Data Privacy Policy

CUSTOMER DATA PRIVACY GUIDELINES

TFCI recognizes that one of its fundamental responsibilities is to ensure that the TFCI protects, personal information entrusted to the TFCI by its customers. This is critical for the maintenance of the TFCI's reputation and for complying with its legal and regulatory obligations to protect the TFCI's customer information. TFCI also follows a transparent guidelines to handle personal information of its customers.

In these guidelines, personal information/information means any information that relates to a natural person/corporate, which either directly or indirectly, in combination with other information available or likely to be available with the TFCI, is capable of identifying such person (e.g., telephone number, name, address, transaction history etc.).

These Guidelines are in compliance with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (the "IT Rules") contained in the Information Technology Act 2000.

1.1 Objective The purpose of these guidelines is to maintain the Customer Data privacy of and protect the personal information of customers of TFCI and ensure compliance with laws and regulations applicable.

1.2 Scope & Applicability TFCI collects three types of information: personal, sensitive personal data and non- personal data.

These guidelines are applicable to personal data & information (including sensitive personal data & information) collected by TFCI directly from the customer or through TFCI's online portals, electronic communications as also any information collected by TFCI's server from the customer's browser or through mobile application.

These guidelines are applicable to all TFCI employees, auditors, contractors, vendors, interns, associates, customers and business partners who receive personal information from TFCI, who have access to personal information collected or processed by TFCI, or who provide information to TFCI, regardless of geographic location. All employees of TFCI are expected to support the privacy guidelines and principles when they collect and / or handle personal information or are involved in the process of maintaining or disposing of personal information. These guidelines provides the information to successfully meet the organization's commitment towards customer data privacy.

All Subsidiary firms and any Third-Party working with or for TFCI, and who have or may have access to personal information, will be expected to have read, understand and comply with these guidelines. No Third Party may access personal information held by the organization without having first entered into a confidentiality agreement/Non-Disclosure Agreement (NDA).

1.3 Definition

1.3.1 Data Subject A data subject who is the subject of personal, sensitive personal data and non- personal information

1.3.2 Personal data means any information that relates to a natural person/corporate (the data subject), which either directly or indirectly, in combination with other information available or likely to be available with TFCI, is capable of identifying such person / corporate (e.g., telephone number, name, address, transaction history etc.).

1.3.3 Personally Identifiable Information PII is any information about an individual/corporate (the data subject) which can be used to distinguish or trace an individual‘s/ corporate identity; any other information that is linked or linkable to an individual/corporate. Examples included but not limited to: Name, Address, Date of birth, DIN, PAN, etc.

1.3.4 Sensitive Personal Information (SPI) Sensitive personal information means personal/corporate data (the data subject) consisting of information but not limited to the following attributes of the data subject:

  • password;
  • financial information such as bank account or other payment
  • instrument details ;
  • physical, physiological and mental health condition;
  • sexual orientation;
  • medical records and history;
  • genetic or biometric information;
  • racial and ethical origin;
  • political opinions;
  • religious or philosophical beliefs;
  • trade union membership & other membership;
  • any detail relating to the above clauses as provided to body corporate for providing service; and
  • any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise:

Provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.

1.3.5 Non-personal Data: Non-personal information includes the IP address of the device used to connect to TFCI's network, TFCI's VPN, TFCI's website or any other TFCI application/ infra/database along with other information such as browser details, operating system used, the name of the website/application that redirected the visitor to TFCI's website, etc. Also, when user browse TFCI site or receive one of TFCI emails, TFCI and our affiliated companies, use cookies and/or pixel tags to collect information and store the online preferences.

1.3.6 Third Party All external parties including contractors, interns, summer trainees, vendors, auditors, and business partners, etc. or who has access to TFCI information assets or information systems.

1.4 Purpose of collection and Usage of Personal Information TFCI shall use the information collected to manage its business and offer an enhanced, personalized online/offline experience or experience on its website/mobile application. Further, it shall enable TFCI to:

  1. Process applications, requests and transactions
  2. Maintain internal records as per regulatory guidelines
  3. Provide services to customers, including responding to customer requests
  4. Comply with all applicable laws and regulations
  5. Recognize the customer when he Connect online or offline or to conducts online transaction
  6. Understand the needs and provide relevant product and service offers

If a customer does not wish to provide consent for usage of its sensitive personal data or information or later withdraws the consent, TFCI shall have the right not to provide services or to withdraw the services for which the information was sought from the customer.

1.5 Disclosure/ Sharing of Information

TFCI shall not disclose personal information of its customers without their prior consent unless such disclosure has been agreed to in a contract between the body corporate and customer, or where the disclosure is necessary for compliance of a legal obligation. In- case TFCI discloses the personal information to Third Parties, such Third Parties shall be bound contractually to ensure that they protect customer personal information in accordance with applicable laws.

The above obligations relating to sharing of personal data or information shall not apply to information shared with government mandated under the law to obtain such information or by an order under law for the time being in force. Further, if any personal data or information is freely available or accessible in the public domain, TFCI shall not have any obligations regarding the same.

No specific information about customer accounts or other personally identifiable data shall be shared with third parties unless any of the following conditions is met:s

  1. To help complete a transaction initiated by the customer
  2. To perform support services through an outsourced entity provided it conforms to the Privacy Guidelines of TFCI
  3. The customer/applicant has specifically authorized it
  4. To conform to legal requirements or comply with legal process
  5. The information is shared with Government agencies mandated under law
  6. The information is shared with any third party by an order under the law
  7. Enforce the terms and conditions of the products or services
  8. Act to protect the rights, interests or property of TFCI, or its members, constituents or of other persons
  9. Entered into a confidentiality agreement/Non-Disclosure Agreement (NDA)

1.6 Data Protection and Security

The security of personal information is a priority and shall be ensured by maintaining physical, electronic, and procedural safeguards that meet applicable laws to protect DATA SET information against loss, misuse, damage and unauthorized access, modifications or disclosures.

Anyone collecting personal and customer information must fairly and lawfully process it, process it only for limited, specifically stated purposes, use the information in a way that is adequate, relevant and not excessive, use the information accurately, keep the information on file no longer than absolutely necessary, process the information in accordance with the legal rights, and keep the information secure.

TFCI shall continuously review and enhance its security policies and security measures to consistently maintain a high level of security.