FAMPAY-TT PRIVACY POLICY

Please Read this Policy Carefully Before Using the Platform:

In order to provide our users (“you”, “your”) with the best quality Services, we need to access and
retain certain information about you. The collection, handling, retention, and deletion of such
information we gather from you is governed by this Privacy Policy (“Policy”) as detailed below. This
Policy refers to, incorporates, and includes our Terms of Service available at fampay.in/terms. We may
revise this Policy as well as update our Services and the Platform from time to time, so please keep
visiting this page regularly to take notice of any changes we make. If you do not agree with any part
of this Policy, please stop using our Services immediately.
This Policy is an electronic record under the Information Technology Act, 2000 and the rules made
thereunder. This Policy is generated by a computer system and does not require any physical,
electronic, or digital signature.
The capitalized words used in this Policy and not defined shall have the meaning given to such words
in the Terms of Service.
1. NAME AND CONTACT INFORMATION:

1.1. The FamPay mobile platform/website (“Platform”) is made available by Fampay Solutions
Private Limited having its registered office at No. 7, 1st A Main, Sector 6, H.S.R Layout,
Bengaluru (Bangalore) Urban, Karnataka, 560102. FamPay has entered into a co-branding
agreement with Tri O Tech Solutions Private Limited, a licensed pre-paid payments issuer
incorporated under the laws of India, having its registered office at 5th floor, Punj Essen
House, 17-18, Nehru Place, New Delhi, Delhi 110019 (“Triotech”)), to issue pre-paid
payment instruments (“Wallet(s)”) to you (which you can use through the Platform). This
Policy is a binding agreement between you, Triotech and FamPay. Throughout this document,
we use the terms “we”, “us” and “our” to refer to Triotech and FamPay and the terms “you”
and “your” to refer to you, the user of the Platform.

2. WHAT DATA DO WE COLLECT:

2.1. We collect the information and data you provide only to ensure that we can provide you our
Services in the best manner possible. We wish to keep such collection and usage of data as
transparent as possible. We have detailed the types of data we collect for your perusal below.

2.1.1. In order to create and maintain the FamPay Account the following types of data is collected
by FamPay and the same constitutes “FamPay Account Data”. FamPay will have the right to
use the FamPay Account Data in accordance with the terms of this Policy; it may share parts
of this data with Triotech from time to time. Triotech too will use such data in accordance
with the terms of this Policy

Serial Means of Gathering Data Data Collected

Number
Data you input in the course of User profile data: This includes your
signing up and using FamPay’s name, phone number, login name,
services. profile picture (if any), and birthdate,
email address.

Demographic data: Includes your

name, age, gender, income,
occupation and address (including
city).

Address Book Contacts: If you grant

FamPay access to the address book
on your mobile device, then FamPay
may access and store the names and
contact information from your
address book to facilitate invitations,
social interactions and
payments/transfers to your contacts
through our Platform and for other
purposes described in this Policy.

Feedback data and other data: We

collect the data that you actively put
into the Platform. This includes the
follows:

a. User feedback.
b. If you call our call centres, we
may record calls for quality
and training purposes.
c. Data you input when you
participate in our referral
programs. For example, when
a user refers another person,
we receive the referred
person’s personal data from
that user.
d. Account users who request
services for, or on behalf of
other users, or who enable
such users to request or
receive services through their
accounts.
Data we collect from your usage
of our Services
f.
g.
h.
e. Geolocation data: We collect
the location data from your
mobile device if enabled by
you to do so. We may also
collect this data when our
Platform is running in the
background of your mobile
device. You will not be able to
use critical and essential
features of the Platform if you
disable the location services.
Usage data: FamPay collects
data about how you interact
with our Services. This
includes data such as access
dates and times, Platform
features or pages viewed,
Platform crashes and other
system activity, type of
browser, and third-party sites
or services used before
interacting with our Services.
Device data: We may collect
data about the devices used to
access our Services, including
the hardware models, device
IP address, operating systems
and versions, software,
preferred languages, unique
device identifiers, advertising
identifiers, serial numbers,
device motion data, and
mobile network data.
Cookies: We also collect
information through the use of
“cookies”, tracking pixels, and
similar technologies to
understand how you navigate
through the Platform to learn
your preferences. Cookies are
small text files that web
servers place on your device;
they are designed to store
basic information and to help
 websites and apps recognize
your browser. We may use
both session cookies and
persistent cookies. A session
cookie disappears after you
close your browser. A
persistent cookie remains after
you close your browser and
may be accessed every time
you use the Platform.

Information we receive from We may also be working

other sources closely with third parties
(including, for example,
business partners, technical
sub-contractors, analytics
providers, search information
providers) and may receive
information about you from
such sources. Such data may
be shared internally and
combined with data collected
on this Platform.

2.2. We may collect from you, data associated with your usage of your Wallet, such as your Wallet
transaction history, data in relation to you applying for and/or availing any services in relation
to the Wallet, loads, transfers and spends made using the Wallet, KYC data (including your
PAN, Aadhaar data etc.,), balances, payment details, for effecting transfer of funds through
various payment channels provided by us. Collectively this data will be referred to as “Wallet
Data”. We will have the right to use the Wallet Data in accordance with the terms of this
Policy.

2.3. In addition to the above, we may also ask you to provide certain additional information about
yourself on a case-to-case basis including your live photo which may be utilized by us for the
purpose of completing your KYC.

3. HOW AND WHY DO WE USE YOUR DATA?

3.1. Your data will be used for the fulfilment of the Services and developing and enabling new
features. We have detailed the manner in which we use the collected data below:

Serial Reason of Use Manner of Use

Number
Enabling our Services We use the data collected to personalize,
and updating our maintain, and improve our Services. This
Platform features includes using the data to:

a. Create and update FamPay

Accounts and Wallet Accounts.
b. Enable Wallet and other Services.
c. Enable features to personalize your
FamPay Account and Wallet
Account.
d. Enable social features.
e. Perform internal operations
necessary to provide our services,
including to troubleshoot software
bugs and operational problems; to
conduct data analysis, testing, and
research; and to monitor and
analyze usage and activity trends

For enabling customer We use the information to provide

support customer support, including to resolve
your concerns arising from the use of the
Services, and train our customer service
executives.

For research and We may use the data collected for

development research, analysis, and product
development to improve the UI/UX
experience, all of which will ultimately
improve how you experience the Platform.
This also helps us develop automated
actions to be triggered in certain events,
such as when we need to implement
dynamic pricing, detecting fraud, account
termination, amongst other things.

Enabling We will allow you to share your Wallet

communication between transactions with your friends (other
users FamPay users in your phone contact list)
through the Platform.

For marketing and We may use the data we collect to market

outreach the Platform and our Services. This
includes sharing your feedback, ratings,
screen names and photograph (if any) for
purely promotional and marketing
purposes. Such promotion and marketing
 may be done via hoardings, banners,
pamphlets, online advertising etc.

Automated decisions We may use the data so collected to

develop automated decision-making
capabilities.

Legal compliance and We may use the data we collect to

requirements investigate or address claims or disputes
relating to the use of our Services, or as
otherwise allowed by Applicable Law, or
as requested by regulators, government
entities, and official inquiries

4. HOW DO WE SHARE THE COLLECTED INFORMATION?

4.1. The information we collect is shared only on a need basis, i.e. we do not sell your data to any
third parties for profit. However, we may enter into data-sharing agreements or disclose the
collected data to third parties in order to provide the Services to you. We have detailed the
manner in which we share the collected data below:

Serial Person Shared Purpose for Sharing

Number With
Sharing with third API and integration partners: If your
parties. connection to the Platform is enabled
through an integration with a third-party
service, we may share information
about your use of the Platform with that
third-party. We may share your
information with our third-party
partners in order to receive additional
information about you. We may also
share your information with third-party
partners to create offers that may be of
interest to you.

Service Providers: We work with

third-party service providers to perform
services on our behalf, and we may
share your information with such
service providers to help us provide our
Services through the Platform.

Third-party services: The Platform may

allow you to connect with other
websites, products, or services that we
do not have any control over. However,
usage of such third-party services is
subject to their privacy policies and not
within our control. We recommend that
you have a look at their privacy policies
before agreeing to use their services.

Subsidiaries and holding companies:

We share your data with our
subsidiaries and affiliates to help us
provide our Services or conduct data
processing on our behalf.

Change in control: While negotiating or

in relation to a change of corporate
control such as a restructuring, merger,
or sale of our assets, we may have to
disclose our databases and information
we have stored in the course of our
operations.

Where appropriate to the context, the

third parties that we share or make
available your personal data are bound
 by contractual obligations to keep such
personal data confidential and use it
only for the purposes for which we
disclose it to them and also maintain at
minimum the same level of data
protection that is adhered to by us.

Sharing with law If any governmental authority or law

enforcement when enforcement officers request or require
needed any information and we think disclosure
is required or appropriate in order to
comply with laws, regulations, or a
legal process.

5. HOW IS PAYMENT DATA HANDLED?

5.1. We may provide the functionality to load your Wallet through debit card, credit card or any
other payment mode and collect data in relation to such loading of your Wallet through these
payment modes (“Payment Data”) in accordance with applicable law. The information
regarding your Payment Data may be stored once you make the first payment by the
card/other payment mode and is protected against unauthorized access. For this purpose, a
certified payment provider is used whose systems meet the applicable security standards, such
as for example PCI-DSS (Payment Card Industry – Data Security Standard). The Payment
Data is stored by the contracted PCI-DSS-certified payment provider for recurring
transactions. We do not, ourselves, store your Payment Data and if we ever do, it will be only
in abbreviated form for analysis purposes or to prevent fraud and will be stored in accordance
with the Applicable Laws

5.2. In order to ensure that the debit/credit card/other payment mode is used by the legitimate
owner and to prevent cases of fraud, the Payment Data and card information is transferred to
one or more external payment security services. This transfer may also include additional
personal data. The external payment security services may process personal data on our
behalf.

6. WHAT ARE YOUR RIGHTS TO CONTROL THE DATA?

6.1. It is important for us that you remain in control of your data. You alone are the owner and
manipulator of your data, and you shall have the right to restrict our usage of the data in the
manner provided below. You should also remain informed of your rights with regards to the
use of your data and information by us. Your rights with regards to your data are listed below.

Serial Your Right Scope of Right

Number

Right to confirmation You have the right to obtain a

confirmation from us as to whether your
personal data (your name, housing
address, age, credit card information,
amongst other data) is being processed.
 Right to rectification In the event that any personal data
provided by you is inaccurate, you shall
have the right to provide us with the
accurate data and have us rectify such
data at our end immediately.

We urge you to ensure that you provide

us with accurate and correct
information/data at all times in order to
ensure your use of our Services is
flawless

Right to erasure You have the right to demand us to erase

your personal data without undue delay
and we will do so without undue delay,
provided that the data is no longer
required by us.

However, rest assured that we will

delete your personal data from our
databases as soon as the legal basis for
processing such personal data lapses. Do
note that multiple legal basis for
processing your personal data may exist
in parallel and we may still have to
retain some of your personal data at any
time

We may, however, reserve the right to

retain and store your personal
information for our business purposes,
whether such personal information has
been deleted or not. After a period of
time, your data may be anonymised and
aggregated and then may be held by us
as long as necessary, to enable purchases
of products and provision of services or
for analytics purposes

Right to the restriction of You have the right to require us to

data processing restrict the usage of data when the use of
such data may be illegal or when such
data is inaccurate.
 Right to withdraw consent You have the option, at any time while
availing our Services or otherwise, to
withdraw your consent given to us for
processing your data. In case of
withdrawal of your consent, we reserve
the option not to provide the Services
for which such information was sought.
For withdrawing your consent, you may
send an email to us at
[email protected]. Your withdrawal
will become effective upon the receipt
of an acknowledgment by you from us

Right to opt-out Marketing opt-outs: You may opt out of

receiving promotional emails from us by
writing to us at [email protected]. You
may also opt out of receiving emails and
other messages from us by following the
unsubscribe instructions in those
messages. However, even if you have
opted out of receiving information from
us, we will still send non-promotional
communications.

Push notifications: You can opt out of

receiving push notifications through
your device settings. Please note that
opting out of receiving push
notifications may impact your use of the
Platform.

Location Information: While you can

prevent your device from sharing
location information at any time through
its operating system settings, sharing
such location is core to how the
Platform works and without it we cannot
provide our Services accurately to you.

7. WHAT ARE OUR DATA SECURITY PRACTICES?

7.1. We process your Personal Information with consent. By using our Platform or services and/or
by providing your Personal Information, you consent to the processing of your Personal
Information by FamPay in accordance with this Privacy Policy. If you disclose to us any
Personal Information relating to other people, you represent that you have the authority to do
so and permit us to use the information in accordance with this Privacy Policy

7.2. We use appropriate technical and organizational security measures to ensure a level of
protection to your personal data which is commensurate to the risk, taking into account state
 of the art technologies, implementation costs and the nature, scope, context and purposes of
processing as well as the risk of likelihood and the degree of risk. The transfer of personal
data between your end device and us is generally carried out in an encrypted form (TLS
encryption). You can identify an encrypted connection by the lock symbol in the address line
of your browser. If you communicate with us by email, access by third parties cannot be ruled
out. In the case of confidential information, we recommend using encrypted email
communication (PGP).

7.2. This Policy and the security measures and practices implemented by us to protect your
information shall be the reasonable security practices and procedures under section 43A of the
Information Technology Act, 2000.

8. CHILDREN’S PRIVACY:

8.1. We take the privacy of Minors very seriously. Please make sure that you as the Parent who
accepts these terms on behalf of the Minor, supervise the types of data that the Minor shares
with us. To make sure data shared by Minors is safe, we may (from time to time) integrate
new mechanisms and safeguards on our Platform.

9. COMMUNICATIONS FROM US:

9.1. We may from time to time send you service-related announcements when we consider it
necessary to do so (such as when we temporarily suspend the Platform for maintenance, or
security, privacy, or administrative-related communications). We send these to you via SMS
or email, as we deem fit.

10. LINKS TO OTHER THIRD – PARTY SITES AND COLLECTION OF

INFORMATION:

10.1 Our Platform may provide links to other third - party Platforms (“Third – Party Sites”) that
may collect your personal information including your IP address, browser specification, or
operating system. We are not in any manner responsible for the security of such information
or their privacy practices or content of those Third – Party Sites. Additionally, you may also
encounter “cookies” or other similar devices on certain pages of the Third – Party Sites and it
is hereby clarified that we do not control the use of cookies by these Third – Party Sites.
These third-party service providers and Third-Party Sites may have their own privacy policies
governing the storage and retention of your information that you may be subject to. This
Policy does not govern any information provided to, stored on, or used by these third-party
providers and Third-Party Sites. We recommend that when you enter a Third-Party Site, you
review the Third-Party Site’s privacy policy as it relates to safeguarding of your information.
You agree and acknowledge that we are not liable for the information published in search
results or by any Third-Party Sites.

11. PUBLIC POSTS:

11.1 You may provide your feedback, reviews, testimonials, etc. on the Platform on your use of the
Services provided by us (“Posts”). Any content or information and Posts that you share or
upload on the publicly viewable portion of the Platform (on discussion boards, in messages
and chat areas, etc.) will be publicly available, and can be viewed by other users. Your Posts
shall have to comply with the conditions as mentioned in the Terms. FamPay retains an
unconditional right to remove and delete any Post or such part of the Post that, in its opinion,
does not comply with the conditions in the Terms. FamPay reserves the right to use, reproduce
and share your Posts for any purpose. If you delete your Posts from the Platform, copies of
such Posts may remain viewable in archived pages, or such Posts may have been copied or
stored by other users.
12. UPDATES TO THIS POLICY:

12.1 We may occasionally update this Policy. Use of our Services after an update constitutes
consent to the updated Policy to the extent permitted by law. If we make significant changes,
we will notify you of such changes in advance. Please take the time to periodically review this
Policy for the latest information on our privacy practices.

14. GRIEVANCE OFFICER:

14.1 We have appointed a grievance officer to address your concerns regarding data safety, privacy
with regard to your FamPay Account. You may contact the Grievance Officer at:

Name: Saransh Agarwal

Office hours: 12 noon to 7 PM.
Email address: [email protected]

15.2 If your grievance is not resolved to your satisfaction, you may escalate the grievance
to -
Name: Anchit Shukla
Office hours: 12 noon to 7 PM.
Email address: [email protected]