Terms & Conditions
One97 Communications Limited
  • TERMS & CONDITIONS
  • GRIEVANCE
  • PRIVACY
  • LOAN PRODUCT- PRIVACY POLICY & T&C
  • ANTI BRIBERY AND ANTI CORRUPTION POLICY
  • UPI

We at One 97 Communications Limited (hereinafter collectively referred to as “Paytm”, “we”, “us”, “our”) respect the confidentiality and integrity of your Personal Data (Def: “personal data” means any data about an individual who is identifiable by or in relation to such data). At Paytm we are committed to ensure that your Personal Data is processed in a clear and transparent manner, as set out herein.

Paytm strongly recommends that you read this Privacy Statement thoroughly so that you are familiar with its privacy practices involving your Personal Data while using its products or services.

Our Privacy Promise
we promise:

  • To keep your Personal Data safe and private.
  • To empower you to manage and review your marketing choices.
  • Not to sell your Personal Data to any third party.

1. WHAT ASPECTS DOES THE PRIVACY STATEMENT COVER?
This Privacy Statement shall apply uniformly to Paytm’s desktop website, mobile WAP site & mobile applications. This Privacy Statement outlines how Paytm collects, uses, shares, retains, transfers, and stores your Personal Data. We also inform you about your rights with respect to your Personal Data. Additionally, for each individual product, we provide a Privacy Notice, informing you about the usage and purpose of your Personal Data which ensures transparency & familiarity with our privacy practices.
By using our products or services, you agree to this Privacy Statement and provide your free, specific, informed, unambiguous and unconditional consent to the practices described in this Privacy Statement. Paytm collects your Personal Data only to the extent necessary to process your requirements, in the manner prescribed in this Privacy Statement, and in accordance with the applicable laws. However, in case you choose not to share your Personal Data as required, with us, we may not be able to provide you with any products or services.
2. WHAT ARE THE GOVERNING LAWS AND JURISDICTION?

Our commitment to safeguarding your privacy has been outlined in this Privacy Statement, which shall be governed by the Digital Personal Data Protection Act, 2023. This Privacy Statement shall also be governed by the Information Technology Act, 2000, and other applicable laws of India, subject to the exclusive jurisdiction of Courts of New Delhi. Further, this Privacy Statement has been made in lines with the compliance requirements under ISO 27001.

3. WHAT PERSONAL DATA DOES PAYTM COLLECT?
Paytm collects your Personal Data, as you have disclosed to us, to provide and continually improve its products or services. The Personal Data collected includes but is not limited to:
i. Contact Details- Name, mobile number, residential address, date of birth, documents such as identity card, passport details, Aadhaar details, PAN, Voter ID, driving license, education details.
ii. Transaction and Financial Details- Transaction history, payment details and financial details, such as income, expenses, and/ or credit history needed as part of availing some of our products/ services.
iii. Audio and Visuals- Images of documents or photos required to avail any of our products/ services and voice recordings of your conversations with our customer care agent(s) to address your queries and/ or grievances.
iv. Employment Details- Occupation, designation, employment history, salary and/or benefits, as part of our record retention.
v. Signature- Specimen signature(s) for processing of your instructions received by us through our various payment and delivery channels.
vi. Surveys- Opinions provided by you to us by way of feedback or responses to surveys.
vii. Mobile Device Information- Information obtained from your mobile device by way of using the Paytm application, like device location, communication information including phone number, SIM Serial Number, contacts and call logs, device information (including storage, model, IMEI, Network Carrier information), transactional and promotional SMS/app notifications
viii. In-app Functionalities-
  • Access to your mobile camera device for the functioning of many in-app functionalities for recording video including, but not limited to video KYC process, scan & pay etc.
  • Access to the microphone to record audio for carrying out video KYC process, voice typing etc.
  • Access to files from your mobile device such as audio, video files for the functioning of many in-app functionalities including, but not limited to in-app chat.
ix. Other access-
  • Access to Wi-Fi details through SSID information from your device, to notify users about the security of Wi-Fi network.
  • Access to the Near field Communication (NFC) chip on device to enable tap to pay functionality.
4. HOW DOES PAYTM PROCESS YOUR PERSONAL DATA?
Paytm processes your Personal Data with your consent or for Legitimate uses, in its business activities for providing our products or services, and to perform, among other actions, the following:
i. To process the data for the specified purposes for which it was provided to us voluntarily. For example, if you make a purchase and request a receipt from us, Paytm may process your Personal Data for that purpose.
ii. To facilitate the transactions or report on these transactions.
iii. To undertake research and analytics for offering or improving our products/ services and our security and service quality.
iv. To develop new products/ services and to monitor and review products/ services from time to time.
v. To check and process the requirements submitted to us for availing products/ services and/ or instructions or requests received from you in respect of the products/ services.
vi. To respond to queries or feedback submitted by you.
vii. To verify your identity for us to provide or offer products/ services to you.
viii. To share with you, updates on changes to the products/ services and their terms and conditions including the Paytm Platform’s terms and conditions.
ix. To take up or investigate any complaints, claims or disputes raised by you or any third- parties.
x. To notify in case of suspicious activities or blocking of transactions as per our risk engines.
xi. To carry screenings, audits, due diligence checks and/or record keeping purposes as lawfully required by us.
xii. To undertake financial, regulatory or management reporting and create and maintain various risk management models.
xiii. To enable us to show you advertisements, selective offers and promotions, search results, location-based services, which are relevant to you and your interests.
xiv. To auto populate such Third-Party pages based on your click on advertisement instances on our website and proceeding to such pages.
xv. To adhere to judgements, decrees, or orders issued under Indian Laws or those pertaining to contractual or civil claims under foreign laws.
xvi. To fulfill state requirements for subsidies, benefits, services, certificates, licenses, or permits, or to ensure sovereignty, integrity, and security of India.
xvii. To fulfill legal obligation under applicable laws to disclose information to the state or its instrumentalities.
xviii. To respond to a life-threatening medical emergency ensuring safety and providing necessary assistance or services during disasters, epidemics, or disease outbreak.
5. HOW DOES PAYTM HANDLE PERSONAL DATA OF CHILDREN AND PERSONS WITH DISABILITY?
Services offered by Paytm are not available to persons below the age of 18 nor does Paytm knowingly solicit or collect Personal Data from such persons. We obtain verifiable consent of the parent or lawful guardian prior to processing children’s Personal Data. If you have shared any Personal Data of children under the age of 18 years, you represent that you have the authority to do so and permit us to use it in accordance with this Privacy Statement. Additionally, we obtain verifiable consent of the parent or lawful guardian of Persons with Disability, prior to processing their Personal Data.
Paytm does not engage in tracking, behavioural monitoring or targeted advertising concerning children’s Personal Data.
6. DOES PAYTM USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
Paytm may use cookies and other tracking technology depending on the features offered, to enhance your experience, analyse usage patterns, and personalize content. We do not collect any Personal Data via cookies and other tracking technology, however, if you previously provided Personal Data, cookies may be tied to such data.
7. DOES PAYTM SHARE PERSONAL DATA WITH THIRD PARTIES/ SUBSIDIARIES/AFFILIATES?
We only share the data on a “need-to-know” basis to designated personnel or third-parties, Affiliates or Subsidiaries in our business and operational processes.
For example, when you make purchases through the Paytm Platform, Paytm may collect and store information about you to process your requests and auto populate forms for future transactions. This information may be shared with third parties which assist in processing and fulfilling your requests, including but not limited to Payment Card Industry (PCI) compliant payment gateway processors, and for providing you with products/ services to better serve your needs and interests.
8. DOES PAYTM SHARE YOUR PERSONAL DATA INTERNATIONALLY?
Paytm may process, store, and retain your Personal Data on its servers where the data centres are located, and/ or on the servers of third parties having contractual relationships with it. We do not transfer any Personal Data to such a country or territory outside India as restricted by the Government.
9. HOW DOES PAYTM KEEP YOUR PERSONAL DATA SAFE?
Paytm takes reasonable security safeguards to protect your Personal Data from misuse, loss, unauthorised access, modification, or disclosure and uses the latest secure server layers encryption and access control on its systems. Among the other things, we use the following measures-
i. When you submit credit or payment card information, we encrypt the Data in compliance with PCI Data security standards.
ii. Paytm provides multiple levels of security to safeguard your Paytm Application by login/ logout option, and app lock feature for payments, that may be enabled by you.
iii. Paytm makes sure that once you login, you can't use the same account on a different device without extra security like additional authentication/ OTP. While Paytm implements reasonable security measures, we cannot guarantee absolute protection for Personal Data due to factors beyond our control, such as hacking, virus, dissemination, force majeure events, breach of firewall etc.
10. HOW CAN YOU EXERCISE YOUR RIGHTS?
You have certain rights in relation to the Personal Data processed by Paytm as described below-
a. Right to Access: You can access a summary of your Personal Data that we process, including the processing activities for which it is being used, as well as the identities of all other third-parties with whom the Personal Data has been shared along with a description of the Personal Data so shared.
b. Right to Correction and Erasure of Personal Data: You can request the correction, completion, updating and erasure of your Personal Data that we possess. Paytm shall erase the Personal Data on request, unless retention is necessary for the specified purpose or for compliance with the applicable laws.
c. Right to Withdraw Consent: You have the right to withdraw your consent at any time if you no longer want your Personal Data to be processed by us unless retention is necessary for the specified purpose or for compliance with applicable laws.
d. Right to Grievance Redressal: You may contact us in respect of any act or omission by Paytm regarding the performance of its obligations in relation to your Personal Data or the exercise of any rights.
e. Right to Nominate: You may nominate any other individual to exercise any of your above- mentioned rights in the event of your incapacity or death.
For you to exercise these rights that you have regarding your Personal Data, you may contact us by email at [email protected].
11. HANDLING DATA PRINCIPAL RIGHTS REQUESTS
Paytm is committed to protect your privacy rights and takes all necessary steps to ensure that Data Principal Requests (DPRs) are handled in a timely and effective manner, regardless of the type of Personal Data involved. Your ability to exercise the rights depends on various factors. In some cases, we may be unable to process your request on the basis of reasonable grounds for refusal or when the right does not apply to specific information we hold about you. We take the following steps to handle DPRs, which will vary based on the type of Personal Data involved:
i. Raising a Request- The Data Principal will be responsible for raising a request to us. The Data Principal will provide us with the necessary information to identify themselves and the Personal Data requested. We use verifiable means for identity verification and process the request in accordance with the Data Principal’s instructions.
ii. Timeframe for Response- We acknowledge DPR’s requests within 3 working days from the date of receipt of the request unless an extension is necessary and permissible under the applicable laws.
iii. Documentation- We maintain records of all DPR requests, and the actions taken in response to each request and shall be maintained for the period as may be specified by the applicable laws.

Note for Sections 10 and 11: The ability to exercise these rights will be fully operational upon notification of the DPDP Act, rules and applicable/enforcement dates. We are committed to complying with the DPDP Act and will update this policy accordingly.

For you to exercise the data principal rights that you have regarding your Personal Data, you may contact us by email at [email protected]
12. HOW LONG DOES PAYTM KEEP YOUR DATA?

You can delete your account through Paytm’s desktop website, mobile WAP site, or mobile application. Once deleted, we cease the external processing of your Personal Data.

We retain Personal Data until the purpose for its usage exists, after which the same is erased by us, or until you withdraw your consent, or until you exercise the right to erasure of your Personal Data, whichever occurs earlier. However, we may retain your Personal Data for longer periods in the following circumstances:
i. If it is necessary for the specified purpose for which it was collected or for compliance with any applicable law.
ii. In the event of pendency of any legal or regulatory proceeding.
iii. For safety, security, and integrity purposes.
iv. Any other purposes such as any judicial and/or governmental investigations.
v. To protect our rights, property, or products/ services.

13. HOW WILL YOU KNOW THE CHANGES IN PRIVACY STATEMENT?
Paytm reserves the right to modify this Privacy Statement periodically to reflect updates to its business processes, current acceptable practices, or legislative or regulatory changes. The latest version can be found at https://paytm.com/company/terms-and-conditions. Please check the “Document Last updated” legend at the top of this page to see when this Privacy Statement was last updated. In case of any significant changes, we will notify you via email or display a notice on our website. You will have the opportunity to review the updated Privacy Statement before deciding to continue using our products or services.
14. HOW TO CONTACT US?
You may contact us on any aspect of this Privacy Statement or for any grievance(s) with respect to your Personal Data, through email at [email protected].
In case of any questions about our privacy practices or if you believe that we may have inadvertently collected Personal Data without proper consent, you may also contact us by writing to our Data Protection Officer as per the details provided below:

Name: Anand Kumar Kasturi
Designation: Data Protection Officer
Email ID: [email protected]
Address: One97 Communications Limited
Skymark One, Sector 98, Noida - 201304.
APPENDIX

DEFINITIONS


Affiliate- In relation to another company, it means a company in which that other company has a significant influence, but which is not a subsidiary company of the company having such influence and includes a joint venture company.
Data Principal- The individual to whom the Personal Data relates and where such individual is-
i. a child, includes the parents or lawful guardian of such a child.
ii. a person with disability, including her lawful guardian, acting on her behalf.
This includes Paytm’s users, employees, and other individuals whose Personal Data is being processed by the Company.
Incapacity- Inability to exercise rights due to unsoundness of mind or infirmity of body.
Legitimate use- It refers to the uses for which your Personal Data may be processed as per the Digital Personal Data Protection Act, 2023.
Persons with Disability- It includes those who have long term physical, mental, intellectual, or sensory impairments which in interaction with various barriers may hinder their full and effective participation in society on an equal basis with others.
Subsidiary- Subsidiary company or subsidiary, in relation to any other company (the holding company), means a company in which the holding company—
i. controls the composition of the Board of Directors,
ii. exercises or controls more than one-half of the total share capital either at its own or together with one or more of its subsidiary companies
Provided that such class or classes of holding companies as may be prescribed shall not have layers of subsidiaries beyond such numbers as may be prescribed.
Third Parties- Any individual or entity who processes Personal Data on behalf of Paytm. Third Parties include but are not limited to Partners and Service Providers.

Last Updated – 11th Mar 2024