Company: PayandServe (B2B Digital Lending Segment)
By the latest guidelines issued by the Reserve Bank of India (RBI) and the Government of India, PayandServe adheres to the following Data Storage Policy for intermediaries in the digital lending sector:
1. Data Localization
- All financial and personal data related to Indian borrowers must be stored on servers located within India.
- Cross-border data transfer is strictly regulated, and any such transfers must comply with relevant Indian laws.
2. Data Security Measures
- Implement strong encryption standards for data at rest and in transit.
- Regularly update and patch all systems to protect against vulnerabilities.
- Conduct frequent security audits and penetration testing to identify and rectify security weaknesses.
3. Data Retention and Deletion
- Retain borrower data only as long as necessary to fulfill the purpose for which it was collected and to comply with legal requirements.
- Ensure secure deletion of data that is no longer needed, following approved data destruction methods.
4. Data Access and Control
- Implement robust access control mechanisms to ensure that only authorized personnel can access sensitive data.
- Maintain detailed logs of data access and processing activities to enable audits and monitoring.
5. Consent and Transparency
- Obtain explicit consent from borrowers for the collection, storage, and processing of their data.
- Communicate the purpose, usage, and retention period of data to borrowers at the point of data collection.
6. Third-Party Data Handling
- Ensure that any third-party service providers handling borrower data comply with the same data protection and storage standards.
- Execute formal agreements with third-party vendors outlining their data protection responsibilities.
7. Incident Response and Management
- Establish a comprehensive incident response plan to address data breaches and security incidents.
- Notify relevant authorities and affected borrowers promptly in case of a data breach.
8. Compliance and Governance
- Regularly review and update data storage policies to remain compliant with evolving regulations and guidelines.
- Appoint a Data Protection Officer (DPO) to oversee data protection strategies and ensure regulatory compliance.
9. Data Minimization
- Collect only the minimum amount of data necessary for the intended purpose.
- Avoid excessive data collection and processing that is not directly relevant to the lending service.
10. Data Quality and Accuracy
- Implement procedures to ensure that the data collected is accurate, complete, and up-to-date.
- Provide borrowers with mechanisms to correct inaccuracies in their data.
11. Data Anonymization and Pseudonymization
- Where applicable, use data anonymization and pseudonymization techniques to protect borrower identities.
- Ensure that de-identified data cannot be easily re-identified.
By adhering to these guidelines, PayandServe is committed to maintaining the highest standards of data security and privacy for its B2B digital lending operations, ensuring compliance with RBI and Government of India regulations.
For more information or specific inquiries, please contact our Data Protection Officer at [dataprotection@payandserve.com].