Crif High Mark Credit Bureau Logo
  • Home
  • Privacy policy

Privacy policy

Last Updated Date: 24 September 2025

This Privacy Policy applies to your use of the website, hyperlinks, products, and services hosted at ‘www.crifhighmark.com’, operated by CRIF High Mark Credit Information Services Pvt. Ltd (hereinafter referred as CHM, We, Us and Our). The purpose of this Policy is to inform users how their personal data is collected, used, shared, and protected by CHM, in accordance with the Credit Information Companies (Regulation) Act, 2005 and its associated rules and regulations/ in accordance with contractual agreement with you. However, this privacy policy shall not apply to any third-party or affiliate services that the websites may use. In such situations, we recommend that you read the privacy policy available on such third party’s or affiliate’s website.

The capitalized terms used herein and not defined shall have the meaning set out in the General T&Cs of CHM.

Introduction

CHM is a credit information company in India and is engaged in providing credit information services in accordance with the Credit Information Companies (Regulation) Act, 2005 read with the Credit Information Companies Rules, 2006 and Credit Information Companies Regulations, 2006 (hereinafter together referred to as “CICRA”).

As permitted by CICRA, CHM is authorised to process personal information provided by Credit Institution(s) and Specified Users and adhere to the Privacy policies laid down under CICRA. Further, the information collected is also used to improve our services to you and/ or fulfil obligations/ functions under the applicable laws including CICRA/ contractual arrangements with you. The Credit Institution(s)/ Specified Users are required to become Members and are thus permitted to use the services provided by CHM and contribute Data to the CHM databases.

Our Privacy policy explains:

  • What personal information do we collect and why?
  • How do we use your personal information?
  • Retention period of personal information
  • Security safeguards to protect your personal information
  • Sharing your personal information with third parties
  • Children’s personal information
  • Policy updates
  • Addressing your concerns about your personal information
  • Governing Law

1. What personal information do we collect and why?

During your use of our website, CHM may collect the following types of information depending on your activities on the website:

  • Personal Data: Shall mean any data about an individual who is identifiable by or in relation to such data, which is including but not limited to first and last name, residential address, billing address, email addresses, telephone numbers, identity information (e.g., PAN, Voters ID, Passport, Driving License, Ration card), additional information (e.g., date of birth, gender, names of related parties like father’s name, spouse’s name, etc.).
  • Business Organization Identifiable Information: Information related to business entities may also be collected when necessary. The details of the business organization and its related individual(s) –

    o Organization Details -

    • IDs for example PAN, CIN
    • Mobile Number or Telephone Number
    • Address
    • Scanned copies of the KYC documents

    o Related Individual (authorized to fetch the organization’s credit report) -

    • PAN
    • Scanned copy of PAN
    • Scanned copy of Employee ID card or document
    • Scanned copy of Authorization Letter by the organization to the related individual to access the company’s credit report

CHM collects the above information for the below mentioned purposes:

Service Personal Data Purpose
Login or View Free CRIF Credit Report

Name, ID type (PAN, Voters ID, Passport, Driving License, Ration card), ID value (number of a government issued identity card), mobile number, email ID.

This information is used to verify your identity and enable you to access your requested credit report.

We shall use your mobile number and email ID for OTP-based authentication to send your credit reports.
Subscription Request for Personal Credit Score

Name, ID type (PAN, Voters ID, Passport, Driving License, Ration card), ID value (number of a government issued identity card), mobile number, email ID, billing address including PIN Code.

This information is used to verify your identity and enable you to access your requested credit report.

We may use your documents to further verify your identity before enabling you to access your or your organization’s credit report.

We may use your mobile number for OTP-based authentication.

We may also use your email ID or mobile number to send you your credit reports or alerts related to your product subscriptions.
Raise a dispute

Name, Date of Birth, ID type (PAN, Voters ID, Passport, Driving License, Ration card), ID value (number of a government issued identity card), mobile number, email ID, Current and Past Addresses, Bank Account Numbers

This information is used to enable you to access your requested credit report.

Post access, you will be able to raise a dispute.
Contact Us

Name, email, phone number, role, and company name.

This information is used to assess the nature of your request and share it with our relevant internal teams for further processing and communication.

Your Data may be collected through any of the following:

When provided by a Member Credit Institution(s) as per the CICRA Framework, the data is collected only to the extent required to process your request and verify your identity with a view to improve our services to you and/ or fulfil obligations/ functions under the applicable laws including CICRA / contractual arrangements with you.

CHM will use the information you provide solely for the purpose for which it was collected.

  • For processing transactions and verifying your identity
  • In compliance with the Credit Information Companies Regulations Act, 2005, and its amendments.
  • To fulfil obligations/ functions under the applicable laws including CICRA and applicable RBI Guidelines.

CHM will not release/ divulge your Personal Data to third parties except as required by Government, Regulators, Law enforcement, or a Court order, such as in response to civil or criminal summons/ subpoenas, or other requests by law enforcement personnel.

2. How do we use your personal information?

The credit information collected by CHM (through its Members as per CICRA) is processed to provide credit information related services to you or our clients and Members, in accordance with applicable laws. The data collected by the bureau can be accessed by the following parties:

1. Members

CHM provides Credit Information only to its Members and such other entities as may be permitted under CICRA and CHM ensures to have executed legal agreement for rendering such Credit Information Services in compliance with CICRA. CHM shares such data solely to support the permitted functions of a credit information company and the permissible uses of Credit Information as governed by the provisions of CICRA, is expressly written and agreed upon in the agreements that CHM executed with its Member Credit Institution(s).

Apart from its Members credit institutions, CHM may also be required to share the Personal Data with its third-party contractors who provide CHM with bulk communication services such as email and SMS, to comply adherence with CICRA and directions and guidelines issued by Regulator from time to time. In such cases, CHM ensures that all Data recipients comply with confidentiality, fidelity and secrecy obligations and sign covenants in this regard.

2. Consumers

Consumers can obtain their credit information by submitting a request in accordance with CHM’s policies and procedures, either free of charge or upon payment of the applicable fees, as per the nature of the request.

Consumers can raise a dispute to require CHM to update their credit information, whether by way of correction, addition or otherwise and revise erroneous, misleading, outdated or incomplete data, a Consumer may raise a dispute to update the information, whether by making an appropriate correction, or addition or otherwise, and on such request CHM shall take appropriate steps to update the Credit Information within 30 (thirty) days from the date of such request, subject to support and approval from respective Credit Institution.

Consumers may also provide consent to certain entities which are not categorized as Specified Users under CICRA (NSU’s) with a view to provide credit information to such NSU entity for the end use purposes as agreed between the Consumers and NSU, which shall be subject to certain requirements as set out under the Master Direction – Reserve Bank of India (Credit Information Reporting) Directions, 2025 dated January 6, 2025 (“RBI Guidelines”) or as may amended from time to time. Accordingly, CHM, being a credit information company, is permitted to provide credit information to NSUs (acting as agents of the Consumers) based on the consent of Consumers.

3. Regulators

CHM may also be directed to share Credit Information/ Data in certain cases where it is required to be disclosed under applicable law or by a court of competent jurisdiction or by any regulatory body considering matters relating to such Credit Information/ Data. The Data collected and collated by CHM as detailed previously can be processed strictly only as per the provisions of CICRA which restricts and specifies the permitted functions of a credit information company, the form of business in which a credit information company may engage and the permissible uses of Credit Information.

CHM does not sell personal information collected from its Members or Consumers or use personal information for any other purposes than those stated under the CICRA.

3. Retention period of personal information

We will not retain personal information that we have collected for a duration longer than is required for the purposes for which the information was collected to be used or is otherwise required to be retained under any applicable law for the time being in force. As per the provisions of CICRA, we are required to retain credit information and Personal data, for a minimum period of 7 (seven) years from the date of collection.

4. Security safeguards to protect your personal information.

CHM understands the confidentiality of personal information contained in credit reports and safeguards the privacy of all information you provide to this website. To ensure that your credit information remains secure and confidential, CHM uses SSL technology to encrypt the data you provide on this website before transmission to our systems. Encryption is a way of coding the information in a file such that if it is intercepted by a third-party as it travels over a network, it cannot be read. Only the person or persons that have the right type of decoding software can unscramble the message. Thus, only CHM system or its authorized representatives can read your encrypted information.

Additionally, CHM have security protocols and measures in place to protect from unauthorized access or alteration, the personally identifiable information, business organization identifiable information and other information CHM maintains about you.

You also have a role in protecting the security of information about you. For example, you should guard your password and not permit unauthorized use of your credentials. Additionally, to protect your personal privacy or business organisation information, you should close the browser when you have finished viewing your information.

5. Sharing your personal information with third parties

We might share your personal information, in certain circumstances, with third parties including financial institutions, etc., to fulfil the services that you may request through our websites from time to time.

Our Privacy Policy does not extend to external/ third party websites, and we encourage you to please refer to the privacy policies of such third parties. Please note that links to third party websites do not imply endorsement or approval of the sites by CHM and we cannot accept responsibility for the privacy practices of any websites not controlled by us.

To the extent permissible under applicable laws, we might share your personal information including financial information, to meet our legal obligations such as responding to a lawful request from regulatory authorities, courts or tribunals, or other law enforcement agencies. Further, we might share the concerned personal information with our advisors such as law firms and audit firms while responding to such authorities.

Additionally, we may disclose credit information that we receive pursuant to the provisions of CICRA only to the extent such disclosure is permitted under CICRA. All CHM employees who deal with or have the privilege to access data, information and credit information on need-to-know basis shall be required to comply with confidentiality, fidelity and secrecy obligations and sign corresponding covenants in this regard at all times during such access.

6. Children’s personal information

The Website is not intended or designed to attract or be otherwise used by children under the age of 18 years. By using the Website, you confirm that you are either 18 years of age or more, or an emancipated minor, or possess legal parental or guardian consent, and are fully able and competent to enter into, comply with and be bound by the terms, conditions, obligations, affirmations, representations, and warranties set forth in this Privacy Policy.

Children under 18 years of age should not submit any personal information to us without the express permission of their parent or legal guardian. If you believe that your child has submitted personal information and you would like to request that their information, be removed from our systems, please reach out to Data Protection Officer. We will make reasonable efforts to comply with your request.

7. Policy updates

This online Privacy Policy applies to the website of CHM.

CHM reserves the right, at its discretion, to change this online Privacy Policy at any time without prior notice. The caption "Last Updated" at the top of this policy document indicates the date on which the most recent updates were made to this document. Any changes to this policy will become effective upon posting of the revised content on this site. Your use of the site following these changes means that you accept the revised policy. Please check the policy each time you use this website for the most current information.

8. Addressing your concerns about your personal information

Any requests, questions, clarifications, or grievances with respect to this Policy can be sent to our Data Protection Officer at:

Name:
Mr. Deepak Rana, Data Protection Officer

Postal address:
Smartworks, 43EQ, 7th Floor, S. No 44 H. No 8/1 (P),
Plot A, Off Bharati Vidyapeeth School,
Balewadi, Pune, Maharashtra-411045.

Email address: dpo@crifhighmark.com

If you have a dispute regarding your credit report, please reach out to our Customer Service Team for assistance.

Helpline number: 020 – 67157700 (from Monday to Friday, except holidays between 10 am to 6 pm)

All grievances shall be redressed in an expeditious manner. Subject to complete details in relation to the grievance being provided, the Data Protection Officer shall redress all grievances in a timely manner.

9. Governing Law

This Privacy Statement is governed by the laws of India. Any action, suit, or other legal proceeding, which is commenced to resolve any matter arising under or relating to this website policy, shall be subject to the exclusive jurisdiction of the courts at Mumbai, India.

You hereby acknowledge of having read and accepted the terms of the Privacy Policy by use of this Website and/or otherwise by virtue of expressly consenting to provide us with your personal information.