NSDL Database Management Limited - Privacy Policy

With a view to bring uniformity in the KYC requirements in the securities markets, SEBI has initiated usage of uniform KYC by all SEBI registered intermediaries. SEBI has also issued the SEBI {KYC (Know Your Client) Registration Agency (KRA)}, Regulations, 2011. These Regulations create the framework for registration of KYC data and documents of clients with a third party agency i.e. KYC Registration Agency (KRA). KRA will provide facilities for recording this information and making it available to SEBI Registered Intermediaries for verification and use. NDML has been granted certificate of registration by SEBI to act as a KYC Registration Agency (KRA) under the KYC (Know Your Client) Registration Agency Regulations, 2011.

Information Collection and Usage

The client who is desirous to trade/invest/deal through a SEBI registered Intermediary shall submit the KYC details i.e. KYC Registration form and the supporting documents to the intermediary. The Intermediary shall perform the initial KYC and upload the details on the system of KRA. Intermediaries shall upload scanned images of KYC application forms and KYC documents to KRA. KRA shall verify the KYC documents and confirm the same in KRA system. KRA shall be responsible for maintaining the KYC information in electronic form. This KYC data contains demographic information, contact details and financial details of the investor investing in capital market.

Information Sharing and purpose

The client whose KYC is available with KRA and is KYC compliant need not undergo the same KYC requirement when he approaches another SEBI registered intermediary. In case of any change in KYC information, the client may approach any SEBI registered intermediary with whom he chooses to trade/invest/deal with. The KYC information available with NDML KRA can be accessed by all the SEBI Registered Intermediaries. SEBI KRA Regulations cast an obligation on the intermediary to use the information received from the KRA only for intended purpose. An intermediary can access information of only that client which chooses to trade/invest/deal through it. Other KRAs can access the KYC information available with NDML KRA.

Choices available to you regarding collection and usage of your information

Intermediary can upload, download and modify KYC information available in NDML KRA. As per the KRA regulations, intermediary shall perform the initial KYC of its clients and upload the details on the system of the KRA. When the client approaches another intermediary, the intermediary can verify and download the client’s details from the system of the KRA.

As a result, once the client has done KYC with a SEBI registered intermediary, he need not undergo the same process again with another intermediary. Whenever KYC information gets updated in KRA, KRA provides KYC data download to all intermediaries who have established relationship with the investor.

Confidentiality and Security

Confidentiality of KYC information is of prime importance to NDML KRA. NDML has put in place comprehensive risk management policies and procedures to eliminate/ limit the risk with respect to its operations in view of the critical nature of the KRA system. For the KRA system, the controls instituted by NDML KRA can be segregated into preventive controls and detective controls, as described below:

Preventive Controls:

1.In terms of SEBI KRA Regulations, the KYC information can be accessed only by a SEBI registered intermediary and not by any third party.

2.SEBI KRA Regulations cast an obligation on the intermediary to use the information received from the KRA only for intended purpose.

3.Before registering any SEBI registered intermediary with NDML KRA, they are required to accept the terms and conditions of usage of the KRA system which include a clause on the intermediary ensuring confidentiality of the KYC information downloaded by the intermediary.

4.For an intermediary to access the KYC information for any Client who is registered in the KRA System, the intermediary will have to provide the PAN and Date of Birth or Date of incorporation of the Client, as may be applicable.

5.Access to the KRA system and to KYC information of Clients is provided only to authentic users and a strong authentication mechanism is used using Digital Signature Certificates and passwords.

6.KRA shall take all reasonable measures to prevent unauthorized access to its database and shall secure the same from third parties.

7.Download of KYC information requires a maker-checker control i.e. one user of intermediary has to request for KYC information and other user of intermediary having supervisory rights needs to authorize the request.

Detective Controls:

1.For every access of information of KYC details of the Client, a complete audit trail of the intermediary and the user of the intermediary who accessed the information is maintained.

2.If any intermediary accesses the information of a client registered with KRA, KRA will send intimation about such usage to the Client through email which is recorded with the KRA.

The above controls along with the state-of-the-art hardware and technology tools ensure the security, integrity and confidentiality of the data in the NDML KRA system.

Further, NDML KRA Web site may contain links to other sites. We are not responsible for the content or the privacy practices employed by other sites. We are not responsible for the protection and privacy of any information which you provide whilst visiting other sites and such other sites are not governed by this privacy statement. We advise you to read their privacy policies before providing your personal information to such sites.

Policy Updates

NDML reserves the right to change or update this policy at any time. Such changes shall be effective immediately upon posting to this site.