PRIVACY AND SECURITY POLICY

Use of this web site signifies your acknowledgement and consent to this Privacy Policy. Please read this Privacy Policy carefully before using this web site. By using our website you signify your consent/agreement to the terms and conditions of this Policy.

(1) PRIVACY & SECURITY OF WEBSITE

National Payments Corporation of India (“NPCI”) is committed to protect users’ privacy. NPCI understands and appreciates concerns of visitors and users of its website about their privacy, confidentiality and security of information that may be provided by them to NPCI

NPCI’s website enables the user to access several other websites on which NPCI has no control. NPCI is not responsible for the content and the privacy practices of such other websites. NPCI encourages the user  to self-examine each website’s privacy statement. NPCI does not owe any responsibility to any user for the access to other websites and its contents thereof, which are detailed/specified on the NPCI’s website.

(2) COLLECTION OF INFORMATION

NPCI, in its role as a retail payment system service provider and a payment gateway, may receive financial information of a person which may include name of bank, account number, withdrawal amount, cheque number, payee details etc. Collection of such information by NPCI is in consonance with statutory and regulatory requirements and internal procedural and operating guidelines and byelaws. The internal procedural, operating guidelines and bye-laws of NPCI are duly documented.

(3) STORAGE OF INFORMATION

NPCI collects personal information online primarily to provide our visitors with a more relevant experience on this web site. When doing so, NPCI takes every reasonable effort to avoid excessive or irrelevant collection of data. As a corporate body and payment system service provider, NPCI maintains the records and information in a safe and secured manner as per its policy and in compliance with the statutory provisions and directions for the period required by it and as prescribed by laws and rules etc.  We collect personal information only to the extent that it is necessary for the purposes set out below:

  1. ----------
  2. ----------

Personal information, if captured, is stored in paper and electronic files within NPCI’s premises, and approved archives. NPCI does not allow any unauthorized access to the information stored by it in any form whatsoever  . The information is securely stored and access is restricted to authorised personnel only. NPCI incorporates confidentiality clause in non-disclosure agreement with entities having business with NPCI to keep personal information secure and confidential and not to disclose the personal information to others, unless required by law or by an order of a court or by written instruction by NPCI. Such non-disclosure agreements stipulate that all personal information obtained by other party from the arrangement with NPCI will be returned or destroyed on termination/expiry of the non-disclosure agreement.

Further, anytime you visit this web site, NPCI may gather certain non-personally identifiable information regarding the means you use to access our site. This information may include the type and version of your browser, your service provider, your IP address and any search engine you may have used to locate the website. We use this information to help diagnose problems with our server, administer the web site, and compile broad statistical data.

(4) USE OF COOKIES

NPCI may use a browser feature known as a "cookie."

Cookies are small files placed on your hard drive that assist in providing a user with a customized browsing experience. Cookies  provide convenience to the user  using the website to access the same from the place where it was last accessed, if it is abandoned mid-way.

When a user visits NPCI’s website, the website administrator may use cookies to monitor the usage and collect statistics from the browser(s) used by users, including and not restricting the information about the time and date when a user accessed the site, the pages user visited, the Internet domain and IP address from which the user has accessed the website and information on the browsing software the user has used to access the website. However, no attempt is made to gather or keep personal details to identify users except, in an unlikely event of an investigation, where a law enforcement agency may exercise a power to inspect activity logs.

(5) PROTECTION OF INFORMATION

NPCI on best effort basis follow  appropriate operational, physical, electronic, procedural and technical safeguards against any unauthorized access or breach of data security to avoid any loss or damage to the owners of confidential information. However, NPCI shall not be made liable for the same in any manner whatsoever for any default . Some of the salient features of information security system are as under:

(a) Use of firewalls, encryption and data leakage prevention technologies to protect information; (b) Audit of all vendors and service providers and execution of non-disclosure agreements before availing their services; (c) Continuous monitoring of NPCI’s physical and technical environment for vulnerabilities and potential intrusions and implementation of controls to identify and address any concern related to protection of data (d) NPCI has comprehensive documented information security policy & procedures and certified for Payment Card Industry – Data Security Standard (PCI-DSS), ISO27001 – ISMS to ensure that the information provided to it is reasonably secure, available and with assured quality (e) NPCI is also certified ISO22301 compliant for its Business Continuity Management System and ISO9001 for Quality Management System.

(6) BREACH OF PRIVACY POLICY:

Without prejudice to NPCI’s other rights under these terms and conditions, if you breach any terms and conditions in any way of this Privacy Policy, NPCI may take such action as NPCI deems appropriate to deal with the breach, including suspending your access to the website, prohibiting you from accessing the website, blocking computers using your IP address from accessing the website, contacting your internet service provider to request that they block your access to the website and/or bringing court proceedings against you.

(7) CHANGES TO THIS PRIVACY POLICY:

NPCI may revise this Privacy Policy from time-to-time.  Revised Privacy Policy shall apply from the date of the publication of the same on this website.  Please check this page regularly to ensure you are familiar with the current version.

(8) GOVERNING LAW AND JURISDICTION

This Privacy Policy shall be governed by; interpreted and construed in accordance with Indian Law. The jurisdiction and venue of any action with respect to the subject-matter of this Agreement shall be the Courts of Mumbai in India and each of the parties hereto submits itself to the exclusive jurisdiction and venue of such courts for the purpose of any such action.

(9) EMAIL

Email correspondence sent to NPCI is treated as record and will be retained as required by law. The name and address details of senders are neither added to a mailing list nor disclosed to third parties without consent of the sender unless required by law. Email messages may be monitored by website support staff of NPCI for system trouble shooting and maintenance purposes.

(10) CONTACT

If anybody has any query about privacy and security practices of NPCI, he/she may send his/her query by email to info@npci.org.in