1. INTRODUCTION:

Thank you for showing interest in Bharat Interface for Money Application (“BHIM” or “App”) developed by NPCI BHIM Services Limited (“NBSL”), a wholly owned subsidiary of National Payment Corporation of India (“NPCI”) or “we”, or “us” or “our”). We value the trust you place in us. We are committed to protecting your privacy. This privacy policy (‘Privacy Policy’) explains how we collect, use, process, store, transfer, disclose and share your personal information. This Privacy Policy applies to your access and use of our App as further described in our BHIM Terms and Conditions available on our App or website. By downloading and using our App, you agree to be bound by this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use or access our App. By mere use of or access to our App, you expressly consent to our collection, use, process, storage, transfer, sharing and disclosure of your personal information in accordance with this Privacy Policy.

This Privacy Policy explains:

• The type of information that we collect
• How we may use this information
• How and to whom we may disclose such information
• How we protect such information
• How you may access or modify your personal information

2. TYPES OF INFORMATION WE COLLECT

We process your personal and financial information that you provide when you interact with us, such as when you download, transact or use or attempt to transact or use, register or access links available, on our App. These categories of personal and financial information, including sensitive personal data or information, with your consent, where we process your personal information independently.

We collect the following personal and financial information :

• Your phone number,
• last six digits of Aadhaar number,
• customer relationship number (issued to you by biller/merchant),
• other personal identifiable information that may be provided by you to use the App.
• Financial and transaction information such as your bank account details,
• other financial transaction related information, including but not limited to, transaction details and history, withdrawal amount, payee details, OTP from bank or our App etc., log file information from application, software etc., metadata and other data)
• other financial information that may be provided by you to use the App.
• Your device details like device identifier, SIM details,
• Internet Protocol (IP) address and location data (for example, the IP address and location data from a mobile phone and
• Passwords, when you create an account-based relationship with us
• If you give us access to your contacts, we will collect those contacts for providing service to you. However, we do not store these contacts.
• We may use third party analytics services to collect information about how you use and interact with our App. Such third party analytics services may use cookies and information which is captured by us to gather information upon your use of our App. We use these analytics services to analyse how people use our App, to improve them, to customize the content/features users see/use based upon their interests. However, no personally identifiable information or payment sensitive information is shared or used for such analytical purposes.
• We may also automatically collect certain device-related information and browsing history. For more details, please see our Cookie Policy available here. [NBSL to hyperlink the Cookie Policy here]

We also recommend checking the policies of your relevant bank and/or financial institution for their practices on collection and processing of personal information for payment transactions.

NBSL does not store or processes any health information and biometric information of users.

3. HOW WE USE YOUR INFORMATION

We collect, process, use, store, transfer, disclose and share your information with your consent. By using the App and providing your personal information, you consent to the processing of your personal information in accordance with this Privacy Policy.

General Use: In general, the information you submit to us is used either to provide services to you or respond to requests that you make. We may use your personal information for the following purpose:

• To send you a welcome message and to verify ownership of the mobile number provided when your user account is created;
• To identify you as a user in our system;
• To provide access to our App;
• To facilitate the creation of and secure your user account;
• To process payments and transactions on your behalf and on your instruction, send transaction information or intimation, other emails, communications and messages to you in relation to the payments, transactions, your instructions or services or products availed by you on the App or third party links on the App;
• To provide improved administration of our App;
• To notify you about updates to our App, payment reminders, bill details etc.;
• To improve and customize the quality of experience when you interact with our App;
• To send you administrative e-mails, messages or notifications, such as security or support and maintenance advice;
• To engage with or contact inactive users of our App;
• To analyse the data submitted/ provided by you inter alia to resolve the issues faced by you with respect to the usage of the App including while doing and after the completion of the transactions on the App;
• To send and allow third parties to send offers and promotional materials related to our App and/or products and/or services availed by you on the App;
• To resolve disputes, meet legal obligations;
• To run and advertise various schemes and initiatives run by us or our affiliates;
• To provide various offers and personalised schemes for you;To create UPI number using customer mobile number if not already created for inward payment.
• To research, analyse and develop our services or products.
• To communicate with you, such as about changes in our services or this Privacy Policy.
• Any other purpose that: (i) may be necessary to provide our services that you have opted for; or (ii) may be required by the banks or other financial institutions, where we process personal data on their behalf.

Subject to the applicable laws and rules including guidelines issued by Reserve Bank of India, we may also use and share aggregated or de-identified information for any purpose and in any manner. This anonymous data we share may include non-personally identifiable data that we create using your personal information by excluding information that makes the data personally identifiable.

Automated Decision Making:

To meet regulatory requirements, acting on behalf of NPCI, NBSL may carry out automated checks on payment transactions and participants in payment transactions. Based on such automated checks, NBSL may during the course of transaction processing decide that your transaction poses a risk of being categorised as a potential fraud and report the results of processing to associated banks, financial institutions and fraud prevention agencies.

NBSL may then act on the instructions of fraud prevention agencies, banks and financial institutions, and may take the following actions:

• Decline to provide the services you have requested, or stop providing existing services;
• Share a record of suspicious transactions associated with you with the fraud prevention agencies and regulators; and
• Share a result of additional checks with associated banks and financial institutions.

4. HOW WE SHARE YOUR INFORMATION

We may share or disclose your information only as permissible under applicable laws and as per terms of this Privacy Policy. We may share your personal information in the course of providing services and processing your transactions and other instructions with different persons and entities such as financial institutions, merchants, service providers, other entities participating in a payment system, business associates, government and regulatory authorities, consultants, our affiliates and internal departments.

We may share your personal information, on a need to know basis, for the following purposes:

• Enabling Services for enabling the Services or products availed by you using the App or for running promotions, facilitating the Transactions between you and the relevant financial institution, Services or product providers or the merchant, as the case may be, or otherwise processing your instructions;
• Grievances for grievance redressal and dispute management related to the Services or products availed using the App or generally in relation to use of the App;
• Support to provide, improve, protect, and promote our App (such as third-party analytics tools to help us measure traffic and usage trends for our App), for security, analytics, research or sending you communications. These third parties will access your information only to perform tasks on our behalf and in compliance with this Privacy Policy;
• Fraud and Risk management For verification, investigation or prevention of frauds or to manage risks (including risk mitigation) or recover funds in accordance with applicable laws or for customer awareness and safety;
• Enforcing Rights We may also disclose personal information to enforce our policies, respond to claims that a posting or other content violates others’ rights, or protects anyone’s rights, property or safety.
• Compliance We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to:
  • comply with the applicable laws;
  • if required to do so by law or any government or regulatory or statutory authority, where in good faith we believe that such disclosure is permissible under applicable laws;
  • prevent fraud or abuse of our name, brands, trademarks or such other rights belonging to us or our other users;
  • law enforcement authorities, investigating agencies and entities or persons, to whom it is mandatory to disclose the personal information as per the applicable law, including upon receipt of a lawful access request from a governmental authority, or upon being directed to do so by a judicial institution/authority,
  • courts, judicial and quasi-judicial authorities and tribunals, arbitrators and arbitration tribunals.
• We may share some or all of your information in connection with or during negotiation of any merger, financing, acquisition or dissolution, collaboration, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, your information may also be transferred as a business asset. If another entity acquires us or our business or assets, that entity will possess all your information collected by us and will assume the rights and obligations regarding your information as described in this Privacy Policy.
• We have put in place appropriate technical, organisational and contractual safeguards to ensure that your information remains adequately protected in accordance with standards as required or equivalent to those under applicable law.
• Stewardship of your data is critical to us and a responsibility that we embrace. We believe that our Users’ data should receive the same legal protections regardless of whether it’s stored on our servers or on their home computer systems or devices. We will abide by the following principles when receiving, scrutinizing and responding to government requests for our Users’ data:
• Be transparent,
• Protect all users, and
• Provide trusted services.
• Where your information is shared with financial institutions and their service providers, services or product providers or the merchants or any regulatory or government authorities, the use and processing of your information is governed by their respective policies and as per applicable laws. NBSL and NPCI ensures strict obligations for protection of your information are imposed on these entities, wherever applicable and to the extent possible/feasible for NBSL and NPCI. However, we do not accept any responsibility or liability for usage of your information by these third parties or their policies.

5. STORING OF INFORMATION

• Data Retention: . As a corporate body, NBSL maintains the records and information in a safe and secured manner. We retain the personal information we collect about you on our systems for as long as required for the purposes set out above and based on our retention policies, which may include retention beyond the expiry of our transactional relationship with you for the following reasons:
  • as required to comply with any legal and regulatory obligations to which we are subject; or
  • for the establishment, exercise, or defense of legal claims to the extent permitted under applicable laws.
• Data Storage: Personal Information collected or processed in accordance with this Privacy Policy is stored in electronic files within NPCI’s premises, and approved archives. The information is securely stored, and access is restricted to authorised personnel for authorised purposes only.
• No warranty: NBSL takes commercially reasonable safeguards to help keep the information collected through our App secure and take reasonable steps (such as requesting a unique password or verifying the device) to verify your identity before granting you access to your account
• Retention of Information in India. We may store, process and transmit information in locations in India. Information may also be stored locally on the devices you use to access our App. By registering for and using our App, you consent to the transfer of information to any part of India in which we, our affiliates or service providers maintain facilities and the use and disclosure of information about you thereto as described in this Privacy Policy.

6. SECURITY MEASURES

NBSL follows appropriate operational, physical, electronic, procedural, and technical safeguards against any unauthorized access or breach of data security to avoid any disclosure or loss or damage to the subjects of personal information. Some of the salient features of our information security controls are as follows:

• Use of firewalls, encryption and data leakage prevention technologies to protect information;
• audit of all vendors, affiliates and service providers and execution of non-disclosure agreements before availing their services;
• continuous monitoring of NPCI and/or NBSL’s physical and technical environment for vulnerabilities and potential intrusions and implementation of controls to identify and address any concern related to protection of data;
• NPCI Group, a parent organization of NBSL, vide RBI letter dated 8th May 2024, granted approval to NPCI for setting up a wholly-owned subsidiary __ has comprehensive documented information security policy and procedures and certified for Payment Card Industry – Data Security Standard (PCI-DSS), ISO27001 – ISMS to ensure that the information provided to it is reasonably secure, available and with assured quality; (e) NPCI is also certified ISO22301 compliant for its Business Continuity Management System and ISO9001 for Quality Management System.

7. YOUR CHOICE:

If you consent to our processing of your personal information under this Privacy Policy, you can always withdraw your consent at any time by going to Settings in BHIM application and click on “ Deregsiter/Revoke Your Consent” . Please note, however, that this may prevent us from effectively providing some or all services to you and we may continue processing your personal information for purposes required under applicable law (such as regulatory reporting).

Where we process your personal information on behalf of banks or other financial institutions as a payment system provider/ Third Party Application Provider, you may approach the relevant bank or financial institution for exercising your choices highlighted above.

8. YOUR & THIRD PARTY INFORMATION

You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to emails and messages between you and us, at all times. We are not responsible for any third party functionality, privacy or security policies which you are bound by. If you share/disclose to us any personal or other information relating to other people or entities, you represent that you have the authority to do so and permit us to use the information in accordance with this Privacy Policy.

9. CHANGES TO THE PRIVACY POLICY

NBSL reserves the right to change, modify or amend this Privacy Policy, at any time without providing a prior notice to you of the same We would recommend to periodically review this Privacy Policy and keep yourself updated with any changes or modifications made herein. You shall be deemed to have accepted our changed, revised or modified Privacy Policy if you continue to use our App or avail our Services post revision or modification in this policy and the last changed, revised or modified Privacy Policy shall be applicable to you.

10. GOVERNING LAW AND JURISDICTION

This Privacy Policy and the relationship between you and NBSL shall be governed by the laws of the India as applied to agreements made, entered into, and performed entirely in India, notwithstanding your actual place of residence. The appropriate courts and forums located at Mumbai, Maharashtra shall have exclusive jurisdiction in any proceedings arising out of the use of App, this Privacy Policy. NBSL may, however, in its absolute discretion commence any legal action or proceedings arising out of this Privacy Policy in any other court, tribunal or other appropriate forum and you hereby consent to that jurisdiction.

11. COMMUNICATIONS

We may periodically send you communications in-app or through other channels, including but not limited to, your mobile phone/contact number, WhatsApp or other social media platforms or email NBSL also provides an opt-out or unsubscribe option to the users/customers, wherever applicable, to exclude themselves from receiving any communications from NBSL.

12. CHILDREN PRIVACY:

NBSL’s services are not directed towards or intended for persons under the age of 18 years, and we take measures to prevent access to our services by persons under the age of 18 years. You hereby represent and warrant that you are 18 years or above of age. If you are under the age of 18 years, you must not access or attempt to access our services and we may terminate your use of our services at any time. NBSL reserves the right to initiate relevant legal action in case such instances are detected.

13. CONTACT INFORMATION

Any correspondence sent to NBSL is treated as record and will be retained as required by law. The name and address details of senders are neither added to a mailing list nor disclosed to third parties without consent of the sender unless required by law. Email messages may be monitored by NBSL for processing the requests, system troubleshooting and other maintenance purposes.

For any further queries and complaints related to privacy, or exercising your rights associated with your personal data, you can reach us at our email address: privacy.support@npci.org.in.

For any other queries relating to NBSL website, services, and other matters, you can reach us at our email address: contact@npci.org.in.

NBSL Cookie Policy

Guidance on Cookies

This section explains how and why cookies (“Cookies”) and other similar technologies (collectively “Cookies and Other Tracking Technologies”) may be stored and accessed from your device when you use or visit our website. The Cookie Policy should be read together with our NBSL Privacy Policy. By continuing to browse or use our website, you agree that we can store, and access Cookies and Other Tracking Technologies as described in this section.

USE OF COOKIES

NBSL may use a browser feature known as “cookie.”

Cookies are small files placed on your hard drive that assist in providing a user with a customized browsing experience. Cookies provide convenience to the user using the website to access the same from the place where it was last accessed, if it is abandoned mid-way.

When a user visits NBSL’s website, the website administrator may use cookies to monitor the usage and collect statistics from the browser(s) used by users, including and not restricting the information about the time and date when a user accessed the site, the pages user visited, the Internet domain and IP address from which the user has accessed the website and information on the browsing software the user has used to access the website. However, no attempt is made to gather or keep personal details to identify users except, in an unlikely event of an investigation, where a law enforcement agency may exercise a power to inspect activity logs.

How to manage the use of Cookies on NBSL’s Website?

NBSL Website uses only Mandatory Cookies. To remove any third-party Cookies which is not under the purview of NBSL, you can manage these through your browser settings.

Please find the links below to get more information about how to make changes in your browser settings for commonly used web browsers:

• Google Chrome (https://support.google.com/chrome/answer/95647?hl=en-GB)
• Mozilla Firefox (https://support.mozilla.org/en-US/kb/delete-browsing-search-download-history-firefox?redirectlocale=en-US&redirectslug=Clear+Recent+History)
• Microsoft Edge (https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09)
• Apple Safari (https://support.apple.com/kb/PH5042?locale=en_US)
• Some browsers, such as Chrome and Firefox, allow you to change your settings to browse in ‘incognito’ mode, limiting the amount of data placed on your machine and automatically deleting any persistent Cookies placed on your device when you finish your browsing session. There are also many third-party applications which you can add to your browser to block or manage Cookies.

Clearing existing Cookies

To clear Cookies that have previously been placed on your browser, you should select the option to clear your browsing history and ensure that the option to delete or clear Cookies is included.

CONTACT

If you have any query about privacy and security practices of NBSL and its affiliates, you may reach out to us at privacy.support@npci.org.in