Privacy Policy

This Privacy Statement ("Privacy Statement" or "Policy") is part of Zilchfinpay.

This Policy outlines Zilchfinpay and Zilch Fintech Private Limited (hereafter "Zilchfinpay", "we", "us", or "our") practices concerning the storage, use, processing, and disclosure of personal data that you have chosen to share with us when you access our online store and marketplace, value-added services, educational platform and payment aggregation services ( hereafter "Services") on or through our different technology tools, including but not limited to our website and mobile application (collectively "Platform").

Zilchfinpay is committed to protecting your personal information. Please read the following policy carefully to understand our practices regarding your personal data and how we will treat it. We will be processing any personal data we collect from or about you or that you provide to us per this Policy.

By using our Services, you consent to the collection, storage, use, and disclosure of your personal data following, and agree to be bound by, this Policy. The Services are subject to this Policy and any other terms of your agreement with us.

THE DATA WE COLLECT ABOUT YOU

An individual's personal data, or personal information, is any information that can be used to identify that individual. There is no data where identities have been removed (for instance, anonymized data).

To the extent permitted by law, we may collect, use, store, and transfer different kinds of personal data about you to provide you with or in connection with the Services. Such personal data includes:

  • We collect personal information about you, such as your first and last name, username, business title, passwords, purchases or sales made through our Services, feedback, survey results, etc.
  • Information such as email addresses, phone numbers, delivery addresses, billing addresses, business addresses, and social media information.
  • Data we collect in relation to our underwriting processes when you choose to access certain features of our Services. For example, this includes documents issued and accepted as proof of identity and/or proof of address by any governmental body and/or Authority, including but not limited to passport, aadhaar card, election commission identification card, driving license number, permanent account number, current bank account statement and ration card.
  • Transaction data, including details about payments to and from you and details of the services you have purchased and sold.
  • Financial data, including the details of the financial products you have availed, bank account information, payment methods, cardholder information, UPI details, VPA details, etc.
  • Device data, including but not limited to:
  • SMS – SMS containing financial transaction data;
  • Location – location data recorded on your device;
  • Device Information – including the hardware model, operating system and version, IMEI and serial numbers, user profile information, IP addresses, browser types and versions, time zone settings, Wi-Fi and mobile networks;
  • Camera access- to enable you to take photographs of (a) the products you wish to sell; (b) documents that you wish to submit to Instamojo; (c) any other photographs that you may be required to submit via the Platform. For example, photographs pertaining to complaints and dispute redressal process, etc.
  • Contacts - information about your contacts stored on your device; and
  • Login accounts - list of accounts logged into from your device.

Marketing and communications data, including your preferences in receiving marketing from us, our third parties, and your communication preferences. We collect, use, and share aggregated data such as statistical data, financial, or credit information for any purpose. Aggregated data could be derived from your personal data but is not considered personal data under Applicable Laws. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature of the Services. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this Policy.

Where we need to collect personal data by law, or on Authority or under the terms of the arrangement we have with you, and if you fail to provide that data as and when requested by us, we may not be able to perform our obligations under the arrangement we have with you or are trying to enter into with you (for example, to provide you with features of the Services). In this case, we may have to cancel or limit your access to the Services.

HOW DO WE COLLECT DATA ABOUT YOU?

We use different methods to collect and process data about you.

  1. Information you give us: This is the information (including identity, contact, and marketing and communications data) you consent to giving us about you when you use our Services or by corresponding with us (for example, by email ). It includes information you provide when you register to use the Services, use an in-Platform feature, or share data through other activities commonly carried out in connection with the Services, and when you report a problem with the Platform and our Services. If you contact us, we will keep a record of the information shared during the correspondence.
  2. Information you give us: Information we collect about you and your device: Each time you visit our Platform or use our Services, we will automatically collect personal data, including device and usage data. We identified you were using cookies and other similar technologies.
  3. Information we receive from other sources, including third parties and publicly available sources: We will receive personal data about you from various third parties and public sources as set out below:
    1. Analytics providers;
    2. Advertising networks;
    3. Search information providers;
    4. Identity and contact data from data brokers, aggregators or social networks;
    5. Data from publicly available sources; and
    6. Dit registries, information bureaus, blacklists, sanctions lists, and other such registries/lists.

AUTHENTICITY OF INFORMATION

You agree that the information and personal data you provide us are true, correct, and accurate. You are solely liable for any incorrect or false information or personal data that you might provide. You may review the information and personal data you provided during your use of the Services and seek to correct or modify such information and data, where feasible. You may write to our Grievance Officer or us at the address provided in Section 12 of this Policy.

HOW DO WE USE AND DISCLOSE THE DATA WE COLLECT?

We will not use your personal data in a manner that is prohibited by law. We commonly use your personal data to provide you with the Services or where we need to comply with a legal or contractual obligation. You understand that when you consent to provide us with your personal data, you also consent to us sharing the same with third parties. You are aware that by using our Services, you authorize us, our associate partners, and affiliates to contact you via email, phone, or otherwise.

You are aware that any and all information pertaining to you, whether or not you directly provide it to us (through the Services or otherwise), including but not limited to personal correspondence such as emails, instructions from you, etc., may be collected, compiled, and shared by us to provide the Services to you. You expressly authorize us to do so. This may include but not be limited to storage providers, marketing partners, data analytics providers, consultants, lawyers, and auditors. We may also share this information with our parent company, subsidiaries, and affiliates.

You agree and acknowledge that we may share data without your consent when it is required by law, any court, government agencies or Authorities (including by police or regulatory bodies such as RBI or SEBI, banks, payment gateways, or schemes such as Visa, Mastercard, NPCI, etc.), to disclose such information. Such disclosures are made in good faith and believe that it is reasonably necessary to enforce this Policy or the Terms or comply with applicable laws and regulations.

In general, we will use your personal data in accordance with the following purposes:

  • To register you as a user;
  • To deliver Services and prepare statements for account maintenance;
  • To manage our relationship with you, including notifying you of changes to any Services;
  • To administer and protect our business and the Services, including troubleshooting, data analytics, and system testing;
  • For underwriting purposes, to monitor risks, frauds, and money laundering, for combatting the financing of terrorism, and such related purposes;
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
  • To comply with a legal or regulatory obligation.

You authorize us to send you electronic alerts and messages for details pertaining to registration on our Platform, requirements arising out of the provision of Services, and advertising. Further, you agree to receive promotional emails and other communication forms from us. Through such communication, you will receive information about the latest developments in the Services. You may unsubscribe from our mailing list at any time through the unsubscribe option we offer.

TRANSFER OF PERSONAL DATA

We comply with Applicable Laws in relation to the storage and transfer of data. Strictly subject to the RBI's guidelines and regulations, we may, where the law permits, transfer and store the information and personal data you provide to us in countries other than India. This may happen if any of our servers are from time to time located in a country other than India or if any of our service providers are located in a country other than India. Subject to the other provisions in this Policy, we may also share information with entities in countries other than India. These entities may be subject to data laws of their respective countries.

If you use the Services while you are outside India, your information may be transferred, subject to Applicable Laws, to a country other than India in order to provide you with the Services. By submitting your information and personal data to us, you agree to the transfer, storage, and processing of such information and personal data outside India in the manner described above.

THIRD-PARTY SERVICES

Our Services may, from time to time, contain services provided by or links to and from the websites of our partner networks, advertisers, and affiliates ("Third Party Services"). Please note that the Third Party Services that may be accessible through our Services have their own privacy policies. We do not accept any responsibility or liability for the policies or personal data collected through the Third Party Services. Please check their policies before submitting personal data to such websites or using their services.

COOKIES

Cookies are small data files that a site or its service provider transfers to your mobile phone or computer's hard drive through your web browser (if you allow) so that it can recognize your browser and remember certain information.

Cookies enable sessions and help us track and remember your preferences for future visits, keep track of advertisements, and compile aggregate data about site traffic and site interaction to present better tools and experiences in the future. We may contact third-party service providers to understand our site visitors better. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

You may also encounter Cookies or other similar devices on certain pages of the Services that have been placed by third parties. The use of cookies by third parties is beyond our control. You may send us personal correspondence, such as emails or letters, or other users or third parties may send us correspondence about your activities related to the Services.

DATA SECURITY

Our data security practices comply with RBI requirements, including PCI-DSS, the latest encryption standards, and transport channel security. We implement specific security measures, including encryption and firewalls, to protect your personal information from unauthorized access, which comply with the provisions of the Information Technology Act, 2000 and the applicable rules (Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011). By accessing the Services, you agree to assume all risks associated with disclosing personal information due to firewalls and secure server software breaches. Nevertheless, you agree that the above measures do not guarantee absolute protection of personal information.

We'll adhere to all requirements put forth under the RBI's guidelines, the Information Technology Act, 2000, and the rules that come with it.

DATA RETENTION

After the purpose for which your data was collected is achieved, we will continue to store and retain your data for a reasonable period or for as long as is permitted under applicable law.

BUSINESS TRANSITIONS

In the event of a business transition, such as a merger, acquisition by another organization, or sale of all or a portion of our assets, your personal data may be among the assets transferred.

CHANGE OF PRIVACY POLICY

We review our Policy regularly and may amend it from time to time at our discretion. The terms of this Policy may change and, if they do, they will be posted here and, where appropriate, you will be notified by email. Please review this Policy frequently.

GRIEVANCE OFFICER

You can contact us at info@zilchfinpay.com. Please get in touch with us if you have questions about this Policy or if you need your personal information reviewed or updated.