PRIVACY NOTICE

This Privacy Policy (“Policy”) describes how Talazen Finance India Private Limited (“Tala”, “Company”, “we”, “us” or “our”), a Non-Banking Financial Company (NBFC) registered with the Reserve Bank of India, collects, processes, stores, and discloses personal data when you use our digital lending platforms, applications, and financial services.

1. ABOUT US AND DATA FIDUCIARY

1. Tala as Data Fiduciary: Talazen Finance India Private Limited is registered as a Non-Banking Financial Company (“NBFC”) and is regulated by the Reserve Bank of India (“RBI”). We are the data fiduciary responsible for processing your personal data in accordance with applicable Indian privacy laws including the Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 (when enforced) and RBI guidelines including the Guidelines on Digital Lending.

2. Joint Data Fiduciary: We may partner with other organizations to provide integrated or embedded financial services to you. In such cases, your data will be processed in accordance with the privacy policies of each data fiduciary.

3. Data Processor: We may act as a data processor for other regulated entities or partners with whom you have an account or contractual relationship. In such cases, we will process data according to their instructions and their privacy policy will apply.

4. Digital Lending Platforms: Tala offers financial services through our mobile application, website, and other digital platforms as defined under RBI’s Guidelines on Digital Lending (“Digital Lending Applications” or “DLA”).

5. Lending Service Providers: We may engage Lending Service Providers (LSPs) for various functions including customer acquisition, credit assessment, and loan servicing, all in compliance with RBI guidelines.

2. INFORMATION WE COLLECT

We collect and process personal data in compliance with the principle of data minimization and only for legitimate business purposes. Such data includes:

6. Identity Data: We collect data to verify your identity including: full name, date of birth, photograph, national identification numbers (Aadhaar, PAN), voter ID, driving license, passport details, and other KYC documents as required under applicable laws.

7. Contact Information: Phone number, alternate phone number, email address, residential address, correspondence address, and workplace address.

8. Financial Data: Bank account details, income information, employment details, credit history, existing loan information, financial statements, GST details, ITR documents, salary slips, and credit bureau reports.

9. Transaction Data: Information about your loan applications, disbursements, repayments, account activity, payment methods, and transaction history.

10. Device and Technical Data: Device identifiers (IMEI, device ID), IP address, location data (with consent), SMS keywords (with consent).

11. Background Verification Data: Information collected for employment verification, income verification, and risk assessment from third-party sources including credit information companies.

3. HOW WE COLLECT INFORMATION

12. Direct Collection and Support: Information you provide directly through our digital platforms, application forms, KYC processes, and interactions with our customer service, including call recordings and account support tickets and requests.

13. Third-Party Sources: Information from credit bureaus, banks, employers (with consent), government databases, and other authorized sources for verification purposes.

14. Digital Consent Framework: All data collection through our Digital Lending Application is need-based and obtained with your explicit, informed consent with a clear audit trail as required under RBI guidelines.

4. LEGAL BASIS FOR PROCESSING

We process your personal data based on:

15. Consent: Where you have provided explicit consent for specific processing activities.

16. Contractual Obligations: To perform our obligations under the loan agreement or other contracts with you.

17. Legal Obligations: To comply with applicable laws including RBI regulations, KYC requirements, anti-money laundering laws, and credit reporting obligations.

18. Legitimate Interest: For fraud prevention, risk management, and improving our services.

5. HOW WE USE YOUR INFORMATION

We use your personal data for the following purposes:

19. Loan Processing: Credit assessment, underwriting, loan approval, disbursement, and account management.

20. Legal Compliance: Meeting KYC/AML requirements, regulatory reporting, tax compliance, and reporting to Credit Information Companies as mandated by RBI.

21. Customer Service: Responding to queries, providing support, handling grievances, and maintaining customer relationships.

22. Risk Management: Fraud prevention, portfolio monitoring, credit scoring, and recovery operations.

23. Business Operations: Product development, service improvement, analytics, and internal auditing.

24. Marketing Communications: With your consent, sending information about our products and services that may be relevant to you.

6. DATA SHARING AND DISCLOSURE

We may share your information in the following circumstances:

25. RBI-Regulated Entities: With other banks and NBFCs for co-lending arrangements or other regulated activities.

26. Credit Information Companies: As mandated by RBI for credit reporting purposes.

27. Service Providers: With our authorized service providers including technology vendors, collection agencies, and verification agencies under strict confidentiality obligations.

28. Legal Requirements: When required by law, court orders, or regulatory authorities.

29. Third-Parties: With your explicit consent, we may share data with third parties such as insurance providers, investment platforms, or other financial service providers with equivalent data protection systems.

7. DATA SECURITY AND PROTECTION

30. Security Measures: We implement appropriate technical and organizational security measures.

31. Data Breach Response: We have established incident response procedures to detect, contain, and respond to security breaches. In case of a personal data breach, we will notify affected individuals and regulatory authorities as required by law.

32. Data Localization: All personal data (that is, data obtained about a Tala customer in India who is identifiable by or in relation to such data) is stored exclusively on servers located within India in compliance with RBI requirements and applicable data protection laws.

8. DATA RETENTION AND DELETION

33. Retention Period: You agree and acknowledge that Your personal data will continue to be stored and retained by Us as required or permitted by applicable laws or regulatory requirements, or as required for defending future legal claims. All the other details, which are not required to be retained per applicable laws or regulatory requirements, or as required for defending future legal claims, will be deleted or render the data into anonymised data upon the request of the customer for the deletion of the data, provided there is no active loan or service being availed by You.

34. Data Deletion: Upon completion of the retention period, we will securely delete or anonymize your personal data unless required to be retained for legal or regulatory purposes.

35. Customer Requests: You may request deletion of your data subject to our legal and regulatory obligations.

9. YOUR RIGHTS

Under applicable data protection laws, you have the following rights:

36. Right to Information: You have the right to know how your personal data is collected, processed, and shared.

37. Right to Access: You may request a copy of the personal data we hold about you.

38. Right to Correction: You may request correction of inaccurate or incomplete personal data.

39. Right to Deletion: You may request deletion of your personal data subject to legal and regulatory requirements.
40. Right to Restrict Processing: You may request restriction of processing in certain circumstances.

41. Right to Withdraw Consent: You may withdraw consent for processing activities that are based on consent.

10. CONSENT MANAGEMENT

42. Explicit Consent: We obtain your explicit consent before collecting sensitive personal data or sharing data with third parties (except where required by law).

43. Granular Consent: You have the option to provide or deny consent for specific data uses, restrict disclosure to third parties, and manage data retention preferences.

44. Consent Withdrawal: You may withdraw consent at any time through our digital platforms or by contacting our grievance officer. However, withdrawal may affect your ability to access certain services.

45. Consent Records: We maintain detailed records of consent obtained with audit trails as required under RBI guidelines.

11. DIGITAL LENDING APPLICATION SPECIFIC PROVISIONS

46. Limited Data Access: Our Digital Lending Application does not access your mobile phone resources such as contact lists, call logs, files, and media except as specifically disclosed and consented to.

47. One-Time Access: We may seek one-time access to camera, microphone, or location services for KYC verification or onboarding purposes with your explicit consent for each instance.

48. Data Storage by LSPs: Any Lending Service Providers engaged by us store only minimal customer data (name, address, contact details) required for their operations and do not store biometric data.

49. Third-Party Applications: We are not responsible for privacy practices of third-party applications or websites linked through our services.

12. COOKIES AND TRACKING

50. Use of Cookies: We use cookies and similar technologies to enhance user experience, remember preferences, and analyse usage patterns.

51. Cookie Management: You can manage cookie preferences through your browser settings, though some functionalities may be limited if cookies are disabled.

52. Analytics: We may use analytics tools to understand user behavior and improve our services.

13. CROSS-BORDER DATA TRANSFER

We do not transfer personal data outside India. All data processing and storage occurs within India’s territorial boundaries in compliance with RBI guidelines and data localization requirements.

14. CHILDREN’S PRIVACY

Our services are not intended for individuals under 18 years of age. We do not collect personal information from minors without appropriate consent from parents or guardians.

15. CHANGES TO PRIVACY POLICY

53. Policy Updates: We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

54. Notification: Significant changes will be communicated through our digital platforms, email, or SMS notifications.

55. Continued Use: Your continued use of our services after policy updates constitutes acceptance of the revised policy.

16. GRIEVANCE REDRESSAL

56. Data Protection Officer: For any queries or complaints regarding data privacy:Email: dpo@tala.co.in

57. Response Time: We will acknowledge your complaint within 7 days and resolve it within 30 days of receipt.

17. GOVERNING LAW

This Privacy Policy is governed by Indian laws. All disputes, differences and/or claims arising shall be settled by arbitration in accordance with the provision of the Arbitration and Conciliation Act, 1996 or any statutory amendments thereof or any statute enacted for replacement therefore and shall be referred to a sole arbitrator to be appointed mutually by Tala and the Customer. The place of arbitration shall be Bangalore and the proceedings shall be under fast-track procedure as laid down in Section 29(B) of the Arbitration and Conciliation Act, 1996. The awards including interim awards of the arbitration shall be final and binding on all parties concerned.