.png "CreditAccess India")
.png)
Privacy Policy
1. Introduction
CreditAccess Life Insurance Limited ("CALI" or "Company") is a life insurance company. This Privacy Policy describes how CALI collects, uses, stores, protects personal data and associated business operations.
2. Applicability and Data Subjects
This policy applies to all personal data processed by CALI in the course of its business activities. It covers personal data relating to the following categories of data subjects:
| Category | Description |
|---|---|
| Customers | Loan borrowers of lending institutions, partners, intermediaries, Members of MPH enrolled under CALI insurance schemes. |
| Beneficiaries | Nominees, Assignees or legal heirs designated by the insured borrower under the policy certificate, who may be entitled to claim benefits upon an insured event. |
| Employees | Full-time, part-time, contractual employees, and interns of CALI, whose personal data is processed for employment and HR related purposes. |
| Vendors and Service Providers | Third-party vendors, technology partners, surveyors, advisors, and other service providers engaged by CALI for operational or business purposes. |
CALI may maintain separate or supplementary privacy notices for specific categories of data subjects where the nature of data processing differs significantly.
3. Personal data Collected
CALI collects personal data to the extent necessary for its stated purposes. The categories collected depend on the data subject:
3.1 Customers and Beneficiaries
- Identity information: name, date of birth, gender, nominee details
- Contact information: address, mobile number, email
- Government identifiers: Proof of Identity (POI) like Aadhaar, PAN, Voter ID, Driving License, Passport, etc
- Financial information: loan account number, insured sum, premium details, salary details, etc
- Health data: where required for underwriting or claims processing
- Any other Personally Identifiable Information (PII), Personally Sensitive Information (PSI) wherever applicable
3.2 Employees
- Identity and contact information
- Qualification and employment history
- Banking and payroll information
- Government identifiers and tax-related data
- Family member details
- Any other PII, PSI wherever applicable
3.3 Vendors and Service Providers
- Business contact information: name, designation, email, phone
- Identity including KYC and contact information of authorized personnel
- Company registration, financials, tax details, etc
- Bank account details for payment processing
- Any other relevant information or documentation required for onboarding and validation
3.4 Website Visitors
- Browsing and interaction data: IP address, browser type, pages visited
- Contact details submitted through enquiry or contact forms
- Cookie and session data (see Section 8)
4. Purposes of Processing
CALI processes personal data for the following purposes:
- Issuance, underwriting, administration, and renewal of group insurance certificates
- Claims assessment, processing, and settlement
- Regulatory compliance and reporting to IRDAI and other authorities
- KYC and anti-money laundering checks
- Communication with intermediaries and policyholders
- Employee onboarding, payroll, HR administration, etc
- Vendor management, payment processing, etc
- Website functionality, enquiry handling, and analytics
- Fraud prevention and internal risk management
5. Reasonable Security Practices and Procedures
CALI implements appropriate technical and organizational measures to safeguard personal data against unauthorized access, disclosure, alteration, or destruction.
5.1 Technical Controls
- Role-based access controls limiting data access to authorized personnel only
- Encryption of personal data in transit and at rest where applicable
- Firewalls, intrusion detection systems, and endpoint security tools
- Regular vulnerability assessments and periodic security reviews
5.2 Organizational Controls
- Information security and data privacy policies applicable to all employees and contractors
- Confidentiality obligations in employment contracts and vendor agreements
- Employee awareness and training on data handling practices
- Defined incident response processes for personal data breaches
- Data processing agreements with third-party service providers
6. Data Retention
Personal data shall be retained only for such period as it is necessary to fulfill the purposes for which it was collected or as required under applicable laws and regulatory obligations, including IRDAI guidelines. Upon expiration of the applicable retention period, such personal data shall be securely deleted or anonymized.
7. Data Sharing and Disclosure
CALI shall not monetize personal data in any manner. Personal data may be shared with:
- Intermediaries for policy administration and certificate issuance
- Reinsurers for risk transfer and claims settlement
- Regulatory authorities (IRDAI, tax authorities, courts) under legal obligation
- Third-party service providers (IT, audit, legal) under data processing agreements
All third parties are required to maintain appropriate confidentiality and security standards.
8. Cookies and Tracking Technologies
CALI's website uses cookies and similar tracking technologies to enhance user experience and support website functionality.
8.1 What Are Cookies
Cookies are small data files placed on your device when you visit a website. They allow the website to remember your preferences, maintain session state, and collect analytical information about how the site is used.
8.2 Types of Cookies Used
| Cookie Type | Purpose | Examples |
|---|---|---|
| Strictly Necessary | Required for the website to function. Cannot be disabled. | Session management, form submission |
| Functional | Remember user preferences and settings. | Language preferences, region settings |
| Analytical | Collect anonymized data on website usage to improve performance. | Page visit count, navigation paths |
8.3 Managing Cookies
You can control or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website.
CALI does not use cookies for targeted advertising or to track users across third-party websites.
9. Rights of Data Principals
CALI recognizes the following rights of individuals under the DPDP Act, 2023:
- Right to access personal data held by CALI
- Right to correct or removal of inaccurate or incomplete data
- Right to withdraw consent where processing is based on consent
- Right to grievance redressal
10. Grievance Redressal
Privacy Related Officer: Mr. Nitish Prabhu
Email: privacyofficer@calife.inIn case of any escalations, individuals may write to the company designated GRO