XPaydite
Home
FAQ
Contact Us
Careers
XPaydite
Home
FAQ
Contact Us
Careers
More
  • Home
  • FAQ
  • Contact Us
  • Careers
  • Home
  • FAQ
  • Contact Us
  • Careers

XPaydite Policies

Privacy Policy

Last Modified: Dec 14, 2023


The  purpose of this Privacy Policy is to describe the process on how we  collect, use, store/dispose, and process your Personal Data (provided by  you or by third parties), when you use our websites, in connection with  the use of our services and/or when we facilitate the processing of  your payment and sale of products on other platforms or websites  operated by our clients. While we may collect various data points, we  are governed by the provisions of applicable laws in various countries  and territories where we provide services to you. 


XPaydite’s responsibilities

XPaydite  asks for data only for supporting the purchase as required by  regulations/downstream partners; however, under certain jurisdictions,  XPaydite may decide on the data required while acting as data controller  or data fiduciary. In such scenario, we will share relevant information  with you in line with the regulations applicable in the particular  jurisdiction. XPaydite as a service provider 

  • Processes the data provided by the customer to support the purchase made on Merchant website
  • Has to comply with legal obligations, for example under financial  legislation and Anti-Money Laundering (AML)/Combating the Financing of  Terrorism (CFT) statutory frameworks; and
  • Has drawn up its own general terms and conditions that are directly applicable to the customer and the consumer.


What Information we collect

We  may collect following information from you, as you have disclosed to  us. It also depends on your particular interaction with our website  and/or our services.

  1. Personal data including name, address, date of birth, Tax ID (SSN,  PAN etc.), photograph, KYC documents’ details (passport, driving  license, aadhaar, voter ID, etc.), contact number, email, and/or other  details required for availing various product/services from us.
  2. Organization details including registration number (EIN, CIN,  etc.) nature of business, registration certificate, shop &  establishment certificate, Tax ID (EIN, TIN, PAN, etc.) shareholding  pattern, beneficial owner details and their KYC including photograph,  directors, internal policies or any other document & information  necessary to onboard as merchant and for providing various services.
  3. Financial details covering income, expense, credit history, bank  account details, credit card details (as permissible under PCI DSS).
  4. Occupation details including office address, nature of job, designation, etc. 
  5. Call recordings in case of interaction with customer service agent or email communications made to & from the Company.
  6. Your interaction with our websites besides your feedback, we will  also collect IP address, Geo location, internet browser, device type,  use of our website, and any other information provided by you during  such interaction. 
  7. Personal data received from various public sources and third  parties necessary to perform background and fraud prevention checks  besides ID checks related due diligence.


XP is not liable for the accuracy  of the personal information provided by you. In addition, XP or its  Partners or third-party service providers may collect information about  criminal records and offences in line with our fraud prevention  practices. 


Information  is collected directly from you by asking you to share personal details  along with KYC documents to us and third party service providers engaged  by XP for providing identity verification and preventing fraudulent  activities.


Information  is collected when you apply for or use any of our services through our  website or any other partner website hosting our services. 


Information  sources include banking references, credit reporting agencies, and third  parties service providers engaged by us for KYC, for risk assessment  purposes including fraud prevention. If you are representative of a  service provider or have registered for any event organized by us or  applied for any career opportunity with us or other interactions in  general. 


Information  collected by us, is directly or indirectly for the purpose of providing  our services. In case you choose not to share the information required  by us, we may not be able to provide the services or engage with you for  any business relationship and will notify you of our decision.

It must be noted that XPaydite does not collect sensitive personal data given below (ref: https://commission.europa.eu/index_en) and we request you to not provide any such information.

  • Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs;
  • Trade-union membership;
  • Genetic data, biometric data processed solely to identify a human being;
  • Health-related data;
  • Data concerning a person’s sex life or sexual orientation. 


Why we collect information

We  collect information including personal data for a variety of reasons  but primarily for the purpose of providing Services such payment  facilitation, sale of products, processing, collection and/or local tax  filings and related activities to our Merchants. While most of the buyer  information is passed on to us by the Merchant at the time of  onboarding, due diligence, payment transaction or sale of a product;  there can be some information that Merchant may not need but is required  by us or our partners. Such information is collected by us usually at  the time of transaction or post facto if we need it to process the  transaction, charge back, regulatory reporting. Information collection  objectives are listed below for your reference. Examples given against  some points are not representative of the approach but only for  illustrative purposes. 

  • To confirm bona fide transaction before we process the payment,  e.g. university invoice, Airway bill, purchase invoice from the  Merchant 
  • Regulatory guidelines require information on both buyer and  seller, hence, information necessary to identify an individual or  company has to be collected, e.g. Country Identification (Passport, PAN,  Tax ID), full name, address etc.
  • Risk based assessment approach followed by us ensures customer  shares minimum information required and we only collect additional or  specific information if and when required, e.g. name, DOB, Tax ID etc.
  • Share with Partner Banks, Payment partners or suppliers that  require information to enable us to provide the services including  conducting due diligence, KYC checks and process funds remittances. Such  information may also be utilized by them for meeting their own  regulatory obligations or risk assessment, e.g. name, address, national  IDs, payment details, Tax ID, PAN, etc.
  • Fraud prevention and mitigation to safeguard Merchant and their  Customers/your information and interests requires thorough analysis of  data based on which preventive controls are developed. Information being  used for this purpose can be shared only on request and in limited  capacity to avoid fraudsters from taking undue advantage. Please write  to dpo@xpaydite.com for any questions on this.  
  • For marketing campaigns, we may collect some information; however,  this will include information necessary to reach you, e.g. email and  mobile number.  


Consent

XPaydite  does not collect data without offering a choice to an Individual if  he/she agrees to sharing his/her data. XPaydite may receive data from  Merchants who are required to inform individuals regarding the data  collected and its purpose before taking their consent. XPaydite will not  be responsible if a Merchant is sharing data with us without taking  consent from the data subject / principal. If data is voluntarily  provided, then it will be deemed as implicit consent for data sharing to  use the data to serve you for our intended purposes listed on our  website.

It  must be noted that data collected by XPaydite is critical for providing  services. Should you choose to not give consent for your personal data,  we may not be able to serve you. 


When do we collect information

XPaydite  collects most of the information through Merchants. Personal data of  customers is also provided by Merchants in order to enable sale of  products and payment processing.

XPaydite  may also collect data at the time of transaction or post facto  depending upon the situation. Information will be shared with the  merchant or if required with the customer directly regarding the  information to be collected.


Sharing of information

Information  collected has to be shared with various parties either for enabling XP  to provide necessary services while ensuring fraud prevention or under  any regulatory obligation / order / requirements / guidelines.  Information is shared with the following as required:

  • XP employees and its subsidiaries
  • With banks, financial institutions for providing the services and risk assessment
  • Advisors providing legal/tax related services
  • Regulator or other govt agencies or legal bodies to comply with a court order or other notices
  • Auditors solely for the purpose of conducting audits
  • Third party service providers for KYC and other verification services
  • With industry bodies & other companies for fraud prevention or other such services
  • Reports to Regulator(s) in line with regulations applicable in India or USA or other territories in relation to our services. 
  • With marketing service providers (only information necessary for the campaign)
  • With service providers engaged for building AI algorithm to improvise our services 

XP services include global  transactions and hence, data may be shared with XP affiliates located  outside the Country of a customer. Country of a customer refers to the  country as per proof of address given by Customer and from where the  transaction is being initiated. Appropriate measures are implemented as  per local laws to safeguard the data. 

Information  shared internally or externally is shared on the principle of ‘need to  know’. Information relevant for one party and may not be required by  others, for example, a bank may need KYC identifiers while a marketing  company may only need name and email for a campaign and hence, only  relevant information shared with each party including XP employees.


Secured Storage

XP  uses a secured storage approach for storing all information. For  storage purpose either secured servers are used or secured cloud  services from a reputed third party are used. As Internet is not a  secured medium and transmission of information over internet has its own  security challenges, hence, we cannot ensure security of your data  transmission to our servers. XP will not be liable for unauthorized  access or loss of data beyond its control. Data or information once  received by XP will be protected by deploying strict procedures and  security features to prevent any unauthorized access.


By  using our Service(s), you are agreeing to have your personal  information transferred to and hosted in the USA and other countries as  required to provide Services.


Data retention

XP  will retain data as long as required to provide you our services. We  may destroy data which is no longer required and does not have any legal  purpose, provided there is no regulatory obligation to store the data  for a longer period. Minimum data retention period followed by XP will  be 5 years from the date of termination of our services to you. A higher  period may also be applicable depending on the regulations applicable  in the country where data is stored. It must be kept in mind that  location of servers where data is stored is as per the local laws of the  Country of customer and/or USA as necessary for providing the services  basis consent sought through acceptance of this document/terms.


User Rights

You  can contact us to update your information in case you are an XP  customer. If you receive any email with offers, you can request to  unsubscribe or send an email to us by using the “Contact Us’ page on the  website. You also have the following rights

  • Request a copy of your personal data stored with us
  • Withdraw consent on processing of your data for specific scenarios like marketing campaigns
  • Request deletion of your data stored by us. Deletion may be  subject to local regulatory requirements which may prohibit deletion of  all data to comply with local laws
  • Request rectification of your data under our control
  • Request restricted use of data which can be in case of a legal dispute
  • Lodge a complaint with a supervisory authority

On receipt of request from you, we  will respond to all requests within a month depending on the complexity  of the request. There are certain requests which XPaydite will not be  able to execute owing to regulatory obligations. For example, data  pertaining to a transaction has to be retained upto a minimum period as  defined under local regulations and hence, your data deletion request  will have to be declined. Similarly, if an individual’s personal data  has been provided as part of Merchant onboarding, then it cannot be  deleted till the time, XPaydite is required to preserve the records post  close of relationship with the Merchant. In case, we are not able to  honor your request, we will provide you with the reason for such  denial. 


For CALIFORNIA residents only


The California Consumer Privacy Act of 2018 (CCPA) gives  consumers more control over the personal information that businesses  collect about them and the CCPA regulations provide guidance on how to  implement the law. This landmark law secures new privacy rights for  California consumers, including:

  • The right to know about the personal information a business collects about them and how it is used and shared;
  • The right to delete personal information collected from customers (with some exceptions);
  • The right to opt-out of the sale or sharing of their personal information; and
  • The right to non-discrimination for exercising their CCPA rights.


In  November of 2020, California voters approved Proposition 24, the CPRA,  which amended the CCPA and added new additional privacy protections that  began on January 1, 2023. As of January 1, 2023, consumers have new  rights in addition to those above, such as:

  • The right to correct inaccurate personal information that a business has about them; and
  • The right to limit the use and disclosure of sensitive personal information collected about them.


If  you are a California resident, you may ask businesses to disclose what  personal information they have about you and what they do with that  information, to delete your personal information, to direct businesses  not to sell or share your personal information, to correct inaccurate  information that they have about you, and to limit businesses’ use and  disclosure of your sensitive personal information:

  • Right to know: You can request that a business disclose to you:  (1) the categories and/or specific pieces of personal information they  have collected about you, (2) the categories of sources for that  personal information, (3) the purposes for which the business uses that  information, (4) the categories of third parties with whom the business  discloses the information, and (5) the categories of information that  the business sells or discloses to third parties. You can make a request  to know up to twice a year, free of charge.
  • Right to delete: You can request that businesses delete personal  information they collected from you and tell their service providers to  do the same, subject to certain exceptions (such as if the business is  legally required to keep the information).
  • Right to opt-out of sale or sharing: You may request that  businesses stop selling or sharing your personal information  (“opt-out”), including via a user-enabled global privacy control.  Businesses cannot sell or share your personal information after they  receive your opt-out request unless you later authorize them to do so  again.
  • Right to correct: You may ask businesses to correct inaccurate information that they have about you.
  • Right to limit use and disclosure of sensitive personal  information: You can direct businesses to only use your sensitive  personal information (for example, your social security number,  financial account information, your precise geolocation data, or your  genetic data) for limited purposes, such as providing you with the  services you requested.


You  also have the right to be notified, before or at the point businesses  collect your personal information, of the types of personal information  they are collecting and what they may do with that information.  Generally, businesses cannot discriminate against you for exercising  your rights under the CCPA. Businesses cannot make you waive these  rights, and any contract provision that says you waive these rights is  unenforceable.


What is Personal and Sensitive information under CCPA

Personal information is  information that identifies, relates to, or could reasonably be linked  with you or your household. For example, it could include your name,  social security number, email address, records of products purchased,  internet browsing history, geolocation data, fingerprints, and  inferences from other personal information that could create a profile  about your preferences and characteristics.


Sensitive personal information is a specific subset of personal information that includes certain  government identifiers (such as social security numbers); an account  log-in, financial account, debit card, or credit card number with any  required security code, password, or credentials allowing access to an  account; precise geolocation; contents of mail, email, and text  messages; genetic data; biometric information processed to identify a  consumer; information concerning a consumer’s health, sex life, or  sexual orientation; or information about racial or ethnic origin,  religious or philosophical beliefs, or union membership. Consumers have  the right to also limit a business’s use and disclosure of their  sensitive personal information.


Violation of CCPA

You  cannot sue businesses for most CCPA violations. You can only sue a  business under the CCPA if there is a data breach, and even then, only  under limited circumstances. You can sue a business if your nonencrypted  and nonredacted personal information was stolen in a data breach as a  result of the business’s failure to maintain reasonable security  procedures and practices to protect it. If this happens, you can sue for  the amount of monetary damages you actually suffered from the breach or  “statutory damages” of up to $750 per incident. Before suing, you must  give the business written notice of which CCPA sections it violated and  allow 30 days to respond in writing that it has cured the violations and  that no further violations will occur. If the business is able to  actually cure the violation and gives you its written statement that it  has done so, you cannot sue the business, unless it continues to violate  the CCPA contrary to its statement.


For  all other violations of the CCPA, only the Attorney General or the  California Privacy Protection Agency may take legal action against  non-compliant entities. The Attorney General does not represent  individual California consumers. Using consumer complaints and other  information, the Attorney General may identify patterns of misconduct  that may lead to investigations and actions on behalf of the collective  legal interests of the people of California. If you believe a business  has violated the CCPA, you may file a consumer complaint with the Office  of the Attorney General. If you choose to file a complaint with our  office, explain exactly how the business violated the CCPA, and describe  when and how the violation occurred. Please note that the Attorney  General cannot represent you or give you legal advice on how to resolve  your individual complaint. Starting on July 1, 2023, you also will be  able to file complaints with the California Privacy Protection Agency  for violations of the CCPA, as amended, occurring on or after that date.


You  can only sue businesses under the CCPA if certain conditions are met.  The type of personal information that must have been stolen is your  first name (or first initial) and last name in combination with any of  the following:

  • Your social security number
  • Your driver’s license number, tax identification number, passport  number, military identification number, or other unique identification  number issued on a government document commonly used to identify a  person's identity
  • Your financial account number, credit card number, or debit card  number if combined with any required security code, access code, or  password that would allow someone access to your account
  • Your medical or health insurance information
  • Your fingerprint, retina or iris image, or other unique biometric  data used to identify a person's identity (but not including photographs  unless used or stored for facial recognition purposes)


This personal information must  have been stolen in nonencrypted and nonredacted form. In addition, the  personal information must have been stolen in a data breach as a result  of the business’s failure to maintain reasonable security procedures and  practices to protect it. If this happens, you can sue for the amount of  monetary damages you actually suffered from the breach or “statutory  damages” of up to $750 per incident. Before suing, you must give the  business written notice of which CCPA sections it violated and allow 30  days to respond in writing that it has cured the violations and that no  further violations will occur. If the business is able to actually cure  the violation and gives you its written statement that it has done so,  you cannot sue the business, unless it continues to violate the CCPA  contrary to its statement.


At  XP, we take reasonable measures to protect your personal information.  We do not sell or share personal information in our possession, as such  terms are defined under CCPA provisions. We will not disclose your  personal information to our service providers unless necessary or as  instructed by you from time to time for the purpose of providing our  services or for complying with local regulations.


XP  recommends customers (California Residents) to take seek legal advice  from experts for further guidance on CCPA. We will ensure compliance  against all provisions of CCPA regulations. Details pertaining to CCPA  provisions can be viewed at:

https://oag.ca.gov/privacy/ccpa#:~:text=In%20November%20of%202020%2C%20California,began%20on%20January%201%2C%202023


Changes to this Policy

This  Policy may be updated from time to time. Changes will be effective from  the date when updated policy is posted on our website. We suggest you  review this policy whenever visiting our Website. 

Cookies Policy

XPaydite Inc. and its subsidiaries (XP, we, us, our) use cookies to collect data for analysis and make the site more useful to you. Cookies help us to create a better browsing experience for you.


What are cookies?

Cookies are small text files automatically downloaded on your device including mobile device, when you visit our website. These are stored in your web browser and may contain basic information about your internet use. Your internet browser will send these cookies back to our website whenever you revisit it so that we can provide a better browsing experience.


Managing cookies

You have the right to allow or deny us using any cookie during your visit, by giving your preferences whenever you visit our website. You can also disable XP cookies through your browser; however, some features of our website may not work as intended if cookies are disabled. 


What type of cookies are used by XP?


Essential cookies: These are vital to the basic performance of our website and/or other products as these cover critical authentication and validation including fraud prevention. These help you access and move around our site and use all its features. Given their critical nature, you will not be able to deny us using these cookies should you continue to browse or use our website after accessing it.


Functionality cookies:These cookies are used to remember you when you return to our Website. These help us to provide personalization of content, recognizing users, and remember your preferences like choice of language or region. These cookies cannot track your browsing activity on other websites. They may be set by us or by third party providers whose services we have added to our pages. If you disable these cookies, then some services may not function properly.


Analytics cookies: We use Google analytics cookies. Google Analytics uses a set of cookies to collect information and report site usage statistics without personally identifying individual visitors to Google. These cookies help us understand which sections of our website are visited by you and for how long and if there is any error. We use these cookies to test our website features and monitor how our visitors reach our sites. These cookies allow us to identify areas that need attention to help improve your experience with us.


Advertising & Targeting cookies: Advertising and social media cookies are used to ensure that marketing campaigns you receive on our website are relevant to you based on your browsing habits. These cookies also help us measure the effectiveness of the advertising campaign and understand your reaction once you view an advertisement. These cookies track across websites and collect data to provide customized advertisements. They are usually placed on behalf of advertising networks with the site operator’s permission. They remember that you have visited a site and quite often they will be linked to site functionality provided by the other organization. This may impact the content and messages you see on other websites you visit.


We may enable or disable cookies as required; however, whenever cookies are enabled, we will provide you with the option of allowing or rejecting specific cookies. Our website may have links to our partner (third party) websites or cookies. You can choose to allow or disable such third party cookies enabled on our site; however, when shifting to partner websites, such permissions given on our website will not work on partner websites where such permissions will have to be given again. 

Copyright © 2024 XPaydite - All Rights Reserved.

  • Terms & Conditions
  • XPaydite Policies
  • Customer Grievance
  • Careers

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept