VAMPAY PRIVACY POLICY

Last Updated on: 23rd September, 2024

Commitment to Privacy

This Privacy Notice describes how and what information we collect, how we use it and to whom and under what circumstances we may disclose it. The personal information we collect under this Privacy Notice is controlled by VAMPAY FINTECH PRIVATE LIMITED.

1. What Information Do We Collect?

The “Personal Information” we collect and process under this Privacy Notice refers to any information that can identify you. This includes your name, postal address, ZIP or postal code, email address, telephone number, date of birth, payment information, demographic information, transaction details, IP address, and site usage information, as well as any other information we may collect, depending on the circumstances.

We have structured this privacy notice to provide clear guidance on various aspects pertaining to your information and our practices. Each section delineates key components of our privacy protocols, ensuring transparency and clarity for our users. You can easily navigate to specific sections of interest to gain a comprehensive understanding of how we handle information, including collection methods from both direct user input and third-party or publicly available sources. Additionally, we outline our data sharing practices, security measures, and procedures for addressing grievances. This structured approach aims to empower users with knowledge about our data handling practices while emphasizing our commitment to safeguarding their privacy.

1 Information You Provide to Us:

We collect your personal information in order to provide and continually improve our products and services.

Information You Give Us: We receive and store any information you provide in relation to VAMPAY Services. You can choose not to provide certain information, but then you might not be able to take advantage of many of our VAMPAY Services.
Automatic Information: We automatically collect and store certain types of information about your use of VAMPAY Services, including information about your interaction with content and services available through VAMPAY Services. Like many websites, we use cookies and other unique identifiers, and we obtain certain types of information when your web browser or device accesses VAMPAY’s Services and other content served by or on behalf of VAMPAY on other websites.
Third-Party & Public Sources: We also work closely with third parties (such as business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, address update providers, data append providers, co-promotion partners and credit reference agencies), and may lawfully receive demographic and other personal information about you from those third parties, which we may combine with the information you have provided to us. For example, we may lawfully collect information about you from content on social media platforms (e.g., when you choose to log in to Our Site through a third-party social media platform (e.g., Facebook), subject to your actions and settings on those platforms). We do this to better tailor our products, services, sites and communications, and to ensure we are providing our customers and visitors with the best browsing experiences. We process all data we obtain from such other sources in accordance with this Privacy Notice Note that content and information that you submit on or through Facebook, Twitter, Instagram, and other third-party platforms may appear on our Sites through feeds or interfaces that we have with those platforms. We are not responsible for the information, content and/or privacy practices of any such third-party platforms or content pulled through them.
Site Usage Information and Other Information Collected Automatically: As part of the standard operation of the Sites, certain information is collected automatically about your visits to the Sites or your device accessing a Site. Our servers may automatically gather some of this “Site usage information” (such as your IP address, and information about your browsers, your device, your location, and your shopping, browsing and other usage activities). Additionally, if we have your consent, then we (and our service providers) may use cookies and other similar technologies to collect and track such information (see our Cookies/Ad Choices Policy for more details).

2. With Whom Do We Share Personal Information?

We make available to you services, products, applications, or skills provided by third parties for use on or through VAMPAY Services. We also offer services or sell product lines jointly with third-party businesses registered on www.vampay.in, such as merchants providing bill-payment assistance. You can tell when a third party is involved in your transactions, and we share customers’ personal information related to those transactions with that third party.

3. Transactions involving Third Parties

4. Third-Party Service Providers

We employ other companies and individuals to perform functions on our behalf. Examples include sending email, removing repetitive information from customer lists, analysing data, providing marketing assistance, providing search results and links, processing payments, scoring, assessing and managing credit risk, and providing customer service. These third-party service providers have access to personal information needed to perform their functions, but 3 may not use it for other purposes. Further, they must process the personal information in accordance with applicable law.

5. Business Transfers

As we continue to develop our business, we might sell or buy other businesses or services. In such transactions, customer information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the customer consents otherwise).

6. Protection of VAMPAY and Others

We release accounts and other personal information when we believe release is appropriate to comply with the law; enforce or apply our Conditions of Use and other agreements; or protect the rights, property, or safety of VAMPAY, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. Other than as set out above, you will receive notice when personal information about you might be shared with third parties, and you will have an opportunity to choose not to share the information. INFORMATION COLLECTED OR RECEIVED In the course of providing our Services, we collect or receive your personal information in a few different ways.

We obtain the categories of personal information listed below from the following sources: directly from you, for example, from forms you complete or during registration; indirectly from you based on your activity and interaction with our Services, or from the device or browser you use to access the Services; from our vendors and suppliers that help provide VAMPAY services you may interact with (such as, for example, for payments or customer support), and from our third party advertising and marketing partners. Often, you choose what information to provide, but sometimes we require certain information to provide you the Services. VAMPAY uses the personal information it receives and collects in accordance with the purposes described in this policy. You can also choose to provide information to a third party via VAMPAY’s API. While users of VAMPAY’s API are required to follow VAMPAY’s API Terms of Use, including having appropriate privacy and security controls, VAMPAY does not have a direct partner relationship with these third parties and their processing of information is subject to their own privacy policies. You should understand the privacy and security practices of any third party before you share information with them.

7. Registration, Account Setup, Service Usage:

If you create an account to take advantage of the full range of services offered on VAMPAY, we ask for and record Personal Information such as your name, email address and mobile number. We may collect and store your Sensitive Personal Data or Information (such as any financial information including inter alia credit card, debit card details, bank account and Know Your Customer ("KYC") documents as per RBI regulations and any other information as may be applicable) that the User may opt to save in the User account created with VAMPAY]. We use your email address to send you updates, news, and newsletters (if you willingly subscribe to the newsletter during signup, or any time after signup) and contact you on behalf of other Users (such other Users who send you friend requests, personal messages, or other social collaboration based events). [If you do not want to receive communications from us that are not relevant to you or 4 your use of our services, please click on the unsubscribe link provided at the bottom of such e-mails sent to you by us. We use your mobile numbers to send you transaction alerts and SMS alerts based on your preferences. If you do not wish to receive such SMSs from us, please notify us at VAMPAY.com/support to stop receiving SMSs from us. VAMPAY assures that your Personal Information will not be made public or sold to any third party. The User shall have an option to erase any information provided by the User including Personal Information. If a User opts for the said option of erasure, VAMPAY shall delete all stored information of the User from its servers. In order to use the Services, you will need to submit a valid email address. If you register, you will need to submit a name associated with your account. You may modify that name through your account settings. You need to provide this information to enable us to provide you with the Services. As a VAMPAY seller, if you choose to use our payment service ("VAMPAY Payments"), VAMPAY requires your full name, business details, identification ID or tax ID, date of birth, bank account information, photograph, credit card information, and/or other proof of identification in order to verify your identity, provide this service to you, and comply with applicable law. For Users , VAMPAY requires this information from you in order to provide you with the Services (including, to verify ownership of an account, to mitigate fraud and abuse, to comply with regulatory obligations, or to complete a transaction). VAMPAY may contact individual business owners confidentially to request more information about their business or items listed through the Services, or may request information from buyers to ensure compliance with our policies and applicable law. In order to use certain products or services on VAMPAY, you may be required to complete an application; information that you submit through the application process will not be displayed publicly and will only be used internally by VAMPAY and its service providers, unless otherwise specified.

8. Automated Information:

VAMPAY automatically receives and records information from your browser or your mobile device when you visit the Site, use the Apps, or use certain features of the Services, such as your IP address or unique device identifier, cookies, and data about which pages you visit and how you interact with those pages in order to allow us to operate and provide the Services. This information is stored in log files and is collected automatically. VAMPAY may also receive similar information (like, for example, IP addresses and actions taken on the device) provided by a connected Internet of Things device such as a voice-activated assistant or Smart TV. We may combine this information from your browser or your mobile device with other information that we or our advertising or marketing partners collect about you, including across devices. This information is used to prevent fraud and to keep the Services secure, to analyse and understand how the Services work for members and visitors, and to provide advertising, including across your devices, and a more personalized experience for members and visitors. We also automatically collect device-specific information when you install, access, or use our Services. This information can include information such as the hardware model, operating system information, app version, app usage and debugging information, browser information, IP address, and device identifiers. Data from VAMPAY Vendors and Suppliers: We also receive information from our vendors and suppliers about you. This information can include customer service interactions, payments information, delivery information, and information shared in VAMPAY’s forums.

9. Data from Vampay Vendors and Suppliers:

We also acquire data from our vendors and suppliers pertaining to your interactions. This data encompasses customer service exchanges, payment records, delivery details, and contributions made within VAMPAY’s forums.

10. Data from Advertising and Marketing Partners:

As described below, VAMPAY receives information from our advertising and marketing partners about you. This information can include attribution information via cookies and UTM tags in URLs to determine where a visit to VAMPAY comes from, responses to marketing emails and advertisements, responses to offers, and audience information from partners who you have given consent to share that information with us.

11. Location Information:

We collect information about your use of the Services for advertising, for analytics, to serve content, and to protect the Services. This can include your IP address, browser information (including referrers), device information (such as iOS IDFA, IDFV for limited non-advertising purposes, Android AAID, and, when enabled by you, location information provided by your device). You can choose to publish your location when you sell on VAMPAY. We obtain location information you provide in your profile or your IP address. With your consent, we may also determine location by using other information from your device, such as precise location information from GPS or information about wireless networks or cell towers near your mobile device. We use and store information about your location to provide features and to improve and customise the Services, for example, for VAMPAY’s internal analytics and performance monitoring; localisation, regional requirements, and policies for the Services; for local content, search results, and recommendations; for delivery and mapping services; and (using non-precise location information) marketing. If you have consented to share your precise device location details but would no longer like to continue sharing that information with us, you may revoke your consent to the sharing of that information through the settings on the Apps or on your mobile device. Certain non-precise location services, such as for security and localised policies based on your IP address or submitted address, are critical for the Site to function. We will only share your geolocation details with third parties (like our mapping, payments, or, to the extent applicable, advertising providers) in order to provide you with the Services. You may also choose to enable the Apps to access your mobile device’s camera to upload photographs to VAMPAY.

12. Analytics Information:

We use data analytics software to ensure Site and App functionality and to improve the Services. This software records information such as how often you use the website, what happens within the website, aggregated usage, performance data, app errors and debugging information, and where the website was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information that you submit within the mobile application.

13. Non-Member Information:

VAMPAY receives or obtains information (for example, an email address or IP address) about a person who is not yet a registered VAMPAY member (a “non-member”) in connection with certain VAMPAY features, such as when a non-member chooses to subscribe to an VAMPAY newsletter, a member invites a non-member to visit the Site, a member uploads non-member information using the contact uploader feature, a non-member engages in a transaction. Non- member information is used only for the purposes disclosed when it was submitted to 6 VAMPAY, for purposes necessary to the functioning of VAMPAY's Services or where VAMPAY has a legitimate interest.

14. Governance Checks to Ensure Funds Are Used for Pay outs Based on Collections Received

Vampay ensures that pay outs are appropriately linked to the funds received from collections. The section covers:

Payout Governance Protocol: Vampay conducts stringent governance checks to ensure that all funds used for pay outs correspond directly to the collections received from merchants. This ensures transparency, accuracy, and fairness in our disbursement process.
Verification and Declaration: Merchants are required to declare that all collections are reported accurately. These declarations are being further periodically verified through checks by the company to ensure that no discrepancies exist between collected funds and pay outs.
Audit and Monitoring: Regular internal audits are being performed to verify that the funds are being used strictly for the intended pay outs. The company reserves the right to request additional documentation from merchants as part of this governance process.

15. Inclusion of Penny Drop & Cancelled Cheque in the Merchant Onboarding Process

For better security and accuracy in onboarding merchants, Vampay further emphasizes that how we use the following two validation methods:

Penny Drop Method: As part of the merchant verification process, a small test amount (usually a small amount of Rs.10) is being deposited into the merchant’s bank account to ensure that the provided bank details are valid and belong to the merchant. This method helps verify the accuracy of banking information before large transactions are processed.
Cancelled Cheque Submission: Merchants are required to submit a copy of a cancelled cheque from their bank account during the onboarding process. This provides an additional layer of verification for the merchant’s bank details and ensures that all pay outs are made to the correct account.

Both the penny drop and cancelled cheque methods ensure the accuracy and legitimacy of the financial information provided by the merchant, reducing the risk of fraud and errors in payments.

16. Onboarding Process: Physical & Digital

This part clarifies the onboarding options available to merchants:

Physical Onboarding: At Vampay, merchants have to undergo a physical onboarding process, where they submit required documentation in hard copy, participate in in- 7 person verification, and sign necessary agreements. This process is often suited for those who prefer face-to-face interactions or have limited access to digital platforms.
Digital Onboarding: At Vampay we also onboard our Merchants digitally. Through a secure platform, merchants can upload the required documents, complete identity and bank verification, and sign contracts digitally. The company employs robust encryption and security protocols to ensure that all data shared during digital onboarding is protected and remains confidential.

17. Vampay Velocity Check Implementation

Velocity Check Rules: The Velocity Check framework is designed to safeguard against fraudulent or unusual transactional behaviour by implementing specific rules that monitor and limit transaction activity. These rules help to protect merchants and customers by identifying patterns that could signal misuse or attempts to circumvent normal operational limits.

1. Transaction Frequency Check

This rule places a cap on the number of transactions that a specific user, card, or account can initiate within a predetermined timeframe (e.g., minutes, hours, days). The aim is to prevent rapid successive transactions from the same source, which could indicate fraud or system abuse.

Purpose:To detect and prevent burst transaction activity that may be indicative of malicious behaviour or card misuse.
Example:A user may be restricted from making more than five transactions within a 10-minute window.

2. Transaction Amount Check

This rule establishes a threshold for the total monetary value of transactions performed by a single user or account within a defined period. This ensures that no individual can process an excessive sum of money in a short period, which may signal potential fraudulent behaviour.

Purpose:To limit the total financial exposure for each user, minimizing the risk associated with large unauthorized transactions.
Example:A user’s transactions may be capped at Rs.5,000 in any 24-hour period.

3. IP-Based Check

This rule tracks the IP address associated with transaction requests and monitors the frequency of transactions originating from the same IP address. High-frequency transactions from the same IP may indicate attempts to bypass account-specific limits by using multiple accounts.

Purpose:To prevent abuse or fraud by monitoring activity from specific network locations and detecting suspicious patterns of usage.
Example: If 100 transactions are attempted from the same IP address within a 15- minute period, the system may flag these attempts as suspicious.

4. Account/Customer Velocity Check

This rule limits the number of transactions or total amount that a single customer or account can execute over a specific timeframe, such as a day or a week. By enforcing limits at the customer level, the system ensures that no individual can circumvent transaction frequency or amount limits by using multiple accounts.

Purpose: To detect unusual transaction volume associated with specific customer accounts, minimizing the risk of fraud through customer account exploitation.
Example: A customer is limited to executing no more than 10 transactions or spending more than $10,000 in a 48-hour period.

Workflow for Implementing Velocity Checks:

The process of performing velocity checks involves a systematic evaluation of each incoming transaction against pre-configured rules. This ensures real-time decision-making while minimizing disruption to legitimate transactions.

1. Incoming Transaction Request

Upon receiving a transaction request, the system captures critical transaction details, including:

User ID

Virtual Payment Address (VPA)

Card number

IP address

Transaction amount

This information is used to uniquely identify the user and their associated transaction history.

2. Checking Recent Transactions

The system queries the transaction database to retrieve the recent transaction history for the user or card in question. This involves reviewing past transactions within a specified timeframe (e.g., last 10 minutes, hours, or days). The data collected includes:

Number of transactions

Total transaction amounts

IP addresses linked to past transactions

3. Applying Velocity Rules

Once the transaction history has been retrieved, the system applies the velocity check rules to determine if the transaction meets the required criteria:

For Frequency Checks: TThe system counts the number of transactions performed by the user, card, or IP address within the defined time window.

For Amount Checks: The system sums the transaction amounts over the same period to ensure the total does not exceed the predefined limit.

4. Decision-Making Process

Based on the results of the velocity check, the system makes one of the following decisions:

If Limits Are Exceeded:The transaction is either declined or flagged for further review by the system or a human analyst. This helps to prevent potential fraudulent or excessive activity.

If Within Limits: The transaction proceeds normally and is processed without interruption, ensuring a smooth customer experience for legitimate transactions.

Conclusion

The Vampay Velocity Check system is an essential safeguard against fraudulent activities. By implementing rules based on transaction frequency, amount, IP address, and customer velocity, it ensures that all transactions are thoroughly monitored for unusual patterns. This combination of automated decision-making and governance rules protects the platform, merchants, and customers from potential fraud and misuse.

Pattern by VAMPAY: We also collect certain information from both members and non-members who visit websites hosted by us. This information may include your IP address or unique device identifier, and cookies and data from the pages you visit. PHISHING, SPOOFING & OTHER SCHEMES It has become increasingly common for hackers, cyber-criminals and other unauthorized individuals to send emails and other communications to consumers purporting to represent a legitimate company, such as a bank or an online retailer, and requesting through those communications that the consumer provide personal, often sensitive, information. Sometimes, the domain name of the sender’s email address, or the domain name of the website requesting such information, may appear to be the domain name of a legitimate, trusted company. If you receive a request to provide information (including your online account password, or any payment information) via email or to a website or individual that does not seem to be affiliated with the Sites or VAMPAY, or that otherwise seems suspicious to you, please do not respond or disclose your information. VAMPAY will never send you an email requesting that you verify any credit card information, financial information or other personal information. Please immediately report any such communication.
CHANGES TO THIS PRIVACY NOTICE: We reserve the right to update this Privacy Notice from time to time and the amended notice will be posted to the Sites. Under certain circumstances (for example, in connection with certain material adverse changes to this Privacy Notice), we may also elect to notify you through additional means, such as posting a notice on the home page(s) of the Sites or contacting you via email.
Complaints and Grievance Redressal: If you contact us to provide feedback, register a complaint, or ask a question, we will record any Personal Information and other content that you provide in your communication so that we can effectively respond to your communication. Any complaints or concerns in relation to your Personal Information or content of this Website or any dispute or breach of confidentiality or any proprietary rights of User during use of the Website or any intellectual property of any User should be immediately informed to the Grievance/ Nodal Officer at the coordinates mentioned below in writing or by way of raising a grievance ticket through the hyperlink mentioned below:
CONTACT US:
For any queries, complaints, or feedback regarding privacy concerns, please contact our Grievance Officer at
support@vampay.in

Your privacy matters to us. Thank you for entrusting us with your information!!