MAHI App Privacy Policy

1. BACKGROUND AND DEFINITIONS

Below given policy provides details about how we handle and use your data in connection with our digital platform MAHI mobile App (“Application”, “App”).

The Privacy Policy is supplementary to the CreditAccess Grameen’s ‘Client Data Privacy Policy’ and shall be read in conjunction with the same which provide the manner in which we, our Affiliates store, process, collect, use and share the data that are collected from you.

For the purpose of this Privacy Policy, CreditAccess Grameen Limited is referred as “CA Grameen”, “we”, “us”, “our”, “the Company” and the Users of the App or Services who may be customers/ borrowers, or any other persons using services or accessing the App are referred to as “User” or “you” or “your”. ‘Personal data’ means any data about an individual who is identifiable by or in relation to such data or as may be defined under the applicable laws & regulations, from time to time. Accordingly, ‘digital personal data’ means personal data in digital form.

2. USE OF PERSONAL DATA AND OUR COMMITMENT TO KEEP IT SECURE:

We are committed to keep your personal data secure, confidential, and compliant with the applicable laws & regulations. We adhere to the best practices to secure information collected from you.

Please note that by visiting the App and availing the Services provided by us, you agree to be bound by the terms and conditions of this Privacy Policy. For the purpose of this Privacy Policy, the Users of the Services may be customers/ borrowers, or any other persons using Services or accessing our APP.

When you use our application, on your explicit consent, we collect and store your personal data / information. Our primary goal in doing so is to provide you a safe, secure, efficient, smooth and customized experience and services. This allows us to provide services and features that meets your needs, and to customize our Platform to make your experience safer and easier and to improve the services provided by us.

We recognise the importance of protecting the privacy of your personal data. We use all reasonable precautions to keep your personal data/information disclosed to us secure and to disclose such information only to responsible third parties after permission from the User or as required by applicable laws, rules and regulations.

The personal data/Information shall not be shared with any third parties unless the same is necessary to enable us to provide services to you or the same is necessary pursuant to applicable laws, rules or regulations.

3. PURPOSE & PROCESS OF COLLECTION OF PERSONAL DATA:

Certain mandatory information will be collected at the time of registration on the App which are required to enable you to login to the App. Additional information will be collected to:

1. Verify your identity using KYC, other relevant documents, your selfie taken through the App;
2. Determine your loan and other product eligibility;
3. Enable loan approval and disbursal process;
4. Enable loan repayment through digital modes; and
5. Safeguard against illegal activities like fraud, cheating, misappropriation, etc. In order to use the facilities and services available on the App, you may be required, from time to time,
   to provide certain additional personal data/information after registration on the App, which shall be collected only upon receiving your express consent.

We may also automatically receive and collect certain anonymous information in standard usage logs through the web server, including mobile-identification information obtained from the equivalent of cookies sent to the App, including mobile network information, standard web log information, traffic to and from our App, tracking inside the App and any other available information from an IP address assigned to the device used by you, the domain server through which you access the App and the functions and features therein, the type of device used by you etc. We may retain this data/information as necessary to resolve disputes, provide customer support and troubleshoot problems as permitted
by law.

We may collect and analyse your precise location information, based on GPS data to track whether our service is available in your area or not.

We collect SMS data from your device which will help us to auto read the OTPs for the purpose of verification. The requirement of OTPs is only with respect to the digital lending services being offered by the Company and we will not have access to any other OTPs or messages.

The information the App collects, and how that information is used, depends on how you manage your privacy controls on your device. When you install the App, we store some of the information we collect with unique identifiers tied to the device you’re using. This helps us to provide features like automatic updates, device identity management, fraud prevention and additional security so that your account is not used in other people’s devices simultaneously. We collect this information when you download and install the App and give the permission to read the device information.

We may disclose your personal information, without prior notice, if we are under a duty to do so in order to comply with any legal obligation or on an order from the government and/or a statutory authority, or in order to enforce or apply our terms of use or assign such information in the course of corporate divestitures, mergers, or to protect the rights, property, or safety of us, our Users, or others. This includes exchanging information with other companies and organizations, Banks, Financial Institutions, NBFCs for the purposes of fraud protection and credit risk reduction. As such, any of your personal data will be used to provide, improve and personalize our Services, contact you in connection with your account and give customer service, to personalize our engagement and communications, to prevent, detect, mitigate, and investigate fraudulent or illegal activities.

We may share your personal or other information with other business entity we (or our assets) merge with, or be acquired by that business entity, or on re-organization, amalgamation, restructuring for continuity of business. Should such a transaction occur then any business entity (or the new combined entity) receiving any such information from us shall be bound by this Policy with respect to your information.

If you are a member of any joint liability group in any loan proposal which is based on group guarantee, other members of the group may have access to some of your information such as your loans, repayment behaviour and such other personal information as may be relevant with regard to providing of our services. Similarly, you may have access to certain information of rest of the members of the group in such loan proposal. You agree that you shall not make use of any such information except for the purpose of the loan and related process, and not otherwise.

4. DATA SHARING WITH SPECIFIC THIRD-PARTIES AND THE PURPOSE

We will disclose your personal information to our third-party technology partners, registered Credit Information Companies, third-party data source providers, rating agencies, data verifying service providers, banking partners, for the purposes of identity verification, customer experience management, credit assessment, documentation management, eSign services, payment services and other process management necessary to provide services to you. Such third parties and their relevant service categories are listed below:

• Credit Bureaus – TransUnion CIBIL Limited, CRIF High Mark Credit Information Services Private Limited, Equifax Credit Information Services Private Limited
• Data processing, automation and identity verification – Bureauid India Private Limited., Digitap.AI Enterprise Solutions Private Limited, Karza Technologies Private Limited, Scienaptic Systems Private Limited
• Technology services – Market Simplified India Limited
• Digital document storage service – Newgen Software Technologies Limited
• Payment services – ICICI Bank Limited
• Push notification, In-App notification, SMS, WhatsApp and other communication – MoEngage India Private Limited., Gupshup Technology India Private Limited, IMImobile Cloud Communications (India) Private Limited.
• eSign and digital signature services – Grey Swift Private Limited

We will share your information under a confidentiality agreement with the third parties for various verification processes and restrict the use of the said Information by third parties only for the purposes detailed herein and as required under the applicable laws & regulations.

By using the App, you hereby grant your consent to the Company to share/disclose your Personal data and such other information as detailed hereinabove which would be used for all or any of the purposes mentioned below:

(i) For data verification, identity validation purposes
(ii) To the concerned third parties in connection with the Services provided in the App; and
(iii) With the governmental authorities, quasi-governmental authorities, judicial authorities and quasi-judicial authorities, in accordance with applicable laws of India.

You consent to the Company, its various service providers or agents to contact you telephonically, or through e-mails, messages, SMS, WhatsApp, other applications or otherwise, even if your name appears in the Do Not Call or Do Not Disturb Register.

Please note that the consent provided by you with respect to usage of MAHI App services provided by the Company can be withdrawn anytime by informing us over the phone at 18002022330 or by sending an email to digital.support@grameenkoota.in.

5. DATA ACCESS AND RETENTION

We restrict access to your personal information to our employees, contractors, Affiliates, subsidiaries and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations. We shall use generally accepted industry standards to protect your information submitted to us, both during transmission and upon receipt. However, please be advised that, no method of transmission over the Internet, or method of electronic storage, is 100% secure despite we strive to use commercially acceptable means to protect your Information.

We recognize the importance of protecting the privacy of all personal information provided by you and use appropriate technical and organizational measures in-line with its compliance and regulatory obligations for ensuring the security of personal information that is disclosed to the Company. We do not retain your personal and loan related data for longer than required, for the purpose for which the information may be lawfully used. For regulatory / statutory reasons, we would be required to store your data as long as you are our customer / User and for a maximum period of 8 years post you cease to be our customer / User. Post this time period, digital storage devices in which your data is stored would get overwritten with new data thereby getting destructed without any manual intervention. The Company has adopted a policy on Cyber Security which outlines the management direction and support for cyber and information security in accordance with business requirements and relevant laws and regulations of the country, including the appropriate mechanisms to detect, respond, recover and contain any cyber security incidents.

6. YOUR RIGHTS UNDER DIGITAL PERSONAL DATA PROTECTION ACT 2023

Company acknowledges your rights under the applicable laws and regulations including under the Digital Personal Data Protection Act 2023, to withdraw your consent at any time, previously provided for processing your personal data. However, please note that such withdrawal of consent does not impact the legality of any data processing activities carried out on your personal data by the Company or its agents prior to the withdrawal of your consent. You shall have the right to have readily available means of grievance redressal provided by the Company in respect of any act or omission of the Company or its agent regarding the performance of its obligation in relation to your personal data or your exercise of right under the provisions of applicable law and regulations. Further you shall also be entitled to approach ‘Data Protection Board of India’ established by the Central Government under the Digital Personal Data Protection Act, 2023, to make any complaint/grievances in such manner as may be prescribed under the Act.

7. SUPPORT AND GRIEVANCE REDRESSAL

You are entitled to access, rectify, complete, update the personal information that we hold about you. You can write to us directly at digital.support@grameenkoota.in for anything concerning your personal data and processing of the same.

For any escalations or grievances relating to your personal data and its processing, you can do so by contacting our Grievance Officer mentioned below:

• Name: Sri Nagananda Kumar K N
• Grievance Redressal Officer (Principal Nodal Officer)
• Address: CreditAccess Grameen Limited, #49, 46th Cross, 8th Block, Jayanagar Bangalore – 560070.
• Email: yourvoice@cagrameen.in
• Toll Free Number: 1800 123 153 153

Our Grievance Redressal Cell is open from 9.15 a.m. to 6.15 p.m. from Monday to Friday. Grievance Redressal Officer will respond to your grievances with a reasonable period of 10 days from the date of receipt of your grievances.

By using the App after agreeing to our terms and conditions and/ or by providing your information, you consent to the collection and use of the information you disclose on the App in accordance with this Privacy Policy, including but not limited to your consent for collecting, using, sharing and disclosing your information as per this Privacy Policy.

If we decide to change our Privacy Policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it.

Version	Effective Date	Change Description	Author	Reviewed By	Approved By
1.O	September, 2023	Initial Version	Sundar Arumugam, Head – Digital Lending and RF Products	Chief Audit Officer Chief Compliance Officer	Board of Directors