1. Introduction

Welcome to Zenviax (“we,” “us,” “our”). We respect your privacy and are committed to safeguarding your personal and financial information. This Privacy Policy describes how we collect, use, disclose, and protect your data under Indian law, including the DPDP Act, 2023, and the Information Technology Act, 2000.

2. Definitions

• Personal Data: Any information that relates to an identified or identifiable person (e.g., name, email address, phone number).
• Sensitive Personal Data or Information (SPDI): As defined under the IT Rules, 2011, including financial information, passwords, and user-specific data.
• Personal Data: Any information that relates to an identified or identifiable person (e.g., name, email address, phone number).
• Data Principal: You or any person to whom the Personal Data relates.
• Data Fiduciary: Zenviax, which determines how and why data is processed.
• Processing: Any operation performed on Personal Data.

3. Data We Collect

• Identity Data: Name, date of birth, gender, PAN, Aadhaar (if required by law).
• Contact Details: Address, phone number, email.
• Financial Data/Transaction Data: Account numbers, transaction history, credit-related information—classified as SPDI.
• Technical Data: IP address, device type, browser usage.
• Communications: Records of your communications with us, including queries, requests, and support tickets.

4. Purpose of Processing

We process your data for purposes including:

• Provision of Services: Opening accounts, lending, investment advice.
• Compliance: KYC/AML checks, regulatory reporting.
• Risk Management: Credit risk assessment, fraud prevention.
• Customer Support: Responding to requests and inquiries.
• Legal Obligations: As required under applicable laws or court orders.

5. Legal Basis for Processing

• Consent: For marketing communications and other optional services.
• Contractual Necessity: To fulfill our obligations under agreements with you.
• Legal Compliance: To comply with applicable laws like the IT Act, RBI guidelines, etc.
• Legitimate Interests: For ensuring the security of our systems and services.

6. Disclosure & Sharing

We will not share your data except:

• With Affiliates or Service Providers: Under confidentiality agreements for processing activities.
• With Regulators or Law Enforcement: Where legally required.
• In Case of Business Transfers: In connection with merger, acquisition, or sale of assets.
• With Your Consent: Only as expressly given.

7. Security Measures

We implement:

• Technical Safeguards: Encryption, secure access controls, intrusion detection.
• Organizational Safeguards: Employee training, access restrictions.
• Policy Governance: Regular audits, incident response protocols to detect and address breaches.

8. Data Retention

We retain your data as long as needed:

• For the duration of our contractual relationship or as legally required.
• Financial/transactional records: Typically retained for 5 years, or as mandated.
• Once no longer needed, data will be securely deleted or anonymized.

9. Data Subject Rights

You have the right to:

• Access, correction, and erasure of your personal data.
• Withdraw consent for any processing based on consent.
• Data portability, where technically feasible.
• Grievance Redressal:
  • Data Protection Officer: [Provide Name, Email, Address].
  • Submit complaints via email or written request; we will respond within 30 days.
• If unresolved, contact the designated Grievance Redress Officer or DPDP Authority as per regulatory guidelines.

10. Third-Party Analytics & Cookies

We use:

• Cookies and tracking technologies to improve your experience.
• Tools like Google Analytics (if used) in anonymized form.
• Consent notices will be provided for optional tracking cookies.

11. International Data Transfers

If data is transferred outside India, we ensure:

• Adequate safeguards—such as contractual clauses or compliance assuming equivalent protection to that in India.

12. Children’s Privacy

We do not knowingly collect data from minors (under age 18). If discovered, such data will be promptly deleted.

13. Changes to This Policy

We reserve the right to update this policy. Revisions will be posted with an updated “Last Updated” date. Significant changes will be communicated to you by email or prominent notice.