Woman pointing at paper on desk


Appendix A – Website Privacy Policy

A. Definitions

In this Privacy Policy, the following expressions shall bear the following meanings:

a. Consumer means a person who’s Credit Information may be held by ECICI and who may approach ECICI to check his credit report and credit score.

b. Credit Information means any information relating to –

i.The amounts and the nature of loans or advances, amounts outstanding under credit cards and other credit facilities granted or to be granted, by a credit institution to any borrower;

ii.The nature of security taken or proposed to be taken by a credit institution from any borrower for credit facilities granted or proposed to be granted to him;

iii.The guarantee furnished or any other non-fund based facility granted or proposed to be granted by a credit institution for any of its borrowers;

iv.The creditworthiness of any borrower of a credit institution;

v.Any other matter which the Reserve Bank may, consider necessary for inclusion in the credit information to be collected and maintained by credit information companies, and, specify, by notification, in this behalf.

c. Credit Institutions means a banking company and includes –

i.A corresponding new bank, the State Bank of India, a subsidiary bank, a co-operative bank, the National Bank and regional rural bank;

ii.A non-banking financial company as defined under clause (f) of Section 45-I of the Reserve Bank of India Act, 1934 (2 of 1934);

iii.A public financial institution referred to in Section 4-A of the Companies Act, 1956 (1 of 1956);

iv.The financial corporation established by a State under Section 3 of the State Financial Corporation Act, 1951 (63 of 1951);

v.The housing finance institution referred to in clause (d) of Section 2 of the National Housing Bank Act, 1987 (53 of 1987);

vi.The companies engaged in the business of credit cards and other similar cards and companies dealing with distribution of credit in any other manner;

vii.Any other institution which the Reserve Bank may specify.

d. Data – In relation to a credit institution, or a credit information company, or a specified user means such facts which are collected by or furnished to them, in respect of a borrower or a client, as the case may be, and form part of the credit information relating to such borrower or client, which is maintained, disseminated and used by them in accordance with the provisions of CICRA.

e. ECICI refers to Experian Credit Information Company of India Private Limited.

f. Members refer to Credit Institutions who register with a credit information company to become their member as per the provisions of CICRA.

g. Personal Data means such other data relating to an individual other than what a credit institution, or a credit information company, or a specified user, is permitted to collect as per the provisions of CICRA and as defined under the Information Technology Act of 2000 read with all the amendments till date.

h. Privacy Policy refers to this Privacy Policy including all changes made to it, from time to time.

i. Specified Users means any credit institution, credit information company being a member of a credit information company, and includes such other person or institution as may be as may be specified by regulations made, from time to time, by the Reserve Bank for the purpose of obtaining credit information from a credit information company;

B. General

I. Who are we?

Experian Credit Information Company of India Private Limited (“ECICI”) is a Credit Information Company registered with the Reserve Bank of India (RBI).

II. What we do?

ECICI helps its corporate Members manage credit risk, prevent fraud, target marketing offers, automate decision making and assists its individual Consumers to check their credit report and credit score, and protect against identity theft.

Pursuant to obtaining the Certificate of Registration from the Reserve Bank of India, ECICI operates as a credit information company in India and provides credit information services in accordance with the Credit Information Companies (Regulation) Act, 2005 read with the Credit Information Companies Rules, 2006 and Credit Information Companies Regulations, 2006 (hereinafter together referred to as “ CICRA”).

As mandated by CICRA, ECICI is authorised to process personal and sensitive information that is provided to it by Credit Institutions and Specified Users and ECICI is bound by the privacy policies laid down under CICRA. The Credit Institutions / Specified Users are required to become Members and are thus permitted to use the services provided by ECICI and contribute Data to the ECICI database.

III. About this Policy

Protecting the security and privacy of its Members’ and Consumers’ personal information is of utmost importance to ECICI and one of the foremost principles in conducting its business in compliance with CICRA and the privacy, data protection and data security obligations under it.

This Privacy Policy outlines the detailed workflow on what type of information is gathered and tracked, how the information is used, and with whom the information is shared..

If you have any requests concerning your personal information or any queries with regard to these practices please contact us at consumer.support@in.experian.com

IV. Scope of the Policy

This policy applies to all employees (full and part time), agency employees, suppliers of data, Members/ end users of the Data, and vendors who:

  • Have access to Data collected or processed by ECICI;
  • Receive Data from ECICI
  • Who provide personal data to ECICI, regardless of geographic location

As per the privacy policy, an information owner/steward who holds data supplied to /by ECICI must consult with ECICI’s Legal function to determine the data privacy provisions or annexes to be included in a contract in this regard.

C.  Information/ Data collected

A number of ECICI’s data assets are credit information and personal data, and the use of such data is regulated by the applicable laws, primarily CICRA. ECICI acts as a ‘data processor’ and as such, we can only use the personal data as permitted by CICRA. The aim of Data Privacy for ECICI is to securely handle accurate data (as reported by the Members) and minimize intrusion into the Members’ and Consumers’ privacy caused by the collection, storage and dissemination of personal data.

The scope of ‘Data’ for ECICI refers to ‘Data’ submitted by Members and essentially includes ‘Credit Information’ and ‘Personal Data’. The scope of ‘Data’ is also covered under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (referring to the definition in the Information Technology Act, 2000).

D. Use of information

The Credit Information collected by ECICI is processed to provide credit information services to its Members or such entities as detailed below based on consent of the consumers. The data collected by the bureau can be assessed as under:

1. Members

ECICI discloses Credit Information/ Data only to reputable companies which are registered with it as Members and have executed with it the agreement for Credit Information Services. ECICI shares such data only in furtherance of the permitted functions of a credit information company and the permissible uses of Credit Information as governed by the provisions of CICRA. Such usage of Credit Information is expressly written and agreed upon in the agreements that ECICI executed with its Member Credit Institutions.

Apart from its member credit institutions, ECICI may also be required to share the Data/ Credit Information with its third party contractors who provide ECICI with back end data operation services. In such cases, ECICI ensures that all Data recipients comply with confidentiality, fidelity and secrecy obligations and sign covenants in this regard.

2. Consumers

CICRA grants the Consumer certain rights with respect to their own data/ personal information. Consumers are entitled to obtain their own credit information upon a request made in compliance with reasonable policies and procedures established by ECICI and upon payment of the requisite fees. Consumers have the right to require ECICI to update their credit information, whether by way of correction, addition or otherwise and revise erroneous, misleading, outdated or incomplete data. Upon receiving such requests, ECICI shall take appropriate steps to update credit information within 30 days after such request subject to assistance from the Credit Institutions.

Consumers may also provide consent to certain entities who are not specified users for providing access their credit information where ECICI shall provide such entities with the consumers credit information for the end use purposes as agreed with the consumers which shall be as per the RBI Guidelines dated July 15, 2021 as may amended from time to time.

3. Regulators

ECICI may also be directed to share Credit Information/ Data in certain cases where it is required to be disclosed under applicable law or by a court of competent jurisdiction or by any regulatory body considering matters relating to such Credit Information/ Data.

The Data collected and collated by ECICI as detailed previously can be processed strictly only as per the provisions of CICRA which restricts and specifies the permitted functions of a credit information company, the form of business in which a credit information company may engage and the permissible uses of Credit Information.

In brief the Data or information collected by ECICI may be used only for the purposes of:

  • Dealing with the Credit Information requests and enquiries from Members and Consumers including, providing Credit Information and credit score to ECICI’s Specified users.
  • Providing other products and services offered by ECICI in India and information about it.
  • Carrying out research activity.

ECICI does not sell personal information collected from its Members or Consumers or use personal information for any other purposes than those stated under the CICRA.

E. Privacy Principles

i. Collection of Information and due consent

By virtue of being a credit information company, ECICI is not required to expressly obtain consent of a borrower/ Consumer before receiving any Credit Information from Credit Institutions. CICRA provides statutory mandate for procuring, storing, and disseminating of credit information to its Specified Users.

ii. Privacy Policy Rules

CICRA mandates all credit information companies to adopt privacy principles in relation to collection, processing, collating, recording, preservation, secrecy, sharing and usage of Credit Information. These principles essentially intend to guide the practice and procedure for:

  • collection of information from Customers and Members for processing, recording, protecting the data relating to credit information, and sharing of such data with Specified Users;
  • processing, recording, preserving and protecting the data relating to Credit Information furnished, or received;
  • allowing access to records containing Credit Information of Customers and Members and alteration of such records in case of need to do so;
  • restriction on use and disclosure of Data;
  • the extent of obligation to check accuracy of Credit Information before furnishing of such information;
  • preservation of Credit Information maintained (including the period for which such information may be maintained, manner of deletion of such information and maintenance of records of Credit Information);
  • networking of credit information companies, Credit Institutions and Specified Users through electronic mode;

iii. Processing of Data/ Credit Information

ECICI endeavours to take all reasonable steps to protect your personal information. All the data collected by us is stored on a secure server. ECICI also ensures utmost care in collection of Credit Information to ensure that the Data/ Credit Information is properly and accurately recorded, collated and processed and protected against loss, unauthorised access, modification or disclosure. In this regard, ECICI ensures that no person has any access to Credit Information in the possession or control of ECICI unless the access is authorised by CICRA and for the furtherance of the permitted purposes and functions of ECICI. All ECICI employees, managers, officers, authorized personnel, agents, sub-contractors and other persons who deal with or have right to access data, information and credit information are essentially required to comply with confidentiality, fidelity and secrecy obligations and sign covenants in this regard.

iv. Length of preservation of credit information

As mandated by CICRA, ECICI shall retain Credit Information and Personal Data collected, maintained and disseminated by them in perpetuity.

v. Data Security and Prohibition from Unauthorised Access or Use or Disclosure

ECICI has adopted procedure and measures in relation to its daily operations to safeguard and protect the Data/ Credit Information maintained, against any unauthorised access to or misuse of the same, including but not limited to, adopting standards for physical and operational security, appropriate instructions for removing, labelling and securing electronic storage media, securing all paper based records, documentation and backup data containing all confidential information, adequate procedure to ensure access only by authorized persons on ‘need to know’ basis, creation of firewalls and stress testing of systems, taking necessary steps while handing over systems for maintenance to prevent unauthorized access or loss of data, information and credit information maintained by ECICI.

vi. Security aspects

ECICI understands the confidentiality of personal information contained in credit reports, and safeguards the privacy of all information you provide to this Web site.

ECICI have security protocols and measures in place to protect from unauthorized access or alteration, the personally identifiable information, business organization identifiable information and other information ECICI maintains about you. These measures include internal and external firewalls, physical security and technological security measures, and encryption of certain data. When personally identifiable information is disposed of, it is disposed of in a secure manner.

You also have a role in protecting the security of information about you. For example, you should guard your password and not permit unauthorized use of your credentials. Additionally, you should close your browser when have finished viewing your information to protect the privacy of your individual or business organization information.

We may also share your information in compliance with applicable laws, to protect the rights or property of ECICI, our business partners, suppliers or Members, and others when we have reasonable grounds to believe that such rights or property have been or could be affected.

vii. Policy Regarding Children

We define children as individuals under the age of 18. This website is not intended for the use of children and ECICI does not knowingly solicit or collect information from children.

F. Cookie Statement

What are cookies?

Cookies are text files stored on the device you use to visit our website. Some cookies are essential for our websites to work, others collect anonymous or personal information to allow us to improve our websites and to show you relevant content.

At ECICI we may use different types of cookies and you can read more about some of these below.

How long are cookies stored on my device?

Two types of cookies can be stored:

Session cookies which are automatically deleted when you close your browser

Persistent cookies which remain on your computer until they are deleted or expire. Persistent cookies can keep your user preferences to help make future browsing easier and more relevant.

Types of cookies we may use

Essential cookies

Without these cookies, our website may not work properly. These cookies are strictly necessary for ECICI sites to ensure security, ease of use and functionality. Others provide you with services available across our websites and are needed to use some of its features.

Analytics cookies

Analytics cookies are used to understand how visitors use our website. This includes capturing visitors’ location, how pages are browsed, patterns and preferences within their journey, time spent on site, and additional data that helps us improve your experience. Some of these include third party cookies, and are implemented to provide you with a quick and seamless personalised experience.

Performance and functional cookies

We use performance & functional cookies to further improve our website in order to provide you with the best possible online experience. For example, to ensure the speed of our web pages, enable video content and faster browsing. Without these cookies, certain website functionality may become unavailable. Some of these cookies may be third party cookies.

Advertising and marketing cookies

Advertising and marketing cookies are used to show you adverts relevant to you, your interests and your interaction with ECICI and our websites. We use this data to improve our communications with you. They are used to show you relevant advertisements, and to help measure the effectiveness of our advertising campaigns.

These cookies can also remember that you have visited a website and collect information about your browsing habits in order to manage your preferences accordingly.

Some of these cookies can identify you as an individual based on IP address and connected identifiers. These cookies may also be third party cookies.

Social media cookies

Social media cookies may be placed on our website and, if you are logged into the social media platform, can identify your visit and collect information about your browsing habits. We may use these cookies to include or exclude you from social media advertising and to help measure the effectiveness of these advertising campaigns. These cookies may be third party cookies.

G. Queries and Grievance Redressal

Grievance Officer

In case of any feedback or grievance regarding data privacy, you may contact the our customer support team. On receipt of the request, the team shall take necessary steps, within a reasonable time, to ensure that proper action is taken to redress the complaint (s). The email id for the customer support team is consumer.support@in.experian.com.

For more details please visit the Grievance redressal section of www.experian.in

H. Changes to this Data Privacy Policy

ECICI may make changes to this Privacy Policy from time to time. The revised policy will be posted on our website and will mention the date of the changes in the ‘Last updated’ section below. Please access the Privacy Policy regularly to ensure your understanding of ECICI’s latest policies. By using this website, you are agreeing to the latest Privacy Policy published here.

This privacy policy only covers Experian’s web site at www.experian.in. Additional web sites within the Group are governed by their respective privacy statements. We are not responsible for the data policies or procedures or the content of other linked web sites outside this website.

Last updated: March 28, 2023