Privacy policy

ALPHERA Financial Services India.

Website Privacy Policy.

1. Introduction
Data Privacy is a fundamental principle within a modern society. Data privacy is not - unlike the term may first suggest - all about data, but about the people, of whom information (data) is processed. Data privacy is a fundamental right, which refers to the protection of the personal rights of natural, living people. Every person should have the opportunity to decide, who gets which information about him on which occasion (informational self-determination).
BMW India Financial Services Private Limited (“Company”) has created this Policy to demonstrate its commitment towards The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information), Rules, 2011 (“Rules”) and also towards the Company’s global policy for Data privacy and protection.

The Company recognizes the importance of "Personal Information" including "Sensitive Personal Information" provided by natural persons, under lawful contract. The Company intends to take reasonable measures to keep such information confidential and may share it with its affiliates and third parties under appropriate arrangements and under the applicable laws and policies.

This Policy has been approved by the Board of Directors in its meeting held on February 3, 2015 and is effective therefrom.
2. Definition

2.1 "Personal Data" means any information concerning the personal or material circumstances of an identified or identifiable individual, e.g. name, address, bank details etc. It can be with reference to employees, customers, suppliers, shareholders, etc.

A person is considered to be identifiable if they can be identified directly or indirectly.

2.2 Employees are identified or identifiable persons, who are employed by the Company including partners associated with the Company.

2.3 "Customers" are identified or identifiable natural persons, who show the Company that they have an obvious interest in concluding a contract for the purpose of acquiring a product or a service or, as the case may be, that they are the recipient of a product or service provided by the Company.

2.4 "Processing" is any operation or set of connected operations performed using the Personal Data, whether with or without the help of automatic means. This includes collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

2.5 "Rendering Anonymous" means the alteration of Personal Data so that the details about personal or material circumstances can no longer be matched to an identified or identifiable natural person or could be so matched only by expending a disproportionate amount of time, expense and effort.

2.6 “Pseudonymising” means replacing identifying features by a code in order to make identification of the Data Subject impossible or considerably more difficult.
2.7 "Sensitive Personal Data", for the purposes of this Policy, refers to such personal information about a natural person, which consists of information relating to:

a) Password;
b) Financial information such as Bank account or credit card or debit card or other payment instrument details;
c) Physical, physiological and mental health condition;
d) Sexual orientation;
e) Medical records and history;
f) Biometric information;
g) Any detail relating to the above clauses as provided to us for providing services; and
h) Any of the information received under any of the above clauses by us for processing, storing or processing under lawful contract or otherwise.

Any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as Sensitive Personal Information for the purposes of this Policy.
2.8 "Provider” for the purpose of this Policy, refers to a natural person or individual who, provides Personal Information or Sensitive Personal data or information, directly under lawful contract to the Company.
3. Purpose and usage
Provider’s Personal Information/ Sensitive Personal Data is collected and used /processed for lawful, legitimate, contractual and administrative purposes of the Company.

Generally the Personal Information/Sensitive Personal Data collected pertains to the Provider that may be used for the purposes such as administration and facilitation of relationship with customers, employees, suppliers etc. for internal operational purposes, for marketing surveys and customer research and feedback, warranty services, to update with information about the Company and the products and services, to provide information about special offers, from time to time and to satisfy the legal and regulatory obligations.

The Personal Information/Sensitive Personal Data collected pertaining to the staff/employee may be used for human resource management, technology support/updates, management planning, administration and management of the internal processes, services and operations to enable it to perform its proper functions and to satisfy the legal and regulatory obligations.

The Personal Information/Sensitive Personal Data (as per Rules) can be collected /or retained either directly by the Company or through an affiliate or third party, as per the procedure prescribed by Rules.

4. Disclosure to Third Parties

The Personal Information/Sensitive Personal Data collected would only be used, processed and/or shared within the affiliates and/or group companies, authorized BMW and MINI dealers and other authorized business partners.
The Company would not disclose any Personal Information/Sensitive Personal Data to any external organization unless it has the consent of the provider, or are required by law or have previously informed the Provider.
Notwithstanding anything in Article 4 to the contrary, if the Company is, in the opinion that it is required by applicable law or government authority, to disclose any Personal Information/Sensitive Personal Data to any Person, then it may disclose such information only to the extent so required.
5. Security practices and procedures
The Company has in place a security system, to ensure that the personal information is protected from unauthorised access, use, disclosure or alteration by anyone including the employees of the Company.
The Company undetakes a number of security measures to maintain the safety of the Provider’s personal information, which include the use of: physical secure data centres and premises; internal security policies and procedures; defined internal segregation of duties; and electronic access controls such as passwords and encryption technology. Our Information Security Management System follows international standard ISO 27001.”

Security Practices:

- Data economy – Access to personal data is granted only to personnel on need to know basis. Redundant data may not be stored and personal data from concerned Department shall not be exported to other applications unless absolutely necessary. Where it is not necessary to know the identity of the Data Subject there the personal data shall be processed in pseudonymised form or a form that has been rendered anonymous.

- Purpose Limitation – Data collected for a particular purpose shall be used for that purpose only and shall not be used for any other purpose without the consent of the Data Subject or other legal permission.

- Deleting/Archiving Data - Once the purpose of the processing of Personal Data is fulfilled then such Data must immediately be deleted or, as the case may be, access thereto blocked in compliance with the obligations to retain records prescribed by law or agreed within the company. This obligation to delete data does not apply to data that has been rendered anonymous. In exceptional cases where required such information shall be dealt with on case to case basis of the concerned Department and as per applicable laws.

6. No Obligation to provide personal information
The Provider is under no obligation to provide any personal information requested by the Company and a Provider can withhold any personal information as he/she may choose, but in such a case the Company may not be able to provide all products and services as this will depend on the kind of information withheld.

The Provider can opt-out at any time online by accessing the unsubscribe form. A minimum period of ten business days is required to process the requests..

The Provider may review the Personal Information/Sensitive Personal Data provided to the Company for the purpose of ensuring that the said information is accurate. The Company shall not be responsible for the authenticity of the information supplied to the Company or to any person acting on behalf of the Company.
Contact Us
The Company strives to maintain the Provider’s personal information on the records as accurately and updated as reasonably possible. On request, the details on record, the purpose for which it is used, and to whom has it been disclosed can be provided. Access to personal information in the possession of the Company shall be subject to certain exceptions and reasonable costs.
If the personal information that the Company hold about the Provider is incorrect or changed then the Provider can notify the Company of such changes. Additionally any discrepancy or grievance of the Provider of information with regard to processing of information can be addressed to the following contact (Grievance Officer) as below:

Mr. Vikas Arora
BMW India Financial Services Private Limited.
The Oberoi Corporate Tower
Building No. 11, 1st Floor, DLF Cyber City, Phase 2
Gurugram 122002, Haryana, India
1800 102 2269 (Toll Free)

In case of any doubt with regard to any provision of the policy and also in respect of matters not covered herein, a reference to be made to the Board of Directors. In all such matters, the decision of the Board of Directors shall be final.

Any or all provisions of this Policy would be subject to revision/amendment amendments by the Board of Directors of the Company and rules and regulations as may be prescribed by the Central Government, from time to time.

The Company reserves the right to modify, cancel, add, or amend any of these Rules.


Home Site Map Privacy Policy / Imprint