This document is published in accordance with the provisions of Rule 3 (1) of the Information Technology (Intermediaries Guidelines) Rules, 2011 that require publishing the rules and regulations for access or usage of the internet resource www.rapidrupee.in (https://rapidrupee.in/) as well as RapidRupee mobile application platform and any other application or software run under the brand name “RapidRupee” (hereinafter referred to as the “RapidRupee”).
AFG BUSINESS SOLUTINS (INDIA) PVT. LTD. (“us”, “we”, or “AFT” or “Company”) is the exclusive licensee of the RapidRupee.
We make every effort to ensure that the information you provide will not be misused.
Persons using the Services are hereinafter referred to as “Users” or “you”.
Information Collection and Use
During the use of our Services, website and mobile application, we may collect information about you from you and from third parties. While some information has to be mandatorily provided, others are optional and certain portions of the information will remain private and some will be shared with associated third parties. All the provided information is need-base, we do not require or collect any information that is not related to the Services and not required to carry out our operations. All information you provide to us is voluntary. This information is including but not limited to the following:
- information about you when you register or when you use RapidRupee;
- personal and financial information like your name, email address, contact number, gender, date of birth, contact information, address, employment information, pay slips, academic qualification, PAN no., Driving License no., Aadhar no., bank statements, net-banking credentials, etc.;
- credit related information that is collected from other sources like credit bureaus.
- Information about your transaction history like spend data.
- We may also collect other personal information such as SMS, contacts, location data, mobile device data etc.
- your unique identifiers such as username and password, preferences information and transaction history;
- information collected through your Facebook, Twitter, Linkedin or other social media accounts which have been linked to using RapidRupee.
- information that you provide when you write directly to us (including by e-mail) or provide us over telephone;
- any other information that RapidRupee is required to collect as per specific mandate from any bank or as a requirement under applicable law;
- Electronic bank statements through a 3rd party provider
- Aggregate information and electronic data – like the pages viewed, how you navigate through the website and interact with webpages, etc.
You also permit us to retrieve your personal, public proﬁle and friend list/ contact list from your Facebook or LinkedIn account or Google identity, in case you are using our internet resource www.rapidrupee.in and other acceses, in case you are using our RapidRupee mobile application, especially:
- Camera : we may have one-time access to use the camera to enable you to take images of the KYC documents like Selfie, Payslip, PAN card etc. each time we need it for the purpose of on-boarding/ KYC requirements.
- Photos/media/files : We may have one-time access to your image gallery only to enable you to upload KYC documents each time we need it for the purpose of on-boarding/ KYC requirements.
- Location : Location information is captured at the time of login and is a useful parameter to determine the last location. We may have one-time access to your location data each time we need it for the purpose of on-boarding/ KYC requirements.
- SMS : Financial and Banking applications interact with their customers via SMS and SMS and this activity is used for the purpose of on-boarding since it allows us to understand your financial ability to repay our loans.
- Phone call logs : Number of calls made and received by the customer is indicative of the phone usage of the user and helps in building a better profile of the user by our credit risk assessment algorithms during on-boarding process.
You understand that, by creating an account, we will be able to identify you by your RapidRupee proﬁle.
However, we will not be liable under any circumstance for the generation of your proﬁle or the information you provide therein.
RapidRupee will also not be liable for the photographs and data that the Users might upload, the use and misuse thereof.
We will ask for your bank account details only for the Service. All the information that you shall provide us is voluntary, including sensitive personal information.
RapidRupee stores only basic minimal data that may be required to carry out our operations and does not collect or store any biometric data.
Rights of the Users
You are allowed to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, ask us to delete/ forget the data, provided that denial, restriction or revocation of your consent is compatible with our ability to carry out our operations.
To provide you with our Services, RapidRupee (including app) may require access to the following:
- Mobile device
- Log data
- Third-party service providers
Data / Cookies
We maintain administrative, technical and physical safeguards designed to protect the security, confidentiality and integrity of your personal information. We store all the customer data on cloud servers in India to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls, SSL data encryption and access authorization controls. All data is stored only for the period of your consent granted
However, you understand and accept no data transmission over the Internet can be guaranteed to be completely secure. We cannot ensure or warrant the security of any information that you transmit to us and you do so at your own risk. Data pilferage due to unauthorized hacking, virus attacks, technical is possible and we take no liabilities or responsibilities for it.
After the end date of the storage term unless the new consent on data storage is received the data is destroyed. The information is destroyed securely so that it cannot be reconstituted e.g. via shredding for paper or full deletion for electronic files.
The data is subject to a very strict access controls involving both physical security and authorised use logon with additional security measures in place. Access will not be granted in public areas and output such as printouts must be to areas where only those organization staff who are authorised to the information asset can reach it.
In case of any security breach, the incident is reported to senior management immediately and flagged as a major incident. Such incidents are recorded and investigated in accordance with the security incident management procedures.
Privacy Policies of Third Party Websites
We will share all information we collect from you, including the personal information with any third party if we in good faith believe it is required for the purposes of our compliance with any applicable law, regulation, legal process or enforceable governmental request/ action or any manner required for the purposes of protecting our rights or interests.
Therefore, we are not responsible for the information or content they may contain, nor are we responsible for the privacy practices employed therein. Please contact them directly for more information about their privacy policies.
We may employ third-party companies and individuals due to the following reasons:
- To assess User’s credit risk;
- To facilitate our Service;
- To provide the Service on our behalf;
- To perform Service-related services; or
- To assist us in analyzing how our Service is used.
Following third-party services are used by the app:
- Credit bureaus ( CRIF, Experian)
- Karza, IDfy
- InstaMojo, Cashfree
We want to inform users of Service that these third parties have access to your personal information. The reason is to perform the tasks assigned to them on our behalf.
These Services do not address anyone under the age of 18. We do not knowingly collect personally identifiable information from children under 18. In the case we discover that a child under 18 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do necessary actions.