Privacy Policy - Shri Ram Insurance Brokers

Last Updated: January 11, 2026

This Privacy Policy establishes the principles and practices governing the collection, use, storage, disclosure and protection of personal data during our insurance brokerage and allied services.

1. Statement of Commitment

Shri Ram Insurance Brokers Private Limited ("Shri Ram", "Company", "We", "our", or "Us") recognizes that the protection of personal data is fundamental to maintaining trust with our customers, business partners, and stakeholders. This Policy is framed in accordance with the Digital Personal Data Protection Act, 2023, IRDAII (Insurance Brokers) Regulations, 2018, and other applicable laws and regulatory guidelines.

We are committed to processing personal data in a lawful, fair, transparent and secure manner, in accordance with applicable Indian laws, regulatory guidelines, and industry best practices.

2. Applicability and Interpretation

This Privacy Policy applies to all individuals whose personal data is processed by Shri Ram Insurance Brokers Private Limited, including:

Customers and prospective customers
Policyholders, insured people, and nominees
Corporate clients and authorized representatives
Vendors, partners and service providers
Website and digital platform users

Definitions:

Data Fiduciary: Means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data.
Data Principal: Means the individual to whom the personal data relates.
Personal Data: Shall have the meaning assigned under applicable Indian data protection laws.
Processing: Includes collection, storage, use, disclosure, transfer, or deletion of personal data.
Services: Refers to insurance brokerage, advisory, servicing and ancillary activities undertaken by the company.

3. Guiding Principles for Data Processing

SRIB processes personal data based on the following principles:

Lawfulness and Purpose Limitation

Data is collected and processed only for specified and legitimate purposes.

Data Minimization

Only data that is necessary for identified purposes is collected.

Accuracy and Completeness

Reasonable efforts are made to keep personal data accurate, complete and up to date.

Storage Limitation

Data is retained only as long as required for legal compliance.

Security and Confidentiality

Appropriate safeguards protect data against unauthorized access.

Accountability

Processing activities are documented and monitored.

4. Categories of Personal Data Collected

Category	Examples
Identification & Contact Data	Name, age, gender, date of birth, addresses, email, phone numbers
Regulatory & KYC Information	PAN, Aadhaar, passport, photographs, signatures, verification records
Insurance & Policy Information	Policy applications, coverage details, renewals, nominee details
Financial & Transactional Data	Bank account details, payment records, commission information
Health & Claims Information	Medical reports, health histories, claims forms, settlement records
Technical & Usage Data	IP addresses, device identifiers, website navigation, cookies

5. Manner of Collection

Personal data may be collected through:

Direct interactions (online forms, emails, phone calls, physical documentation)
Digital platforms operated by the Company
Insurance companies and underwriting partners
Authorized service providers and verification agencies
Publicly available or regulatory sources, where permitted by law

6. Purpose of Processing

Insurance Services

Providing brokerage, advisory, and policy placement services

Policy Management

Facilitating issuance, renewal, modification of policies

Claims Assistance

Assisting with claims intimation, documentation, and coordination

Regulatory Compliance

Regulatory reporting, audits, and compliance obligations

Fraud Prevention

Fraud detection, risk mitigation, and internal controls

Service Improvement

Data analytics and service improvement initiatives

7. Legal Basis for Processing

The Company shall process personal data of data principals only in accordance with applicable law, including the Digital Personal Data Protection Act, 2023 ("DPDP Act").

Personal data shall be processed:

Based on free, specific, informed, unconditional and unambiguous consent of the data principal; OR
For legitimate uses as permitted under the DPDP Act, including for the performance of insurance broking services, compliance with legal or regulatory obligations, prevention and detection of fraud, grievance redressal, or other lawful purposes.

Consent Withdrawal: Where consent is relied upon, the data principal shall have the right to withdraw such consent at any time, in the manner specified by the Company. Withdrawal of consent may result in the Company being unable to provide certain insurance broking services or comply with contractual or regulatory obligations.

8. Disclosure and Data Sharing

Personal data may be disclosed strictly on a confidential and need-to-know basis to:

Insurance companies, reinsurers, and underwriting entities
Claims administrators, medical experts, and surveyors
Technology vendors and IT partners

Auditors, legal advisors, and professional consultants
Government authorities or regulators when mandated

Important: All third parties are required to adhere to confidentiality and data protection obligations.

9. Cross-Border Transfers

Where operational or technological requirements necessitate transfer or storage of data outside India, the Company ensures that such transfers are subject to appropriate safeguards and are compliant with applicable laws.

10. Information Security Framework

Shri Ram maintains a comprehensive information security program that includes:

Access Controls

Role-based access controls and authentication

Encryption

Encryption and secure data transmission protocols

Monitoring

Regular system monitoring and vulnerability assessments

11. Data Retention and Disposal

Personal data is retained only for the duration necessary to:

Fulfill identified processing purposes
Comply with statutory and regulatory requirements
Resolve disputes or enforce legal rights

Upon expiry of the retention period, data is securely deleted, anonymized, or archived as permitted by law.

12. Rights of Data Principals

Right to Access

The right to access information about the personal data being processed by the Company.

Right to Withdraw Consent

To withdraw consent for processing of personal data, subject to lawful consequences.

Right to Grievance Redressal

To grievance redressal in respect of any act or omission relating to the processing of personal data.

Right to Nominate

To nominate another individual to exercise the rights of the data principal in the event of death or incapacity.

Note: Requests shall be processed within reasonable timelines in accordance with law.

13. Children's Data

The Company does not knowingly collect personal data of individuals below 18 years of age without appropriate consent or legal authority.

14. Amendments to the Policy

This Privacy Policy may be amended periodically to reflect changes in legal requirements, regulatory guidance, or business practices. Updated versions will be made available through official Company channels.

15. Contact Details and Grievance Redressal

Any data principal who has a grievance regarding the processing of personal data by the Company may contact the designated Grievance Officer at the details provided below:

Grievance Officer / Data Protection Contact

Shri Ram Insurance Brokers Private Limited

Registered Office

Parishram Tower – 2, In Front of T.V. Tower,

Anupam Nagar, Shankar Nagar, Raipur, Chhattisgarh

India

Contact Information

Tel: 9575758777

Email: customersupport@srib.co.in

Working Hours: Mon-Fri, 9AM-6PM

The Company shall acknowledge receipt of grievances and endeavour to resolve the same within 30 (thirty) days from the date of receipt or such other period as may be prescribed under applicable law.

If a data principal is not satisfied with the resolution provided by the Company, the data principal may exercise such further remedies as are available under the DPDP Act.