Draft a comprehensive Privacy Policy for LOANPE INTELLIGENT SOLUTIONS PRIVATE LIMITED (CIN: U74999KA2022PTC159725), a private company registered at No 262/C, New Thippasandra, HAL 3rd Stage, Bangalore, Karnataka – 560075. The company operates as a financial solutions channel partner, providing services such as Home Loans, Business Loans, and Credit Cards.
The policy must strictly adhere to the Digital Personal Data Protection Act, 2023, and the DPDP Rules, 2025, ensuring the following sections are included:
Definitions: Clearly define ‘Data Principal’ (the user), ‘Data Fiduciary’ (Loanpe Intelligent Solutions), and ‘Data Processor’ (third-party lending partners).
Consent & Notice:
Detail that personal data is processed only with explicit, informed, and unambiguous consent.
Include a standalone Consent Notice itemising data collected (e.g., PAN, Aadhaar, bank statements, geolocation) and the specific purpose for each.
Data Subject Rights: Outline the user’s rights to access, correct, update, or erase their personal data, and the right to nominate a representative in case of death or incapacity.
Data Retention & Deletion: Mandate that data will be deleted once the specific purpose (e.g., loan processing) is fulfilled, unless legal retention is required (e.g., per RBI or tax laws).
Security Safeguards: Describe the ‘reasonable security practices’ implemented, including encryption, access controls, and regular audits, as required for entities handling sensitive financial information.
Breach Notification: Explicitly state the company’s obligation to notify both the Data Protection Board of India and affected individuals ‘without delay’ (within 72 hours) in the event of a data breach.
Grievance Redressal: Provide clear contact details for the Grievance Officer and state a resolution timeframe (e.g., within 45 to 90 days as per current rules).
Third-Party Sharing: Detail sharing protocols with lending partners (Banks/NBFCs) and the requirement for these partners to maintain equivalent data protection standards.
Tone & Language: Use ‘SARAL’ principles—Simple, Accessible, Rational, and Actionable language—avoiding dense legal jargon where possible.”
Key Compliance Facts for 2026
Phased Implementation: Core DPDP obligations like automated data retention and mandatory breach notifications are active or in final transition as of 2026.
Penalties: Failure to maintain reasonable security safeguards can attract penalties up to ₹250 crore.
Director Oversight: The company is managed by directors Bhanuprasad Poola, Moneesha Polasi, and Bilvampalli Suresh Kumar Reddy, who are responsible for ensuring these compliance frameworks are in place.