...

Citizens Charter

Introduction to Cookiejar Technologies Private Limited (Finvu Account Aggregator)

RBI, along with other Financial Services Regulators - SEBI, IRDA and PFRDA - have created this framework for the financial services industry. Current framework recognizes three main bodies in the ecosystem - Account Aggregators (AA), Financial Information Providers (FIP) and Financial Information Users (FIU). In this framework, an Account Aggregator (AA) acts as a Consent Manager to enable sharing of financial data across regulated financial entities, besides obtaining customer consent.

RBI introduced a new category of NBFC called – NBFC Account Aggregator in Sep 2016, the guidelines have been published at: https://rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=10598

Cookiejar Technologies Private Limited (hereinafter referred as Finvu AA), is registered with RBI to provide Account Aggregator Services.

It provides an account aggregator application under the name Finvu AA (hereinafter referred as AA Application).

AA Application helps its end users to retrieve, consolidate, and deliver its financial information and share it with a third party based on the explicit consent of the user in a secure and encrypted manner.

Finvu AA is a secure platform to provide your consent to share sensitive financial data under the RBI approved Account Aggregator framework. The app aims at empowering you with control over how, when and with whom your data is shared. This app also helps you in managing your consents on the Finvu AA Platform.

Disclaimer & Application of Charter

Information given in this Citizen's Charter is subject to change / revision. This document is limited to Finvu AA. This document should not be considered as a legal document creating rights and obligations. It is for promoting better understanding between Customer and Finvu AA. Only key information on various services / facilities is given in this document. Each service has its own detailed terms and conditions, which is made available on request.

The Citizen's Charter is not legally enforceable and, therefore, is non-justiciable. However, it is a tool for facilitating the delivery of services to citizens with specified standards, quality, and time frame, etc., with commitments from the organization and its clients, and in furtherance of the same this Charter applies to all products and services of Finvu AA as listed below.

The various commitments and timelines spelt out in the Citizen's Charter are subject to fulfilment of the requirements of the RBI's Master Directions and various circulars or communications regarding the Account Aggregator services and where there is a conflict between the Charter and the current instructions of RBI, RBI's instructions would prevail.

Definitions

In this Citizen Charter unless the context otherwise requires,

(i) “AA Master Directions” means Master Direction- Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016 (DNBR.PD.009/03.10.119/2016-17) as modified or updated time to time.

(ii) “Account Aggregator”means Cookiejar Technologies Private Limited (Finvu AA)

(iii) “Bank” means a banking company; or a corresponding new bank; or the State Bank of India; or a subsidiary bank; or such other bank which the RBI may, by notification, specify for the purposes of the AA Master Directions; and a co-operative bank as defined under clause (cci) of section 5 read with section 56 of the Banking Regulation Act, 1949 (10 of 1949)

(iv) “Business of an account aggregator” means the business of providing under a contract, the service of, retrieving or collecting such financial information pertaining to its Customer, as may be specified by the RBI from time to time; and consolidating, organizing, and presenting such information to the Customer or any other Financial Information User as may be specified by the RBI.

(v) “Customer” means a ‘person' who has entered into a contractual arrangement with the Account Aggregator to avail services provided by the Account Aggregator.

(vi) “Financial Information” s means information in respect of the following with Financial Information Providers:

(a) Bank deposits including fixed deposit accounts, savings deposit accounts, recurring deposit accounts and current deposit accounts

(b) Deposits with NBFCs

(c) Structured Investment Product (SIP)

(d) Commercial Paper (CP)

(e) Certificates of Deposit (CD)

(f) Government Securities (Tradable)

(g) Equity Shares

(h) Bonds

(i) Debtentures

(j) Mutual Fund Units

(k) Exchange Trade Funds

(l)Indian Depository Receipts

(m) CIS (Collective Investment Schemes) units

(n) Alternate Investment Funds (AIF) units

(o) Insurance Policies

(p) Balances under the National Pension System (NPS)

(q) Units of Infrastructure Investment Trusts

(r) Units of Real Estate Investment Trusts

(s) Goods and Services Tax (GST) Returns, viz. Form GSTR-1 and Form GSTR-3B

(t) Any other information as may be specified by the Bank for the purposes of AA Master Directions, from time to time.

Financial Information Providers” or "FIP" means bank, non-banking financial company, asset Management Company, depository, depository participant, insurance company, insurance repository, pension funds, Goods and Services Tax Network (GSTN) and such other entity as may be identified by the RBI for the purposes of the AA Master Directions, from time to time.

Financial Information Users” or "FIU" means all the entity registered / regulated by any financial sector regulator

Person” means an individual, a Hindu undivided family, a company, a firm, association of persons or a body of individuals, whether incorporated or not, and every artificial juridical person, not falling within any of the preceding sub-clauses.

RBI” means Reserve Bank of India.

Service Standards

Business of Account Aggregator will be entirely Information Technology (IT) driven Finvu AA is committed to fulfil requirements of its Customers, hence, Finvu AA commits to deploy all the required IT infrastructure in place which is necessary and required for provision of services of account aggregator.

Where manual intervention may be required, such as handling customer on boarding in case of non-individuals OR any customer grievances, Finvu AA would strive to revert to customer queries and carry out the processes normally within one working day OR as per the Grievance redressal mechanism provided in Grievance Redressal Policy of Finvu AA.

Our Commitments to Customer

Finvu AA is committed to:

  • Act courteously, fairly, and reasonably in all our dealings with Customer; Communicate the Financial Information on "As is" or "As Available Basis", and hence will be data blind i.e., it will not store any Financial Information of Customer.
  • Ensure that documents and procedures are clear and not misleading, and Customer are given clear information about the products and services of Finvu AA;
  • Render services of account aggregator to Customer on the explicit consent;
  • Any Information of Customer shall be shared only with him/her, or any other Financial Information User authorised by him/ her;
  • Provide an enabling IT platform for data exchange with consent between Customer and FIU where FIP is the custodian of the Financial Information.
  • Communicate the Financial Information on "As is" or "As Available Basis", and hence will be data blind i.e., it will not store any Financial Information of Customer.
  • Keep pricing policy of Services to Customer fair and transparent;
  • Strictly comply with the internal guidelines and AA Master Direction.
  • Treat all personal information as private and confidential; and operate secure and reliable IT framework; and
  • Publicize our Citizens Charter have copies available and make sure that staff are trained to put it into practice.

Our Commitments to Financial Information User

Finvu AA is committed to:

  • Act courteously, fairly, and reasonably in all our dealings with FIU;
  • Ensure that documents and procedures are clear and not misleading, and FIU are given clear information about the products and services of Finvu AA;
  • Any Information of Customer shall be shared only with him/her, or Financial Information User authorised by him/ her;
  • Provide an enabling IT platform for data exchange with consent between Customer and FIU where FIP is the custodian of the Financial Information.
  • Transfer the Financial Information on "As is" or "As Available Basis", and hence will be data blind i.e., it will not store any Financial Information of Customer shared with the FIU.
  • All responses of the Financial Information Provider shall be in real time.
  • Financial Information received by the FIU is transmitted in encrypted form by the FIP and financial details and current position of the Customer is as provided by the FIP.

Consent Architecture

The consent of the Customer obtained by the Account Aggregator (Finvu AA) shall be a standardised consent artefact in compliance with AA Master Directions. It will contain the following details, namely: -

  • Identity of the Customer and optional contact information;
  • The nature of the Financial Information requested;
  • Purpose of collecting such information;
  • The identity of the recipients of the information, if any;
  • URL or other address to which notification needs to be sent every time the consent artefact is used to access information.
  • Consent creation date, expiry date, identity, and signature/ digital signature of the Account Aggregator; and
  • Any other attribute as may be prescribed by the RBI.

Upon revocation of Consent, the Financial Information Provider will be notified in real time. Further information sharing will be upon a fresh consent artefact.

Expectation from Customer

Customers shall:

(a) You represent and warrant that all information that is provided through or in relation to the Services is complete, true, and correct on the date of agreeing to these Terms and shall continue to be complete, true, and correct while you avail the Services. Should any information that you provide change during the existence of these Terms, you undertake to immediately bring such change to our notice and update the same through your Profile promptly. You acknowledge that we exercise no control over the content of the information transmitted by you through the Platform. We do not accept any responsibility or liability for any loss or damage that you may suffer or incur if any information, documentation, material, or data provided to avail the Services is incorrect, incomplete, inaccurate, or misleading, or if you fail to disclose any material fact.review the details of all requests that they receive from FIUs through Finvu AA to transfer data from FIPs to such FIU in order to verify the nature and quantum of data requested, the purpose for which such data is being collected and the duration for which it will be retained by the FIU;

(b) only provide their consent after having duly verifying the details of the request to transfer data and any consent so provided shall be binding on the Customer;

(c) be responsible for the confidentiality, safekeeping, and security of their account details, including but not limited to, login and other credentials, required to access and use their account on the AA ecosystem;

(d) be solely responsible for all communications exchanged between Customer and Finvu AA through the AA Ecosystem and/or any transaction or activity conducted, or purported to be conducted with the AA;

(e) duly discharge payment obligations as arise on account of use of the services, and

(f) notify Finvu immediately if there is any unauthorised access to or use of their accounts.

Rights of Customer

The Customer shall, have the right to:

  • be informed by Finvu AA all the attributes specified in the consent artefact in relation to any consent sought to be obtained from such Customer for the transfer of data from FIPs to the FIU through Finvu AA and/or for transfer of data on Customer's own request from FIPs to Customers through Finvu AA, as the case may be;
  • Be informed of all the information received in consent as per above mentioned consent artefact architecture.
  • To approve OR reject consent request received.
  • to access a record of all the consents provided, the details of the subsequent data flows and the FIUs with whom the corresponding data has been shared for such period of time as specified under applicable laws from time to time;
  • to any time revoke any consent that has been provided to an FIU; and
  • To deregister from Finvu AA at any time by following a simple process that allows the Customer to delink all connected accounts, revoke all active consents, and download the consent and transaction history.
  • to raise a grievance with the Grievance Resolution Officer of the Finvu AA in accordance with Grievance Redressal Policy of Account Aggregator;
  • To escalate grievance with relevant authorities in case of non-redressal within prescribed time limit mentioned in grievance redressal mechanism.

Sharing of financial information

  • Account Aggregator should only share the data to a FIU from FIP based on the valid consent artefact
  • FIP, upon being presented the consent artefact shall verify: (a)Validity of consent; (b) Specified dates and usage; and (c) The credentials of the Account Aggregator through appropriate means.
  • FIP, upon successful verification, shall digitally sign the financial information and securely forward the information in encrypted form to the Account Aggregator as per terms contained in the consent artefact.

Data Security

  • Finvu AA will take appropriate steps to protect the information shared by the Customer. It has in place technology and security features and strict policy guidelines to safeguard the privacy of Financial Information from unauthorized access and improper use or disclosure.
  • Finvu AA is committed to keep its security procedures updated and complaint with applicable regulations.
  • Adequate safeguards in the IT systems shall be adopted to ensure that the information provided and stored is protected against unauthorised access, alteration, destruction, disclosure or dissemination of records and data.
  • Appropriate measures shall be taken to prevent loss of data due to disasters or any such natural calamities, and thereby strive to adopt an effective Disaster Risk Management/Business Continuity plan.
  • Information System Audit of the internal systems and processes shall be in place and shall be conducted at least once every two years by CISA certified external auditors. Report generated by the said external auditor shall be submitted to the Regional Office of the Department of Non-Banking Supervision of the Bank, within one month of submission of the report by the external auditor.

Our Grievance Redressal Mechanism

We believe while involving into various systems, processes and involves human handling it is possible few of issues may occur and should be handle with proper redressal mechanism to ensure accurate resolution in timely manner. Customer can access our Grievance Redressal Policy at https://finvu.in/grievance

Grievance Process:

Customer shall raise the AA related Grievances on support@cookiejar.co.in by providing below details. The issues shall resolve within 14 working days.

  • VUAID
  • Contact No
  • Issue Description

Important Note:

As per RBI guidelines mentioned in master direction (DNBR.PD.009/03.10.119/2016-17) for NBFC Account Aggregator complaints if any, should be raise within 30 days from the occurrence. Any complaints received after 30 days of occurrence will be taken in good faith and best effort basis.

In case complaint raised on aforesaid email id does not get resolved within 14 days, customer can contact our grievance officer. Grievance officer details are as follows:

Email Address: grievance@cookiejar.co.in

Name: Rucha Ghude

Customer can also raise complaint via sending complaint letter to our corporate address addressing to below details:

  • Grievance Redressal Officer
  • Cookiejar Technologies Private Limited.
  • WeWork Raheja Woods,
  • 3rd floor,
  • next to Talera Park Society, Kalyani Nagar, Pune, Maharashtra, India, 411006