Manappuram Asset Finance Ltd. (hereafter referred to as “MAAFIN,” “Company”) values your trust and is committed in protecting stakeholder’s personal information. This Privacy Policy explains in detail how the Company collects, use, share, store, and safeguard information related to its customers, employees, vendors, and website/app users.
The Company process personal data in compliance with applicable Indian laws, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023.
Approach is guided by the principles of fairness, transparency, accountability, and respect for individual privacy.
This Privacy Policy applies to all personal data processed by MAAFIN in the following contexts:
- Customers availing financial products and services offered by the Company
- Employees, job applicants, contractors, and consultants
- Vendors, service providers, and business partners engaged with the Company
- Visitors to the Company website, mobile applications, or other digital platforms
- Any third parties interact with MAAFIN through official communication channels
Personal Information
The Company may collect personal details including but not limited to:
- Name, gender, date of birth, nationality, and marital status
- Identity and address proof (e.g., PAN, Aadhaar, Passport, Driving License, Voter ID)
- Contact details (phone number, email address, residential address)
- Employment details, qualifications, income, and occupation information
- Financial information (bank account details, credit/debit card details, payment history)
- Photographs, video recordings, and biometric details (where applicable)
- Data submitted through forms, applications, contracts, or interactions with our representatives
- Digital identifiers such as IP addresses, device information, and browser data when using our online platforms of the Company
Sensitive Personal Information (SPI)
As per IT Rules, 2011, SPI may include:
- User credentials
- Financial details (bank account, credit/debit card, payment instruments)
- Biometric data (fingerprints, facial recognition, iris scans)
- Health/medical records
- Sexual orientation
- Any other personal data categorized as “sensitive” under law
Personal information is used for legitimate business, legal, and regulatory purposes, such as:
- Verifying your identity and performing due diligence (KYC compliance)
- Processing applications, loans, financial products, transactions, and payments
- Providing, customizing, and improving the Company financial products and services
- Sending important service updates, regulatory notifications, or communication regarding accounts
- Conducting internal audits, compliance checks, fraud prevention, and risk management
- Carrying out research, analytics, surveys, and customer support activities
- Marketing and promotional communications (where permitted)
- Meeting contractual obligations with customers, employees, and partners
- Responding to requests from courts, Law agencies or government agencies
The Company shares personal information under the following circumstances:
- Service Providers/Partners: With trusted third parties who provide services such as IT support, payment processing, marketing assistance, and data hosting, which are bound by confidentiality and security agreements.
- Regulatory/Government Authorities: With regulatory bodies, government authorities, or law enforcement agencies when required by applicable laws.
- Group/Affiliate Companies: With affiliated companies for operational, administrative, or service-enhancement purposes.
- Business Transfers: In case of mergers, acquisitions, or restructuring, personal data may be transferred to the new entity.
- With Consent: With explicit consent, wherever legally permitted.
The company does not sell, lease, or rent your personal data to unaffiliated third parties under any circumstances.
The Company implements appropriate technical, organizational, and security measures to protect personal data from unauthorized access, misuse, loss, or alteration. These include:
- Role-based access controls (ensuring only authorized staff can access data)
- Encryption, firewalls, and secure servers for sensitive information
- Regular monitoring and auditing of IT systems and processes
- Employee fidelity agreements and periodic training on data protection
- Incident response plans and security drills
In the event of a data breach, the Company will notify affected parties and regulators where legally required, undertake Root Cause Analysis.
The Company retains personal information only for as long as necessary to:
- Fulfil the purpose for which it was collected
- Comply with applicable legal, regulatory, and contractual requirements
- Resolve disputes and enforce agreements
When the data is no longer required, it is securely archived, anonymized, or permanently destroyed in compliance with legal and regulatory standards.
Depending on applicable law, stakeholder may have the following rights:
- Right to Access: Request a copy of the personal data which the Company holds about the Stakeholder
- Right to Correction: Request corrections or updates to inaccurate or incomplete information
- Right to Withdraw Consent: Withdraw consent for processing activities where applicable (e.g., marketing communications)
- Right to Restriction/Objection: Raise concerns or restrict certain processing activities
- Right to Deletion: Request deletion of your personal data, subject to regulatory requirements
- Right to Data Portability: Where applicable, request transfer of your personal data in a structured, commonly used format
To exercise these rights, please contact the Company at or via the contact details in Section 12.
The Company website uses cookies, web beacons, and similar technologies to enhance browsing experience. These may include third-party tools such as Google Analytics for traffic analysis and performance monitoring. Cookies may be used to:
- Improve website functionality
- Analyze website traffic and user behavior
- Provide personalized content and targeted advertisements
- Maintain security and prevent fraudulent activity
Stakeholders can manage or disable cookies through browser settings; however, this may limit certain features of the Company website.
In some cases, stakeholder data may be stored or processed outside India (for example, by global cloud service providers or international partners). In such cases, the Company ensures that:
- The recipient country has adequate data protection standards, or
- Standard contractual clauses and agreements are in place to ensure that personal data is protected.
While MAAFIN takes reasonable steps to ensure accuracy and protection of personal data, the Company cannot guarantee absolute security due to inherent risks in data transmission over the internet or electronic storage. Users are encouraged to take precautions, such as safeguarding login credentials and using secure devices.
For questions, concerns, or complaints regarding this Privacy Policy or your personal data, please contact:
Data Protection Officer
Manappuram Asset Finance Ltd.
111/105 Opposite Nattika FIRKA Co-operative Rural Bank,
Valapad, Thrissur District,
Kerala, Pin 680 567
Email: cto@maafin.in
Phone: 9061612340