A V A N S E

Loading

Avanse Financial Services Limited ("Avanse"), an NBFC regulated by the Reserve Bank of India (RBI) may, subject to extant regulations, outsource its certain activities to the service provider/s. While undertaking the outsourcing activity from Avanse, service provider shall be deemed to have read and accepted the below mentioned Outsourcing Terms & Conditions ("T&Cs"). The T&C's are framed in view of directions issued by the RBI and as such service provider shall follow the T&Cs to the extent relevant to their activity.

Outsourcing Terms and Conditions (“T&Cs”):

This Schedule shall form an integral part of the Outsourcing Agreement (“Agreement”).

Definitions:

  • Outsourcing:
    Outsourcing is defined as the NBFC’s use of a third party (either an affiliated entity within a corporate group or an entity that is external to the corporate group) to perform activities on a continuing basis (‘Continuing basis’ includes agreements for a limited period) that would normally be undertaken by the NBFC itself, now or in the future.
  • Material Outsourcing:

Material outsourcing arrangements are those which, if disrupted, have the potential to significantly impact the business operations, reputation, profitability or customer service.

Outsourcing guidelines prescribes two sets of outsourcing partners for NBFC:

The service provider may either be a member of the group/ conglomerate to which the NBFC belongs, or an unrelated party (collectively to be referred to as "Service Provider"),

  1. Third Parties
  2. Group Companies

Terms & Conditions for Outsourcing activities:

Any activity outsourced by Avanse to the Service Provider shall be subject to the following general terms and conditions:

  • The Service Provider shall,
    • adhere to all the applicable laws, rules, regulations, conditions of approval related to licensing or registration, guidelines and/or directives, as may be amended from time to time, issued to and/or applicable to Avanse as well as the Service Provider, by a statutory or regulatory authority as may be applicable from time to time, with respect to the Services and other subject matter hereof;
    • act with all reasonable diligence, in good faith, observe all instructions of Avanse from time to time and shall follow fair practices to maintain privacy, consumer and prudential laws;
    • not carry out any activity that would result in internal control, business conduct or reputation of Avanse being compromised or weakened;
    • not conduct business on its own behalf, inconsistent with the overall strategic goals of Avanse;
    • have adequate financial capacity to fulfil obligations and/ or to provide remedies to Avanse in the event of technology failure, fraud, error on part of the Service Provider;
    • not assign, delegate or subcontract any of its responsibilities contained in the Agreement to any agent, sub-agent or sub-contractor without prior written consent/permission of Avanse. The agreement in respect of services shall be on Principal-to-Principal basis.
    • strictly adhere to internal guidelines, policies and standards as may be issued by Avanse from time to time that are duly shared with the Service Provider;
    • ensure reasonable standards of care and skill in discharging the Services in terms of the Agreement.
    • put in place appropriate procedures and policies to restrict its employees, consultants or other agents from causing breach under the Agreement. It shall promptly notify Avanse of any such breach;
    • segregate and keep separately and hold in trust all information, documents and record and other assets pertaining to the Services and relating to Avanse;
    • take adequate measure to ensure that the Services by the Service Provider at the relevant places are distinctly visible and clear to customers, in the event the Service Provider is sharing the premises with other persons.
  • In case the Service Provider is an offshore entity then (i) the services shall be confined to limited activities by which Avanse is not subjected to or governed by any regulations or laws in such off shore jurisdiction. and (ii) also, the jurisdiction of the courts in the off shore location where data is maintained shall not extend to the operations of Avanse in India on the strength of the fact that the data is being processed there even though the actual transactions are undertaken in India; and (iii) further all original records shall continue to be maintained in India by Avanse and hence the service agreement /arrangement shall be governed accordingly.
  • Confidentiality & Security:
    • The Service Provider recognises that in the course of the transactions envisaged by the Agreement, it may be privy to certain confidential information (regardless of whether such information is expressly marked or designated as “confidential” or “proprietary”) relating to Avanse and its businesses including legal, financial, technical, commercial, marketing and business related records, data, documents, reports, etc., client/customer information, the terms of the Agreement and the details of the negotiations between the Parties (the “Information”). The Service Provider agrees that:
      • it shall keep all Information and other materials passing from Avanse to the Service Provider confidential and shall not, without the prior written consent of Avanse, divulge such Information to any other person or use such Information other than for the purposes of carrying out the Agreement;
      • it shall take all steps as may be reasonably necessary to protect the integrity of the Information and to ensure against any unauthorized disclosure thereof;
      • The Service Provider, it’s employees, agents, and subcontractors shall treat all records and information containing Personal Information acquired or generated as a result of the Agreement in strict confidence and with the care and security required to ensure they are not disclosed or made known to any person except in accordance with the Agreement and shall promptly inform Avanse of any potential or accidental disclosure of the Information and take all steps, together with Avanse, to retrieve and protect the said Information;
      • It shall inform Avanse immediately upon it becoming aware of any unauthorized access, collection, use, disclosure or destruction of Records and information containing Personal Information relating to the Agreement;
      • It shall ensure that the Personnel and all its employees and/or representatives who are given access to the Information shall at all times be bound by legally valid and written non-disclosure obligations under their employment contracts; and
      • It shall limit access to all Information on need-to-know basis, to only those of Service Provider’s personnel, agents and representatives who need to know such information for carrying out Avanse obligations for the purposes of carrying out the Agreement.
      • It shall use the Information only for the purpose for which it was provided and not profit from the same in an unauthorized manner to the exclusion of Avanse.
    • All the Confidentiality obligations applicable to the Service Provider under the Agreement, shall be made applicable to all the employees, affiliates, agents, representatives, advisers, consultants, or such other persons with whom such Information is shared by the Service Provider. Upon expiry or termination of the Agreement or upon receipt of a request from Avanse, the Service Provider shall return to Avanse all Information received by it or destroy all such Information and certify in writing to such destruction.
    • The Service Provider shall ensure that, other than in the course of and for the purpose of rendering services to Avanse, the Information will not be copied, reproduced, reengineered, reverse engineered or transmitted by any means and in any form whatsoever (including in an externally accessible computer or electronic information retrieval system) by the Service Provider or its representatives without the prior written permission of Avanse.
    • The Service Provider shall maintain the confidentiality of the Information by exercising no lesser security and control measures and degree of care than those which the Service Provider applies to its own confidential information.
    • The Service Provider shall fully indemnify Avanse for any loss, damage caused due to breach and/or leakage of confidential Information of Avanse and/or violation of any applicable laws.
    • Avanse shall have the right to review and monitor the security practices and control processes of the Service Provider on a regular basis and may require the Service Provider to disclose any security breaches.
    • The Service Provider shall ensure that they have adequate safeguards to ensure that there is no combining/co-mingling of information, documents, records and assets of Avanse in case the Service Provider is acting as an outsourcing agent for multiple entities.
    • The Service Provider shall also preserve all the documents under the Agreement as required under the applicable laws and shall take suitable steps to ensure that Avanse’s interests are protected in this regard even post termination of the Services.
    • The obligations contained in this Section shall not apply to any part of the Information in the case where that part of the Information that is or has become public (other than by breach of the Agreement) and shall not restrict any disclosure by the Service Provider required by law or by any court of competent jurisdiction, any enquiry or investigation by any governmental, official or regulatory body which is lawfully entitled to require any such disclosure, provided that, so far as it is lawful and practical to do so prior to such disclosure, the Service Provider when subject to such disclosure shall promptly notify Avanse of such requirement with a view to providing the opportunity for Avanse to contest such disclosure or otherwise to agree the timing and content of such disclosure.
    • The obligations contained in this Section shall continue to apply after the termination or expiry of the Agreement.
    • The Service Provider shall, on written demand of Avanse immediately return Information together with any copies in its possession.
    • The Service Provider acknowledges that in the event of any breach or threatened breach of this Section by the Service Provider/its employees/agents/sub-contractors, monetary damages may not be an adequate remedy, and therefore, Avanse shall be entitled to injunctive relief to restrain the Service Provider/its employees/agents/sub-contractors from any such breach, actual or threatened.
    • The Service Provider shall carefully preserves all the documents containing customer related Information, data etc., as required by the law and shall refrain from disclosing any information to unrelated third parties either implicitly or explicitly, irrespective of any divergence in views and breakdown of professional relationships or any disputes or dissatisfaction between the parties, in any manner that would jeopardize the business and corporate reputation of the Avanse. The Service Provider and its employees, agents, assigns shall not allow access or share such documentation in part or whole to any third party, or allow any third party to unless obliged to do so by any regulatory authority or a court of law having competent jurisdiction to mandate such sharing or access.
    • The Service Provider shall act, follow and provide its Services in accordance with the Fair Practices Code and other directions as issued and amended by Reserve Bank of India from time to time and as displayed on Avanse's website ("https://www.avanse.com"), failing which it shall be deemed to be a material breach of the terms of the Agreement.
  • Security and Control Processes:
    • The Service Provider hereby agrees to have reasonable security practices, control processes and checks in respect of the sourcing, servicing and collections on a regular basis to the extent directed by Avanse and as per the applicable laws including the provisions of Information Technology Act, 2000.
    • The Service Provider shall review and monitor on a regular basis and immediately disclose any breaches of security practice/processes and controls and leakage of Information to Avanse. Avanse shall also be entitled to review and monitor the security practices and control processes of the Service Provider on a regular basis after providing reasonable a prior notice.

 

  • Data Privacy
    • The Service Provider (and shall procure that the Service Provider’s personnel) shall comply with all Data Protection Legislation and such compliance shall include, but not be limited to, maintaining a valid and up to date registration or notification (where applicable) under the Data Protection Legislation.
    • For this purpose,
  • Data Protection Legislation” means the legislation and regulations relating to the protection of Personal Data and processing, storage, usage, collection and/or application of Personal Data or privacy of an individual including (without limitation):
    • the Information Technology Act, 2000 (as amended from time to time), including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“Privacy Rules”) and any other applicable rules framed thereunder;
    • all other industry guidelines (whether statutory or non-statutory) or codes of conduct relating to the protection of Personal Data and processing, storage, usage, collection and/or application of Personal Data or privacy of an individual issued by any regulator to Avanse; and
    • any other applicable law solely relating to the protection of Personal Data and processing, storage, usage, collection and/or application of Personal Data or privacy of an individual.
  • Personal Data” shall have the same meaning as ascribed to the term ‘Sensitive Personal Data or Information’ under the Privacy Rules (as amended from time to time).

 

    • The Service Provider shall only undertake the processing of Personal Data:
  • reasonably required in connection with the performance of its obligations under the Agreement; and
  • in accordance with the Avanse’s written instructions, and,
  • shall comply with all reasonable procedures and processes notified by Avanse from time to time.
    • Avanse hereby instructs the Service Provider to take such steps in the processing of Personal Data on behalf of Avanse as are reasonably necessary for their performance of the Service Provider’s obligations under the Agreement.
    • The Service Provider shall not process or transfer any Personal Data outside India without the prior written consent of Avanse.
    • The Service Provider shall at all times have appropriate technical and organisational measures in place acceptable to Avanse:
  • To prevent unauthorised or unlawful processing of any Personal Data;
  • To protect any Personal Data against accidental loss, destruction or damage;
  • To ensure the reliability of its personnel having access to the Personal Data;
  • On Avanse’s reasonable request, the Service Provider will:
  • provide a detailed, written description of the measures undertaken by the Service Provider and the Service Provider’s compliance with those measures; and
  • allow Avanse access to the Service Provider’s premises to inspect its procedures for the processing of Personal Data;
  • If the Service Provider receives a request from any person for access to Personal Data or any other request relating to Avanse’s obligations under the Data Protection Legislation the Service Provider shall:-
  • immediately notify Avanse; and
  • provide full co-operation and assistance to Avanse in relation to any such complaint or request including, without limitation:
  • provide Avanse with full details of any such request;
  • provide Avanse with any Personal Data it holds in relation to any person in a form specified by the Avanse and within [?] days of receipt of the request from any person or as otherwise stipulated by Avanse; and
  • comply with the data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with explicit authorisation to do so from Avanse;
  • The Service Provider shall:
  • immediately provide Avanse with full details of any complaint or allegation that it is not complying with the Data Protection Legislation; and
  • assist Avanse in taking any action that Avanse deems appropriate to deal with such complaint or allegation including without limitation immediately providing Avanse with any Personal Data it holds in relation to any person.
  • Audit and Inspection:
    • The Service Provider shall keep complete records and details of financial transactions including invoices, payments received and tax remitted in connection with the Services provided to Avanse. All the aforesaid records shall be kept on file by the Service Provider for a period of Ten (10) years from the date the record is made.
    • The Service Provider shall at all times, upon 07 (seven) business days written notice, allow Avanse, its management and/or its auditors and/or its regulators (including external regulators and auditors) and /or its promoters, the opportunity of inspecting, examining and auditing, the Service Provider’s operations and business / financial / operational records / documents which are directly relevant to the Services contemplated hereunder, its balance sheet and profit and loss account and audit reports, for the purposes of ascertaining the financial viability of the Service Provider.
    • As and when required by Avanse, and upon prior notice of at least 02 (Two) business days the Service Provider shall provide access to and make available to any of Avanse’s authorized officers / employees/ management or internal / external auditors / promoters, the necessary records for inspection / examination / audit, and co-operate to the fullest extent so as to clarify on any activities and to assure a prompt and accurate audit related to the Scope of Services.
    • The Service Provider shall co-operate with Avanse’s internal or external auditor or other person to assure a prompt and accurate audit (specific to the Services).
    • The Service Provider shall also co-operate in good faith with Avanse to correct any practices which are found to be deficient as a result of any such audit, within a reasonable time, as may be agreeable to Avanse.
    • The Service Provider agrees that RBI/any other competent authority or persons authorised by RBI shall be entitled to access the records of transactions, IT Infrastructure, applications, data, documents and other necessary information given to, stored or processed by the Service Provider in relation to the Services.
    • RBI and Avanse shall be entitled to cause an inspection to be made on the Service Provider and any of its sub-contractors and their IT infrastructure, applications, data, documents, and other necessary information given to, stored or processed by the Service Provider and/ or its sub-contractors and their books, records, information and account by one or more of its Personnel including officers or employees or other persons.
    • The Service Provider shall maintain its regular books of accounts, records and any other information in respect of the Services and relevant to the outsourced activity. The Service Provider shall provide to Avanse, its management, its auditors (internal & external) and/or its regulators, agents appointed to act on behalf of Avanse, or any other person authorized by it, unrestricted and effective access to the Service Provider’s business premises, operations/business records, logs, alerts, data for the purposes of performing and conducting audits / inspection, spot checks and to obtain such copies of any audit or review reports and findings made on the Service Provider (including its sub-contractors).
    • The Service Provider agrees and acknowledges that the Avanse shall be entitled to conduct a periodic and/or continuous monitoring and assessment of the Service Provider (including the financial and operational conditions of the Service Provider) so as to take any necessary corrective measures immediately.

 

  • Business Continuity
    • The Service Provider has and will maintain throughout the term of the Agreement a business continuity, disaster recovery, and backup capabilities and facilities (“BCP”) to enable it to recover and resume the Services provided by it to Avanse under the Agreement within [1 (one) Business Day] from the occurrence of an event/ incident which disrupts or has a significant impact on the performance of the Services by the Service Provider (“Interruption Event”). The Service Provider hereby confirms that it has tested its BCP and will continue to conduct sufficient ongoing verification and testing for the BCP and recovery and resumption of services. The Service Provider will update its BCP at least annually. Avanse at its discretion may cause the Service Provider to undertake joint testing and recovery exercises.
    • The Service Provider will promptly notify Avanse of any actual, threatened, or anticipated Interruption Event and will cooperate fully with Avanse to minimize and remedy any such disruption and promptly restore and recover the Services. Further, the Service Provider acknowledges and agrees that upon the occurrence of an Interruption Event, Avanse has a right to intervene with appropriate measures to continue business operations/ services, without causing any break in the operations of Avanse and its Services. All cost and expenses incurred by Avanse in connection with the aforesaid right of intervention shall be borne by the Service Provider.
    • The Service Provider further acknowledges and agrees that (a) the Service Provider shall at all times isolate Avanse’s information, documents and records, and other assets; and (b) upon the occurrence of default by the Service Provider of its obligation under the Agreement or the occurrence of an Interruption Event, Avanse has a right in its sole discretion (and without prejudice to its other rights under the Agreement), to cause the removal (by deletion, destroying or rendering unusable or otherwise) from the possession of the Service Provider, all documents, records of transactions and information, in possession of the Service Provider pertaining to Avanse and/or any other asset of Avanse.

 

  • Termination of Agreement:

Both the parties shall have right to terminate the agreement as per the terms agreed between the Parties under the respective agreements. In case of any material breach of any of the terms & conditions of the agreement, the agreement shall be terminated with immediate effect at the option of the non-defaulting party and as more particularly mentioned under the respective agreements.