NABKISAN Finance Limited is a Non-Banking Financial Company (NBFC) registered with the Reserve Bank of India (RBI) and a subsidiary of NABARD. This Privacy Policy explains how we collect, use, process, store, share and protect your personal and non-personal information when you access or use the FPO Connect mobile application, made available to existing Farmer Producer Organization (FPO) clients of NABKISAN.
IT Act, 2000DPDP Act, 2023RBI DirectionsDigital Lending Directions, 2025KYC Directions, 2016
1
Introduction
NABKISAN Finance Limited ("NABKISAN", "NKFL", "we", "us" or "our") is an NBFC registered with the Reserve Bank of India (RBI) and a subsidiary of the National Bank for Agriculture and Rural Development (NABARD). We are committed to protecting the privacy and security of the personal information of our customers.This Privacy Policy explains how we collect, use, process, store, share, and protect customer personal and non-personal information when the customer accesses or uses the FPO Connect mobile application (the "App" or "FPO Connect"), which is made available to existing FPO clients of NABKISAN.
This Policy is designed in compliance with
The Information Technology Act, 2000 and the Rules framed thereunder
The Digital Personal Data Protection Act, 2023 (DPDP Act)
Directions and Master Directions issued by the Reserve Bank of India, including the RBI Digital Lending Directions, 2025
Know Your Customer (KYC) Directions, 2016 and subsequent amendments
Other applicable Indian laws and regulations
By downloading, installing or using the App, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy.2
Definitions
App — The FPO Connect mobile application operated by NABKISAN Finance Limited and available on the Google Play Store.
Customer / Data Principal / User / you / your — Any existing FPO client of NABKISAN whose personal data is being processed in connection with the App.
Data Breach — Any unauthorized access, use, disclosure, modification, or destruction of personal data that compromises its security, confidentiality, or integrity.
Personal Data — Any data about an individual or FPO entity who is identifiable by or in relation to such data, including sensitive personal information such as financial and account information.
Processing — Includes collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, erasure, or destruction of personal data.
Services — The functionalities made available through the App, including viewing loan account details, making loan repayments, downloading the Sanction Letter, requesting additional / top-up loans, accessing your Business Development Manager's contact details, and raising grievances.
Third Party — Any person, company, or entity other than NABKISAN or the Data Principal.
3
Applicability
This Privacy Policy applies to all existing FPO customers of NABKISAN who access or use the App. The Policy governs the collection, processing, storage, and sharing of personal data in connection with all Services rendered through FPO Connect.It is applicable to all data processing activities conducted by NABKISAN in India and extends to any personal data collected from users while using the App. The Policy takes effect immediately upon your first use of the App and supersedes any previous privacy policies relating to the App.
4
Consent
4.1 Express Consent
By logging into the App using your User ID (PAN Number) and Password, you provide your free, specific, informed, unconditional and unambiguous consent to NABKISAN to collect, store, use, process, transfer and share your personal data for the purposes described in this Policy.In accordance with the RBI Digital Lending Directions, 2025, NABKISAN shall refrain from accessing mobile device resources such as files, media, contact lists, call logs, telephony functions, and other device features. Such access shall be permitted only when operationally essential for delivering financial services to you or when you have provided explicit consent. The App commits to minimal and purpose-limited access to mobile device resources.4.2 Specific Consents
By using FPO Connect, you further consent to the following:Storage and use of your login credentials for authentication and session management
Processing of payment instructions initiated by you for loan repayment through the online payment facility within the App
Generation and delivery of your Sanction Letter in PDF format for download through the App
Routing of complaints raised through the in-app Grievance Redressal Form, including supporting documents, to our authorised grievance management platform (Zoho) for tracking and resolution
Collection of device-level and usage-related information required for secure delivery of the Services, fraud prevention and regulatory compliance
4.3 Withdrawal and Deemed Consent
You may withdraw your consent at any time by contacting us; however, such withdrawal may limit our ability to provide certain Services, affect the operation of existing loan accounts, and restrict access to digital features. Withdrawal of consent will not affect the lawfulness of processing conducted prior to withdrawal, and NABKISAN may continue to process and retain customer information where required by applicable laws or regulations.In certain circumstances, as permitted by applicable law, NABKISAN may process customer information based on deemed consent, particularly for compliance with legal and regulatory obligations, prevention of fraud, ensuring transaction security, and credit assessment or recovery activities.Important: Withdrawing consent may limit access to certain Services and affect the operation of your existing loan accounts.
5
Information We Collect
5.1 Personal Information
As FPO Connect is offered only to existing NABKISAN customers whose KYC has already been completed at the time of Client Creation, NABKISAN does not collect fresh KYC information through the App. However, we may collect, record and process the following categories of information in connection with your use of the App:Identity and authentication details — PAN (used as your User ID), and password / one-time passwords (OTPs) used for authentication and password reset.
Contact information — Registered email address and mobile number in our records, used to send OTPs, transactional alerts, password-reset links and service notifications.
Loan and financial information — Loan account number, loan type, sanctioned amount, outstanding amount, overdue amount, interest rate, tenure, start / end dates, loan balance, upcoming demand, loan status and transaction history.
Payment information — Payment instructions initiated by you through the online payment facility and corresponding transaction references.
Additional loan request information — Details submitted by you in the FPO Request form while applying for an additional loan or top-up.
Grievance information — Name, title, email, mobile number, address (Line 1, Line 2, District / City, State, Pin Code), complaint category, subject, description and supporting documents uploaded while raising a complaint.
5.2 Technical and Usage Information
We may automatically collect certain non-personal and technical information when you use the App, including:Device information — Device model, operating system and version, unique device identifier and mobile network information.
Log information — Access time, IP address, in-app activity, crash reports and diagnostic data.
General location — Derived from IP address (not precise device GPS location unless required for a specific feature and explicitly consented to by you).
This information is primarily used to improve the App, conduct analytics in aggregated form, strengthen security and detect fraudulent activity.5.3 Sources of Information
Information provided directly by you while using the App (for example, raising a complaint, initiating a payment, or submitting an additional-loan request)
Information already available in NABKISAN's records in connection with your existing loan relationship
Information received from authorised third parties such as payment gateways, banking partners, Credit Information Companies and government databases, to the extent permissible under applicable law
Information collected automatically through the App as described above
6
Purposes of Processing
Your personal information is collected and processed for the following purposes:
Authenticating your access to the App and providing a secure login experience
Displaying your loan portfolio, loan summary, account statement, outstanding amounts, upcoming demand and transaction history
Facilitating loan repayments initiated by you through the online payment facility
Generating and delivering the Sanction Letter in PDF format for download
Receiving and processing requests for additional / top-up loans submitted through the FPO Request form
Receiving, tracking and resolving complaints raised through the Grievance Redressal Form
Sending transactional communications, service updates, OTPs and regulatory notifications
Reporting to Credit Information Companies under the Credit Information Companies (Regulation) Act, 2005
Complying with applicable laws, regulatory requirements, directions of RBI, NABARD and other regulators, and responding to lawful requests from governmental authorities
Preventing, detecting and investigating fraud, unauthorised activity, breaches of our terms and other security-related events
Conducting internal audits, risk management and strengthening operational controls
7
Data Sharing and Disclosure
7.1 Internal Sharing
Within NABKISAN, customer information is accessible only to authorised personnel who require it for:Loan servicing and account administration
Customer service and support
Risk management and regulatory compliance
Internal audits and regulatory reporting
7.2 External Sharing
We may share your information with the following categories of third parties, subject to applicable law:Authorised service providers including technology vendors, cloud service providers, payment aggregators / payment gateways, SMS and email service providers, and professional advisers
Our grievance management platform provider (Zoho) for receiving, storing and tracking complaints raised through the Raise Complaint feature
Financial partners such as co-lending partners, NBFCs, banks, credit guarantee organizations, and credit rating agencies, as necessary for servicing your loan
Regulatory and statutory authorities including RBI, NABARD, other financial regulators, Credit Information Companies (CICs), government departments, tax authorities, and statutory auditors
All service agreements with third parties who process personal data on our behalf include provisions for data confidentiality, appropriate security measures, compliance with applicable data protection laws (including the DPDP Act, 2023 and RBI guidelines), data breach notification requirements, and data retention / deletion obligations.Note: NABKISAN does not sell, rent, or trade your personal data to any third party for their independent marketing purposes.
8
Third-Party Sites and Services
The App may integrate or redirect you to third-party platforms for specific functionalities (for example, an external payment gateway for executing repayments, or an external grievance management platform for tracking complaints). When you interact directly with such third-party services, their own privacy policies and terms of use apply. NABKISAN is not responsible for the data practices of external platforms beyond the scope of our contractual relationships.
9
Data Retention and Storage
NABKISAN retains customer personal information in accordance with the Preservation of Records Policy of NABKISAN and applicable statutory retention periods (including those prescribed under the Prevention of Money Laundering Act, 2002, RBI Directions and the Income-tax Act, 1961). The Company adheres to data localization requirements and secure storage practices throughout the retention period. Upon expiry of the retention period, or when you validly exercise your right to erasure, NABKISAN will delete or anonymize the data from its systems, subject to any overriding legal or regulatory obligations.
10
Data Security Measures
NABKISAN implements comprehensive technical, organizational and physical security measures commensurate with the sensitivity of the information being processed, including:
Encryption of data in transit and at rest using industry-standard protocols
Multi-factor authentication for system access and OTP-based verification for sensitive operations
Advanced firewalls, intrusion detection and prevention systems, and continuous security monitoring
Role-based access controls, least-privilege principles and periodic access reviews
Automated backup with disaster recovery capabilities and regular patch management
Robust information security policies, employee security training, background verification for personnel handling data, and periodic third-party security assessments
Physical security at data centres including 24x7 monitoring, biometric access controls, surveillance systems and environmental controls
Despite the measures taken, no method of electronic transmission or storage is completely secure. You acknowledge that NABKISAN shall not be held liable for any loss suffered by you on account of any breach that occurs despite the implementation of reasonable security practices and procedures.11
Data Breach Notification
In the event of a personal data breach, NABKISAN will:
ContainContain & Assess: Contain and assess the breach within a reasonable time and within timelines prescribed under applicable law.
InvestigateInvestigate: Conduct a thorough investigation to determine the scope and impact.
Notify DPBRegulatory Notification: Notify the Data Protection Board of India within the timeline stipulated under the DPDP Act, 2023.
Inform UsersCustomer Notification: Inform affected individuals promptly where the breach is likely to pose a high risk to their rights and freedoms.
RecordRecordkeeping: Maintain comprehensive records of all data breaches, including facts, effects and remedial actions taken.
12
Rights of Data Principals
Under the Digital Personal Data Protection Act, 2023, you have the following rights in relation to your personal data:
12.1 Right to Information & AccessObtain confirmation of whether your data is being processed, the purposes, categories of data, identity of data fiduciaries and processors, retention duration and details of data sharing with third parties.
12.2 Right to Correction & ErasureRequest correction of inaccurate or incomplete data, updation of information, and deletion when data is no longer necessary, consent is withdrawn, or processing is unlawful (subject to legal / business retention).
12.3 Right to Portability & NominationWhere technically feasible, receive data in machine-readable format or direct transfer to another provider; nominate another person to exercise rights in case of death, incapacity or legal inability.
12.4 Right to Grievance RedressalLodge complaints about our data processing through our internal grievance mechanism and escalate unresolved grievances to the Data Protection Board of India.
12.5 How to Exercise Your Rights
Submit written requests through the official channels published on our website, together with adequate identification and specific details of the request. NABKISAN will respond within the prescribed timeframe under the DPDP Act. These rights may be restricted where exercise would adversely affect others' rights, legal compliance is required, or processing is necessary for legal claims.12.6 Account Deletion
You may request deletion of your FPO Connect account by submitting a request through the in-app Grievance Redressal Form or by contacting NABKISAN Finance Limited at IT@nabkisan.org. Upon verification of your identity, access to the App will be disabled. Notwithstanding such deletion, NABKISAN may retain certain records as required to comply with applicable laws, regulatory requirements, dispute resolution, and enforcement of legal rights. All data no longer required for such purposes will be securely deleted or anonymized.13
Cookies and Similar Technologies
The App may use cookies and similar technologies to enhance user experience, remember preferences, authenticate sessions, analyse usage patterns and strengthen security. In the context of a mobile application, these technologies may be used primarily within embedded web views or through integrated third-party services.
14
Protection of Sensitive Information
NABKISAN handles all sensitive personal information (including financial account details and authentication credentials) with the highest level of confidentiality. The App does not store your complete banking credentials on the device. Payment-related information processed through external payment gateways is handled in accordance with PCI-DSS and RBI guidelines applicable to such intermediaries.
15
Communications
By providing your mobile number and email address to NABKISAN, and by using the App, you agree to receive the following categories of communications:
Transactional messages related to your loan account, payments and service updates (including OTPs, payment receipts and reminder notifications)
Important notifications regarding regulatory changes, policy updates and security alerts
Customer service and support communications
No third-party or unrelated promotional messages are sent through the App; any promotional communication is limited to NABKISAN's own financial products relevant to your existing credit relationship
Message frequency may vary based on account activity. Standard SMS and data rates may apply as per your telecom service provider.16
Children
The App is not directed to, nor intended for use by, individuals below the age of 18 years. NABKISAN does not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will take appropriate steps to delete such information.
17
Changes to this Privacy Policy
NABKISAN reserves the right to modify, update or change this Privacy Policy at any time to reflect evolving business requirements, regulatory changes or operational enhancements. The Policy will be reviewed on an annual basis.Updates will become effective upon posting on www.nabkisan.org and within the App, and will be deemed to have been disclosed to all users. You are encouraged to periodically review this Policy. Continued use of the App following policy updates constitutes acceptance of the revised terms.
18
Grievance Redressal
For any privacy-related concerns, complaints or queries, you may reach us through our Grievance Redressal channels. Any complaint submitted through the App via the in-app Grievance Redressal Form is routed to the concerned department through our authorised grievance management platform (Zoho) for tracking and resolution.
Complaint Resolution Process
Step 1Registration: Submit complaint through the in-app Grievance Redressal Form, email or written communication.
Step 2Acknowledgment: Receipt acknowledged within 2 working days.
Step 3Investigation: Thorough investigation within 21 days of receipt.
Step 4Resolution: Appropriate action taken and resolution communicated to you.
Step 5Follow-up: Preventive measures put in place to avoid recurrence.
Escalation
If you are not satisfied with our resolution, you may escalate to the Complaint Management System (CMS) portal under the Reserve Bank – Integrated Ombudsman Scheme, and to the Data Protection Board of India, as established under the DPDP Act, 2023. Detailed grievance redressal procedures are available at nabkisan.org/grievance-redressal.19
Contact Information
Have a privacy-related query?NABKISAN Finance Limited — 48, Ground Floor, NABARD TNRO Building, Mahatma Gandhi Road, Nungambakkam, Chennai – 600 034. Telephone: 044 – 2827 0138 / 4213 8700. Email: IT@nabkisan.org. Website: www.nabkisan.org
Email Us