FinShell Pay Privacy Notice

Last Updated: 31th Aug 2022

Thank you for choosing Finshell Pay (here in after referred to as "Finshell Pay" or "this APP")! Finshell Pay is operated by M-Kash India Financial Solutions Private Limited (here in after referred to as "we" or "us" or "our") and is a product that provides you with Coupon center and access to other third-party services. We collect and use your personal information and sensitive personal data and information, as defined under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 including its amendments from time to time, (here in after referred to as "personal data") when you use our website, this APP and or products and services made available on the App, either by us or through any of our partners.

In this Privacy Notice, we will explain to you about the purposes, method and scope of the collection and use of your personal data by this APP, your rights to your personal data, and the security measures we take to protect it.

Before using this APP, please read this Privacy Notice carefully to learn our practices for the protection of user's personal data. If you do not agree with the terms of this Privacy Notice, you can turn off Finshell Pay by clicking "Exit APP" and we will not be able to provide you with the services related to this APP. If you click "Agree to the above", it means that you fully and clearly understand the following terms regarding, amongst other things mentioned herein, data collection and usage, your rights to your personal data, etc.

This Privacy Notice will help you understand the following:

I. How and What Types of Personal Data We Process

II. How We Retain Your Personal Data

III. How We Share Your Personal Data

IV. How We Protect Your Personal Data

V. Your Rights to Your Personal Data

VI. How We Process Children's Personal Data

VII. Third-Party Service Providers and Their Services

VIII. How This Privacy Notice Is Updated

IX. Contact Us

I. How and What Types of Personal Data We Process

We collect personal data for providing you with the service(s) made available on this APP, more efficient operation(s) and to try and improve and evolve user experience. Our channels to collect personal data include: (1) data directly provided by you to us; (2) we obtain relevant data during your use of this APP; and/or (3) we obtain personal data about you from third parties. The data we collect depends on the products and services you want to apply, avail or use, the environment in which you interact with us, the choices you make, including permissions and the products and features you use. However, we will not collect, store, use, process, transfer and/ or disclose your transaction information/ data and/ or your Personal Data in the manner in which we are prohibited by the NPCI, RBI and other regulations and laws which are applicable to us.

1. What Types of Personal Data We Process
2. How We Process Your Personal Data

We will process your personal data for the following purposes:

When we want to use the personal data for other purposes not described in the Privacy Notice, we will inform you about that and ensure that the use of your personal data complies with the local legal requirements.

3. Device Permissions
II. How We Retain Your Personal Data

Your personal data that is collected or generated in India will be stored on our server located within India.

The retention period of the personal data we collect is the minimum amount of time required to achieve the purposes of collection stated in this Privacy Notice, unless otherwise required by laws or regulations.

If we stop operating some or all of our products or services for special reasons, we will promptly inform you and stop the collection and processing of personal data by the related products or services, and we will delete or anonymize the personal data we hold that is related to the said products or services, unless required for migration/ transfer purposes or otherwise required by laws and regulations.

III. How We Share Your Personal Data

We may, from time to time, share and transfer some personal data with our associated companies and the strategic partners that work with us to provide products and services, in order to provide the products or services you request.

  1. Affiliates: We may share your personal data with our affiliates in India. We will only share necessary personal data, and we will do so only for the purposes stated in this Privacy Notice. If we or our affiliates change the use and processing purpose of personal data, we will ask for your authorization again.
  2. Sharing with Authorized Partners: Some of our services will be provided by our authorized partners or jointly provided by us and third parties solely for the purposes stated in this Privacy Notice. We may share some of your personal data with our partners to provide services and to improve user experience:
  3. Purchasers and third parties in connection with a business transaction: When we are in a process of a merger, acquisition or bankruptcy liquidation, and if such process requires a transfer of your personal data, we will require the new company or organization that hold your personal data to continue to be bound by this Privacy Notice, otherwise we will require this company or organization to ask your consent again. If it does not involve the transfer of personal data, we will fully inform you and delete or anonymize all personal data under our control;
  4. Law enforcement, regulators and other parties for legal reasons: We may also disclose your personal data with third parties as required by law or if we reasonably believe that such action is necessary (a) to comply with a subpoena or other legal proceedings, legal actions or government agencies requests, (b) when we believe in good faith that a disclosure is necessary to comply with the law and the reasonable requests of law enforcement, (c) to protect and exercise our legal claims, rights and property, (d) to protect your rights, property or personal safety or the one of others, (e) to investigate fraud and (f) to protect the security or integrity of our services.
  5. Otherwise with your consent: After obtaining your explicit consent we disclose the personal data you have authorized with other certain third parties.
IV. How We Protect Your Personal Data

1. We have taken reasonable and feasible technical security and organizational measures to protect the data collected in relation to the services. We have adopted security measures to protect the personal data you provide, and to prevent unauthorized access, public disclosure, use, modification, damage or loss of the data. We will take all reasonable and practical steps to protect your personal data, including:

2. However, please note that while we have taken reasonable steps to protect your data, no website, Internet transmission, computer system, or wireless connection is absolutely secure. In the event of a personal data security incident, we will act in accordance with the requirements of relevant laws and regulations. Should we be required to do so, we will timely inform you of the relevant situation of the event by either email, letter, telephone, in app notification or push notification. When it is difficult to inform the personal data subjects individually, we will issue an announcement in a reasonable and effective manner.

V. Your Rights to Your Personal Data

We respect your rights to your personal data. Subject to the applicable law in your jurisdiction, you may have specific rights regarding your personal data. This may include the following rights:

1. Right to Be Informed

We will inform you of how we process your personal data by publishing this Privacy Notice. We are committed to being open and transparent about how we use your personal data. You can keep track of the collection and use of your personal data by periodically reviewing this Privacy Notice and contacting us in the manner disclosed in this Privacy Notice.

2. Right to Access

You can directly query or access your personal data on our product or service interface, such as you can log into your account through the product page at any time to access your account related personal data. In more details:

If you are unable to query or access your personal data on your own, or if you encounter any problems while exercising your right to access data, you may contact us and request access to your personal data in the manner disclosed in this Privacy Notice.

3. Right to Correct

When you find that the personal data we processed about you is inaccurate or incomplete, you have the right to have it rectified or completed by us. For parts of your personal data, you can directly correct and modify it on the relevant function page of the product or service. In more details:

For personal data that has not been made available for your own modification, you may contact us and request corrections or additions to your personal data in the manner disclosed in this Privacy Notice.

4. Right to Delete

You may choose to delete some of the personal data you have submitted to us provided that the processing of your personal data violates relevant laws, administrative regulations or this Privacy Policy. For some of your personal data, you can delete them directly on the relevant function pages of the products or services.

You may request that we delete your personal data by contacting us in the manner disclosed in this Privacy Notice if we have not yet provided you with a channel for the deletion of your personal data, or if we violate our agreement with you in the collection and use of your personal data, you may contact us and request the deletion in the manner disclosed in this Privacy Notice.

5. Right to Cancel Account

You have the right to cancel your Finshell Pay account and HeyTap account.

For HeyTap account, you can go to https://id.heytap.com/static/userdata_index.html to delete your HeyTap Account. After you submit your account cancellation request, we may need to manually review your account cancellation to make sure you meet the conditions for cancellation. After you cancel your account, we will no longer be able to provide you with the HeyTap account registration service and other products and services that require logging in to this App or a HeyTap account.

You may also contact us directly and request cancellation of your account by the manners disclosed in this Privacy Notice. We will record your request to cancel your account, conduct a manual review of your request to confirm that you are eligible to cancel your account, and we will assist you in completing the cancellation of your account.

6. Right to Withdraw Consent

To function properly, each service requires some basic personal data. You may change the scope of your authorization to us to continue processing personal data, or withdraw your authorization by deleting data, disabling device permission settings, changing related product or function settings pages, canceling your account, etc. In more details:

If you withdraw your consent, we will no longer be able to provide you with the corresponding service for which you have withdrawn your consent. Once you have withdrawn your consent, we will no longer process the corresponding personal data. But your decision to withdraw your consent will not affect the processing of personal data based on your previous consent prior to the withdrawal.

7. Right to Complain

You have the right to contact us and file service complaints in the manner disclosed in this Privacy Notice.

Please note that, due to security reasons, we may verify your identity before processing your request. In principle, we do not charge any fees if your request is reasonable. However, based on the actual situation, we may impose a certain fee to cover our costs for repeated requests or requests that extend beyond reasonable limits. We may reject requests that are manifestly unfounded, unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), may be detrimental to the legal rights and interests of others, or are very impractical. In addition, we may not be able to respond to your request if your request is directly related to matters involving national security, national defense, public health, criminal investigation and other public interests, or if the request may severely impair the legitimate rights and interests of yours or those of other individuals and organizations.

VI. How We Process Children's Personal Data

Our products are mainly adult-oriented. Pursuant to the relevant laws and regulations, if you are a child, before using the relevant products or services, you shall obtain consent from your parents or legal guardians. If you are the child's guardian, you should read this Privacy Notice carefully before you assist the child with registration or usage of the products or services. We treat anyone under the 18 years old (or equivalent minimum age for full legal capacity in relevant jurisdiction) or under the age of 21 years for whom a legal guardian has been appointed as a child.

If you are a child, a parent or legal guardian of a child, or if you otherwise find out that we collect, store or use data that may include personal data of children, you may contact us promptly in the manner disclosed in this Privacy Notice and we will take steps to delete the relevant data as soon as possible. If the local law has additional regulations on the age of minors, the local law shall prevail.

VII. Third-party Service Providers and Their Services

Our websites, products, applications, and services may contain links to third-party websites, products, and services. You can choose whether to visit or accept websites, products, and services offered by third parties.

We have no control over third-party privacy and data protection policies as such third parties are not bound by this Privacy Notice. Before you submit personal data to third parties, please refer to their privacy policies.

Here are third party privacy policies that apply when you use their specific products or services:

Lending platform partners:

VIII. How This Privacy Notice Is Updated

This Privacy Notice is subject to updates or revisions from time to time. We will -as appropriate- send you notifications of material updates to this Privacy Notice in a form we deem appropriate and we will update the last updated date mentioned in the beginning of this Privacy Notice.

This Privacy Notice allows adjustments. However, without your express consent, we will not diminish your rights under this Privacy Notice.

This Privacy Notice shall come into force as of the date of update.

IX. Contact Us

If you have any questions or concerns about our Privacy Notice or related practice, please contact us at the following address:

Grievance Officer: Ishu Verma

M-Kash India Financial Solutions Private CIN: (U65990MH2019PTC328222)

Registered Address: Embassy 247, Unit no.901, 9th Floor, B-Wing, Hindustan Bus Stop, LBS Road, Vikhroli West, Mumbai, MH 400 083

Email id: [email protected]