Privacy & Security Policy
Last updated on: 16th Nov, 2022
https://kissht.com and its Android and iOS apps are owned and operated by OnEMI Technology Solutions Pvt Ltd , hereinafter referred to as 'Kissht' or 'https://kissht.com' interchangeably. Kissht is committed to maintaining the confidentiality, integrity and security of all the personal information of our users. This Privacy & Security Policy explains how we protect personal information provided through our websites such as https://kissht.com and our Android and iOS apps and how we use that information in connection with our service offered through the Site (the "Service").
"Personal Information" for purposes of this Policy means information that identifies you, such as your name, address, phone number or email address. By providing your number at https://kissht.com you are authorizing Kissht & its representatives to give you a call to offer you our services for the product you have opted for, imparting product knowledge, offering promotional offers running on website. Irrespective of the fact that you have registered yourself under DND or DNC service, you are still authorizing us, our representatives & our partners to communicate with you for the above mentioned purposes. There is no DNC check required a number you enter while using Kissht services.
To register with us you must be 18 years of age or older and Indian residents. Minors are strictly forbidden from using the service.
1. How Kissht collects information?
1.1 Information provided by you with Kissht
If you intend to open a loan account with Kissht, you would be required to provide details like your name, E-mail address, Mailing address, Mobile number, PAN number, employment & income details and other such information which may be needed to assess your creditworthiness. Wherever possible, we indicate the mandatory and the optional fields. You always have the option to not provide any information by choosing not to use a particular service or feature on the Platform. You shall be provided with an option to give or deny consent for use of specific data, restrict disclosure to third parties, data retention, revoke consent already granted to collect personal data and if required, make the app delete/ forget the data. We also collect user account data which includes email address and user public profile information like name, photo, ASID depending on the social media or networking platform used by You like Google or Facebook to log-into an app. In order to provide your bank statements or pay-slips electronically/physically along with your loan application, you also must provide your third-party account credentials ("Account Credentials") to allow https://kissht.com to retrieve your account data ("Account Information") from those financial institutions. Your Account Credentials are only used once to retrieve your bank statements/pay-slips and are not stored in our system.
No biometric data is stored/ collected in the systems associated with the DLA of REs/ their LSPs, unless allowed under extant statutory guidelines. Our system comply with various technology standards/ requirements on cybersecurity stipulated by RBI and other agencies, or as may be specified from time to time, for undertaking digital lending and the Platform does not access mobile phone resources like file and media, contact list, call logs, telephony functions, etc.
Access to your Registration Information, Account Information, and any other Personal Information you provide is strictly confidentials and used only in accordance with specific internal procedures and safeguards governing access, in order to operate, develop or improve the Service. We may also use third party service providers to help us provide the Service to you, such as sending e-mail messages or SMS on our behalf or hosting and operating a particular feature or functionality of the Service. We require such third parties to maintain the confidentiality of the information we provide to them. If you telephone us we may also record and/or monitor calls for quality checks and staff training. Such recordings may also be used to help us combat fraud.
In order to provide seamless approval and determine instant creditworthiness of customers, we explicitly request for certain permissions after users complete the signup process:
We collect all SMSs and upload on our Server to monitor the income, track and analyse financial expenses and determine the creditworthiness for instant credit disbursal. The assessment is automated and the SMSs are encrypted. Even though we have access to all SMS’s, we do not read, share or store any of your personal SMS data. Also, we do not share your SMSs data with any third party app or services.
The information we collect from your device includes the hardware model, build model, RAM, storage; unique device identifiers like Advertising ID; SIM information that includes network operator, WIFI information and mobile network information to uniquely identify the devices and prevent multiple applicants accessing your device to apply for loan offers.
We require camera access to take selfie, scan and capture the required KYC documents thereby allowing us to auto-fill relevant fields.
1.2 Information that Kissht collects from your activities
Your information would get collected when you visit Kissht website or mobile apps using your phone or computer. This information may include your IP address, contact details, device information including but not limited to identifier, name and type, operating system, location. We do not access your location or restricted data in the background for any marketing purposes. However, we may access the data in foreground with continual usage for tracking purposes and preventing frauds.
If enabled, we may place cookies on your machine that store small amounts of data on your computer about your visit to any of the pages of this website. Cookies can identify the pages that are being viewed and this can assist us in tracking which of our features appeal the most to you and what content you may have viewed on past visits.
2. How Kissht protects your personal details?
2.1 We keep your data secure
We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it using secure cryptographic techniques over HTTPS APIs. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. We use a combination of firewalls, encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect https://kissht.com accounts and systems from unauthorized access.
We maintain your information on servers located in India. Our databases are protected from general employee access both physically and logically. We encrypt your Service password so that your password cannot be recovered, even by us. All backup drives and tapes also are encrypted. No employee may put any sensitive content on any unsecure machine (i.e., nothing can be taken from the database and put on an insecure laptop).=
2.2 Encryption and secure communication
All communications between your computer, tablet, mobile devices and https://kissht.com that contain any personal information are encrypted. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery.
2.3 Login id and password confidentiality
You are responsible for maintaining the security of your Login ID and Password, and may not provide these credentials to any third party. If you believe they have been stolen or been made known to others, you must contact us immediately on firstname.lastname@example.org
3. How Kissht can utilize your information?
The intended purpose of collecting information provided by you is to
1. Establish identity and verify the same with or without help of third party(ies);
2. To complete onboarding and KYC requirements for third party lending partners;
3. Monitor, improve and administer our Platform;
4. Provide our service i.e. perform credit profiling for the purpose of facilitating loans to You.
5. Design and offer customized products and services offered by our third party financial partners;
6. Analyse how the Platform is used, diagnose service or technical problems and maintain security;
7. Send communications notifications, information regarding the products or services requested by You or process queries and applications that You have made on the Platform;
8. Manage Our relationship with You and inform You about other products or services We think You might find of some use;
9. Conduct data analysis in order to improve the Services / Products provided to the User;
10. Use the User information in order to comply with country laws and regulations;
11. Conduct KYC for our third party lending partners based on the information shared by the User;
12. Use the User information in other ways permitted by law to enable You to take financial services from our lending partners.
We will use and retain the information for such periods as necessary to provide You the Services on the Platform, to comply with our legal obligations, to resolve disputes, and enforce our agreements.
4. When you share information with Kissht
All other information shall be treated as non-confidential and non-proprietary and Kissht shall be under no obligation of any kind with respect to such information and shall be free to reproduce, use, disclose, and distribute the information to others without limitation. Additionally, Kissht shall be free to use any ideas, concepts, know-how, or techniques contained in such information for any purpose whatsoever including, but not limited to, developing or marketing services incorporating such information.
There is no legal obligation to destruct the data from the server upon you closing the account or non-usage of our services from your end. The data will be retained securely on our server and shall help Kissht:
1. To comply with legal duties and requirements, either statutory or regulatory;
2. To avoid liability through "spoliation," the improper destruction or alteration of documents in a litigation situation;
3. To support or oppose a position in an investigation or litigation;
4. To protect from unnecessary expense and time during discovery;
5. To maintain control over discovery and e-discovery, and
6. To keep documents confidential and avoid leakage to attackers or competitors.
7. To enforce our Terms and Conditions
We do not retain your personal data for longer than required for the purpose for which the information may be lawfully used. For any other information, we may entertain your request for deletion, however, you may not be able to use our Services at all after such deletion.
We will share Your information with only our registered third parties including our regulated financial partners for provision of Services on the Website/ App. We will share Your information with third parties only in such manner as described below:
a. We disclose and share Your information with the financial service providers, banks or NBFCs and our third party partners for facilitation of a loan or facility or line of credit or purchase of a product;
b. We share Your information with our third party partners in order to conduct data analysis in order to serve You better and provide Services our Platform;
d. We will disclose the data / information provided by a User with other technology partners to track how the User interact with the Platform on Our behalf.
e. We and our affiliates may share Your information with another business entity should we (or our assets) merge with, or be acquired by that business entity, or re- organization, amalgamation, restructuring of business for continuity of business. Should such a transaction occur than any business entity (or the new combined entity) receiving any such information from Us shall be bound by this Policy with respect to your information.
f. We will disclose the information to our third party technology and credit partners to perform credit checks and credit analysis like Credit Bureaus or third party data source providers;
g. We will share Your information under a confidentiality agreement with the third parties and restrict use of the said Information by third parties only for the purposes detailed herein. We warrant that there will be no unauthorised disclosure of your information shared with third parties.
h. By using the Platform, you hereby grant your consent to the Company to share/disclose your Personal Information (i) To the concerned third parties in connection with the Services; and (ii) With the governmental authorities, quasi- governmental authorities, judicial authorities and quasi-judicial authorities, in accordance with applicable laws of India.
i. We shall disclose your KYC journey or any data with respect to the same to the relevant regulatory authorities as a part of our statutory audit process. Please note that your Aadhaar number shall never be disclosed.
In case we use or disclose your information for any purpose not specified above, we will take your explicit consent.
The Platform intends to protect your information and to maintain its accuracy as confirmed by you. We implement reasonable physical, administrative and technical safeguards to help us protect your information from unauthorized access, use and disclosure. For example, we encrypt all information when we transmit over the internet. We also require that our registered third party service providers protect such information from unauthorized access, use and disclosure.
Our Platform has stringent security measures in place to protect the loss, misuse and alteration of information under control. We endeavour to safeguard and ensure the security of the information provided by you. We use Secure Sockets Layers (SSL) based encryption, for the transmission of the information, which is currently the required level of encryption in India as per applicable law.
We blend security at multiple steps within our products with the state of the art technology to ensure our systems maintain strong security measures and the overall data and privacy security design allow us to defend our systems ranging from low hanging issue up to sophisticated attacks.
We aim to protect from unauthorized access, alteration, disclosure or destruction of information we hold, including:
a. We use encryption to keep your data private while in transit;
b. We offer security feature like an OTP verification to help you protect your account;
c. We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems;
d. We restrict access to personal information to our employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations;
e. Compliance & Cooperation with Regulations and applicable laws;
g. Data transfers;
h. We ensure that Aadhaar number is not disclosed in any manner.
We or our affiliates maintain your information on servers located in India. Data protection laws vary among countries, with some providing more protection than others. We also comply with certain legal frameworks relating to the transfer of data as mentioned and required under the Information Technology Act, 2000 and rules made thereunder.
When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.
5. Information sharing with Third parties
We do not sell or misuse your data and we ensure that data is protected from being accessed by unrelated 3rd parties. We do not share your personal identifiable information and Government IDs with these parties. However, we may get into the data-sharing agreement with the 3rd party in order to enrich the offerings and provide loan services and repayment services.
3rd Party Service Providers:
We work with third-party service providers to execute various functionalities of the App and we may share your information with such service providers to help us provide the App. Some of these functionalities may include:
- Validating and authenticating the official verification documents provided by you.
- Validating your preferred bank account, as well as transferring the loan amounts to you.
- E-signing of the User Loan Agreement, populating the User Loan Agreement. The information shared with these service providers is retained for auditing of the agreements.
- eNACH set-up to enable autopay.
- Analyzing customer behaviour and to automate our marketing and outreach efforts.
- Detection and flagging of fraud.
- Gathering of additional information regarding your bank account and statement details, in case adequate information has not been provided by you or through the other service providers we work with.
- For manually collecting any sums owed by you to our Lending Partner
However, usage of such third-party services is subject to their privacy policies and not within our control. We recommend that you have a look at their privacy policies before agreeing to use their services. Explicit consent will be taken from you before sharing personal information with any third party, except for cases where such sharing is required as per statutory or regulatory requirement.
3rd Party SDK:
Our application has a link to a registered third party SDK which collects data on our behalf and data is stored to a secured server to perform a credit risk assessment. We ensure that our third-party service provider takes security measures in order to protect your personal information against loss, misuse or alteration of the data. Kissht app looks at the current transaction state, and usage patterns across the workflow with the marketing partners such as Facebook, Google, Appsflyer, and WebEngage. These tools offer capabilities to target customers with smart, personalized notifications and retargeting ads on social media and other websites to remind customers to complete their journey or use our services after a considerable time of inactivity. We do not share any personal information with them. We share limited information such as Device IDs, Android IDs, Page status, Location, Workflow events with analytics service providers that are non-personal.
Our registered third party service provider provides hosting security - they use industry-leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, and application control solutions.
To verify your creditworthiness and complete the KYC formalities, we request you to enter few government-issued ID numbers such as PAN Number, Aadhaar Card, or Virtual ID (VID) number. This data remains completely safe and secure with us and is never shared with any 3rd party. However, your information is passed to the authorized 3rd party APIs and government websites for you to fill up the information and help us validate your KYC credentials.
Law Enforcement Agencies:
If any governmental authority or law enforcement officers request or require any information and we think disclosure is required or appropriate in order to comply with laws, regulations, or a legal process.
6. Data Security Practice
By setting up a Kissht Account, you agree to our and the Lending Partner's processing, storage, usage, and sharing of the data provided by you pursuant to this Policy. Please note that if you revoke any mandatory permissions or revoke the consent to process and store information such as your Kissht Account data, Financial and KYC Information and/or any other information needed to facilitate your loan amounts, then we may have to cease the provision of Services to you. You cannot withdraw your consent once you have availed a loan using the App till you have repaid the loan amount and all related charges in its entirety.
YOUR RIGHTS REGARDING THE DATA
Right to rectification
In the event that any personal data provided by you is inaccurate, incomplete or outdated then you shall have the right to provide us with the accurate, complete and up to date data and have us rectify such data at our end immediately. We urge you to ensure that you always provide us with accurate and correct information/data to ensure your use of our Services is uninterrupted.
Right to withdraw consent
To prevent further sharing of your data, you can also uninstall the app. Your device may have controls that determine what information we collect. For example, you can modify permissions on your Android device for access to Camera or Audio permissions.
We may email or send push notifications to you from time to time about our latest offerings and updates. You may opt out of receiving such promotional emails from us by writing to us. You may also opt out of receiving emails and other messages from us by following the unsubscribe instructions in those messages. However, even if you have opted out of receiving information from us, we will still send non-promotional communications, such as repayment reminders and loan approvals message etc.
You can opt out of receiving push notifications through your device settings. Please note that opting out of receiving push notifications may impact your use of the App.
Contact Information of Data Grievances Redressal Officer
We and our Lending Partner have appointed a data grievances redressal officer. Our data grievance officer is: Suraj S, accessible via email at: email@example.com. You can contact the officer confidentially by email to enquire about the treatment of your data by us or our Lending Partner.
CHANGES TO PRIVACY STATEMENT AND YOUR DUTY TO INFORM US OF CHANGES
This Privacy Statement may change or be amended over time. The recent version of this Privacy Statement is published on this App or Platform, as the case may be.
Please revisit this page periodically to stay aware of any changes to this Privacy Statement. We will notify you of any material changes to this Privacy Statement by publishing the same on our App or Platform, as applicable. Your continued use of our services confirms your acceptance of this Privacy Statement, as amended. If you do not agree to the terms and conditions as contained in our Privacy Statement, as amended, you must stop using our services and notify us.
It is very important that any Personal Information we hold/pass on to our lending partners about you is up to date and correct. Please inform us of any changes to your Personal Information.
7. Contact Kissht
In case of any grievance / review of information you may contact on the coordinates provided below:
Address: OnEMI Technology Solutions Private Limited,
10th Floor, Tower 4, Equinox Park,
LBS Marg, Kurla West, Mumbai,
For any privacy related concerns, kindly write to us at firstname.lastname@example.org