- bankingserviceshub@gmail.com
- +91 9758043094
Effective Date: [20/09/2025]
Last Updated: [July 2025]
Banking Hub Services (“we,” “us,” “our,” or “the Company”) is committed to protecting the
privacy and personal information of our customers, prospects, and website visitors (“you,”
“your,” or “Data Principal”). This Privacy Policy explains how we collect, use, store, share, and
protect your personal information in accordance with applicable Indian laws, including the Digital
Personal Data Protection Act, 2023 (“DPDP Act”), Information Technology Act, 2000, and
Reserve Bank of India guidelines.
Address: Block C-14, Shop No., Cloth Market, Sanjay Place, Agra – 282002, Uttar Pradesh,
India
Website: https://bankinghubservices.com
Email: bankingserviceshub@gmail.com
Phone: (+91) 9758043094
This Privacy Policy applies to:
All personal information collected through our website, mobile applications, and digital
platforms
Information collected during loan application processes and service delivery
Data obtained through our physical offices and partner banks
Information shared with or obtained from our network of 10 partner banks
All digital and non-digital interactions with Banking Hub Services
This policy covers data processing activities related to:
Business Loan Facilitation: Data collected for business loan applications and processing
Home Loan Assistance: Personal and financial information for home loan services
Personal Loan Processing: Individual financial and personal data for personal loans
Credit Assessment Services: Information used for creditworthiness evaluation
Customer Support and Communication: Data related to service inquiries and support
We process personal information based on:
Consent: Explicit consent obtained from you for specific processing purposes
Contractual Necessity: Processing required to fulfill loan facilitation services
Legal Obligation: Compliance with RBI guidelines, KYC norms, and other applicable laws
Legitimate Interest: Business operations and fraud prevention (where permitted by law)
“Personal Data” means any information relating to an identified or identifiable natural
person
“Sensitive Personal Data” includes financial information, biometric data, health records,
and other sensitive categories as defined under applicable law
“Data Principal” refers to the individual to whom the personal data relates (you)
“Data Fiduciary” refers to Banking Hub Services as the entity determining the purpose and
means of processing
“Data Processor” refers to any entity processing personal data on behalf of Banking Hub
Services
“Partner Banks” refers to the 10 banks and financial institutions with whom we have tie-up
arrangements
“Processing” includes collection, recording, organization, storage, adaptation, retrieval,
consultation, use, disclosure, and erasure of personal data
Name, date of birth, gender, nationality
Government-issued identification numbers (Aadhaar, PAN, Passport, Voter ID, Driving
License)
Photographs and biometric information (where legally permitted)
Digital signatures and electronic records
Contact Information:
Residential and business addresses
Mobile numbers and landline numbers
Email addresses and communication preferences
Emergency contact details
Financial Information:
Bank account details and statements
Income and employment information
Credit history and credit scores
Investment and asset details
Tax information and GST details
Loan history and repayment records
Professional Information:
Employment details and employer information
Business registration details
Professional qualifications and certifications
Income sources and financial statements
Personal identification and contact details
Financial and employment information
Property details (for secured loans)
Business information (for business loans)
References and guarantor information
Purpose of loan and intended use of funds
Through Digital Platforms:
Website usage data and analytics
Device information and IP addresses
Cookies and tracking technologies
Search queries and navigation patterns
Form submissions and document uploads
Communication records and chat logs
During Service Delivery:
Service preferences and customization settings
Feedback and survey responses
Complaint and grievance details
Payment and transaction information
Document verification records
Credit assessments and loan eligibility information
Risk evaluation reports
Compliance and verification data
Transaction history and banking relationships
Credit Information Companies:
Credit reports from CIBIL, Experian, Equifax, and CRIF High Mark
Credit scores and credit history
Default and delinquency records
Public records and legal proceedings information
Government and Regulatory Databases:
KYC verification through CKYC registry
Aadhaar-based eKYC and verification
Income tax records and GST data
Corporate registry and business verification data
Service Providers and Agents:
Data from authorized dealers and agents
Third-party verification services
Background verification agencies
Legal and technical consultants
Page views, session duration, and user flow
Device type, browser information, and operating system
Geographic location and time zone
Referral sources and marketing attribution
Error logs and performance metrics
Cookies and Tracking Technologies:
Essential Cookies: Required for website functionality and security
Analytics Cookies: Used to understand user behavior and improve services
Marketing Cookies: For targeted advertising and promotional communications (with
consent)
Social Media Cookies: Integration with social media platforms (with consent)
Assessing loan eligibility and creditworthiness
Facilitating communication with partner banks
Processing loan applications and documentation
Providing status updates and service notifications
Managing loan lifecycle and customer relationship
Risk Management and Compliance:
Conducting KYC and AML verification
Fraud detection and prevention
Regulatory reporting and compliance
Legal obligation fulfillment
Audit and internal controls
Customer Service and Support:
Responding to inquiries and providing assistance
Handling complaints and grievances
Service improvement and quality assurance
Training and development of staff
Customer satisfaction surveys and feedback
Promotional communications about relevant financial products
Market research and customer insights
Product development and service enhancement
Cross-selling and up-selling activities
Partnership and referral programs
Analytics and Business Intelligence:
Website and service usage analytics
Performance measurement and optimization
Business reporting and strategic planning
Competitive analysis and market intelligence
Technology improvement and innovation
Marketing communications and promotional activities
Non-essential cookies and tracking
Data sharing for value-added services
Market research and surveys
Optional service features
Contractual and Legal Processing:
Loan application processing and service delivery
KYC and AML compliance
Regulatory reporting obligations
Legal proceedings and dispute resolution
Fraud prevention and security measures
Complete application information and supporting documents
Credit assessment data and risk evaluation
KYC verification results and compliance records
Financial information and employment details
Property valuation and legal verification reports
Purpose and Limitations:
Data shared strictly for loan evaluation and processing
Limited to information necessary for credit decision
Governed by data sharing agreements with partner banks
Regular monitoring and audit of data usage
Compliance with banking regulations and RBI guidelines
Reserve Bank of India and other financial regulators
Income Tax Department and GST authorities
Law enforcement agencies (under legal process)
Courts and tribunals (as per legal orders)
Anti-money laundering and counter-terrorism authorities
Credit Information Companies:
Loan application and approval information
Repayment performance and default records
Credit utilization and financial behavior
Identity verification and KYC status
Legal proceedings and recovery actions
Cloud service providers and data hosting companies
Software vendors and system integrators
Cybersecurity and data protection service providers
Website analytics and digital marketing platforms
Customer support and call center services
Professional Services:
Legal advisors and consultants
Auditors and compliance specialists
Risk management and credit assessment agencies
Document verification and background check services
Collection and recovery agents (where applicable)
Data processing agreements with all third parties
Confidentiality and non-disclosure obligations
Security and data protection requirements
Audit rights and compliance monitoring
Data retention and deletion obligations
Technical Safeguards:
Encrypted data transmission and storage
Access controls and user authentication
Activity logging and monitoring
Data masking and pseudonymization
Secure API integration and data exchange
End-to-end encryption for data transmission
AES-256 encryption for data at rest
SSL/TLS certificates for website security
Database encryption and key management
Secure file transfer protocols
Access Controls and Authentication:
Multi-factor authentication for system access
Role-based access control and privilege management
Regular access reviews and user provisioning
Strong password policies and account lockout mechanisms
Biometric authentication where applicable
Network and Infrastructure Security:
Firewall protection and intrusion detection systems
Regular security patches and vulnerability management
Network segregation and traffic monitoring
DDoS protection and load balancing
Secure cloud infrastructure and data centers
Data classification and handling procedures
Regular security awareness training for employees
Background verification for staff handling sensitive data
Confidentiality agreements and code of conduct
Incident response and business continuity plans
Quality Assurance and Monitoring:
Regular security audits and penetration testing
Continuous monitoring and threat detection
Data quality checks and validation procedures
Compliance monitoring and reporting
Third-party security assessments
Automated monitoring and alert systems
Rapid incident identification and classification
Impact assessment and risk evaluation
Forensic investigation and evidence preservation
Stakeholder notification and communication
Response and Recovery:
Immediate containment and mitigation measures
System restoration and data recovery procedures
Regulatory notification within 72 hours (as required)
Customer notification and support services
Post-incident review and process improvement
Data retained only as long as necessary for stated purposes
Regular review of retention needs and legal requirements
Automated deletion processes where feasible
Clear retention schedules for different data categories
Documentation of retention decisions and rationale
Legal and Regulatory Requirements:
KYC records: Minimum 5 years after account closure (RBI guidelines)
Loan documentation: 3 years after loan closure or as per banking norms
Transaction records: As per applicable banking regulations
Compliance records: As required by regulatory authorities
Legal proceedings: Until resolution and appeal periods expire
Approved applications: 7 years from loan closure
Rejected applications: 2 years from rejection date
Incomplete applications: 1 year from last activity
Supporting documents: As per loan documentation requirements
Communication records: 3 years from last interaction
Website and Digital Data:
Website analytics: 26 months (Google Analytics default)
Cookie data: As per cookie settings and consent
Marketing data: Until consent withdrawal or 3 years
Error logs: 1 year for troubleshooting purposes
Security logs: 1 year for audit and compliance
Right to erasure upon consent withdrawal (subject to legal obligations)
Secure deletion within 30 days of valid request
Verification of identity before processing deletion requests
Notification to third parties about deletion requirements
Documentation of deletion activities for audit purposes
Automated Deletion:
Scheduled deletion based on retention policies
System-generated deletion logs and confirmations
Regular cleanup of temporary and cached data
Secure overwriting of deleted data
Compliance verification and reporting
Right to know what personal data is being processed
Information about purposes and legal basis for processing
Details of data recipients and sharing arrangements
Retention periods and deletion procedures
Contact information for data protection queries
How to Exercise:
Submit written request to our Privacy Officer
Provide identity verification as required
Specify the information you wish to access
Response within 30 days of valid request
No fee for reasonable requests (fees may apply for excessive requests)
Right to correct inaccurate or incomplete personal data
Right to update outdated information
Right to complete missing data elements
Right to challenge data quality and accuracy
Right to documentation of corrections made
Correction Process:
Online account access for self-service updates
Email or written request for complex corrections
Verification of identity and supporting documentation
Notification to relevant third parties about corrections
Confirmation of corrections within 15 days
Right to request deletion of personal data (subject to legal limitations)
Right to withdraw consent for consent-based processing
Right to object to processing based on legitimate interests
Right to delete data that is no longer necessary
Right to delete unlawfully processed data
Limitations and Exceptions:
Legal obligations preventing deletion (KYC, AML, tax records)
Ongoing legal proceedings or disputes
Regulatory requirements and compliance obligations
Fraud prevention and security considerations
Archival and historical record requirements
Right to receive personal data in structured, machine-readable format
Right to transmit data to another data fiduciary
Right to direct transfer where technically feasible
Applies to consent-based and contractual processing
Does not affect rights of other individuals
Data Portability Process:
Submit request with specific data requirements
Identity verification and authentication
Data extraction in commonly used formats (CSV, JSON, PDF)
Secure transmission or download options
Technical support for data migration
Right to nominate a person to exercise rights on your behalf
Applies in case of death or incapacity
Nominated person can exercise all data principal rights
Nomination can be updated or revoked at any time
Legal documentation required for nomination
Nomination Process:
Written nomination with nominated person’s consent
Identity verification for both parties
Legal documentation of incapacity (where applicable)
Registration of nomination in our systems
Notification and communication procedures
Free: Given without coercion or deception
Informed: Based on clear and comprehensive information
Specific: Limited to specified purposes and processing activities
Clear: Unambiguous indication of data principal’s wishes
Withdrawable: Can be withdrawn as easily as it was given
Consent Documentation:
Record Keeping: Maintain records of when, how, and for what consent was obtained
Audit Trail: Complete history of consent changes and updates
Proof of Consent: Ability to demonstrate valid consent was obtained
Consent Receipts: Confirmation and documentation provided to data principals
Regular Review: Periodic assessment of consent validity and currency
Opt-in Checkboxes: Clear, unticked boxes requiring active consent
Granular Options: Separate consent for different processing purposes
Layered Notices: Brief summary with option to view detailed policy
Just-in-Time Consent: Consent requested when data is actually needed
Progressive Consent: Consent collected at relevant stages of customer journey
Offline Consent Procedures:
Written Forms: Physical consent forms with clear language
Verbal Consent: Recorded verbal consent with documentation
Representative Consent: Authorized person acting on behalf of data principal
Implied Consent: Only where legally permissible and clearly communicated
Signature Verification: Authentication of physical consent documents
Easy Withdrawal: Simple process without unreasonable barriers
Multiple Channels: Online, email, phone, or written withdrawal options
Immediate Effect: Withdrawal takes effect immediately upon processing
Confirmation: Acknowledgment and confirmation of withdrawal
Impact Explanation: Clear information about consequences of withdrawal
Withdrawal Process:
Centralized Repository: Single source of truth for all consent records
Real-Time Updates: Immediate reflection of consent changes across systems
API Integration: Seamless integration with business applications
Automated Processing: Automated consent validation and enforcement
Reporting Dashboard: Real-time visibility into consent status and trends
Governance and Compliance:
Policy Alignment: Consent practices aligned with privacy policy and legal requirements
Regular Audits: Periodic review of consent management effectiveness
Staff Training: Training for staff on consent management procedures
Vendor Management: Ensuring third-party compliance with consent requirements
Continuous Improvement: Regular enhancement of consent management processes
Session Management: User authentication and session security
Security Cookies: Protection against CSRF attacks and security threats
Load Balancing: Optimal server distribution and performance
Functional Cookies: Website functionality and user preferences
Accessibility: Support for users with disabilities and assistive technologies
Analytics Cookies (With Consent):
Google Analytics: Website traffic and user behavior analysis
Performance Monitoring: Page load times and error tracking
User Journey Mapping: Understanding customer interactions and pain points
Conversion Tracking: Measuring effectiveness of marketing campaigns
A/B Testing: Comparing different versions of web pages for optimization
Marketing Cookies (With Explicit Consent):
Advertising Cookies: Targeted advertising and remarketing campaigns
Social Media Integration: Sharing and interaction with social platforms
Personalization: Customized content and product recommendations
Campaign Attribution: Tracking marketing campaign effectiveness
Cross-Device Tracking: Linking user activities across multiple devices
Cookie Banner: Clear notification and consent mechanism on first visit
Granular Control: Option to accept/reject specific cookie categories
Cookie Settings: Dedicated page for managing cookie preferences
Browser Settings: Information about browser-level cookie controls
Regular Review: Periodic reminders about cookie settings and preferences
Technical Implementation:
Consent Recording: Documentation of cookie consent decisions
Dynamic Loading: Cookies loaded only after appropriate consent
Expiration Management: Automatic expiration and renewal of cookies
Cross-Domain Policies: Handling cookies across different domains
Mobile App Tracking: Similar controls for mobile application tracking
Google Analytics: Website analytics and reporting (with consent)
Google Ads: Advertising and remarketing campaigns (with consent)
Google Maps: Location services and branch finder functionality
reCAPTCHA: Spam protection and security verification
Google Fonts: Web font delivery and display optimization
Facebook Pixel: Social media advertising and tracking (with consent)
LinkedIn Insights: Professional network analytics (with consent)
Twitter Analytics: Social media engagement measurement (with consent)
YouTube Embedded Videos: Video content delivery and analytics
WhatsApp Business: Customer communication and support integration
Financial Service Integrations:
Payment Gateways: Secure payment processing and transaction management
Credit Bureau APIs: Credit score retrieval and verification
Banking APIs: Account verification and transaction processing
KYC Service Providers: Identity verification and compliance checking
Document Verification: Automated document authentication services
All personal data collected in India is primarily stored on servers located within India
Critical personal data and sensitive personal data stored exclusively in India
Compliance with RBI data localization guidelines for financial services
Use of Indian data centers certified for security and compliance standards
Regular audits of data location and storage practices
Cross-Border Processing:
Limited cross-border data transfers only when necessary for service delivery
Transfers to countries with adequate data protection frameworks
Contractual safeguards and standard contractual clauses for international transfers
Prior consent for cross-border transfers where required by law
Documentation and reporting of all international data transfers
Adequacy Decisions: Transfers to countries recognized as providing adequate protection
Standard Contractual Clauses: Use of approved contractual clauses for data transfers
Binding Corporate Rules: Internal policies for multinational service providers
Codes of Conduct: Industry-specific codes for data protection compliance
Certification Mechanisms: Third-party certifications for data protection standards
Technical and Organizational Measures:
Encryption in Transit: All international data transfers encrypted using industry standards
Secure Transmission Protocols: Use of VPN, SFTP, and other secure channels
Access Controls: Restricted access to transferred data based on need-to-know
Audit Trails: Complete logging of international data access and processing
Data Minimization: Transfer only necessary data for specific purposes
Cloud service providers with data centers in India and adequate security measures
Software vendors providing services under strict data processing agreements
Cybersecurity service providers for threat detection and incident response
Analytics platforms with data processing capabilities in approved jurisdictions
Backup and disaster recovery services with appropriate safeguards
Regulatory and Compliance Requirements:
Sharing with international regulatory bodies under mutual cooperation agreements
Cross-border investigations and legal proceedings with appropriate legal basis
International credit bureau reporting under established frameworks
Tax reporting and compliance obligations in multiple jurisdictions
Anti-money laundering and counter-terrorism cooperation with international authorities
Our services are not intended for individuals under 18 years of age
Business loans require minimum age of 21 years (as per lending criteria)
Specific age verification procedures for loan applications
Parental consent requirements for processing data of minors (where applicable)
Additional protections for sensitive categories of personal data
Age Verification Procedures:
Government-issued ID verification for age confirmation
Cross-verification with official databases and records
Additional documentation requirements for young adults
Regular review of age verification procedures and accuracy
Training for staff on handling minor-related data requests
Parental Consent: Verifiable parental consent for data processing of minors
Guardian Authorization: Legal guardian approval for financial service applications
Simplified Language: Clear, age-appropriate privacy notices and consent forms
Limited Data Collection: Minimal data collection necessary for service provision
Enhanced Security: Additional security measures for minor-related data
Rights and Protections:
Enhanced Deletion Rights: Stronger right to erasure for data collected during minority
Parental Access: Parents’ right to access and control their child’s personal data
Regular Review: Periodic assessment of continued need for minor’s data
Educational Resources: Information about digital privacy and data protection
Safe Communication: Secure channels for minor-related communications and requests
Three-Tier Grievance Structure:
Level 1: First Point of Contact
Contact: Privacy Officer / Customer Service Team
Email: bankingserviceshub@gmail.com
Phone: (+91) 9758043094
Response Time: 3-5 business days
Resolution Time: 15 days from receipt of complaint
Level 2: Escalation to Management
Contact: Senior Management / Compliance Officer
Escalation Timeline: If not resolved within 15 days of Level 1
Response Time: 2-3 business days for acknowledgment
Resolution Time: 30 days from escalation
Level 3: Final Internal Review
Contact: Chief Executive / Board-Designated Officer
Escalation Timeline: If not resolved within 30 days of Level 2
Response Time: 1-2 business days for acknowledgment
Resolution Time: 45 days from final escalation
Required Information:
Personal Details: Name, contact information, and customer ID (if applicable)
Nature of Complaint: Specific privacy right violation or concern
Timeline: When the incident occurred or was discovered
Impact: How the privacy issue has affected you
Desired Resolution: What remedy or action you are seeking
Data Protection Board of India (DPBI): Primary regulatory authority for DPDP Act violations
Reserve Bank of India: For financial services-related privacy complaints
Consumer Forums: Consumer protection courts at district, state, and national levels
Cyber Crime Cells: For technology-related privacy violations and data breaches
Industry Ombudsman: Banking Ombudsman for financial services complaints
Contact Information for External Bodies:
DPBI Portal: [To be updated when operational]
RBI Customer Service: 14448 (Toll-free)
Consumer Helpline: 1915 (National Consumer Helpline)
Cyber Crime Portal: cybercrime.gov.in
Banking Ombudsman: As per relevant territorial jurisdiction
Unique Ticket Number: Every complaint assigned a unique reference number
Status Tracking: Real-time status updates available to complainants
Communication Log: Complete record of all interactions and communications
Resolution Documentation: Detailed record of investigation and resolution steps
Follow-up Procedures: Post-resolution follow-up to ensure satisfaction
Quality Assurance:
Independent Review: Complaints reviewed by personnel not involved in original processing
Root Cause Analysis: Investigation of systemic issues and process improvements
Training and Development: Staff training based on complaint patterns and issues
Policy Updates: Privacy policy and procedure updates based on complaint learnings
Regular Reporting: Management reporting on complaint trends and resolution effectiveness
Annual Review: Comprehensive policy review at least once per year
Regulatory Updates: Immediate updates for regulatory changes and new laws
Business Changes: Updates for new services, products, or business processes
Technology Updates: Changes for new technology implementations or upgrades
Incident-Based Updates: Updates following significant privacy incidents or complaints
Review Process:
Cross-Functional Review: Input from legal, compliance, technology, and business teams
Stakeholder Consultation: Internal stakeholder review and approval process
Legal Review: Legal counsel review for compliance and accuracy
Board Approval: Senior management or board approval for significant changes
Documentation: Complete documentation of changes and rationale
Website Notice: Prominent notice on website homepage and privacy policy page
Email Notification: Direct email to customers for material changes
SMS Alert: Text message notification for significant policy updates
Mobile App Notification: Push notification through mobile applications
Physical Mail: Postal notification for customers without digital contact preferences
Notice Timeline:
Advance Notice: Minimum 30 days advance notice for material changes
Immediate Notice: Immediate notification for changes benefiting customer privacy
Emergency Changes: Immediate implementation for security or legal compliance changes
Effective Date: Clear indication of when changes become effective
Transition Period: Reasonable transition period for customers to review changes
Continued use of services after notice period constitutes acceptance of updated policy
Clear communication about acceptance mechanism and alternatives
Option to withdraw consent or terminate service relationship if disagreeing with changes
No penalty for service termination due to privacy policy disagreements
Reasonable alternatives for customers who cannot accept policy changes
Active Consent Requirements:
Material Changes: Active consent required for significant expansions of data use
New Purposes: Explicit consent for new purposes not covered in original consent
New Categories: Consent for processing new categories of sensitive personal data
New Recipients: Consent for sharing data with new categories of third parties
Cross-Border Transfers: Additional consent for new international data transfers
Designation: Privacy Officer / Data Protection Officer
Company: Banking Hub Services
Email: bankingserviceshub@gmail.com
Phone: (+91) 9758043094
Address: Block C-14, Shop No., Cloth Market, Sanjay Place, Agra – 282002, Uttar Pradesh,
India
Business Hours: Monday to Friday: 10:00 AM to 6:00 PM, Saturday: 10:00 AM to 2:00 PM
Alternative Contact Methods:
Website Contact Form: Available on https://bankinghubservices.com
Customer Service: General customer service can assist with privacy queries
Postal Mail: Written complaints and requests accepted via registered post
In-Person: Visit our office during business hours with prior appointment
WhatsApp Business: [If available] for quick queries and support
15.2 Response Timeframes
Standard Response Times:
Email Queries: 2-3 business days for initial response
Phone Calls: Immediate response during business hours
Written Requests: 5-7 business days for acknowledgment
Complex Investigations: 15-30 days depending on complexity
Rights Requests: As specified in applicable law (typically 30 days)
Escalation Timeline:
Level 1 Response: 3-5 business days
Management Escalation: 7-10 business days
Final Resolution: 30-45 business days maximum
Regulatory Complaint: As per regulatory authority timelines
Emergency Issues: Immediate response for data breach or security concerns
Monday to Friday: 10:00 AM to 6:00 PM IST
Saturday: 10:00 AM to 2:00 PM IST
Sunday: Closed (Emergency email support available)
Public Holidays: Closed with emergency contact available
Emergency Contact Procedures:
Data Breach: Immediate notification via email with “URGENT – DATA BREACH” subject
Security Incidents: 24/7 emergency contact for critical security issues
Fraudulent Activity: Immediate reporting through dedicated fraud hotline
System Downtime: Technical support available through online channels
After-Hours Support: Email support with next business day response guarantee
Digital Personal Data Protection Act, 2023: Primary data protection law governing digital
personal data
Information Technology Act, 2000: General technology and cyber law framework
Information Technology Rules, 2011: Specific rules for sensitive personal data
Reserve Bank of India Act, 1934: Banking regulation and oversight framework
Prevention of Money Laundering Act, 2002: Anti-money laundering and KYC requirements
Financial Services Regulations:
RBI Master Directions on KYC: Know Your Customer and due diligence requirements
RBI Digital Lending Guidelines: Specific provisions for digital lending data privacy
Credit Information Companies Regulation Act, 2005: Credit information sharing
framework
Banking Regulation Act, 1949: General banking operations and customer protection
Consumer Protection Act, 2019: Consumer rights and grievance redressal mechanisms
Registration: Registration as Data Fiduciary as required under DPDP Act
Breach Notification: Mandatory breach notification within 72 hours
Compliance Reporting: Regular compliance reports and audit submissions
Fee Payment: Payment of applicable fees and penalties
Cooperation: Full cooperation with DPBI investigations and inquiries
Reserve Bank of India (RBI):
Regulatory Returns: Submission of required regulatory returns and reports
Inspection Cooperation: Full cooperation with RBI inspections and examinations
Guideline Compliance: Adherence to all applicable RBI guidelines and circulars
Incident Reporting: Reporting of significant operational and security incidents
Customer Complaint Reporting: Regular reporting of customer complaints and resolutions
ISO 27001: Information Security Management System certification
ISO 27701: Privacy Information Management System standard
SOC 2: Service Organization Control audit and compliance
PCI DSS: Payment Card Industry Data Security Standard (where applicable)
GDPR Adequacy: Alignment with European data protection standards for global clients
Industry Best Practices:
Privacy by Design: Integration of privacy considerations into all business processes
Data Minimization: Collection and processing only necessary data for stated purposes
Transparency: Clear and understandable privacy notices and communications
Accountability: Demonstrable compliance with data protection obligations
Continuous Improvement: Regular review and enhancement of privacy practices
Life-Threatening Situations: Processing without consent to protect vital interests
Natural Disasters: Special processing for disaster response and recovery
Pandemic Response: Public health emergency data processing as required by authorities
Financial System Stability: Processing for systemic risk management and stability
National Security: Cooperation with national security and defense authorities
Documentation and Safeguards:
Legal Basis Documentation: Clear documentation of emergency processing legal basis
Minimal Processing: Processing limited to what is necessary for emergency response
Temporary Duration: Emergency processing limited in time and scope
Post-Emergency Review: Review and deletion of data after emergency situation ends
Transparency: Communication to affected individuals about emergency processing
Compliance Obligation: Mandatory compliance with valid court orders and legal process
Scope Limitation: Disclosure limited to what is specifically required by legal order
Legal Review: Legal counsel review of all law enforcement requests
Documentation: Complete documentation of legal process and response
Customer Notification: Notification to affected customers where legally permissible
Law Enforcement Cooperation:
Criminal Investigations: Cooperation with legitimate criminal investigations
Regulatory Investigations: Support for regulatory enforcement actions
Anti-Fraud Activities: Proactive cooperation in fraud prevention and investigation
Financial Crime Prevention: Support for anti-money laundering and terrorism financing
prevention
International Cooperation: Cooperation with international law enforcement under mutual
legal assistance treaties
Due Diligence: Privacy impact assessment during due diligence process
Data Transfer: Secure transfer of customer data to acquiring entity
Policy Alignment: Alignment of privacy policies and practices post-transaction
Customer Notification: Advance notification to customers about business changes
Consent Management: Management of customer consent during transition
Business Closure or Insolvency:
Data Protection: Continued protection of customer data during business closure
Secure Disposal: Secure deletion or transfer of data as required by law
Customer Notification: Advance notice to customers about business closure impact
Regulatory Notification: Notification to regulatory authorities about data handling
Legal Compliance: Compliance with insolvency and business closure legal requirements
Same Protection Standards: Equal privacy protection for foreign nationals using our
services
Passport Verification: Special procedures for passport-based identity verification
Embassy Coordination: Coordination with embassies for document verification where
required
Currency and Documentation: Handling foreign currency income and international
documentation
Exit Procedures: Special procedures for customers leaving India permanently
Non-Resident Indians (NRIs):
NRI-Specific Services: Tailored loan products and services for NRI customers
International Documentation: Handling overseas income and employment verification
Currency Conversion: Foreign exchange and currency conversion data processing
Tax Compliance: International tax reporting and compliance obligations
Communication Channels: International communication and customer service options
Hierarchy of Laws: Indian law takes precedence for operations in India
International Treaties: Compliance with applicable international agreements and treaties
Diplomatic Immunity: Special procedures for customers with diplomatic status
Sanctions Compliance: Adherence to international sanctions and embargo requirements
Reporting Obligations: International reporting obligations under tax and regulatory
frameworks
Customer Rights Under Foreign Laws:
Additional Rights: Recognition of additional privacy rights under customer’s home country
law
Consular Access: Cooperation with consular services for customer protection
Legal Representation: Right to legal representation under applicable laws
Translation Services: Translation of documents and communications where required
Cultural Sensitivity: Respect for cultural and religious considerations in data handling
Banking Hub Services is committed to protecting your privacy and personal information while
providing excellent loan facilitation services. This Privacy Policy reflects our dedication to
transparency, compliance with applicable laws, and respect for your privacy rights.
We continuously monitor and update our privacy practices to ensure they remain effective and
compliant with evolving legal requirements and industry best practices. Your trust is essential to
our business, and we are committed to earning and maintaining that trust through responsible
data handling and transparent communication.
If you have any questions, concerns, or feedback about this Privacy Policy or our privacy
practices, please do not hesitate to contact our Privacy Officer using the contact information
provided in this policy.
For immediate privacy concerns or data protection queries:
Email: bankingserviceshub@gmail.com
Phone: (+91) 9758043094
Address: Block C-14, Shop No., Cloth Market, Sanjay Place, Agra – 282002
Document Information:
Policy Version: 1.0
Effective Date: [Insert Date]
Last Updated: [Insert Date]
Next Review Date: [Insert Date + 1 Year]
Approved By: [Board/Management Approval]
Document Owner: Privacy Officer, Banking Hub Services
This Privacy Policy is available in English. For queries about translations or accessibility, please
contact our Privacy Officer.
END OF PRIVACY POLICY
Our Newsletters
Join with us now
Banking Hub Services offers trusted financial solutions, expert guidance, and personalized support for individuals, entrepreneurs, and businesses.
Block C-14, Shop No, Cloth Market Sanjay Place, Agra-282002