Privacy Policy

1. Introduction

  • Panip Technologies Private Limited ('CredRoot') always values the users of our portal (the "Website"). Your privacy is very important to us. We recognize that you may be concerned about our collection, use, and disclosure of the personally identifiable information ("Personal Information") that we collect when you use the Website and the services offered on the Website ("CredRoot"). We are commited to protecting and safeguarding your rights.
  • This Privacy Policy explains what we do with your personal data when you visit our Website, Portal or landing page, when your organisation registers as member of our platform and when we provide services to your organization through our platform, website or landing page.
  • It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you.
  • By using the Website you are accepting the practices described in this Privacy Policy. By using the Website you also give consent to the use of Your Personal Information by CredRoot in accordance with the terms set out in this Privacy Policy
  • If you have any questions or comments regarding this Privacy Policy, or if you would like to discuss anything, please contact us at info@credroot.com or support@credroot.com
  • If you do not agree to provide your consent, CredRoot may not be in a position to process your loan application.
  • We may make changes to the Privacy Policy from time to time. Please visit this page if you want to stay updated as we will post any changes here. you must review the new Privacy Policy carefully to make sure you understand our practices and procedures

2. What type of information do we collect?

Senstitve Personal data/information:

If your organisation registers to use the Services provided on our platform, we need to collect and use information about you or individuals at your organisation in relation to your loan application, in the course of providing you with our Services. These information may includes following:

  • Names of founders, directors or executives of your organisation
  • Business activities of founders, directors or executives of your organisation
  • Login details
  • Your name
  • Your phone number
  • Your mailing address
  • Your email address
  • PAN Number
  • TAN Number
  • KYC documents;
  • Income tax filings
  • Reasons for seeking finance
  • Income Source
  • Goods and services tax (GST) filings
  • Financial accounts
  • Bank statements and
  • Bureau score (if available)
Non-Personal Information:

We also collect non-personal information from you, such as your browser type, the URL of the previous website you visited, your ISP, operating system, and your Internet protocol (IP) Address ("Non- Personal Information"). Non-Personal Information cannot be easily used to personally identify you.

3. How do we collect this information?

Providing Information to us:
  • Where you or your organisation registers with our platform or
  • Where you or your organisation uploads information about itself to our platform
Information we receive from other sources:
  • We may seek more information about your organisation from other sources generally by way of due diligence or other market intelligence including research and analysis of the filed accounts of your organisation.
Information we collect automatically:
  • Like the operators of most websites, we use analytic and reporting technologies to record Non-Personal Information such as Internet domain and host names, Internet protocol (IP) addresses, browser software, operating system types, clickstream patterns, and the dates and times that the Website and CredRoot Services are accessed. We also contract with several online partners to help manage, monitor and optimize our Website and CredRoot Services and to help us measure the effectiveness of our advertising, communications and how visitors use the Website. To do this, we may use web beacons and cookies.
Communication with us:
  • If you communicate with us regarding the Website or CredRoot Services, we will collect any information that you provide to us in any such communication.

4. How we use your information?

  • We use Personal Information primarily for our own internal purposes, such as providing, maintaining, evaluating, and improving the Website, fulfilling requests for information, and providing customer support. Your personal information shall also be shared with the other members of this website. Upon acceptance of these terms and conditions, you hereby grant us an unequivocal and absolute consent to share your personal information (but not your Sensitive Personal Data / Information) with our affiliates and third parties.
  • Credroot is not required to seek your consent once again in respect of sharing your personal information with our affiliates and third parties
  • To enable us to provide the analysis and reports requested by you or your organisation.
  • We would further share your personal information with marketing agencies and other businesses if we in our sole discretion understand that your information may be used to market the Website or a product or service
  • To verify your identity to ensure that you are authorised to access the platform and to protect against unauthorised use and access of the platform.
  • To better understand your preferences to enable us to provide you with a better service and tailored suggestions for your lending or financing needs.
  • To improve your experience of using our platform, for example by analysing your recent search criteria to help us to present the information that is most relevant to you.
  • To notify you about changes to the products and services that we offer and to directly market these products and services to you. We may periodically send promotional emails
  • We may also make public, your personal information in relation to any testimonials and feedback that you may provide us with and you hereby grant us the right to make such testimonials and feedback public on any public platform that we may chose. The term “Personal Information” shall include your name, address, e-mail id and mobile phone number, your images and photos, if any, but it shall not include any data in relation to your financial status, income statements, earnings, source of earnings, personal identification numbers, passwords, code numbers, bank account numbers, credit card numbers, expiry dates relationship numbers, CW numbers, encryptions, cookies and other such electronic details.
  • To contact you via email, phone or text message, to deliver certain services or information you have requested.
  • To administer our platform for internal operations, including troubleshooting, data analysis, testing, research and statistical and survey purposes.
  • To assist you in assessment suitability for a loan application, in particular to conduct a credit assessment on you, comply with CredRoot's Know-Your-Client ("KYC") procedures, comply with any potential lender's documentation requirements in relation to loan approval.
  • From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customize the platform or website according to your interests.

5. Whom do we share your personal data with?

We will share your personal data primarily to any of the following groups:

  • Lenders that can login in to our platform to download reports on your organization, Lenders who will consider your loan application;
  • Any members of our group company where this is necessary to complete CredRoot's analysis and processes, and in accordance with laws on data transfers;
  • Any members of our group company where this is otherwise necessary, and in accordance with laws on data transfers;
  • Tax, audit, or other authorities, when we believe that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
  • We may disclose your Personal Information to any successor-in-interest of ours, such as a company that acquires us. In the event CredRoot goes through a business transition, such as a merger or acquisition by or with another company, or sale of all or a portion of our assets, your Personal Information will likely be among the assets transferred. You will be notified via email or by a notice on our Website of any such change in ownership or control of your Personal Information.
  • We shall keep your personal information and Sensitive Personal Data / Information private and confidential. We may disclose your Personal Information and/or Sensitive Personal Data / Information to prevent an emergency, to respond to legal requirements, to protect or enforce our rights and policies, to protect or enforce the rights of a third party, or as required or permitted by law (including, without limitation, to comply with a summon or court order
  • We may contract with various third parties who help us provide, maintain and improve the Website and the CredRootWe also contract with several online partners to help manage, monitor and optimize our Website and the CredRoot Services and to help us measure the effectiveness of our advertising, communications and how visitors use the Website. We will use commercially reasonable efforts to prevent such third parties from disclosing your Personal Information, except for the purpose of providing Services in question. We cannot guarantee that such third parties will not disclose your Personal Information. In no circumstances, CredRoot shall disclose data in relation to your financial status, income statements, earnings, source of earnings, personal identification numbers, passwords, code numbers, bank account numbers, credit card numbers, expiry dates relationship numbers, CW numbers, encryptions, cookies and other such electronic details
  • We will disclose Non-Personal Information, in aggregate form, to potential strategic partners, advertisers, investors, customers, and others. You may opt-out of the sharing of this information by mailing the grievance redressal officer. However, it cannot be easily used to identify you personally
  • We may use third party service providers to serve ads on our behalf across the Internet and sometimes on the Website. They may collect anonymous information about your visits to our Website, and your interaction with our products and services. They may also use information about your visits to this and other websites to target advertisements for goods and services. This anonymous information is collected through the use of a web beacon, which is industry standard technology used by most major websites
  • To make an improvement in its business CredRoot may share the personal information of a user with Credit Rating Agencies and the information shall be shared with Credit Rating Agencies in the event, Reserve Bank of India issues guidelines or direction in this regard

6. How we safeguard your personal data?

  • Whenever we obtain your Personal Information, we use commercially reasonable efforts to protect it from unauthorized access or disclosure. However, we are not insurers of the security of your Personal Information. Accordingly, we assume no liability for any disclosure of data due to errors in transmission, unauthorized third party access or other acts of third parties, or acts or omissions beyond our reasonable control
  • We care about protecting your information. That's why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data.
  • If you suspect any misuse or loss of or unauthorised access to your personal information, please let us know immediately. Please raise your concern with grievances@crediroot.com, in the first instance, and we will investigate the matter and update you as soon as possible on next steps.

7. How long do we keep your personal data for?

  • We will not keep your personal data for longer than is necessary for the purposes for which we collect it unless we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation).
  • When it is no longer necessary to retain your data, we will delete the personal data that we hold about you from our systems. While we will endeavour to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.
  • By continuing to use our website or creating a CredRoot Account, you agree to processing, storage, usage, and sharing of the data provided by you, as per the terms of this Policy. We retain and use personal information to provide you with services you explicitly requested for, to resolve disputes, troubleshoot concerns, help promote safe services, measure interest in our services, inform you about offers, products, services, updates, customize your experience, detect & protect us against error, fraud and other criminal activity, enforce our terms and conditions, etc. We may also use your personal information to send you offers regarding various services/facilities which CredRoot or its group companies may, from time to time, start. We may occasionally ask you to complete optional online surveys. These surveys may ask you for contact information and demographic information (like zip code, age, gender, etc.). We use this data to customize your experience at CredRoot.

8. What are my rights?

You have various rights in relation to the data which we hold about you. We have set these out below.

  • If you do not agree with any of the terms of this Policy or wish to revoke any consent you have provided to us and/or the Lending Partner, please write to us at support@credroot.com (mailto: support@credroot.com ) . You may write to us to revoke consent for use of any specific data or restrict disclosure to third pa rties or retention of data beyond expiry of Services or to revoke consent already granted to collect personal data and if required, make the app delete/ forget the data. However, please note that if you revoke any mandatory permissions or revoke the consent to process and store information necessary for providing services or fulfil your obligations, then we may have to cease the provision of Services to you and invoke our rights necessary to safeguard ourselves and the Lenders. You cannot withdraw your consent once you have availed services using the website/ our App till you have closed all services with us and our Affiliates.
  • Where we have obtained your consent to process your personal data for certain activities (for example, for marketing), you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition.
  • You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost.
  • Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.
  • You have the right to request that we "erase" your personal data in certain circumstances. Normally, the information must meet one of the following criteria:
    • The data are no longer necessary;
    • You have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;
    • The data has been processed unlawfully;
    • It is necessary for the data to be erased in order for us to comply with our obligations under law; or
    • You object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
  • We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.
  • When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
  • You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shored your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
  • You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
  • If you wish, you have the right to transfer your personal data between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine- readable format so that you cantransfer the data. Alternatively, we may directly transfer the data for you.
  • You also have the right to lodge a complaint with your local supervisory authority. You can also lodge a complaint with CredRoot at grievances@credroot.com

9. Who is responsible for processing your personal data?

CredRoot is responsible for processing your personal data. CredRoot is a private limited company with its registered office located at C-315, K.P. Epitome, Nr. Siddhivinayak Tower, Makraba, Ahmedabad -380015, Gujarat. Your information will be stored by CredRoot and/or its affiliated technology partners via secure database. We take privacy seriously and will get back to you as soon as possible.

10. Legal basis for us processing your data

There are a number of different ways that we are lawfully able to process your personal data. We have set these out below.

  • We are allowed to use your personal information where it is in our interests to do so, and those interests aren't outweighed by any potential prejudice to you.
  • We believe that our use of your personal information is within a number of our legitimate interests, including but not limited to:
    • To administer our platform for internal operations, including troubleshooting, data analysis, testing, research, and statistical and survey purposes
    • To help us understand you better and provide you with better, more relevant services
    • To ensure that our systems run smoothly
    • To help us keep our systems secure and prevent unauthorized access or cyber attacks
    • To drive commercial value
  • We don't think that any of the activities set out above will prejudice you in any way. However, you do have the right to object to us processing your personal information on this basis. We have set out details regarding how you can go about doing this in the "Access, Correction and Inquires" section below.
  • We are allowed to use your personal information where you have specificolly consented. In order for your consent to be valid:
    • It has to be given freely, without us putting you under any type of pressure;
    • You have to know what you are consenting to - so we'll make sure we give you enough information;
    • You need to take positive and affirmative action in giving us your consent - for example, we could provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
    • We seek your consent when you register to use our platform or website. Before giving your consent, you should make sure that you read any accompanying information provided by us so that you understand exactly what you are consenting to.
    • You have the right to withdraw your consent at any time, and details of how to do so con be found above
    • We are allowed to use your personal information when it is necessary to do so for the performance of our contract with you.For example, we need to hold your email address in order to be able to send you reports and other analysis where you have requested them.
    • Please acknowledge that you have read and understood the terms of this Privacy Policy, to indicate your consent to your information (including any SPDI) being collected for the purposes set out in this Privacy Policy and for its handling and storage in the manner as set out in this Privacy Policy.

11. Changes in privacy policy

We reserve the right to change, modify, add, or remove portions of this Privacy Policy at any time for any reason. In case, any changes are made in the Privacy Policy, we shall update the same on the Platform. Once posted, those changes are effective immediately, unless stated otherwise. We encourage you to periodically review this page for the latest information on our privacy practices. Continued access or use of the Services constitute Your acceptance of the changes and the amended Privacy Policy

12. Security Precautions

  • The Platform intends to protect your information and to maintain its accuracy as confirmed by you. We implement reasonable physical, administrative and technical safeguards to help us protect your information from unauthorized access, use and disclosure. For example, we encrypt all information when we transmit over the internet. We also require that our registered third party service providers protect such information from unauthorized access, use and disclosure.
  • Our Platform has stringent security measures in place to protect the loss, misuse and alteration of information under control. We endeavour to safeguard and ensure the security of the information provided by you.
  • We blend security at multiple steps within our products with the state of the art technology to ensure our systems maintain strong security measures and the overall data and privacy security design allow us to defend our systems ranging from low hanging issue up to sophisticated attacks.
  • We aim to protect from unauthorized access, alteration, disclosure or destruction of information we hold, including:
    • We use encryption to keep your data private while in transit;
    • We offer security feature like an OTP verification to help you protect your account;
    • We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems;
    • We restrict access to personal information to our employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations;
    • Compliance & Cooperation with Regulations and applicable laws;
    • We regularly review this Privacy Policy and make sure that we process your information in ways that comply with it.
    • Data transfers;
    • We ensure that Aadhaar number is not disclosed in any manner.
  • We or our affiliates maintain your information on servers located in India. Data protection laws vary among countries, with some providing more protection than others. We also comply with certain legal frameworks relating to the transfer of data as mentioned and required under the Information Technology Act, 2000 and rules made thereunder
  • When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.