1. Your privacy is of utmost importance to us, and protection of your Personal Data as disclosed by you to us is a key commitment for us.
2. In safeguarding your privacy and to protect your personal data, we are governed by the provisions of applicable rules, regulations and laws in India including the Reserve Bank of India Guidelines on Digital Lending (2022), Digital Personal Data Protection Act, 2023, the Information Technology Act 2000 and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011

We collect and process your Personal Data only to the extent necessary for us to process your requirement(s) and in the manner as detailed hereinafter below in sections III to VII.

This Privacy Policy applies only to personal data.
1. “Personal Data” is data relating to you that is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of your identity or any combination of such features with any other information.
2. Personal Data, which relates to password, financial information such as bank account or credit card or debit card or other payment instrument details, physical, physiological, and mental health condition, sexual orientation, medical records and history, biometrics or any other data categorized as sensitive under applicable law in India.
3. Personal Data does not mean information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force.

When you make purchases through our services, you agree that we may collect and store information about you to process your requests and automatically complete forms for future transactions, including (but not limited to) your phone number, address, email, billing information and payment preferences. We may collect the following information with your explicit consent and only for purposes specified in the consent notice:
1. Personal details (e.g., name, contact details including, residential address, date of birth, documents such as identity card/ passport details/ Aadhaar details/ PAN/ Voter ID/ driving license, and/ or education details) provided by you to us to avail various products/ services from us.
2. Your details including transaction history, balances, payment details, for effecting transfer of monies through various payment channels provided by us.
3. Financial details (e.g., income, expenses, and/ or credit history) needed as part of request for some of our products/ services.
4. Images of documents/ photos required to avail any of our products/ services.
5. Voice recordings of our conversations with our customer care agent with you to address your queries/ grievances.
6. Specimen signature(s) for processing of your instructions received by us through our various payment and delivery channels.
7. Opinions provided by you to us by way of feedback or responses to surveys;
8. Access to your mobile camera device for the functioning of many in-app functionalities for recording video including, but not limited to video KYC process and scan & pay etc.;
9. One time access to your device location by way of using our app for KYC requirements;
10. One time access to the microphone to record audio for carrying out video KYC process and voice typing etc.
11. Access to Wi-Fi details through SSID information from your device, to notify users about the security of Wi-Fi network. ;
12. Access to the Near field Communication (NFC) chip on device to enable tap to pay functionality (only for NFC enabled devices).

Note: For the devices supporting authentication through biometrics, Paytm app provides a feature to unlock the app using face id/ fingerprint recognition. We at no time retrieve or store your biometric information from your mobile device. Further, we expressly state that your biometric data, including face ID and fingerprint permissions, are NOT collected, or stored by us in any manner.

We use your Personal Data in our business activities for providing our partners’ products/ services and to perform, among other actions, the following:
1. To facilitate the transactions or report on these transactions.
2. To undertake research and analytics for offering or improving our products/ services and their security and service quality.
3. To check and process your requirements submitted to us for products/ services and/ or instructions or requests received from you in respect of these products/ services.
4. To share with you, updates on changes to the products/ services and their terms and conditions including the platform’s terms and conditions.
5. To take up or investigate any complaints/ claims/ disputes.
6. To respond to your queries or feedback submitted by you.
7. To verify your identity for us to provide products/ services to you.
8. To carry credit checks, screenings, or due diligence checks as lawfully required by us.
9. To monitor and review products/ services from time to time.
10. To undertake financial/ regulatory/ management reporting and create and maintain various risk management models.
11. To conduct audits and for record keeping purposes.
12. To enable us to show you advertisements which are relevant to you and your interests, selective offers and promotions, search results, location-based services based on consent given and if you sign up for such offers.
13. To auto populate such third-party page’s basis your click on advertisement instances on our website and you’re proceeding to such pages.
14. To comply with the requirements of applicable laws/ regulations and/ or court orders/ regulatory directives received by us.
15. To undertake any measure to provide medical treatment or health services to you during an epidemic, outbreak of disease, or any other threat to public health or to ensure your safety, or to aid or services to you during any disaster or any breakdown of public order.

We may process, store, and retain your Personal Data on our servers where the data centers are located, and/ or on the servers of third parties having contractual relationships with us. All Personal Data is stored in India. We will retain your data for the period that you continue to be our customer and for such period as required to comply with any obligation under any law for the time being in force.

Note: We respect your privacy and do not access your mobile phone resources such as files and media, contact lists, call logs, and telephony functions without your explicit consent.
This means that we will not:

• Access your photos, videos, or other files stored on your device.
• Access your contact list or address book.
• Access your call history or record your calls.
• Use your phone's microphone or camera without your permission.

We may share your data with competent/ legal/ statutory/ regulatory agencies/ authorities or partners/ service providers acting on our behalf (as the case may be) in the below cases. Such sharing of data is strictly on a “need to know” basis and subject to appropriate contractually bound confidentiality and security requirements in line with applicable laws:
1. For enabling the provision of the products/ services availed by you or providing you with products/ services to better serve your needs and interests.
2. Where it is directed or required by legal/ regulatory/ statutory/ governmental authorities/ judiciary under any applicable laws/ regulations or judicial pronouncement through a legally obligated request.

The details of our partners/ service providers/ third parties with whom we may share your Personal Data on a partial and “need-to-know” basis are enclosed herewith vide Annexure – A.

You may at any point in time choose to deny/ revoke consent for use and/ or restrict disclosure to third parties of any or all your data, and in these instances, we shall immediately cease to process your data or restrict the sharing of data, unless such processing or sharing is necessary under a legal/ regulatory requirement. However, in case you choose to opt for any such revocation/ restriction, we may not be able to offer/ serve you with various products/ services that require us to have your consent for using/ storing/ sharing your Personal Data in accordance with this Policy and in such case, we may have to withdraw/ stop any such products/ services being availed by you.

You may choose to delete your account at any point of time by making such a choice in One97’s desktop website, mobile WAP site or mobile application sending mail, and at this point, we may cease to provide you with our services. However, we will retain your Personal Data as long as the purpose for its usage exists, after which the same is disposed of by us except for any record retention required as per applicable law. The provisions of various laws require your transaction logs to be stored for longer periods post the deletion of an account. Further, in the event of the pendency of any legal/ regulatory proceeding or receipt of any legal and/ or regulatory direction to that effect, we may be required by the law of the land to retain your Personal Data for longer periods.
Note: For clauses VI and VII, you can send an email to [email protected] for further actions

You may review, update, or rectify any information provided to us by placing a request with us using the contact details provided under the ‘Contact us’ section.

1. Please note that a “cookie” is a small piece of information stored by a web server on a web browser so it can be later read back from that browser.
2. We may use cookie and tracking technology depending on the features offered.
3. No Personal Data will be collected via cookies and other tracking technology; however, if you previously provided Personal Data, cookies may be tied to such information.

Our website may contain links to other websites which are not maintained by us. This privacy policy only applies to us. You are requested to read the other websites’ privacy policies when visiting these websites.

We take various steps and measures to protect the security of your Personal Data from misuse, loss, unauthorized access, modification, or disclosure. We use the latest secure server layers encryption and access control on our systems. Our safety and security processes are audited by a third-party cyber security audit agency from time to time.

We have provided multiple levels of security to safeguard your app by Login/ Logout option, and App Lock feature for payments, that can be enabled by you. We also ensure the device binding so that the same login cannot be used on different devices without any additional authentication/ OTP. Please do not share your Account’s login, password, and OTP details with anybody.

When you submit credit or payment card information, we encrypt the information in compliance with Payment Card Industry (PCI) data security standards.

While we observe reasonable security measures to protect your Personal Information on all our digital platforms, security risks may still arise for reasons outside of our control such as hacking, virus dissemination, force majeure events, breach of firewall etc. Please note that the above-mentioned measures do not guarantee absolute protection to the Personal Information. We handle all such incidents as per applicable law.

You may contact us on any aspect of this policy or for any discrepancies/ grievances with respect to your Personal Data, by writing to our Grievance Officer as per the details provided below:

Name: Aditya Ranade
Designation: Nodal Grievance Redressal Officer
Email ID: [email protected]
Phone: 01205083345
One97 Communications Limited
One Skymark Tower-D Plot No H-1 OB Sector-98 Noida-201 04

This policy will be governed by and construed in accordance with the laws of India and subjected to the exclusive jurisdiction of Courts of New Delhi.