MONEPEAK FINTECH PRIVATE LIMITED
PRIVACY POLICY
Effective Date: January 1, 2022
The Privacy Policy covers the practices for handling and securing your Personal Information (as enumerated below) by Monepeak Fintech Private Limited (the “Company”), its products, platforms, brands (including “Card91” and “Xoltt”), and its affiliates. This Privacy Policy is applicable to persons who procure any products or services provided by or facilitated by the Company (collectively, the “Services”) through our mobile applications including Android and iOS applications and their web counterparts.websites, mobile sites, other online channels (collectively, the “Channel”) and through other interactions and communications you or your business or employee has with the Company.
The Company intends to protect the privacy of its users and members with respect to the Services accessed or availed on the Channel and the privacy of the data provided by them to Xoltt and/or Card91 from time to time. We have created this Privacy Policy to demonstrate our respect for and commitment to the protection of your Personal Information.
Further, the privacy of our Channel users, whether you are our former or existing registered user or a visitor to our Channel, is important to us and we are strongly committed to your right to privacy and to keeping your personal and other information secure while ensuring the lawful, legitimate and responsible processing and use. We encourage you to read this Privacy Policy to understand what types of information we collect and how we use such information.
For the purposes of rendering the Services, the Company may collect your Information from various channels, including, but not limited to, voluntary submission of information from your end in furtherance of the access or usage of the Services, through requests initiated by you through the Services and through communication with third parties.
The minimum age for a user to be registered for the Services is the age of contractual consent under applicable law or 18 years, whichever is lower. Some of our services may however be targeted at and/or available to minors who are below the age of contractual consent under applicable law or 18 years, as applicable (‘Minor Users’). In such cases Minor Users may be able to download applications created or supported by us or may otherwise use our Services. During the registration process, we may ask the Minor Users to provide certain information for notification and security purposes, including a parent or guardian’s identification and contact information, the Minor Users’ name and gender, the member or account username, and password. We also may ask for birth dates to validate ages. We strongly advise children never to provide any personal information unless specifically sought. Minor Users can choose whether to share their information with us, but certain features cannot function without it. As a result, Minor Users may not be able to access certain features if required information has not been provided. We will at all times attempt to minimise Minor User information and avoid seeking more information than is reasonably necessary in order to participate in any Services.
In certain scenarios, we will process personal data from you only after you have provided specific consent for that specific purpose. In case of Minor Users we will not allow access to any services unless parent or guardian consent is first obtained permitting access to Services and confirming the applicability of this Policy. Parents and guardians are encouraged to maintain oversight of their Minor Users’ accounts and also to regulate their use of any Services. We will, based on the nature of Service make best efforts to provide tools for supervision and review to parents and guardians. The primary responsibility for ensuring and maintaining the Minor Users’ Privacy shall however be that of the parent or guardian.
In all cases, by accessing any of our Channels, you expressly consent and confirm to the Company collecting, maintaining, using, processing and disclosing your Personal Information and other information in accordance with this Privacy Policy and the the applicable Terms of Use. If you do not agree with this Privacy Policy or the Terms of Use at any time, please do not use any of the Services or give us any private information.
For the purpose of providing you Services, we require you to get yourself enrolled on our Channel and get yourself registered either directly or through a Client or Channel Partner of the Company. In this process of registration and/or use of the Services, we would collect the information under the following categories, which would constitute Personal Information:
Please note that the Company DOES NOT trade or sell your Personal Information in any manner.
Any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or Personal Information for the purposes of this Privacy Policy.
This information includes the IP address of the device used to connect to the Company’s Channel along with other information such as browser details, operating system used, the name of the website or application that redirected the visitor to the Card91’s Channel, etc. Further, when you browse our Channel or receive one of our emails, Card91and/or Xoltt and our affiliated/ authorised entities, use cookies and/or pixel tags to collect information and store your online preferences. Aggregate information of you and other users collectively or in summary on an anonymised basis shall also be non-personal information.
We may from time to time add or enhance the Services available on our Channels. To the extent these Services are provided to and used by you, we will use the information you provide to facilitate the Services. For example, if you email us with a question, we will use your email address, name, nature of the question, etc. to respond to your question. We may also store and publish such information to assist us in making the Channel better and easier to use.
Please Note: Our Services are a dynamic, innovative environment, which means we are always seeking to improve the Services we offer you. We often introduce new features, some of which may result in the collection of new information (for example, when the badges feature will be launched, we will be collecting information about project completion for which Members were enrolled in and the difficulty level of them). Furthermore, new partnerships or corporate acquisitions may result in new features, and we may potentially collect new types of information. If we start collecting substantially new types of personal information and materially change how we handle your data, we will modify this Privacy Policy and notify you in accordance with this Policy.
We will not trade or sell your PII in any manner, except as specified herein, or unless express consent is sought from you. We use the information provided by you and collected from you primarily for the purposes of rendering the Services sought by you. Additionally, we would also be using the information for our internal operational purposes, such as providing, maintaining, evaluating, and improving the Channels and the Services, and also for providing customer support. We would also be sharing the information with others in the manner provided in this Privacy Policy.
In addition to the disclosures reasonably necessary for the purposes identified above, we may disclose your PII to the extent that it is required to do so: (i) by law, (ii) in connection with any legal proceedings or prospective legal proceedings, (iii) in order to establish, exercise or defend its legal rights, (iv) on account of a governmental or judicial request, (v) to enforce or apply our terms of use with you, or (vi) to protect the rights or safety of our Company or its users.
We may use and/or otherwise process your personal data when there is a legitimate interest and such processing is needed, and such interest is not overridden by the rights of others, including yours. These interests shall include but are not limited to provision of our services, creation and maintenance of internal documentation, contacting customers in relation to any transactions or for customer care purposes.
We may through our platforms, Xoltt or Card91 have presence on various sites, including but not limited to LinkedIn, Facebook, Twitter, YouTube and blogs, which are promotional and business initiatives to connect to a larger group of people. The domain links contained therein may either direct you to our Channel or request your participation by way of feedback, suggestions, etc. Information arising in this manner shall also be collected and used by Us to increase user awareness and access and improve the Channel and the Services. Card91, in this regard, fully disclaims any liability(ies) or claim(s), which may arise by use/misuse of your feedback, suggestions, views, etc. on any such sites or blogs, by any third party, whether or not known to Card91.
Any Non-Personal Information and data and analyses arising therefrom may be shared by the Company to its existing and potential partners, advertisers, investors, customers, and others.
In the event of a loss, theft or malfunctioning of your device, you are required to promptly inform us of the same, in order for us to disable the Services accessible through such device. You understand and accept that the reporting of such an event is solely your responsibility, contingent to which, we may enable you to access our Services as was previously available to you with the same terms and conditions as was previously applicable. However, we do not warrant the replacement or refund of our Services, on account of the loss, theft, malfunctioning etc. of your device, through which our Services were previously being accessed by you.
When any of our apps is installed on your phone, a list of permissions appears. Since there is no option to customize those permissions, below is a description of the permissions that the app requires and the data that it shall access and use.
Most mobile platforms (iOS, Android, etc.) have defined certain types of device data that apps cannot access without your consent. These platforms have different permission systems for obtaining your consent. Android devices will notify you of the permissions that the Our app seeks before you first use the app, and your use of the app constitutes your consent. Sometimes these permissions require more explanation than the platforms themselves provide, and the permissions we request will change over time, so we have created these pages to serve as up-to-date resources for our users.
Device & App history: We need your device permission to get information about your device, like OS name, OS version, mobile network, hardware model, preferred language, installed apps etc. Based on these inputs, we intend to optimize your overall experience by understanding your preferences and by using OS specific capabilities.
Identity: This permission enables us to know about details of your account(s) on your mobile device. We use this info to auto-fill your email ID’s and provide a typing free in-funnel experience. It also allows facilitating your Facebook login.
Contacts: If you allow us to access your contacts, it enables us to make it easy to get referred by your friends and also send across referral links to your friends. This information will be stored on our servers and synced from your phone.
Location: This permission enables us to provide you a personalized experience based on your location. When you plan to make an EMI payment using a nearby collection outlet, we auto-detect your location and suggest you the nearest outlet. This permission also enables us to know more about your popular hanging out areas and factor those in our algorithm.
SMS: If you allow us to access your SMS, we read your SMS to autofill and verify the OTP used to validate your mobile number when creating an account o – this provides you a seamless experience during that process. We also collect your SMS data to analyse the data around specific financial transactions for statistical analysis.
Phone: The app requires access to make phone calls so that you can make phone calls to our customer contact center directly through the app. This permission also enables us to understand more about your social interactions and factor that in our algorithms.
Photos/Media/Files: The libraries in the app use these permissions to make it easy for you to upload existing pictures from the gallery or save newly clicked photos for document submission.
Camera: This permission enables us to make it easy for you to click the picture of necessary documents for online submission.
Wi-Fi connection information: When you allow us the permission to detect your Wi-Fi connection, we optimize your experience based on the connection speed.
Device ID & Call information: This permission is used to detect your Android ID through which we can uniquely identify users.
Any information shared by you is used by us and/or authorised service partners and agencies to support your interaction with us, to offer you Services in the best possible manner and to contact you again about other services and products that we may offer. By submitting your Personal Information to Card91, you expressly acknowledge and consent to the Company using such information, and to process such information in a manner deemed fit by the Company. This may also involve conducting data analysis and research using such information
Additionally, we and our partners shall be entitled to check with financial utilities such as designated authorities or account aggregation services with respect to the validity of your KYC information, prior to your accessing any financial products or for accessing any financial products on our platform. Further, from time to time, we and our partners shall also be entitled to disclose all information shared by you with utilities such designated authorities or account aggregation services and other similar financial entities to whom such information may be required to be provided under applicable law or in accordance with RBI guidelines.
the Company is committed to protecting the privacy and the confidentiality of your Personal Information. Whenever we obtain Personal Information from you, our Channel uses commercially reasonable efforts and general industry standards to protect it from any unauthorized access or disclosure. Access to your Personal Information is limited to Company’s personnel and such authorized third parties who may access your data on our behalf or may assist us in providing the Services. the Company uses its best endeavours to maintain physical, electronic and procedural safeguards that aim to protect your Personal Information against loss, misuse, damage, modification, and unauthorized access or disclosure. However, Monepeak Fintech Private Limited assumes no liability whatsoever for any disclosure of Personal Information due to unauthorized third party access or non-permitted acts of authorised third parties, or any other acts or omissions beyond the reasonable control of the Company.
The Company makes every reasonable effort to preserve the privacy and confidentiality of your information shared with us. We implement standard measures to protect against unauthorized access to and unlawful interception of Personal Information. However, no Channel can fully eliminate security risks.
We reserve the right to disclose information shared by you without your consent (express or implied) and without any liabilities to you when required or permitted by law. We also reserve the right to disclose information shared by you without your consent (express or implied) and without any liabilities to you when we have a good-faith belief that such disclosure is necessary or required to: (i) comply with an appropriate law enforcement investigation, current judicial proceeding, a court order or legal process served on us, or (ii) conform to the legal requirements, compliance/reporting to administrative and judicial authorities, (iii) protect and defend the rights or property of the shareholders or management of Card91, or the users of Card91, and (iv) enable authorised persons who provide certain support services to us to discharge their functions satisfactorily.
Further, we reserve the right to disclose information shared by you without your consent with authorised entities.
All information collected in connection with the Services and/or on your device(s) may be stored with us. Information is also stored on your device(s) and is subject to the security and privacy policies of your device and storage providers. Any breach of such security and privacy is beyond our control, and you acknowledge that we cannot, and will not, be held responsible for such breaches security or privacy
If our Company uses a vendor for storage of Information, all data storage by the vendor will be subject to the vendor’s security systems, and any breach of such privacy or security policies of the vendor will be beyond the reasonable control of our Company, and our Company will not be held responsible for such breaches.
You understand and agree that we may continue to store your Information after you cease use of the Services or disable your use of, access to, or otherwise of the Services or the Platform. Please note that we shall not use, share or/ and disclose your PII with its affiliates, vendors, third parties etc., after you cease use of the Services or disable your use of, access to, or otherwise of the Services or the Platform, unless required by law to do so. We may however continue to use, share and/ or disclose your NPI in furtherance of its Policies.
We are committed in protecting your privacy and has taken all necessary and reasonable measures to protect your Information and handle the same in a safe and responsible manner in accordance with the terms and conditions of this Privacy Policy. The Company ensures to safeguard the security of your PII by implementing standard electronic and managerial processes to protect against unauthorised access to and unlawful interception of PII.
We will ensure its best efforts to protect your Information available with usin line with commercially reasonable efforts and general industry standards; however, the Company does not represent, warrant, or guarantee that your Information will be protected against unauthorized access, loss, misuse, or alterations beyond our reasonable control, and we do not accept any liability for the security of the Information submitted us or for your or any third parties’ misuse of your Information.
We may provide links to any other website or locations for your convenience, but the provision of such links does not signify our endorsement of such other website or location or its contents. We Have no control over, do not review, and cannot be responsible for these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or location or its contents.
Except as provided elsewhere in this Privacy Policy, we provide limited access to PII to those persons (including employees and contractors) who have a business need for such access.
We use payment gateways for processing online payments. We do not store your PPI, unless such PPI is issued directly by Card91, credit card details or debit card details or your internet banking details on our servers. The payment data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS) when processing your payments. Your transaction data is only used as long as is necessary to complete your transaction and is not saved thereafter.
The payment gateway used by us adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements will help ensure the secure handling of payment data information by the Platform. Payment gateways and other payment transaction processors will have their own privacy policies in respect to the information you are required to provide to them and we are required to provide to them for your paymentrelated transactions, and as such, those details will be governed by their privacy policies
Your rights as a Person whose personal data is processed by the Company apart from those already listed hereinabove are as follows:
The Company is incorporated in, and based out of India, and is duty bound to abide by Indian laws. We may not have complied with some privacy laws of other countries and further represents to be unaware of such other legal requirements
Grievance Officer Name: Mr. A.G. Ramakrishna
Email address: grievance@card91.io / grievance-cell@card91.io
The Grievance Officer can be contacted between 10:30 a.m. to 6:00 p.m. Indian Standard Time (IST) from Monday to Friday except on public holidays.
Sales: sales@card91.io
HR: careers@card91.io
Media: comms@card91.io
Support: support@card91.io
1142, 6th main road, Sector 7, HSR Layout, Bengaluru, karnataka – 560102