Thank you for showing interest in Bharat Interface for Money Application (“BHIM” or “App”) developed by National Payment Corporation of India (“NPCI” or “we”, or “us”). We value the trust you place in us. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, process, store, transfer, disclose and share your personal information. This Privacy Policy applies to your access and use of our App as further described in our BHIM Terms and Conditions available on our App. By downloading and using our App, you agree to be bound by this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use or access our App. By mere use of or access to our App, you expressly consent to our collection, use, process, storage, transfer, sharing and disclosure of your personal information in accordance with this Privacy Policy.

TYPES OF INFORMATION WE COLLECT

We collect personal and financial information from you when you download, transact or use or attempt to transact or use, register or access links available, on our App or interact with us, such as:

• Personal information such as your phone number, last four digits of Aadhaar number, customer relationship number (issued to you by biller/merchant), address (if you are a merchant) and other personal identifiable information that may be provided by you to use the App. 
• Financial and transaction information such as your bank account details, other financial transaction related information, including but not limited to, transaction details and history, withdrawal amount, payee details, OTP from bank or our App etc., log file information from application, software etc., metadata and other data) and other financial information that may be provided by you to use the App.
• Your device details like device identifier, SIM details, IP address, location.

Other Information we collect:

• If you give us access to your contacts, we will collect those contacts for providing service to you. However, we do not store these contacts.   
• We may use third party analytics services to collect information about how you use and interact with our App. Such third party analytics services may use cookies to gather information upon your use of our App. We use these analytics services to analyse how people use our App, to improve them, to customize the content/features users see/use based upon their interests. However, no personally identifiable information or payment sensitive information is shared or used for such analytical purposes.

HOW WE USE YOUR INFORMATION

We collect, process, use, store, transfer, disclose and share your information with your consent. By using the App and providing your personal information, you consent to the processing of your personal information in accordance with this Privacy Policy.

General Use. In general, the information you submit to us is used either to provide services to you or respond to requests that you make. We may use your information in the following ways: 

• To send you a welcome message and to verify ownership of the mobile number provided when your user account is created; 
• To identify you as a user in our system;
• To provide access to our App;
• To facilitate the creation of and secure your user account;
• To process payments and transactions on your behalf and on your instruction, send transaction information or intimation, other emails, communications and messages to you in relation to the payments, transactions, your instructions or services or products availed by you on the App or third party links on the App;
• To provide improved administration of our App;
• To notify you about updates to our App, payment reminders, bill details etc.;
• To improve and customize the quality of experience when you interact with our App;
• To send you administrative e-mails, messages or notifications, such as security or support and maintenance advice;
• To engage with or contact inactive users of our App;
• To analyse the data submitted/ provided by you inter alia to resolve the issues faced by you with respect to the usage of the App including while doing and after the completion of the transactions on the App;
• To send and allow third parties to send offers and promotional materials related to our App and/or products and/or services availed by you on the App;
• To resolve disputes, meet legal obligations.

Subject to the applicable laws and rules including guidelines issued by Reserve Bank of India, we may also use and share aggregated or de-identified information for any purpose and in any manner. This anonymous data we share may include non-personally identifiable data that we create using your personal information by excluding information that makes the data personally identifiable.

HOW WE SHARE YOUR INFORMATION

We may share or disclose your information only as permissible under applicable laws and as per terms of this Privacy Policy. We may share your personal information in the course of providing services and processing your transactions and other instructions with different persons and entities such as financial institutions, merchants, service providers, other entities participating in a payment system, business associates, government and regulatory authorities, consultants  and internal departments.

We may share your personal information, on a need to know basis, for the following purposes:

• Enabling Services. for enabling the Services or products availed by you using the App or for running promotions, facilitating the Transactions between you and the relevant financial institution, Services or product providers or the merchant, as the case may be, or otherwise processing your instructions;
• Grievances. for grievance redressal and dispute management related to the Services or products availed using the App or generally in relation to use of the App; 
• Support. to provide, improve, protect, and promote our App (such as third-party analytics tools to help us measure traffic and usage trends for our App), for security, analytics, research or sending you communications. These third parties will access your information only to perform tasks on our behalf and in compliance with this Privacy Policy; 
• Fraud and Risk management. For verification, investigation or prevention of frauds or to manage risks (including risk mitigation) or recover funds in accordance with applicable laws or for customer awareness and safety;
• Enforcing Rights. We may also disclose personal information to enforce our policies, respond to claims that a posting or other content violates others’ rights, or protects anyone’s rights, property or safety. 
• Compliance with laws. We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to: (a) comply with the laws; (b) if required to do so by law or any government or regulatory authority, where in good faith we believe that such disclosure is permissible under law or is necessary to respond to court orders or any other legal processes; (c) prevent fraud or abuse of our name, brands, trademarks or such other rights belonging to us or our other users; or (d) protect our rights. 
• We may share some or all of your information in connection with or during negotiation of any merger, financing, acquisition or dissolution, collaboration, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, your information may also be transferred as a business asset. If another entity acquires us or our business or assets, that entity will possess all your information collected by us and will assume the rights and obligations regarding your information as described in this Privacy Policy.

Stewardship of your data is critical to us and a responsibility that we embrace. We believe that our Users’ data should receive the same legal protections regardless of whether it’s stored on our servers or on their home computer systems or devices. We will abide by the following principles when receiving, scrutinizing and responding to government requests for our Users’ data:

• Be transparent,
• Protect all users, and
• Provide trusted services.

Where your information is shared with financial institutions and their service providers, Services or product providers or the merchants or any regulatory or government authorities, the use and processing of your information is governed by their respective policies. NPCI ensures strict obligations for protection of your information are imposed on these entities, wherever applicable and to the extent possible/feasible for NPCI. However, we do not accept any responsibility or liability for usage of your information by these third parties or their policies.

STORING OF INFORMATION 

• Retention. We will retain your personal information for as long as we need it or are required to store as per the applicable laws. 
• No warranty. We use commercially reasonable safeguards to help keep the information collected through our App secure and take reasonable steps (such as requesting a unique password or verifying the device) to verify your identity before granting you access to your account. Some of the salient features of information security system are: (a) Use of firewalls, encryption and data leakage prevention technologies to protect information; (b) audit of all vendors and service providers and execution of non-disclosure agreements before availing their services; (c) continuous monitoring of NPCI’s physical and technical environment for vulnerabilities and potential intrusions and implementation of controls to identify and address any concern related to protection of data; (d) NPCI has comprehensive documented information security policy and procedures and certified for Payment Card Industry – Data Security Standard (PCI-DSS), ISO27001 – ISMS to ensure that the information provided to it is reasonably secure, available and with assured quality; (e) NPCI is also certified ISO22301 compliant for its Business Continuity Management System and ISO9001 for Quality Management System. However, no method of transmission over the internet, or method of electronic storage, is 100% secure and so we cannot fully ensure or guarantee the security of any information you transmit to us or guarantee that information on our application may not be accessed, disclosed, altered, or destroyed by any person. 
• Retention of Information in India. We may store, process and transmit information in locations in India. Information may also be stored locally on the devices you use to access our App. By registering for and using our App, you consent to the transfer of information to any part of India in which we, our affiliates or service providers maintain facilities and the use and disclosure of information about you thereto as described in this Privacy Policy.

YOUR & THIRD PARTY INFORMATION

You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to emails and messages between you and us, at all times. We are not responsible for any third party functionality, privacy or security policies which you are bound by. Please do your part to help us. If you share/disclose to us any personal or other information relating to other people or entities, you represent that you have the authority to do so and permit us to use the information in accordance with this policy.

CHANGES

We may change, modify or add to this Privacy Policy in our sole discretion, at any time without providing a prior notice to you of the same. However, we shall endeavour to notify you of any change, modification or addition to this Privacy Policy. It shall be your responsibility to periodically review this Privacy Policy and keep your updated with any changes or modifications made herein. You shall be deemed to have accepted our changed, revised or modified Privacy Policy if you continue to use our App or avail our Services post changes, revision or modification in this policy and the last changed, revised or modified Privacy Policy shall be applicable to you.

GOVERNING LAW AND JURISDICTION

This Privacy Policy and the relationship between you and NPCI shall be governed by the laws of the India as applied to agreements made, entered into, and performed entirely in India, notwithstanding your actual place of residence. The appropriate courts and forums located at Mumbai, Maharashtra shall have exclusive jurisdiction in any proceedings arising out of the use of App, this Privacy Policy. NPCI may, however, in its absolute discretion commence any legal action or proceedings arising out of this Privacy Policy in any other court, tribunal or other appropriate forum and you hereby consent to that jurisdiction.

COMMUNICATIONS

We may periodically send you communications in-app or through other channels, including but not limited to, your mobile phone/contact number, WhatsApp or other social media platforms or email (if you share your email address).