Privacy Policy

Finofin Insurance and Advisory Services Pvt. Ltd.

Introduction

We, Finofin Insurance and Advisory Services Pvt. Ltd. (hereinafter referred to as "Company", “Finofin”, “we”, “us”, or “our” depending on the context), take the privacy and protection of your Personal Data (as defined below) seriously.

As a Corporate Agent registered with the Insurance Regulatory and Development Authority of India (IRDAI), Finofin collects and processes Personal Data only for purposes of solicitation, customer servicing, training, and regulatory compliance. We do not underwrite insurance products or independently determine claim outcomes, which remain under the purview of the respective insurers.

This Privacy Policy is in compliance with the Digital Personal Data Protection (DPDP) Act, 2023, the Information Technology Act, 2000 and SPDI Rules, applicable IRDAI guidelines, and global data protection frameworks (such as GDPR, where relevant).

When we say “Personal Data”, we mean any information relating to an individual, which enables the identification of such individual, whether directly or indirectly, as defined in applicable laws.

By engaging with us as an agent, broker, or customer, or by providing Personal Data to us, the user consents to the practices described in this Privacy Policy.

Part A – Personal Data We Process

We may collect and process the following categories of data:

• Personal and Contact Information:

  • PAN, Aadhaar, Passport, Voter ID, Driving License, employment/immigration documents, tax identification, and other KYC records.
• Financial Information:

  • Bank account details, UPI IDs, credit/debit card details, disbursement and commission payout records, payment history, GST/Tax records.
• Employment & Professional Details:

  • Educational qualifications, training records, licensing information, prior work experience, certifications, agent/broker code, IRDAI license details, performance records, referral codes.
• Performance & Relationship Data:

  • Sales targets, incentives, commissions, training completion, assessment results, blacklisting information, complaints, investigation outcomes, reporting structures, supervisory records.
• Technical Data:

  • Login credentials, device identifiers, IP address, browser/app usage data, geo-location, cookies, system logs, call recordings.
• Sensitive Personal Data (SPDI):

  • By providing Aadhaar, PAN, or biometric identifiers, you authorize Finofin to use such identifiers strictly for KYC and regulatory compliance, subject to the Aadhaar Act and IRDAI guidelines.

Part B – Personal Data of Other Persons

You may provide us with details of family members, nominees, dependents, introducers, or references. By doing so, you confirm that:

• You have informed them of this Privacy Policy.
• You have obtained their consent, where required.
• You will update us on changes in such information.
  

Part C – Sources of Personal Data

We may collect Personal Data:

1. Directly from you during onboarding, licensing, training, or ongoing operations.
2. From insurers, corporate partners, banks, and service providers.
3. From regulators (e.g., IRDAI, FIU (Financial Intelligence Unit), SEBI) or public authorities.
4. From publicly available sources (directories, social media, KYC databases).

Part D – Cookie Policy

Our Site uses cookies, beacons, and similar technologies to distinguish you from other users of our Site. This helps us provide you with a good experience when you use the Site and also allows us to improve our Site.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies contain information that is stored on your computer's hard drive. When cookie information directly or indirectly identifies an individual, whether alone or combined with other information, we will treat such information as Personal Data under this Privacy Policy.

You have the ability to accept or decline cookies by modifying the settings in your browser. Please refer to your browser’s help menu if you wish to do this.

If you decide not to have your Personal Data processed by us for advertising purposes via cookies (and similar technologies), this does not mean that we will not show you advertisements. It simply means these advertisements will not be personalized for you using first-party or third-party cookies, web beacons, or similar technologies.

We use the following types of cookies:

• Strictly necessary cookies: These are cookies required for the operation of our Site. For example, cookies that enable you to log into our secure Site.
• Analytical/performance cookies: These cookies allow us to recognize and count the number of visitors to our Site and to see how visitors move around our Site when using it. This helps us improve the way our Site works, for example, by ensuring that users can find what they are looking for easily.
• Functionality cookies: These cookies are used to recognize you when you return to our Site. This enables us to personalize content for you, greet you by name, and remember your preferences (for example, your choice of language or region).

By continuing to use the Site, you accept the use of cookies as outlined above.

Part E – How We Use Your Personal Data

We process Personal Data based on: contractual necessity, legal obligation, legitimate interests, public interest, vital interest, and consent. Purposes include:

• Identity & KYC Verification: For agent/broker licensing, onboarding, compliance with IRDAI, AML/KYC norms.
• Licensing & Regulatory Compliance: Applying for, maintaining, and renewing IRDAI agent/broker licenses.
• Contractual Obligations: Executing agreements, commission payments, incentive disbursals.
• Training & Development: Providing learning modules, monitoring performance, certification.
• Sales Facilitation: Policy issuance, renewals, customer servicing, claim coordination.
• Performance Monitoring: Assessing targets, providing feedback, calculating commissions.
• Fraud Detection & AML Compliance: Screening against Watchlist, preventing fraud, money laundering, terrorism financing.
• Business Communications: Sending alerts, notices, updates, reminders, promotional offers (with consent).
• Legal Obligations: Responding to regulators, courts, and law enforcement.
• Dispute Handling: Investigations, disciplinary action, litigation defense.
• Corporate Transactions: Transfer of rights/obligations in case of mergers, acquisitions, or restructuring.

Legal bases include consent, legal obligation, contractual necessity, legitimate interest, and regulatory compliance.

Part F – Sensitive Personal Data

SPDI (like Aadhaar, biometric, financial info) will only be processed with explicit consent, or where required by law (e.g., KYC, FATCA (Foreign Account Tax Compliance Act) compliance, fraud monitoring).

Part G – Data Sharing

Your data may be shared with:

• Insurers & Reinsurers (Strictly limited to policy-related transactions such as issuance, renewals, and servicing, in line with IRDAI Corporate Agency Regulations).
• Regulators (IRDAI, FIU, SEBI, RBI, tax authorities).
• Payment & IT Service Providers (banks, gateways, cloud hosting).
• Group Companies & Business Partners.
• Law Enforcement & Judiciary (where legally mandated).
• Successors/Assignees in case of mergers/acquisitions.

We do not sell your data for marketing purposes.

Part H – International Transfers

“If data is transferred outside India by our IT service providers or insurers, we ensure that such transfer complies with the Digital Personal Data Protection (DPDP) Act, 2023, IRDAI outsourcing/cross-border data transfer norms, and contractual safeguards equivalent to Indian law.
Where required, we will ensure compliance with data localization requirements under applicable RBI and IRDAI regulations (e.g., payment data).”

Part I – Data Retention

We retain data for:

• Duration of contractual relationship.
• Statutory periods (generally 8 years under IRDAI Corporate Agency Guidelines; longer if litigation is ongoing).
• As mandated by law (tax, audit, AML).

This retention shall be subject to applicable IRDAI, SEBI, RBI circulars, and tax laws.

Upon expiry, data will be securely deleted or anonymized.

Part J – Security of Personal Information

We adopt industry-standard measures including:

• Encryption of sensitive data.
• Role-based access controls.
• Secure servers & firewalls.
• Employee confidentiality obligations.
• Regular IT audits.

7. Governing Law

This Privacy Policy is governed by the laws of India, and disputes shall fall under the jurisdiction of the courts at Chandigarh, India.

Part K – Minors, Incompetent, or Quasi-Incompetent Persons

We do not knowingly engage minors (<18 years) as agents/brokers.
Where insurance products involve minors (as nominees, dependents, or policyholders under child plans), their data will be collected and processed only with the consent of their lawful guardian, as per applicable laws.

Part L – Users’(Your) Rights

Subject to the provisions of data protection law, you may have a number of rights regarding the collection, use, disclosure, and/or transfer of your Personal Data, including:

• Right to access: You have the right to access and request a copy of your Personal Data or request disclosure of the acquisition of Personal Data without your consent. (We have the right to charge a reasonable fee to complete this request where permitted by law.)
• Right to rectify: You have the right to request that your Personal Data be rectified to be accurate, up-to-date, complete, and not misleading.
• Right to lodge a complaint: You can complain to a data protection authority or competent authority where you believe our collection, use, and/or disclosure of your Personal Data is unlawful or non-compliant with applicable data protection law. We would, however, appreciate the chance to address your concerns before you approach the authority, so please contact us first.
• Right to request deletion: You can ask us to delete, destroy, or anonymize your Personal Data if it is no longer needed for the purposes set out in this Privacy Policy or if there is no other legal basis for the processing.
• Right to objection: You can object to the use of your Personal Data for direct marketing (including related profiling) or other processing based on legitimate interests.
• Right to data portability: In some cases, you can request that we provide a copy of your Personal Data in a format that is readable or commonly used by automated tools, and can be used or disclosed by automated means. You may also request that Personal Data in such form be sent or transferred directly to another data controller, unless technical conditions make this impossible, or where such portability is not legally permitted under Indian law.
• Right to restrict processing: You can limit how we use your Personal Data in certain circumstances.
• Right to withdraw consent: You have the right to withdraw your consent for the processing of your Personal Data at any time.

The withdrawal of consent will not affect the lawfulness of the collection, use, and/or disclosure of your Personal Data and sensitive data based on your consent prior to its withdrawal. If you do not provide consent or withdraw your consent, we may not be able to enter into a contract with you, perform contractual obligations, carry out activities related to your role as an agent or broker, or comply with applicable laws.

Your request to exercise any of the above rights may be limited by law. There may be circumstances where we can reasonably and lawfully decline your request, for example, due to a legal obligation or court order.

If you want to exercise your rights, or would like an explanation about these rights, please contact us using the details provided in the “Contact Us” section.

Data Controller: The data controller of your Personal Data is Finofin Insurance and Advisory Services Pvt. Ltd. We may monitor or record calls or any other communication with you for training, security, or quality purposes.

Part M – Updates to this Policy

We may revise this Privacy Policy periodically. Updated versions will be published on our website/app. In case of material changes that affect your rights or obligations, we will notify you via email, SMS, or app notification. Continued engagement with Finofin after such updates shall constitute your acceptance of the revised Privacy Policy.

Part N – Disclaimer as to Loss

While we adopt industry-standard measures to secure your Personal Data and SPDI, we cannot guarantee absolute protection against all cyber threats, unauthorized access, or unforeseen breaches.

Finofin will notify affected persons and regulators (including IRDAI) in the event of a data breach, as required under applicable law.

Part O – Third-Party Links & Platforms

Our digital platforms may contain links to third-party websites or services. We are not responsible for the privacy practices, security standards, or content of such third parties. You are advised to review their privacy policies independently before engaging with them.

Part P – Severability & Exclusion

If any provision of this Privacy Policy is held invalid, unlawful, or unenforceable by a competent authority, the remaining provisions shall remain valid and enforceable to the fullest extent permitted by law.

Part Q – Governing Law & Dispute Resolution

This Privacy Policy shall be governed by and construed in accordance with the laws of Republic of India. The courts at Chandigarh, India shall have exclusive jurisdiction.

Escalation: If you are not satisfied with the resolution of your grievance by Finofin, you may escalate the same to the Insurance Regulatory and Development Authority of India (IRDAI) through its official grievance portal (www.irdai.gov.in).

Contact Us

Finofin Insurance and Advisory Services Pvt. Ltd.
Registered Office: FINVASIA CENTRE, D-179, Industrial Area 8B, Sector-74, Mohali, Punjab, 160055.

Email: Support@jumpp.insure
Phone: +91-86999-83888