1. Acceptance of Policy

By visiting the Website and/or utilizing any Services offered by the Company, you acknowledge and agree to and accept our Terms of Use governing your use of the Website and/or utilizing the Services offered by the Company. In addition to the above mentioned, your access to or use of the Website and Services offered by the Company is conditional upon your acceptance of and continued compliance with this Policy. By using the Website and/or the Services, you agree to be bound by this Policy and all rules, guidelines and/or policies of the Company, as may be modified by us from time to time, unconditionally and at all times, and further agree and confirm that you consent to providing the Company with your Personal Information for the purposes set out in this Policy and you understand that such collection, storage and handling is lawful, necessary and permissible based on lawful basis under applicable laws.

2. Our Services

When we use the term Services, we are referring to the services we offer in relation to payment aggregation services. This privacy policy does not cover or address:

• personal information collected, used, disclosed or otherwise processed by our merchants who act as Data Controllers/Data Fiduciaries, whose practices are governed by their own privacy policies.
• personal information and privacy practices of third-party websites and online services
• personal information and privacy practices relating to job applicants, employees and other personnel

3. Our Collection of Personal Information

When we use the term “Personal Information” in this Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you. It does not include aggregated or deidentified information that is maintained in a form that is not reasonably capable of being associated with or linked to you. Notwithstanding the aforementioned, this Policy does not cover the processing of your Personal Information by the merchant. For information on how the merchant collects, uses, and processes your Personal Information, please refer to the privacy policy of the relevant merchant with whom you have transacted or interacted. Personal Information that we collect may include :

1. Contact Information (such as your Name, phone number, email address);
2. Transaction Data (payment method information, last four digits of the debit/credit card number, transaction details)
3. Mobile and device unique identifiers
4. Geo-location data
5. IP address, browser type, operating system
6. Other information such as tracking behaviour, cookie preferences, language preferences, etc.
7. Financial information such as bank account, credit or debit card number, CVV or other payment instrument details(to the extent applicable) which are encrypted in accordance with PCI DSS standard.
8. Unique identifiers like transaction id, customer id etc.
9. For the purpose of merchant onboarding and provision of Services , documents such as your Passport, Driving License, Voter's Identity Card, PAN Card, photograph or any other relevant documents required under applicable laws. Where Aadhaar is provided as an Officially Valid Document (OVD) for merchant onboarding purposes, we may collect and process Aadhaar-related information including Aadhaar number, Virtual ID, e-Aadhaar, XML, Masked Aadhaar, demographic information, identity information, Aadhaar-registered mobile number, face authentication details and/or biometric information.

4. Our Use of Personal Information

We use Personal Information for the following purposes:

• To process payment transactions, including payment authorization, refunds, and dispute resolution processes. For example, where you choose a payment method for a transaction (such as credit cards, debit cards, buy-now-pay-later options, etc.), we may receive transaction-related data, including transaction ID, customer ID, payment instrument details, unique identifiers and other information containing Personal Information. Please refer to the applicable payment method provider's privacy policy for details on how such information is used and shared.
• To generate invoices, transaction confirmations, access credentials, product download files, and associated records and documentation relating to transactions, refunds, and disputes.
• To communicate with you, respond to inquiries, provide service-related communications, and issue notices regarding the functions and services you are registered to use, including updates and significant developments relating to such services.
• Where the Company acts as a payment service provider, to share relevant customer information with merchants involved in the transaction to enable fulfillment of the transaction. Merchants may receive transaction-related data containing your Personal Information and may further process or share such information in accordance with their privacy policies. Please refer to the relevant merchant's privacy policy for additional details.
• To review applications for use of Company services, facilitate merchant onboarding, prevent and detect customer and transaction fraud, investigate potentially prohibited or unlawful activities, unauthorized transactions or claims, manage risk exposure, and conduct periodic risk assessments based on legitimate interests.
• To support business operations, product development, service improvements, and to undertake billing, invoicing, and account reconciliation activities.
• To comply with applicable laws, regulations, legal obligations, law enforcement requests, judicial or governmental orders, and to establish, exercise, or defend contractual and legal rights and claims.
• To perform data analytics and generate aggregated or anonymized reports for the benefit of the Company, merchants, regulators, audit functions, and business intelligence activities.
• To share Personal Information with authorized vendors, partners, and third-party service providers for the purpose of facilitating merchant onboarding processes.
• To ensure compliance with internal policies, card industry standards, and payment scheme requirements.
• To facilitate Payment Card Industry (PCI) assessments and validation processes.
• To store payment information, subject to your consent, for subsequent or recurring transactions.
• To provide information to regulators, card networks, investors, and professional advisers, as required.

5. Disclosure of Personal Information to Third Parties

Company does not sell or otherwise disclose Personal Information we collect about you except as disclosed in this Policy or as may be disclosed to you at the time information is collected.

Company may share Personal Information collected with entities that process payment transactions as well as relevant merchants, regulatory authorities, fraud prevention services, card and payment services, and payment processors/acquirers.

Company may share certain Personal Information with service providers who provide or perform services on behalf of Company. We authorize such service providers to use or disclose such Personal Information only as necessary to perform services on our behalf or to comply with legal requirements. Such entities are required by contract and/or law to safeguard the privacy and security of Personal Information processed on our behalf. We may also share Personal Information with other parties with your express consent.

As a global business, we may transfer and process data, including Personal Information, in countries outside of your country of residence, to operate and manage Services. When we transfer Personal Information we ensure that it is in compliance with the applicable local laws and regulations in the relevant jurisdiction and that a mechanism is in place to provide adequate safeguards governing these transfers.

We reserve the right to disclose your Personal Information as required by applicable law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or other legal process served on us.

Your Personal Information may also be shared between Company subsidiaries/affiliates for the activities permitted under this Policy.

In the event that Company enters into a transaction that alters the structure of our business, such as reorganization, merger, sale, transfer, change of control, or other disposition of all or any portion of our business, we shall transfer, share, assign data including Personal Information that we access, process, collect, store, use or otherwise deal with, to the relevant entity. Such entity(ies) shall ensure that there is no adverse material change in the manner of managing, accessing, storing or handling the data and shall implement adequate measures to protect the confidentiality and security of the information, in accordance with applicable law.

6. Legal Basis and Purposes for Processing

We have set out below, in a table format, a description of all the ways we may process your Personal Information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note: The legal basis for data processing described above may be subject to local laws and regulations that may differ from the ones mentioned in this privacy policy. In such cases, we will ensure that any processing of personal data complies with the applicable local laws and regulations in the relevant jurisdiction.

Your data will only be disclosed for the purposes identified in this Policy (as may be updated from time to time) unless a law or regulation specifically allows or requires otherwise. We require all third parties to respect the security of your Personal Data and to treat it in accordance with the applicable law.

7. Privacy Rights

Privacy rights may be available to you based on where you are located. We will respond to requests we receive from individuals wishing to exercise their privacy rights in accordance with applicable privacy laws. You may have the following rights in relation to the Personal Information processed by us, depending on the jurisdiction within which you reside:

• Right to be Informed: You may have the right to be informed about the collection and use of your Personal Data.
• Right of Access: You may have the right to request a summary of Personal Information which is being processed by us and the processing activities we undertake; the identities of all other entities with whom your Personal Information has been shared, along with a description of the Personal Information so shared; any other information related to your Personal Information and its processing, as may be prescribed.
• Right to Correction and Erasure: You may have the right to request the correction, completion, updating and erasure of your data.
• Right to Restriction on Processing: You may request us to restrict the processing of Personal Information in case the data is inaccurate or unlawful, if you require the data to establish a claim or defend a legal right, or if you have objected to the processing of personal data.
• Right to Object or Opt-Out: You may object to or request opting out of the processing (including sale or sharing) of Personal Information at any time. We may accommodate and address such requests under the regulations applicable to us based on the jurisdiction in which you make such requests.
• Right to Data Portability: You may request us to transmit data sets provided by you to any other business.
• Right to Object or Review Decisions Based on Automated Processing: You may request us to not be subject to a decision based solely on automated processing, including profiling, which may have legal consequences for you.
• Right to Grievance Redressal: You may have the right to seek grievance redressal with respect to the personal data we process.
• Right to Nominate: You may have the right to nominate any other individual, who shall, in the event of death or incapacity, exercise the rights on your behalf.

You can request to exercise the above mentioned rights by sending an email to privacy@hyperpg.in.

8. Retention Period

We retain Personal Information for as long as we have an ongoing legitimate business need to do so. This retention is in accordance with the principles governing Storage Limitation and Data Retention. The criteria we use to determine whether we have an ongoing legitimate business need to retain Personal Information include among others: (i) regulatory requirements that we are subject to, including laws and regulations related to tax, employment, accounting, etc; (ii) whether a legal claim might be brought against us, for which the Personal Information would be relevant; (iii) the necessity of the Personal Information to provide our services and ; (iv) the types and sensitivity of Personal Information being processed.

When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it.

9. Children's Personal Information

Our Website and Services are not directed to, and we do not intend to, or knowingly, collect or solicit Personal Information from children under the age of 18. If you are under the age of 18, please do not use our Website or Service or otherwise provide us with any Personal Information either directly or by other means. If a child under the age of 18 has provided Personal Information to us, we encourage the child's parent or guardian to contact us to request that we remove the Personal Information from our systems. If we learn that any Personal Information we collect has been provided by a child under the age of 18, we will promptly delete that Personal Information.

10. Third-Party Websites

Our Website and Service may include links to third-party websites, plug-ins and applications. Except where we post, link to or expressly adopt or refer to this Policy, this Policy does not apply to, and we are not responsible for, any Personal Information practices of third-party websites and online services or the practices of other third parties. To learn about the Personal Information practices of third parties, please visit their respective privacy policies.We require all third parties to respect the security of your Personal Information and to treat it in accordance with the applicable law.

11. Protection of Personal Information

We are aware of the importance of the data we collect from the Website and therefore we use advanced technology to protect such information. We take reasonable precautions to protect such information from loss, misuse and unauthorised access, disclosure, alteration and destruction.

We will strive to do our best to protect your data. Your privacy is of utmost importance to us. If you have questions about our security you can contact us at privacy@hyperpg.in.

12. Aadhaar Related Consent

In the event you are from India, and you voluntarily opt for Aadhaar-based KYC due diligence and submit your Personal Information to us for such purpose, you hereby undertake that you shall do so in compliance with the Aadhaar Act 2016 and relevant guidelines issued by the Unique Identification Authority of India (UIDAI).

You acknowledge that submission of Aadhaar is not mandatory and that alternative options for KYC due diligence, including physical KYC with Officially Valid Documents (OVDs) such as Passport, Voter ID, Driving License,etc., have been provided to you.

Purpose of Collection and Use:

Your Aadhaar information will be collected and used solely for the purposes which may include:

• KYC and periodic KYC processes as per the PML Act, 2002, and related regulations, or for establishing your identity, carrying out identification, offline verification, e-KYC, Yes/No authentication, demographic or other authentication/verification/identification, as permitted by law.
• Collecting, sharing, storing, preserving, maintaining records, and using your information for regulatory, legal reporting, filings, or other lawful purposes.
• Producing records and logs of consent, information, authentication, identification, and verification for evidentiary purposes in legal proceedings, including before courts, authorities, or arbitration.

Security of Aadhaar information:

• In case of use of Aadhaar Number for Offline Verification, your Aadhaar Number (first eight digits) will be redacted or blacked out through appropriate means and only last four digits will be stored
• This consent will be securely stored by us or our service providers for evidentiary purposes, if necessary.
• You understand that all personal data will be stored securely and retained only until the purpose for which it was collected is fulfilled, after which it will be securely deleted.

13. Updates to This privacy policy

Company may change, modify, add, or remove portions of this Policy to reflect changes in our practices or to comply with applicable laws. We will notify you of any material changes to this Policy by posting the revised policy on our website or by sending you a notification. Such changes shall be effective immediately upon posting. We suggest that you review this Policy periodically for changes. The current version of this Policy can be accessed from the link on our website pages. You acknowledge that, by accessing our website after we have posted changes to this Policy, you are agreeing to the terms of the policy as modified.

14. Failure to Provide Personal Data

Where we need to collect Personal Information as required by Applicable law or under the terms of a Contract we have with you, and you fail to provide that Data when requested, we may not be able to perform the Contract we have or are trying to enter into with you (for example, to provide you with access to our Products and Services). In this case, we may have to cancel the Product or Service you avail from us, but we will endeavor to notify you if this is the case at the time.

15. Grievance Redressal

You may address any complaints or discrepancies in relation to the processing of your Personal Information to the data protection officer , mentioned herein below.

Contact Us

If you have any questions or requests in connection with this Policy or other privacy-related matters, please send an email to privacy@hyperpg.in. Alternatively, inquiries may be addressed to: