Privacy Policy of Newbazaar Technologies Pvt Ltd

This Privacy Policy is published and shall be construed in accordance with the provisions of
Indian laws and regulations including but not limited to the Information Technology
(Reasonable Security Practices and Procedures and Sensitive Personal Data or Information)
Rules, 2011 under the Information Technology Act, 2000, the Aadhaar Act, 2016 and its
amendments, including the Aadhaar Regulations; that require publishing of the privacy policy
for the collection, use, storage, transfer, disclosure of Personal Information. If you do not
agree with this Privacy Policy do not, in any manner, use our Services or download, install
and/or use the Sites.

General

Newbazaar Technologies Pvt Ltd.(‘ShopSe’, 'we', 'our' or 'us') recognizes the importance of
protecting personal details and information and provides this Privacy Policy with respect to
the access and use of www.getshopse.in and mobile Application ('Sites / Platforms ') as
owned and operated by us and/or our affiliates and payment facilitation services including
bill payment services provided by us ('Services'). The term Sites will also include all pages
that are sub-domains or are associated or within each Site and all devices, applications,
features, technologies, functionalities and other services that ShopSe operates or offers
through such Sites.

For the purpose of this Privacy Policy, the user of Services may be merchants/sellers/billers,
customers/buyers/consumers, or any other persons using Services or accessing Sites ('User',
'you' or 'your'). This Privacy Policy will help you understand our policies and procedures
regarding the collection, handling and use of your personal information.

By using our Services through the Sites, you signify your assent to this Privacy Policy and
consent to the processing of your Personal Information. Personal Information means and
includes all information that can be linked to a specific individual also includes Sensitive
Personal Information (all Personal Information which requires heightened data protection
measures due to its sensitive and personal nature), both, hereinafter referred to as “Personal
Information”, excluding any information that is freely available or accessible in the public
domain. Please note, we offer our Sites or Services under our Site only in India

Information Collection

We collect such information about you which is essential to operate our business and to
enable us to deliver and improve our Services. We may obtain the following information
about you and your device from which you avail Services

Profiling Information
 For providing Services we require certain information for registration such as your
name, physical addresses, postal addresses, location, telephone, mobile and fax
numbers; and certain information about your personal identity such as gender, age,
photograph etc. For User Identification we may need your PAN card number, KYC
related information such as videos or other online/ offline verification documents as
mandated by relevant regulatory authorities, your business-related information.
Aadhaar information including Aadhaar number or Virtual ID for the purposes of e-

KYC/Offline KYC authentication with the Unique Identification Authority of India
(UIDAI). Note that submission of Aadhaar information is not mandatory for e-KYC
authentication, you can also use other types of information for completing your KYC.
Further, we also collect and store your usernames, passwords, email addresses, OTP,
your device details such as device identifier, internet bandwidth, mobile device
model, browser plug-ins, and cookies or similar technologies that may identify your
browser/ our application and plug-ins, and time spent, and IP address and other
security-related information that you use for our Sites in relation to our Services.
Service Usage and Transactional Information: For enabling you to make payments using our
Services, we may, upon your consent, collect, your financial information such as your bank
account or details mentioned on your credit cards or debit cards, or other payment instrument
details etc. that are required for a successful transaction. Further, for certain Services,
including our bill payment service, we require your bill payment account information such as
your account number, payment history, your account history with us etc. We also store
transaction details such as amount spent, merchant name, transaction ID, date and time of the
transaction, of your transactions. Further, we may also store information relating to your
income, employment and lifestyle levels.

Correspondence Information: We collect the content, information about your correspondence,
the destination/origin of communications between you and any other person using our
Services, which include email communications, blog, chat room and discussion board
communications, instant message communications, experts forum communications, facsimile
mail communications, membership of mailing lists etc.

Stored Information: We may collect any data or information relating to you which is either
created by you or by a third party while availing various ShopSe services, or data which you
wish to store on our servers such as usernames, image files, documents, etc. or which may be
required to display information to you through our Service.

One Time Password ('OTP'): OTP is a one-time password which is provided by your issuing
bank in order to carry out the second-factor authentication of your debit/credit card. If you
opt for our 'one tap' feature, you understand that we will be able to retrieve your OTP from
the message received on your mobile and populate and submit the OTP on the issuer's page
for second factor authentication of your debit/credit card.

Information from other sources: We collect information about your navigation using our
Services, for example, the URLs of websites from which you reach our Site, websites or
pages of merchants you visit using our Services. Further we may also collect certain
information from your sms sent by alphanumeric senders. We and our service providers or
business partners may also collect your Personal Information from third parties or
information made publicly available including but not limited to:

a) credit score, financial history and other information for the purpose of verifying and
authenticating a transaction request you place with us to prevent suspicious transactions, or to
comply with court judgements and orders, from credit reference and fraud prevention
agencies:

b) your demographic and photo information including but not limited to Aadhaar number,
address, gender, and date of birth as a response received from UIDAI upon successful
Aadhaar e-KYC/Offline KYC.

Information may be collected at various stages of your usage of the Sites such as:

 visiting our Sites
 registering on the Site as an “user” or “merchant” or any other relationship that may
be governed by terms and conditions listed on the Site
 transacting or attempting to transact on the Site
 accessing links, e-mails, chat conversations, feedbacks, notifications sent or owned by
ShopSe and if you opt to participate in our occasional surveys
 otherwise dealing with any of the ShopSe affiliates / entities / subsidiaries / associates.

Purpose and use of information

We understand the importance of your Information and ensure that it is used for the intended
purpose.

By accepting the terms of use you agree that we may use and store your Information, in
accordance with the applicable law, as long as you subscribe to or use our Services subject to
the limitations set out in this Privacy Policy.

We require the profiling information which includes details such as identity details, contact
details, usernames and passwords in order to manage our relationship with you, creation of
your account and verification of your identity and access privileges and provide Services
offered by us or services offered by merchants, third party service providers, our business
partners or our subsidiaries, affiliates, associates.

To conduct the KYC compliance process as a mandatory prerequisite as per the requirements
of various regulatory bodies, including UIDAI under the Aadhaar Act and its Regulations; to
validate, process and/or share your KYC information with other intermediaries, Regulated
Entities (REs) or financial institutions or with any other service providers as may be required;
to process payments on your behalf and on your instructions; communicate with you for your
queries, transactions, and/or any other regulatory requirement, etc.; to authenticate any
transaction processed through the Site;

To allow third parties to contact you for products and services availed/requested by you on
the Sites or third-party links

To carry credit checks, screenings or due diligence checks as lawfully required by us for
providing the Services or processing the loan/credit lines/EMI transactions; detect and protect
us against error, fraud, money laundering and other criminal activity;

To enforce our terms and conditions; to meet legal obligations

To resolve disputes; troubleshoot problems; technical support and fixing bugs; help promote
a safe service; to identify security breaches and attacks; investigating, preventing, and taking
action on illegal or suspected fraud or money laundering activities and conducting forensic

audits as part of internal or external audit or investigation by ShopSe or government agencies
located within India or outside the Indian jurisdiction

To improve our Services, we need to constantly update and alter our business and marketing
strategies for which we require the navigational and log information to determine and analyse
the merchants, markets, technology, operating systems, browsers, devices, locations from
which our Services are used most or used least. For example, such information and its
analysis will help us focus more on your needs by providing you a wider range of Services, or
developing updates for particular operating systems and mobile application versions, etc.
Further, the information collected helps us offer you other products, programs, or services
that we believe may be of interest to you. In addition, such information collected will help us
alert you in case of software compatibility issues.

We want to serve you better and therefore we require your correspondence information in
order to enable us to learn about the information and content of communications by you such
that we can deduce your feedback from such communications, analyse, endeavour to
improve, ask you for further feedback, reply.

The data collected by cookies helps us track, analyse and understand User trends so as to
enable us to understand lacunas (such as slow response time on our website page) and
improve your interactive experience of using our Services, our web design, features and
functionalities.

We will use your Information for marketing purposes. To inform you about online and offline
offers, products, services, and updates; customizing and improving your experience by
marketing, presenting advertising, and offering tailored products and offers

We access data or information stored by third parties in case required for providing you
uninterrupted and satisfactory Services or in case consented by you.
For enabling you to make quicker transactions and relieving you from the hassle of copying/
keying in the 6 digit OTP, we have developed advanced technologies which would
automatically retrieve the OTP and the mention the same in the relevant column of the
transaction page.

Combinations of the information collected as mentioned in this Privacy Policy such as
physical address, device information, email address when coupled with information which is
not Personal Information such as speed of typing, the maximum screen area usage, other
patterns and data help us detect and protect Users and ourselves against errors, fraud, or other
criminal activity.

Further, we may use the data and Information collected/ stored as mentioned above for
improving our services, improving user experience, risk checks, strengthening our security
checks, for analysis, for offering you new features in the existing services you are availing or
offering altogether new product/ service which may be relevant for you and such other
purposes. We collect and use some of your Information in an aggregated form to compile
statistical and demographical profiles for our business and marketing activities and to
customise our Services to you. It is clarified that the consolidated Information of all Users
which has been collected by us or provided to us, is the property of ShopSe and we may use
it, in whole or in part, at our sole discretion and without any compensation to you, for any

legitimate purpose and you hereby confirm that you have no objection to the aforesaid use of
your Information.

While we may also process your Personal Information for other legitimate business cases, we
ensure to take appropriate steps to minimize the processing to the extent possible, making it
less intrusive to your privacy.

Consent for Marketing and Analytics:
By using our services, you consent to the collection and use of your personal data for
marketing purposes, including receiving promotional communications and offers tailored to
your preferences. You also consent to the use of your data for analytics purposes, helping us
improve and personalize our services.

Transparency and Data Use:

We are committed to being transparent about how your data is used. Below is a list of the
tools and services we utilize:

a. Communication
• Webengage
• Infobip
• Whatsapp / Facebook
• Sendgrid
• Kapture CRM
• Ozonetel

b. Hosting
• AWS

c. Analytics
• Google Analytics

d. Payment partners / Banks / NBFCs
• Easebuzz
• Cashfree
• Lyra payment network
• NTT Data Payments system
• Lenders
• HDFC
• Kotak
• ICICI
• IDFC
• DMI
• Moneyview
• Karza technologies


Cookies or Similar Technologies:

We use data collection devices such as "cookies” or similar technologies on certain pages of
the Sites to help analyse our web page flow, measure promotional effectiveness, and promote
trust and safety. "Cookies" are small files placed on your device hard-drive/storage that assist
us in providing our services. Cookies do not contain any of your Personal Information. We
offer certain features that are only available through the use of a "cookie" or similar

technologies. If your web browser settings permit, cookies can be sent to your web browser
for recording information about your online preferences and allowing us to cater to your
interests in a better manner. You can set your browser to notify you when you are sent a
cookie, giving you the chance to decide whether or not to accept it. If you do accept a cookie,
you thereby agree to our use of information collected by us using that cookie. We also use
cookies to allow you to enter your password less frequently during a session. Most cookies
are "session cookies," meaning that they are automatically deleted from your device hard-
drive/storage at the end of a session. You are always free to decline/delete our cookies or
similar technologies if your browser/device permits, although in that case you may not be
able to use certain features on the Sites and you may be required to re-enter your password
more frequently during a session. Additionally, you may encounter "cookies" or other similar
technologies on certain pages of the Sites that are placed by third parties. We do not control
the use of cookies by third parties.

Sharing or Disclosure of Information

Your Personal Information is shared as allowed under applicable laws, after following due
diligence and in line with the purposes set out in this Policy.

We may share your Personal Information in the course of your transaction with different
categories of recipients such as business partners, service providers, merchants, affiliates,
associates, subsidiaries, legally recognized authorities, regulatory bodies, governmental
authorities, financial institutions, internal teams such as marketing, security, investigation
team, etc.

We do not disclose or share your Information with any third party until essential for
providing you Services; or for the below purposes in accordance with this Privacy Policy
Information security is critical to us and we will not share your Information with any other
third parties except, and only to the extent necessary.

Personal Information will be shared, as applicable, on need-to-know basis, for the following
purposes:
• for facilitating the services between you and the service provider, as requested
• for the Aadhaar authentication process by submitting Aadhaar information to Central
Identities Data Repository (CIDR) and National Securities Depository Limited (NSDL)d
• for complying with applicable laws as well as meeting the Know Your Customer
(KYC) requirements as mandated by various regulatory bodies, whose regulated
service/product you opt through our Services/Sites
• for completing a payment transaction initiated by you on a merchant site, where based
on your instructions, the merchant requests to fetch your Personal Information from us
• for the purpose of processing your financial product/service requests placed with us
and ensuring that these requests reach the relevant financial institution whose service/product
you have opted for
• if it is required by financial institutions to verify, mitigate, or prevent fraud or to
manage risk or recover funds in accordance with applicable laws/regulations
• enforce our Terms or Privacy Policy; respond to claims that an advertisement,
posting, or other content violates the rights of a third party; or protect the rights, property or
personal safety of our users or the general public
• for grievance redressal and resolution of disputes
• with the internal investigation department within ShopSe or agencies appointed by
ShopSe for investigation purposes located within or outside the Indian jurisdiction

You acknowledge and agree that in the interests of improving personalisation, for analysis,
for offering new features in the existing services you are availing, offering new products/

services which may be relevant for you and Service efficiency, we may, under controlled and
secure circumstances, share your Information with our subsidiaries, affiliates or associates.
We do not share, disclose or distribute any of your Information to any third party unless
required under an arrangement between ShopSe and the third party for product enhancement,
analysis, risk and security purposes, communication purpose, etc. For example, ShopSe may,
itself or through third parties, send you e-mails, SMS, such other means to communicate,
send reminders for payment, advertise its services, promote new products and activities or for
your invaluable feedback.

If, by usage of some functionalities of our Service, you receive Information about other
User(s), you agree to keep the same confidential and only use it in connection with the
Services, without disclosing the same to another user or third party.

In order to ensure that all our Users comply with the user rules, we may monitor your
Information to the extent that this may be required to determine compliance and/or to identify
instances of non-compliance.

We may disclose the Information pursuant to applicable laws, a directive or order of a
government entity or statutory authority or any judicial or regulatory authority or to law
enforcement agencies in any official investigation including but not limited to cyber
incidents, prosecution and punishment of offences. You agree that ShopSe has the right to
monitor and to disclose Information as may be necessary to satisfy any law, regulation or
other governmental request. We may transfer Your Information or other information
collected, stored, processed by ShopSe to any other entity or organization located in India or
outside India only in case it is necessary for providing Services to You in connection with
Application. We will cooperate with the appropriate law enforcement authorities in
investigating claims of illegal activity.

We will only disclose your Information in accordance with this Privacy Policy. If we want to
use it for any other purpose, we will obtain your consent.

If you decline to submit Information to us, then we will unfortunately not be in a position to
provide the Services to you.

If all or some of the business, stock or assets of ShopSe are acquired or merged with another
business entity or there is any amalgamation, demerger, reorganization, or corporate restricting
in any form, we will share all or some of your information with this entity to continue to provide
the Service to you.

ShopSe does not control the acts of its Users. All Users should be aware that, when they
disclose Information such as their name, e-mail address, etc. to third parties, the Information
may be collected and used by others to send unsolicited e-mail from other parties, who may or
may not be Users. In the event that you encounter any person improperly collecting or using
information about Users, please contact us by emailing at care@getshopse.com.

While the information is shared with third parties as per purposes set out in this Policy,
processing of your Personal Information is governed by their policies. ShopSe ensures stricter or
no less stringent privacy protection obligations are cast on these third-parties, wherever
applicable and to the extent possible. However, ShopSe may share Personal Information with
third-parties such as legally recognized authorities, regulatory bodies, governmental authorities,
and financial institutions as per purposes set out in this Policy or as per applicable laws. We do
not accept any responsibility or liability for usage of your Personal Information by these third
parties or their policies.

Storage and Retention

To the extent applicable, we store Personal Information within India and retain it in accordance
with applicable laws and for a period no longer than it is required for the purpose for which it was
collected.

However, we may retain Personal Information related to you if we believe it may be necessary
to prevent fraud or future abuse or if required by law such as in the event of the pendency of any
legal/regulatory proceeding or receipt of any legal and/or regulatory direction to that effect or
for other legitimate purposes.

We collect, store or retain the Personal Information in compliance with the applicable laws and
regulations. Some Personal Information (for e.g., Aadhar XML file) may be collected and
stored only for a short duration and some Personal Information(for e.g., Credit or debit card
numbers) may not be stored at our end, but directly transferred to third parties who are required
and authorised to use, store or transfer the Information.

Once the Personal Information has reached its retention period, it shall be deleted in
compliance with applicable laws.

The specific retention periods for different categories of data are as follows:
Personal Identifiable Information (PII), Bank account details, Employment Details:
Retained for 10 years to facilitate transactions, customer support, and marketing
communications. After the applicable retention period has expired, PII will be securely
deleted or anonymized according to our data destruction protocols.

Data Destruction Protocol
This policy outlines the principles and procedures for the retention and secure disposal of data in
compliance with applicable laws. ShopSe is committed to safeguarding sensitive information and
ensuring the secure destruction of data when it is no longer required.

a) No storage of sensitive authentication data i.e. CVV, CID, CAV2, CVV2, CVC2, PIN, PIN
block and Track data to be retained locally post authorization and under any circumstances except
for issuing services with documented business justification.

b) All transaction data will be stored for 8 years as prescribed by RBI and this will subject to
change depending on regulatory changes, legal and business compliance from time to time.

c) Data is disposed as soon as the specified retention period completes it retention period.

d) If sensitive authentication data (CVV, PIN, magnetic stripe data, track data etc.) is being
received, then the data is not stored and is deleted in a secure manner which makes the data
unrecoverable.

e) The ShopSe Team is responsible for the retention and secure disposal of storage media. A log is
maintained showing what media were disposed of, and when. As required, the asset inventory is
adjusted once the asset has been disposed of.


Incident Management Policy
ShopSe will prioritize complying with all relevant legal and regulatory requirements for incident
notification. In case of a major security breach, the specific authorities, partner banks will be
notified within 6 hours following the confirmation of the incident. The nature of the incident w ill
also be considered. For example, data breaches involving personal information might require
notification to Legal and Regulatory authorities.


Security of Information

ShopSe is an ISO 27001 and PCI DSS certified entity. We work to protect the security of your
information during transmission by using appropriate software, which encrypts information you
input. This encrypted information is stored on secure systems/computers. Further, the database is
stored on servers secured behind a firewall and we ensure that the number of employees
involved in the management of the data centre who have physical

access to these computers is limited. Also, we use advanced security technology to prevent
our computers from being accessed by unauthorized persons.

We have also implemented information security practices and standards and have in place
information security programmes and policies containing managerial, technical, operational
and physical security measures that are in compliance with the Indian laws including Aadhar
Regulations, so as to protect the Information provided to us from unauthorized access, use,
modification, damage, disclosure or impairment.

No data transmission over the internet is fully secure, so we cannot ensure or warrant the
security of any information you submit to us. Further, we do not guarantee in any way, the
security of any Information that you transmit or share on the Site; and you do so at your own
risk.

If any security breach comes to our knowledge, then we may take all steps required to protect
misuse of such Information and may attempt to notify you electronically so that you can take
appropriate protective steps.

Any of your information which you provide when you use our Services to an open, public
environment or forum including (without limitation) any blog, chat room, community,
classifieds or discussion board, (a) will not be considered confidential, (b) will not be
considered as Information, and (c) is not subject to protection under this Privacy Policy.
Since such public environments are accessible by third parties, it is possible that third parties
may collect or use such information for their own purposes. You should accordingly be
careful when deciding to share any of your Information in such public environments. Please
note that we are not liable to you or any third party for any damages that you or any third
party may suffer on account of your disclosure of Information in any public environment.

Further, you are responsible for maintaining the confidentiality and security of your login id
and password. Please do not share your login, password, and OTP details with anybody. It
shall be your responsibility to intimate us in case of any actual or suspected compromise to
your Personal Information.
Third-Party Products, Services, or Websites

When you are availing products and services of service providers on the Site, Personal
Information may be collected by respective service providers and such Personal Information
shall be governed by their privacy policy. You may refer to their privacy policy and terms of
service to understand how your Personal Information will be handled by such service
providers.

Our services may include links to other websites or applications when you visit our Site. Such
websites or applications are governed by their respective privacy policies, which are beyond
our control. Once you leave our servers (you can tell where you are by checking the URL in
the location bar on your browser or on the m-site you are redirected to), use of any Personal
Information that you provide on these websites or applications is governed by the privacy
policy of the operator of the application/website, you are visiting. That policy may differ
from ours and you are requested to review those policies or seek access to the policies from
the domain owner before proceeding to use those applications or websites. We do not accept

any responsibility or liability for usage of your Personal Information by these third parties or
their policies.
Your Consent

We process your Personal Information with consent. By using the ShopSe Site or services
and/or by providing your Personal Information, you consent to the processing of your
Personal Information by ShopSe in accordance with this Privacy Policy. If you disclose to us
any Personal Information relating to other people, you represent that you have the authority
to do so and permit us to use the information in accordance with this Privacy Policy.

Changes to the information

If you are a User and would like to view the information we have collected from you or you
want to correct your information or details, please send us your request by email on the
care@getshopse.com


Choice/Opt Out
The User can at any time while availing the services or otherwise, withdraw his/her consent
given previously to ShopSe for collecting, receiving, possessing, storing, dealing or handling
Information of the User or ask for deletion of Personal Information or User account, by
sending us your request by email on care@getshopse.com. In such case, ShopSe will
unfortunately not be in a position to provide the Services to you. However, ShopSe will be
able to retain such Information for the time period in accordance with the applicable laws.

We provide all users with the opportunity to opt-out of receiving non-essential (promotional,
marketing-related) communications from us, after setting up an account. If you want to
remove your contact information from all our lists and newsletters, please click on the
unsubscribe button on the emailers or write to us at care@getshopse.com.
For the above requests, ShopSe may need to request specific information from you to confirm
your identity and ensure authentication. This is a security measure to ensure that Personal
Information is not disclosed to any person who does not have a right to receive it or is not
incorrectly modified or deleted.

In cases where you need any further information specific to the product/ services that you are
availing, we request you to read through the Terms and Conditions specific to the
product/service which is easily accessible through the Sites. For seeking any further
information on the same, you can write to us at the details mentioned in the ‘Contacting
ShopSe’ section of this Policy.

Children Information

We do not knowingly solicit or collect Personal Information from children under the age of
18 and use of our Sites is available only to persons who can form a legally binding contract
under the Indian Contract Act, 1872. If you are under the age of 18 years then you must use

the Sites or services under the supervision of your parent, legal guardian, or any responsible
adult.

Changes to the Privacy Policy

ShopSe reserves the right to change, modify, add, or remove portions of this Privacy Policy at
any time for any reason. In case, any changes are made in the Privacy Policy, ShopSe shall
update the same on the website. Users should periodically review this page for the latest
information on our privacy practices. Once posted, those changes are effect ive immediately,
unless stated otherwise. Continued access or use of the Services constitutes your acceptance
of the changes and the amended Privacy Policy. However, if you do not agree with the
changes, please do not continue to use the Services, or submit Information to us.

Contacting ShopSe

If you have any questions, queries, concerns or feedbacks about this privacy policy, the
processing of your Personal Information or our privacy related practices, please feel free to
email us at care@getshopse.com. We are committed to resolve your queries within the
reasonable time limit. Any delay in the resolution time shall be proactively communicated to
you. Details of our Grievance/Nodal Officer is included in our Grievance Policy available on
the Site.