IRIS MSME
Registration Hub
Verify GSTIN
IRIS MSME
Registration Hub
Verify GSTIN

Privacy Policy

This Privacy Policy (“Privacy Policy”/ “Policy”) is published in accordance with Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. IRIS RegTech Solutions Limited (hereinafter referred to as “IRIS MSME” or “Company” or “Us” or “We” or “Our”), a RegTech company, is the owner of the mobile application “Peridot” (“App”), the website at https://irismsme.com/ (“Website”), and online forms (collectively referred to as the “Platform”) through which the Company provides solutions to MSMEs, including support for compliance requirements, invoicing, lending facilitation, knowledge resources, business process refinement, scheme matching, any other ancillary, incidental, or supplementary matters necessary or desirable for the effective delivery of the Company’s services (“Services”).The Commpany is committed to maintain the confidentiality, integrity and security of all information of its users. This Privacy Policy describes how the Company collects, stores, handles and transfers certain information received from you via the use of the Platform on a need basis. This Privacy Policy applies to the visitors to our Platform and our existing and future customers. By proceeding to use our Platform, you are accepting and consenting to the practices described in this Privacy Policy.
By using or continuing to use the Website you agree to our use of your information (including sensitive personal information as defined under the Information Technology Act 2000, applicable rules, notification etc.) in accordance with this Privacy Policy, as may be amended from time to time by IRIS at its sole discretion.

By accessing the Platform and/or availing the Services offered by us, the User (“User” or “You” or “Your”) agrees to be bound by the terms of this Privacy Policy.
If You do not accept this Privacy Policy or any part thereof, please do not use /access, download, or install the Platform. or use the Services. The User acknowledges, agrees, and consents to the collection, use, processing, disclosure, transfer, and storage of their information (including personal data including sensitive personal data) in accordance with this Privacy Policy and as required for IRIS MSME’s operations and regulatory compliance.

USER’S INFORMATION

User’s Personal Information

When the User visits Our Platform or avails the Services, we collect and store the information which the User provides from time to time by explicitly seeking permission from the User in order to provide an efficient, smooth, and customized experience and Service. We collect Personal Data from you when you submit web forms or interact with our websites, for example subscribing to a IRISGST Newsletter, using Peridot-web, signing up for a webinar, or product enquiries. “Personal Data” is any data including sensitive personal data about the User, by which he/ she/ it, as a person can be identified, including without limitation, GSTIN, business name, address, email address, date of registration, GSTIN and phone number etc. to which the Platform has or is likely to have access by virtue of the User’s consensual submission. This allows Us to provide Services with features that meet the requirements of the User. We collect the below-mentioned individually identifiable information that would allow Us to determine the actual identity of the User (collected strictly on a ‘need-based’ principle in line with RBI guidelines):

  • Name
  • Address
  • Contact number
  • E-mail
  • Photo
  • Device Identifiers and Technical Specifications
  • Date of Birth
  • Education Qualifications
  • Gender
  • Caste
  • Mobile Number
  • Permanent Account Number (PAN)
  • Udyam
  • Address
  • Industry, Sector
  • Business information and data
  • Documents such as User and Business PAN, Business Proof, Address Proof, Bank Statement, and any other documents required from the User in connection with availing the Services.
  • Any details that may have been voluntarily provided by the User in connection with availing the Services.
  • For Digital Invoicing, we also collect transaction data, including client names, GST details, transaction amounts, dates, and inventory/product information.

including details of any loans availed and any instances of delayed or defaulted payments.By providing the above-mentioned information to Us, the User consents to the collection, use and disclosure of Personal Data, as permitted by the applicable law. Crucially, the Peridot App shall desist from accessing invasive phone resources such as SMS, call logs, contacts list, or media/gallery.

Other Information

We automatically track certain information about the User based on their browsing history on Our Platform. We use this information to do internal research on Our Users’ demographics, interests, and behavior to better understand, protect, and serve Our Users and improve our Services. This information is compiled and analysed on an aggregated basis and not individually. We also collect User’s Internet Protocol (IP) address and the URL used by the User to connect the User’s computer to the internet, etc. This information may include the URL which the User visited before visiting the Platform (whether this URL is on Our Platform or not), which URL the User visits after visiting the Platform (whether this URL is on our website or not), User’s computer browser information, and User’s IP address.

Cookies

We use cookies on Our Platform for enhancing the Services provided cookies are small data files that a website stores on the User’s computer. The use of this information helps Us to identify the returning user in order to make Our Platform more user friendly. Most browsers will permit the User to decline the cookies, but if the User chooses to do this, it might affect the service on some parts of Our Platform and the Services.

PURPOSE AND USE OF INFORMATION COLLECTED

  • Assist us or our business partners in facilitating and delivering services to you, process payments and your applications, communicate with you about products, services and promotional offers.
  • Respond to queries, or requests submitted by you, and resolve your grievances/issues/problems regarding any services supplied to you.
  • Administer or otherwise carry out our obligations in relation to any agreement with our business partners.
  • Send information to User about special promotions or offers. We might also tell the User about new features or products/services. These might be our own offers or products/services, or third-party offers or products/services with whom the Company has a tie-up.
  • Use User information for internal analysis and to provide location-based services to the User, such as advertising, search results, and other personalized content.
  • Use this information to improve our Platform, prevent or detect fraud or abuses of the Platform and enable third parties to carry out technical, logistical or other functions on our behalf. We may combine information we get from the User with information about the User we get from third parties.
  • Send notices, communications to you, and recommend services that might be of interest to you, update our records and generally maintain your accounts with us, display content and customer reviews.
  • File storage permissions on the Platform for uploading customer documents are obtained for the purpose of processing customer applications by our Partners.
  • to verify the your identity and credentials in order to determine the eligibility to facilitate the User’s KYC, to use the Platform and avail the Services,
  • to enable Us to comply with Our legal and regulatory obligations, to enforce Our Terms of Use, and to inform the User about Our offers, products, services, and updates.
  • As otherwise provided in this Privacy Policy and in compliance with the applicable laws.

Some features of this Platform or our Services will require you to furnish your personally identifiable information as provided by you under your account section on our Website.

By contacting Us and by providing Your phone number, contact details or any other details, you give us the unequivocal right to:

  • We may contact you through various communication channels, including but not limited to phone calls, emails, SMS, WhatsApp, mobile applications, in-app messages, push notifications, or any other lawful and appropriate means for purposes such as responding to your queries, requests, or grievances; providing customer support and service-related updates; delivering transactional, informational, or promotional content; conducting feedback or satisfaction surveys; or for any other legitimate and lawful purposes.
  • Contact You through phone or message notwithstanding the fact that You may have registered under the Telecom Regulatory Authority of India regulations as a fully blocked or a partially blocked customer. It is further clarified that We shall only make solicited phone calls or messages.
  • For GST Search: To process Your request and display publicly available GST information based on the details You submit.
  • For Digital Invoicing: To create, manage, and store Your invoice data (including client names, GST details, transaction amounts, and business inventory) on Our secure servers to enable the Service.
  • For Government Schemes Information: To understand Your business profile and preferences to provide relevant and customized scheme information.
  • Share the contact details provided by You with the service provider or agent or representative available on or through the Platform who may be in a position to sufficiently answer or respond to Your query, including but not limited to third party service providers.

We understand that Your contact details are important to You and We shall bind the service providers/agents/affiliates having access to Your information with the same level of protection as required under the applicable laws.

SHARING OF INFORMATION

We may share Your information with third parties, strictly to provide better Services to You. However, we are not responsible for any breach of security or for any actions of any third parties that receive Your personal information. Please note that by agreeing with the terms as laid out in this Privacy Policy, you also provide Your consent to:

  • Share Your information with Our third-party partners, including lenders, in order to conduct data analysis to serve You better and provide Services on/through Our Platform.
  • Disclose information provided by You with other technology partners to track how You interact with the Platform.
  • Disclose Your KYC journey or any data with respect to the same to the relevant regulatory authorities as a part of our statutory audit process. Please note that Your Aadhaar number shall never be disclosed.
  • Share/disclose Your personal information to the concerned third parties in connection with the Services; and with governmental authorities, quasi-governmental authorities, judicial authorities, and quasi-judicial authorities in accordance with applicable laws of India.
  • To contact You with various offers, and follow-ups.

STORAGE AND DELETION OF DATA

We store and process Your personal information on third party cloud servers and other cloud service providers. We use reasonable safeguards to preserve the integrity and ensure the security of Your information provided to Us against loss, theft, unauthorized access, disclosure, reproduction, use or amendment. We use reasonable security practices and procedures as mandated under the applicable laws for the protection of Your information. Information You provide to Us may be stored on Our secure servers located within India.
However, you understand and accept that there is no guarantee that data transmission over the internet will be completely secure and that any information that You transmit to Us is at Your own risk. We assume no liability for any disclosure of information due to errors in transmission, unauthorized third-party access to our website and databases or other acts of third parties or acts or omissions beyond our reasonable control. You shall not be entitled to hold IRIS MSME responsible for any such breach of security.
You may request the deletion of any data from our Platform at any time by submitting a formal written request to our Grievance Officer. Such requests must clearly specify the information to be deleted and provide the reasons for the deletion request. The full details of this process, including timelines, are outlined in the separate ‘Consent Withdrawal and Data Deletion Process’ document.
Notwithstanding anything to the contrary stated herein, please note the following specific scenarios where your deletion request may not be accepted:

  • Ongoing Services: In the event that you are currently availing any ongoing services from us. This includes having an active or outstanding loan obligation with our lending partner or if the deletion of data would render your digital invoicing or other IRIS MSME Services unusable or result in the loss of critical records (like generated invoices) required by law or contract.
  • Legal and Regulatory Requirements: If the information is required to be maintained in accordance with applicable laws and regulations, we may be obligated to retain certain data despite your deletion request. In such cases, non-mandatory data will be masked or anonymized immediately.

Subject to the provisions of this section, we will make reasonable efforts to delete your data upon receiving your written request. However, it is important to understand that following the deletion of your data, you may no longer be able to use our Services and Platform, as the necessary information required to provide these Services and Platform will no longer be available.
We shall not be liable for any consequences arising from the deletion of your data, including but not limited to the inability to access or use our Services and Platform. Your request for deletion will be processed in accordance with our internal policies and applicable laws.
Third Party Advertising
We may use third-party advertising companies and/or ad agencies to serve ads when the User visits the Platform. These companies may use information (excluding your name, address, email address, or telephone number) about your visits to the Platform in order to provide advertisements on the Platform and other third-party websites about goods and services that may be of interest to the User.
We use third-party service providers to serve ads on our behalf across the internet and sometimes on the Platform. They may collect anonymous information about your visits to Platform, and your interaction with our products and services. They may also use information about the User’s visits to the Platform for targeted advertisements for goods and services. This anonymous information is collected through the use of a pixel tag, which is industry standard technology used by most major Websites. No personally identifiable information is collected or used in this process.
Links to Other Websites:
There might be other sites relating to our Banking and Non Banking partners linked to the Company. Personal information that you provide to those sites is not our property or responsibility. These affiliated sites may have different privacy practices and we encourage you to read their privacy policies of these websites when you visit them. The Company holds no responsibility for the content of the privacy policies or terms of use etc. of these third-party websites.

CORPORATE EVENT

If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by IRISGST on the websites and the Service. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Data, and choices you may have regarding your Personal Data.

USER CONSENT

By using the Platform, availing the Services and/or by providing the personal information, the User consents to the collection, sharing, disclosure, and usage of the information in accordance with this Privacy Policy.
We reserve the right to change, modify, add, or remove portions of this Privacy Policy at any time for any reason. In case any changes are made in the Privacy Policy, we shall update the same on the Platform. Once posted, those changes are effective immediately, unless stated otherwise. We encourage you to periodically review this page for the latest information on our privacy practices. Continued access or use of the Services constitutes your acceptance of the changes and the amended Privacy Policy.

CONTACT US (GRIEVANCE REDRESSAL)

In case of any complaints pertaining to the Privacy Policy, you may submit Your grievances or feedback in writing or via email to our designated Grievance Officer:
Name: Mr. Santosh Sharma
Email: grievance@irismsme.com

The Company has appointed a Nodal Grievance Officer to redress customer grievances relating to any digital lending-related complaints. The name and contact details of the Nodal Grievance Officer are provided below:
Name: Mr. Raghin Nair
Email: nodalofficer@irismsme.com

GOVERNING LAW

The terms of this Privacy Policy shall be governed and construed in accordance with the laws of India. Any dispute regarding or arising out of this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in Mumbai.