Privacy Policy

This Privacy Commitment is applicable to personal information and sensitive personal data or information, including information that is of a confidential nature (“Customer Information”) belonging to the customers, potential customers, and other users of the Services (“Customer(s)” or “you”) of ICICI Home Finance Company Limited, its affiliates and group companies (collectively, “ICICI HFC”, “we”, “our”, or “us”).

In the course of using this website, mobile applications or applying for/availing the products and services vide the online application forms and questionnaires, other points of sales, third party platforms, or through communications, by electronic means or otherwise, or any other mode/platform communicated/introduced by ICICI HFC from time to time (collectively, the “Services”), ICICI HFC may collect, receive, possess, store, use, deal, handle, transfer, retain and otherwise process Customer Information. By using or otherwise accessing our Services, you confirm that you have read and agreed to be bound by this Privacy Commitment and consent to the collection, receipt, possession, storage, usage, dealing with, handling, processing, transfer and retention of your Customer Information by ICICI HFC as described in this Privacy Commitment. Home Finance Company Limited ("ICICI HFC") and its Affiliates may become privy to the personal information of its customers, including information that is of a confidential nature. ICICI HFC is strongly committed to protecting the privacy of its customers and has taken all necessary and reasonable measures to protect the confidentiality of the customer information and it shall not be held liable for disclosure of the confidential information when in accordance with this Privacy Commitment or in terms of the agreements, if any, with the customers. ICICI HFC endeavours to safeguard and ensure the security of the information provided by the customer.

Customer Information

Customer Information includes, without limitation, the following categories of personal data/sensitive personal data that we may collect, receive, possess, store, use, deal, handle, transfer, and otherwise process as per applicable laws:

  1. Data about you: This may include, without limitation, your name, user IDs, signature, email addresses, phone numbers, addresses, KYC/identity documents (for example: Masked Aadhaar and PAN), biometric data, communications with us, device and location data, information about how you use our Services, etc.

  2. Financial data: This includes, without limitation, information about your bank account details, financial information, payment credentials, transaction data, loan details such as amounts, lending history, and repayments, credit history and income details etc..

  3. Marketing and communications data: This includes, without limitation, your preferences relating to receiving marketing messages from us and our service providers, and your communication preferences.

You must ensure that all Customer Information that you provide us with is accurate, up-to-date, and true. You will be responsible for any errors, discrepancies, or inaccuracies in the Customer Information you share with us, except for such Customer Information that has been verified through KYC processes set out by applicable law and backed by documentary proof. When you use our Services, we make best efforts to provide you with the ability to access and correct inaccurate or deficient Customer Information, subject to any legal requirements.

Collection of Customer Information

We are required to collect Customer Information to provide you with the Services, to comply with our contractual obligations and applicable law. If you do not wish to provide such Customer Information as and when requested by us, it will diminish our ability to perform our obligations under the arrangement we have with you or are trying to enter into with you (for example, to provide you with features of the Services). And consequently, we may be constrained to cancel or limit your access to the Services (or part thereof). We use different methods to collect Customer Information from and about you, including, without limitation, through:

  1. Direct interactions: This includes Customer Information you consent to give us when you use our Services or when you interact with us, including, without limitation, when you:
    1. create an account with us;
    2. use the Services or carry out other activities in connection with the Services;
    3. consent to receiving marketing communications; or
    4. report a problem with the Services, give us feedback, or contact us.
  2. Automated technologies or interactions: When you use the Services, we may automatically collect data about your equipment, browsing actions, and patterns. We collect this data by using cookies, web beacons, pixel tags, server logs, and other similar technologies. We may also receive such data about you if you visit other websites that use our cookies.
  3. Third parties or publicly available sources: We receive Customer Information from publicly available sources as well as various third parties, such as our service providers, credit bureaus, partners, alliance partners, group companies, agents, affiliates and government portals.
Cookies

The ICICI HFC website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies that are text files containing small amounts of information (this does not include personal sensitive information) which are downloaded to your device when you visit a website in order to provide you a personalised browsing experience. Cookies do lots of different jobs, like allowing you to navigate between pages efficiently, remembering your preferences, and generally improving your browsing experience. These cookies collect information analytics about how you use a website (for example: often visited pages).

We may contact third-party service providers to assist us in better understanding our site visitors. These service providers may use the information collected on our behalf to help us conduct and improve our Services. Additionally, you may encounter cookies or other similar devices that are placed by third parties on certain pages of the website. We do not control the use of cookies by third parties. All information collected by third party cookies is aggregated and therefore anonymous. You are free to disable or delete these cookies by changing your web browser settings. ICICI HFC is not responsible for cookies placed in Customers’ devices by any third party and information collected thereby.

Use of Customer Information

We will only use your Customer Information as permitted under applicable law or pursuant to contractual obligations. Most commonly, we will use your Customer Information to perform the Services or to comply with a legal/contractual obligation. We use your Customer Information without limitation, for the following purposes:

  1. to verify your identity to register you as a Customer, and create and operate your account(s) with us;
  2. to provide the Services to you;
  3. to comply with legal obligations;
  4. to administer and protect our business and the Services, including for troubleshooting, data analysis, system testing, and performing internal operations;
  5. for risk control, fraud detection, and prevention;
  6. to perform our obligations that arise out of the arrangement we are about to enter or have entered with you;
  7. to respond to court orders, establish or exercise our legal rights, or defend ourselves against legal claims;
  8. to improve customer service to effectively respond to your service requests and support needs;
  9. to improve the functionality of our Services based on the information and feedback we receive from you;
  10. to send notifications to manage our relationship with you including to notify you of changes to our Services, send you information and updates pertaining to the Services you have availed, and to receive occasional company news and updates related to us or the Services;
  11. to monitor trends and personalise your experience;
  12. to market and advertise the Services to you;
  13. to improve our business.
  14. Cross sell any products or services of ICICI HFC or its Affiliates/Group Companies 
Disclosure of Customer Information

ICICI HFC undertakes not to disclose the information provided by the customers to any person, unless such action is necessary to:

  • Conform to legal requirements or comply with legal process.
  • Protect and defend ICICI HFC's or its Affiliates' rights, interests or property.
  • Enforce the terms and conditions of the products or services.

The Customers shall not disclose to any other person, in any manner whatsoever, any information relating to ICICI HFC or its Affiliates of a confidential nature obtained in the course of availing the services through the website. Failure to comply with this obligation shall be deemed a serious breach of the terms herein and shall entitle ICICI HFC or its Affiliates to terminate the services in addition to its other rights and remedies, without prejudice to any damages, to which the customer may be entitled otherwise.

ICICI HFC will limit the collection and use of customer information only on a need-to-know basis to deliver better service to the customers and for the purpose mentioned under “Use of Customer Information”. ICICI HFC may use and share the information provided by the customers with its Affiliates and third parties for providing services and any service-related activities, and notifying or contacting the customers regarding any problem with, or the expiration of, such services. In this regard, it may be necessary to disclose the customer information to one or more agents and contractors of ICICI HFC and their sub-contractors, but such agents, contractors, and sub-contractors will be required to agree to use the information obtained from ICICI HFC only for these purposes.

The Customer authorises ICICI HFC to exchange, share, part with all information related to the details and transaction history of the customers to its Affiliates/ banks/ financial institutions/ credit bureaus/ agencies/ participation in any telecommunication or electronic clearing network as may be required by law, customary practice, credit reporting, statistical analysis and credit scoring, verification or risk management and shall not hold ICICI HFC liable for use or disclosure of this information.

Updates to this Privacy Commitment

We may occasionally update this Privacy Commitment. By using our Services after such update, you consent to updates made to this Privacy Commitment.

We encourage you to periodically review this Privacy Commitment for the latest information on our privacy practices.

Contact Us and Details of Grievance Officer

We understand that you may have questions about your rights under this Privacy Commitment, on how we process or handle your Customer Information, or may otherwise want to understand these aspects. We welcome you to reach out to us with your queries, grievances, feedback, and comments at: customer.care@icicihfc.com

Name: Hrishikesh Kadam 

Designation: Grievance Officer

Email: nodal.office@icicihfc.com

Office Number: 022-66493844

For the purpose of this Privacy Commitment, Affiliate of ICICI HFC shall mean and include any company which is the holding company or subsidiary of ICICI HFC, or any person under the control of or under common control with ICICI HFC or in more than 26% of the voting securities of which ICICI HFC has a direct or beneficial interest or control.

For the purpose of this definition of Affiliate, "control" together with grammatical variations when used with respect to any person, means the power to direct the management and policies of such person, directly or indirectly, whether through the ownership of the vote carrying securities, by contract or otherwise howsoever; and "person" means a company, corporation, a partnership, trust or any other entity or organisation or other body whatsoever.

 

Privacy for EU Customers

INTRODUCTION

ICICI HOME FINANCE COMPANY LIMITED, a company incorporated under the Companies Act, 1956 and having its registered office at ICICI Bank Towers, Bandra-Kurla Complex, Mumbai - 400051, and its corporate office at ICICI HFC Towers, JB Nagar, Andheri-Kurla Road, Andheri (East), Mumbai - 400059 (herein referred to as “ICICI HFC”,” we” or “ours” or “us” which expression shall unless it is repugnant to the subject or context thereof, include its successors and assigns) is committed to the privacy and security of your personal data.  We shall process any personal data we collect from you in accordance with Data Protection Legislation(defined below) and the provisions of this Privacy Notice. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

In this Privacy Notice:

Data Protection Legislation means the EU General Data Protection Regulation 2016/679 ("GDPR") together with all other applicable and national implementing legislation relating to privacy or data protection; and where we use the terms "personal data", "data subject", "controller", "processor" and "process" (and its derivatives), such terms shall have the meanings given to them in the Data Protection Legislation.

DATA SHARING

For the purpose of GDPR, ICICI HFC is the data controller of your information. This means that we are responsible for deciding how we hold and use your personal data. We are required under Data Protection Legislation to notify you of the information contained in this Privacy Notice.

COLLECTING INFORMATION FROM YOU

ICICI HFC will collect and process your personal data you provide us through application forms, our website, face-to-face and electronic communication (including telephone conversations) in order to provide our services to you.

THE KIND OF INFORMATION WE PROCESS ABOUT YOU INCLUDE

  • Personal details such as name, address, date of birth, place of birth, father’s name, mother’s name, spouse name, email address, legal status, nationality, marital status, number of dependents, gender and phone numbers
  • Other information such as visa, passport, overseas tax-identification number, and an overseas country-specific unique identifier
  • Current overseas residential address and permanent residential address and proof of overseas address such as an address on passport, bank statements, national ID cards, and photographs
  • Transaction details
  • Financial Information
  • If you are seeking specialized services as permitted under applicable law, then your investment risk appetite and preferences, current investments profile and investment objectives and goals as shared by you in the nature of your occupation, education, and qualifications, annual income, and source of income
  • Details of nominee, witnesses, guardian which includes their signatures, addresses, and relationship with you
  •  IP addresses
  • CCTV footage and other information obtained through electronic means
  • Cookies (please see our COOKIES policy)

ADVERTISING AND MARKETING

Links

There are links on our website leading to other websites. This Privacy Notice does not extend to those websites. We, therefore, would recommend you to read the data safeguarding policies of these websites.

Security

ICICI HFC takes the security of your personal data seriously. We have put in place appropriate technical and organizational security measures to protect your personal data and to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized manner, altered, or disclosed. These precautions include for example the transfer of all data entered into our internet presence using SSL encryption (128 bit) or the use of a mandatory authentication mechanism for access to your account.

LAWFUL GROUNDS FOR USING YOUR INFORMATION

We are permitted to process your personal data in compliance with Data Protection Legislation by relying on one or more of the following lawful grounds:

  • You have explicitly agreed to us processing such information for a specific reason.
  • The processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you.
  • The processing is necessary for compliance with the legal obligations we have under certain laws.
  • The processing is necessary for the purposes of a legitimate interest pursued by us, which might be:    
    • To provide services to you
    • To ensure that our customer accounts are well-managed; 
    • To prevent, detect, investigate and prosecute fraud and alleged fraud, money   laundering and other crimes and to verify your identity in order to protect our business and to comply with laws that apply to us and/or where such processing is a contractual requirement of the services or financing you have requested;
    • To protect our business interests;
    • To ensure that complaints are investigated;
    • To evaluate, develop or improve our services; or
    • To keep our customers informed about relevant services unless you have indicated at any time that you do not wish us to do so.

PURPOSES OF COLLECTING AND PROCESSING YOUR PERSONAL DATA

Specifically, we and our other group companies may use your information for the following purposes and under the following legal basis:

How we use your information

Legal basis

To provide and manage your account(s) and our relationship with you

·      Where necessary for the performance of our agreement or to take steps to enter into an agreement with you

·      Where it is required by applicable laws

·     Where it's in our legitimate interests to ensure that our customer accounts are well-managed, so that our customers are provided with a high standard of service, to protect our business interests and the interests of our customers

To give you statements and other information about your account or our relationship

·     Where necessary for the performance of our agreement or to take steps to enter into an agreement with you

·     Where it is required by applicable laws

To handle enquiries and complaints

·     Where necessary for the performance of our agreement or to take steps to enter into an agreement with you

·     Where it is required by applicable laws

·     Where it's in our legitimate interests to ensure that complaints are investigated, for example, so that our customers receive a high standard of service and we can prevent complaints from occurring in future

·     In the case of sensitive information, such as medical information, where you have agreed

To provide our services to you

·     Where necessary for the performance of our agreement or to take steps to enter into an agreement with you.

·     Where it is required by applicable laws.

For assessment, testing (including systems tests) and analysis (including credit and/ or behaviour scoring), statistical, market and product analysis and market research.

·     Where it is required by applicable laws.

·      Where it's in our legitimate interests to develop, build, implement and run business models and systems which protect our business interests and provide our customers with a high standard of service.

To evaluate, develop and improve our services to you and other customers

·     Where it’s in our legitimate interests continually to evaluate, develop or improve our products as well as the experiences of users of our websites, so that our customers are provided with a high standard of service.

To protect our business interests and to develop our business strategies

·     Where it's in our legitimate interests to protect our people, business and property and to develop our strategies.

·     Where necessary for the performance of our agreement or to take steps to enter into an agreement with you.

·     Where it is required by applicable laws.

·     In the case of sensitive information, where you have agreed.

To contact you, by post, phone, text, email and other digital methods. This may be:

  • to help you manage your accounts
  •  to meet our regulatory obligations
  •  to keep you informed about products and services you hold with us and to send you information about products or services (including those of other companies) which may be of interest to you.

 

·     Where it is required by applicable laws.

·     Where we have agreed to contact you in our agreement.

·     Where you have agreed for the same.

·     Where it’s in our legitimate interests to share information with our customers about products / services that may be relevant and beneficial to them. Where we send you marketing messages, you can always tell us when you no longer wish to receive the same.

To collect any debts owing to us

·     Where it's in our legitimate interests to collect any debts owing to us.

·     In the case of sensitive information, such as medical information racial or ethnic origin, where you have agreed.

To meet our regulatory compliance and reporting obligations and to prevent, detect, investigate and prosecute fraud and alleged fraud, money laundering and other crimes. We may record your image on CCTV when you visit our premises.

·     Where the law requires this

·     Where it's in our legitimate interests to prevent and investigate fraud, money laundering and other crimes

·      Where such processing is a contractual requirement for the services or financing you have requested.

To assess any application you make, including carrying out checks related to fraud, money laundering, identity, sanctions screening and any other regulatory checks.

·     Where you have made data public.

·     Where such actions are in our legitimate interests, for the protection of our business interests.

·     Where it is required by applicable laws.

·     In the case of sensitive information, where you have agreed.

To monitor, record and analyze any communications between you and us, including phone calls

·     Where it’s in our legitimate interests, to check your instructions to us, to prevent and detect fraud and other crime, to analyze, assess and improve our services to customers, and for training, for the enhancement of our customer service provision and protection of our business interests.

·     In the case of sensitive information, such as medical information, where you have agreed.

To transfer your information to or share it with any third party to whom your account has been or may be transferred following a restructure, sale or acquisition of any group company

·     Where necessary for the performance of our agreement with you.

·     Where we have a legitimate interest in restructuring or selling part of our business.

To share your information with relevant tax authorities, Reserve Bank of India/ National Housing Bank and other government authorities, credit reference agencies, credit information companies, information utilities, fraud prevention agencies, and any other Indian and overseas regulators and authorities

·     Where it is required by applicable laws.

·     Where we have a legitimate interest in performing certain credit checks so that we can make responsible business decisions. As a responsible organisation, we need to ensure that we only provide certain products to companies and individuals where the products are appropriate, and that we continue to manage the services we provide, for example if we consider that you may have difficulties in making a payment to us.

·     Where we have a legitimate interest in assisting with the prevention and detection of fraud and other crime.

·     Where we have a legitimate interest in assisting Indian or overseas regulators, who monitor us to ensure compliance with the applicable laws and regulations

·     More details on our data sharing with these organisations is set out below

To share your information with our partners and service providers

·     Where necessary for the performance of our agreement.

·     Where we have a legitimate interest in using third parties to provide some services for us or on our behalf.

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you or we may be prevented from complying with our legal obligations.


AUTOMATED DECISION MAKING

If you apply to us for a product, your application may be processed by an automated decision-making process which may carry out credit and affordability assessment checks to determine whether your application should be accepted or not. Where these automated processes suggest that your application should be rejected, we may manually review your application before making a final decision. We may also use automated processes to decide credit limits.

We may also carry out automated anti-money laundering and sanction checks. This means that we may automatically decide that you pose a fraud or money laundering risk if the processing reveals your behavior to be consistent with that of known fraudsters or money launderers and is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk: (i) we may refuse to provide the services you have requested, or we may stop providing existing services to you; and (ii) a record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services or employment to you.

INFORMATION SHARING

We keep all your personal data confidential. However, in order to be able to service your needs to the best of our ability, we may share any information you provide to us with our group companies and their agents, counterparties and support service or data providers, wherever located. If you have provided information to other members of our group, those entities may also share that information with us.


To help us provide services, your data will be processed internally and externally by other third parties. We use third parties for administrative, servicing, monitoring of your data. We will outsource some services to third parties whom we consider capable of performing the required processing activities so that there is no reduction in the service standard provided to you by us.

Due to the size and complexity of our operations, it is not possible for us to name each of our data recipients in this notice. However, we only share your personal data with categories of recipients given below:

  • Any revenue service or any tax authority, if obliged to do so under applicable regulations
  •  Any domestic regulator as maybe applicable and authorities in connection with their duties (such as crime prevention)
  • Anyone to whom we may transfer our rights and/or obligations;
  • Any other person or organization after a restructure, sale or acquisition, as long as that person uses your information for the same purposes as it was originally given to us or used by us (or both)
  •  Credit reference, identity, and address verification organizations may record and use your information and disclose it to other lenders, financial services organizations, and insurers. Your information may be used by those third parties to make assessments in relation to your creditworthiness for debt tracing
  • Fraud prevention agencies and law enforcement agencies will use it to prevent fraud and money-laundering and to verify your identity if false or inaccurate information is provided by you and fraud is identified. We, fraud prevention agencies and law enforcement agencies may access and use your information for example, when:
    • Checking details on applications for credit and credit related or other facilities;
    • Managing credit and credit related accounts or facilities;
    • Recovering debt;
    • Checking details on proposals and claims for all types of insurance
  • Other product and service providers for products and services which you would have agreed to avail or being referred to
  • Service providers as appointed from time to time for operational support to the ICICI HFC
  • Courier or postal service providers for the purpose of sending of emails to you as a customer
  • Social media websites for our marketing campaigns where permitted

For further information, please refer to our product-specific terms and conditions and application form.

DETAILS OF DATA TRANSFERS OUTSIDE THE EU

As we are a housing finance company established in India, if you are an EU resident, information about you will be transferred to us and to other parties in countries outside the European Economic Area (particularly India) for any of the purposes described in this Privacy Notice.  

You understand and accept that these countries may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information it holds and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies, and private persons, as a result of applicable governmental or regulatory inquiry, court order or another similar process. In addition, a number of countries have agreements with other countries providing for the exchange of information for law enforcement, tax and other purposes.  

If we transfer your information outside the European Economic Area (for example because we have to provide such information by law), we will use best endeavours to put in place appropriate safeguards to ensure that your information remains adequately protected.

RETENTION AND DISPOSAL OF DATA AND OUTPUT

We will keep the information we collect about you on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject.

STORAGE OF YOUR PERSONAL DATA AND DATA SECURITY

All information you provide to us is stored in our secure servers. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.  

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know basis. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

OUR COMMUNICATION WITH YOU

We may communicate with you via electronic mail (e-mail)or through call. We will never ask you for your password.  

When you contact us through any of our communication channels including visiting a local branch or calling any of our offices, we will verify your identity by asking you a number of questions based on information known to us about you and the transactions on your account. We may record your calls for training, quality and security purposes.

MARKETING INFORMATION

We and other members of our group may use your information from time to time to inform you by letter, telephone, text (or similar) messages, email or other electronic means, about similar services which may be of interest to you or them.

RIGHTS OVER YOUR PERSONAL DATA

You may be entitled under the Data Protection Legislation to the following rights in respect of your personal data:

  • Be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third party sources from which it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance and envisaged consequences).
  • Object to your personal data being processed for a particular purpose or to request that we stop using your information.
  •  Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you
  • Request not to be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data.
  • Withdraw, at any time, any consent that you have previously given to us for our use of your personal data.
  •  Ask us to stop or start sending you marketing messages at any time.
  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us.
  • Request the erasure of your personal data. This enables you to ask us to delete or remove personal data where you think that we do not have the right to process it.

Any request for access to or a copy of your personal data must be in writing and we will endeavor to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will provide this information free of charge unless the request is manifestly unfounded or excessive. We will comply with our legal obligations as regards any individual’s rights as a data subject.

If you would like to contact us to get more information on your rights, wish to exercise your rights, or have any questions about our privacy notice please contact us using the following contact details. To protect your privacy and security, we may take reasonable steps to verify your identity before providing you with the details.

Miss. Saeeqa Mohimtulay, The Data Protection Officer, ICICI HFC Tower, Andheri -Kurla Road, J.B. Nagar, Andheri East, Mumbai -400059

rightsundergdpr@icicihfc.com

RIGHT TO COMPLAIN TO THE SUPERVISORY AUTHORITY

You have a right to lodge a complaint with the supervisory authority of state of habitual residence.

CHANGES TO THIS PRIVACY NOTICE

The content or services mentioned on our website may be changed in future and consequently this Privacy Notice may also change. Any changes we may make to this Privacy Notice in the future will be posted on this page and where appropriate, notified to you by email. We recommend that you re-visit this page regularly and inform us if you do not agree to any term mentioned herein.