This Privacy Policy is published pursuant to:

1. Section 43A of the Information Technology Act, 2000;
2. Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“Privacy Rules”);
3. Rule 3(1) of the Information Technology (Intermediaries Guidelines and Digital Media Ethics Code) Rules, 2021; and
4. Guidelines and regulations issued by Reserve Bank of India from time to time, to the extent applicable to the Company.
5. Provisions of the Digital Personal Data Protection Act, 2023 (“DPDP Act”), as and when notified and made applicable.

In this Privacy Policy, the Company will disclose what kind of information is collected from Users. It will also specify why the Company collects this information, the modes and means by which it will be used, and the entities or persons who will have access to this information.

Under the Privacy Rules (i.e., the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011),, Sensitive Personal Data or Information of a person means such personal information which consist of the information relating to;:

1. Passwords;
2. Financial information such as bank accounts, credit and debit card details or other payment instrument details (“Financial Information”);
3. Physical, physiological, and mental health condition;
4. Sexual orientation;
5. Medical records and history;
6. Biometric information;
7. Any detail relating to the above clauses as provided to a body corporate for providing service; and
8. Any of the information received under above clauses by a body corporate for processing, stored or processed under lawful contract or otherwise;

provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.

There is also a certain set of information which may be collected from Users such as full names, addresses, email addresses, telephone numbers, residential and/or business address proof and identity proof (such as PAN card, voter ID, passport, or driving licence), User photographs, business identification details (such as GST certificates, Udyam Aadhaar, Shop and Establishment registration, FSSAI license, etc.), and other contact information which may be used to personally identify Users directly or indirectly either from the collected information alone or from said information combined with other information which the Company may have access to about the User (“Personally Identifiable Information”).

Any User Information received by the Company from third-party sources, including but not limited to the Company's affiliates, Lending Partners, verification service providers, or regulated financial entities, pursuant to the User’s express or recorded consent, shall be deemed to have been directly provided by the User. The User acknowledges and agrees that such consent-based transmission of data constitutes valid, binding, and lawful authorization by the User under applicable data protection laws. The Company shall not be held liable for any claim, loss, or liability arising from the authenticity or accuracy of such User Information provided by third parties acting on the basis of the User’s consent.

Sensitive Personal Information and Personally Identifiable Information is collectively referred to as “User Information”.

The Company will only collect User Information that is necessary for the purposes of rendering the Services or Trade Enabling Services and will not further process it in a manner that is incompatible with those purposes unless otherwise consented by the User.

a) Sensitive Personal Information

In the course of transacting on the Ninjacart Services Platform, the Company may provide the Users the option to pay with a credit card, wire-transfer, or debit card through the Ninjacart Services Platform’s third-party payment gateway provider or any other platform. This third-party payment gateway provider may be required to collect certain Financial Information from Users. The Financial Information so collected will only be used for billing and payment for the use of the Services through the Ninjacart Services Platform. The processes of verifying the Financial Information will be entirely conducted by Users, and the Ninjacart Services Platform shall have no part in such processes.

In case a User chooses to avail Trade Enabling Services or voluntarily shares such data, the Company may, on behalf of the User and based solely on the User's explicit consent, facilitate the procurement of income data, bank statements and other financial information for providing support services related to the Trade Enabling Services such as sharing Know Your Customer (KYC) information with Lending Partners and authorized third parties for their verification and facilitation of Trade Enabling Services with the consent of the User.

The Company shall implement commercially reasonable security measures, in compliance with applicable laws and regulatory guidelines, to safeguard Users’ Information. Notwithstanding the foregoing, users are advised to exercise due caution and discretion while disclosing such information through the Services. The Company disclaims any liability for loss or unauthorized access arising out of circumstances beyond its reasonable control, and expressly acknowledges that absolute security over internet-based systems cannot be assured.

b) Personal Identifiable Information

The Company may collect the following PII from its Users in the normal course of a User's use of the Ninjacart Services Platform:

1. Basic data such as name, address, contact details, date of birth, etc., of the User (which shall be stored with the Company for providing various services as availed by the User from time to time).
2. In case a User chooses to avail Trade Enabling Services from Lending Partners via the Ninjacart Services Platform, the Company may with explicit consent of the User, receive or collect KYC data from Users such as user photographs, identity proof and address proof and / or the following documents – Aadhaar, PAN and/ or Business PAN, OVD, Business Proof (Market license or GST certificate or Udyam Aadhaar or FSSAI or certificate of incorporation or Krishi Smiti Certificate or MSME Udyam Registration Certificate or Labor Department Registration Certificate or Shop Act Certificate) and fields – Business PAN number, business name, date of incorporation (in case they have uploaded business information). Provided however, that the Company shall not store or collect the biometric information pertaining to any of its Users.

c) Automatically Generated Information

When a User visits the Ninjacart Services Platform, the Company may automatically receive the following information:

• Uniform resource locator of the site from which such user visits the Ninjacart Services Platform;
• Details of the website such User is visiting on leaving the Ninjacart Services Platform;
• The internet protocol (“IP”) address of each User’s computer operating system;
• Type of web browser the User is using, email patterns; and
• The User’s internet service provider.

d) Locations

The Company may with explicit consent of the User, also access, collect and/ or store information regarding the User’s location via the Ninjacart Services Platform, which includes but is not limited to their global positioning system coordinates vis-à-vis the device used to access the Ninjacart Services Platform.

e) Telephone Calls and Other Communications Received from Users

Subject to applicable laws, the Company may keep records of telephone calls, emails, SMS and other channels of communication received from and made to Users for the purpose of administration of Services (and Trade Enabling Services), research and development, training, business intelligence, business development, or for User administration. The Ninjacart Services Platform may share the telephone records, emails, SMSs, and other communications received from Users with third parties when required by law or when required to provide or facilitate the User with Trade Enabling Services.

In addition to the User Information collected and/or received by the Company (as outlined above), the Company may also collect other types of information which are not directly or indirectly linked to a User and which is aggregated, anonymized or de-identified excluding mobile phone resources, files and media, contact list, call, logs, telephony functions etc. However, the Company shall, with the explicit consent of the User, have one-time access to the camera, microphone, location, or any other facility necessary for the purpose of facilitating onboarding/KYC requirements. Such information is collected in order to improve the services we provide to you. Please note that all User Information is collected by the Company on an as-is basis and the Company shall not be responsible for the authenticity of the User Information provided by Users.

Further, without prejudice to the above and subject to applicable laws, you hereby expressly consent to providing the following permissions to us in relation to the respective data usage:

User Permission required	Data usage
Transactional SMS Data ()	To understand User’s income and spending patterns thereby facilitating evaluation, higher limits and faster approval rates while providing Trade Enabling Services. We do not read any personal or OTP messages.
Phone Permission	To collect and monitor specific information about a User's device including hardware model, operating system and version, unique device identifiers like IMEI and serial number, MAID (Mobile Advertising IDentifiers), user profile information to uniquely identify the devices and ensure that unauthorized devices are not able to act on User’s behalf to prevent frauds.
App Permission	To collect details of User’s installed applications to understand their profile. This helps us to facilitate quicker approvals and higher credit limits.
Location	The Company may access the user's location, with explicit consent, for the limited purpose of: • Facilitating verification of address during KYC process • Promoting customized offers • Facilitating credit risk assessment • Enabling fraud detection • Assessing the serviceability of loan application • Providing better customer service.
Files and Media	Download and save the documents on User’s phones. Upload the right documents, including images for KYC, business registration documents verification etc. Use metadata from images for fraud prevention.

The Company collects User Information through various interactions and channels, including:

1. Registration and Account Creation: Users register on the Ninjacart Services Platform, and/or apply for Trade Enabling Services from the Ninjacart Services Platform.
2. Subscribing to Newsletters or Promotional Communications: When Users subscribe to newsletters, marketing emails, or other promotional communications, the Company collects the email address or contact information provided.
3. Website and App Usage: The Company collects information about Users' interactions with the Ninjacart website and mobile applications, including pages visited, features used, time spent, and clickstream data.

The Company may use email, app notifications, short message service (SMS), multimedia message service (MMS) or other forms of communication (such as WhatsApp) to share information with Users about certain promotions or features regarding the Ninjacart Services Platform which the Company or its affiliates, subsidiaries, business partners, Lending Partners, advertisers and sponsors may choose to offer. Users may receive such communication when they opt to receive the same or have consented to the same during the registration process.

All consents are collected with a clear explanation of the purpose of such data collection and logged for audit trail purposes, in accordance with the applicable laws.

a) Employees, Authorized Personnel and Affiliates

All information that is received, collected, stored, processed or disclosed to the Company by Users is accessible only to authorized personnel and employees of the Company on a need-to-know basis. All employees and data processors, who have access to and are associated with the processing of User Information are obliged to respect its confidentiality. The Company may also disclose User Information to its affiliates for business purposes, such as for the promotion, sales or marketing of such affiliates’ services.

b) Government Institutions or Authorities

The Company may be required to disclose User Information to governmental institutions or authorities under any law or judicial decree. The Company may disclose User Information in its sole discretion, in case Ninjacart Services deems it necessary in order to protect its rights or the rights of others, to prevent harm to persons or property, to fight fraud and credit risk, or to enforce or apply this Privacy Policy or the Terms. The Ninjacart Services Platform shall not be responsible for the manner or method in which such institutions and authorities use or disclose such User Information.

c) Third Parties

The Ninjacart Services Platform may share/use User Information with the other parties (such as Lending Partners, payment gateways service providers, logistics service providers, Contact Point Verification (CPV), Collection Agencies etc.) for the below specified purposes. The details of such parties are disclosed in the Schedule-I.

1. providing services, technical support, etc. in relation to the Services (and Trade Enabling Services), and enhancing User experience; or
2. detecting and preventing identity theft, fraud or any other potentially illegal acts; or
3. monitoring enhancing User interest and engagement, including through promotional activity, personal messages to users using Personally Identifiable Information provided by Users, etc.; or
4. processing the purchase of Services on the Ninjacart Services Platform.

In the event the Company intends to disclose or share User Information with any third party not already identified in this Privacy Policy, it shall update this Privacy Policy, including Schedule I, to reflect such disclosure and shall notify users of the same in accordance with applicable legal requirements. Access to User Information by any such third party shall be governed by binding contractual obligations relating to data protection, confidentiality, and compliance with applicable laws and regulations.

d) Merging/Acquiring Parties/Investing Parties

In the event that the Company is merged with or acquired by another business entity, it will be required to transfer all User Information to such merging or acquiring party. We may also share User Information with bona fide potential investors and investors. In such cases, the Company will take all reasonable efforts to make sure that the User Information is protected by the merging, acquiring, or investing entity, in conformity with applicable laws.

e) Third Party upon Sale

The Company may also disclose or transfer the User Information provided by Users to any third party as a part of reorganization or a sale of the assets, division or transfer of a part or whole of the Company. Any third party to which the Company transfers or sells its assets (such as the Ninjacart Services Platform) will have the right to continue to use the User Information that Users provide to the Company.

f) Third-Party Sites

The Company does not exercise control over the websites displayed as search results or links from within the Services or the Trade Enabling Services. These other sites may place their own cookies or other files on the Users’ computer, collect data or solicit User Information from Users, for which the Company shall not be held responsible or liable. The Company does not make any representations concerning the privacy practices or policies of such third parties including the Lending Partners or terms of use of such websites, nor does the Company guarantee the accuracy, integrity, or quality of the information, data, text, software, sound, photographs, graphics, videos, messages or other materials available on such websites. The inclusion or exclusion of such websites does not imply any endorsement by the Company of such websites, the websites’ provider, or the information on the website.

The Company may use the User Information collected from the User when said Users register, make a purchase, sign up for the Company newsletter, respond to a survey or marketing communication, or when Users use certain other application features of the Ninjacart Services Platform (such as availing Trade Enabling Services), in the following ways:

1. To identify the User, to understand their needs and resolve disputes, if any.
 
2. To personalize User experience and to allow the Company to deliver the type of content and product offerings in which Users are most interested.
 
3. To improve the Ninjacart Services Platform in order to better serve Users.
 
4. To set up, manage and facilitate the offer of products, and to enhance the Services and Trade Enabling Services (as applicable) to meet User requirements.
 
5. To allow the Company to better service Users by responding to User customer service requests.
 
6. To provide ongoing Services and Trade Enabling Services (as applicable).
 
7. To administer a contest, promotion, survey or other Ninjacart Services Platform features, and to keep Users apprised of the Ninjacart Services Platform’s promotions and offers.
 
8. To quickly facilitate the processing of User transactions by third party payment gateways.
 
9. To ask for the ratings and reviews of services or products offered on the Ninjacart Services Platform
 
10. To meet legal and regulatory requirements.
 
11. To resolve technical issues and troubleshoot problems that may arise in the Services, the Trade Enabling Services, or the Ninjacart Services Platform.
 
12. To detect and protect the Company and the Ninjacart Services Platform from error, fraud and other criminal activities.
 
13. To enforce the Terms.
 
14. Other reasons which, prior to being put into effect, shall be communicated to Users through an update carried out to this Privacy Policy.

The Company has implemented security policies, rules and technical measures, as required under applicable law including firewalls, transport layer security and other physical and electronic security measures to protect the User Information that it has under its control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. While the Company is committed to maintaining confidentiality of all User Information, it shall not be responsible for any breach of security or for any action of any third parties that receive a User's User Information due to events that are beyond the reasonable control of the Company including, acts of government, computer hacking, unauthorized access to the Company's computers and storage devices, computer crashes, breach of security and encryption, etc. All information collected from the Users by the Company via the Ninjacart Services Platform is maintained in electronic form on servers and/or cloud systems and shall be accessible by certain employees of the Company. The User Information collected by the Company is stored by Microsoft Azure located at Pune, India and such other locations as determined by the Company from time to time.

The User Information may also be converted to/stored in physical form (such as hard drives or server racks) from time to time. Regardless of the manner of storage, the Company shall make commercially reasonable efforts to ensure that the User Information is rendered confidential and that the Company will only disclose such User Information in accordance with the terms of this Privacy Policy.

Users have the following rights:

1. Right to give or deny consent for each type of data collected (e.g., camera, location, SMS, etc.).
2. Right to revoke consent at any time for any data already shared.
3. Right to request deletion of personal data, upon which the Company shall delete such data unless otherwise required for legal or regulatory compliance.
4. Right to restrict sharing of personal data with any third party not directly required for service delivery.

Users may exercise these rights, including withdraw their consent for the collection, use and/or disclosure of User Information in the Company's possession or control by submitting a request to queries@ninjacartservices.com. The Company will process your request within a reasonable time from when the request was made, and thereafter not collect, use and/or disclose said User Information as per their request.

Depending on the extent of a User's withdrawal of consent or request for deletion, User may not be able to further use or access the Ninjacart Services Platform and avail Trade Enabling Services.

We will use cookies for tracking purposes and for the collection of relevant meta data. Users can choose to have their devices warn them each time a cookie is being sent, or Users can choose to turn off all cookies. Users may do this through their device browser settings. As Users may use different browsers, Users may look at their browser’s help menu to learn the correct way to modify their cookies.

If Users turn cookies off, some of the Ninjacart Services Platform's features that make User experience more efficient may no longer function as intended.

We understand that you may have questions about this Privacy Policy, on how we process or handle your information, or may otherwise want to understand these aspects. We welcome you to reach out to us with your queries, grievances, feedback, and comments and contact our grievance officer, whose details are provided below:

Name: Mr. Raghavendra Rao TS
Designation: Grievance Officer
Email Id: privacy@ninjacartservices.com
Contact Details: +91-080-35018270
Address: Ninjacart Services Pvt. ltd, Corporate Office: Indiqube Helios Business Park, Tower-E, Second floor, Seat no 490, Chandana, Kadubeesanahalli, Bengaluru, Panathur, Bangalore, Bangalore South, Karnataka 560103, India