Kotak e-Term Plan
Protect Your family’s financial future with Kotak e-Term Plan.
Kotak Assured Savings Plan
A plan that offer guaranteed returns and financial protection for your family.
Kotak Guaranteed Savings Plan
A plan that offers long term savings and insurance in one premium.
Insurance and investment in one plan with Kotak e-Invest.
Kotak Health Shield
Insurance against medical expenses related to heart, brain, liver and Cancer.
Kotak Mahindra Life Insurance Company Limited (KLI) is committed to protecting customer’s privacy and providing a secure experience on its website.
"Personal information" means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
“Sensitive Personal Data or Information” of a person means such personal information which consists of information relating to;— (i) password; (ii) financial information such as Bank account or credit card or debit card or other payment instrument details ; (111) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) Biometric information; (vii) any detail relating to the above clauses as provided to body corporate for providing service; and (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.
KLI may collect customer’s Personal Information, including Sensitive Personal Data or Information during the usage of KLI website and while availing KLI’s services on the website.
KLI may use customer’s Personal Information for the purpose of providing services and related activities, enhancing customer experience on its website, improve its website, promotion and marketing of its products and services, other communications and statistical analysis. Also, KLI may use such Personal Information for purposes permitted by law.
KLI may share customer’s Personal Information for the purpose of provision of services and related activities to the customer or for purposes permitted by law. Additionally, such personal Information may be shared in accordance with the customer’s consent provided to KLI from time to time through various modes.
KLI may disclose customer’s Personal Information to any of its associates and affiliates, without any limitation.
KLI may disclose customer’s Personal Information, to third parties, for the following purposes:
For the purpose of imparting various services to the customers, KLI collects identity information from the Aadhaar number holder, such as Aadhaar number/Virtual ID and demographic/biometric information, to conduct Aadhaar authentication with UIDAI.
1. Disclosure of information to Aadhaar number holder
a) At the time of authentication, the following information shall be provided to the Aadhaar number holder:
b) KLI shall ensure that the above stated information is provided to the Aadhaar number holder in local language as well.
2. Consent taken from Aadhaar number holder
a) Once the information pertaining to Aadhaar authentication is communicated to the Aadhaar number holder, KLI shall obtain consent from Aadhaar number holder in physical or electronic form.
b) KLI shall maintain logs or records of the consent obtained in the manner and form as specified by UIDAI for this purpose.
c) Aadhaar number holder may, at any time, revoke consent given to KLI for storing his e-K YC data or for sharing it with third parties, and upon such revocation, KLI shall delete the e-KYC data and cease any further sharing.
3. Data Processing
a) KLI shall use Aadhaar authentication facility only for the purpose that is informed and allowed by UIDATI.
b) The identity information shall not be used by KLI for any purpose other than that specified to the Aadhaar number holder at the time of submitting identity information for authentication.
c) The identity information shall not be disclosed further without the prior consent of the Aadhaar number holder.
4. Data Retention
a) KLI shall maintain logs of authentication transactions for a period of two years, during which period an Aadhaar number holder shall have the right to access such logs, in accordance with the procedure laid down for the same.
b) Subsequently, logs shall be archived for a period of five years or the number of years as required by the laws or regulations governing KLI, whichever is later, and upon expiry of the said period, the logs shall be deleted except those records required to be retained by a court or required to be retained for any pending disputes.
5. Grievance Redressal
a) KLI shall provide effective grievance handling mechanism via multiple channels such as website, call-center, mobile application, SMS, physical center etc.
b) KLI may share the authentication logs of an Aadhaar number holder with the concerned Aadhaar number holder upon his request or for grievance redressal and resolution of disputes or with the UIDAI for audit purposes.
6. Security Safeguards
a) KLI have been classified as local AUA by UIDAI and do not store Aadhaar number of its customers.
b) KLI shall ensure that authentication devices used to capture biometrics of Aadhaar number holder are STQC/UIDAI certified registered devices, which encrypt the biometric information at device level.
c) KLI shall ensure that the core biometric information collected from the Aadhaar number holder is not stored, shared or published for any purpose whatsoever, and no copy of the core biometric information is retained with it.
d) After collecting the Aadhaar number and necessary demographic and / or biometric information and/ or OTP from the Aadhaar number holder, KLI's client application shall immediately package and encrypt these input parameters into PID block before any transmission, as per the specifications laid down by the UIDAI, and shall send it to server of the requesting entity using secure protocols.
e) KLI shall store, with consent of the Aadhaar number holder, e-K YC data of an Aadhaar number holder, received upon e-K YC authentication, in encrypted form.
f) KLI shall maintain logs of the authentication transactions processed by it, containing the
following transaction details:
i. In case of Local AUAs where Aadhaar number is not returned by UIDAI and storage is not permitted, respective UID token shall be stored in place of Aadhaar number.
ii. Specified parameters of authentication request submitted iii. Specified parameters received as authentication response iv. The record of disclosure of information to the Aadhaar number holder at the time of authentication v. Record of consent of the Aadhaar number holder for authentication
g) KLI shall store the keys used for digital signing of request XML and for decrypting e-KYC response data received from UIDAI in HSM, in compliance with the circular released by UIDAT in this matter.
h) KLI shall ensure that the application used for Aadhaar authentication is audited by information system auditor(s) certified by STQC/CERT-IN and compliance audit report is submitted to UIDAI.
i) KLI shall ensure that the operations and systems are audited by information systems auditor certified by a recognized body on an annual basis, to ensure compliance with the UIDAI’s standards and specifications.
j) KLI shall conduct a background check and sign a confidentiality agreement/NDA with all personnel/agency handling Aadhaar related information.
k) Periodic information security trainings shall be conducted for all KLI personnel involved in Aadhaar related authentication services. The training shall include all relevant security guidelines per the UIDAI information security policy for Authentication, Aadhaar Act, 2016 and Aadhaar Regulations, 2016 and all circulars/notices published from time to time.
l) KLI shall not publish any personal identifiable data including Aadhaar in public domain/websites etc.
m) KLI shall have its servers used for Aadhaar authentication operations to be located within data centers located in India.
n) KLI shall ensure compliance to Aadhaar Act 2016 and its regulations, Aadhaar and Other Laws (Amendment) Act 2019 and various other circulars and notices released by UIDAI from time to time.
Customers are required to keep their Personal Information accurate and up to date. Security