Search Apply for loan

Privacy Policy

Capital One Financial Services

  1. To Communicate with You: We may use your information to respond to your inquiries, provide customer service support, send you important information about the services, and send you marketing communications (with your consent) via different channels, including but not limited to SMS, Email, WhatsApp, and Voice

This privacy policy sets out how How Capital One Financial Services uses and protects any information that you give while you use this website. We are committed to ensuring that your privacy is protected. All the information collected from you is subject to this Privacy policy 2026.

Information We Collect

Contact Information

We might collect your name, email, mobile number, phone number, street, city, state, pin code, country, and Employee ID Details.

How The Information Is Collected

We collect the information you post in a public space on our website or on a third-party social media site belonging to us.

Purpose Of Collecting Data

The information what we collect from you will be for the purpose of providing services, communication or support and marketing or notifications.

Data Sharing

The data which is collected from the customer will not be shared to any other third parties like SMS/Email Providers, Payment Gateways or Government Authorities. It will be stored with us in a safe and secured way and will be used only for purpose of banking loan services.

Data Protection and Security

Our company protects customers data with high qualified security measurements and steps in securing it through not sharing in public groups, other digital media, third parties, unauthorised services agencies and other individuals.

User Rights

The Reserve Bank of India (RBI) enshrines five core rights for all banking customers:

  • Right to Fair Treatment: Lenders cannot discriminate based on gender, age, religion, or physical ability, though they may offer specialized products for groups like senior citizens.
  • Right to Transparency: Websites must provide a Key Fact Statement (KFS) before a loan is sanctioned, detailing all fees, interest rates, and the Annual Percentage Rate (APR).
  • Right to Suitability: Consultants and banks are prohibited from “mis-selling” products that do not match your financial needs.
  • Right to Privacy: Personal data must be kept confidential. Banks cannot share your information with telemarketers without explicit, separate consent.
  • Right to Grievance Redress: You have the right to a clear path for complaints. If a bank does not resolve your issue within 30 days, you can approach.

Cookies Policy

A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyze web traffic or lets you know when you visit a particular site.

Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes, and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyze data about webpage traffic and improve our website in order to tailor it to patients’ needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Policy Update

We reserve the right to modify any or all the terms of this policy at any time. You are advised to visit this page from time to time to review the then-current terms.

Data Retention

Banking loan consultancies typically store client data for a minimum of five to ten years after the end of the business relationship or the last transaction, in accordance with legal and regulatory requirements such as the Prevention of Money Laundering Act (PMLA) and Reserve Bank of India (RBI) guidelines.

The specific retention period can vary depending on the type of document and local regulations:

  • Customer Identification Records (KYC): Information and documents related to a customer's identity and address are generally preserved for at least five years after the business relationship has ended.
  • Transaction Records: Records of all transactions are typically maintained for a minimum of ten years from the date of the last transaction or after the loan is repaid in full.
  • Audit and Compliance Logs: These records and related data must often be maintained for at least ten years to allow for regulatory audits, investigations, and legal disputes.
  • Legal Proceedings: If data is relevant to ongoing litigation, fraud investigation, or legal action, it must be preserved until all issues are conclusively decided, even if this exceeds the standard retention period.

Firms are required to have a clear data retention policy approved by their board of directors and must securely dispose of data once the required retention period has passed. For specific information on a particular consultancy's policy, it is best to contact the firm directly.

Legal Compliance

India's IT compliance is shifting from the older IT Act, 2000, to the new Digital Personal Data Protection Act (DPDP Act), 2023, its comprehensive data law, replacing piecemeal rules, while the EU's GDPR still applies to Indian companies processing EU data, requiring dual compliance for many.

India's Legal Framework

  • Information Technology Act, 2000 (IT Act): The foundational law for cyber activities, covering electronic records and security, with Section 43A addressing negligent data handling and compensation.
  • DPDP Act, 2023: India's landmark law, replacing the IT Act's data rules, focusing on digital personal data, establishing rights for Data Principals (individuals) and obligations for Data Fiduciaries (companies).
  • DPDP Rules, 2025: These rules operationalize the DPDP Act, detailing phased implementation with requirements for consent managers, breach reporting (72 hours), and Data Protection Impact Assessments (DPIAs) for large entities.

GDPR vs. India's DPDP Act

  • Scope: GDPR applies if you offer goods/services to or monitor EU residents; DPDP Act applies to digital personal data within India.
  • Key Differences: DPDP Act introduces the Data Protection Board of India, has different penalty structures (up to INR 250 crores), and establishes Consent Managers.

Key Compliance Requirements

  • Consent: Obtaining clear, express consent for data processing.
  • Data Breach Reporting: Reporting of breaches within 72 hours to the Board and affected individuals.
  • Data Protection Officers (DPOs): Required for Significant Data Fiduciaries.
  • Data Protection Impact Assessments (DPIAs): Required for high-risk processing.
  • Cross-Border Transfers: Rules are being defined but impact international data flow.

Applicability to Indian Companies

  • DPDP Act: Mandatory for all entities processing digital personal data in India.
  • GDPR: Mandatory if your Indian business targets EU/UK markets or processes data for EU clients.

In essence, Indian companies must navigate both the newly enforced DPDP Act for domestic data and the established GDPR for their international data operations, requiring robust IT compliance strategies.

Contact Information

To contact our company regarding private or sensitive questions, use the official contact methods specified on the company's website or in its privacy policy, as these channels are designed to be secure and compliant with data protection laws.

back top