Privacy & Security Policy

Privacy and protection of personally identifiable information

IFPL shall comply with the Government of India’s Reasonable security practices and procedures and sensitive personal data protection bill 2019. The same will be followed when it becomes an Act.

1.     Compliance Manager will be the accountable person for protection of all such information in a secured manner.

2.     IF-P2P platform will obtain consent from the provider of the sensitive personal data or information regarding purpose of usage before collection of such information.

3.     The information collected shall be used for the purpose for which it has been collected.

4.     Disclosure of sensitive personal data or information by IFPL to any third party shall require prior permission from the provider of such information, which has provided such information.

5.     The information shall be shared, without obtaining prior consent from provider of information only with Government agencies mandated under the law to obtain information including sensitive personal data or information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences.

6.     IFPL or any person on its behalf shall not publish the sensitive personal data or information in public forums.

7.     The third party receiving the sensitive personal data or information from IFPL or any person on its behalf shall not disclose it further and shall comply to the Government of India’s Reasonable security practices and procedures and sensitive personal data or information Rules, 2011.

8.     IFPL or any person on its behalf may transfer sensitive personal data or information including any information, to any other organisation or a person in India, or located in any other country, that ensures the same level of data protection that is adhered to by IFPL as provided for under these Rules. The transfer may be allowed only if it is necessary for the performance of the lawful contract between IFPL or any person on its behalf and provider of information or where such person has consented to data transfer.

9.     IFPL should ensure physical security control measures that are commensurate with the information assets being protected with the nature of business.