Privacy Policy for NSDL Database Management Limited (NDML) Payment Aggregator Business
MeitY’s (Ministry of Electronics and Information Technology), Govt. of India has collaborated with NSDL Database Management Ltd (NDML) to facilitate various “Govt. to Citizen service initiatives” to seamlessly avail a centralised payment gateway service which enables citizens to make online payments for availing various government services. In the last few years, there have been significant initiatives in the country as part of National e-Governance Plan which look forward to digitising the entire service offering, delivery, execution and payment journey. NDML has assisted the Govt. by providing online payment aggregation platform in this regard and has helped more than 200 Govt. departments and large number of services reach the citizens in an online manner. PayGov has also supported new payment initiatives like UPI, QR Code, and RuPay etc. NDML is also facilitating online payment collection and distribution across various other merchant categories
For providing these services, NDML performs integration with merchants on one side and payment channels on the other side. Merchant (provider of goods or services or recipient of fees / charges / taxes / duties) agrees to avail NDML payment aggregation services and signs an agreement for this purpose. This agreement broadly defines the scope of services, roles and responsibilities of the parties and helps to introduce the merchant to the payment system; subject to satisfactory due diligence and KYC. Further merchant system integrates with NDML system for processing the transactions and facilitating the customers. As part of this integration, the merchant transfers the customer to NDML portal for facilitating the payment. Customer makes choice of his / her preferred mode of payment and provides the details for processing the payment by connecting with various banks / payment channels; subject to customer authentication and transaction validations. Collection of information. Integration between parties, processing of transactions, settlement of transactions and handling of customer queries/ grievances are governed by regulatory instructions / guidelines from time to time, agreements with payment channels, agreements with merchants, internal policies, operational and system audits.
Towards the provision of the above mentioned services NDML may require you to provide required information about yourself. Please read below this Privacy Policy of NDML that sets out the manner and terms of the treatment of the information if and so collected. This Privacy Policy is applicable for NSDL Payment online payment collection services to Merchants across various sectors / categories, under brand names “PayGov / NSDL SurePay”.
NDML reserves the right to vary the privacy policy from time to time, such variations becoming effective immediately upon posting of the updated Privacy Policy on website and/or publishing the same when demanded. If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us at contact details mentioned at the end of the policy.
This Privacy Policy applies for visitors to our website with regards to the information that they shared and/or collect in PayGov / NSDL SurePay online payment collection platform.
By using our website, you hereby consent to our Privacy Policy and agree to its terms.
Information we collect
PayGov / NSDL SurePay online payment collection platform facilitates you to complete your transaction online and settle funds with the Merchants. NDML Website is a secure website which uses encryption for data storage and movement.
Effort is made to collect only minimal information as is required to process your request and provide you / merchant updates about transaction status.
NDML may receive some information about you / your transaction / your payment processing from your merchant and from your bank / card issuer / wallet issuer. This data is used for processing your transaction.
The information that you are asked to provide, and the reasons for requiring such information, will be made clear to you at the point we ask you to provide the information. You will always have a voluntary choice to continue to proceed with the transaction by providing the required details or choosing to not proceed with the transaction. You are also encouraged to refer to our Privacy and Information Security Policies and FAQs and related matters.
In case you use our online platform to make payments to merchants, we may ask for your contact information, including items such as email address, mobile number & Credit Card details, bank details and other details as required to complete the online payment transaction.
We may also anonymously need to collect information including IP Address, geo location, cookies, browser information, device information etc. for completing the online payment transaction and providing a good usage experience.
The information collected from you will be used for processing your transaction and may need to be shared with your merchant or with your bank / card issuer / payment channels / card networks or any other agency which is part of transaction processing system or processing systems / agents appointed by such agencies. Further this data may be used for internal / external audits, MIS / Reporting purposes, Query addressing etc.
NDML is committed to protecting the personal information of customers and strives to maintain the privacy of all personal information that NDML will have access to.
If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide or which may be needed to be collected for processing your request.
How we use your information
The Information collected will be used for the following purposes:
To Process the online payment transaction - The type of Personal Information (including Sensitive Personal Information) we require to provide a product or service depends on the specific payment methods made available by NDML or the merchant or a third party service provider, including financial institutions and any additional information required by NDML or the merchant or the third party service provider, including financial institutions.
NDML processes Personal Information (including Sensitive Personal Information) received from merchants such as Payment Information and transaction details, including details of the transactions such as amounts and modes of transaction, information relating to the product or service purchased and if payment is by card then cardholder details such as name on the card, card type, expiry date, name of issuing bank, etc. in order to complete the payment by you to the merchant to purchase a product or service. In other cases, certain payment transactions require you to provide Personal Information (including Sensitive Personal Information) directly to us onto the Websites, Apps and/or Platforms in order for us to process a transaction - in that instance the purpose is to process the payment for you.
To do internal Risk assessment - We may process your Personal Information (including Sensitive Personal Information) for the purposes of risk assessments and evaluations, to improve our services, reduce fraud rates, build risk models, etc.
- Ensure adherence to legal and regulatory requirements for prevention and detection of frauds and crimes.
- Communicate with you, either directly or through our partners, including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes.
Disclosure of Information
Authorised Third Parties: NDML may at its discretion employ, contract or include Third Parties external to itself for strategic, tactical and operational purposes. Such sharing of Information is governed by contractual agreements that are in compliance with applicable regulatory jurisdiction, our Privacy Policy and any other appropriate confidentiality and security measures.
Government agencies: NDML may be required to share any and all parts of the Information with Government agencies, administrative bodies, authorised law enforcement agencies, court, regulatory/governmental authority as per proper orders in this regard.
Security Practices and Procedures
NDML adopts reasonable security practices and procedures, in line with international standard IS/ISO/IEC 27001, to include, technical, operational, managerial and physical security controls in order to protect the Information from unauthorised access, or disclosure while it is under control. NDML has also adopted PCI DSS Norms for protection of payment transaction data of customers.
Further, in case of Online Payment collection services, NDML has put in place required controls to ensure compliance with RBI, Banks, Card Associations rules made thereunder and various guidelines issued from time to time.
Internal access to the Information is on a need- only basis. Further, employees and personnel of NDML are bound by Code of Conduct and Confidentiality Policies which obligate them to protect the confidentiality of the Information.
Adequate steps are taken to ensure that third parties to whom the Information is shared adopt reasonable level of security practices and procedures to ensure security of the Information. Privacy Policy does not apply to other websites such as merchant or payment system websites. Thus, you are requested to consult the respective Privacy Policies of these third-party for more detailed information. It may include their practices and instructions about how to opt-out of certain options.
The Information will be retained for as long as is required to provide the services to the customer, or as may be required for internal operations or as may be required by law.
You as a customer can exercise choice to request for sharing a copy of your data with you or deletion of your data from our records. Such requests will be processed as per internal policy, contractual requirements and regulatory guidelines in this regard.
Log Files
NDML follows a standard procedure of using log files. These files log visitors when they visit websites. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.
Cookies and Web Beacons
Like any other website, NDML uses 'cookies'. These cookies are used to store information including visitors' preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users' experience by customizing our web page content based on visitors' browser type and/or other information.
You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers' respective websites.
Children Information
NDML does not knowingly collect any Personal Identifiable Information from children under the age of 18. If you think that your child provided this kind of information on our website, we encourage you to contact us and we will do our best efforts to remove such information from our records.
Grievance Redressal
If you have any questions, grievances, requests, concerns, or comments about our privacy policy or relevant terms or conditions you may contact us using the information below:
Mr. Hamid Arif,
NSDL DATABASE MANAGEMENT LIMITED
ADDRESS: NDML, Trade World, A Wing, 4th Floor, Kamala Mils Compound, Senapati Bapat Marg, Lower Parel, Mumbai 400 013
E-mail ID: hamid(at)nsdl[dot]co[dot]in
Phone: 99600 70537