Privacy Policy for Connected Banking Services

Introduction

Navmaya Tech Services Private Limited (collectively referred to as the "Company”, “we”, “our”, “us”) is committed to protecting your privacy (“you” or “your”). The following are our guiding principles regarding privacy:

  • Ask for only the information necessary, gathering only what we believe is essential for doing business, or for the specific transaction at hand.
  • Effective, efficient, and sustainable processes for sharing data with employees, partners and vendors.
  • Approval and authorisation mechanism to access the information collected.
  • Higher control and visibility, and strong technologies in our tools and applications with respect to usage and protection of information.
  • Specific purpose for all information collected.

This privacy policy (“Privacy Policy”) explains our policy regarding the collection, use, disclosure, transfer, or otherwise processing of your personal data by us. The services or products we offer you on or through the Platform (defined below) are referred to as the "Services". The Privacy Policy covers the following aspects:

  • Definitions
  • Collection of personal data
  • Use of collected personal data
  • Disclosure of personal data
  • Security of personal data collected
  • Your rights and choices
  • General information
  • Changes to the privacy policy
  • Grievance redressal

By providing us your consent to the processing of your personal data, you acknowledge that we will collect, store, use, disclose, transfer, and otherwise process your personal data in accordance with this Privacy Policy.

Your personal data will only be stored in compliance with applicable data protection laws.

Please read this Privacy Policy in consonance with our Terms and Conditions for Connected Banking Services available at https://tallysolutions.com/connected-banking/terms-and-conditions/

Definitions

  • personal data” or “personal information” shall means any data about an individual who is identifiable by or in relation to such data.
  • Platform” shall mean the ERP Aggregator Platform.

Data Collection

  • General:
    1. We use different methods to collect and process personal data about you. This includes:
      1. Information you provide us: This is the information (including identity, contact details and device data) you consent to give us when you use our Services, or report a problem.. If you contact us, we will keep a record of the information shared during the correspondence. Further, when you make a transaction request we would collect and process the Bank account details of the requestor, recipient and / or beneficiary, payment amount to be processed and bill details. Lastly, we would also record and process the OTP value entered by you as received from Bank for onward communication and validation of your request with the Bank.
      2. Information we collect about you and your device: Each time you visit the Platform or use the Services; we will automatically collect personal data through cookies.
      3. Information we receive from our banking partners: This is the information (such as user account details, user authentication token with the Services, transaction details, transaction status, account statements) that we receive from our banking partners when you use the Services.
      4. Information we receive from other sources including third parties and publicly available sources: We will receive personal data about you from various third parties and public sources including our third parties, Google analytics for advertising and user analytics purposes.
    2. Our Services may, from time to time, contain services provided by or links to and from the websites of our banking partner networks, service providers, financial institutions, advertisers, and affiliates and other service providers ('Third Party Services). Please note that the Third-Party Services that may be accessible through our Services are governed by their own privacy policies and you should check and exercise your discretion while using such Third-Party Services. All personal data that may be collected through such Third-Party Services shall be your responsibility.
    3. We may collect, store, and use the following kinds of information, in accordance with applicable law:
      1. Registration for the Services: This includes yourNET ID, license details of your TallyPrime and username and or Organisation ID of your net banking login (in certain cases).
      2. Contact Data: This includes your email address, phone number, and other contact information of your suppliers.
      3. Business Data: This includes your business or entity name GST-related data such as GSTIN, PAN details such as business PAN, and other business-related information such as bank statements, account balances, supplier information, and details of transactions.
      4. Transaction data: This includes details of transactions that may occur in connection with the Services such as Beneficiary details or Beneficiary codes for validation, Payment request and status, Transaction references, Account Statement, Account Balance info.
      5. Financial Data: This includes your bank account details, bank account statements.
      6. Marketing and Communications Data: This includes your preferences in receiving marketing messages from us and our third parties and your communication preferences.
      7. Device data: This includes your IP addresses, browser types and versions, time zone settings and locations, operating systems, and device information.
      8. Usage Data: This includes information about how you use the Services.
  • Cookies: Our Services may use cookies and other technologies to function effectively. These technologies may record personal data about your use of our Services or Platform
  • We may also collect, use, and share aggregated data such as statistical or demographic data for analysis or any other purpose. Aggregated data could be derived from your personal information but is not considered personal data or personal information under applicable laws.

Use of Collected Informations

  • In general, we use your personal data for the following purposes in compliance with applicable laws:
    1. To register you as a user of the Services or Platform; or
    2. To provide you with financial services, including:
  1. contact or locate you in case of any default, in compliance with applicable law.
    1. To get your data/information analysed by third parties to enable you to avail our Services; or
    2. To manage our relationship with you, including notifying you of changes to any Services; or
    3. To offer user support for the Services or Platform.
    4. To administer and protect our business and the Platform, including troubleshooting, data analysis, system testing, and performing internal operations; or
    5. To deliver content to you and provide updates on the Services; or
    6. To monitor trends so we can improve the Platform and Services; or
    7. To improve our Services; or
    8. To perform our obligations that arise out of the arrangement we are about to enter or have entered with you; or
    9. To enforce our Terms and conditions of Connected Banking Services; or
    10. To undertake marketing services, including but not limited to sending promotional messages, updates on new features, follow up on your requests, etc. via email, phone, or otherwise
    11. To respond to court orders, establish or exercise our legal rights, or defend ourselves against legal claims, or respond to disputes or validation of transactions; or
    12. To ensure compliance with applicable laws; or
    13. To inform you of new bank additions to the Services, new bank products and any offers in partnership with the banking partners; or
    14. For the purpose of audit by the regulators or banking partners; or

Please note that we do not have any control over personal data that you may choose to make publicly available. For example, if you post reviews, comments, or messages on public sections of the Platform or on an application store (such as the Google Play Store), you do so at your own risk. We are not liable for third-party misuse of such data.

Disclosing Collected Information

  • In accordance with applicable law, we may share your information with:
    1. our holding subsidiaries, associate, group companies or affiliates or any other entity/ third-party/ body corporate including our partners, for purposes in accordance with this Privacy Policy, as per Section 4 above; and
    2. our service providers and agents (including their sub-contractors) or third parties which process information on our behalf; and
    3. our consultants, professional advisors, and auditors; and
    4. our Banking Partners for facilitating payment transactions, fetch account information and bank statements and balances; and
    5. third parties in the event we go through a business transition, such as a merger, demerger, split, division, acquisition by another organisation, or sale of all or a portion of our assets, and your personal data is required to be transferred as part of such assets; and
    6. regulators to meet our legal and regulatory obligations and to respond to court orders or other legal process; and
    7. law enforcement agencies so that they may detect or prevent crime or prosecute offenders.

We may share non-personally identifiable information about the use of our Platform, Services publicly or with third parties.

Security of Data

  • We take appropriate technical and organisational precautions commensurate with the information assets being protected, as prescribed under applicable laws, to prevent the loss, misuse, or manipulation of the information shared.
  • We take reasonable measures to protect the assets against unauthorized access or security attack.
  • We store all personal information described under this Privacy Policy on our secure password-protected servers.
  • You acknowledge the fact that data transmitted through the internet may be naturally prone to insecurity and we cannot guarantee security of such data.

Your Rights and Choices

Under certain circumstances, you may have the right to:

  • Right to Confirmation and Access: Right to review your personal data stored by us.
  • Right to Correction and Updation: Right to correct, update, or rectify personal data residing with us that is found to be inaccurate or deficient.
  • Right to Be Forgotten or Deletion: Right to erasure or to restrict or prevent continuing disclosure of personal data. We shall comply with such requests subject to applicable laws and the terms of the Banking Partners through the Services.
  • Right to deny or withdraw consent: We will provide you with an opportunity to deny or withdraw consent from processing your data. However, that withdrawal of consent will not be retroactive and will be in accordance with the terms of this Privacy Policy, Terms and Conditions of Connected Banking Services, and applicable laws. If you exercise the foregoing rights, it may impact or restrict our ability to provide Services to you. Please note that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to such withdrawal, nor will it affect processing of your personal data conducted in accordance with lawful processing grounds other than consent.

If you wish to exercise any of the foregoing rights, you can write to us at the contact details provided in Section 10 of this Privacy Policy, providing in as much detail as possible, the right(s) you wish to exercise.

General Information

  • Consent: If required by applicable law, all collected data is subject to your consent for the collection, use, storage, disclosure and otherwise processing of your personal information in accordance with this Privacy Policy. You can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing conducted prior to your withdrawal, nor will it affect processing of your Data conducted in reliance on lawful processing grounds other than consent. However, in the event you withdraw consent given to us under this Privacy Policy, such withdrawal may hamper your access to the Platform or restrict provision of our services to you for which we consider that information to be necessary.
  • Retention and Destruction of your Personal Data: We retain your personal information in accordance with applicable laws, for a period no longer than is required for the purpose for which such personal information was collected or as required under any applicable law. However, we may retain data related to you if we believe it may be necessary to prevent fraud or future abuse, to enable us to exercise our legal rights and/or defend against legal claims, or if required by applicable law or for other legitimate purposes. We may continue to retain your data in anonymised form for analytical and research purposes. Upon the completion of the retention period for each category of personal data as described above, we shall delete or destroy, to the extent technically possible, personal data in our possession or control, or render the personal data into anonymised data, so that it no longer constitutes personal data.
  • Children’s Data: We do not knowingly solicit or collect personal information from children under the age of 18 years.

Changes to this Privacy Policy

Please check our Privacy Policy periodically for changes. We may update this Privacy Policy to reflect changes to our information practices. We may alert you to significant changes by notifying you in accordance with applicable laws.

Grievance Redressal

To exercise any of the rights mentioned in this Privacy Policy or to share any grievance or queries related to our processing of your personal data, please email our Nodal Grievance Redressal Officer.

The name and contact details of the Nodal Grievance Redressal Officer are provided below:

Name: Leelavathi R
Designation: Head - Product Support Operations BD/TallyCare
Address: No. 331 – 336, Raheja Arcade, Koramangala, Bangalore, Karnataka – 560 095
Email: grievancesupport@tallysolutions.com