PRIVACY AND SECURITY POLICY
(1) PRIVACY & SECURITY OF WEBSITE
National Payments Corporation of India (“NPCI”) is committed to protect users’ privacy. NPCI understands and appreciates concerns of visitors and users of its website about their privacy, confidentiality and security of information that may be provided by them to NPCI
NPCI’s website enables the user to access several other websites on which NPCI has no control. NPCI is not responsible for the content and the privacy practices of such other websites. NPCI encourages the user to self-examine each website’s privacy statement. NPCI does not owe any responsibility to any user for the access to other websites and its contents thereof, which are detailed/specified on the NPCI’s website.
(2) COLLECTION OF INFORMATION
NPCI, in its role as a retail payment system service provider and a payment gateway, may receive financial information of a person which may include name of bank, account number, withdrawal amount, cheque number, payee details etc. Collection of such information by NPCI is in consonance with statutory and regulatory requirements and internal procedural and operating guidelines and byelaws. The internal procedural, operating guidelines and bye-laws of NPCI are duly documented.
(3) STORAGE OF INFORMATION
NPCI collects personal information online primarily to provide our visitors with a more relevant experience on this web site. When doing so, NPCI takes every reasonable effort to avoid excessive or irrelevant collection of data. As a corporate body and payment system service provider, NPCI maintains the records and information in a safe and secured manner as per its policy and in compliance with the statutory provisions and directions for the period required by it and as prescribed by laws and rules etc. We collect personal information only to the extent that it is necessary for the purposes set out below:
Personal information, if captured, is stored in paper and electronic files within NPCI’s premises, and approved archives. NPCI does not allow any unauthorized access to the information stored by it in any form whatsoever . The information is securely stored and access is restricted to authorised personnel only. NPCI incorporates confidentiality clause in non-disclosure agreement with entities having business with NPCI to keep personal information secure and confidential and not to disclose the personal information to others, unless required by law or by an order of a court or by written instruction by NPCI. Such non-disclosure agreements stipulate that all personal information obtained by other party from the arrangement with NPCI will be returned or destroyed on termination/expiry of the non-disclosure agreement.
Further, anytime you visit this web site, NPCI may gather certain non-personally identifiable information regarding the means you use to access our site. This information may include the type and version of your browser, your service provider, your IP address and any search engine you may have used to locate the website. We use this information to help diagnose problems with our server, administer the web site, and compile broad statistical data.
NPCI may use a browser feature known as a "cookie."
Cookies are small files placed on your hard drive that assist in providing a user with a customized browsing experience. Cookies provide convenience to the user using the website to access the same from the place where it was last accessed, if it is abandoned mid-way.
(5) PROTECTION OF INFORMATION
NPCI on best effort basis follow appropriate operational, physical, electronic, procedural and technical safeguards against any unauthorized access or breach of data security to avoid any loss or damage to the owners of confidential information. However, NPCI shall not be made liable for the same in any manner whatsoever for any default . Some of the salient features of information security system are as under:
(a) Use of firewalls, encryption and data leakage prevention technologies to protect information; (b) Audit of all vendors and service providers and execution of non-disclosure agreements before availing their services; (c) Continuous monitoring of NPCI’s physical and technical environment for vulnerabilities and potential intrusions and implementation of controls to identify and address any concern related to protection of data (d) NPCI has comprehensive documented information security policy & procedures and certified for Payment Card Industry – Data Security Standard (PCI-DSS), ISO27001 – ISMS to ensure that the information provided to it is reasonably secure, available and with assured quality (e) NPCI is also certified ISO22301 compliant for its Business Continuity Management System and ISO9001 for Quality Management System.
(8) GOVERNING LAW AND JURISDICTION
Email correspondence sent to NPCI is treated as record and will be retained as required by law. The name and address details of senders are neither added to a mailing list nor disclosed to third parties without consent of the sender unless required by law. Email messages may be monitored by website support staff of NPCI for system trouble shooting and maintenance purposes.
If anybody has any query about privacy and security practices of NPCI, he/she may send his/her query by email to email@example.com