Simply Vyapar Apps Private Limited (“the Company”) having its registered address FLAT NO 223 WINGS 2 DSR EDEN GREEN APARTMENTS, Bangalore, Karnataka - 560035 recognizes the need for appropriate protection and management of any information shared with the Company or on Vyapar Platform.
By using or accessing the Vyapar platform in any manner or opening an Account, it is acknowledged that the present Policy is accepted and it further consents that the Company will collect, use, disclose, share and transfer information and personal data including but not limited to sensitive Personal Information. This Policy is an electronic record in the form of an electronic contract formed under the Information Technology Act, 2000 and the rules made thereunder.
In the case in future it is felt that the Information or a part thereof as collected should not be used or should be deleted, consent granted in the present Policy can be withdrawn, by writing to the Company seeking to withdraw the consent so granted or deleting the Account, as the case may be. However, in case the consent for the Company to use the Information as provided in the present Policy is withdrawn, the Products and Services cannot be offered to the User by the Company.
These policies may be updated from time to time in the future. The User should agree to review our privacy policies regularly by visiting this page. Continued access to or use of the service will mean that the User agrees to the change.
When this privacy statement applies
Its liability to the User is limited to those who have downloaded the vyapar application and logged in by clicking on the “I Agree/Login” button for Terms and Conditions or has explicitly consented to the policy on any other product/service page offered to the User
How is the information collected, used, disclosed, shared and stored
For the purpose of these Terms, the term “Non-Personal Information” shall mean information that does not specifically identify an individual but includes information from such as the type of internet browser used, mobile device used, computer or mobile device’s unique device ID, Internet Service Provider (ISP) and Internet Protocol (IP) address. The Company may also collect Non-Personal Information that is provided.
Personal and Non-Personal Information together is referred to as “Information”. The Company may collect Information when registration or opening of an Account happens on the Vyapar platform, when the features or the Products and Services are used, when the User shares the User content with the Company and when the User interacts with the customer care team including the details of the message or chats etc.
5. The Company collects information about the User’s use of the Vyapar platform and/or Products and Service, such as the features used, any activity carried out, the actions that are taken, the time, frequency and duration of the said activities.
6. The Company is required to collect information from and about the computers, tablets, phones and other web-connected devices used and the Company then combines this information across different devices that are used.
Information that the Company obtains from these devices includes:
a. Information including but not limited to the operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, and plugins, name of mobile operator or ISP, language, time zone, mobile phone number, IP address, connection speed and, in some cases, information about other devices that are nearby or on user network etc.
b. Information including but not limited to access to beacons and mobile phone masts, access to GPS location, network, camera or photos, data from cookies stored on user devices, storage space or disk on the device etc.
c. Location-related information – such as current location to provide, personalized and improved use of the Vyapar platform and/or Products and Services. Location-related information can be based on things such as precise device location, IP addresses etc.
Google permissions usage
Gmail Mail Send (gmail.send) Allows you to send your invoices and report PDFs to your customers.
Allows you to take backup of your app data on your email.
Google Drive file (drive.file) Allow you to take backup of your app data on your google drive.
Allows the app to take regular backup of your app data automatically.
Google Contacts (contacts.readonly) Allow users to use Google Contacts for adding parties (customers) on the accounting software.
How vyapar stores and shares google user data
Vyapar does not store any Google user data. Whenever Vyapar fetches this data, it gets shown to the user while using the feature. The user chooses the data he wants to use for import and that gets used to create customers/vendors for him in the software. Vyapar will not store this data for any further use. Vyapar will also not share the user's Google authentication data with anyone. Also, Vyapar will not store this data anywhere.
Collection of financial sms information
We don’t collect, read or store your personal SMS from your inbox. We collect and monitor only financial SMS sent by 6-digit alphanumeric senders from your inbox which helps us in identifying the various bank accounts that you may be holding, cash flow patterns, description and amount of the transactions undertaken by you as a user to help us perform a credit risk assessment which enables us to determine your risk profile and to provide you with the appropriate credit analysis. This process will enable you to take financial facilities from the regulated financial entities available on the Platform. This Financial SMS data also includes your historical data.
Collection of device location and device information
We collect and monitor the information about the location of your device to provide serviceability of your loan application, to reduce the risk associated with your loan application and to provide pre-approved customised loan offers. This also helps us to verify the address, make a better credit risk decision and expedite know your customer (KYC) process. Information the App collects, and its usage depends on how you manage your privacy controls on your device. When you install the App, we store the information we collect with unique identifiers tied to the device you are using. We collect information from the device when you download and install the App and explicitly seek permissions from You to get the required information from the device. The information we collect from your device includes the hardware model, build model, RAM, storage; unique device identifiers like IMEI, serial number, SSAID; SIM information that includes network operator, roaming state, MNC and MCC codes, WIFI information that includes MAC address and mobile network information to uniquely identify the devices and ensure that no unauthorized device acts on your behalf to prevent frauds
Collection of installed applications
We collect a list of the installed applications’ metadata information which includes the application name, package name, installed time, updated time, version name and version code of each installed application on your device to assess your credit worthiness and enrich your profile with pre-approved customized loan offers.
We require storage permission so that your KYC and other relevant documents can be securely downloaded and saved on your phone. You can then easily upload the correct KYC related documents for faster loan application details filling and disbursal process. This ensures that you are provided with a seamless experience while using the application.
We require the camera information permission to provide you with an easy/smooth experience and to enable you to click photos of your KYC documents along with other requisite documents and upload the same on the App during your loan application journey.
Collection of other non-personal information
Link to third-party sdk
The Vyapar Platform has a link to a registered third party SDK that collects data on our behalf and data is stored on a secured server to perform a credit risk assessment. We ensure that our third-party service provider takes extensive security measures in order to protect your personal information against loss, misuse or alteration of the data. Our third-party service provider employs separation of environments and segregation of duties and has strict role-based access control on a documented, authorized, need to-use basis. The stored data is protected and stored by application-level encryption. They enforce key management services to limit access to data. Furthermore, our registered third party service provider provides hosting security – they use industry leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, and application control solutions
How vyapar uses user data
The Company may use the Information for:
1. Providing access to the Vyapar platform and/or use of the Products and Services.
2. Manage Account with the Company.
3. Authentication by using One Time Password received from the for the Purpose including but not limited to government authorities/good and service tax authority for authenticating/verifying the goods and service tax registration process, Bureau check or any other product/service availed by the user from time to time on Vyapar.
4. Send SMS for authenticating transactions via One Time Password (OTP) etc.
5. Conduct general survey or analysis of Accounts or otherwise.
6. Develop, test and improve the Vyapar platform and/or Products and Services, testing and troubleshooting new products and features, removing any glitches including technical problems, improving the experience of navigating and carrying out transactions and improving the services and content, Products and Service on the Vyapar platform.
7. Based on Information, share sponsored content and show ads, including relating to third parties, that the Company thinks will be relevant.
Sharing of personal information
The Company may disclose or share Personal Information including but not limited to User Content in the following ways:
1. Disclosure or sharing with government authorities including but not limited to the Goods and Service Tax Authority, MSME Authority, FSSAI Authority.
Information including Personal Information may be shared with and disclosed to government authorities including but not limited to the Goods and Service Tax Authority, MSME Authority, FSSAI Authority, in order to enable providing the Products and Services.
2. Disclosure to Government authorities or as required by law information may be shared with Government and/or statutory authorities or under court orders or other legal processes; to establish or exercise legal rights; to defend against legal claims; or as otherwise required by law. The Company warrants that such information will be disclosed only in accordance with applicable directions, instructions, laws and regulations.
3. Disclosure to third parties the Company may provide, disclose and share information including Personal Information that is collected to third-party service providers, database service providers, backup and disaster recovery service providers, email service providers and also make it accessible to technology partners, subsidiaries and affiliates, including outside India, to help ensure availability of Vyapar platform and providing the Products and Services
4. Disclosure to prospective Acquirers The Company may disclose information including Personal Information to an acquirer, assignee or other successor entity in connection with a sale, merger, or reorganization of all or substantially all of the equity or business of the Company.
5. Disclosure to Facilitate Payment on Payment Gateways In order to process payment transactions, the Company may direct to a payment gateway service provider of its own choice, which may have access to the Personal Information provided while making such payment.
Protection of information
The Company, on a best effort basis, shall attempt to take adequate measures to protect the security of Personal Information and to ensure that the choices for its intended use are honoured. The Company also takes adequate precautions, on a best effort basis, to protect data from loss, misuse, unauthorized access or disclosure, alteration or destruction.
The Company uses industry standards of physical, technical and administrative security measures to keep Information, on best effort basis, secure although is unequivocally understood and agreed that the same cannot be foolproof since no security system is impassable and the Company does not guarantee that the Information may be absolutely free from invasion.
Please note that e-mails, messaging and means of communication with the Company may not be encrypted, and therefore the Company advises not to communicate any confidential information through these means.
The Company is not responsible for any breach of security or for any actions or inactions of any Users or other third parties including but not limited to government authorities that receive Information.
The User is solely responsible for maintaining the confidentiality of its username and password. To ensure the safety of Personal Information, it is advised that the username and password should not be shared with anyone. The Company would not be liable or responsible for any breach of this covenant for any reason.
The Company would retain Personal Information only as long as the entity or User to whom the said Personal Information belongs has an active Account or as permitted/required by applicable law. Generally, Personal Information, upon deletion of a related Account, is also deleted unless the same is required to comply with any legal requirements, fraud prevention or assistance in any enquiry, for resolving disputes, to protect interests of the Company, to continue to develop and improve the Products and Services
Grievance redressal mechanism
In accordance with the Information Technology Act, 2000 and Rules made thereunder, the contact details for raising grievances or obtaining any further information or enquiry, if any are provided below:
EU users are entitled to erase any personal data we hold under EU General Data Protection Regulation (GDPR).
We will do our best to respond promptly and in any event within one month of the following:
Our receipt of your written request; or
Our receipt of any further information we may ask you to provide to enable us to comply with your request, whichever happens to be later.
The information you supply to us in this format will only be used for the purposes of identifying the personal data you are requesting that we erase and responding to your request. You are not obliged to complete this form to make a request, but doing so will make it easier for us to process your request quickly.
SECTION-1: Details of the person requesting information
Contact telephone number:
SECTION-2: Are you the data subject?
YES: I am the data subject. I enclose the proof of my identity (See below). (Please go to Section 4)
NO: I am acting on behalf of the data subject. I have enclosed the data subject’s written authority and proof of the data subject’s identity and my own identity (See below). (Please go to Section 3)
To ensure we are erasing data of the right person, we require you to provide us with proof of your identity and of your address. Please supply us with a photocopy or a scanned image (do not send the originals) of one or both of the following
Proof of Identity – Passport, photo driver’s license, national identity card, birth certificate
Proof of Address - Utility bill, bank statement, credit card statement (no more than 3 months old); current driver’s license
SECTION-3: Details of the data subject (if different from Section 1)
Contact telephone number:
Contact telephone number:
SECTION-4: Reason for erasure request
Given the sensitive nature of erasing personal data, GDPR Article 17(1) requires certain conditions to be met before a request may be considered. Please supply us with the reason you wish your data to be erased and please attach any justifying documents to this one.
You feel your personal data is no longer necessary for the purposes for which we originally collected it.
You no longer consent to our processing of your personal data.
You object to your processing of your personal data as is your right under Article-21 of the GDPR.
You feel your personal data has been unlawfully processed.
You feel we are subject to a legal obligation of the EU or Member State that requires the erasure of your personal data.
You are a child, you represent a child, or you were a child at the time of the data processing and you feel your personal data was used to offer you information society services.
SECTION-5: What information do you wish to erase?
Please describe the information you wish to erase. Please provide any relevant details you think will help us to identify the information. Providing the URL for each link you wish to be removed would be helpful.
Also, please explain, if it is not abundantly clear, why the linked page is about you or the person you are representing on this form.
Please note that. In certain circumstances, where erasure would adversely affect the freedom of expression, contradict legal obligation, act against the public interest in the area of public health, act against the public interest in the area of scientific or historical research, or prohibit the establishment of a legal defense or exercise of other claims, we may not be able to erase the information you requested in accordance with article 17(3) of the GDPR. In such cases you would be informed promptly and given full reasons for that decision.
While in most cases we will be happy to erase the personal data you request, we nevertheless reserve the right, in accordance with article 12(5) of the GDPR to charge a fee or refuse the request if it is considered to be “manifestly unfounded or excessive.” However, we will make every effort to provide you with the erasure of your personal data if suitable.
Please note that I have read and understood the terms and conditions of this subject access for and certify that the information given in this application to _______________ is true. I understand that It is necessary for ______________ to confirm my/the data subject’s identity and it may be necessary to obtain more detailed information in order to locate the correct personal data.
Documents that must accompany this application:
Evidence of your identity (see section-2)
Evidence of data subject’s identity (if different from above)
Authorization from the data subject to act on their behalf (if applicable)
Justification for erasure of data (see section-4)
Welcome to Vyapar Desktop Version
Please fill the details below
Welcome to Vyapar Mobile Version
Please fill the details below to receive download link via SMS
Do you want to download vyapar desktop application ?