PayU VAS Privacy Statement

1. WHAT IS PAYU VALUE SERVICES (VAS) PROJECT OF PAYU PAYMENTS PRIVATE LIMITED AND HOW DOES THIS PAYU VAS PRIVACY STATEMENT WORK?


2. WHAT IS PERSONAL INFORMATION AND WHAT TYPES OF PERSONAL INFORMATION DO WE COLLECT & PROCESS ABOUT YOU FOR PAYU VAS PROJECT?ELY ON TO PROCESS YOUR SENSITIVE PERSONAL INFORMATION F


3. HOW DO WE COLLECT YOUR PERSONAL INFORMATION FOR PAYU VAS PROJECT?


4. WHAT ARE THE LAWFUL GROUNDS THAT WE ROR PAYU VAS PROJECT?


5. THE PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL INFORMATION FOR PAYU VAS PROJECT


6. WHEN AND TO WHOM DO WE DISCLOSE YOUR PERSONAL INFORMATION FOR PAYU VAS PROJECT


7. DATA RETENTION


8. INDIVIDUAL PRIVACY RIGHTS


9. SECURITY: HOW WE PROTECT & STORE PERSONAL INFORMATION & WHAT ARE OUR DATA PURGING PRINCIPLES


10. CHANGES TO PAYU VAS PRIVACY STATEMENT AND YOUR DUTY TO INFORM US OF CHANGES


11. MANAGE YOUR CONSENT


12. HOW TO CONTACT US



1. WHAT IS PAYU VAS PROJECT OF PAYU PAYMENTS PRIVATE LIMITED  AND HOW DOES THIS PAYU VAS PRIVACY STATEMENT WORK?

PayU Payments Private Limited (“PayU Payments“, “we“, “our“, “us“) is a company incorporated in India having its registered office at 801, 8th Floor, Empressa Building, 2nd Road, Khar West Mumbai, Mumbai – 400052, Maharashtra, Indiaand its corporate office at 9th Floor, Bestech Business Tower, Sector 48, Gurgaon, Haryana – 122003, with CIN no. U72400MH2006PTC293037.


As a specific and separate business vertical within PayU Payments, there exists a business vertical named PayU VAS under PayU Payments pursuant to which PayU Payments facilitates the provision of credit facilities to individual borrowers in partnership with banks and financial institutions who are authorised by the Reserve Bank of India (“RBI“) to extend credit facilities to different types of borrowers. Such credit facilities can be in the nature of business/trade financing and/or personal financing (as the case may be) (“VAS”).


You must note that PayU Payments does not itself extend any credit facilities.


The purpose of this privacy statement (“PayU VAS Privacy Statement”) is to give you information on how PayU Payments collects, stores, uses, discloses, transfers and processes your Personal Information (defined below) including Sensitive Personal Information (defined below) when you use our websites (“Website(s)”) or software applications, app in app integration (‘SDK’) or mobile applications for availing our services ( collectively referred as “Apps“), including the steps we take to protect your Personal Information (including Sensitive Personal Information). The term Websites and Apps include all pages that are sub-domains or are associated or exist within each Website or Apps.


This PayU VAS Privacy Statement is applicable to the VAS products and services offered by PayU Payments.


By accessing the Websites and Apps, and/or using VAS products and services provided by PayU Payments, directly or indirectly, you agree that you have read and understood and agree to be bound by this PayU VAS Privacy Statement. By using the Websites and Apps, and/or having used or using the offered by PayU Payments, directly or indirectly, in the past, present or future, you agree and acknowledge to our use and disclosure of your Personal Information and Sensitive Personal Information submitted to us in accordance with this PayU VAS Privacy Statement.


It is strongly recommended for you to return to this page periodically to review the most current version of this PayU VAS Privacy Statement which is amended by us from time to time.




2. WHAT IS PERSONAL INFORMATION AND WHAT TYPES OF PERSONAL INFORMATION DO WE COLLECT & PROCESS ABOUT YOU FOR PAYU VAS PROJECT?

“Personal information”: means any information that relates to an individual, which directly or indirectly, in combination with other information available or likely to be available with us, is capable of identifying such individual. Personal Information for the purposes of this privacy policy include User Data.


“Sensitive Personal Information”: means any Personal Information of an individual, which consists of information relating to financial information such as bank account, credit card, debit card or other payment instrument details; passwords; biometric information; sexual orientation; physical, physiological and mental health condition; and medical records and history. Information freely available or accessible in public domain is not treated as Sensitive Personal Information.


Depending on who you are (e.g., a merchant, customer or business partner) and how you interact with us (e.g., telephone, IVR, API, App online or offline), we may collect, use, receive, store, analyse, combine, transfer or otherwise process different categories of your Personal Information (including Sensitive Personal Information).

Below is a table of the categories of Personal Information and Sensitive Personal Information which we may collect about you:


Categories of Personal Information

Which includes information such as:

“Identity and Account Log- In Information”

Full name(s), title, age, user ID, gender and your date of birth.

“Contact Information”

Telephone/mobile number(s), permanent and current address(es), state/city of residence, country, pin code, email address(es), and chosen billing address(es).

“Financial Information”

Personal bank account numbers and bank account data including e-nach, NEFT, IMPS and UPI ID details

“Identification Information”

Know Your Customer (KYC) documents including all proofs of identity and address, photograph, Permanent Account Number (PAN), GST Number, etc.

User Data

shall in relation to an individual include information relating to financial status such as: (i) details of income (including any commissions, earnings or fees earned) or details of payments and payment cycles of any income earned, including any amounts payable by our business partners, merchants, employer; total number of days for which services have been provided, settlement cycles, total payables, details of any disputes with business partners and of any penalties levied on you such merchants and/or business partners, lenders

shall in relation an entity include amongst others information such as (a) order & transaction data which may cover all order numbers, order values, transaction numbers, transaction values, transaction days; (b) return & refund data including number and value of returns & refunds, (c) merchant profile on platform including as vintage data, classification of merchant on partner (gold, silver, bronze etc), bank acct details, PAN, GST etc.

“Usage and Technical Information”

IP addresses, application, device or browser type, versions and configurations, operating systems, device brand and model, time zone setting, geo-location information, content, unique identifiers associated with your device(s) and pages that you access on the Website(s) and Apps, and the dates and times that you visit the Websites or Apps, and paths taken.

“Credit related Information”

Credit or affluence related information or assessment provided by third parties such as financial institutions or account aggregators or similar third parties as permitted under applicable laws of India including our business partners, independent service providers and our group entities.

Information in your device(s)

We may also access your contact list, call records, SMS, media files and location data in your devices to enable you to access our services after seeking necessary permissions and consent as per the provisions of applicable laws.

We may also collect, use and/or share non-Personal Information or anonymized data such as statistical or demographic data in accordance with this PayU VAS Privacy Statement.


As a matter of principle, we do not collect certain special categories of Personal Information about you (such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health or any genetic and biometric information). However, we may collect certain Sensitive Personal Information in order to provide VAS products and services to you, such as some categories of Financial Information including bank account number and number on credit or debit cards. In such cases, we ensure that such Sensitive Personal Information is used, processed, stored and/or disclosed in accordance with this PayU VAS Privacy Statement and in compliance with applicable laws of India.


To the extent the Websites and Apps include links to third-party websites, plug-ins and applications (including cookies, tracking technologies and widgets by third party advertisers), it is important that you understand that by clicking on those links or enabling those connections, you may allow third parties to collect or share data about you. PayU Payments does not have oversight of these third-party websites, plug-ins and applications and we are not responsible for their processing or using of your Personal Information or Sensitive Personal Information. Any information collected by a third party in this manner is subject to that third party’s own data collection, use and disclosure policies and you must make yourselves conversant with those.




3. HOW DO WE COLLECT YOUR PERSONAL INFORMATION FOR PAYU VAS PROJECT?

How we collect Personal Information (including Sensitive Personal Information) will depend on the following broader situations:


3.1 If we receive or collect it directly from you


We collect Personal Information (including Sensitive Personal Information) directly from you in different ways on the Websites and Apps, or VAS products and services offerings. For example, you give us your Personal Information (including Sensitive Personal Information) when you:


a. give us your Contact Information so that we can contact you about our services and products;


b. conclude a contract or verify to us who you are (whether by email, phone or electronic verification);


c. provide your Personal Information (including Sensitive Personal Information) on the Apps and Websites, or the checkout pages in order for us to complete the transaction(s);


d. apply for our VAS products and services directly with us or through our business partners (such as various marketplaces, merchant websites, resellers or credit providers);


e. directly register with us for availing any VAS products and/or services including initiating an account-based relationship with us;


f. are prompted to give us your Identity and Account Log- In Information, Contact Information, Financial Information, Identification Information, Credit Related Information;


g. enter a competition, promotion or survey or you consent to be provided with marketing materials to be sent to you;


h. send us a support request for any of our VAS products and services through one or more of our support desks; or


i. access, use and/or browse our Website(s) or Apps.



3.2 If we collect it from third parties, or from publicly available sources


We obtain Personal Information (including Sensitive Personal Information) through third parties including our business partners, independent service providers and our group entities or from publicly available sources, if publicly available, as permitted under applicable laws of India, including:


a. from our merchants, marketplaces, re-sellers, banks, and financial institutions.. We encourage you to read such third parties’ privacy statements to learn more on how they process your personal information.


b. from social platforms and networks when you give us permission to do so either directly or through a cookie. For example, depending on your social media settings, if you choose or consent to connect your social media account to a PayU product or do not disable cookies while accessing the Website(s) or an App, certain information from your social media account may be shared with us (which may include information that is part of your profile);


c. from financial institutions and fraud prevention agencies for the purposes of conducting fraud and risk assessments or analysis. For example, before we provide or enable the provision of VAS products and services to you (as applicable), we may undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to collect information about you from our business partners and independent service providers including technology providers who have entered into contracts with us;


d. from third parties, such as merchants, business partners or e-commerce platforms, who have either entered into a contract with you or have obtained your consent and/or necessary rights and permissions or through any other legal means as may be available in accordance with applicable laws of India, to share your information with other parties; and


e. from publicly available sources in accordance with applicable laws of India.




4. WHAT ARE THE LAWFUL GROUNDS THAT WE RELY ON TO PROCESS YOUR SENSITIVE PERSONAL INFORMATION for PAYU VAS PROJECT?

For collecting, processing (including using and storing), disclosing or sharing your Sensitive Personal Information as described in this PayU VAS Privacy Statement, we hereby through this PayU VAS Privacy Statement, seek your consent/permission and give you a notice regarding collecting, processing (including using and storing), and sharing your Sensitive Personal Information for one or more of the purposes detailed herein. For any purposes where, as per applicable laws of India, a specific consent is required, we will seek such specific consent from you from time to time.


You may, of course, decline to share certain information with us, in which case we may not be able to provide to you some or all of the features and functionalities of the Websites and Apps. This may also affect our ability to process your Personal Information (including Sensitive Personal Information) and may therefore lead to the non-availability or discontinuation of the services for which such Personal Information (including Sensitive Personal Information) are to be used or was being used, at our sole discretion.




5. THE PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL INFORMATION FOR PAYU VAS PROJECT

We process your Personal Information (including Sensitive Personal Information) for the purposes mentioned below:


5.1 To verify, authenticate and authorize your use of our VAS products and services

We process your Personal Information (including Sensitive Personal Information) for creating login credentials or establishing an account based relationship, doing KYC evaluation and risk assessments in order to authenticate and authorize your use of our VAS products and services depending on if you are a merchant, consumer or customer, and your choice of services or products. The type of Personal Information (including Sensitive Personal Information) typically required is Identification Information, Identity and Account Log-In Information, Contact Information and Financial Information. This is necessary in order for PayU Payments to assess your application and necessary for our legal obligations under certain applicable laws of India.


5.2 To provide VAS products and services to you


We also process your Personal Information (including Sensitive Personal Information, to the extent the same is compliant with the provisions of applicable laws) in order to provide you being offered by us, our group companies or our business partners.


5.3 To protect our business and to ensure compliance with the law


We process your Personal Information (including Sensitive Personal Information) to meet the requirements of applicable laws, regulations, standards, rules, and codes with which PayU Payments must comply. This includes:


a. consulting and reporting your Personal Information (including Sensitive Personal Information) and behaviour on monetary obligations to legitimately constituted financial, commercial or service risk centres, or to other financial institutions, under applicable laws of India;


b. verifying your identity and comparing your Personal Information (including Sensitive Personal Information) to verify accuracy for reporting obligations under applicable laws or payment scheme rules or KYC norms;


c. processing (including storing or using) your Personal Information (including Sensitive Personal Information) to ensure business continuity of our businesses and appropriate disaster recovery for the Websites and Apps.



5.4 To manage our relationship with you

If you contact us or otherwise give us your Contact Information (for example by registering, by completing an enquiry form on the Website/s and Apps, or by subscribing to receive support and service status communications from us regarding security or fraud monitoring alerts), we process your Personal Information (including Sensitive Personal Information):

a. to inform you about VAS products and services and any changes to these and any associated legal documents;


b. to notify you if there is any interruption of any of the VAS products and services;


c. to ask you to provide information on how we can improve or develop VAS products and services and to otherwise effectively communicate with you;


d. to provide you with service assistance and problem solutions or to contact or send you notifications related to the VAS products and services we offer to you;


e. to use your Personal Information (including Sensitive Personal Information) in transactional or fraud monitoring reports (or both) as part of the performance of our contracts. You have the option to unsubscribe from such reports in accordance with the terms of our contract.


5.5 To conduct research and to develop and improve our VAS products and services

We use Personal Information (including Sensitive Personal Information) that we collect, to the extent permissible under applicable laws:

a. to research and gain insights into market trends and needs and to develop or innovate our technologies, products and services to meet such market trends and needs. We may use machine learning and artificial intelligence techniques to conduct research to gain such insights;


b. to analyse visitor use of the Websites, Apps, products or services in accordance with this PayU VAS Privacy Statement;


c. to improve and personalize our users, merchant and/or customer relationships; and


d. to provide users, merchants with statistical insights and reports based on your information we receive from them.





6. PAYU VAS PROJECT

6.1 Sharing with PayU Finance


PayU Payments may share your Personal Information (including Sensitive Personal Information) with PayU Finance for the purpose of processing or using your Personal Information (including Sensitive Personal Information) to offer products and services of PayU Finance.


6.2 Sharing with business partners

Subject to the provisions of applicable laws, we may share your Personal Information (including Sensitive Personal Information) with our business partners such as:

a. merchants or partner merchant, in accordance with our service contracts (also at times referred to as our terms and conditions).;


b. authorized financial institutions and banking partners, with whom we partner to jointly create and offer VAS products and services. ; and


c. other business partners and financial institutions, for the purposes of enabling such entities to market and offer their products and services to you including credit products and services, or any other lucrative deals and premium products and services, and also for carrying out research and analytics. To the extent permissible under applicable laws, we may also share your Personal Information (including Sensitive Personal Information) with our business partners, independent service providers, our group entities and financial institutions to assist them in understanding your interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions based on which such business partners, independent service providers, group entities and financial institutions may market and offer their products and services to you.



6.3 Sharing with service providers or vendors

We may share your Personal Information (including Sensitive Personal Information) with various service providers or vendors under contract who assist us with our business operations to provide the VAS products and services. Current list of service providers with whom data is shared and reason for the same is listed below


a. Karza – for KYC validation checks


b. Digio – for registering NACH and for executing agreements


c. Hyperverge – For video KYC, and for capturing and confirming on live photograph


d. Credit Information Bureau Limited (CIBIL) – for obtaining credit data available with the bureau



6.5 Sharing with companies that we plan to merge with or entities that we may acquire


We may share your information with the companies that we plan to merge with or the entities acquired by us. In such situation we will require that the new combined entity or the acquiring entity or the acquired entity follows this PayU VAS Privacy Statement with respect to your Personal Information (including Sensitive Personal Information (if any subject to the provisions of applicable laws)).


6.6 Sharing with regulatory and law enforcement agencies


We may share your Personal Information (including Sensitive Personal Information) with government officials, regulatory bodies, courts/tribunals, law enforcement agencies, fraud detection agencies or other such agencies or authorities when we are compelled to do so by law (such as via a subpoena, court order or similar legal procedure).




7. DATA RETENTION


PayU Payments may store your Personal Information (including Sensitive Personal Information) for as long as the same is required for the fulfilment of purposes for which we collected it. The retention of Personal Information (including Sensitive Personal Information) by PayU Payments is determined by considering compliance with legal (that is, contractual or statutory or regulatory requirements), accounting and compliance reporting requirements. We pass on all User Data to partner lenders and retain only the necessary user data with us. Any data retention is subject to provisions of applicable laws.


You must note, however, that PayU Payments may from time to time, seek some User Data and/or Personal Information from the partner lender for carrying out its obligations under its contractual arrangements with the partner landers.




8. INDIVIDUAL PRIVACY RIGHTS

We ensure that you may exercise your individual privacy rights under applicable privacy and data protection laws and as per our policies and this PayU VAS Privacy Statement. This means that PayU Payments seeks to provide reasonable assistance in catering to requests from individuals regarding the processing including storing and using of their Personal Information and the right to amend and/or delete their Personal Information and withdraw/revoke consent for using their Personal Information (including Sensitive Personal Information). Subject to the requirements of applicable laws in India, the terms and conditions of the VAS products and services and as per our policies, you can exercise the following rights:


8.1 Right to review, correct or rectify Personal Information

You can ask us to get the inaccurate Personal Information (including Sensitive Personal Information) we process about you, to be fixed or changed and can also request to review your Personal Information (including Sensitive Personal Information) available with us.


8.2 Right to withdraw your consent

You may withdraw a consent to process (including usage) that you have given to us and prevent further processing or using of your Personal Information (including Sensitive Personal Information). You may also withhold your consent prior to the collection, processing or using your Personal Information (including Sensitive Personal Information).


Please submit a request to nodalofficer.capital@payu.in if you would like to exercise any of the above rights. These rights are limited in some situations, such as where we are legally required to retain your Personal Information (including Sensitive Personal Information). Please note that this may also affect our ability to process or enable your Personal Information (including Sensitive Personal Information) and may therefore lead to the discontinuation of those services or products for which this Personal Information (including Sensitive Personal Information) was being used, at our sole discretion.




9. SECURITY: HOW WE PROTECT & STORE PERSONAL INFORMATION & WHAT ARE OUR DATA PURGING PRINCIPLES

The security of your Personal Information (including Sensitive Personal Information) is important to us. We take necessary physical, technical, managerial, and operational measures that are designed to improve the integrity and security of information that we collect and maintain as required by applicable laws of India.


PayU Payments also regularly reviews its policies regarding the collection, storage, using and processing of your Personal Information (including Sensitive Personal Information), including physical security measures, preventing alteration, loss, query, use or fraudulent or unauthorized access of your Personal Information (including Sensitive Personal Information).


PayU Payments has put in place procedures to deal with information breach and will notify you and any applicable regulator or authority of a breach where we are legally required to do so.

PayU Payments will retain data collected under this VAS products and services only in accordance with applicable laws.




10. CHANGES TO PAYU VAS PRIVACY STATEMENT AND YOUR DUTY TO INFORM US OF CHANGES

This PayU VAS Privacy Statement may change or be amended over time. The recent version of this PayU VAS Privacy Statement is published on the Websites and Apps.


Please revisit this page periodically to stay aware of any changes to this PayU VAS Privacy Statement. Your continued use of our services confirms your acceptance of this PayU VAS Privacy Statement, as amended. If you do not agree to this PayU VAS Privacy Statement, as amended, you must stop using our services and notify us.

It is very important that any Personal Information (including Sensitive Personal Information) we hold about you is up to date and correct. Please inform us of any changes to your Personal Information (including Sensitive Personal Information) at the earliest.




11. MANAGE YOUR CONSENT

PayU Payments provides you the option to withdraw, delete and/ or modify your consent to process your data for any specific purpose as per applicable laws. You understand that in the event you exercise your right to withdraw consent, you may not be able to avail VAS Products and Services being provided by PayU Payments basis such consent. In addition, you also understand that while you may withdraw your consent for all the permissible purposes, however, PayU Payments will continue to hold and process your Personal Data including Sensitive Personal Information, collected by PayU Payments for any other legal or regulatory requirements, to the extent and for the time period required or permissible in accordance with applicable laws.



12. HOW TO CONTACT US

The controller of this Website and App (as applicable) is PayU Payments Private Limited having its registered office at 801, 8th Floor, Empressa Building, 2nd Road, Khar West Mumbai, Mumbai – 400052, Maharashtra, Indiaand having CIN no. U72400MH2006PTC293037 and corporate office at 9th Floor, Bestech Business Tower, Sector 48, Gurgaon, Haryana – 122003.


You may address any complaints or discrepancies in relation to the processing (including storing and using) of your Personal Information (including Sensitive Personal Information) to:

Nodal Officer – Kamlesh Kaul,


PayU Payments Private Limited,

9th floor, Bestech Business Tower, Sohna road, Sector 48, Gurgaon -122002, Haryana, India


Email : nodalofficer.capital@payu.in