Read this Privacy Notice if you want to know how Unlimint India gather, process and store your personal data. The purpose of this Notice is to tell you which personal data we process including how, why and for how long your personal data is processed. It is important for Unlimint India that you know your rights regarding your personal data and how to reach us. To get a complete understanding of Unlimint India and our service offering to you, please read this Notice with the relevant Terms and Conditions.
Unlimint In Private Limited (“Unlimint India” or “we” or “us” or “our” or “Unlimit”) is a private limited company incorporated under the Companies Act, 2013 having its registered office at 14th Floor, Wing 1, AIPL Business Club, Sector 62, Gurugram, Haryana 122018.
Unlimint India is a part of Unlimint group companies or businesses that operates in the field of global payments and technology. This Privacy Notice applies to your use of our Website and our services.
Our Website may contain links to or come from websites or applications with their privacy notices or policies, which Unlimint India does not control. These websites will have different privacy notices or Notices, and we do not control these websites. Unlimint India does not accept any responsibility or liability for such websites.
In this Notice:
This Notice contains a description of:
Unlimint processes your personal data:
In addition to this Privacy Notice, please also your merchants’ privacy notices regarding important information about your personal data processing.
Various types of personal data maybe processed in the context of the relationship between you and Unlimint India and according to the service/product used and your capacity. Unlimint India may process the following categories and types of personal data:
Individual Personal Data
Name, previous names, data and place of birth, language, if you hold prominent public functions (PEPs), residence permit.
Contact Details
Work address, home address, email address, mobile number, and other contact details.
Identity Information
Passport, National ID card, Nationality, Utility bill, tax residence and tax ID.
Financial Information
Personal bank details, professional status, employment field, employer details (including, for example, information such as certificates of directors).
Authentication Data
A signature or your user login to access our service dashboards.
Communications
Personal data that you may provide by filling in forms or by communicating with us (e.g. directed to us in letters, emails, via our electronic channels).
Transactional and other/ documents information
Personal Data arising for the execution of payment transactions (including data such as date, time, amount, currencies, beneficiary details, location information and merchant details), supplementary/supporting documentary evidence related to transactions, and further information arising from contractual obligations between Unlimint India and merchants.
Location and technical information
Location data (for example, at the time of login or a transaction); IP addresses and device information, visitor’s information and similar information.
Publicly available Personal Data
Details about you from public records and available in publicly accessible databases.
Investigations data/ results of due diligence and enhanced due diligence
Personal data regarding criminal convictions and offences (special category of data), as part of its compliance measures with regulatory obligations, as well as other supporting documents and personal data related to the categories above.
CCTV
Consents
Personal Data that you agree to give us by your active consent when you use our services or visit our Website
1. Personal Data you submit to us
This can happen in different ways:
2. Personal Data we collect when you use our services
This personal data may include the following:
When we process your personal data, we rely on the grounds for processing provided under the Digital Personal Data Protection Act, 2023 (“DPDP Act”).
We rely on your consent or the legitimate uses to process your personal data for the following lawful purposes:
We process personal data to conclude a services contract with you or a merchant (acting as the Data Fiduciary) and to perform our obligations under a contract to provide our payment services with our merchants in compliance with applicable laws and regulations.
Unlimint India is subject to various legal obligations and legal and regulatory requirements to provide payment services. We are also required to implement regulations and directives of multiple authorities to ensure compliance. The purposes of processing include verification controls of identity, money laundering and refund, chargeback processing fraud prevention, compliance with our record reporting obligations, tax obligations, risk control measures, and providing information to a competent authority, public body or law enforcement agency.
We process your personal data for the following purposes:
1. Authenticate, Verify and Authorise you
2. Ensure we comply with the law and applicable regulations, directives
3. To communicate, establish and maintain our services relationship with you
4. To market our product and services
Unlimint India shares your personal data in the context of Unlimint India operations internally. This means that Unlimint India may share personal data with third parties from within the same group of companies to which Unlimint India belongs. We may disclose your personal information to those companies to:
1. Merchants
Unlimint India shares your personal data with merchants to process a card payment transaction. When you buy products or services using Unlimint India payment services, we may provide the merchant with your credit card billing address to help complete an individual’s payment transaction.
2. Service providers
We will disclose personal data to third-party partners and service providers (processors), so they can process it on our behalf where required. These service providers must provide assurances in accordance with applicable data protection laws and associated requirements. (e.g., being bound contractually to data protection, privacy, security and confidentiality obligations). We will only share personal data as is strictly necessary for them to provide their services to us.
3. Auditors, advisors and consultants
We may disclose personal data for purposes and in the context of audits (e.g., external card scheme audits, regulatory authority audits like the Reserve Bank of India, security audits such as PCI DSS Level 1) to legal and other advisors, to investigate security issues, risks, complaints.
As such, personal data may be transferred and disclosed to:
Unlimint India takes all reasonable measures to ensure that every third party involved in processing your personal data has the required organisational and technical protection, including the required data processing and transfer agreements where necessary.
We may disclose personal data to comply with applicable legislation and regulatory obligations, to respond to requests of regulatory authorities, government and law enforcement agencies, courts and court orders in India, such as:
Other recipients may be any person/legal entity/organisation for which you ask your data to be transferred (e.g., reference, etc.) or give your consent to transfer personal data.
We are a company with a global reach. Your personal data may be processed locally in India or worldwide, to the extent permitted under applicable laws.
Your personal data may be transferred to international organisations if the transfer is necessary and transferee has reasonable degree of controls and measures, not less than as required as per applicable laws in India. Such transfers take place, for example:
We aim to take all steps reasonably necessary to ensure that your personal data is treated securely and under this Privacy Notice (e.g., requirement to observe privacy standards equivalent to ours, maintaining security standards and procedures to prevent unauthorised access, use of technology such as encryption and firewalls) to protect the security of data in transit and at rest.
Unlimint India in respect of its services as licensed entity ensures that payments data is stored locally where required under applicable laws and regulations.
Unlimint India has established and regularly reviews its security internal policies and procedures for secure processing of personal data in order to protect personal data from unauthorized access, loss, misuse, alteration or destruction.
We ensure to the best of our abilities that access to personal data is limited to persons on a need-to-know basis, and that persons who have access are required to maintain its confidentiality. We utilise a series of technology and security solutions to protect personal data (such as storage of information you provide us on secure servers, perimeter security mechanisms, such as encryption etc.).
Unlimint India follows the payments industry standards regarding the protection of payment card information. Unlimint India’s payment card infrastructure will be regularly audited to maintain the highest level of security certification with the Payments Card information Security Standard Council (PCI) in respect of protecting card data.
In addition, Unlimint India in also carries out any other security measures (e.g. tokenisation) which may be specifically required to comply with its legal and regulatory obligations.
As per applicable law, you may have the following rights:
As the majority of processing, is to meet our contractual and legal obligations, some of the rights may be limited by our legal, contractual and regulatory requirements.
You can address questions and concerns to the Data Protection Function as follows:
Unlimint IN Private Limited
14th Floor, Wing 1, AIPL Business Club, Sector 62, Gurugram, Haryana 122018
Email: [email protected]
Please note that you may be subject to identification procedures and measures in order to ensure that no personal data is disclosed to unauthorized persons. We may also request additional clarifications to process your request as rapidly and efficiently as possible.
If you have any complaints or grievances about the use of your personal data, exercise of your rights, please write and/or file a complaint with us directly at the contact details indicated above.
Our obligations primarily determine our retention period under applicable legislation to retain data for a specific time. Destruction will only be possible after the lapse of this period.
We are obliged to keep Transaction data (including personal data) during the business relationship and for a minimum period of 10 years after business relationship termination, or after Customer application rejection/withdrawal, per anti-money laundering legislation and other requirements applicable to our business.
The retention period may be extended in case of other lawful reasons justifying longer retention (such as for complaints handling, legal proceedings, investigations, regulatory, tax, money laundering and crime and fraud prevention purposes).
You are responsible for ensuring that the information provided to Unlimint India by you/about you or on your behalf is accurate and up to date. You must inform us if anything changes as soon as possible.
Unlimint India’s services are not intended or designed to attract minors. We ensure through our contractual arrangements with the merchants that personal data pertaining to minors is not shared with us when providing our services. In the unlikely event that a minor’s data is received by us, we will take all necessary steps to ensure that such personal data is processed in accordance with applicable data protection laws.
We may revise or update our Privacy Notice from time to time. In such a case, we make the most recent version of the Privacy Notice available on our website, informing you accordingly by displaying the updated version and relevant date of update.
You are advised to visit our website frequently to consult our Privacy Notice in its most recent version.
Privacy Notice UNL_IN_DP_PN_CUST-022024