Read this Privacy Statement if you want to know how Unlimint India gather, process and store your personal data.
The purpose of this Statement is to tell you which personal data we process including how, why and for how long your personal data is processed. It is important for Unlimint India that you know your rights regarding your personal data and how to reach us.
To get a complete understanding of Unlimint India and our service offering to you, please read this Statement with the relevant Terms and Conditions.
Who is Unlimint India?
Unlimint In Private Limited (“Unlimint India” or “we” or “us”) is a private limited company incorporated under the Companies Act, 2013 having its registered office at Suite No. 132, Building No. 10A, DLF Cyberhub, Cybercity, Gurgaon, Haryana, India—122002.
Unlimint India is a part of Unlimint group. Unlimint group companies or businesses are part of a global payments and technology organisation holding various licenses and authorizations as each business is obliged to under the laws and regulations it operates in.
When you visit our Website, or make a transaction using our services or you are an employee of Unlimint India, Unlimint India is the controller of your personal data.
Warning: Our Website may contain links to or come from websites or applications with their privacy notices or policies, which Unlimint India does not control. These websites will have different privacy notices or statements, and we do not control these websites. Unlimint India does not accept any responsibility or liability for such websites.
In this Statement, “personal data” refers to information that identifies you or may identify you (e.g., depending on who you are, a merchant, cardholder, supplier or business partner) and how you interact with us, we may process different types of personal data. “Processing” of personal data refers to collecting, gathering, handling, storing, transmitting and combining personal data. A “data subject” is a person that can be identified or identifiable from the personal data processed by a controller or processor.
What this Notice tells you
This Statement contains a description of:
- When and why do we process personal data;
- What types of personal data do we process;
- How do we collect and use personal data;
- What are the lawful grounds that we rely on to process your personal data;
- What are the purposes for processing your personal data;
- Who do we share your personal data with:
- International Transfers,
- Marketing and Cookies;
- What are your rights and how to raise a complaint;
- How long we keep your personal data;
- How we keep your personal data secure;
- How do we tell you when we change this Statement.
Why and when do we process personal data?
Why do we process personal data?
Establish a contract with a merchant and provide our services to a merchant. In this scenario, Unlimint India needs the following personal data:
- To meet our legal obligations. We will be required to identify you, authenticate your identity and perform due diligence checks on you, and if you are a juristic person, your ultimate beneficial owners. This will also be an obligation on Unlimint India under payments, anti-money laundering, sanction and anti-bribery and anti-corruption laws, as well as multiple directives, regulations and guidance to combat fraud, money laundering and bribery and corruption.
- For contractual purposes. To establish and maintain a business relationship for the provision of our services, to execution of transactions and the performance of contractual obligations between both parties (Unlimint India and its merchants).
- For our legitimate interests. We will implement online and physical security measures to properly provide our payment services, ensuring personal data and the underlying physical and logical security best practices, as well as access control management and underlying analytics to further protect against cybercrime and fraud.
When do we process personal data?
Personal data is requested before and during the contractual relationship.
For example, when Unlimint India will perform card or online payment processing, Unlimint India, in the capacity of a co-controller, will process personal data received from merchants, which is relevant for processing payments for merchants and reporting transactions to the merchant. This will include personal data such as transaction details and payment reference identifier and personal data in the context of transactions processing (such as payment instrument and transaction details, identification details, contact details, such as email/telephone, name on card, etc.), to complete the transaction initiated by the payer to the merchant.
In addition to this privacy statement, please also check your merchants’ privacy notices or statements regarding important information about your personal data processing.
Suppose we cannot process certain categories of personal data. In that case, this can result in Unlimint India not being able to enter into a services contract with a merchant or execute a payment instruction without the requested personal data, or we may no longer be able to continue with an existing relationship and provision of our services with a merchant.
What types of personal data do we process?
Various types of personal data are processed and will be processed in the context of the relationship between you and Unlimint India, depending on the service and product you are using. Personal data is broadly categorised as Personal Data and Sensitive Personal Data. Personal Data is any data that relates to an individual and can identify an individual. Sensitive Personal Data is a sub-category of Personal Data which consist of information relating to bank accounts, card number and other financial information, biometrics, health data, sexual orientation and medical records.
Your Personal and Sensitive Personal Data may include:
Your personal data
Name, previous names, data and place of birth, language, if you hold prominent public functions (PEPs), residence permit.
Your personal contact details
Work address, home address, email address, telephone number, and other contact details.
Your identity information
Passport, National ID card, Nationality, Utility bill, tax residence and tax ID.
Relevant financial information
Personal bank details, professional status, employment field, employer details (including, for example, information such as certificates of directors).
Specific authentication personal data
A signature or your user login to access our service dashboards.
Personal data that you may provide by filling in forms or by communicating with us (e.g. directed to us in letters, emails, via our electronic channels).
Transactional and other/ documents information
Personal Data arising for the execution of payment transactions (including data such as date, time, amount, currencies, beneficiary details, location information and merchant details), supplementary/supporting documentary evidence related to transactions, and further information arising from contractual obligations between Unlimint India and Merchants.
Location and technical information
Location data (for example, at the time of login or a transaction); IP addresses and device information, visitor’s information and similar information.
Publicly available Personal Data
Details about you from public records and available in publicly accessible databases.
Investigations data / results of due diligence and enhanced due diligence
Personal data regarding criminal convictions and offences (special category of data), as part of its compliance measures with regulatory obligations, as well as other supporting documents and personal data related to the categories above.
Closed circuit television (CCTV) at our offices (which may collect videos of you).
Personal Data that you agree to give us by your active consent when you use our services or visit our Website.
How do we collect your personal data?
1. Personal Data you submit to us
This can happen in different ways:
When you have agreed to give to the Merchant your personal data who has a contract with us so we can provide our services to the Merchant. E.g. during the course of Unlimint India’s business relationship with a Merchant, a Merchant is required to complete our application form and undergo Unlimint India’s verification and compliance checks which include that the Merchant ensures that its customers know that we will process Transactional Information, Location and Technical information. We collect the Personal Data of customers only what is needed to process the transaction for the merchant.
- When you accept our Privacy Statement, receive communications from us, via email or forms available on our Website or any other means of communication.
- When you consent to us collecting such Personal Data, you have the right to opt out of such collection to the extent permitted under applicable laws. To do so, please go to our Website to choose what Personal Data we may collect from you.
2. Personal Data we collect when you use our services
This personal data may include the following:
- Payment and Transactions data:
- Third-party data:
Personal data we lawfully obtain from other entities such as service providers, public authorities, persons that refer you to us, our Group companies, and companies processing payments
- Public data:
Databases and publicly accessible sources (e.g., Registrars of Companies, Commercial Registries, Screening databases (e.g., sanctions/anti-money laundering).
What are the lawful grounds we rely on to process your personal data?
When we process your personal data, we rely on one of the processing legal bases below. We may process your personal data for different purposes, and in such cases, the same personal data will be processed under another legal basis.
Conclusion and performance of a contract
We process personal data to conclude a services contract with you or a merchant and to perform our obligations under a contract to provide our payment services with our merchants in compliance with applicable laws and regulations.
Legal obligation or public interest
Unlimint India is subject to various legal obligations and legal and regulatory requirements to provide payment services. We are also required to implement regulations and directives of multiple authorities to ensure compliance. The purposes of processing include verification controls of identity, money laundering and fraud prevention, compliance with our record reporting obligations, tax obligations, risk control measures, and providing information to a competent authority, public body or law enforcement agency.
Where necessary, we may process personal data where there is a legitimate interest for us or a third party in pursuing commercial and business interests, except where your interests, fundamental rights and freedoms override such interests.
Your Sensitive Personal Data will be processed basis your consent. You can ask us to provide the details of the Sensitive Personal Data we possess about you.
Purposes for which we use your personal data
We process your personal data for the following purposes:
1. Authenticate, Verify and Authorise you
- To verify your identity (e.g., for authentication, purposes and fraud prevention purposes);
- To provide our payment services requested (e.g., conduct merchant acceptance procedures to enter into a contract);
- To execute transactions;
- To execute merchant payment requests, act upon instructions;
- To perform our contractual obligations.
2. Ensure we comply with the law and applicable regulations, directives
- To perform anti-money laundering checks and evaluations;
- For crime prevention purposes and, when required, to co-operation with authorities;
- Statistics and analytics for internal purposes and improvement of services and website;
- Enforce or defend the rights of Unlimint India or Unlimint group/affiliates;
- Ensure physical and technical security and business continuity;
- For internal operational support and administrative purposes (e.g., product development, audit, risk management);
- General administrative functions (e.g., maintenance of our internal records necessary for keeping up-to-date information in our systems, general record-keeping).
3. To communicate, establish and maintain our services relationship with you
- To provide ongoing support and handle inquiries, complaints and similar issues;
- To provide information about our products, services or both when you request it;
- To ensure that our internal procedures and protective measures against fraud, risk and financial crime are followed and that you are kept informed of this;
- To obtain reports of an online problem (e.g. with our website or payment services);
- To notify you of any quality management change, important product or service improvement, update or upgrade.
4. To market our product and services
- To provide information about our products, services or both;
- To improve and customise the content of our advertisements, promotions, and advertising that you may be interested in.
How we keep your personal data secure?
Unlimint India has established and regularly reviews its security internal policies and procedures for secure processing of personal data in order to protect personal data from unauthorised access, loss, misuse, alteration or destruction.
We ensure to the best of our abilities that access to personal data is limited to persons on a need-to-know basis, and that persons who have access are required to maintain its confidentiality. We utilise a series of technology and security solutions to protect personal data (such as storage of information you provide us on secure servers, perimeter security mechanisms, such as encryption etc.).
Transmission of information via the internet is not completely secure. We cannot guarantee the security of data transmitted to us via email, to our website or online resources; such transmissions are at your own risk.
Unlimint India follows the payments industry standards regarding the protection of payment card information. Unlimint India’s payment card infrastructure will be regularly audited to maintain the highest level of security certification with the Payments Card information Security Standard Council (PCI) in respect of protecting card data.
As per applicable law, you may have the following rights:
- access your personal data (access rights): You have the right to ask us if we process personal information that relates to you, and you may ask us to provide you with details of the personal information we process about you (as required under applicable laws);
- correct or rectify your personal data: You can ask us to have inaccurate personal information we process about you fixed or changed.
We ensure that you may exercise your rights under applicable privacy and data protection laws, which means that Unlimint India endeavours to provide reasonable assistance with respect to requests from individuals regarding the processing of personal data, rights to access, deletion, amendment etc. Please note that your rights are not absolute and may be limited due to a legal basis relied upon by us to process your data.
As the majority of processing, we perform is a consequence of legal obligations, some of the rights may be limited by our legal and regulatory requirements or legitimate interests.
Exercising your rights
Please contact the Grievance Officer directly at contact details to exercise your rights or if you have questions about the use of your personal data.
You may be subject to identification procedures and measures in order to ensure that no personal data is disclosed to unauthorized persons. We may also request additional clarifications to process your request as rapidly and efficiently as possible.
All requests must be made in English in a comprehensive manner and contain a clear description of the object of the request. We will not be able to process requests which are incomprehensive or in languages other than English in timely manner.
Suite No. 132, Building No. 10A, DLF CyberHub, Cybercity, Gurgaon — 122002
Right to file a complaint
We are happy to address any of your queries, concerns or questions relating to processing (including storing and using), of your information, which you can raise by writing to us at [email protected]
Complaints must be made in English in a comprehensive manner and contain sufficient details and a clear description of the complaint.
Our obligations primarily determine our retention period under applicable legislation to retain data for a specific time. Destruction will only be possible after the lapse of this period.
We are obliged to keep Transaction data (including personal data) during the business relationship and for a minimum period of 5 years after business relationship termination, or after Customer application rejection/withdrawal, per anti-money laundering legislation and other requirements applicable to our business.
The retention period may be extended in case of other lawful reasons justifying longer retention (such as for complaints handling, legal proceedings, investigations, regulatory, tax, money laundering and crime and fraud prevention purposes).
You are responsible for ensuring that the information provided to Unlimint India by you/about you or on your behalf is accurate and up to date. You must inform us if anything changes as soon as possible.
If you provide information about another person, you must direct them to this Privacy Statement and ensure they agree to Unlimint India using their information as described.
Unlimint India’s services are not intended or designed to attract minors. If we learn that we collected the personal data of a minor without first receiving verifiable parental consent, we will delete the information as soon as possible
Changes to our Privacy Notice
We may revise or update our Privacy Statement from time to time. In such a case, we make the most recent version of the Privacy Statement available on our website, informing you accordingly by displaying the updated version and relevant date of update.
You are advised to visit our website frequently to consult our Privacy Statement in its most recent version.
UNL_IN_Privacy Statement_ DP_v1.0 April 2023