Privacy Policy
Purpose of Policy
The purpose of this policy is to present Mastersoft ERP Solutions Pvt Ltd (herein referred to as the Company) commitment to the privacy of user information and sensitive commercial/financial data.
Scope of Policy
This policy applies to all data that is either owned or managed by the Company. This is in accordance with the ISO27001: 2022 & CSA STAR controls.
Supporting Documents
The policy is supported by the following documents:
- Information Security Policy
Responsibilities
- Chief Information Security Officer (CISO): Responsible for the development, implementation, maintenance, and enforcement of the policy.
- Internal Audit Team: Responsible for conducting regular audits to ensure compliance with this policy.
- Employees and Non-Employees: Responsible and accountable for ensuring adherence to the terms of this policy in the course of their job duties.
Policy Statements
- The privacy policy displayed to the user must clearly communicate a minimum of the following information
- Purpose for collection of personal information.
- Manner in which the information will be processed.
- Controls for protection of personal information.
- Usage of tools such as cookies to collect personal information online.
- Details of information such as IP address and domain information captured about the user.
- Sharing of information with third parties.
- User rights to access personal information.
- Contact details for queries on processing personal information.
- Commitment to privacy and security.
- Period for which the terms and conditions are valid.
- Information security standards and practices.
- Policy on external links.
- The Company will not use information about user activities on the Internet together with any information that would result in the user being identified without their consent.
- The Company will not associate the information collected by software utilities (cookies, single-pixel GIF images) with the user's name or email address at the time of the user visiting the sites.
- The Company will implement policy guidelines to safeguard the privacy of user identifiable information from unauthorized access or improper use and will continue to enhance security procedures as new technology becomes available.
- The Company will honour requests from users to review all personally identifiable information maintained in reasonably retrievable form, which currently consists of the employee’s name, address, email address, and telephone number, and will correct any such information which may be inaccurate. Users may verify that appropriate corrections have been made.
- The Company may use user identifiable information to investigate and help prevent potentially unlawful activity or activity that threatens the network or otherwise violates the user agreement for that service.
- All kinds of data such as personally identifiable information shared by users shall be:
- Processed fairly, lawfully, and securely.
- Processed in relation to the purpose for which it is collected.
- Maintained up to date and accurate as necessary.
- Retained for no longer than is necessary for the purpose for which it is collected.
- Users shall be provided with at least the following information before collecting personally identifiable information:
- Purposes of processing the information.
- Any further information regarding the specific circumstances in which personal information is collected, such as:
- The recipients of the information.
- Whether submission of information is obligatory or voluntary, as well as the impact of failure to submit such information.
- The existence of the right to access, update, or remove personal information.
- Whether personal information will be used for marketing purposes.
Data Protection Procedure
Mastersoft ERP Solutions Pvt Ltd, CIN No. U72900MH2015PTC264680 (“Company”, "We", "Us", or "Our"), a private limited company with its registered office at Plot No. 8B-1, Sector 21, Non-Sez, MIHAN, Nagpur, 441108, which owns and operates the website https://www.iitms.co.in/ is committed to protecting Your privacy and the information that You share while using the Platform. We value the trust you place in us. That’s why we maintain the highest security standards for securing the transactions and your information.
This privacy policy (“Privacy Policy”) specifies the manner in which personal data and other information is collected, received, stored, processed, disclosed, transferred, dealt with, or otherwise handled by the Company. This Privacy Policy does not apply to information that you provide to, or that is collected by, any third-party through the Platform, and any Third-Party Sites that You access or use in connection with the Services offered on the Platform.
Please read the Privacy Policy carefully prior to using or registering on the Platform or accessing any material, information, or availing any Services through the Platform. By visiting the Platform or setting up/creating an Account on the Platform for availing the Services and clicking on the “I accept” button provided on the Platform, You (“You”, “Your” as applicable) accept and agree to be bound by the terms and conditions of this privacy policy (“Privacy Policy”). This Privacy Policy is incorporated into and subject to our terms of use (“Terms”) and shall be read harmoniously and in conjunction with the Terms. All capitalised terms used and not defined in this Privacy Policy shall have the meaning ascribed to them under the Terms.
This Privacy Policy (i) is an electronic record under the Information Technology Act, 2000 read with rules and regulations made thereunder and is generated by a computer system; and (ii) will not require any physical, electronic, or digital signature.
1. Collection of Information
We collect Personal Information (defined below) from you when you register or set up an Account with us or avail a financial product on the Platform. You may browse certain sections of the Platform without being registered with us. However, to avail certain Services on the Platform You are required to set up an Account with Us.
This Privacy Policy applies to the following information:
- Information You give Us: You may provide certain information to Us voluntarily while registering on Our Platform and creating an Account for availing Our Services, such as name, mobile number, Permanent Account Number (PAN), signature, email address, date of birth, gender, photograph (selfie), marital status, communication and residential address details. We may also require You to provide additional information such as proof of address, residence ownership type, location, annual income, employment type, and source of income, number of years in employment, employer name, employer address, designation, official email address, business name, business address, nature of business, and additional income source, and Aadhaar data to facilitate in evaluation of Your credit profile and creditworthiness by the financial institutions offering or proposing to offer financial products to You. In addition to the above Personal Information, We also collect your signature and also take your live video or live selfie photo at the time of sign up for verification purposes. We may also collect other related information such as the date and time of contact with you, the number of attempts and your availability, for the said verification. The information collected in the course of your verification shall solely be used for completing the Account opening procedures and authenticating your transactions on the Platform. The act of providing Your Aadhaar data is voluntary in nature and the Company hereby agree and acknowledge that they will collect, use, and store such details in compliance with applicable laws and this Privacy Policy.
- KYC related information: We may retrieve from Your records available with third party including from Know Your Customer (KYC) Registration Agency (KRA) such as name, KYC details, KYC status, father’s/spouse’s name, occupation, address details and other related documents, for completion of Your KYC, which is required by the financial institutions for processing of Your application for availing a financial product.
- Location based information: When and if you download and/or use the Platform through Your mobile, we explicitly seek permissions from you to get the required information from the device. We may receive information about Your location, Your IP address, and/or your mobile device, including a unique identifier number for Your device and such other information as may be required for on boarding You on the Platform (through a one-time permission to access and process such information at the time of on boarding and KYC collection). In addition to the above, we identify and use Your IP address to also help diagnose problems with our server, resolve such problems and administer the Platform. Your IP address is also used to help identify you and to gather broad demographic information.
- Access to Camera and Microphone: We require a one-time access to your camera to scan and capture the required KYC documents thereby allowing us to auto-fill relevant fields. As a part of facilitation of the KYC process, we require a one-time access to your camera to enable you to initiate Your KYC process. This permission allows us or our authorized agents to perform your video KYC while also taking screenshots of your original officially verified documents that you present during your video KYC. Video KYC enables you to complete Your KYC digitally, smoothly, and efficiently. Your video shall be recorded and retained for regulatory purposes along with the screenshots of original official verified documents. We require a one-time microphone permission to enable a two-way communication between our authorized agent and you for the purpose of performing and completing your video KYC. Your audio shall be recorded for regulatory purposes.
- Access to storage: We require storage permission so that Your KYC and other relevant documents can be securely downloaded and saved on your phone. You can then easily upload the correct KYC related documents for faster financial product application details filling and disbursal process. This ensures that you are provided with a seamless experience while using the Platform. This is a one-time request and the same would be obtained at the time of sign up.
- Non–Personal and Automatic Information: We may also collect certain non-personal information, such as system generated user ID and access tokens (“Non-Personal Information”), while you access the Platform. Such Non-Personal Information cannot be used to identify any individual user. Access tokens are alphanumeric codes that act as passwords for Your Account on the Platform. Each access token is unique to Your Account on the Platform and is required to retrieve Personal Information about You from Our servers. An access token is generated when you create an Account on the Platform and is required each time you log in to Your Account on the Platform.
- We may collect information through “cookies” or similar technologies. A cookie is a small text file that we may use to collect information about Platform activity. Some cookies and other technologies may serve to recall Personal Information previously indicated by a Platform user. Most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser. If you block cookies, certain features on the Platform may not work. We use cookies and tracking information to understand how the Platform is being used, to monitor aggregate usage, and web traffic routing on the Platform, and to improve and customize the Platform. By visiting Our Platform, You acknowledge that you accept and consent to our privacy practices as well as our cookies policy.
- Payment and other information: We may require you to provide us with your financial information, such as bank account information, and/or other payment related details (“Payment Information”) and such other details as may be required to process payments, if any, on the Platform.
- Information received from third-parties: We may receive certain information about you from third parties such as financial institutions, identity verification service providers, etc. for the purpose of account creation, completion of KYC, credit profile creation, and enabling transactions for availing of Services.
2. Use of Information
You agree and acknowledge that all information gathered from you may be used by us and/or authorized third parties/entities for the following purposes:
- (i) To provide, maintain, develop, protect, and improve the Platform and for developing new products and services.
- (ii) To evaluate Your credit profile and creditworthiness.
- (iii) To facilitate Your KYC and enable You to open an Account with Us.
- (iv) To verify Your identity, eligibility, and registration as a user on the Platform.
- (v) To complete the transaction initiated by You.
- (vi) To address Your requests, queries, and complaints, if any.
- (vii) To keep You informed about the transaction status.
- (viii) To inform You about new products or services that may be of interest to You.
- (ix) To inform You about changes in any features and functionalities of the Platform.
- (x) To evaluate and administer Your Application and Our services provided through the Platform.
- (xi) To improve, customize, and personalize Our services provided to You.
- (xii) To analyse and evaluate your behaviour on the Platform.
- (xiii) To ensure that the content on the Platform is presented in the most effective manner for You and for Your computer or mobile device.
- (xiv) To prevent fraud, unauthorized transactions, money laundering, and other illegal activities and protect You, other users, and Us.
- (xv) To ensure compliance with legal and regulatory requirements and to handle legal disputes, if any.
- (xvi) To determine Your experience with Our products and services that are offered on the Platform.
- (xvii) To allow Us to analyse, research, and innovate for enhancing user experience and overall quality of Our services.
- (xviii) To generate and review reports and data about, and to conduct research on, Our user base and Service usage patterns.
- (xix) To contact You via email, phone, or otherwise for marketing and promotional purposes.
- (xx) To contact You to provide You with information that may be of interest to You, including information about products, services, promotions, news, and events of the Company.
3. Sharing of Information
You hereby expressly provide us with your consent to share Your Personal Information with third parties, only in such manner as provided below:
- (i) With Service Providers: We may share Your Personal Information with the service providers, including any vendor or any third-party service providers who perform any functions on Our behalf, pursuant to a contract or otherwise. These service providers or vendors may include without limitation IT service providers, banks, payment gateway service providers, lawyers, auditors, consultants, credit bureaus, and other service providers who enable us to provide services to you.
- (ii) With Our Group Companies: We may share Your Personal Information with Our parent company, subsidiaries, joint ventures, affiliates, associate companies, and other entities controlled by the Company, for the purpose of processing Your transactions on the Platform and for facilitating the services provided to You by the Company or the Group Companies.
- (iii) With Financial Institutions: We may share Your Personal Information with financial institutions, including but not limited to, banks, non-banking financial companies (NBFCs), and other financial institutions who are Our partners and who may offer financial products and services through the Platform, for the purpose of evaluating and processing Your credit profile and creditworthiness, and for facilitating transactions on the Platform.
- (iv) With Law Enforcement Agencies and Regulators: We may disclose Your Personal Information to government authorities, law enforcement agencies, regulators, and other authorities in response to legal requests or as required by applicable law, including but not limited to, court orders, subpoenas, or regulatory requirements.
- (v) With Prospective Buyers: We may share Your Personal Information with prospective buyers of the Company or its assets, in case of any merger, acquisition, or sale of the Company or its assets, in whole or in part, subject to compliance with applicable laws.
- (vi) With Your Consent: We may share Your Personal Information with third parties when You have provided Your express consent for such sharing.
4. Data Retention
We will retain Your Personal Information for as long as it is necessary for the purposes set out in this Privacy Policy, or as required to comply with applicable laws and regulatory requirements. We will also retain Your Personal Information for resolving disputes, enforcing our agreements, and protecting our legal rights.
5. Security of Information
We use reasonable technical and organizational measures to protect the Personal Information that we collect, store, and process. We also ensure that our service providers use appropriate security measures to protect Your Personal Information. However, we cannot guarantee the absolute security of Your Personal Information, and you agree that we will not be liable for any unauthorized access or use of Your Personal Information by third parties.
6. User Rights
You have the following rights regarding Your Personal Information:
- (i) Right to Access: You have the right to access and review the Personal Information that we hold about you. You may request us to provide you with a copy of Your Personal Information, subject to applicable laws and regulatory requirements.
- (ii) Right to Rectification: You have the right to request the correction of any inaccurate or incomplete Personal Information that we hold about you.
- (iii) Right to Erasure: You have the right to request the deletion of Your Personal Information, subject to applicable laws and regulatory requirements. However, we may retain certain information as required by applicable laws, regulatory requirements, or for legitimate business purposes.
- (iv) Right to Restrict Processing: You have the right to request the restriction of the processing of Your Personal Information under certain circumstances, subject to applicable laws and regulatory requirements.
- (v) Right to Object: You have the right to object to the processing of Your Personal Information, subject to applicable laws and regulatory requirements.
- (vi) Right to Data Portability: You have the right to request the transfer of Your Personal Information to another data controller, subject to applicable laws and regulatory requirements.
7. Changes to the Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time, without prior notice. Any changes to this Privacy Policy will be posted on the Platform. Your continued use of the Platform following the posting of changes to this Privacy Policy constitutes your acceptance of those changes.
8. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of Your Personal Information, please contact us at:
Data Protection Officer : Amit Barapatre
Email : dpo@iitms.co.in
Address : Plot No. 8B-1, Sector 21, Non-Sez, MIHAN, Nagpur, 441108
By using the Platform and providing Your Personal Information, You acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.