Introduction
In our mission to make mobile commerce better for everyone at GetPY, we collect and use information about you, who are using GetPY applications and solutions to power your business This Privacy Policy will help you better understand how we collect, use, and share your personal information. If we change our privacy practices, we may update this privacy policy. If any changes are significant, we will let you know.
Our values
Trust is the foundation of the GetPY platform and includes trusting us to do the right thing with your information. Three main values guide us as we develop our products and services. These values should help you better understand how we think about your information and privacy.
Your information belongs to you
We carefully analyze what types of information we need to provide our services, and we try to limit the information we collect to only what we really need. Where possible, we delete or anonymize this information when we no longer need it. When building and improving our products, our engineers work with security and privacy on priority. In all of this work our guiding principle is that your information belongs to you, and we aim to only use your information to your benefit.
We protect your information from others
If a third party requests your personal information, we will refuse to share it unless you give us permission or we are legally required. When we are legally required to share your personal information, we will tell you in advance, unless we are legally forbidden.
We help merchants and partners meet their privacy obligations
Many of the merchants and partners using GetPY apps and solutions do not have the benefit of a privacy team, and it is important to us to help them meet their privacy obligations. To do this, we try to build our products and services so they can easily be used in a privacy-friendly way. We also provide detailed FAQs, documentation and whitepapers covering the most important privacy topics, and respond to privacy-related questions we receive.
Your rights over your information
We believe you should be able to access and control your personal information no matter where you live. Depending on how you use GetPY, you may have the right to request access to, correct, amend, delete, port to another service provider, restrict, or object to certain uses of your personal information (for example, direct marketing). We will not charge you more or provide you with a different level of service if you exercise any of these rights.
If you buy something from a GetPY-powered store and wish to exercise these rights over information about your purchase, you need to directly contact the merchant you interacted with. We are only a processor on their behalf, and cannot decide how to process their information. As such, we can only forward your request to them to allow them to respond. We will of course help our merchants to fulfil these requests by giving them the tools to do so and by answering their questions.
Please note that if you send us a request relating to your personal information, we have to make sure that it is you before we can respond. In order to do so, we may ask to see documentation verifying your identity, which we will discard after verification.
If you would like to designate an authorized agent to exercise your rights for you, please email us from the email address we have on file for you. If you email us from a different email address, we cannot determine if the request is coming from you and will not be able to accommodate your request. In your email, please include the name and email address of your authorized agent.
If you are not happy with our response to a request, you can contact us to resolve the issue. You also have the right to contact your local data protection or privacy authority at any time.
How we protect your information
Our teams work tirelessly to protect your information, and to ensure the security and integrity of our platform. We also have independent auditors assess the security of our data storage and systems that process financial information. However, we all know that no method of transmission over the Internet, and method of electronic storage, can be 100% secure. This means we cannot guarantee the absolute security of your personal information. You can find more information about our security measures at << Link to data protection and privacy policy>>
Privacy for Merchants
For merchants using GetPY to power their stores
Introduction
If you are a merchant using GetPY to power your business, we collect and use your personal information to provide you with our platform and its services, and generally to help you better manage your business and your relationship with your customers.
What information we collect about you and why
We collect personal information when you sign up for GetPY, when you use our app, or when you otherwise provide us information. In general we need this information for you to be able to use our platform.
| What we collect | How we use it |
|---|---|
Information you provide us about you and your business, like your name, company name, address, email address, and phone number.
Payment information you provide us, such as your credit or debit card number or your bank account number.
Information about how you access GetPY app branded for you, your account, and our platform, including information about the device and browser you use, your network connection, your IP address, and details about how you browse our websites and platform. We collect some of this information by using “cookies” or other similar technologies directly from your device. For more information about how we use these technologies, see our Cookie Policy.
- To provide you with the use of our platform and other related services (e.g., to confirm your identity, to contact you about issues with the platform, to invoice you)
- To advertise and market products or features to you
- To charge for our services
- To complete your transactions
- To provide you use of, and to improve, our platform and other related services (e.g., identifying ways to make our platform easier to use or navigate)
- To personalize the platform for you
- To advertise and market products or features to you
- Your rights over your information
We believe that you should be able to access and control your own personal information no matter where you live. You can access and correct a lot of your personal information directly through the GetPY admin. For information you are not able to access or correct directly within the GetPY admin, please email us at contactus@GetPY.com.
Finally, we do not and will not “sell” your personal information.
Your customers’ information
In order to power your business, we collect and use personal information about your customers. In general, we only collect and use this personal information as directed by you, and as further described in our Data Protection and Privacy Policy. We will never use your customers’ information to independently market or advertise to your customers unless they are also using one of our applications or services directly. We also do not and will not “sell” your customers’ information.
Because you decide how the personal information of your customers will be used, you need to make sure your customers understand how you (and how we on your behalf) collect and process their personal information. You should do this by, at a minimum, posting a privacy policy on your store that describes the information you collect, how you use it, and who you share it with.
Data Protection and Privacy Policy
This Data Privacy Policy (Policy) outlines how GetPY (GetPY Analytics Pvt Ltd – referred to as GetPY hereafter) and its affiliated entities collects, processes and uses personal information in compliance with applicable laws and regulations. Personal data is any information concerning a specific or definable natural person. GetPY respects the personal data entrusted to us by our clients, vendors, suppliers, contractors, and employees and are committed to ensuring its security through fair and transparent practices.
Privacy Principles
GetPY performs the roles of a data controller and data processor during the course of business. As a data controller, we determine the purpose and manner in which personal data is processed. As a data processor, we process personal information on behalf of another group company or a third party.
GetPY informs individuals of the purpose for which it collects, processes, stores and/or discloses their information through a notice. At the bare minimum, the notice includes:
- The type of personal data collected;
- The purpose for which it is collected;
- The legal requirement to collect this personal data (if applicable);
The notice is drafted in simple and clear language in a format that is consistent across the organization. The document also contains the geographic area, office locations, jurisdiction and name of the GetPY entity that issues the notice.
- How the personal data will be used or processed;
- How individuals can access their personal data and amend it for accuracy;
- An explanation of third party involvement in processing personal data (if applicable);
- The consequences / impact, if any, for not providing the requested personal data; and; · An option for individuals to indicate a preferred means of contact.
Choice and Consent
Where required by law, GetPY obtains consent from individuals to collect, use, retain or disclose their personal data. Individuals are given the choice to opt-in or opt-out of this procedure. If applicable, we inform individuals of the consequences for failing to consent or provide their personal data and the process to alter their consent decisions. GetPY verifies that the use of personal data is consistent with the consent obtained. If personal data will be used for a purpose other than that originally disclosed to the individual, we acquire additional consent.
Collection
GetPY collects personal data in a fair, transparent, and lawful manner. As such, we adhere to the following guidelines:
- Collect the minimum personal data required to support a GetPY business activity or as mandated by law;
- Collect personal data in a fair and non-deceptive manner;
- Collect personal data directly from the individual, when possible;
- Where required by local law, obtain explicit consent from individuals, prior to the collection of sensitive personal information (e.g. race, ethnic origin, health details, sexual orientation etc.); and
- Verify that personal data collected from third parties is reliable and legally obtained.
Furthermore, GetPY monitors the involvement of third parties during collection and conducts due diligence to ensure their compliance with our Policy.
Data Privacy Policy Use, Retention and Disposal
All personal data collected by GetPY is used expressly for legitimate business activities and for purposes consented to by the individual. GetPY only uses personal data in strict adherence to contractual, regulatory and applicable laws. Retention GetPY does not retain personal data any longer than is absolutely necessary. The retention period for personal data is determined by:
- The purpose of the data collected,
- The fulfilment of that purpose, and
- Mandatory adherence to local, state and national regulations.
As part of our retention practices, GetPY documents and tracks:
- Retention periods, as mandated by any contractual and/or regulatory requirements;
- The mode of storage, archival and back up of personal data collected; and
- Approval-based disposal procedures (e.g. destruction and redaction) and exceptions to these procedures.
Disposal, Destruction and Redaction of Personal Data
GetPY’s Data Retention and Disposal Policy require managerial approval for the disposal, destruction and deletion of any personal data. Our disposal, destruction and redaction procedures prevent the recovery, theft, misuse or unauthorized access of personal data.
Access
All individuals are given access to review, update or correct their personal data. The mode of access to this information is clearly communicated to the individual within an appropriate timeframe. Where required by law, GetPY will respond to requests from individuals to provide them with information relating to the personal data, we hold about them. Furthermore, GetPY authenticates individuals before granting access to personal data. Access to personal data may be denied if an unreasonable request is made, subject to local laws. If access is denied, GetPY provides the reason and a point of contact for further inquiry to the individual.
Data Privacy Policy Disclosure to Third Parties
GetPY may disclose personal data to third parties as a part of normal business operations. Such third parties must enter into a written contract with us containing appropriate privacy clauses. Third parties are mandated to handle all personal data in accordance with the following:
- Third parties must ensure equal care and adequate levels of protection; and
- Appropriate security measures must be implemented to safeguard the personal data; and
- The personal data must only be processed in accordance with GetPY’s instructions.
GetPY will ensure that international transfers of personal data are afforded with an adequate level of protection, as required by local law.
Protection of Personal Data in the Possession of Third Parties
GetPY conducts appropriate due diligence checks prior to and during the selection of third parties who process personal data on behalf of GetPY. GetPY requires third parties to strictly adhere to contractual terms and guidelines on data protection to the extent such third parties have access to or are otherwise processing personal data on behalf of GetPY. Furthermore, GetPY retains the audit rights to monitor and supervise all GetPY provided personal data that is processed or handled during the performance of services by a third party contractor. Finally, GetPY maintains a well-defined mitigation and remediation plan in the event that any harm may result due to third party misusing or improperly processing such GetPY provided personal data in violation of contractual and statutory obligations.
security
GetPY has implemented physical, administrative and technical security measures across the organization which is designed to prevent data loss, unauthorized access to personal data and misuse, disclosure, alteration, damage or destruction of personal data. We fully understand that the personal data collected from individuals is under our guardianship. Therefore, we train our employees on the privacy policy as well as information security procedures regarding the appropriate access, use, and disclosure of personal data. GetPY also conducts periodic risk assessments on our processes, information systems and third parties, including audits of third party facilities and information systems. GetPY has in place an incident response plan with trained personnel to respond to, investigate and mitigate the impact of any incident. GetPY also maintains adequate plans for business continuity management, as well as disaster recovery processes for testing databases, servers, information systems and processes that handle personal data.
Data Privacy Policy – Quality
GetPY informs individuals that they have a responsibility to provide accurate, complete and relevant information in order to maintain the quality and integrity of all personal data. Individuals may contact our designated personnel for any updates or corrections. Individuals may verify and challenge the accuracy and completeness of their personal data and have it amended or deleted if appropriate. Additionally, GetPY has a system in place to record the date, edits, validation and verification of all personal data collected, maintained and updated.
Compliance and Reporting
GetPY is committed to monitoring and enforcing compliance with this Policy and with applicable privacy laws, regulations and obligations. We have documented procedures for:
- Addressing and resolving any data privacy grievance;
- Implementing a remediation process for any data privacy breach; and
- Identifying a third-party arbitrator for dispute resolution, if necessary. In addition, employees, customers and third parties are welcome to submit questions, concerns or complaints about GetPY’s privacy practices to our compliance helpline by writing to us at: contactus@GetPY.
Any potential or actual violation of this Policy is immediately reported to our Chief Compliance Officer.
Compliance Review
GetPY conducts regular audits of our compliance with applicable privacy policies, procedures, laws, regulations, contracts and standards. During compliance review, we:
- Document the processes for resolution of issues and vulnerabilities, as well as corrective action plans;
- Record the results of compliance reviews and regularly submit material findings to the Audit Committee of our Board of Directors; and
- Follow up on recommendations for improvement/remediation plans based on the results of the compliance review.
All GetPY directors, officers, employees, agents and contractors are expected to fully comply with this Policy. Violations of this Policy are investigated, and failure to comply with this Policy may result in disciplinary action up to and including termination of employment or contract.
Version: 2.0 Effective Date: January 01, 2020, Last Revised Date: August 1st, 2020
