This Privacy Policy governs the collection, use, storage, processing, transfer, and protection of personal data of users who access or use this website and related services, including electronic NACH (eNACH) mandate facilitation. This Policy applies to: - Website visitors - Customers / borrowers - Mandate signatories - Authorised representatives
Regulatory Framework
This Policy is framed in accordance with: Information Technology Act, 2000 - Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 - RBI guidelines applicable to regulated entities and their service providers - NPCI NACH & eNACH Operating Rules
Definition of Personal & Sensitive Data
Personal Data includes information that identifies a natural person, directly
or indirectly.
Sensitive Personal Data may include: - Bank account details - Financial
information - Authentication credentials used for mandate approval
Biometric data or
OTP-based authentication, where used, is processed strictly through bank / NPCI systems and is
never stored by us.
Information Collected
User-Provided Information
Full name, mobile number, email address
Bank account number and IFSC
Mandate parameters (amount, frequency, tenure)
Automatically Collected Information
IP address and device identifiers
Browser type and operating system
Date, time, and pages accessed
Lawful Basis of Processing
Data is processed on the basis of: - Explicit user consent - Contractual necessity - Legal and regulatory obligation
Purpose Limitation
Personal data shall be used strictly for: - eNACH mandate creation, modification, cancellation, and tracking - Communication related to mandates and services - Compliance, audit, fraud detection, and dispute resolution - Legal reporting to authorities, where required
Data Sharing & Transfer
We may share information only with: - NPCI-authorised sponsor banks - Destination banks for debit execution - Regulated payment or technology service providers - Statutory or judicial authorities upon lawful request Cross-border data transfer, if any, shall be limited, secure, and compliant with Indian laws.
Data Storage & Retention
Data shall be retained: - For the mandate lifecycle - For statutory retention periods under RBI / NPCI norms - For audit, reconciliation, and legal proceedings Upon expiry of retention requirements, data shall be securely deleted or anonymised.
Data Security Measures
We adopt reasonable security practices, including: - HTTPS / SSL encryption - Secure hosting infrastructure - Role-based access controls - Periodic security audits
User Rights
Users have the right to: - Access their personal data - Request correction of inaccurate data - Withdraw consent (subject to regulatory constraints) - Raise grievances regarding data misuse
Children’s Data
Services are not intended for individuals below 18 years of age. Any data collected inadvertently shall be deleted upon discovery.
We offer reliable Gold Loans, Personal Loans, and Business Loans designed to meet your financial needs with ease and transparency. Whether you need instant funds, personal support, or business growth capital, our simple process, flexible repayment options, and trusted service ensure a smooth borrowing experience.
Copyright © Arbitrage Securities Private Limited. All Rights Reserved.