Privacy Policy

Effective Date: September 27, 2025 | Last Updated: September 27, 2025

🔒 Your Privacy is Our Priority

At S.B.N. Leasing and Finance Limited, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data in compliance with Indian laws and international best practices.

📋 Quick Summary

  • ✅ We only collect data necessary for our NBFC services
  • ✅ Your data is secured with bank-grade encryption
  • ✅ We comply with RBI regulations and DPDP Act 2023
  • ✅ You have full control over your data
  • ✅ We never sell your data to third parties
  • ✅ 24/7 grievance redressal available

📖 INTRODUCTION

This Privacy Policy ("Policy") is published in compliance with the provisions of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 ("DPDP Act"), and guidelines issued by the Reserve Bank of India ("RBI").

This Policy governs how S.B.N. Leasing and Finance Limited (CIN: U74899DL1994PLC063804), a Non-Banking Financial Company registered with the Reserve Bank of India (Registration No. B-14.02361), with registered office at 205 & 206, Second Floor, Neelkanth Chambers-II, Plot No.14, LSC, Saini Enclave, Delhi-110092, India (referred to as "Company", "we", "us", "SBN-NBFC", or "NBFC"), collects, uses, processes, stores, discloses, and protects Personal Information of users, customers, and website visitors (referred to as "you", "your", or "Users").

🔤 KEY DEFINITIONS

Personal Information: Any information relating to a natural person which, either directly or indirectly, is capable of identifying such person, including Sensitive Personal Data or Information.
Sensitive Personal Data or Information (SPDI): Personal information including passwords, financial information, health condition, sexual orientation, medical records, and biometric information as defined under IT Rules, 2011.
Processing: Any operation performed on Personal Information including collection, recording, organisation, storage, adaptation, retrieval, use, disclosure, erasure, or destruction.
Data Fiduciary: Any person who alone or in conjunction with others determines the purpose and means of processing personal data.
Website/Platform: The website www.sbnnbfc.com, mobile applications, and any digital platform operated by SBN-NBFC.

📊 INFORMATION WE COLLECT

As a registered NBFC, we collect various categories of Personal Information to provide financial services and comply with regulatory requirements:

👤 A. Identity and Contact Information
  • Full name, date of birth, gender, photograph
  • Residential and office addresses with PIN codes
  • Mobile numbers, email addresses, telephone numbers
  • Emergency contact details and nominee information
🆔 B. Identity and KYC Documents
  • PAN Card, Aadhaar Card, Passport, Voter ID
  • Driving License, utility bills for address verification
  • Digital signatures and biometric information
  • Educational and professional certificates (if required)
💰 C. Financial and Credit Information
  • Bank account details, UPI IDs, payment information
  • Income details, salary slips, employment information
  • Credit scores, credit history, and bureau reports
  • Loan applications, sanctions, and repayment history
  • Investment details, asset information, and liabilities
  • ITR documents and financial statements
📱 D. Technical and Digital Information
  • IP address, browser type, operating system details
  • Device identifiers, mobile device information
  • Geolocation data and GPS coordinates
  • Website usage patterns, clicks, and session recordings
  • App usage data and digital interaction history
💬 E. Communication and Service Data
  • Customer service communications and call recordings
  • Chat transcripts and email correspondence
  • Feedback, complaints, and grievance data
  • Marketing preferences and consent records
  • Survey responses and testimonials

🎯 HOW WE USE YOUR INFORMATION

We process your Personal Information lawfully, fairly, and transparently for specific, legitimate purposes related to our NBFC operations:

🏦 A. Core NBFC Business Operations
  • Loan Processing: Evaluate applications, conduct credit assessments, and manage lending operations
  • KYC/AML Compliance: Verify identity and address in compliance with RBI norms and PMLA requirements
  • Risk Assessment: Assess creditworthiness, monitor loan performance, and manage collection activities
  • Account Management: Maintain customer accounts, process transactions, and provide ongoing services
  • Interest Calculation: Calculate interest, fees, and other charges as per loan agreements
📞 B. Customer Service and Communication
  • Respond to inquiries, provide customer support, and resolve complaints
  • Send service notifications, account updates, and payment reminders
  • Conduct customer satisfaction surveys and collect feedback
  • Provide personalized financial advice and product recommendations
⚖️ C. Regulatory and Legal Compliance
  • Comply with RBI regulations, PMLA requirements, and other applicable laws
  • Maintain records as mandated by regulatory authorities (minimum 8 years)
  • Report to credit bureaus (CIBIL, Experian, Equifax, CRIF) and regulatory bodies
  • Cooperate with law enforcement, judicial proceedings, and government inquiries
  • Conduct due diligence and background verification as required
🔒 D. Security and Fraud Prevention
  • Detect, prevent, and investigate fraudulent activities and cyber threats
  • Monitor transactions for suspicious activities and money laundering
  • Ensure cybersecurity and protect against unauthorized access
  • Implement risk controls and security protocols
📈 E. Business Operations and Analytics
  • Conduct internal audits, risk assessments, and business analysis
  • Develop and improve our products, services, and digital platforms
  • Generate insights for business decision-making (in aggregated, anonymized form)
  • Training purposes and quality assurance for customer service

✅ CONSENT AND LEGAL BASIS

Your Consent

By accessing our website, using our services, or providing your information, you provide free, informed, specific, clear, and unambiguous consent to the collection, use, storage, and processing of your Personal Information in accordance with this Policy.

Legal Basis for Processing

We process your data based on:

  • Consent: Your explicit consent for marketing and optional services
  • Contract: To perform our loan agreement and provide services
  • Legal Obligation: To comply with RBI, PMLA, and other regulatory requirements
  • Legitimate Interest: For fraud prevention, risk management, and business operations
Withdrawal of Consent

You may withdraw your consent at any time by contacting our Grievance Officer. However, withdrawal may affect service provision and may result in discontinuation of ongoing transactions. We may continue processing data where legally required or for legitimate business interests.

🤝 INFORMATION SHARING AND DISCLOSURE

We may share your Personal Information in the following circumstances, always ensuring appropriate safeguards:

🛡️ Our Commitment

We DO NOT sell, trade, or rent your Personal Information to third parties for marketing purposes. All data sharing is governed by strict contractual obligations, data protection agreements, and regulatory compliance requirements.

🔐 DATA SECURITY AND PROTECTION

We implement robust, multi-layered security measures to protect your Personal Information:

🛡️ Technical Safeguards
  • Encryption: 256-bit SSL/TLS encryption for data transmission and AES encryption for data at rest
  • Secure Infrastructure: Firewalls, intrusion detection systems, and DDoS protection
  • Access Controls: Multi-factor authentication, role-based access, and privilege management
  • Data Isolation: Segregated databases and secure data centers with 24/7 monitoring
👥 Organizational Measures
  • Staff Training: Regular cybersecurity awareness and data protection training
  • Access Management: Need-to-know basis access with regular access reviews
  • Incident Response: 24/7 security monitoring and incident response team
  • Vendor Management: Strict due diligence and data protection agreements with third parties
🔍 Compliance and Auditing
  • Regular Audits: Internal and external IT security audits and penetration testing
  • Compliance Monitoring: Continuous monitoring for regulatory compliance
  • Vulnerability Management: Regular security assessments and patch management
  • Backup and Recovery: Secure data backup and disaster recovery procedures
⚠️ Important Security Notice

While we implement industry-leading security measures, no system can be guaranteed to be completely secure. We continuously monitor and upgrade our security systems. You also play a crucial role in protecting your information by keeping your login credentials confidential and reporting any suspicious activities immediately.

⏰ DATA RETENTION

Retention Periods

We retain your Personal Information for the following periods:

🗂️ Regulatory Compliance

Minimum 8 years from account closure or loan completion as mandated by RBI and PMLA requirements, or longer if required by law.

💼 Business Records

As long as necessary for legitimate business purposes, legal obligations, or dispute resolution.

📧 Marketing Data

Until consent is withdrawn or as required for ongoing customer relationship management.

Secure Disposal

Upon expiry of retention periods, we securely delete or anonymize Personal Information using industry-standard data destruction methods to prevent unauthorized recovery.

🎛️ YOUR RIGHTS AND CHOICES

Under applicable data protection laws, you have the following rights regarding your Personal Information:

🔍 Right to Access

Request information about what Personal Information we hold about you and how it's processed.

✏️ Right to Rectification

Request correction of inaccurate or incomplete Personal Information.

🚫 Right to Withdraw Consent

Withdraw your consent for data processing (subject to legal and contractual obligations).

🗑️ Right to Erasure

Request deletion of Personal Information in specific circumstances (subject to regulatory requirements).

📊 Right to Data Portability

Request transfer of your data to another service provider in a structured format.

📞 Right to Lodge Complaints

File complaints with our Grievance Officer or the Data Protection Board.

📝 How to Exercise Your Rights

To exercise any of these rights, please contact our Grievance Officer using the details provided below. We will respond to your request within the timeframes mandated by applicable law (typically within 30 days).

🍪 COOKIES AND TRACKING TECHNOLOGIES

What are Cookies?

Cookies are small text files stored on your device that help us enhance your browsing experience, understand usage patterns, and provide personalized services.

Types of Cookies We Use
  • Essential Cookies: Necessary for website functionality and security
  • Analytics Cookies: Help us understand website usage and improve our services
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Used to deliver relevant advertisements (with your consent)
Managing Cookies

You can control cookie settings through your browser preferences. However, disabling certain cookies may impact website functionality and your user experience.

📞 GRIEVANCE REDRESSAL

🛎️ Grievance Redressal Officer

For any concerns, complaints, or queries regarding your Personal Information, please contact our dedicated Grievance Redressal Officer:

👤 Name: Mr. Abhishek Saraswat

📧 Email: grievance@sbnnbfc.com

📱 Phone: +91-63965 74224

🕒 Hours: Monday to Friday: 10:00 AM to 8:00 PM | Saturday: 10:00 AM to 6:00 PM (Except public holidays)

📍 Address: S.B.N. Leasing and Finance Limited
205 & 206, Second Floor, Neelkanth Chambers-II,
Plot No.14, LSC, Saini Enclave, Delhi-110092, India

🔄 Escalation Process

If you do not receive a response within 14 days or are not satisfied with the response, you may contact our Nodal Officer:

👤 Nodal Officer: Ms. Deepshikha Sharma

📧 Email: nodalofficer@sbnnbfc.com

📱 Phone: +91-83684 35897

🕒 Hours: Monday to Friday: 10:00 AM to 8:00 PM | Saturday: 10:00 AM to 6:00 PM

⏱️ Response Timeline
  • Initial Response: Within 14 days of receipt
  • Escalation: To Nodal Officer if not satisfied
  • Further Escalation: To Data Protection Board (once operational) or RBI Ombudsman

🔄 POLICY UPDATES AND AMENDMENTS

Policy Modifications

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. Material changes will be communicated through:

  • Website notifications and email alerts
  • In-app notifications (where applicable)
  • SMS or other direct communication methods

Continued use of our services after policy updates constitutes acceptance of the revised terms.

⚖️ GOVERNING LAW AND JURISDICTION

This Privacy Policy is governed by and construed in accordance with the laws of India. Any disputes arising under or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts located at New Delhi, India.

For international users, this Policy complies with applicable data protection laws in your jurisdiction to the extent required by law.

📋 ACKNOWLEDGMENT AND ACCEPTANCE

BY ACCESSING OUR WEBSITE, USING OUR SERVICES, OR PROVIDING YOUR PERSONAL INFORMATION, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY.

Last Updated: September 27, 2025

Effective Date: September 27, 2025

Version: 2.0