Privacy Policy and Data Protection Statement
(Compliant with ISO/IEC 27001:2022 Information Security Management Standard)
1. General
PayGURU Technosoft Pvt. Ltd. (“PayGURU”, “Company”, “we”, “our”, or “us”) is committed to protecting the privacy, confidentiality, integrity, and availability of your personal data in accordance with applicable data protection laws and ISO/IEC 27001:2022 requirements.
This Privacy Policy describes how we collect, use, store, retain, and protect information obtained through our applications, websites, and services (“Services”). By accessing or using our Services, you consent to this Privacy Policy and the practices described herein.
2. Data Collection and Use
We collect and process only the minimum necessary personal data to enable functionality, ensure security, and provide our Services.
2.1 Categories of Personal Data Collected
– Identification Information: Full name, gender, date of birth, mobile phone number, personal email address, and government-issued ID (for verification).
– Location Data: Current location (for service functionality).
– Device Data: Hardware model, operating system, version, device identifiers, and connectivity details.
– User Content: Information submitted voluntarily, such as feedback, support requests, or ratings.
2.2 Purpose of Processing
– Identity Verification: Government-issued ID scans are required for user authentication and are permanently deleted after successful verification.
– Service Delivery: To enable user registration, access control, and provision of services.
– Communication: To contact users for service updates, notifications, and limited marketing (opt-out available).
– Legal/Regulatory Compliance: To meet statutory obligations, audit requirements, and compliance with applicable laws.
We do not sell, rent, or share personal information with third parties except as required by law or authorized by the user.
3. Lawful Basis for Processing
Processing of personal data is carried out under one or more lawful bases:
– Consent – where users explicitly provide permission.
– Contractual necessity – to provide requested services.
– Legal obligation – where processing is required under applicable law.
– Legitimate interest – to ensure service integrity, fraud prevention, and IT security.
4. Data Retention and Deletion
– Personal data is retained only for as long as required to fulfil the purpose for which it was collected or to comply with legal/regulatory requirements.
– Government-issued ID scans are deleted immediately after successful verification.
– Upon user request, accounts and related data are securely deleted, subject to legal retention requirements.
5. Security of Information
We have implemented administrative, physical, and technical controls in line with ISO/IEC 27001:2022 to ensure confidentiality, integrity, and availability of information:
– Access Controls: Password-protected systems, OTP verification, and email authentication.
– Encryption: Secure transmission of data using industry-standard encryption protocols.
– Monitoring & Logging: Continuous monitoring of systems for unauthorized access or data breaches.
– Physical Security: Restricted facility access and secure storage systems.
– Vendor and Third-Party Management: Service providers are required to comply with information security standards.
Disclaimer: While we implement best-practice safeguards, no method of transmission or storage is 100% secure. We cannot guarantee absolute protection against all risks, but we continuously improve controls to reduce them.
6. Cookies and Analytics
The PayGURU website uses Google Analytics to collect anonymous traffic and usage data.
– We do not use cookies to collect personally identifiable information.
– Users may disable cookies or opt out of Google Analytics tracking by using the opt-out browser add-on: https://tools.google.com/dlpage/gaoptout.
7. Data Subject Rights
In accordance with applicable data protection principles, you have the right to:
– Access your personal data held by us.
– Request correction or update of your data.
– Request deletion or restriction of processing.
– Withdraw consent to processing at any time (without affecting prior lawful processing).
– Lodge a complaint with a relevant data protection authority.
Requests can be submitted through the Contact Us section (see Section 9).
8. Policy Updates
This Privacy Policy may be updated periodically to reflect changes in services, regulations, or security practices. Updates will be communicated through our website or app. Continued use of our Services constitutes acceptance of the revised policy.
9. Contact Us
If you have questions, requests, or complaints regarding this Privacy Policy, please contact us via the Contact Us section on our website.