership with an ecosystem of traditional banking partners and non-traditional financial service providers on one platform, that is simple, engaging, and contextual to the customer’s financial life.
OneBanc is an iOS, android, windows, and mac mobile application with limited web enabled interface. When downloaded on your smartphone, OneBanc provides you with a neo banking experience as described above by enabling registered users to avail banking products and services (“Platform Services”) from different banking and other financial services providers, and merchants and vendors who partner with us (“Partners”). The Platform Services facilitate the opening of savings bank accounts, conduct of banking transactions through the Platform, and the availing of loan and overdraft facilities through our partners.
Your privacy is important to us, and we appreciate your trust in us. We are committed to upholding the privacy and security of information supplied by you. Please take a moment to familiarise yourself with our privacy practices and to learn about our information gathering practices. By registering on, or accessing our Platform, you acknowledge the acceptance of, and agree to be bound by the terms and conditions of this Policy including the collection, usage, storage, sharing, transferring and disclosure of your information as described herein and undertaken by the Company from time to time. If you do not agree to all the terms of this Policy, we recommend that you do not use the Platform. By using the Platform Services or by otherwise providing us with your information, you will be deemed to have read, understood, and agreed to the practices and policies outlined in this Policy and you hereby agree to be bound by this Policy. We further reserve the right to update or modify this Policy at any time without prior notice and all such changes will be effective immediately upon posting the updated or modified Policy on the Platform and we will not be bound to inform you of any such modification. You are therefore encouraged to review this Policy each time you access or use the Platform. If you do not agree with this Policy at any time, you must not use the Platform or Platform Services, or provide us with any of your information. If you use the Platform Services on behalf of another person or entity, you represent that you are authorised by such individual or entity to (a) accept this Policy on such individual’s or entity’s behalf, and (b) consent on behalf of such individual or entity to our collection, use and disclosure of such individual’s or entity’s information as described in this Policy. This Policy is in line with the Company’s commitment to comply with all applicable data privacy and protection requirements, including those prescribed under the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (collectively “Data Privacy Laws”).
Definations
  • “Non-Personal Information” is information that is not personally identifiable to you and that we automatically collect when you access our Platform with a web browser. It may also include publicly available information that is shared between you and others.
  • “Personally Identifiable Information” is non-public information that is personally identifiable when you register or subscribe to services on the Platform. Personally Identifiable Information may include information such as your name, email address, phone number, credit card details, Aadhar details and other related information that you provide to us or that we obtain from you. This may, in certain circumstances, include sensitive personal information (as defined under the Data Privacy Laws).
The term “information” when used in this Policy includes both Non-Personal Information and Personally Identifiable Information.
Consent
Our Platform is not designed for use by anyone under the age of 18 (eighteen). We do not verify the age of our users and nor do we have any liability for such verification or lack thereof. We do not intentionally or knowingly collect Personally Identifiable Information from minors (persons below the age of 18 (eighteen)) and requests that minors do not submit any information on the Platform. We may delete information and cancel accounts of users suspected of being under the age of majority.
Collection of Information
  • We may collect personal information from you. Generally, you control the amount and type of information you provide to us when using our Platform. You can browse our Platform to find out more about us and our services. While doing so you are not required to provide us with any Personally Identifiable Information. If you choose not to provide any Personally Identifiable Information, you can still visit our Platform, but you may be unable to access certain features and functions of our Platform.
  • If you choose to have with the Company, either a contractual or business relationship, or to use the Platform Services, the Company and its Partners may need to contact you in connection with such relationship, or services. We may then be required to collect Personally Identifiable Information from you. While some of your information has to be mandatorily provided, other information is optional, and while certain portions of the information will remain private, some information may be shared with third parties to facilitate certain features and functionalities of the Platform. Additional information may also be gathered from you during your subsequent use of the Platform. You hereby consent to such collection, use, display, processing and handling as described in this Policy.
  • Your information, including Personally Identifiable Information may be transferred to, and maintained on systems located outside your state, country or jurisdiction, and the applicable Data Privacy Laws may vary from those of your jurisdiction. You consent to such transfer and the application of the Data Privacy Laws to the exclusion of law applicable in your jurisdiction.
  • You acknowledge that you are licensing to us the right to use, modify, display, distribute and create new material from the information provided by you through the Platform to render services through it, and that by providing such information, you automatically agree to such a licence without the payment of any fees.
  • We may also, to the extent permitted by law, use, licence, reproduce, distribute, disclose and aggregate all Non-Personal Information that is derived from your use of the Platform and you hereby provide consent for the same.
Information that we Collect
The Company collects and uses the following Personally Identifiable Information and other data for the purposes specified below:
  • Information such as your name, date of birth, postal address, email address, mobile number, etc. will be required to be provided by you at the time of registering on the Platform.
  • You will be required to sign in to OneBanc using a PIN, which you will provide for while signing up. Additionally, you have the option to sign-in to OneBanc with your fingerprint. This is an additional security feature within OneBanc, which you may opt for.
  • Your profile information such as your username and password and details regarding your activities on OneBanc.
  • Information which is required by our Partners to provide services to you including information that we are required to collect as per a specific mandate from a partner bank or financial services company in accordance with applicable law such as information required to comply with the Reserve Bank of India’s know-your-customer norms.
  • We may access banking and financial transaction details related to your use within the ecosystem of the Platform including bank account details, one-time passwords, PIN transaction passwords, the date and time of such transactions etc. to (a) provide you with customised content on the Platform; (b) monitor Platform usage; and (c) improve the content and services provided on and through the Platform. However, do note, we do not store any banking transaction details on the Platform.
  • We collect information about all your activities on the Platform to enable us to service you better.
  • When you visit or leave the Platform (including our plugins or cookies or similar technology on the sites of others), the Company receives the URL of both the site you came from and the site you are proceeding to, to provide better services and prevent fraud. We also get information about your IP address, proxy server, operating system, web browser, add-ons, device identifier and features, and / or ISP or your mobile carrier. We will ask you to opt-in before we use GPS or other tools to identify your precise location.
  • When you interact with the Platform, we collect server logs, which may include information like device IP address, access dates and times, and other system activity, type of browser, and the third-party site or service you were using before interacting with the Platform to understand your usage of the Platform.
  • We may collect any other information which would help determine your eligibility to avail the Platform Services.
  • We may also collect any other information that we require in order to provide a smooth mobile experience, including but not limited to SMS access for auto-OTP verification, camera / gallery / contacts access, etc. for various functionalities within OneBanc.
Uses of the Information Collected
The Company uses the information collected for the following general purposes:
  • To deliver the services made available through the Platform;
  • To curate specific services for you;
  • To help personalize your experience of the platform
  • To improve services offered to you;
  • To respond to the request that you send us such as your request for information, or your request to subscribe to a service provided on the platform;
  • To administer, protect and improve the platform;
  • To better understand the preferences of users of the platform;
  • To identify server problems;
  • To compile aggregated statistics about usage of the platform;
  • To help OneBanc in its internal business functioning;
  • Any other use that the Company may determine from time to time.
Storage and Retention of your Information
  • We retain your data for the duration of your use of the Platform. We archive your data and store it to comply with any data requests by government authorities in accordance with applicable law. We also retain your data for such period to enable you to re-start their account on the Platform.
  • All know-your-customer related information is collected on behalf of our Partners as mandated by applicable law, for facilitating authentication by such Partner. We do not process or store such information.
Information Security
  • We use generally accepted industry standards to store and protect information that you have submitted to us and that we collect, both during transmission and once received and stored, against loss, theft, unauthorised access, disclosure, copying, use or alteration, as required under the Data Privacy Laws. Your Personally Identifiable Information is kept secure behind secure networks and is only available to a limited number of people who are bound by confidentiality obligations. To the extent possible, all data is encrypted and stored.
  • We use HTTPS for secure transmission of data from end-user systems to our cloud server.
  • All passwords are stored in database in encrypted format using AES 256 bit encryption.
  • However, please be advised that, no method of transmission over the internet, or method of electronic storage, is 100% (one hundred percent) secure. Therefore, although we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security and your use of the Platform is at your sole risk and discretion. We do warrant that such information may not be misused in the event our safeguards and protocols are breached by a malicious third-party. Further, we are not liable for the actions of other users with whom you may choose to share your information. We will, however, promptly notify you if we discover that any of your information is compromised because of a security breach.
  • If a password is used to help protect your account and account information, it is your responsibility to keep the password confidential. You must ensure that you always log out of your account, before sharing your device with a third party.
Cookies and Tracking Tools
  • We use data collection devices such as “cookies” or other similar technology in the Platform to help analyse our app page flow, study traffic patterns in order to customise your experience, measure promotional effectiveness, match your interests and preferences and improve Platform performance, keep track of preferences that you specify while you access the Platform, support security measures, assist in identifying possible fraudulent activities, promote trust and safety and improve the services we provide. Please refer to our cookie policy for more information on our usage of cookies.
  • We may also use third party tracking tools to improve the performance and features of our Platform that are designed to collect only Non-Personal Information about your use of the Platform. However, you understand that such tools are created and managed by parties outside our control, and we are not responsible for what information is captured or used by such third parties.
Links to Other Sites
Our Platform may contain links to third party sites that are not operated by us. If you click on a third-party link, you may be redirected to such third party’s site. We have no control over, and assume no responsibility for the content, privacy policy or practices of a third-party site. We advise you to separately review the privacy policy of every such site you visit.
Sharing of Information
  • We share your personal information with third parties who perform services on our behalf. We share information with vendors who help us manage our online registration process or payment processors or transactional message processors.
  • We share information with third parties and or business partners who partner with us on the Platform. Each of our Partners have their own privacy policies. You are advised to familiarise yourself with such policies.
  • We may share your information with our other corporate entities and affiliates. These entities and affiliates may market themselves to you because of such sharing unless you explicitly opt-out of such communication.
  • We may be legally required to disclose your information, if such disclosure is (a) required by subpoena, law or other legal process; (b) necessary to assist law enforcement officials or government enforcement agencies; (c) necessary to investigate violations of or otherwise enforce our legal terms; (d) necessary to protect us from legal action or claims from third parties including you or other users; (e) necessary to protect the legal rights, personal property or personal safety of the Company, our users, employees and affiliates; or (f) necessary for any other reasonable purpose that the Company may, in its sole discretion, deem fit.
  • We may share your information with an acquirer, assignee, or other successor entity in connection with a sale, merger, or reorganisation of all or substantially all the equity, business or assets of the Company. For example, if a part of our business is sold, we may provide our customer list as part of that transaction.
  • We conduct from time-to-time contests for our users. We may use third party service providers to collect and collate data for such contests. We may share your information with such service providers during the said contests.
  • We retain the right to collect and use any Non-Personal Information collected from your use of our Platform, and to aggregate such data for internal analytics that improve our Platform, as well as for use or resale to others. At no time is your Personally Identifiable Information included in such data aggregations.
  • We may share your information with other third-parties for reasons not described in this Policy. We will endeavour to inform you before we do this. The collection, storage and processing of data by the above third-parties either pursuant to us sharing it with them or where you submit the data directly to such parties, are subject to their own data protection policies and security practices. While we will endeavour to ensure that such parties, as described above, have in place a privacy policy similar to ours before sharing your information with them, you agree and acknowledge that we are in no way privy to the data protection practices of these parties, and we are not responsible for their adherence to applicable Data Privacy Laws and norms.
Rights of the User
  • We share your personal information with third parties who perform services on our behalf. We share information with vendors who help us manage our online registration process or payment processors or transactional message processors.
  • You have a right to opt-out of providing any of your information, including your Personally Identifiable Information. However, in such event, we reserve the right to refuse or limit your access and use of the Platform, and its features.
  • We may share your information with our other corporate entities and affiliates. These entities and affiliates may market themselves to you because of such sharing unless you explicitly opt-out of such communication.
  • You acknowledge and agree that merely un-installing the Platform from your mobile device will not result in the deletion of your information from the Platform. You have the right to withdraw your consent to the use, disclosure, or transfer of your information, including your Personally Identifiable Information, and request for its deletion from the Platform’s databases. However, some information relating to your interaction with the Platform may not be deleted to maintain the integrity and security of the Platform, and such information will be anonymised upon your withdrawal of consent.
  • We may share your information with an acquirer, assignee, or other successor entity in connection with a sale, merger, or reorganisation of all or substantially all the equity, business or assets of the Company. For example, if a part of our business is sold, we may provide our customer list as part of that transaction.
  • If information, including Personally Identifiable Information that you have submitted on the Platform is no longer accurate, current, or complete, you may update or correct your information using the Platform. However, the Company reserves the right to use information obtained previously to verify your identity or take other actions that it believes is appropriate pursuant to such correction or updation.
Marketing Communications and Procedure for Opt-Out
  • When you register with us, the information supplied by you will be used to generate and maintain your profile on the Platform; provide personalised features; to allow you to participate in interactive features on Platform; to provide customer support; to modify the Platform to cater to your interests; to maintain regular communications with you and to carry out other similar actions. To this end, we may contact our users via email, SMS, or notifications on our Platform as we deem appropriate.
  • We may also combine your information with information we collect from other companies and use it to improve and personalise our services, content, and advertising.
  • In furtherance to your usage of the Platform, you expressly waive the do not call (“DNC”) / do not disturb (“DND”) registrations on your phone / mobile numbers on our contacting you for such purpose and usage. Hence, there will be no DNC / DND check required for the number you have used on our Platform.
  • We fully comply with national laws regarding spam. You can always opt-out of receiving further promotional email correspondence from us or our affiliates. Please note that it may take about 72 (seventy-two) business hours to process your request.
Copyright
We and our Partners hold the copyright, and other intellectual property rights to the Platform and all the material on the Platform. We also own all the trademarks displayed on the Platform, unless otherwise indicated. You must not use any of our material or intellectual property on the Platform without our explicit consent.
Amendments
The Company reserves the right to change, modify, add or remove portions of this Policy at any time, but will alert you that changes have been made by indicating on the Policy the date it was last updated. When you use the Platform, you are accepting the current version of this Policy as posted on the Platform at that time.
Greviences Redressal
If you have any questions, or concerns about this Policy, or complaints or grievances about the way the Company handles or uses your information, please feel free to us at compliance@onebanc.ai.
Last reviewed by Compliance Head on 15 July, 2022