Profinex LLP values the privacy and security of personal information in the digital lending space. This Data Collection Policy outlines our approach to gathering, using, and protecting personal data in compliance with applicable laws and regulations.
Purpose of Data Collection
We collect personal data to fulfill various business needs:
- Loan Application: Verifying applicants and processing loan requests.
- Creditworthiness Assessment: Evaluating financial background and repayment ability.
- Loan Servicing: Managing and servicing loan accounts.
- Compliance: Meeting legal and regulatory requirements, including reporting and record-keeping.
Types of Personal Data Collected
We collect the following categories of personal data:
- Contact Information: Full name, address, email, phone number.
- Financial Information: Income, expenses, credit score, bank statements.
- Identification Information: Government-issued IDs, social security numbers, and other personal identifiers.
- Employment Information: Employer name, job title, income details.
- Loan Transaction Data: Information related to loan applications, approvals, and repayments.
Legal Bases for Processing Personal Data
Our data processing is based on:
- Contractual Necessity: To fulfill obligations such as processing loan applications.
- Legal Compliance: To meet regulatory requirements (e.g., reporting to authorities).
- Consent: Where explicit consent is required for certain actions.
- Legitimate Interests: To serve legitimate business interests such as fraud prevention, risk management, and ensuring efficient loan operations, while balancing the rights of the data subject.
Data Security Measures
To protect personal data from misuse, loss, or unauthorized access, we implement:
- Encryption: Ensuring data security both in transit and at rest.
- Access Controls: Limiting data access to authorized personnel only.
- Security Audits: Regular reviews to identify vulnerabilities.
- Employee Training: Educating staff on best practices for data security.
Data Sharing
We may share personal data with the following entities, ensuring adequate data protection measures:
- Lending Institutions: For loan approval and disbursement purposes.
- Credit Bureaus: To assess and report on creditworthiness.
- Regulatory Authorities: To comply with legal reporting requirements.
- Service Providers: Third-party companies that help us process loans and related services.
Rights of Data Subjects
Individuals have the right to:
- Access and Rectification: View and correct their personal data.
- Erasure: Request deletion of personal data where applicable.
- Restriction of Processing: Request limits on how their data is used.
- Data Portability: Transfer data to another provider if necessary.
- Objection to Processing: Object to specific processing activities.
- Automated Decisions: Not to be subjected to decisions solely based on automated processing.
Data Breach Notification
In case of a data breach, we will notify affected individuals and relevant authorities as required by law.
International Data Transfers
If personal data is transferred outside the country, we ensure the use of appropriate safeguards such as binding agreements to protect the data.
Policy Updates
This policy will be reviewed regularly to ensure it is in compliance with evolving regulations. We will notify users of significant updates.
Data Storage Policy
Profinex LLP ensures the secure and responsible storage of personal data, maintaining compliance with data protection laws and industry best practices.
Types of Data Stored
We store the following categories of data:
- Personal Information: Names, contact details, addresses.
- Financial Information: Income, expenses, credit history.
- Identification Documents: Government IDs, social security numbers.
- Employment Details: Job-related and income information.
- Loan Transaction Data: Records related to loan applications and repayment history.
Data Storage Principles
We adhere to the following principles when storing data:
- Legal Compliance: We follow all relevant data protection laws and regulations.
- Data Minimization: Only collect and store data that is necessary for specific purposes (e.g., loan processing).
- Retention Period: Data is kept for as long as needed to fulfill legal obligations or business purposes. We do not retain data longer than necessary.
- Data Security: We implement technical and organizational measures, including encryption, regular security checks, and access controls, to protect stored data.
- Regular Review: We continually assess our data storage practices to align with regulatory changes and security advancements.
Access Control
Data access is restricted to authorized personnel who need it for legitimate business purposes. We use authentication systems to prevent unauthorized access.
Data Backup and Integrity
We maintain regular backups to ensure data integrity. Backups are encrypted and securely stored to protect against data loss or corruption.
Data Retention and Deletion
We retain personal data for the period required by law or for legitimate business purposes. Once data is no longer needed, we ensure it is securely deleted or anonymized to protect privacy.
Data Transfer
If personal data is transferred outside the organization, we use secure methods like encryption to protect its confidentiality during transmission.
Policy Review and Updates
This policy will be reviewed periodically to ensure compliance with current data protection laws and industry standards. Any updates will be communicated to stakeholders and affected individuals.