Privacy Policy

Summary

BHIM Aadhaar Baroda Pay is a digital payment acceptance solution from Bank of Baroda
which enables a Bank of Baroda merchant to accept payments for goods/services using his
Android smartphone and fingerprint reader, from customers having Aadhaar seeded bank
accounts, by authenticating the customer's biometrics.

This Application collects Aadhaar number to validate the personal Data (including account
related information) from its Users.

Following data is accessed for the following purposes and using the following services:

Data / Information Purpose Service

Methods of Data processing : Data is controlled and processed by TCS (Bank’s Technology
Service provider) The TCS Data centre processes the data of users in a proper manner and
appropriate security measures are taken to prevent unauthorized access, disclosure,
modification, or unauthorized destruction of the Data. The Data processing is carried out using
computers and / or IT enabled tools, following organizational procedures and modes strictly
related to the purposes indicated.

Place of data processing: The Data is processed at the TCS Data centre and in any other
places where the parties involved with the processing are located.

Retention time: The Data is kept for the time necessary to provide the mobile banking service,
as requested by the User.

Legal action: The User's Personal Data may be used for legal purposes by the bank, in Court
or in the stages leading to possible legal action arising from improper use of this application
or the related services. The User is aware of the fact that the TCS Data Controller may be
required to reveal personal data upon request of public authorities.

Additional information about User's Personal Data: In addition to the information contained
in this privacy policy, this Application may provide the User with additional information
concerning particular services or the collection and processing of Personal Data upon request.

System Logs and Maintenance: For operation and maintenance purposes, this Application
and any third party services may collect files that record interaction with this Application
(System Logs).

Information not contained in this policy: More details concerning the collection or
processing of Personal Data may be requested from the bank at any time.
The rights of Users: Users have the right, at any time, to know whether their Personal Data
has been stored and can consult the bank to learn about their contents and origin, to verify
their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for
their transformation into anonymous format or to block any data held in violation of the law, as
well as to oppose their treatment for any and all legitimate reasons. Requests should be sent
to the bank at the contact information set out above. This Application does not support “Do
Not Track” requests. To determine whether any of the third party services it uses honor the
“Do Not Track” requests, please read their privacy policies.

Changes to this privacy policy: The bank reserves the right to make changes to this privacy
policy at any time by giving notice to its Users on this page. It is strongly recommended to
check this page often, referring to the date of the last modification listed at the bottom. If a
User objects to any of the changes to the Policy, the User must cease using this Application
and can request that the bank to erase the Personal Data. Unless stated otherwise, the then-
current privacy policy applies to all Personal Data the bank has about Users.

Definitions and legal references

Personal Data (or Data): Any information regarding a natural person, a legal person, an
institution or an association, which is, or can be, identified, even indirectly, by reference to any
other information, including a personal identification number.

Usage Data: Information collected automatically from this Application (or third party services
employed in this Application ), which can include: the mobile number and SIM serial number
of the Users who use this Application, the method utilized to submit the request to the server,
the size of the file received in response, the numerical code indicating the status of the server's
answer (successful outcome, error, etc.), the features of the browser and the operating system
utilized by the User, the various time details per visit (e.g., the time spent on each page within
the Application) and the details about the path followed within the Application with special
reference to the sequence of pages visited, and other parameters about the device operating
system and/or the User's IT environment.

User: The individual (registered customer) using this Application, which must coincide with or
be authorized by the bank Subject, to whom the Personal Data refer.

Data Subject: The legal or natural person to whom the Personal Data refers to Data Processor
(or Data Supervisor) The natural person, legal person, public administration or any other body,
association or organization authorized by the bank to process the Personal Data in compliance
with this privacy policy.

Bank (or Owner): Bank of Baroda is the Owner of this Application.

This Application: The hardware or software tool by which the Personal Data of the User is
collected.

Cookie: Small piece of data stored in the User's device.