The Company respects the privacy of the users of the Lyron platform Services and is committed to reasonably protect it in all respects. The information about the user as collected by the Company is: (a) information supplied by users and (b) information automatically tracked while using a mobile device having Lyron platform Services enabled (collectively referred to as Information).
It is the policy of Lyron to comply with all applicable laws and regulatory requirements for the use, access and disclosure of Sensitive Information, to ensure the confidentiality and protection of Sensitive Information, and to prevent and mitigate any privacy incidents.
All members of the Workforce shall be required to comply with this Policy and it is applicable to all Lyron global operations. Individuals who violate these requirements are subject to disciplinary action, up to and including termination or dismissal.
To avail certain services of Lyron, users are required to provide some personally identifiable information for the registration process which may include:- a) your name, b) email address, c) phone number, d) access to your phone’s SMS inbox records d) bank account details e) Aadhaar details, f) PAN g) residential address etc. and any other such information as required. The Information as supplied by the users enables us to improve the services and provide you the most user-friendly experience. All required information is service dependent and the Company may use the above said user Information to maintain, protect, and improve the services and for developing new services.
We may also use your phone number, email address or other personally identifiable information to send commercial or marketing messages without your consent [with an option to subscribe/unsubscribe (where feasible)]. We may, however, use your email address and phone number without further consent for non-marketing or administrative purposes (such as notifying you of major changes, for customer service purposes, providing information about updates to services, billing, etc.).
In case you choose to decline to submit personally identifiable information on the App/Site, we may not be able to provide certain services on the App/Site to you. We will make reasonable efforts to notify you of the same at the appropriate time. In any case, we will not be liable and or responsible for the denial of certain services to you for lack of you providing the necessary personal information.
When you register with the Lyron services, we may contact you from time to time about updation of your personal information to provide such features that we believe may benefit/interest you.
SMS Inbox Information: The Lyron platform also access the User’s SMS inbox only for reading the OTP.The Lyron platform accesses business messages that originate from senders. The Lyron platform may read personal and OTP messages only if the SMS feature is privilege enabled, No personal SMSes or OTPs are backed up. The collection of such information is only limited to the extent that such data is available in the relevant messages. Lyron may also record the identity of the product or service and the price or fee paid or payable in respect thereof.
Demographic and Related Information:We may reference other sources of demographic and other information in order to provide you with more targeted communications and promotions. We use Google Analytics, among others, to track user behaviour on our website.
Google Analytics specifically has been enabled to support display advertising to help us gain an understanding of our users’ Demographics and Interests. The reports are anonymous and cannot be associated with any individual personally identifiable information that you may have shared with us.
Log File Information: Our Servers automatically collect limited information about your device’s connection to the Internet, including your IP address, when you visit our Site or use the App. We automatically receive and log information from the App and/or your browser including but not limited to IP address, your device or computer’s name, and your operating system. We may also collect log information from your device, including but not limited to your location, IP address, your device’s name, device’s serial number or unique identification number (e.g. UDiD on your iOS device, Android ID or ADID on your Android Device), your device operating system, browser type and version, CPU speed, and connection speed etc.
Cookies: To improve the responsiveness of the Site for our users, we may use “cookies”, or similar electronic tools to collect information to assign each visitor a unique, random number as a User Identification (User ID) to understand the user’s individual interests using the identified computer. Our partners may also assign their own cookies to your browser, a process that we do not control.
The Company may share sensitive personal information with any third party without obtaining the prior consent of the User in the following limited circumstances:
When it is requested or required by law or by any court or governmental agency or authority to disclose, for the purpose of verification of identity, or for the prevention, detection, investigation including cyber incidents, or for prosecution and punishment of offences. These disclosures are made in good faith and belief that such disclosure is reasonably necessary for enforcing these Terms or for complying with the applicable laws and regulations.
No personally identifiable data of an individual user such as name, phone number, email address, spends data, card details etc. would be shared with any other User and/or third party – unless explicitly approved by the concerned individual user in order to avail of certain services. However, if this conflicts with conditions mentioned in the immediate point above, this condition would become null and void.
The Company may also present information related to user spends, patterns and user data tracked by the company only in the form of aggregated statistics on data such as user spends by category, date, time, bank balances, etc. within our app/site or to our partners.
When you use the Lyron platform Services Site (or any of its sub sites), we make efforts in good faith to provide you, as and when requested by you, with access to your personal information and shall further ensure that any personal information or sensitive personal data or information found to be inaccurate or deficient shall be corrected or amended as feasible, subject to any requirement for such personal information or sensitive personal data or information to be retained by law or for legitimate business purposes
We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required.
In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. Because of the way we maintain certain services, after you delete your information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems.
If enabled from the app, we take a backup of your data on Lyron platform on our Cloud database according to country specific compliance requirements. This is done for the purpose of enabling users to get their data back in case their phone’s data becomes unusable, if the phone is lost, or the user moves to a new phone device.
We also use this backup to provide useful insights and information related to Active/inactive Loans and repayments.
We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorised access to systems where we store personal data. All information gathered on the Lyron platform is securely stored within the controlled database. Access to the servers is password-protected and is strictly limited.
Lyron has implemented the following fair information privacy principles that support individual rights and set guidelines for the protection of Sensitive Information:
Notice. Lyron shall provide notice regarding its privacy policies and procedures and include the purposes for which Sensitive Information is accessed, collected, used, retained, and disclosed. Notice may occur in a variety of formats including publication on Lyron’ internal and external websites and specified in internal and external contracts and agreements.
Choice and Consent. Where practical or required by law or contract, Lyron shall provide individuals with opportunity to consent to or authorize Lyron’ access, collection, use, retention, and disclosure of Sensitive Information. Consent or authorization may be explicit or implicit depending upon the specific circumstances, and the PSSC shall advise the Business Units as to appropriate means of obtaining consent or authorization.
Limited Collection. Sensitive Information shall only be collected for the purposes identified in the notice.
Limited Use and Disclosure. Sensitive Information shall only be used and/or disclosed to third parties for the purposes identified in the notice
Limited Retention. Sensitive Information may be retained only as long as necessary, including, but not limited to, as may be required by law or contract, to fulfill a valid business purpose.
Accuracy. Lyron shall maintain the accuracy and integrity of the Sensitive Information under its care.
Right to Inspect/Correction. Individuals may request access to their Sensitive Information and request amendment to that Sensitive Information if such information is believed to be inaccurate. Lyron shall review and respond to requests for access and amendment in a timely manner. The PSSC shall provide guidance to Business Units regarding individual rights to access and/or amend Sensitive Information upon request by the Business Unit.
Disposal. Lyron shall dispose and destroy Sensitive Information, at the end of the applicable retention period, in a manner that prevents the likelihood of restoration of the Sensitive Information or in a manner required by law or contract.
Breach Notification. Actual or suspected breaches of Sensitive Information shall be immediately reported in accordance with the Privacy and Security Incident Reporting Policy.
Each member of the Lyron workforce is responsible for the security of Sensitive Information in his or her workspace. Workforce members take reasonable and appropriate precautions to safeguard access to Sensitive Information including, without limiting the generality of the following, compliance with security measures required by the Security Policy and other guidance issued by the Privacy and Security Steering Committee and Chief Information Security Officer.
Each Workforce member shall be responsible for:
Collaborating with all levels of the Lyron organization to ensure that an effective privacy program is implemented and maintained;
Complying with the Security Policy and related policies and procedures and implementing and maintaining the Security Program;
In addition to responsibilities as a member of the Workforce, each Lyron manager shall be also be responsible for:
Ensuring all members of the Workforce who report directly or indirectly to such manager have completed the required privacy training;
In addition to responsibilities as a member of the Workforce, each Business Unit or functional area leader shall also be responsible for:
Identifying any privacy-related contractual requirements mandated or requested by external clients or third-party vendors, and not previously approved by the legal team and the PSSC, and providing those requirements or requests to the legal team and the PSSC prior to contract execution;
Identifying where Sensitive Information is located, and providing such information to the PSSC and/or CISO;
Maintaining a list of all Workforce members who have access to Sensitive Information and approving access by Workforce members to any Sensitive Information in a manner consistent with such Workforce members’ duties and responsibilities;
The Privacy and Security Steering Committee shall be responsible for:
Coordinating with the CISO in the development and maintenance of security policies and programs to ensure that appropriate physical, administrative and technical safeguards are in place to protect the privacy and security of Sensitive Information;
Upon request, reviewing, guiding, and approving Standard Operating Procedures (SOPs) for Business Units and functions, relating to Sensitive Information;
Reviewing and responding to requests from law enforcement and regulatory agencies for access to Sensitive Information, in coordination with others to the extent permitted and as appropriate;
Ensuring that Lyron complies with applicable privacy laws, regulations, and contractual privacy requirements;
May designate another individual to function in his/her capacity with regards to the requirements set forth in this Policy.
Human Resources shall be responsible for:
Collaborating with hiring managers to ensure privacy and security obligations are specified in Lyron job and roles descriptions;
Communicating job status changes, including termination of Workforce members, to IT Operations, so that access to systems with Sensitive Information is appropriately modified;
Consent and Authorization to Use Sensitive Information
Limited Use. Lyron Workforce members shall only access, use, and disclose Sensitive Information in accordance with:
the requirements of the consent or authorization provided by the subject or owner of the Sensitive Information;
relevant contractual requirements; and
as required by law.
All access, use and disclosure of Sensitive information shall be limited to the minimum amount of Sensitive Information necessary to accomplish a valid business purpose
All requests to limit or cease using Sensitive Information shall be directed to the PSSC for review
De-Identified Sensitive Information
In certain cases, Lyron may receive consent or authorization to de-identify Sensitive Information. In these cases, once the Sensitive Information has been de-identified, Workforce members may use and disclose the de-identified Sensitive Information in accordance with the consent or authorization.
Requests to de-identify Sensitive Information must be submitted, in writing, to the PSSC or her/his designee who will evaluate the scope and purpose of the request and the means of de-identification to ensure a low likelihood of re-identification of Sensitive Information and that applicable legal, contractual, and industry-standard requirements are met.
Disclosures Required by Law
Lyron may use or disclose Sensitive Information as required by law.
Lyron shall assess Privacy Risk annually pursuant to Lyron’ Risk Management Policy.
All electronic media and paper copies containing Sensitive Information shall be retained in accordance with Lyron Records Management Policy and Retention Schedule, and properly disposed of once the intended use has been completed in accordance with the Lyron Information Classification and Handling Policy. All media or copies containing Sensitive Information from a client is either to be returned to the client, or destroyed, in accordance with the contractual agreement with the client.
In case you have any complaints and/or grievances in relation to the processing of your Personal Information you can send this via e-mail to our Data Protection Officer [email protected]
We will be revert back to you on your clarification or requests or queries or complaints or grievance with in 48 working hours but not more than 72 working hours.
“Business Unit” is a formally defined area of Lyron representing a specific business function (such as Finance, Solutions Development, Sales, Support, etc.). This could be a department or subset of a department.
“PSSC” means the Privacy and Security Steering Committee who is also the Chief Privacy Officer.
“CISO” means the Chief Information Security Officer
“Information” is considered databases, data files, contracts, agreements, system documentation, research information, user manuals, training material, standard operating procedures, business continuity plans, disaster recovery plans, third-party data, audit trails, and archived information.
“Sensitive Information” is a class of data, that relates to an identified or identifiable individual or entity that is sensitive, confidential, or proprietary to such person or entity and may potentially cause harm to such person or entity if lost or accessed, or used or disclosed by unauthorized persons, either internal or external to Lyron. “Sensitive Information” includes, but is not limited to, Protected Health Information, Personal Information, Personal Health Information, Personal Data, and Personally Identifiable Information including other sensitive KYC (Know Your Customer) information collected as a part of OVD (Officially valid document (OVD) the passport, the driving license, the Permanent Account Number (PAN) Card, the Voter's Identity Card issued by the Election Commission of India, job card issued by NREGA (as those terms are defined in applicable law).
“Systems” are any computing assets that may create, access, or store sensitive data, including those used internally and those developed and sold as a product.
“Workforce” means full-time or temporary employees, contractors, third-party users, volunteers, interns, trainees, agents, and other persons whose conduct, in the performance of work for Lyron, is under the direct control of Lyron, whether they are on-site or off-site, and whether or not they are paid by Lyron.