1. Introduction
Cashmate Group is committed to protecting the privacy and confidentiality of Personal Information about its employees, customers, business partners and other identifiable individuals. “Cashmate Group” shall mean Cashmate Technologies Private Limited and/or any of its subsidiaries. THE GROUP policies, procedure, guidelines and actions support this commitment in protecting Personal Identifiable Information. Each employee bears a personal responsibility for complying with this Policy in the fulfillment of their responsibilities at THE GROUP.

2. Policy Statement
This Policy sets the minimum standard and shall guide all the Group employees and Contract employees to abide by the policies of the Group. Supplemental policy/ procedure may provide for stricter or specific privacy and protection standards than are set forth in this Policy. Privacy policy of the Group intends to cover Debit and Credit Card information, AADHAAR information, PAN card details, Voter ID, Driving License & Bank account number and other critical information.

3. Policy Details
We respect the privacy of employees and third parties such as customers, business partners, vendors, service providers, suppliers, former employees and candidates for employment and recognize the need for appropriate protection and management of Personal Information. When collecting Personal Information directly from individuals, the Group strives to provide clear and appropriate notice about the: Purposes for which it collects and uses their Personal Information, Types of non-Agent third parties to which the Group may disclose that information (the Regulator).

01. Accountability for onward transfer:
On transfer of Personal Information to the Regulator, the Group strives to take reasonable and appropriate steps to:

• Transfer such Personal Information only for specified purposes and limit for the use of specified purposes only.

• Obligating the Regulator to provide the same level of privacy protection as is required by this Policy, helps ensure that the Regulator is effectively processing the Personal Information in a manner consistent with its obligations under this Policy.

• Require the Regulator to notify the Group, if the Regulator determines it can no longer meet its obligation to provide the same level of protection as is required by this Policy, and Upon notice from the Regulator, the Group will take further steps to help stop and remediate any unauthorized Processing.

02. Security:
The Group takes reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the Processing and the nature of the Personal Information.

03. Data Integrity and Purpose Limitation:
The Group shall take steps to help ensure that Personal Information is accurate, reliable, current and relevant to its intended use.

04. Access:
The Group provides individuals with reasonable access to their Personal Information for purposes of correcting, amending or deleting that information where it is inaccurate or has been Processed in violation of the Group data privacy principles.

05. Recourse, Enforcement and Liability
Violation of this Policy by an employee or contractor of the Group will result in appropriate disciplinary action and including termination.

4. Review

01. Scheduled and Periodic Review:
The procedure will be reviewed by the Owner once in annual to ensure its completeness, effectiveness and usability

02. Unscheduled Review / Surprise check:
The ISO will also review and evaluate the procedure in response to any changes affecting the basis of the original risk assessment such as organizational changes, technological changes, significant security incidents, new vulnerabilities, etc.

DATA COLLECTION :

● Retail Partner shall not collect and /or share any data with respect to the Consumers for itself or any other third party. Retail Partner agrees that Company shall be the sole owner of all data including Consumer data collected /generated under any transaction utilizing the Platform and/or the Company Services; and Company shall be free to share such consumer data with Related Entities.

● In addition to the foregoing, the Parties agree and acknowledge that the Company may collect financial and other data from BPs, Consumers, Retail Partners and may utilize the same for undertaking a credit check through agencies such as Credit Information Bureau (India) Limited for the purpose of recommending them for suitable credit facilities to be provided by financial institutions.

In relation to the same, Retail Partner:
o undertakes to assist the Company in collection of such financial data;
o undertakes to keep such data as a confidential; and
o agrees and acknowledge that Company is the sole owner of such financial data and that such financial data would be a Confidential Information for the purpose of this Agreement.

● All of the information collected by Company Retail Partner is subject to the privacy policy.