In the normal course of banking, we collect and generate necessary Personal Data/ Sensitive Personal Data or Information about our customers. Your privacy is of utmost importance to us and protection of your Personal Information/ Data is a key commitment.

The Bank is governed by the Banking Codes and Standards Board of India, Information Technology (Reasonable security practices and procedures for Sensitive Personal Data) Rules, 2011 (including any amendment thereof) and various rules/regulations issued by RBI to maintain the privacy of your Personal Data.

Some of the key definitions are given below:

"Personal Data" means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with the Bank, is capable of identifying such person that is not freely available or accessible in public domain.

“Sensitive Personal Data or Information” means such personal information which consists of information relating to Passwords, financial information such as Bank account or credit card or debit card or other payment instrument details, physical, physiological and mental health condition, sexual orientation, Biometric information, medical records and history, detail relating to the above clauses as provided to the Bank for providing service and any of the information received under above clauses by the Bank for processing, stored or processed under lawful contract or otherwise. However, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive Personal Data.

1. Personal Data / Information

   Personal Data / Information we may collect from you are as under:

   1. Personal details (e.g. name, contact details, residential address, date of birth, documents such as identity card / passport details / Aadhaar details / PAN / Voter ID / driving license, and/or education details) needed to open bank account with us and/or avail other services from us;
   2. Your bank account details including transaction history, balances, payment details, for effecting transfer of monies through various payment channels provided by us;
   3. Financial details (e.g. income, expenses, and/or credit history) needed as part of application request for some of our services;
   4. Images of documents/ photos required to open and maintain bank account with us and/or avail our services from us;
   5. Voice recordings of our conversations with our customer care agent with you to address your queries/grievances;
   6. Employment details (e.g. occupation, positions held, employment history, salary and/or benefits) as part of our record retention for Central KYC Records Registry (CKYCR) purposes under Prevention of Money Laundering (Maintenance of Records) Rules, 2005;
   7. Specimen signature(s) for processing of your instructions received by us through our various payment channels;
   8. Opinions provided by you to us by way of feedback or responses to surveys; and
   9. Information obtained from your mobile device by way of using our app like device location, communication information including contacts and call logs, device information (including storage, model, mobile network), transactional and promotional SMS/app notifications.
2. Storage of Personal Data / Sensitive Personal Data or Information

   We store and process your Personal Data including Sensitive Personal Data or Information in India, in accordance with RBI circular in respect of the Storage of Payment System Data dated 6th April 2018 and other applicable rules/regulations.

   Our data centre and systems also maintain backup and disaster recovery systems in India.

3. Sharing of your Personal Data / Sensitive Personal Data or Information

   Any Personal Information including Sensitive Personal data or Information that we have access to shall never be shared without your consent and in various processes / submission of applications / availment of product offerings, we shall seek your explicit consent to use / share your Personal Data.

   In our business and operational processes, we only share the data on a partial and “need-to know” basis to designated personnel or partners or service providers.

   However, we will share your data with competent/ legal/statutory/regulatory agencies / authorities or partners/ service providers acting on our behalf (as the case may be) in following cases:

   1. Only for enabling the provision of the banking services availed by you, strictly on a “need to know” basis and subject to applicable laws.
   2. It is directed or required by legal/regulatory / statutory / governmental authorities under applicable laws/regulations though a legally obligated request.
   3. It is required by banks/financial institutions to verify, mitigate or prevent fraud or to manage risk or recover funds in accordance with applicable laws/regulations.
   4. Only for enabling us to provide you with the information about our or third partners’ products and services in order to enable you to subsequently avail of the same, if desired by you.
4. Usage of Your Personal Data / Sensitive Personal Data or Information

   We use your Personal Data and Sensitive Personal Data or Information in our business/banking activities for providing our or our partners’ products/services and to perform, among other actions, the following:

   1. to facilitate the banking transactions or report on these transactions;
   2. to undertake research and analytics for offering or improving our banking services and their security and service quality;
   3. to check and process your applications submitted to us for banking services and/or instructions or requests received from you in respect of these services;
   4. to share with you, updates on changes to the banking services and their terms and conditions;
   5. to take up or investigate any complaints/claims/disputes;
   6. to respond to your queries or feedback submitted by you;
   7. to verify your identity for us to provide banking services to you;
   8. to carry credit checks, screenings or due diligence checks as lawfully required by us;
   9. to monitor and review banking services from time to time;
   10. to undertake financial/regulatory/management reporting, and create and maintain various risk management models;
   11. for conducting audits and for record keeping purposes;
   12. for selective offers and promotions.

   We also use your Personal Data and Sensitive Personal Data or Information to fulfil the requirements of applicable laws/regulations and/or court orders/regulatory directives received by us.

5. Purging the Personal Data / Sensitive Personal Data or Information
   1. We retain your Personal Data and Sensitive Personal Data or Information as long as the purpose for its usage exists, after which the same is disposed off by us except for any record retention required as per Master Direction on Issuance and Operation of Prepaid Payment Instruments (https://rbi.org.in/ScriptS/BS_ViewMasDirections.aspx?id=11142) , Banking Companies (period of preservation of records) rules, 1985 (https://financialservices.gov.in/sites/default/files/Banking Companies %28Period of Preservation of Records0 Rules%291985.pdf) and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 (https://fiuindia.gov.in/files/AML_Legislation/notification.html)
   2. Chapter VII on Record Management of Master Direction - Know Your Customer (KYC) Direction, 2016 (Updated as on April 20, 2020) (https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11566) require your transaction logs to be stored for atleast 5 years and PPI guidelines -para 6, sub-clause no. 6.3 (https://rbi.org.in/ScriptS/BS_ViewMasDirections.aspx?id=11142) require your transaction logs to be stored for atleast 10 years post the deletion of an account. In the event of the pendency of any legal/regulatory proceeding or receipt of any legal and/or regulatory direction to that effect, we may be suggested by the law of the land to retain your Personal and Sensitive Data for longer periods.
6. Cookie Policy
   1. Please note that a "cookie" is a small piece of information stored by a web server on a web browser so it can be later read back from that browser.
   2. We may use cookie and tracking technology depending on the features offered.
   3. No Personal Data and Sensitive Personal Data or Information will be collected via cookies and other tracking technology; however, if you previously provided Personal data, cookies may be tied to such information.
7. Links to other websites

   Our website may contain links to other websites which are not maintained by us. This privacy policy only applies to us. You are requested to read the other websites’ privacy policies when visiting these websites.

   Disclaimer: The Bank holds no responsibility for other Websites opened through links maintained on our bank’s website.

8. Reasonable Security Practices and Procedures

   We take various steps and measures to protect the security of your Personal Data from misuse, loss, unauthorised access, modification or disclosure. We use latest secure server layers encryption and access control on our systems. Our safety and security processes are audited by a third party cyber security audit agency from time to time.

   We have provided multiple levels of security to safeguard your app by Login/Logout option and AppLock feature that can be enabled by you. We also ensure the device binding so that the same login cannot be used on different device without any additional authentication/OTP. Please do not share your Paytm Payments Bank login id, password and OTP details with anybody.

9. Obligation under the Digital Personal Data Protection Act, 2023 (“DPDP Act”)

   In compliance with the Digital Personal Data Protection Act, 2023, we are committed to protecting your personal data and ensuring its proper usage, storage, and handling. Here are key obligations/rights of the customer under the Digital Personal Data Protection Act, 2023:

   1. Obligations of Customers (Data Principals):
      1. Providing Accurate Data: Customers are responsible for providing accurate, complete, and up-to-date personal information to banks. Failure to do so may affect the quality of services provided.
   2. Rights of Customer (Data Principals)
      1. Exercising Rights: Customers have the right to access, correct, and erase their personal data held by banks. They can also withdraw consent for data processing at any time, subject to certain conditions.
      2. Grievance Redressal: Customers should utilize the grievance redressal mechanisms provided by banks to address any concerns or complaints regarding the processing of their personal data.
      3. Nomination Rights: Customers have the right to nominate another individual to exercise their data rights on their behalf in the event of death, incapacity, or infirmity.

   These obligations and rights of the customer aim to ensure a balanced approach to data protection, safeguarding customer privacy while enabling banks to process personal data for legitimate purposes.

10. Contact us

    You may contact us on any aspect of this policy or for any discrepancies/grievances with respect to your Personal Data, by writing to our Data Privacy Officer at dpo@paytmbank.com.

11. Policy Review & Updates

    This policy will be reviewed by us as and when required and the same may change at any time. The latest & most updated policy can always be found at https://www.paytmbank.com/PrivacyPolicy.html

    This privacy policy is subject to change based on business, legal and regulatory requirements. You are kindly advised to review the policy periodically to keep yourself abreast of any changes to the policy.

    In this policy, the words “we”, “ours” and/or “us” refer to Paytm Payments Bank Limited and “you” and/or “your” refer to our customers.