Privacy Policy

This privacy policy is published and shall be construed in accordance with the provisions of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under the Information Technology Act, 2000; that require publishing of the privacy policy for collection, use, storage, transfer, disclosure of Personal Information (means and includes all information that can be linked to a specific individual) including Sensitive Personal Information (all Personal Information which requires heightened data protection measures due to its sensitive and personal nature) (both, hereinafter referred to as "Personal Information"), excluding any information that is freely available or accessible in public domain.

Arohan Financial Services Limited ("Company") is committed to protecting the privacy and confidentiality of Personal Identifiable Information (PII) about its employees, customers, business partners and other identifiable individuals. The Company's procedures, guidelines and actions support this commitment to protecting Personal Identifiable Information (PII). Each employee bears a personal responsibility for complying with this Procedure in the fulfillment of their responsibilities towards the Company.

The Company respects the privacy of its employees and third parties such as customers, business partners, vendors, service providers, suppliers, former employees and candidates for employment and recognizes the need for appropriate protection and management of Personal Identifiable Information (PII). The Company is guided by the following principles in Processing Personal Information:

1. Notice
2. Choice
3. Accountability for onward transfer
4. Security
5. Data integrity and purpose limitation
6. Access
7. Recourse, Enforcement and Liability

1. Notice: When collecting Personal Identifiable Information (PII) directly from individuals, the Company strives to provide clear and appropriate information regarding reason of collecting
2. Choice: Generally, the Company offers individuals a choice regarding how they Process Personal Identifiable Information (PII), including the opportunity to choose to opt-out of further Processing or, in certain circumstances, to opt-in. However, explicit consent from individuals is not required when Processing Personal Information for:
   1. Purposes consistent with the purpose for which it was originally collected or subsequently authorized by the individual,
   2. Purposes necessary to carry out a transaction relationship,
   3. Purposes necessary to comply with legal requirements, or
   4. Disclosure to an Agent
3. Accountability for onward transfer: In regard to the transfer of Personal Identifiable Information (PII) to either an Agent or Controller, the Company strives to take reasonable and appropriate steps to:
   1. Transfer such Personal Identifiable Information (PII) only for specified purposes and limit the Agent or Controller's use of that information for those specified purposes,
   2. Obligate the Agent or Controller to provide at least the same level of privacy protection as is required by this Procedure,
   3. Help ensure that the Agent or Controller effectively Processes the Personal Identifiable Information (PII) in a manner consistent with its obligations under this Procedure,
   4. Require the Agent or Controller to notify the Company, if the Agent or Controller determines it can no longer meet its obligation to provide the same level of protection as is required by this Procedure, and
   5.  Upon notice from the Agent or Controller, take further steps to help stop and remediate any unauthorized Processing.
4. Security: The Company takes reasonable and appropriate measures to protect Personal Identifiable Information (PII) from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Personal Identifiable Information (PII) pursuant to all relevant Statutory Regulation(s) applicable to India.
5. Data Integrity & Purpose Limitation: The Company only process Personal Identifiable Information (PII) in a way that is compatible with the purpose for which it has been collected or subsequently authorized by the individual. The Company take adequate steps to help ensure that Personal Identifiable Information (PII) is accurate, reliable, current and relevant to its intended use.
6. Access: The Company provides individuals with reasonable access to their Personal Identifiable Information (PII) for purposes of correcting, amending or deleting that information where it is inaccurate or has been processed in violation of the Company's data privacy principles.
7. Resource, Enforcement & Liability: Violation of this Procedure by an employee or contractor or any other related concern of the Company will result in appropriate discipline. Violation by an Agent, Controller or other third party of this Procedure or the Company's privacy requirements will result in the exercise of appropriate legal remedies

Purpose of collecting and use of personal information: The Company may from time to time process certain Personal Identifiable Information (PII) from or about employees and third parties such as customers, business partners, vendors, service providers, suppliers, former employees and candidates for employment, including information recorded on various media as well as electronic data.

The Company shall use that Personal Identifiable Information (PII) to provide customers, business partners, vendors, service partners and suppliers with information and services and to help the Company's personnel for better understand the needs and interests of these customers, business partners, vendors, service partners and suppliers. Specifically, the Company uses information to help complete a transaction or order, to facilitate communication, to market and sell products and services, to deliver products/services, to bill for purchased products/services, and to provide ongoing service and support. Occasionally the Company's personnel may use Personal Identifiable Information (PII) to contact customers, business partners, vendors, service partners and suppliers to complete surveys that are used for marketing and quality assurance purposes.

The Company may also share Personal Identifiable Information (PII) with its business partners, vendors, service providers and suppliers to the extent needed to support the customers' business needs. Suppliers are required to keep confidential Personal Identifiable Information (PII) received from the Company and shall not use it for any purpose other than as originally intended or subsequently authorized or permitted.

The Company also collects Human Resources Data in connection with administration of its Human Resources programs and functions and for the purpose of communicating with its employees. These programs and functions may include compensation and benefit programs, employee development planning and review, performance appraisals, training, business travel expense and tuition reimbursement, identification cards, access to the Company's facilities and computer networks, employee profiles, internal employee directories, Human Resource record keeping, and other employment related purposes. The Company also collects and uses Personal Identifiable Information (PII) to consider candidates for employment opportunities within the Company. Human Resources Data may be shared with third party vendors and service providers for the purpose of enabling the vendor or service provider to provide service and/or support to the Company in connection with these Human Resources programs and functions. The Company will not share Human Resources Data with third parties for non-employment related purposes. The Company requires third parties receiving Personal Identifiable Information (PII) to apply the same level of privacy protection as contained in this Procedure and as required by applicable law.

The Company does not knowingly solicit or collect Personal Information from children under the age of 18 for offering our services in any form.

Changes to Policy: We reserve the right, at our sole discretion, to change, modify, add, or remove portions of this Privacy Policy at any time without any prior written notice to you. We may, however, reasonably endeavor to notify you of the changes, it is your responsibility to review the Privacy Policy periodically for updates/changes. Your continued use of our services/Platform, following the posting of changes will mean that you accept and agree to the revisions. We will never make changes to policies in order to make it less protective of Personal Information already shared by you.

Contact Us: In case you have any questions or concerns regarding the processing of your Personal Information or this Privacy Policy you may write to us it@arohan.in and copy to compliance@arohan.in. We are committed to answer your questions within the reasonable time limit. Any delay in the resolution time shall be proactively communicated to you.

Circulars - UIDAI