Radian Finserv Private Limited, No 13, CPN Arcade 1st floor 7th cross Subainapalya Banaswadi Bangalore- 560033.
Email: info@radianfinserv.com
CIN No. U65992KA2020PTC186334
Toll free 1800 889 4899
Data Privacy Policy
Policy Name
Policy Number
Effective Date
Next Review Date
Data Privacy Policy
5
July 2021
July 2022
1. Introduction
The purpose of online privacy policy is to maintain the privacy and protect the information of
customers, employees and all the stake holders who are involved with Radian Finserv.
2. Objective
Regardless of geographic location, privacy policy is applicable to employees and all the stake
holders whose personal information is collected or processed with Radian Finserv. All the
employees of Radian Finserv are expected to support the privacy policy to successfully meet the
organization’s commitment towards data privacy. No third party shall access the personal
information of employees and al the stake holders.
3. Scope of the policy
The Data protection officer shall be responsible for the maintenance and accuracy the policy. This
policy shall be updated periodical with the recommendations provided by internal/external auditors
and the same shall be updated by data protection officer.
4. Policy compliance
On an annual basis compliance to the data privacy shall be reviewed by compliance department, in
case if non- compliance is identified, the data protection officer shall review the reasons with a plan
and report them to compliance department. Depending on conclusions of the review policy shall be
revised.
5. Data privacy principles
5.1 Notice
This policy explains the security practices for appropriate use of personal information at Radian
Fiserv. As described in the policy transfer, collection of personal information shall be provided or
governed as per applicable laws:
5.2 Consent
Notice shall be provided to the data subjects about how his/her personal information is disclosed,
used, or retained.
5.3 Rights of Individuals
Data subjects shall give their consent in regarding how persona information about them is going to
be disclosed, used, or retained.
5.4 Collection of Personal Information
All the individuals have the right to control their information which includes access to data, erase
the data, modify, transfer, and restrict and withdrawal of early consent that has been given by
him/her.
5.5
Any personal information collected from data subjects with privacy notice and the purpose
identified.
5.6
Disclosure of personal information to thirds parties only with subject’s consent. If any information
is transferred third parties’ assurances of protection shall be taken in prior.
5.7
If a third-party vendor is acting on behalf of Radian Finserv for data protection, same obligations
shall be set out to the third-party vendor. If the third party acting on behalf of Radian Fiserv fails
to protect data or fail to accept the obligations, Radian Finserv shall remain liable for such
performance of third party.
5.8
Radian Finserv shall not misuse, data leakage of the personal information. Also, shall not allow
unauthorized access to any other party.
5.9
Radian Finserv shall take all measure & steps to ensure that the personal information recorded is
accurate and relevant to the purpose it was collected.
5.10
Radian Finserv shall monitor its privacy policies both internally and with also third parties and
establish the process to inquire the complaints and disputes and address of third parties.
6. Notice
Notice shall be accessible to data subjects at the time of collection of personal information and the
notice shall be clearly displayed through online website/mobile applications/ intranet mobile or can
be readily available through offline methods. In case of any online transfer of personal information,
data subjects shall be informed in prior.
7. Privacy Notice
7.1
Line of business, location of business, business affiliates, organization’s jurisdictions involved,
business segments and third parties involved
7.2
Source of Information, type of information collected, contact information of the person who
collected the information.
7.3
Purpose of personal information collected, assurance that the personal information will be used
only for identified notice
7.4
The process for a data subject to change contact preferences and ways in which the consent is
obtained.
7.5
Collection process and how the information is collected; how the information is used including any
onward transfer to third parties.
7.6
Collection process and how the information is collected; how the information is used including any
onward transfer to third parties
7.7
Retention and disposal process for personal information; assurance that the personal information to
be retained only if necessary to fulfill the stated purposes, or for a period specifically required by
law or regulation and will be disposed-off securely or made anonymous post the identified purpose
is completed.
7.8
Process of accessing personal information; the costs associated for accessing personal information
(if any); process to update / correct the personal information; the resolution of disagreements
related to personal information.
7.9
How the information is protected from unauthorized access or use; how users will be notified of
any changes made to privacy notice.
7.10
Disclosure process for third parties; the assurance that the personal information is disclosed to
third parties only for the purpose identified; the remedial actions in place for any misuse of
personal information by the third parties.
7.11
Security measures in place to protect the personal information; ways of maintaining quality of
personal information; monitoring and enforcement mechanisms in place; description of the
complaint channels available to data subjects; how the internal personnel, key stakeholders and the
customers can contact the organization related to any privacy complaints or breaches; relevant
contact information and/or other reporting methods through which the complaints and/or
breaches could be registered.
7.12
Consequences of not providing the requested information.
8. Choice and consent
8.1
Radian shall establish systems for the collection and documentation of data subject consents to the
collection, processing, and/or transfer of personal data.
8.2
Data subjects shall be informed about the choices available to them with respect to the collection,
use, and disclosure of personal information.
8.3
Consent shall be obtained (in writing or electronically) from the data subjects before or at the time
of collecting personal information or as soon as practical thereafter.
8.4
The changes to a data subject’s preferences shall be managed and documented. Consent or
withdrawal of consent shall be documented appropriately.
8.5
The choices shall be implemented in a timely fashion and respected. If personal information is to
be used for purposes not identified in the notice / SoW / contract agreements at the time of
collection, the new purpose shall be documented, the data subject shall be notified, and consent
shall be obtained prior to such new use or purpose.
8.6
The data subject shall be notified if the data collected is used for marketing purposes,
advertisements, etc.
8.7
Radian shall review the privacy policies of the third parties and types of consent of third Parties
before accepting personal information from third party data sources.
9. Collection of personal information
9.1
Personal information shall be collected either by online or offline collection method. Regardless of
collection method privacy protection shall be applied to any of the collection method. Personal
information shall not be collected unless the following are fulfilled.
9.2
The information given by data subject is valid and free consent.
9.3
Before entering contract, processing for the performance of a contract to which the data subject is
a party.
9.4
Processing is necessary for performance of a task that is carried out in the public interest, to protect
vital interest of data subject, for compliance with the organization’s legal obligation.
9.5
If any data not needed for providing a service or product is requested, such fields can be labeled as
optional.
9.6
Radian shall review the collection methods & privacy policies before accepting information from
third parties.
9.7
Personal information shall be de-identified when the purpose of data collection can be achieved
without personally identifiable information, at reasonable cost.
10. Access
10.1
For any exercise of data subject’s information access, blockage, erasure, rectification Radian Fiserv
shall establish a mechanism to enable and facilitate.
10.2
Data subjects shall obtain the details of their own personal information only upon a request and
radian shall provide their response within 72 hours of the request raised by data subject.
10.3
Data subjects shall require right to correct or supplement misleading or incomplete information.
10.4
Data subjects shall require right to correct or supplement misleading or incomplete information.
11. Disclosure to third parties
11.1
If the personal information of the data subject shall be disclosed to the third parties, it shall be
informed to data subject in the privacy notice for which the data subject has provided consent.
11.2
Personal information of data subjects shall be disclosed to third partied only with purpose
identified in the notice or the other purpose identified by law.
11.3
Third parties shall sign NDA (Non-disclosure Agreement) which shall include the terms on nondisclosure of personally identifiable information (PII).
12. Security
12.1
For the personal information collected, stores, used, transferred by Radian information security
policy and procedures shall be documented and implemented.
12.2
Information asset labeling shall control storage, retention, and transfer of personal information
12.3
Radian Finserv shall establish procedure against accidental disclosure due to natural disasters &
environmental hazards, to maintain the logical and physical security of information.
12.4
Individuals who notice any breach of personal data shall notify to Radian Finserv through email
within 2 hours.
13. Quality
13.1
Radian shall maintain data integrity and quality of personal data and ensure that data is reliable,
accurate and complete.
13.2
Radian shall audit shall perform annual assessment for the check of accuracy of collected personal
information.
14. Dispute resolution and recourse
14.1
The incident and breach management program include a clear escalation path up to the executive
management, legal department, and the board based on type and/or severity of the privacy
incident/breach. It shall define a process to register all the incidents/complaints and queries related
to data privacy.
14.2
Grievance Officer shall perform a periodic review of all the complaints related to data privacy to
ensure that all the complaints are resolved in a timely manner and resolutions are documented and
communicated to the data subjects.
14.3
An escalation process for unresolved complaints and disputes which shall be designed and
documented.
14.4
Communication of privacy incident / breach reporting channels and the escalation matrix shall be
provided to all the data subjects.
14.5
Customers / third party with inquiries or complaints about the processing of their personal
information shall bring the matter to the attention of the Grievance Officer in writing. Any disputes
concerning the processing of the personal information of non-employees shall be resolved through
arbitration.
15. Compliance review
15.1
The internal auditshall consist of the review of the following: personal information collected from
data subjects.
15.2
The purposes of the data collection and processing; of the actual uses of the data.
15.3
Disclosures made about the purposes of the collection and use of such data.
15.4
The existence and scope of any data subject consents to such activities.
15.5
Any legal obligations regarding the collection and processing of such data and the scope,
sufficiency, and implementation status of security measures.
Any changes made to the policies shall be communicated to all the employees, the stakeholders, and
the customers / clients.
