Privacy Policy
Effective Date: 1st January 2025 | Last Updated: 19th April 2026
This Privacy Policy ("Policy") describes how VVN MULTISERVICES INDIA Pvt. Ltd. ("Company", "We", "Us", "Payonclick") collects, uses, stores, shares, and protects the personal data of users ("You", "User") of the Payonclick platform at payonclick.in.
This Policy is published in compliance with:
- Digital Personal Data Protection Act, 2023 (DPDP Act)
- Information Technology Act, 2000 and IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
- Reserve Bank of India (RBI) guidelines on data security and privacy for payment system operators
- Prevention of Money Laundering Act (PMLA), 2002
By using our Platform and Services, you consent to the collection, processing, and use of your data as described in this Policy.
1. Information We Collect
1.1 Personal Information (Provided by You)
- Identity Data: Full name, date of birth, gender, father's name, photograph
- Contact Data: Mobile number, email address, residential/business address, PIN code
- Identity Documents: Aadhaar number, PAN number, Voter ID, Passport, Driving License (for KYC compliance under PMLA)
- Financial Data: Bank account number, IFSC code, bank name, UPI ID
- Biometric Data: Fingerprint data (collected only during AEPS transactions and transmitted in encrypted form to UIDAI/NPCI; not stored by us)
- Business Data: Shop name, shop address, GST number (if applicable)
1.2 Transaction Data (Generated During Use)
- Transaction ID, amount, type, status, date, and time
- Beneficiary details (name, account number, mobile number)
- Wallet top-up and settlement history
- Commission and earnings records
1.3 Technical Data (Automatically Collected)
- IP address, browser type and version, operating system
- Device type, device ID, screen resolution
- Login timestamps, session duration, pages visited
- Cookies and similar tracking technologies (see Section 8)
- Geolocation data (with your consent, for service area verification)
2. Purpose of Data Collection
We collect and process your data for the following legitimate purposes:
| Purpose | Legal Basis |
|---|---|
| Account registration and identity verification | Contractual necessity, KYC/PMLA compliance |
| KYC verification (Aadhaar, PAN, bank account) | Legal obligation under PMLA & RBI norms |
| Processing financial transactions | Contractual necessity |
| Wallet management and settlement | Contractual necessity |
| Commission calculation and disbursement | Contractual necessity |
| Transaction alerts via SMS, email, WhatsApp | Legitimate interest & consent |
| Fraud detection and prevention | Legal obligation & legitimate interest |
| Customer support and dispute resolution | Contractual necessity |
| Regulatory reporting to RBI, NPCI, FIU-IND | Legal obligation |
| Platform improvement and analytics | Legitimate interest |
| Tax compliance (TDS, GST reporting) | Legal obligation under Income Tax Act |
3. Data Sharing & Disclosure
We may share your personal data with the following categories of recipients, strictly on a need-to-know basis:
3.1 Service Providers & Partners
- Banks & Payment Networks: For processing AEPS, DMT, Micro ATM transactions (e.g., NPCI, ICICI Bank, Yes Bank, Fino Payments Bank)
- BBPS Operating Units: For bill payment processing
- Mobile Operators & DTH Providers: For recharge processing
- KYC Verification Agencies: UIDAI (for Aadhaar verification), NSDL/UTIITSL (for PAN verification)
- Payment Gateway Providers: For wallet loading and payment processing
- SMS/Email Service Providers: For sending transaction alerts and OTPs
3.2 Regulatory & Legal Authorities
- Reserve Bank of India (RBI) — as required for regulatory compliance
- Financial Intelligence Unit - India (FIU-IND) — for suspicious transaction reporting under PMLA
- Income Tax Department — for TDS reporting
- Law Enforcement Agencies — when required by law, court order, or government directive
- NPCI — for AEPS/UPI/BBPS transaction monitoring and dispute resolution
3.3 We DO NOT
- Sell your personal data to third parties for marketing purposes.
- Share your biometric data with any entity other than UIDAI/NPCI for Aadhaar authentication.
- Transfer your personal data outside India, except where explicitly required by a service partner with adequate safeguards in place.
4. Data Storage & Retention
- All personal data is stored on secure servers located in India, in compliance with RBI data localization requirements.
- Active account data is retained for the duration of your account being active plus 5 years after account closure (as per PMLA and RBI record-keeping norms).
- Transaction records are retained for a minimum of 10 years as per RBI and Income Tax requirements.
- KYC documents are retained for 5 years after cessation of the business relationship, as mandated by PMLA.
- Biometric data (fingerprint for AEPS) is NOT stored by us. It is encrypted at the device level and transmitted directly to UIDAI/NPCI for authentication.
- Data is securely deleted or anonymized after the retention period expires.
5. Data Security Measures
We implement comprehensive security measures in compliance with RBI's Master Direction on Digital Payment Security Controls:
- Encryption: 256-bit TLS/SSL encryption for all data in transit; AES-256 encryption for data at rest.
- Access Control: Role-based access control (RBAC) with multi-factor authentication for system access.
- Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), and DDoS protection.
- Application Security: Regular security audits, vulnerability assessments, and penetration testing.
- Database Security: Encrypted backups, access logging, and real-time monitoring.
- Physical Security: Data hosted in Tier-3+ data centers with physical access controls, CCTV surveillance, and environmental safeguards.
- Incident Response: Documented incident response plan with mandatory breach notification within 72 hours to CERT-In as per IT Act requirements.
6. Your Rights Under DPDP Act, 2023
As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:
- Right to Access: Request a summary of your personal data being processed and the processing activities undertaken.
- Right to Correction: Request correction of inaccurate or incomplete personal data.
- Right to Erasure: Request deletion of your personal data, subject to legal retention requirements (PMLA, RBI norms, IT Act).
- Right to Grievance Redressal: Lodge a complaint with our Grievance Officer or the Data Protection Board of India.
- Right to Withdraw Consent: Withdraw consent for data processing (note: withdrawal may result in inability to provide certain Services).
- Right to Nominate: Nominate another person to exercise your data rights in case of death or incapacity.
To exercise any of these rights, contact our Data Protection Officer at privacy@payonclick.in. We will respond within 30 days of receiving your request.
7. Children's Privacy
Our Platform and Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor, we will take immediate steps to delete such data.
8. Cookies & Tracking Technologies
We use the following types of cookies:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Platform functionality, session management, security | Session |
| Preference Cookies | Remembering your settings (language, theme) | 1 year |
| Analytics Cookies | Understanding usage patterns and improving services | 2 years |
You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Platform functionality.
9. Third-Party Links
Our Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.
10. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be published on this page with an updated "Last Updated" date. For significant changes, we will notify you via email or Platform notification at least 15 days in advance. Continued use of the Platform constitutes acceptance of the updated Policy.
11. Data Protection Officer
In compliance with the DPDP Act, 2023, we have appointed a Data Protection Officer:
Data Protection Officer
VVN MULTISERVICES INDIA Pvt. Ltd.
Email: privacy@payonclick.in
12. Grievance Officer
As per the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021:
Grievance Officer
VVN MULTISERVICES INDIA Pvt. Ltd.
Email: grievance@payonclick.in
Response Time: Within 24 hours of acknowledgment, resolution within 15 days.
13. Contact Us
For any privacy-related queries or concerns:
VVN MULTISERVICES INDIA Pvt. Ltd.
Email: contactus@payonclick.in
Privacy Queries: privacy@payonclick.in
Phone: +91 9992688080
WhatsApp: +91 9992799127