This Privacy Policy is published pursuant to:

1. Section 43A of the Information Technology Act, 2000;
2. Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“Privacy Rules”);
3. Rule 3(1) of the Information Technology (Intermediaries Guidelines and Digital Media Ethics Code) Rules, 2021; and
4. Guidelines and regulations issued by Reserve Bank of India from time to time, to the extent applicable to the Company.

In this Privacy Policy, the Company will disclose what kind of information is collected from Users. It will also specify why the Company collects this information, the modes and means by which it will be used, and the entities or persons who will have access to this information.

Under the Privacy Rules, sensitive personal data or information of a person means and includes such personal information about that person relating to the following (“Personal Information”):

1. Passwords;
2. Financial information such as bank accounts, credit and debit card details or other payment instrument details (“Financial Information”);
3. Physical, physiological and mental health condition;
4. Sexual orientation;
5. Medical records and history;
6. Biometric information; and
7. Information received by body corporates under lawful contract or otherwise.

There is also certain information which will be collected from Users such as addresses, email addresses, telephone numbers, address proof and identity proof, User photographs and other contact information which may be used to personally identify Users directly or indirectly either from the collected information alone or from said information combined with other information which the Company may have access to about the User
(“Personally Identifiable Information”). It is important to note that information that is freely available in the public domain, or accessible under the Right to Information Act, 2005, or any other law will not be considered Sensitive Personal Information, or as Personally Identifiable Information. Sensitive Personal Information and Personally Identifiable Information is collectively referred to as “User Information”.

The Company will only collect User Information that is necessary for the purposes of rendering the Services or Trade Enabling Services and will not further process it in a manner that is incompatible with those purposes unless otherwise consented by the User.

a) Sensitive Personal Information

In the course of transacting on the Ninjacart Services Platform, the Company may provide the Users the option to pay with a credit card, wire-transfer, or debit card through the Ninjacart Services Platform’s third-party payment gateway provider or any other platform. This third-party payment gateway provider may be required to collect certain Financial Information from Users including, but not restricted to, their Financial Information. The Financial Information so collected will only be used for billing and payment for the use of the Services through the Ninjacart Services Platform. The processes of verifying the Financial Information will be entirely conducted by Users and the Ninjacart Services Platform shall have no part in such processes.

In case a User chooses to avail Trade Enabling Services from the Company through the Lending Partner via the Ninjacart Services Platform and its affiliates or in cases where the User voluntarily shares such data, Ninjacart Services will also collect Users credit bureau data (based solely on the Users terms of consent for such sharing of credit bureau data with Ninjacart Services), income data, bank statements and other financial information for providing support services related to the Trade Enabling Services such as sharing credit bureau data and Know Your Customer (KYC) information with Lending Partners and authorized third parties for their verification and facilitation of Trade Enabling Services etc. with the consent of the User.

While the Company shall make commercially reasonable efforts to ensure that Users’ financial information is duly protected by undertaking security measures prescribed under applicable laws, Users are strongly advised to exercise discretion while providing financial information while using the Services, given that the Company cannot guarantee absolute security over the internet.

b) Personal Identifiable Information

The Company may collect the following PII from its Users in the normal course of a User's use of the Ninjacart Services Platform:

1. Basic data such as name, address, contact details etc. of the User (which shall be stored with the Company for providing various services as availed by the User from time to time).
2. In case a User chooses to avail Trade Enabling Services from Lending Partners via the Ninjacart Services Platform, the Company may with explicit consent of the User, collect KYC data from Users such as user photographs, identity proof and address proof (such as Aadhaar data) and the following documents -Aadhaar, PAN, Business PAN, Business Proof (Market license or GST certificate or Udyam Aadhaar or FSSAI or certificate of incorporation or Krishi Smiti Certificate or MSME Udyam Registration Certificate or Labor Department Registration Certificate or Shop Act Certificate) and fields - Business PAN number, business name, date of incorporation (in case they have uploaded business information). Provided however that Ninjacart Services shall not store or collect the biometric information pertaining to any of its Users.

c) Automatically Generated Information

When a User visits the Ninjacart Services Platform, the Company automatically receives the following information:

• Uniform resource locator of the site from which such user visits the Ninjacart Services Platform;
• Details of the website such User is visiting on leaving the Ninjacart Services Platform;
• The internet protocol (“IP”) address of each User’s computer operating system;
• Type of web browser the User is using, email patterns; and
• The User’s internet service provider.

d) Locations

The Company may with explicit consent of the User, also access, collect and/ or store information regarding the User’s location via the Ninjacart Services Platform, which includes but is not limited to their global positioning system coordinates vis-à-vis the device used to access the Ninjacart Services Platform.

e) Telephone Calls and Other Communications Received from Users

Subject to applicable laws, the Company may keep records of telephone calls, emails, SMS and other channels of communication received from and made to Users for the purpose of administration of Services (and Trade Enabling Services), research and development, training, business intelligence, business development, or for User administration. The Ninjacart Services Platform may share the telephone records, emails, SMSs and other communications received from Users with third parties when required by law or when required to provide or facilitate the User with the Services or Credit Service (as applicable). In addition to the User Information collected by the Company (as outlined above), the Company may also collect other types of information which are not directly or indirectly linked to a User and which is aggregated, anonymized or de-identified excluding mobile phone resources, files and media, contact list, call, logs, telephony functions etc. However, the Company shall with explicit consent of the User, have one-time access to camera, microphone, location, or any other facility necessary for the purpose of onboarding/KYC requirements. Such information is collected in order to improve the services we provide to you. Please note that all User Information is collected by the Company on an as-is basis and the Company shall not be responsible for the authenticity of the User Information provided by Users. Further, without prejudice to the above and subject to applicable laws, you hereby expressly consent to providing the following permissions to us in relation to the respective data usage:

User Permission required	Data usage
Transactional SMS Data ()	To understand User’s income and spending patterns thereby helping us in the credit evaluation and facilitating higher limits and faster approval rates. We do not read any personal or OTP messages.
Phone Permission	To collect and monitor specific information about a User's device including hardware model, operating system and version, unique device identifiers like IMEI and serial number, user profile information to uniquely identify the devices and ensure that unauthorized devices are not able to act on User’s behalf to prevent frauds.
App Permission	To collects details of User’s installed applications to understand their profile. This helps us to provide quicker approvals and higher credit limits
Location	For verifying address during KYC process Promote customized offers Credit risk assessment Enable fraud detection Assess serviceability of loan application Providing better customer service
Files and Media	Download and save the documents on User’s phones Upload the right documents including images for KYC, business registration documents verification etc. Use metadata from images for fraud prevention

a) Employees, Authorized Personnel and Affiliates

All information that is collected, stored, processed or disclosed to the Company by Users is accessible only to authorized personnel and employees of the Company on a need-to-know basis. All employees and data processors, who have access to and are associated with the processing of User Information are obliged to respect its confidentiality. The Company may also disclose User Information to its affiliates for business purposes, such as for the promotion, sales or marketing of such affiliates’ services.

b) Government Institutions or Authorities

The Company may be required to disclose User Information to governmental institutions or authorities under any law or judicial decree. The Company may disclose User Information in its sole discretion, in case Ninjacart Services deems it necessary in order to protect its rights or the rights of others, to prevent harm to persons or property, to fight fraud and credit risk, or to enforce or apply this Privacy Policy or the Terms. The Ninjacart Services Platform shall not be responsible for the manner or method in which such institutions and authorities use or disclose such User Information.

c) Other Parties

The Ninjacart Services Platform may share/use User Information with the other parties (such as Lending Partners Lenders, payment gateways service providers, logistics service providers, Contact Point Verification (CPV), Collection Agencies etc.) for the below specified purposes. The details of such parties are disclosed in the Schedule-I of:

1. providing services, technical support, etc. in relation to the Services (and Trade Enabling Services), and enhancing User experience; or
2. detecting and preventing identity theft, fraud or any other potentially illegal acts; or
3. monitoring enhancing User interest and engagement, including through promotional activity, personal messages to users using Personally Identifiable Information provided by Users, etc; or
4. processing the purchase of Services on the Ninjacart Services Platform.

If Ninjacart Services intends to disclose or share the User Information with any other third party, Ninjacart Services will be entitled to appropriately amend the Privacy Policy, including the details set out in Schedule –I, and share the details with such third party.

d) Merging/Acquiring Parties/Investing Parties

In the event that the Company is merged with or acquired by another business entity, it will be required to transfer all User Information to such merging or acquiring party. We may also share User Information with bona fide potential investors and investors. In such cases, the Company will take all reasonable efforts to make sure that the User Information is protected by the merging, acquiring, or investing entity, in conformity with applicable laws.

e) Third Party upon Sale

The Company may also disclose or transfer the User Information provided by Users, to any third party as a part of reorganization or a sale of the assets, division or transfer of a part or whole of the Company. Any third party to which the Company transfers or sells its assets (such as the Ninjacart Services Platform) will have the right to continue to use the User Information that Users provide to the Company.

f) Third-Party Sites

The Company does not exercise control over the websites displayed as search results or links from within the Services or the Trade Enabling Services. These other sites may place their own cookies or other files on the Users’ computer, collect data or solicit User Information from Users, for which the Company shall not be held responsible or liable. The Company does not make any representations concerning the privacy practices or policies of such third parties including the Lending Partners or terms of use of such websites, nor does the Company guarantee the accuracy, integrity, or quality of the information, data, text, software, sound, photographs, graphics, videos, messages or other materials available on such websites. The inclusion or exclusion of such websites does not imply any endorsement by the Company of such websites, the websites’ provider, or the information on the website.

The Company may use the User Information collected from the User when said Users register, make a purchase, sign up for the Company newsletter, respond to a survey or marketing communication, or when Users use certain other application features of the Ninjacart Services Platform (such as availing Trade Enabling Services), in the following ways:

1. To identify the User, to understand their needs and resolve disputes, if any.
 
2. To personalize User experience and to allow the Company to deliver the type of content and product offerings in which Users are most interested.
 
3. To improve the Ninjacart Services Platform in order to better serve Users.
 
4. To set up, manage and facilitate the offer of products, and to enhance the Services and Trade Enabling Services (as applicable) to meet User requirements.
 
5. To allow the Company to better service Users by responding to User customer service requests.
 
6. To provide ongoing Services and Trade Enabling Services (as applicable).
 
7. To administer a contest, promotion, survey or other Ninjacart Services Platform features, and to keep Users apprised of the Ninjacart Services Platform’s promotions and offers.
 
8. To quickly facilitate the processing of User transactions by third party payment gateways.
 
9. To ask for the ratings and reviews of services or products offered on the Ninjacart Services Platform
 
10. To meet legal and regulatory requirements.
 
11. To resolve technical issues and troubleshoot problems that may arise in the Services, the Trade Enabling Services, or the Ninjacart Services Platform.
 
12. To detect and protect the Company and the Ninjacart Services Platform from error, fraud and other criminal activities.
 
13. To enforce the Terms.
 
14. Other reasons which, prior to being put into effect, shall be communicated to Users through an update carried out to this Privacy Policy.

The Company has implemented security policies, rules and technical measures, as required under applicable law including firewalls, transport layer security and other physical and electronic security measures to protect the User Information that it has under its control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. While the Company is committed to maintaining confidentiality of all User Information, it shall not be responsible for any breach of security or for any action of any third parties that receive a User's User Information due to events that are beyond the reasonable control of the Company including, acts of government, computer hacking, unauthorized access to the Company's computers and storage devices, computer crashes, breach of security and encryption, etc. All information collected from the Users by the Company via the Ninjacart Services Platform is maintained in electronic form on servers and/or cloud systems and shall be accessible by certain employees of the Company. The User Information collected by the Company is stored by Microsoft Azure located at Pune, India and such other locations as determined by the Company from time to time.

The User Information may also be converted to/stored in physical form (such as hard drives or server racks) from time to time. Regardless of the manner of storage, the Company shall make commercially reasonable efforts to ensure that the User Information is rendered confidential and that the Company will only disclose such User Information in accordance with the terms of this Privacy Policy.

Users may withdraw their consent for the collection, use and/or disclosure of User Information in the Company's possession or control by submitting a request to cloud queries@ninjacartservices.com
The Company will process your request within a reasonable time from when the request was made, and thereafter not collect, use and/or disclose said User's User Information as per their request.

Depending on the extent of a User's withdrawal of consent for us to process User Information, it may mean that said User will not be able to further use or access the Ninjacart Services Platform, avail Services or Trade Enabling Services.

We will use cookies for tracking purposes and for the collection of relevant meta data. Users can choose to have their devices warn them each time a cookie is being sent, or Users can choose to turn off all cookies. Users may do this through their device browser settings. As Users may use different browsers, Users may look at their browser’s help menu to learn the correct way to modify their cookies.

If Users turn cookies off, some of the Ninjacart Services Platform's features that make User experience more efficient may no longer function as intended.

We understand that you may have questions about this Privacy Policy, on how we process or handle your information, or may otherwise want to understand these aspects. We welcome you to reach out to us with your queries, grievances, feedback, and comments and contact our grievance officer, whose details are provided below:

Name: Mr. Chetan Agarwal
Designation: Grievance Officer
Email Id: privacy@ninjacartservices.com || Contact Details: +91-080-35018270 Address: Ninjacart Services Pvt. ltd, Corporate Office: Vaishnavi Signature Ninth Floor, 78/9 Outer Ring Road, Bellandur Village, Varthur Hobli Bengaluru, Karnataka – 560103