NABKISAN Finance Limited is a Non-Banking Financial Company (NBFC) registered with the Reserve Bank of India (RBI) and a subsidiary of NABARD. We are committed to protecting the privacy and security of personal information of our customers, partners, and website visitors.
IT Act, 2000DPDP Act, 2023RBI DirectionsUIDAI GuidelinesAadhaar Act, 2016
1
Introduction
This Privacy Policy explains how we collect, use, process, store, share, and protect customer personal and non-personal information when the customer visits our website or uses our mobile applications, avails our financial services and products, or interacts with our digital platforms and channels.By using our services, customers acknowledge that they have read, understood, and agree to be bound by the terms of this Privacy Policy.
2
Definitions
●Aadhaar — The unique identity number issued to individuals by UIDAI under the Aadhaar Act, 2016.
●Company / NKFL / We / Us / Our — Refers to NABKISAN Finance Limited.
●Customer / Data Principal / You / Your — Any natural person whose personal data is being processed by the Company.
●Data Breach — Any unauthorized access, use, disclosure, modification, or destruction of personal data that compromises its security, confidentiality, or integrity.
●Data Processing Agreement (DPA) — A written agreement between the Company and third-party service providers governing the processing of personal data.
●Digital Personal Data — Personal data in digital form collected online or offline data that has been subsequently digitized.
●Personal Data — Any data about an individual who is identifiable by or in relation to such data, including sensitive personal information.
●Processing — Includes collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, erasure, or destruction of personal data.
●Third Party — Any person, company, or entity other than the Company or the Data Principal.
3
Applicability
This Privacy Policy applies to all users, customers, and visitors who access or use NABKISAN's services, websites, mobile applications, and digital platforms.This policy is applicable to all data processing activities conducted by NABKISAN within India. The policy takes effect immediately upon accessing our services and supersedes any previous privacy policies.
Note: Certain third-party services integrated with our platform may have separate privacy policies, and users are advised to review those independently.
4
Consent
4.1 Express Consent
In accordance with RBI Digital Lending Directions 2025, the Company shall refrain from accessing mobile device resources — including files, media, contact lists, call logs, telephony functions, and other device features — during digital lending operations. Such access shall be permitted only when operationally essential or when customers have provided explicit consent.4.2 Withdrawal and Deemed Consent
Customers may withdraw their consent at any time; however, such withdrawal may limit our ability to provide certain services, affect processing of loan applications or existing accounts, and impact access to digital features.NABKISAN may continue to process and retain customer information where required by applicable laws, or based on deemed consent for legal obligations, prevention of fraud, and credit assessment activities.Important: Customers are advised to keep in view the implications before withdrawing consent, as it may significantly impact their ability to access our financial services.
5
Collection and Management of Information
Personal Information Collected
●Identity Details — Name, ID numbers, photograph, etc.
●Contact Information — Phone number, email address, postal address, etc.
●Financial Data — Bank details, income, credit history, etc.
●Business Information — Registration details, operational data, etc.
●Technical Data — Device details, usage patterns, etc.
Sources of Collection
●Online and physical application forms
●Direct customer interactions
●Third-party sources such as credit bureaus and government databases
●Authorized partner organizations
●Automated systems on our digital platforms
Non-Personal Information
NABKISAN also collects non-personal information such as aggregated demographic data, website usage statistics, general location information, and device details to improve our services and develop better financial products.6
Data Sharing and Disclosure
6.1 Internal Sharing
Within NKFL, customer information is accessible only to authorized personnel for:●Loan processing and credit assessment
●Customer service and support
●Risk management and compliance
●Product development and analytics
●Audit and regulatory reporting
6.2 External Sharing
The Company may share customer information with authorized service providers including technology vendors, cloud service providers, payment processors, collection agencies, and legal service providers. Sharing also extends to co-lending partners, NBFCs, insurance companies, credit guarantee organizations, and credit rating agencies.Regulatory sharing includes disclosure to RBI, NABARD, Credit Information Companies (CICs), government departments, tax authorities, and statutory auditors.Marketing Purposes: For marketing or non-mandatory purposes, the Company will obtain explicit customer consent before sharing and provide clear opt-out mechanisms.
7
Third-Party Sites and Services
NABKISAN engages with third-party service providers. All service agreements include provisions for:
●Data confidentiality and appropriate security measures
●Compliance with applicable data protection laws (DPDP Act 2023 and RBI guidelines)
●Data breach notification requirements
●Data retention and deletion obligations
When customers interact directly with third-party services, their own privacy policies apply. NABKISAN is not responsible for the data practices of external websites.8
Data Retention and Storage Policy
NABKISAN retains customers' personal information as per the Preservation of Records policy of NABKISAN. The Company commits to data localization requirements and secure storage practices throughout the retention period.Upon expiry of the retention period, or when customers exercise their right to data deletion, the Company will purge the respective data from its systems, subject to any overriding legal or regulatory obligations.
9
Data Security Measures and Breach Notification
Technical Security Measures
●End-to-end encryption for data transmission and storage
●Multi-factor authentication for system access
●Advanced firewalls with intrusion detection systems
●Role-based access controls
●Automated backup with disaster recovery capabilities
●Regular security updates and patch management
●Continuous monitoring systems
Breach Notification Protocol
Within 24 hrsContain and Assess: Contain the breach and assess its scope and impact.
Within 72 hrsRegulatory Notification: Notify the Data Protection Board of India as required under DPDP Act 2023.
PromptlyCustomer Notification: Inform affected individuals if the breach poses high risk — including nature of data involved, likely consequences, and remedial measures taken.
10
Rights of Data Principals
Under the Digital Personal Data Protection Act, 2023, customers have the following rights:
10.1 Right to Information & AccessObtain information about personal data being processed, processing purposes, categories of data, retention duration, and data sharing details.
10.2 Right to Correction & ErasureCorrect inaccurate data, update information, and request deletion when data is no longer necessary or consent is withdrawn.
10.3 Right to Portability & NominationReceive data in machine-readable format. Nominate another person to exercise rights in case of death or incapacity.
10.4 Right to Grievance RedressalLodge complaints through our internal grievance mechanism or escalate to the Data Protection Board of India.
10.5 How to Exercise Your Rights
Submit written requests through our official channels with adequate identification. NABKISAN will respond within the prescribed timeframe under DPDP Act.11
Cookie Usage and Management
The Company deploys cookies and similar technologies to enhance user experience through personalization, remember customer preferences and login information, analyze website traffic patterns, provide targeted content, and ensure robust security while preventing fraudulent activities.Customers retain full control over cookie preferences through browser settings, opt-out mechanisms on our website, privacy settings within our mobile application, and third-party opt-out tools.
Note: Disabling or blocking cookies may impact the functionality and user experience of our digital services, potentially limiting access to certain features.
12
Protecting Personal Data of Aadhaar Number Holders
NABKISAN currently conducts e-KYC through DigiLocker, which does not involve storing Aadhaar numbers. However, subject to obtaining an AUA/KUA license from UIDAI or onboarding onto NPCI's e-Setu platform, NABKISAN may directly access Aadhaar data for seamless KYC, including photograph verification.If Aadhaar numbers are stored in NABKISAN's internal systems for any purpose such as e-KYC, deduplication, or unique identification, NABKISAN will strictly adhere to UIDAI guidelines, including secure storage within an Aadhaar Data Vault.
13
Data Quality
The Company notifies all individuals and customers that it is their primary responsibility to provide accurate, complete, and relevant information to maintain the quality and integrity of data maintained within Company systems.The Company provides designated personnel and contact mechanisms through which customers may request amendments or deletion of their personal information.
14
Limitation of Liability
14.1 Scope of Liability
To the fullest extent permitted by applicable law, NABKISAN Finance Limited disclaims all liability for damages arising from use of our digital platforms; any unauthorized access to or alteration of personal information; any technical malfunction; any loss resulting from data transmission over the internet; or any action by third-party service providers.14.2 Specific Disclaimers
●Any direct, indirect, special, incidental, punitive, or consequential damages
●Loss of profits, business interruption, or loss of business information
●Damages arising from delays, interruptions, errors, or omissions in transmission
●Any liability for content posted by users or third parties on our platforms
●Damages resulting from viruses, malware, or other harmful components
14.3 Regulatory Exception
This limitation shall not apply to obligations imposed by RBI or other regulatory authorities, statutory rights that cannot be waived under Indian law, cases of proven gross negligence or willful misconduct, or data protection violations resulting from failure to implement adequate security measures.15
Operational Guidelines
The Operational Guidelines of the Privacy Policy of NABKISAN will be reviewed and approved by the MD & CEO as per the recommendations of the IRMC.
16
Grievance Redressal
16.1 Grievance Mechanism
For any privacy-related concerns, customers may submit a grievance at nabkisan.org/grievance-redressal.16.2 Complaint Resolution Process
Step 1Registration: Submit complaint through email, phone, or written communication.
Step 2Acknowledgment: We will acknowledge receipt within 2 working days.
Step 3Investigation: Thorough investigation within 21 days of receipt.
Step 4Resolution: Appropriate action and communication of resolution.
Step 5Follow-up: Ensure satisfactory resolution and preventive measures.
16.3 External Forums
If not satisfied with our resolution, customers may escalate to the Complaint Management System (CMS) portal under the Reserve Bank Integrated Ombudsman Scheme, or to Data Protection Authorities as established under applicable laws.17
Communication and Marketing
17.1 Email, SMS and WhatsApp Communications
By providing a mobile number or email and consenting to receive communications, customers agree to receive transactional messages related to loan accounts, payments, and service updates; promotional messages about our financial products; important notifications regarding regulatory changes; and customer service communications.17.2 Communication Frequency and Charges
Message frequency may vary based on account activity. Standard SMS and data rates may apply as per the customer's telecom service provider.17.3 Opt-Out Mechanisms
Customers may opt out of receiving promotional communications at any time by sharing their preferences using the contact details provided on our website.17.4 Third-Party Marketing
NABKISAN does not sell, rent, or share contact information with third parties for their marketing purposes. Any promotional communications will only be sent by NABKISAN Finance Limited or our authorized service providers.18
Changes to Privacy Policy
The Company reserves the right to modify, update, or change this Privacy Policy at any time without prior notice. The policy will be reviewed on an annual basis.All modifications shall become effective immediately upon posting on www.nabkisan.org. Continued use of Company services following policy updates constitutes acceptance of the revised Privacy Policy.
19
Contact Information
Have a privacy-related query?For any questions or concerns related to this Privacy Policy, reach out through our official website contact channels.