We are committed to safeguarding your privacy, and this privacy policy explains how and why FPL Technologies Pvt. Ltd. (“We”, “Us”, “FPL”) collects and uses any personal information or data when someone (“You”, “Your”, “User”, “Cardholder/Cardmember”), uses the OneCard App or website.
Information provided by you
To avail certain services on our OneCard Mobile Application / Website, you are required to provide some personally identifiable information for the registration process, which includes but is not limited to the following:
• Your name
• Email address
• Mobile number
• Permanent Account Number (PAN)
• Date of Birth
• Gender
• Address
We may require you to provide additional details, as and when required, in order to comply with any applicable regulatory requirement or for additional services/products via the App/Website, as and when offered, and may also utilise data lawfully obtained from third party service providers authorised by you, including but not limited to data pertaining to your credit score, to provide the App services/Website services to you, subject to the terms of this Privacy Policy.
Express Consent
While providing your details/documents via the App/Website, including but not limited to personal information as mentioned herein above, you expressly consent to FPL (including its marketing channels and business partners) to contact you through SMS, call and/or e-mail and to follow up with regard to the services provided through the App/Website, for imparting product knowledge, offering promotional offers running on the App/Website & various other offers/services by our business partners.
The App/Website requires you to provide consent for keying in or uploading your personal information, as may be necessary to process your application. Any personal information which requires to be keyed in or uploaded is required for enabling hassle free, faster and paperless (to the extent possible) processing of applications for financial products so opted or availed of by you. You hereby give your consent to FPL to obtain your KYC details from CERSAI CKYC portal.
Information obtained from Credit Information Companies on your behalf
We obtain your Credit Information Aggregates from Credit Information Companies (CICs) on your behalf. By viewing your credit information on the App/Website you hereby consent that we are authorised to share your personal information with Credit Information Companies. By availing your credit information report through our App/Website, you agree that FPL shall be entitled to rely on your authorisation and consent granted by you to us for a period of 6 months from the date on which you avail your credit information report through us.
We may analyse and profile your credit information in order to assist you in being better informed about, understand and manage your credit score/rating, identify and inform you of other credit products that are likely to be suited to your circumstances, to identify whether you may benefit from additional guidance concerning your credit score and steps you can take to improve your score and credit history etc.
Information automatically collected while using the app or website
We strive to keep automatically tracked information to a minimum by obtaining no permissions from the App / Website, unless absolutely necessary to enable proper functioning of the App / Website. However, we may collect information relating to your use of our App / Website such as your IP address, browser type, mobile operating system, manufacturer and model of your mobile device/computer, access time and time spent. We may also collect information about the screens/pages you view within our App / Website and other actions you take while using our App / Website.
We may use third party services for such automatic collection, however no personally identifiable information will be shared with such third parties, unless required under applicable laws.
Use of Personal Information
We use your personal information in order to deliver and personalize services to you. This information is used for specific business purposes or for a lawful purpose to comply with the applicable laws and regulatory contractual obligations which include but are not limited to:
- Providing you with banking or non-banking services such as credit cards and fixed deposits from our partner banks and non-bank finance companies
- Verifying your identity for the purposes of providing banking or non-banking services
- Analytics for the purposes providing you with personalized offers and improving our products
- Assessing and processing applications or requests from you
- Communicating with you
- Responding to your queries
- Addressing or investigating any complaints, claims or disputes
- Conducting credit checks, screenings or due diligence checks as may be required under contractual arrangement with partner bank and non-banking financial company
- Preventing crime including fraud and financial crime
- Financial reporting, audit and record keeping purposes
Information Sharing
We may need to share limited personal information with our partner banks, non-bank finance and partners who perform services for us (eg. KYC / documents collection, card delivery, Collection Agencies and other related partners, etc) and help us operate our business. We require our partners to safeguard this information and only use your personal information for the purposes we specify.
We do not share any of your personal information with any third parties except as stated above, and/or when it is requested or required by law or by any court or governmental agency or authority to disclose, for the purpose of verification of identity, and/or for the prevention, detection, investigation including cyber incidents, and/or for prosecution and punishment of offences.
We may display third party online advertisements on the Website/App. We may also advertise our activities and organizational goals on other websites/apps. We may collaborate with other website/app operators as well as network advertisers to do so. We request you to read and understand such concerned third party privacy policies to understand their practices relating to advertising, including what type of information they may collect about your internet usage. No personally identifiable information is shared with any third party online advertiser or website or app as part of any such activity. We do not provide any information relating to your usage to such website operators or network advertisers.
During your use of the App/Website, you may come across links to third party websites/apps that are not affiliated with FPL. FPL is not responsible for the privacy practices or the content of those other websites, or for any acts/ omissions by such third parties in the course of your transaction with them.
Information Security
We implement reasonable security practices and procedures including the International Standard IS/ISO/IEC 27001:2013, Payment Card Industry Data Security Standard (PCI-DSS v 3.2.1), and RBI Cyber Security Framework.
We take appropriate security measures to protect against unauthorised access. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorised access to systems where we store personal data. All information gathered on our App / Website is securely stored within a controlled database. Access to the servers is password protected, controlled, and is strictly limited.
We have implemented an industry standard incidence response policy in line with CERT-IN guidelines and applicable regulatory requirements in case of unforeseen unauthorized access or data breach.
Data Retention
We will retain your information for as long as it is necessary for providing you the services available on the App or Website or your request for termination of your account with us, whichever is later.
Post termination of your account, we may keep your personal information along with your application details (if any) to comply with any applicable law and regulatory obligations, for fraud prevention purposes and for the exercise/ defense of a legal claim or for providing evidence in legal proceeding(s) if required for a period of 10 years. In case you give consent, we may also retain your personal data or financial data and shall use such data only for the purposes for which you have given your express consent.
Post termination of your account, we may also continue to use your anonymised data aggregated or in combination with anonymised data of other users. We use this aggregated anonymised data for fraud prevention, data analysis, profiling and research purposes.
Our partner banks and non-bank finance companies may retain your personal and financial information as per their respective privacy policies.
The Credit Information Aggregates shared by you, or received on your behalf shall be destroyed, purged, erased or returned to the Credit Information Companies promptly either when you expressly seek to do so and/or seek to revoke the consent or if it is mandated or intimated by regulators.
If you wish to review, correct or rectify your sensitive personal information or withdraw your consent for processing your sensitive personal information, you may submit a request at onecard.privacy@fplabs.tech. However, we will continue to retain your personal information as per above mentioned reasons.
Log Files
This information may include Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may use the collected log information about you to improve services offered to you, to improve marketing, analytics, or App / Website functionality.
Confidentiality of your account
You are solely responsible for maintaining the security of your account and must not provide these credentials including the Personal Identification Number (PIN) assigned to you for the App or the OneCard itself to any third party. We are not responsible or liable if someone else accesses your account through the credentials they have obtained from you or through a violation by you of this Privacy Policy.
Cookies and Do Not Track / Incognito mode settings
The OneCard website uses Google Analytics, a web analytics service provided by Google. This software uses cookies that are text files containing small amounts of information which are downloaded to your device when you visit a website, in order to provide a personalised browsing experience. These cookies help Google identify unique users, unique sessions, gather information and store information. No personally identifiable information is retrieved or stored.
Cookies allow users to navigate between pages efficiently, remembering their preferences, and generally improving their browsing experience. These cookies collect information analytics about how users use a website, for instance, often visited pages, time spent on each page etc. All information collected by third party cookies is aggregated and therefore anonymous. By using the OneCard website, the user agrees that these types of cookies can be placed on his / her device. The user is free to disable/ delete these cookies by changing his / her web browser settings. FPL and its affiliates are not responsible for cookies placed in the device of Users by any other website and information collected thereto. For more details, you can view our Cookie Policy.
Use of the OneCard App / Website shall be deemed to mean that the User has read this Privacy Policy and that the User authorises FPL to exchange, share, part with all information related to the details and transaction history of the Users to the Bank, its affiliates, banks, financial institutions, Credit Information Companies (CICs), agencies, participation in any telecommunication or electronic clearing network as may be required by law, customary practice, credit reporting, statistical analysis and credit scoring, verification or risk management and shall not hold FPL liable for use or disclosure of this information.
Grievance Redressal Policy
If you have any grievance or complaint, questions, comments, concerns or feedback in relation to the processing of information or regarding this Privacy Policy or any other privacy or security concern related to the App / Website, you can send an email to Ketan Kulkarni on grievances@fplabs.tech.