Distributor Center
Distributor Center

Privacy Policy

Last Revised: 26/08/2024

  1. Preamble

    1. This Privacy Policy delineates the protocols and procedures implemented by Mrunal Financial Services ("Company," "we," "us," or "our") in relation to the acquisition, utilization, dissemination, and safeguarding of personal data processed through our form database platform (the "Platform"). This Policy is applicable to all users of this website and Platform, including but not limited to Agents and End Users as herein defined.


  1. Definitions:

    1. Agents: Refers to individuals and entities, including but not limited to insurance agents defined as Intermediaries as per IRDAI and agents of other financial products including but not limited to Mutual Fund Distributors as defined by SEBI, who utilize the Platform.

    2. End Users: Refers to the clients or customers of the Agents whose personal and financial data is collected and processed via the Platform.


  1. Roles and Designations

    1. Data Controller: The Agents utilizing our Platform act as data controllers in accordance with applicable law, determining the purposes and legal means of processing the personal data of End Users.

    2. Data Processor: The Company acts solely as a data processor, processing personal data on behalf of, and at the direction of, the Agents.


  1. Data Collection Scope

    1. Data from Agents:

      1. Personally identifiable information, including but not limited to name, contact details, and registration credentials.

      2. Platform usage data, including login records and user interaction analytics.

    2. Data from End Users:

      1. Personally identifiable and financial data collected as required by Agents for the purposes of facilitating insurance policies and other financial product services.


  1. Utilisation of Data

    1. For Agents:

      1. To grant and manage access to the Platform.

      2. To administer user accounts and facilitate communication.

      3. To conduct analytics on Platform usage for service improvement purposes.

    2. For End Users:

      1. The data collected by Agents is processed exclusively to facilitate the services requested by the End Users, including the provision of insurance policies and financial products. The Company shall not utilize this data for any extraneous purposes unless mandated by law.


  1. Disclosure of Data

    1. To Third Parties: The personal data of End Users may be disclosed by Agents to third-party entities, including but not limited to insurance companies, financial institutions, and other service providers, to fulfill the service requests of End Users.


  1. Data Security Measures

    1. The Company employs security measures that are compliant with applicable statutory and regulatory requirements to safeguard personal data. However, it must be acknowledged that no data transmission or storage system is completely invulnerable to breaches, and the Company cannot guarantee absolute security.


  1. Data Retention Protocol

    1. The retention of personal data shall be governed by the principle of necessity, retaining data only as long as it is required to fulfill the purposes for which it was collected or to comply with legal obligations. The specific retention periods may vary depending on the nature of the data and legal requirements.


  1. International Data Transfers

    1. The Platform is accessible from jurisdictions outside of India, including but not limited to the United States, Canada and other European regions. While [Company Name] does not transfer personal data directly to these foreign jurisdictions, end users may access or submit data from these locations. As such, any data processed by the Platform may be subject to the data protection laws of the jurisdictions from which it is accessed. [Company Name] ensures that any processing of personal data within its jurisdiction complies with applicable data protection laws and this Privacy Policy.


  1. Data Subject Rights

    1. For Agents:

      1. Right of Access: Agents may request access to their personal data processed by the Company.

      2. Right to Rectification: Agents may request corrections to their personal data.

      3. Right to Erasure: Agents may request the deletion of their account and associated data, subject to applicable legal obligations.

    2. For End Users:

      1. End Users should direct any inquiries or requests concerning their personal data to the respective Agent. The Company will assist the Agent in fulfilling such requests in accordance with applicable law.


  1. Amendments

    1. The Company reserves the right to amend this Privacy Policy at its sole discretion. Amendments will be effective upon posting the revised Policy on the Platform. Users are advised to periodically review this Policy for updates.


  1. Contact Information

    1. For inquiries or concerns regarding this Privacy Policy, please contact us at contact@finyman.com

Data Processing Agreement (DPA)

Last Updated: 26/08/2024

This Data Processing Agreement (“DPA”) is entered into between Mrunal Financial Services (“Processor”) and the entity or individual agreeing to this DPA by clicking I agree or by accessing or using the platform.

  1. Definitions

    1. “Agents” refers to insurance agents and other financial product agents who utilize our Platform for data processing activities.

    2. “End Users” refers to the clients whose personal data is processed by the Agents through the Platform.

    3. “Applicable Law” refers to the Digital Personal Data Protection Act, 2023 (DPDP Act) and any other relevant data protection legislation.

  1. Roles and Responsibilities

    1. Data Controller: The Agent is the Data Controller, determining the purposes and means of processing the End User’s personal data.

    2. Data Processor: The Processor processes personal data on behalf of the Agent as instructed, under the terms outlined in this DPA, the Default Operating Procedures (DOPs), and User Manual.

  1. Data Processing Details

    1. Nature and Purpose: The processing of personal data is solely to assist the Agent in fulfilling their obligations to End Users regarding insurance policies and other financial products.

    2. Data Categories: Personal details (e.g., name, contact information) and financial information.

    3. Data Subjects: End Users of the Agents.

  1. Obligations of the Processor

    1. Compliance with Instructions: The Processor shall process data only according to the documented instructions provided by the Agent through written communication, DOPs, or the User Manual, unless otherwise required by Applicable Law. In the absence of explicit instructions, the Processor may process the data as necessary to fulfill the agreed purposes of the Agent’s use of the Platform.

    2. Confidentiality: The Processor ensures that any person authorized to process the data is under a legal obligation of confidentiality.

    3. Sub-processors: The Processor shall not engage sub-processors without prior authorization from the Agent.

  1. Data Security

    1. Security Measures: The Processor will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Applicable Law and industry standards.

    2. Limitation of Obligations: The Processor will only undertake security obligations that are mandated by Applicable Law.

  1. Data Breach Notification

    1. Notification: The Processor will notify the Agent of any personal data breach in accordance with the requirements of Applicable Law. The notification will be provided when legally required and as soon as reasonably practicable under the circumstances.

  1. Data Subject Rights

    1. Assistance: The Processor will assist the Agent, by appropriate technical and organizational measures, to fulfill the Agent’s obligations to respond to requests for exercising the data subject’s rights as mandated by Applicable Law.

  1. Data Retention and Deletion

    1. Retention: The Processor will retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by Applicable Law. If immediate deletion upon termination is not feasible, the Processor will securely archive the data and restrict its further processing until deletion is possible.

    2. Deletion: Upon termination or expiry of the contract, the Processor will delete or return all personal data to the Agent, except where Applicable Law requires retention of the data for a specified period.

  1. International Data Transfers

    1. Transfer Conditions: The Processor does not directly transfer personal data outside of India. However, end users may access and submit data through the Platform from locations outside India. The Processor will ensure that all processing of personal data within India complies with applicable Indian data protection laws and the terms of this DPA. The Processor shall not be liable for any data transfers made by end users to jurisdictions outside India.

  1. Liability

    1. Limitation of Liability: The Processor’s liability under this DPA shall be limited to direct damages and capped at an amount equivalent to the fees paid by the Agent for the services during the twelve months preceding the event giving rise to the claim. The Processor shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, revenue, data, or use.

    2. Indemnification: The Agent agrees to indemnify and hold harmless the Processor against any claims, damages, or losses arising from the Agent’s breach of this DPA, including any failure to obtain necessary consents from End Users.

  1. Governing Law and Jurisdiction

    1. This DPA shall be governed by and construed in accordance with the laws of [Jurisdiction], and any disputes shall be resolved in the courts of [Jurisdiction].

  1. Miscellaneous

    1. Changes to the DPA: Any changes to this DPA will be agreed upon in writing by both parties.

    2. Entire Agreement: This DPA, along with the DOPs and User Manual, constitutes the entire agreement between the parties concerning the processing of personal data and supersedes any prior agreements or understandings.



Annexure 1

Default Operating Procedures (DOPs)

Last Updated: 26/08/2024

  1. Introduction

    1. These Default Operating Procedures (“DOPs”) outline the operational protocols followed by [Company Name] (“Processor”) in the execution of data processing activities on behalf of Agents (“Controllers”). These procedures are designed to ensure compliance with the terms of the Data Processing Agreement (“DPA”) and to maintain the integrity and security of the data processed through the Platform.

  2. Scope of Application

    1. These DOPs apply exclusively to the activities performed by the Processor as directed by the Agents. The Processor does not determine the purposes or means of data processing and acts solely under the documented instructions of the Agents.

  3. Agent Responsibilities

    1. Consent Management: Agents are solely responsible for obtaining and maintaining all necessary consents from End Users before processing their personal data through the Platform. The Processor shall not facilitate or manage the collection of such consents.

    2. Data Integrity: Agents are responsible for ensuring the accuracy, legality, and appropriateness of the data they input into the Platform. The Processor does not verify or validate the data provided by Agents.

  4. Data Processing Activities

    1. Execution of Instructions: The Processor shall process data solely as directed by the Agent. In the absence of specific instructions, the Processor will only perform activities necessary to maintain the technical functionality of the Platform.

    2. Use of Sub-Processors: Any engagement of sub-processors by the Processor will be conducted under the terms outlined in the DPA, with prior authorization from the Agent.

  5. Security Measures

    1. Technical and Organizational Measures: The Processor will implement security measures as mandated by the DPA and applicable law, ensuring a level of security appropriate to the risk. These measures include, but are not limited to, encryption, access controls, and regular security audits.

  6. Data Breach Response

    1. Incident Notification: The Processor shall notify the Agent of any data breach involving personal data processed on behalf of the Agent, in accordance with the DPA. The Processor will provide assistance as necessary to mitigate the breach, as per the instructions of the Agent.

  7. Data Retention and Deletion

    1. Retention Protocols: The Processor shall continue to retain personal data for as long as not instructed otherwise by the Agent or as required by applicable law. Upon termination of the Agent’s contract, data will be securely deleted or returned, following the procedures outlined in the DPA.

    2. Archiving: If immediate deletion upon termination is not feasible, the Processor shall archive the data securely and restrict its further processing until deletion is possible, under the conditions specified by the Agent.

Finyman

Terms of Use

Privacy Policy

Contact Us

Brand Kit

About Us

Finyman Platform

Features

FAQs

Get in touch

Address -

23rd Main Road,

BTM 2nd Stage,

Bengaluru - 560076

Email

Whatsapp

Contact Us -

Other links