Privacy and Policy

Last Updated: 17 Jan 2025

        This policy applies to One Klick Payment (UPay Digi India Pvt Ltd) a company incorporated under the Companies Act, 1956 with its registered office at Floor 1st, Wing A3, Samarth Srushti, Manaji Nagar, Narhe, Pune, Maharashtra, India, 411041, and its Entities/Subsidiaries including but not limited to One Klick Payment (UPay Digi India Pvt Ltd),collectively “One Klick Payment (UPay Digi India Pvt Ltd)”, “we”, “our”, or “us” as the context may require).

        This policy describes how One Klick Payment (UPay Digi India Pvt Ltd) collects, stores, uses and otherwise processes your Personal Information through One Klick Payment (UPay Digi India Pvt Ltd) websites, One Klick Payment (UPay Digi India Pvt Ltd) Applications, m-sites, chatbots, notifications or any other medium used by One Klick Payment (UPay Digi India Pvt Ltd) to provide its services to you (hereinafter referred to as the “Platform”). By visiting, downloading, using One Klick Payment (UPay Digi India Pvt Ltd) Platform, and/or, providing your information or availing our product/services, you expressly agree to be bound by this Privacy Policy (“Policy”) and the applicable service/product terms and conditions. We value the trust you place in us and respect your privacy, maintaining the highest standards for secure transactions and protection of your personal information.

        This Privacy Policy is published and shall be construed in accordance with the provisions of Indian laws and regulations including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under the Information Technology Act, 2000, the Aadhaar Act, 2016 and its Amendments, including the Aadhaar Regulations; that require publishing of the privacy policy for collection, use, storage, transfer, disclosure of Personal Information. Personal Information means and includes all information that can be linked to a specific individual and also includes Sensitive Personal Information (all Personal Information which requires heightened data protection measures due to its sensitive and personal nature), both, hereinafter referred to as “Personal Information”, excluding any information that is freely available or accessible in public domain. Please note, Our products/services are offered in India for Indian customers, and your Personal Information processing will be subject to Indian laws. If you do not agree with this Privacy Policy, please do not use or access our Platform. .

        One Klick Payment we values your trust and is committed to protecting your personal and financial information. This Privacy Policy outlines how we collect, use, share, and protect your data when using our Aadhaar-enabled payment system, DMT money transfer, BBPS services, mobile & DTH recharge, Micro ATM Android app, and web portal.

        Privacy Policy for an app and web portal involving sensitive financial transactions and personal data (e.g., Aadhaar-enabled payment systems, data protection regulations (e.g., GDPR, India's IT Act, etc.) and industry best practices.

1. Information We Collect:

We may collect your Personal Information when you use our services or Platform or otherwise interact with us during the course of our relationship. We collect Personal Information which is relevant and absolutely necessary for providing the services requested by you and to continually improve the One Klick Payment Platform.

Personal and Sensitive Personal Information collected, as applicable, includes, but are not limited to:

1.1 Personal Information

* Name, age, gender, photo, address, phone number, e-mail id, your contacts, nominee details
* Aadhaar information including Aadhaar number or Virtual ID for the purposes of e-KYC authentication with the Unique Identification Authority of India (UIDAI). Note that submission of Aadhaar information is not mandatory and there are alternatives to submission of identity information (e.g., Voter ID, DL)
* KYC-related information such as PAN, income details, your business-related information, videos or other online/ offline verification documents as mandated by relevant regulatory authorities.
* OTP sent to you by your bank, NSDL or One Klick Payment.
* Your Short Messaging Service (SMS(es)) that are stored on your device for the purposes of, including but not limited to, registering you and your device for payments or investment services, OTPs for logins and payments, enhancing your security, bill payments and recharge reminders, and any other legitimate uses with your explicit consent
* balance including Credit & Debit ledger balance or margins, transaction history and value, bank account details, wallet balance, transactions, income range, expense range, service or transaction related communication, order details, service fulfilment details, part of your card details for smooth transaction using One Klick Payment or any of the services
* your demographic and photo information including but not limited to Aadhaar number, address, gender, and date of birth as a response received from UIDAI upon successful Aadhaar e-KYC Purpose and Use of Information

1.2 Transactional Information

* Payment transaction details (e.g., amount, date, recipient, and payment method)
* Recharge and bill payment history

1.3 Device Information

* Device identifiers (e.g., IMEI, IP address)
* Operating system, app version, and device model
* Geolocation data (for fraud prevention and regulatory compliance)

2. Purpose and Use of Information

One Klick Payment may process your Personal Information for the following purposes:
* creation of your account and verification of your identity and access privileges
* provide you access to the products and services being offered by us, merchants, registered Users, research analysts, entities, subsidiaries, sellers, API partners, or business partners
* fulfill your service request
to carry out credit checks, screenings or due diligence checks as lawfully required by us and detect and protect us against error, fraud, money laundering and other criminal activity
* to conduct the KYC compliance process as a mandatory prerequisite as per the requirements of various regulatory bodies, including UIDAI under the Aadhaar Act and its Regulations
* to validate, process and/or share your KYC information, nominee details with other intermediaries, Regulated Entities (REs) or AMCs or financial institutions or with any other service providers as may be required
* to process payments on your behalf and on your instructions; communicate with you for your queries, transactions, and/or any other regulatory requirement, etc.
* Process payments, transfers, and recharges
* to identify security breaches and attacks; investigating, preventing, and taking action on illegal or suspected fraud or money laundering activities and conducting forensic audits as part of internal or external audit or investigation by One Klick Payment or government agencies located within India or outside the Indian jurisdiction
* Authenticate users and transactions securely (e.g., Aadhaar and OTP-based verification)
* Comply with legal and regulatory requirements
* Improve our app and web portal functionality
* Detect and prevent fraud, unauthorized access, or illegal activities

While we may also process your Personal Information for other legitimate business cases, we ensure to take appropriate steps to minimize the processing to the extent possible, making it less intrusive to your privacy.

Please note that when providing you with account aggregator services, we do not store, use, process, or have access to any financial information that you choose to transmit under our services.

3. Sharing of Information

We may share your data with:
* Authorized third-party service providers (e.g., payment gateways, banks, BBPS agents)
* Regulatory authorities, law enforcement, or courts, when required by law
* Technology providers for analytics, error tracking, and service improvement (e.g., cloud services)

* Note: We do not sell your personal information to third parties.

4. Data Protection Measures

We employ robust security practices to safeguard your data, including:
* End-to-end encryption for transactions
* Secure Aadhaar authentication as per UIDAI standards
* Regular vulnerability assessments and audits
* Restricted access to sensitive information

5. Your Rights

You have the right to:
* Access and review the personal data we hold about you
* Request corrections or updates to your information
* Withdraw consent or delete your account, subject to legal obligations

6. Cookies or Similar Technologies

We use data collection devices such as “cookies” or similar technologies on certain pages of the Platform to help analyse our web page flow, measure promotional effectiveness, and promote trust and safety. “Cookies” are small files placed on your device hard-drive/storage that assist us in providing our services. Cookies do not contain any of your Personal Information. We offer certain features that are only available through the use of a “cookie” or similar technologies. We also use cookies to allow you to enter your password less frequently during a session. Cookies or similar technologies can also help us provide information that is targeted to your interests. Most cookies are “session cookies,” meaning that they are automatically deleted from your device hard-drive/storage at the end of a session. You are always free to decline/delete our cookies or similar technologies if your browser/device permits, although in that case you may not be able to use certain features on the Platform and you may be required to re-enter your password more frequently during a session. Additionally, you may encounter “cookies” or other similar technologies on certain pages of the Platform that are placed by third parties. We do not control the use of cookies by third parties.

7. Third-Party Products, Services, or Websites

When you are availing products and services of service providers on One Klick Payment Platform, Personal Information may be collected by respective service providers and such Personal Information shall be governed by their privacy policy. You may refer to their privacy policy and terms of service to understand how your Personal Information will be handled by such service providers.

Our services may include links to other websites or applications when you visit our Platform. Such websites or applications are governed by their respective privacy policies, which are beyond our control. Once you leave our servers (you can tell where you are by checking the URL in the location bar on your browser or on the m-site you are redirected to), use of any Personal Information that you provide on these websites or applications is governed by the privacy policy of the operator of the application/website, you are visiting. That policy may differ from ours and you are requested to review those policies or seek access to the policies from the domain owner before proceeding to use those applications or websites. We do not accept any responsibility or liability for usage of your Personal Information by these third parties or their policies.

8. Your Consent

We process your Personal Information with consent. By using the One Klick Payment (Upay Digi India Pvt Ltd) Platform or services and/or by providing your Personal Information, you consent to the processing of your Personal Information by One Klick Payment (Upay Digi India Pvt Ltd) in accordance with this Privacy Policy. If you disclose to us any Personal Information relating to other people, you represent that you have the authority to do so and permit us to use the information in accordance with this Privacy Policy. Further, you agree and authorize One Klick Payment (Upay Digi India Pvt Ltd) to communicate with you via channels like Phone calls and E-mail for the purposes set out in this policy, irrespective of your registration with any authorized DND registries..

9. Prominent Disclosure & Information Sharing and Disclosures

Your Personal Information is shared as allowed under applicable laws, after following due diligence and in line with the purposes set out in this Policy.

We may share your Personal Information with different categories of recipients such as business partners, service providers, sellers, logistic partners, merchants, Wealthbasket curators, entities, subsidiaries, legally recognized authorities, regulatory bodies, governmental authorities, financial institutions, internal teams such as marketing, security, investigation team, etc.

Personal Information will be shared, as applicable, on need-to-know basis, for the following purposes, including but not limited to:

One Klick Payment collects and processes the following data to enable secure Aadhaar-based financial transactions:

* for services related to communication, marketing, data and information storage, transmission, security, analytics, fraud detection, risk assessment and research
* respond to claims that an advertisement, posting, or other content violates the rights of a third party; or protect the rights, property or personal safety of our users or the general public
* for the purpose of processing your financial product subscription requests placed with us and ensuring that these requests reach the relevant financial institution whose service/product you have opted for
* if required to do so by law or in good faith we believe that such disclosure is reasonably necessary to respond to subpoenas, court orders, or other legal process
* should we (or our assets) plan to merge with, or be acquired by any business entity, or re-organization, amalgamation, restructuring of our business then with such other business entity
* Aadhaar Number: Used for secure identity verification with UIDAI.
* Biometric Data: Your fingerprint is processed in real-time for authentication but is not stored by the app.
* Bank Account Details: Required to complete cash withdrawals, deposits, and balance inquiries.
* Device Information: Collected to ensure transaction security and prevent fraud.
* Transaction Details: Stored as per legal requirements for compliance and reconciliation.

While the information is shared with third parties as per purposes set out in this Policy, processing of your Personal Information is governed by their policies. One Klick Payment ensures stricter or no less stringent privacy protection obligations are cast on these third-parties, wherever applicable and to the extent possible. However, One Klick Payment may share Personal Information with third-parties such as legally recognized authorities, regulatory bodies, governmental authorities, and financial institutions as per purposes set out in this Policy or as per applicable laws. We do not accept any responsibility or liability for usage of your Personal Information by these third parties or their policies.

Storage and Retention:

To the extent applicable, we store Personal Information within India and retain it in accordance with applicable laws and for a period no longer than it is required for the purpose for which it was collected. However, we may retain Personal Information related to you if we believe it may be necessary to prevent fraud or future abuse or if required by law such as in the event of the pendency of any legal/regulatory proceeding or receipt of any legal and/or regulatory direction to that effect or for other legitimate purposes.

Once the Personal Information has reached its retention period, it shall be deleted in compliance with applicable laws.

Reasonable Security Practices:

One Klick Payment has deployed administrative, technical, and physical security measures to safeguard user’s Personal Information and Sensitive Personal Information. Specifically, in order to safeguard your Aadhaar information, we have implemented applicable security controls as given under and required by the Aadhaar Regulations. We understand that as effective as our security measures are, no security system is impenetrable. Hence, as part of our reasonable security practices, we undergo strict internal and external reviews to ensure appropriate information security encryption or controls are placed for both data in motion and data at rest within our network and servers respectively. The database is stored on servers secured behind a firewall; access to the servers is password-protected and is strictly limited..

Further, you are responsible for maintaining the confidentiality and security of your login id and password. Please do not share your One Klick Payment login, password, and OTP details with anybody. It shall be your responsibility to intimate us in case of any actual or suspected compromise to your Personal Information.

We have provided multiple levels of security to safeguard the One Klick Payment Application by login/logout option and One Klick Payment Application lock feature (“Enable Screen Lock”) that can be enabled by you. We have preventive controls implemented to ensure you use One Klick Payment Application on your device and the same login credentials cannot be used on different device without any additional authentication/OTP.

Personal Information Access/Rectification and Consent:

"You can access and review your Personal Information shared by you by placing a request with us. In addition, you may at any time revoke consent given to us to store your e-KYC information, collected as part of the Aadhaar-based e-KYC process. Upon such revocation, you may lose access to services that were availed on the basis of the consent provided. In some cases, we may continue to retain your information as per the ‘Storage and Retention’ section of this Policy. To raise any of the above requests, you may write to us using the contact information provided under the ‘Contact Us’ section of this Policy..

"In case you wish to delete your account or Personal Information, please use the ‘Help’ section of the One Klick Payment Platform. However, retention of your Personal Information will be subject to applicable laws..

"For the above requests, One Klick Payment may need to request specific information from you to confirm your identity and ensure authentication. This is a security measure to ensure that Personal Information is not disclosed to any person who does not have a right to receive it or is not incorrectly modified or deleted.

"In cases where you need any further information specific to the product/ services that you are availing, we request you to read through the Terms and Conditions specific to the product/service which is easily accessible through the One Klick Payment Platform. For seeking any further information on the same, you can write to us at the details mentioned in the ‘Contact Us’ section of this Policy.

Children Information

We do not knowingly solicit or collect Personal Information from children under the age of 18 and use of our Platform is available only to persons who can form a legally binding contract under the Indian Contract Act, 1872. If you are under the age of 18 years then you must use the Platform or services under the supervision of your parent, legal guardian, or any responsible adult.

10. Jurisdiction and Scope

The General Data Protection Regulation (GDPR) and India's Information Technology Act, 2000 (IT Act) are both legal frameworks designed to regulate aspects of data privacy, security, and digital transactions, though they differ significantly in scope, intent, and enforcement. Here's a comparison:

10.1 GDPR (EU):

* Applies to all organizations operating in the EU or handling the personal data of EU residents, regardless of the organization's location.
* Covers personal data processing, storage, and transfer, ensuring individuals' privacy rights.

10.2 India's IT Act:

* Primarily governs electronic commerce, cybercrimes, and data security within India.
* Includes provisions for handling personal data, but its focus is broader, covering digital signatures, cyber offenses, and electronic contracts.

11. Focus Areas

11.1 GDPR:

* Comprehensive regulation focused exclusively on data protection and privacy.
* Establishes specific rights for individuals, such as the right to access, rectify, erase (right to be forgotten), and data portability.

11.2 IT Act:

* Focuses on promoting secure digital transactions and mitigating cybercrimes.
* Includes data protection through the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules).

12. Key Principles

12.1 GDPR:

* Transparency, accountability, and data minimization.
* Requires a legal basis for processing personal data (e.g., consent, contract, legitimate interest).
* Implements strong data protection mechanisms, including Data Protection Impact Assessments (DPIAs) and mandatory breach notifications.

12.2 IT Act:

* Requires "reasonable security practices" for data protection but lacks detailed procedural or operational guidance.
* Focuses on sensitive personal data, such as passwords, financial information, and medical records, requiring consent for disclosure.

13. Enforcement and Penalties

13.1 GDPR:

* Enforced by national Data Protection Authorities (DPAs) in EU member states.
* Severe penalties for non-compliance: up to €20 million or 4% of global annual turnover, whichever is higher.

13.2 IT Act:

* Enforced by the Cyber Appellate Tribunal and other authorities.
* Penalties for non-compliance are less stringent compared to GDPR, often capped at INR 5 crore (~€580,000).

14. Individual Rights

14.1 GDPR:

* Grants comprehensive rights to individuals, such as:
* Right to access personal data.
* Right to rectification and erasure.
* Right to restrict processing and object to automated decision-making.

14.2 IT Act:

* Provides limited rights, primarily focusing on consent for sharing sensitive personal data.

15. Cross-Border Data Transfers

15.1 GDPR:

* Strict regulations for transferring personal data outside the EU.
* Requires "adequacy decisions" or adherence to specific mechanisms like Standard Contractual Clauses (SCCs).

15.2 IT Act:

* Requires that sensitive personal data can only be transferred outside India if necessary for a lawful contract or with individual consent.

16. Emerging Developments

16.1 GDPR:

* Continues to influence global privacy laws and serves as a benchmark for data protection.

16.2 IT Act:

* Moving towards stronger privacy laws. The Digital Personal Data Protection Act, 2023 (DPDP) was introduced to overhaul data privacy regulations, aligning more closely with GDPR principles.

Changes to Policy:

Since our business changes constantly, so will our policies. We reserve the right, at our sole discretion, to change, modify, add, or remove portions of this Privacy Policy at any time without any prior written notice to you. We may, however, reasonably endeavour to notify you of the changes, it is your responsibility to review the Privacy Policy periodically for updates/changes. Your continued use of our services/Platform, following the posting of changes will mean that you accept and agree to the revisions. We will never make changes to policies in order to make it less protective of Personal Information already shared by you.

Your acceptance of these terms:

By using this Site, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

One Klick Payment is committed to protecting the privacy and security of our users' image information. This Privacy Policy outlines how we collect, use, store, and protect users' images within One Klick Payment.

Contacting us
If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at: Email - info@oneklick.co.in

Powered By Uay Digi India Private Limited Register Office Address - Office No - 01, Wing 3, First Floor, Manaji Nagar, Narhe, Pune, Maharashtra, India - 411041

Helpline - 9168811211