Privacy Notice – Sample Privacy Policy
QuickLend Financial Services Private Limited
Privacy Notice
QuickLend Financial Services Private Limited is a fintech company providing financial solutions and services. We believe our customers deserve transparency about how we handle your personal data.
This notice explains how we collect, use, and protect your information across all our services. When you use our website, app, or any of our services, this privacy notice applies to you.
Who This Applies To
This notice covers all our services including personal loans, business loans, investment advisory, payment services, savings accounts, credit cards, and insurance products. If you provide information about someone else, you confirm you have their permission to do so.
What Information We Collect
We collect personal information like your name, date of birth, address, mobile number, email, PAN, and Aadhaar details. We also gather employment information to understand your financial situation.
For our financial services, we need your bank account details, salary information, credit history, transaction records, and details about any existing loans you may have.
When you use our digital platforms, we collect technical information such as your device details, IP address, how you use our app, and your location if you allow it. We also store important documents like identity proofs, address proofs, income documents, and bank statements.
We keep records of our communication with you including customer service chats, emails, and phone calls when you give us permission. Our website and app use cookies to remember your preferences and improve your experience.
How We Use Your Information
We use your information primarily to provide our financial services. This includes processing your loan applications, managing your accounts and investments, handling payments and transactions, and providing customer support when you need it.
For verification and compliance, we verify your identity to meet regulatory requirements, assess your creditworthiness, manage risk, prevent fraud, and ensure security. We also use your information to comply with obligations from RBI, SEBI, and other regulatory bodies.
We communicate with you to send service updates and notifications, share personalized offers and recommendations, conduct market research, and provide promotional communications about products that might interest you.
To improve our services, we analyze how you use our platforms, develop new products and features, enhance your user experience, and maintain system security across all our offerings.
Who We Share Your Information With
We share your information with financial partners including banks, NBFCs, insurance companies, mutual funds, and credit bureaus to provide integrated financial services and assess your creditworthiness.
Our service providers help us operate our business. These include payment processors, cloud platforms, customer support teams, and KYC verification services. We work with trusted partners like HDFC Bank, ICICI Bank, CIBIL, Razorpay, Amazon Web Services, Microsoft Azure, and Freshworks.
We share information with regulatory bodies including RBI, SEBI, tax authorities, and law enforcement when required by law. We also work with our group companies and affiliates to provide you with integrated services across our platform.
We only share information with trusted partners who maintain the same level of data protection as required by Indian laws.
How We Protect Your Information
We protect your information using industry-standard encryption for all data, multi-factor authentication for account access, regular security audits and monitoring, and secure data centers with restricted access. Our employees receive regular training on data protection.
We maintain certifications including ISO 27001:2013 for information security and SOC 2 compliance for service organizations. We conduct regular penetration testing to identify and fix any vulnerabilities.
While we implement strong security measures, no system is completely secure. We have established procedures to handle any data breaches and will notify you as required by law if any issues occur.
Your Rights
You can view what personal data we have about you, update or correct your information, request deletion of your data subject to legal requirements, and download your data in a portable format. You can also opt out of marketing communications, choose how we contact you, and withdraw consent at any time.
If you have concerns, you can contact our Grievance Officer or escalate to the Data Protection Board of India if needed. Some information cannot be changed once entered due to regulatory requirements, but you can contact us for the process to modify such information.
Data Retention
We keep your data while you actively use our services. For inactive accounts, we retain data for 24 months after account closure as a business practice. Some data is retained longer as required by RBI, SEBI, and other regulations. For marketing purposes, we keep data until you opt out or become inactive.
Contact Us
For privacy-related questions, contact our Privacy Officer Ms. Anita Rao at privacy@quicklend.com or call 1800-456-7890. For complaints, reach our Grievance Officer Mr. Rajesh Kumar at grievance@quicklend.com. General customer support is available at support@quicklend.com.
Our address is QuickLend Financial Services Private Limited, 456 Financial Hub, Sector 15, Gurgaon, Haryana 122001. Visit our website at www.quicklend.com for more information.
Policy Updates
We may update this privacy notice from time to time. We will notify you of significant changes through email, SMS, or app notifications. Continued use of our services after changes means you accept the updated notice.
For questions about this privacy notice, email us at privacy@quicklend.com.
Company Information: We are licensed as an NBFC under license N-14.67890 from RBI and registered as an Investment Advisor with SEBI under registration number INA200067890.
This notice is available in English, Hindi, Tamil, Telugu, and Bengali. Last updated on [Current Date], Version 2.1.
Your privacy matters to us. We keep it simple and transparent.
DPDPA 2023 Privacy Notice Blueprint – Generic Template
Instructions for Use
This blueprint creates Privacy Notices that align with current industry practices while ensuring DPDPA 2023 compliance. The template uses business-friendly language and practical approaches for any company or service type.
Key Principle: Balance legal compliance with user-friendly communication and business practicality.
Privacy Notice Blueprint Table
| Section | DPDPA Reference | Industry Practice | Business Input Required | Template Content |
|---|---|---|---|---|
| 1. Header & Scope | Section 5(1) | Clear, customer-focused opening | [Company name, specific service] | “Privacy Notice for [Service Name]. At [Company], we believe in transparency about your personal data. This notice explains how we handle your information when you [specific activity].” |
| 2. Consent Statement | Section 6(1) | Upfront consent with clear consequences | [Service dependencies] | “Your Consent Matters. By [using this service/applying for this product], you consent to: Collection of data described below, Processing for purposes stated, Sharing with partners as mentioned. Note: If you don’t consent, we won’t be able to [provide service/process application].” |
| 3. What We Collect | Section 5(1)(i) | Categorized, practical data types | [Specific data categories] | “Information We Collect: Personal Details (Name, date of birth, address, mobile number, email), Financial Information [As applicable], Device Information (IP address, device type, app usage), Documents [KYC documents, income proof, etc.]” |
| 4. Why We Need It | Section 5(1)(i) | Business-focused purpose explanation | [Business purposes] | “How We Use Your Information: To provide you with [specific service], To verify your identity (regulatory requirement), To prevent fraud and ensure security, To send you service updates, To improve our services” |
| 5. Legal Basis | Section 4(1) & 7 | Simplified legal ground explanation | [Select applicable basis] | “Legal Basis for Processing. We process your data because: You’ve given us consent, OR It’s necessary for the service you requested, OR We’re legally required to do so” |
| 6. Who We Share With | Section 8 | Specific partner categories with examples | [Partner list] | “Our Trusted Partners: Banks & Lenders [Partner names], Technology Partners [Cloud providers, analytics], Service Providers [KYC, payments, customer support], Regulators (As required by law), Others (Only with your separate consent)” |
| 7. Data Security | Section 8(5) | Industry certifications and practical measures | [Security details] | “How We Protect Your Data: Industry-standard encryption, ISO 27001 certified security systems, Regular security audits, Access restricted to authorized personnel only, 24/7 monitoring and threat detection” |
| 8. Your Rights | Sections 11-14 | User-friendly rights explanation | [Company process] | “Your Data Rights: Access (See what data we have about you), Correct (Update incorrect information), Delete (Request data removal subject to legal requirements), Portable (Get your data in transferable format), Withdraw (Cancel consent anytime)” |
| 9. How to Exercise Rights | Section 5(1)(ii) | Multiple convenient channels | [Contact methods] | “Contact Us About Your Data: Email privacy@[company].com, App Settings → Privacy → Data Requests, Phone [Customer care number], Response Time: Within [X] working days” |
| 10. Data Retention | Section 8(7)(8) | Business-practical retention periods | [Retention schedule] | “How Long We Keep Your Data: Active Customers (While you use our services), Inactive Accounts ([X] months after last activity), Legal Requirements ([X] years for regulatory compliance), Marketing (Until you opt out)” |
| 11. Cookies & Tracking | Section 4(1)(a) | Cookie policy integration | [Cookie types] | “Cookies & Similar Technologies. We use cookies to: Remember your preferences, Improve website performance, Prevent fraud. Manage Cookies: Browser settings or privacy center” |
| 12. Third-Party Services | Section 4(1)(a) | Clear third-party integration explanation | [Third-party list] | “Third-Party Integrations: Payment Gateways [Names], Analytics [Analytics providers], Social Media [If applicable], Credit Bureaus [Bureau names]. Each has their own privacy policy” |
| 13. International Transfers | Section 16 | Business-necessity explanation | [Transfer details] | “Data Transfers. Your data may be processed in: India (primary location), [Other countries] for cloud services. Protection: Same security standards apply everywhere” |
| 14. Grievance Process | Section 13 | Step-by-step escalation | [Grievance procedure] | “Complaints & Concerns: Step 1 – Contact our customer support, Step 2 – Escalate to Grievance Officer [contact], Step 3 – Data Protection Board of India. Response: Within [X] days at each step” |
| 15. Children’s Data | Section 9 | Clear age policy | [Age requirements] | “Age Requirements. Our services are for users 18+ only. If under 18: Parent/guardian consent required. If we discover underage use: Immediate account suspension.” |
| 16. Updates & Changes | Section 5 | Change communication strategy | [Update process] | “Policy Updates: Notification via Email/SMS/App notification, Advance Notice: [X] days for major changes, Your Choice: Continue using = acceptance” |
| 17. Emergency Processing | Section 7(f)(g) | Emergency scenarios explanation | [Emergency protocols] | “Emergency Situations. In medical emergencies or public health threats, we may process data without consent to: Save lives, Prevent health risks, Comply with emergency orders” |
| 18. Contact Information | Section 8(9) | Complete business contact details | [All contact methods] | “Reach Us: Company [Full legal name], Address [Complete address], Privacy Officer [Name and contact], Customer Care [Number], Website [URL]” |
Industry-Specific Adaptations
For Fintech Companies:
Enhanced Sections:
Financial Data Collection: “Financial Information We Need: Bank account details (for loan disbursement), Salary information (for eligibility assessment), Credit score (from authorized bureaus), Transaction history (for risk assessment), Income proof (regulatory requirement)”
Partner Ecosystem: “Our Lending Partners: [Include table with partner names and services]”
For Payment Processors:
Enhanced Sections:
Transaction Data: “Payment Information We Process: Transaction amounts and details, Bank account information, UPI handles and payment preferences, Merchant transaction data, Fraud prevention indicators”
System Security: “Payment Security Standards: PCI-DSS Level 1 compliance, End-to-end encryption, Real-time fraud monitoring, Secure tokenization”
For Traditional Finance:
Enhanced Sections:
Regulatory Compliance: “Regulatory Requirements: RBI compliance for financial services, Credit bureau reporting obligations, KYC documentation requirements, Anti-money laundering checks”
Document Retention: “Record Keeping Requirements: [Include detailed retention table]”
