Privacy Policy

1.INTRODUCTION

1.1. This Privacy Policy (“Policy”) outlines Manappuram Finance Limited’s (“we”, or
“us”) practices in relation to the storage, use, processing, and disclosure of personal
data that you have chosen to share with us when you download and use our mobile
application Manappuram Finance loans: “Manappuram Personal Loan ” or use the
services made available on www.manappuram.com (the app is referred to as the
“App” and the App and the website are collectively referred to as the “Platform”).

1.2. The services we offer you on or through the Platform are referred to as
“Services”. Please note that unless specifically defined in this Policy, capitalised
terms shall have the same meaning ascribed to them in our Terms and Conditions,
available at Mobile App (“Terms”&Conditions agreed). Please read this Policy in
consonance with the Terms and conditions.

1.3. At Manappuram Finance LTD, we are committed to protecting your personal

data and respecting your privacy. Please read the following terms of the Policy
carefully to understand our practices regarding your personal data and how we will
treat it. This Policy sets out the basis on which any personal data we collect from
you, we collect about you, or that you provide to us, will be processed by us.

1.4. By providing us with the consent to process your personal data, you
acknowledge that we will collect, store, use, and disclose your personal data in
accordance with this Policy.

2.THE DATA WE COLLECT ABOUT YOU

2.1. We collect, use, store, and transfer personal data about you after obtaining your
consent, to provide you with, or in connection with, the Services. Please note that we
only collect and process a minimal amount of your personal data to provide you with
the Services. Such personal data includes:

a. Identity and profile-related data: This includes your first and last name, parents’
name, date of birth, gender, photographs, educational qualifications and background,
purpose of loan, house ownership, employment status, company name, and marital
status.

b. Contact data: This includes your email addresses (including work email address),
pin code, phone numbers, and office and residential address.

The purpose of collecting the email-id and mobile number is for effective
communication and the same shall be validated through an OTP or any other means
as it is an RBI Requirement.

The mobile communication shall either be through SMS or WhatsApp subject to your
consent for the latter one.

c. KYC data: This includes identification documents issued by the government or

other authorities, and includes details of or pertaining to your Aadhaar, PAN card,
voter ID, etc.

d. Transaction data: This includes details of transactions that may occur through the
Platform or in connection with the Services. For example, transaction data may
include the services you have sought or availed through the Platform or
confirmations of such services.

e. Data from SMSs:We collect OTP information from your SMSs sent by us only.
Please note that such data is limited to details of the transactions contained in the
SMS. We do not collect, read or store any personal SMSs.

f. Financial data: This includes your income details, details of loans issued or
otherwise applied for through the Platform, payments, and repayments thereof.

The purpose of collection of the same is to take the decision related to underwriting
the loan as well as for KYC reporting to the authoised agency.

The bank account details, and bank account statements are collected from you to
ensure that you are the valid owner of the account and the disbursements are made
correctly to this account. We shall also validate your account prior to disbursal by
sending these details to the bank for cross verification.This is also part of the
regulatory process to ensure that the fund is not transferred to an account which is
not the borrower’s account.

g. Marketing and communications data: This includes your preferences in receiving

marketing messages from us and our third parties and your communication
preferences.

h. Device data: This includes your IP addresses, geo locations, operating systems,
and unique device information.

The purpose of collecting this is to ensure the data security and ensure that requisite
trails are maintained in the event of any breach to .

Geo location may also be used to allocate your account to the nearest branch in
case you need to visit the branch for deposit of any physical documents.

As a part of the onboarding KYC process we will use your camera on time to take
your photograph with your explicit permission.

Unique Device Info is collected to securely link the loan application to the user's
Phone and shall be validated every time at the time of login. In the event the device
is changed, it the unique device info we be collected fresh.

i. Usage data: This includes information about how you use the Services.

j. Other Data Solicited:You may be required to provide further information to the

Lending Partner for the purposes of processing your loan application. Such
additional information may include (without limitation) bank statements, goods and
services tax returns, salary and income statements and title documents for the
property being financed. This data shall be supplied to the Lending Partner through
us. You may also be required to provide this information to us, the Lending Partner
and the Co-Lending Partner via physical documents, e-mail or other digital and
offline methods.

k. Marketing and communications data: This includes your preferences in receiving

related to new product messages from us and our third parties and your
communication preferences.

2.2. We do not access your mobile phone resources such as file and media (except
as disclosed above in order to enable you to upload documents), contact list, call
logs and telephony functions. However, we may access your camera, microphone,
location or any other facility solely for the purpose of onboarding or KYC checks,
after obtaining your explicit consent. We do not collect your biometric data.

2.3. We are required to collect your personal data to provide you with access to the
Platform and Services. In certain cases, we are required to collect personal data as
required by law, or under the Terms. If you fail to provide us that data as and when
requested by us, we will not be able to perform our obligations under the
arrangement we have with you or are trying to enter into with you (for example, to
provide you with features of the Services). In this case, we may have to cancel or
limit your access to the Services (or part thereof).

3.HOW WE COLLECT DATA ABOUT YOU

3.1. We use different methods to collect and process personal data about you. This
includes:

a. Information you provide us: This is the information (including identity, contact,
KYC, financial, and device data) you consent to give us when you use our Services
or when you correspond with us (for example, by email or chat, or through the
Platform). It includes information you provide when you register to use the Services,
use a Platform feature, share data through the Platform, or when you report a
problem with the Platform and our Services. If you contact us, we will keep a record
of the information shared during the correspondence.

b. Information we collect about you and your device: Each time you visit the Platform
or use the Services, we will automatically collect personal data through the use of
tools like cookies.

c. Information we receive from other sources including third parties and publicly
available sources: We will receive personal data about you from various third parties
and public sources including our third parties, Google analytics for advertising and
user analytics purposes, and other publicly available sources.

d. Information about your device: Each time you visit the Platform or use the
Services, we will automatically collect the same through the use of tools like cookies.

3.2. Please note that we do not have any control over personal data that you may
choose to make publicly available. For example, if you post reviews, comments, or
messages on public sections of the App or on an application store (such as the Play
Store), you do so at your own risk. We are not liable for third-party misuse of such
data.

3.3. We are very protective about your data. We may enter into data-sharing
agreements or disclose the collected data in order to provide the Services and new
product offerings to you. We have detailed the manner in which we and the Lending
Partner share the collected data below.

a. Service Providers: We work with third party service providers to execute various
functionalities of the App and we may share your information with such service
providers to help us provide the App. Some of these functionalities may include:

• Analyzing transaction behavior and cashflows via your SMSs, bank statements,
goods and services tax returns, salary and income statements, income tax returns,
basis which your loan offer is generated.
• Validating and authenticating the official verification documents provided by you.
• Validating your preferred bank account, as well as transferring the loan amounts to
you.
• E-signing of the loan agreement or sanction letter, populating the loan agreement
or the sanction letter. The information shared with these service providers is retained
for auditing of the agreements.
• eNACH set-up to enable autopay
• Analyzing customer behaviour, conducting research into customer behaviour and
contacting the customers for the said purpose, and to automate our marketing and
outreach efforts.
• Detection and flagging of fraud.
• Cloud providers.
• Gathering of additional information regarding your bank account and statement
details, in case adequate information has not been provided by you or through the
other service providers we work with.
• For manually collecting any sums owed by you to our Lending Partner.
• Validating and authenticating your employment status, employment information and
employment duration.

Details of the third parties we share your personal information with are set out below:

Srl Vendor
Vendor address Purpose
No Name

Digiotech Greenage Apts Bommanahalli,

Solutions Hosur Main Road, Bangalore -
1 E-SIGN
Private 560068. Karnataka
Limited support@digio.in

3rd Floor, Birla Centurion,

Karza
Century Mill Compound,
Technologies OVD&PAN
2 Lower Patel, Mumbai,
Private AUTHENTICATION
Maharastra, - 400013,
Limited
connect@karza.in

Airtel Centre, Plot No. 16,

Bharti Airtel Udyog Vihar, Phase-Iv, CUSTOMER
3
Limited Gurgaon, Haryana, 122015, MESSAGING
Content.Grievance@airtel.com

2A, 19th Floor, Senapati Bapat

Transunion
Marg, Elphinstone Road,
4 CIBIL CIBIL REPORT
Mumbai - 400013.
Limited
info@cibil.com

No.66/5-25, 5th Floor,

Perfios Indiqube-Hm Vibha Building
Software Lasker Hosur Road, Above BANKSTATEMENT
5
Solutions Star Bazar, Adugodi, CONVERSION
Pvt. Ltd Bangalore - 560030 Ka. In,
info@perfios.com
Srl Vendor
Vendor address Purpose
No Name

3B-01,02, 03, 3rd Floor

Phoenix Paragon Plaza
Crif High (Phoenix Market City
Mark Credit Campus), CRIF High Mark
6 Information Credit Information Service Pvt. BUREAU REPORT
Services Pvt. Ltd. CTS No. 124/B, 15, L.B.S.
Ltd Marg, Kurla (West), Mumbai-
400070. India,
info@crifhighmark.com

CLotusPay 18th Floor, Tower A, Building

Solutions No. 5 DLF Cyber City, DLF
7 E-NACH
Private Phase III Gurgaon 122002
Limited India, support@lotuspay.com

ACL mobile limited, 7th

floor,tower-4 express trade
ACL mobile WHATSAPP
8 towers 2,D-36 Sector-132,
limited MESSAGE
Noida-
201301support@aclmobile.care

Raksha Nikunj, Boylahalli

Village, Bengaluru Karnataka,
Gamut COLLECTION
9 India - 562149 Bengaluru,
Analytics VOICE BOT
Karnataka 562149 India,
hello@saarthi.ai

4.HOW WE USE YOUR PERSONAL DATA AND FOR WHAT PURPOSES

4.1. We will only use your personal data in accordance with the applicable law. Most
commonly, we will use your personal data to provide you with the Services, or where
we need to comply with a legal obligation.

4.2. You agree and acknowledge that by using our Services and creating an account
on the Platform, you authorise us, our associate partners, and affiliates to contact
you via email, phone, or otherwise. This is to ensure that you are aware of all the
features of the Services.

4.3. In general, we use your personal data for the following purposes and activities
undertaken without direct human supervision or control:

• To register you as a user of the Platform;

• To provide you with the Services;

• To facilitate your application to avail loan and otherwise in connection with your
obtaining of credit facilities from regulated entities including our lending partners

• To manage our relationship with you, including notifying you of changes to any
Services;

• To administer and protect our business and the Platform, including troubleshooting,
data analysis, system testing, and performing internal operations;

• To deliver content to you;

• To send you communication, including through WhatsApp business messages, in

relation to your use of the Platform or Services;

• To monitor trends so we can improve the Platform and Services;

• To improve our business and delivery models;

• To perform our obligations that arise out of the arrangement we are about to enter
or have entered with you;

• To enforce our Terms;

• To undertake marketing services, including sending you promotional messages;

• To respond to court orders, establish or exercise our legal rights, or defend

ourselves against legal claims;

• In compliance with the Reserve Bank of India’s norms, to contact you or locate you
in case of any default; and

• To ensure compliance with applicable laws.

5.HOW WE SHARE YOUR PERSONAL DATA

5.1. You agree and acknowledge that any and all information pertaining to you,
whether or not you directly provide it to us (via the Services or otherwise), including
but not limited to personal correspondence such as emails, instructions from you,
etc., may be collected, compiled, and shared by us with third parties after obtaining
your explicit consent, solely in order to render the Services to you (that is, in
connection with loan applications and your loan journey). This may include but not
be limited to Lenders (as defined in the Terms), storage providers, data analytics
providers, consultants, lawyers, and auditors. We may also share this information
with other entities in the Manappuram Finance LTD group in connection with the
above mentioned purposes. If you fail to provide consent for sharing of such data
when requested by us, we may not be able to perform our obligations under the
arrangement we have with you or are trying to enter into with you. In this case, we
may not be able to provide the Services to you.

5.2. You agree and acknowledge that by using our Services and creating an account
on the Platform, you authorise us to contact you via email, phone, or otherwise. This
is to ensure that you are aware of all the features of the Services.

5.3. You agree and acknowledge that we may share data where we are required by
law, any court, a government agency, or authority to disclose such information. Such
disclosures are made in good faith and belief that it is reasonably necessary to do so
for enforcing this Policy or the Terms, or in order to comply with any applicable laws
and regulations.

6.ACCESS AND UPDATING YOUR PERSONAL DATA

You hereby warrant that all personal data that you provide us with is accurate, up-to-
date, and true. When you use our Services, we make best efforts to provide you with
the ability to review and correct inaccurate or deficient data, subject to any legal
requirements. We shall verify the accuracy of the new personal data you provided to
us.

7.DATA SECURITY

We implement appropriate security measures to protect your personal data from

unauthorised access, and follow technology standards prescribed by applicable law,
including the Information Technology Act, 2000, Information Technology
(Reasonable Security Practices and Procedures and Sensitive Personal Data or
Information) Rules, 2011, and directions issued by the Indian Computer Emergency
Response Team.

8.DATA RETENTION AND DESTRUCTION

For information about our retention and destruction practices, please refer to the
Schedule to this Policy.

9. YOUR LEGAL RIGHTS

9.1. Under certain circumstances, you have the right to:

a. Request the erasure of your personal data: This enables you to ask us to delete or
remove personal data. We shall comply with any request, subject to applicable laws
and the terms of the loans that are sanctioned through the Platform.

b. Right to deny consent: This enables you to deny us the consent necessary to
process your personal data. If you exercise this right, it may impact or restrict our
ability to provide Services to you.

c. Right to revoke consent:: This enables you to withdraw consent at any time. We
shall comply with any request, subject to applicable laws and the terms of the loans
that are sanctioned through the Platform.

d. Right to Rectification: In the event that any personal data provided by you is
inaccurate, incomplete or outdated then you shall have the right to provide us with
the accurate, complete and up to date data and have us rectify such data. It may
take up to 10 days to process your request. We urge you to ensure that you always
provide us with accurate and correct information/data to ensure your use of our
Services is uninterrupted.

e. Right to withdraw consent: You have the right to withdraw your consent to this
Policy by uninstalling the App. However, if you have availed any services from our
Affiliates, we shall have the right to continue processing your information. However,
we shall not retain your data and information if it is no longer required by us and
there is no legal requirement to retain the same. Do note that multiple legal bases
may exist in parallel, and we may still have to retain certain data and information at
any time.

f. Right to opt-out: You can opt out of receiving push notifications through your
device settings. You can opt-out of sending promotional and marketing
communication to your phone book contacts by writing to us at
crm@manappuram.com Please note that opting out of receiving push notifications
may impact your use of the App.

9.2. We will facilitate your request to exercise such rights subject to the provisions of
applicable laws relating to the processing and storage of data. If you wish to exercise
any of the rights set out above, please write to us at crm@manappuram.com the
email of Grievance Redressal Officer, whose details are mentioned in Section 15 of
this Policy, providing in as much detail as possible, the right(s) you wish to exercise.
Please also include a description of the personal data you believe we hold or
process about you, so that we may be able to locate such personal data. In the event
that we need additional information from you, our Grievance Redressal Officer will
contact you further.
9.3. We will be able to reply to your request(s) within 30 (Thirty) days of raising the
request. In the event that we are not able to respond to or acknowledge your request
within 30 (Thirty) days of receipt due to any reason, we will inform you.

10.TRANSFER OF PERSONAL DATA

Please note that all your data, including financial data, is only stored on systems
located in India. We shall not transfer your personal data to any Other country.

11.LINKS TO THIRD PARTY WEBSITES

Our Services may, from time to time, contain services provided by or links to and
from the websites of our partner networks, service providers, financial institutions,
advertisers, and affiliates (“Third Party Services”). Please note that the Third-Party
Services that may be accessible through our Services are governed by their own
privacy policies. We do not accept any responsibility or liability for the policies or for
any personal data that may be collected through such Third-Party Services. Please
check their policies before you submit any personal data to such websites or use
their services.

12.COOKIES

12.1.Cookies are small data files that are stored on your device. We use cookies and
other tracking technologies to distinguish you from other users of the Services and to
remember your preferences. This helps us provide you with a good experience when
you use our Services and also allows us to improve the Services. Cookies are only
read by the server that places them and are unable to inter alia run programs on
your device, plant viruses or harvest yourpersonal information. Cookies allow Web
servers to recognize your device, each time you return to our platform including the
date and time of visits, the pages viewed, time spent at our platform and the
websites visited just before and just after our platform, verify your registration or
password information (in case of registered users) during a particular session.

12.2. We identify you by way of using cookies. The cookies shall not provide access
to data in your device such as email addresses or any other data that can be traced
to you personally. The data collected by way of cookies will allow us to administer
the Services and provide you with a tailored and user-friendly service. The cookies
shall enable you to access certain features of the Services. Most devices can be set
to notify you when you receive a cookie or prevent cookies from being sent. We
understand and support your right to block any unwanted internet activity. However,
If you prevent cookies from being sent, it may limit the functionality that we can
provide when you visit the Platform or try to access some of the Services on our
platform

12.3. Additionally, you may encounter cookies or other similar technologies on

certain pages of the App that are placed by third parties. We do not control the use
of cookies by such third parties.

13.BUSINESS TRANSITIONS

You agree and acknowledge that in the event we go through a business transition,
such as a merger, acquisition by another organisation, or sale of all or a portion of
our assets, your personal data might be among the assets transferred.

14.CHANGE IN PRIVACY POLICY

14.1. We keep our Policy under regular review and may amend it from time to time,
at our sole discretion.

14.2. The terms of this Policy may change and if it does, these changes will be
posted on this page and, where appropriate, notified to you by email or phone
number through SMS.

15.GRIEVANCE REDRESSAL OFFICER

You may contact our Grievance Officer with any enquiry relating to this Policy or your
personal data.

Name: Saroja Kumar Panda

Address: MANAPPURAM FINANCE LIMITED
IV / 470 (old) W638A (New), Manappuram House
Valapad, Thrissur, Kerala, India - 680 567
Landline : 04873050238
0487 3050112
Toll free:18004202233
Email Address: crm@manappuram.com
Time:8:30am -5:30pm

SCHEDULE DATA RETENTION AND DESTRUCTION POLICY

1.OVERVIEW

This Data Retention and Destruction Policy describes Manappuram Finance LTD’s
policy on data retention and destruction.

2.HOW LONG DO WE STORE YOUR DATA

You agree and acknowledge that your personal data will continue to be stored and
retained by us as required or permitted by applicable laws or regulatory
requirements, or as required for defending future legal claims. The details relating to
KYC shall be stored for five years on seizure of customer relationship required and
permitted by law and device location and SMS data will be deleted or render the data
into anonymised data, so that it no longer constitutes personal data, within three
months from the application date. All the other details will be deleted or render the
data into anonymised data upon the request of the customer for the deletion of the
data, provided there is no active loan or service being availed by you. However, in
some instances, we will be unable to facilitate requests for the deletion of your data
in compliance with legal obligations, or in accordance with applicable laws, which
may require us to store data for longer periods of time.

3.OUR DATA DESTRUCTION PROTOCOLS

Upon completion of the retention period for each category of personal data as
described above, we shall delete or destroy, to the extent technically possible,
personal data in our possession or control, or render the personal data into
anonymised data, so that it no longer constitutes personal data.

1. What Is Our Data Security Practice?

Summary: We aspire to keep your data and information as secure as possible and to
that effect we have used state of the art software.

We use requisite technical and organizational security measures to ensure a level of

protection for personal data appropriate to the nature, scope and purpose of
processing personal data, the risks associated with such processing, and the
likelihood and severity of the harm that may result from such processing. The
transfer of personal data between your end device and us is carried out via best-in-
class encryption protocols. If you communicate with us by e-mail, access by third
parties cannot be ruled out. In the case of confidential information, we recommend
using the mail, i.e., post or encrypted e-mail communication (PGP).

2. Consent Mechanism

Summary: We retain your personal data to the extent we need to. Once the legal
basis for the retention expires, we will not hold onto it.

We shall retain the information you provide to facilitate your smooth and
uninterrupted use of the App, and (i) to provide, improve and personalize our
Services; (ii) to contact you about your account and give customer service; (iii) to
personalize our advertising and marketing communications; and (iv) to prevent,
detect, mitigate, and investigate fraudulent or illegal activities. We do not retain your
personal data for longer than required for the purpose for which the information may
be lawfully used. We store your personally identifiable data in our servers in
encrypted form. For any other information, we may entertain your request for
deletion, however, you may not be able to use our Services at all after such deletion.

3. Communications From Us

We may from time to time contact you via calls, SMS, emails, and other
communication channels to provide you with information pertaining to our Services,
notifications on updates vis-à-vis our Services (when we consider it necessary to do
so), educational information and promotions. We may also notify you if we need to
temporarily suspend the App for maintenance, and keep you informed on security,
privacy, or administrative-related communications. By setting up an account on
Manappuram , you consent to us contacting you via call, SMS, push notifications, or
through any other communication channel, as we may deem fit.

4. Updates To This Notice

We may occasionally update this Policy. Use of our Services after an update
constitutes consent to the updated notice to the extent permitted by law. Please take
the time to periodically review this Policy for the latest information on our privacy
practices