Introduction
Welcome to ValuEnable. ValuEnable Private Limited ("us", "we", or "our") operates www.valuenable.in — a platform providing solutions to address customer retention issues faced by life insurance companies. Our services have been designed to benefit both the insurance company and policyholders alike.
This Privacy Policy governs your visit to www.valuenable.in and explains how we collect, safeguard, and disclose information that results from your use of our Service. By using our Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined here, terms carry the same meanings as in our Terms and Conditions. Our Terms and Conditions ("Terms") govern all use of our Service and together with this Privacy Policy constitute your agreement with us.
Scope
This policy applies to all Personal Identifiable Information (PII) collected, processed, or stored by ValuEnable — whether through direct data collection from subjects or through information processing systems. Any deviation from this policy shall be handled as per ValuEnable's information security exception handling process. The Information Security team shall be consulted wherever required to ensure appropriate and effective implementation of these controls.
Responsibilities
The following teams and functions are responsible for implementing and maintaining the controls defined in this policy:
- Board of Directors
- Respective Department Heads
- Chief Information Security Officer (CISO)
- Legal & Compliance Team
- All Employees
Definitions
Aadhaar Regulations
Includes the Aadhaar (Targeted Delivery of Financial and other subsidies, Benefits and Services) Act 2016, Aadhaar (Amendment) Act 2019, Aadhaar (Authentication) Regulations 2016, Aadhaar (Data Security) Regulations 2016, and other applicable regulations issued by UIDAI from time to time.
Consent
Freely given, specific, and informed indication of the data subject's wishes by which they signify agreement to the processing of their personal data.
Data Controller
The person responsible for complying with data privacy requirements who has full authority to decide how and why personal data is processed.
Data Subject
A natural person who is the subject of data.
Insurance Data
Data related to life insurance policies issued by various insurance companies, including data of customers who hold insurance policies.
Personal Data or Information
Information relating to a natural person capable of identifying such person, either directly or indirectly. This includes — but is not limited to — full name, home address, email address, unique identification number, passport number, driver's licence number, credit card numbers, date of birth, telephone number, login details, and biometric information such as fingerprints.
Sensitive Personal Data or Information
Includes information relating to passwords, financial details, health conditions, sexual orientation, biometric information, etc.
The User
The individual using our Service.
Cookies
Small pieces of information that a browser can record after visiting a website. We may use cookies for technical purposes such as enabling better navigation through our site or storing user preferences. Turning off cookies will affect your experience on https://loan.valuenable.in/.
Purpose
The purpose of this Policy is to enable ValuEnable to:
- Implement reasonable security practices and procedures to safeguard personal data and sensitive personal data.
- Comply with applicable statutory provisions, rules, and regulations regarding data privacy and protection.
- Enable the data subject and third parties to understand and comply with ValuEnable's data privacy policies.
Collection of Personal Data
ValuEnable shall collect personal data of its customers, clients, employees, or any other entity only for legitimate business purposes, and will limit its collection, use, storage, processing, transfer, and disclosure of personal data to the minimum required to carry out those purposes.
Personal data may only be collected, used, stored, processed, transferred, or disclosed for reasonable, specific, and lawful purposes. Individuals will be notified of the purposes for which ValuEnable intends to collect, use, or disclose their data before or at the time of collection. In the event that any intended use of personal data goes beyond the purposes notified during collection, ValuEnable will notify the relevant individual of the new purpose and seek their consent.
To make our Platform and Services more useful to you, our servers (which may be hosted by a third-party service provider) collect information including your browser type, operating system, Internet Protocol (IP) address, and domain name. We may permit authorised third-party analytics providers to use cookies and similar technologies to perform these services on our behalf.
We use authorised third-party service providers to power payment transactions on our platform. As per applicable regulations, we use tokenisation services from certified, PCI-DSS compliant third-party providers to facilitate card transactions. These providers may transfer your information to card networks (such as Visa and Mastercard) as required. We do not store any card transaction information on our Platform.
Consent
ValuEnable shall not collect, use, or disclose any personal data without the consent of the data owner, except where deemed consent applies or where such collection, use, or disclosure is required to meet applicable laws and regulations.
Where personal data relates to a child (a person under 18 years of age), ValuEnable shall seek consent from a competent person before collecting, processing, or disclosing such data.
Where the processing of personal data is based on consent, data subjects have the right to withdraw their consent at any time. Withdrawal of consent shall be as easy as giving consent initially. Please note that withdrawing consent may affect your ability to use certain features or services on our Platform.
Transfer / Disclosure of Data or Information
- Personal data, sensitive personal data, and other customer data will not be transferred or disclosed to any third party without implementing reasonable security practices and obtaining explicit consent from the data subject.
- Information may be communicated to third parties only for purposes consistent with the original collection purpose or as authorised by law.
- Disclosure of information to data subjects must be transparent, providing details about the purpose of collection, usage, and security practices.
- We may be required from time to time to disclose any personal information collected by us to governmental or judicial bodies, agencies, or our regulators based on legal requirements under applicable cyber laws. We may also share your information with third-party group companies to enable service provision and/or carry out technical, logistical, and other functions on our behalf (e.g. sending emails or newsletters to users).
Data Subject's Rights
Data subjects are entitled to the following rights:
Access & Update
Access, update, or delete their personal information held by us.
Rectification
Rectify inaccurate or incomplete information in our records.
Data Removal
Request removal of their data from our systems under applicable circumstances.
Restrict Processing
Request restriction of processing under specific conditions — for example, when the accuracy of the data is contested or the processing is unlawful.
Data Portability
Receive their personal data in a structured, commonly used, and machine-readable format, and request its transfer to another organisation where processing is based on consent or contract.
Right to Object
Object to the processing of their personal data, including profiling or direct marketing. ValuEnable will stop processing unless it can demonstrate compelling legitimate grounds that override the data subject's interests.
Automated Decisions
Not be subject to decisions based solely on automated processing — including profiling — that produce legal or similarly significant effects, except where permitted by applicable law or explicit consent.
Withdraw Consent
Withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
To exercise any of these rights, please contact us at support@valuenable.in. We will respond within a reasonable period and in any case no later than 30 days from receipt of your request.
Data Security
ValuEnable Pvt Ltd is committed to protecting the security and privacy of your personal information. We endeavour to have suitable technical, operational, and physical security controls and measures in place that are commensurate with the nature of our business. Our security controls are periodically reviewed as part of our Information Security Management System (ISMS) under ISO 27001.
Industry-Standard Technologies
We use a variety of industry-standard security technologies and procedures to help protect your personal information from unauthorised access, use, or disclosure.
Periodic Security Reviews
We periodically review our security controls and update them to maintain alignment with current best practices.
Breach Response
In the event of any breach of our security controls resulting in unauthorised access, we will endeavour to inform you of the extent of such breach, subject to applicable law and cooperation with relevant authorities.
Liability Limitation
Despite our efforts to protect your information, if unauthorised persons breach our security control measures and illegally use sensitive/personal data, ValuEnable Pvt Ltd, its affiliates, employees, and directors shall not be held responsible/liable.
Data Protection Officer (DPO)
ValuEnable has appointed a Data Protection Officer (DPO) responsible for monitoring compliance with privacy obligations, acting as a contact point for clients and regulatory authorities, and ensuring staff awareness of and adherence to this policy.
Communications Privacy
Monitoring of electronic communications (telephone calls, emails, and internet access) for business or security purposes shall be carried out in compliance with applicable regulations and only with appropriate internal approvals.
ValuEnable employees are prohibited from eavesdropping on, storing, monitoring, or intercepting any communications or information within ValuEnable systems without authorisation. Any such retained data may be accessed only by approved personnel during and after an investigation, as per applicable ValuEnable policies or as directed by applicable law.
ValuEnable has established a process for receiving and responding to complaints, concerns, or questions from individuals about our privacy practices. Any privacy incident or data breach shall be handled in accordance with our Privacy Incident Response Plan and Incident Management Policy.
Breach Notification
In the event of a data breach, ValuEnable will notify the affected data subjects and relevant authorities promptly, outlining the nature of the breach and the steps taken to mitigate its impact, as required by applicable law.
Privacy by Design & Default
ValuEnable designs its information systems to support privacy by automating privacy controls wherever possible. All transfers of PII between processes are carried out over secure channels.
Where there is a choice in how personal data is collected or processed, each option is disabled by default and enabled only by the primary PII principal. We provide clear and effective notice regarding our data collection activities, the authority under which data is collected, the choices available to individuals, and how individuals may access and correct their PII.
Privacy Impact Assessments
ValuEnable conducts Privacy Impact Assessments (PIAs) for information systems, programmes, or other activities that pose a privacy risk, in accordance with applicable law and internal policies. Risk assessments and PIAs pertaining to data privacy are conducted periodically and reviewed at least once annually. ValuEnable also conducts periodic self-assessments and due diligence of third parties to demonstrate compliance with privacy requirements.
Data Minimization
We collect only the data necessary for the specified purposes and ensure it is used solely for those purposes. Personal data shall be accurate, and where necessary, kept up to date. Inaccurate data shall be corrected or erased without delay.
Cross-Border Data Transfers
Personal data (including PII sent during online transactions) shall be transferred across borders only in accordance with the applicable legislation of the countries involved. Where a country does not have a privacy law in place, best practices shall be applied before any transfer of personal information.
In the event that data belonging to EU citizens is shared with any third party, ValuEnable shall confirm that the third party complies with the General Data Protection Regulation (GDPR) and the Digital Personal Data Protection Act 2023 (DPDP Act).
Information Usage and Sharing with Third Parties
Personal information you submit to us is used either to respond to your requests or to aid us in serving you better. We use such information in the following ways:
- To identify you as a user in our system.
- To provide improved administration of our Platform and Services.
- To provide the Services you request.
- To improve the quality of your experience when you interact with our Platform and Services.
- To send you e-mail and other notifications.
- To send newsletters, surveys, offers, and other promotional materials related to our Services and for other marketing purposes.
- To protect our services and our users.
- For market and customer analysis, market research, and statistics.
- To prevent and detect fraud or abuse of our services, as well as to prevent, detect, and investigate any potential unlawful or prohibited activities.
Demographic information, financial information (such as bank account details), investment information (such as holdings), personal information (such as phone number and email), and other information (such as PAN/Aadhaar) will be utilised for and shared with regulated entities including Investment Advisors, Research Analysts, Brokers, NBFCs, Banks, and Credit Bureaus for various regulatory purposes (KYC, AML, etc.) and business purposes (credit facilitation, tracking services, etc.).
Specifically, in the case of credit facilitation services, the following data is shared with authorised third parties:
- PAN, mobile number, and email ID — shared with SEBI-registered RTAs and Depositories for investment holdings verification.
- KYC documents and bank account details — shared with Digio (a RBI-regulated entity) for OCR processing and mandate setup.
- Email ID — shared with Amazon Web Services for communication.
- Phone number — shared with our SMS service provider for SMS communication.
Data Retention & Deletion
We may retain your data for as long as required under applicable law and as necessary to efficiently provide our services. All information provided by you, except in cases of withdrawal of consent or termination, shall be retained for a duration of eight (8) years. We will act upon any deletion request received from you within a reasonable period, and in any case no later than thirty (30) days from receipt of such a request.
We may retain certain data after account deletion for specific purposes, including but not limited to:
- If there is an unresolved issue, claim, or dispute relating to your account.
- Where retention is required under applicable law.
- In aggregated and/or anonymised form.
- Where necessary for legitimate business interests, such as fraud prevention, enhancing user safety, and ensuring security.
⚠️ If a user initiates a loan application but does not complete the process within thirty (30) days, all information related to that application will be deleted from our platform. For any data or consent (full or partial) that you wish to delete or revoke, you may send an email to
support@valuenable.in,
policyloans@valuenable.in, or
las@valuenable.in (as per the relevant product), stating the details of the data and/or consent and the scope/nature of the deletion or revocation desired. Please note that withdrawing consent or requesting deletion of certain data may result in your inability to use our services on the platform.
Data Destruction Practices
Sensitive information stored on electronic media is securely sanitised using industry-recognised methods that render the data irrecoverable, including overwrite, block erase, degaussing (for magnetic media), and cryptographic erase. All versions, copies, and temporary files of sensitive information are promptly deleted. Where required, ValuEnable engages approved and certified providers for secure physical media disposal. Logs track and verify that deletion processes have occurred, and an official record of information deletion is maintained for audit readiness.
For cloud services, ValuEnable verifies that the deletion method provided by the cloud service provider is acceptable and requests deletion of information as needed. Third-party agreements include requirements for the secure deletion of ValuEnable information upon termination of services.
Amendments to Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Third-Party Service Providers
Below is the list of third-party service providers with which ValuEnable shares customer data in order to provide its Services.
| Name |
Link |
Data Shared |
Purpose |
| Digiotech Solutions Private Limited |
www.digio.in |
KYC documents, bank account details for mandate setup, selfie/live photograph for identity verification |
KYC verification, identity authentication, liveness check, and mandate setup (RBI-regulated entity) |
| SEBI-registered RTAs & Depositories |
— |
PAN, mobile number, email ID |
Investment holdings verification |
| Amazon Web Services |
aws.amazon.com |
Email ID |
Communication infrastructure |
| SMS Service Provider |
— |
Phone number |
SMS communication |
| PCI-DSS Certified Payment Tokenisation Providers |
— |
Card transaction data (tokenised; not stored by ValuEnable) |
Payment tokenisation & card network transfers (Visa, Mastercard) |