PB PAY PRIVATE LIMITED · LEGAL · POLICY NOTICE

Policy Notice

Our commitment to protecting your personal information with transparency and integrity.

Introduction

We appreciate your visit to the website ("Platform") of PB Pay Private Limited ("hereinafter referred to as PB Pay") and your interest in our services and products. At PB Pay, we value your privacy and aim to provide you a secure and comfortable experience while engaging with our Platform. This Privacy Notice explains how we collect, use, process, transfer and protect your personal information during and after your interactions with the Platform. It also outlines the purposes for which we process your data, how it may be shared, and the rights available to you in relation to your personal information. We encourage you to read this notice carefully to understand how we handle your data and our commitment to protecting your privacy.

The terms "we," "our," and "us" refer to PB Pay, and the terms "you," "your," and "User" refer to you as a user of PB Pay. The term "Personal Information" means information that you provide to us that personally identifies you, such as your name, phone number, email address, and any other data linked to such information.

Please note that this Privacy Notice applies solely to information collected through your use of the Platform. It does not apply to any websites controlled by third parties that are not affiliated with PB Pay, which may be linked from the PB Pay Website ("Third Party Sites"). Please review the privacy policies of Third Party Sites, as PB Pay is not responsible for and has no control over the content or privacy practices of Third Party Sites. Personal information that you provide to those sites are not our property.

The terms outlined in this Privacy Notice are intended to complement, and not replace, any other agreements or privacy statements you may have entered into with PB Pay, and remain subject to applicable mandatory laws and regulatory requirements.

Definitions

Business User: Any entity or individual that utilizes PB Pay Platform to accept payments for goods or services from their end-customers via different payment instruments. Business Users typically include sellers, vendors, or businesses offering goods or services for sale (also referred to as Merchants).

Note: We do not onboard children under the age of 18 as Business Users.

End-Customer:An individual who purchases goods or services from Business Users using different payment instruments facilitated by PB Pay's payment processing Platforms.

Personal Data: Any information that relates to an identified or identifiable individual, including but not limited to name, address, email address, financial details, and any other information capable of identifying You.

Information We Collect

The subsections below describe sources, categories, purposes, legal bases, and other matters regarding personal information we process.

3.1

Sources of Personal Information

The personal information we collect may vary based on the nature and context of your interactions with us, and may include:

Identity Verification: Information from third-party verification services, credit bureaus, and publicly available sources.
End-Customer Information (Business Users): Information about End-Customers collected by our Business Users, including details related to financial transactions, account registrations, identity verification, and purchased products/services.
Publicly Available Information: Information gathered from public sources like government-restricted/sanctioned persons lists, company registries, media, and the internet.
Third-Party Verification: Information obtained from credit reference and fraud prevention agencies (subject to applicable laws).
Transaction Information: Details obtained while processing transactions.

3.2

Categories of Personal Information Collected

Category of Personal Information	Types of Information Collected
Personal Identifiers	Merchant's Full Name
	Authorized Signatory PAN
	Aadhar card (not collected by PB Pay; verified using DigiLocker)
Contact Information	Email Address
Contact Information	Mobile Number
Financial Information	Account details in which merchant wants to receive settlement
Financial Information	Cancelled Cheque
Business Information	Corporate Identification Number (CIN)
	PAN (business)
	Business address (registered and operational)
	GST Number
Documents	Certificate of Incorporation
	Memorandum of Association (MOA)
	Articles of Association (AOA)
	Board Resolution of authorized signatory
Videos	v-KYC recordings

We use this information to provide services to you. If you don't give us the correct information or ask us to delete it, we might not be able to provide you with the service you requested from us.

3.3

Purpose of Data Collection

Purpose	Use of Information
Merchant Onboarding	To assess the legitimacy and suitability of prospective merchants before onboarding. This includes verifying organizational and representative identities, evaluating business models, and conducting due diligence in line with applicable legal and compliance requirements. This process also helps mitigate risks associated with onboarding new merchants.
Process Payment Transactions	To enable, authorize, and settle payment transactions initiated by or through our platform. The specific information required depends on the payment method selected and may include additional inputs mandated by financial institutions or service partners.
Risk Assessment and Analysis	To evaluate potential risks associated with merchants using automated risk models. This includes assessing factors such as entity background, nature of products or services offered, screening results (e.g., sanctions and PEP), financial and funding data, website disclosures, public sentiment, geolocation, GST compliance, and other reputation indicators.
Communication and Support	To respond to queries, offer technical or transactional support, and share service-related updates or alerts to authorized users of merchant accounts.
Regulatory Compliance	To fulfill our obligations under applicable financial sector regulations, including identity verification, transaction monitoring, reporting, and data retention requirements. This ensures continued adherence to lawful standards for operating as a regulated payment service provider.

3.4

Legal grounds for processing of your Personal Information

PB Pay processes your personal information only where we have a lawful basis to do so, in accordance with applicable laws and regulations. The primary grounds on which we rely include:

Performance of services: Processing is necessary to enter into or fulfil our service obligations with you. This includes processing payments, onboarding, managing settlements, billing, and providing related support.
Compliance with Legal Obligations: We may use the personal information we collect for meeting legal and regulatory requirements applicable to us as a payment service provider. This includes compliance with anti-money laundering (AML), fraud detection, tax laws, and responding to lawful requests from authorities.
Legitimate Interests: We may process your personal data where it is necessary for the legitimate interests of our business—for example, to operate, secure, and improve our services. This includes fraud prevention, service analytics, and business communications, provided such interests do not override your data protection rights.
Consent: In certain situations, we rely on your explicit consent to process your personal information. You may withdraw your consent at any time without affecting the legality of processing carried out prior to withdrawal. To manage or withdraw your consent, please reach out to us at dataprivacy@pbpay.com.

We are committed to processing your personal data lawfully, fairly, and transparently, and will only use it for the purposes outlined in this Privacy Notice or as otherwise permitted under applicable law.

Note: As a payment service provider, we primarily collect and process business-related information. Any incidental personal data shared (e.g., individual contact details of authorized representatives) is handled with appropriate safeguards and solely for business enablement.

3.5

Personal Data of Children

We do not knowingly solicit or collect Personal Information from children under the age of 18 and use of our Platform is available only to persons who can form a legally binding contract under the Indian Contract Act, 1872.

If you are under the age of 18 years then you must use the Platform or services under the supervision of your parent or legal guardian;
If you are a Person with Disability then you must use the Platform or services under the supervision of your lawful guardian.

Data Retention

We will not retain your personal data for longer than is necessary and we will hold it only for the purposes for which it was obtained and in accordance with the applicable laws. Our retention periods are based on business needs and statutory requirements.

Your Rights

Where permitted by applicable law or regulation, you have the right to:

Access Information About Personal Data: You can request a summary of your personal data we process, details of our processing activities, and information about any third parties with whom your data is shared.
Correction and Erasure of Personal Data: You may ask us to correct, complete, update, or erase your personal data if it's inaccurate, incomplete, outdated, or no longer needed, subject to legal retention requirements.
Grievance Redressal: You have access to our grievance redressal process to address concerns about your personal data or your rights, with the option to escalate unresolved issues to the Data Protection Board.
Nominate: You can nominate someone to exercise your data rights on your behalf in case of your death or incapacity, as per the prescribed process.

To exercise these rights, contact us at dataprivacy@pbpay.com.

Where your information is processed

Your personal information is collected, processed, and stored securely within India. All our systems, including cloud infrastructure and trusted service providers, are hosted in India and operate in compliance with applicable data protection and regulatory requirements. We take appropriate technical and organizational measures to ensure your data always remains protected.

Reasonable security practices and procedures

PB Pay is a PCI DSS compliant organization. We have deployed appropriate technical and organizational security measures at all times to protect the information we collect from you. We use multiple electronic, procedural, and physical security measures to protect against unauthorized or unlawful use or alteration of information, and against any accidental loss, destruction, or damage to information.

Further, you are responsible for maintaining the confidentiality and security of your login id and password, and may not provide these credentials to any third party.

Breach Notification

In the event of a personal data breach that compromises the confidentiality or integrity of your personal data, we will notify you and the Data Protection Board as required by the Digital Personal Data Protection Act 2023. This notification will be provided within 72 hours of becoming aware of the breach, outlining:

The nature of the breach.
The likely consequences of the breach.
The measures we have taken to address the breach.
The steps you can take to mitigate potential risks.

Changes to Our Privacy Notice

PB Pay reserves the right to revise this Privacy Notice from time to time as per organization needs or to abide by new regulations, by posting notice of the amendment as appropriate. To the extent permitted by applicable law, such changes will be applicable from the time they are posted.

Grievance Redressal

We are committed to protecting your personal data and addressing your privacy concerns in full compliance with applicable data protection and cybersecurity laws. In case you have any grievances in accordance with applicable law, the name and contact details of the Grievance Officer are provided below:

10.1

Data Grievance Officer

Contact details

Name: Mr. Harsh Vardhan Masta
Company: PB Pay Private Limited
Registered office: Registered Office – Plot No.119, Sector - 44, Gurugram - 122001, Haryana
Email: grievance@pbpay.com
Portal: https://grievance.pbpay.com

10.2

Submitting a complaint

To submit your complaint, include your name, contact details, and a clear description of your concern (with any relevant documents). Submissions are accepted via email, phone, or our online portal.

10.3

Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

In case your grievance is in relation to Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we shall acknowledge your complaint within twenty-four hours and dispose of the complaint within a period of fifteen days from the date of its receipt. Disposal of complaint shall include all actions as considered necessary by PB Pay.

10.4

Grievances relating to personal data

In accordance with applicable information technology laws and the rules made thereunder, any grievances relating to the processing of personal data may be raised through our grievance portal.