Privacy Policy
Review our privacy policy and data protection practices.
At Finsec AA Solutions Private Limited (henceforth "OneMoney", "our," "us" "Company" and "we") we want to ensure that you have complete control over the means and manner in which you wish us to process your data. When you choose to use "OneMoney" website ("Website"), you provide us certain data, the processing of which will be governed under this Privacy Policy. Reference to the term "Website" in this Privacy Policy shall include the mobile application "OneMoney", as the case may be, and / or any other software / application through which you (a) access the Website, or (b) avails online services from Company. Reference to the terms "User", "you" "your" and "yours" shall mean any individual who accesses, uses, or registers on our Website including but not limited to individuals whose data is collected, received, stored, processed, or otherwise handled by us as per the Applicable Law.
We are committed to complying with all Applicable Law(s) while collecting, processing, storing, and transferring your personal data. This includes adherence to the Master Direction – Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions, 2016 ("Master Directions") as issued and updated by the Reserve Bank of India, and all other relevant laws, regulations, and guidelines in force from time to time, the Information Technology Act, 2000, the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, the Digital Personal Data and Protection Act, 2023 and rules as amended from time to time.
This Privacy policy, along with the "Terms of Use" constitutes an "electronic record" in the form of an "electronic contract" as defined under the Information Technology Act, 2000 between "Company" and the User of this Website. This Privacy Policy does not require any physical, electronic or digital signature.
This Privacy Policy forms an integral part of the "Terms of Use" of the Website. If you do not agree with the terms of this Privacy Policy please do not use this Website. By visiting this Website you (a) unconditionally accept, and agree to be bound by the "Terms of Use" of the Website, read with this Privacy Policy; (b) expressly consent to the collection, receipt, possession, storage, usage, dealing, handling or transfer of your personal information by Company in accordance with the terms of this Privacy Policy.
This Privacy Policy is only applicable to our Website and not to any other Products as owned by or other Business applications and websites that you may access through our Website, each of which may have data collection, storage, and use policies that are different from our Privacy Policy.
ABOUT US
OneMoney is licensed by the Reserve Bank of India ("RBI") to provide Account Aggregator ("AA") services, whereby OneMoney facilitates passage of financial information such as details of bank deposits, SIPs, Commercial Papers, equity shares, securities etc. of the User, in an encrypted manner as per the Master Directions from entities known as Financial Information Providers ("FIPs"), which are institutions that hold or manage the User's financial information. OneMoney then consolidates, organizes, and presents such information to the User or a Financial Information User ("FIU"), in a manner as may be specified under the Master Direction ("Services").
NATURE, CATEGORIES OF COLLECTED DATA AND ITS PURPOSE
You provide and we collect the following data from you, in order to provide you our Services. The data referred to below may be collected or received by Company (a) directly from the User, when the user either provides any specific information on the Website; or (b) from use of the Website by the User; or (c) from FIP who have collected any Information relating to the User, and who have shared it with Company based on the consent of the User.
- Account Information: When you log in to the OneMoney Website, we collect your mobile number to facilitate secure sign-up and authentication and to maintain the account of the User. Further, any additional user information that may be required by ReBIT (Reserve Bank Information Technology Private Limited) or any other regulatory authority shall also be collected to ensure compliance with Applicable laws.
- Analytics Information: We may collect additional information such as your name, address, telephone number, email address, postal and delivery addresses (if different), gender, and other relevant details may be collected to conduct analytics and enhance your user experience.
- Browsing Information: We may collect information such as the internet protocol ("IP") address of your computer, the type of browser, operating system of the user's device and details of usage of the Website. This information is collected through various ways including by placing "cookies", i.e. text files placed on your computer, to help the Website analyze how users use the site.
- Device Information: We collect certain device-related information, including Device ID, SIM serial number, IMEI number (where permitted), and device model, to enhance the security of our services and protect your data. This information is used to implement SIM and device binding mechanisms, which help ensure that your account or session is accessed only from a trusted device and SIM combination. By using our Services, you consent to this security feature. If you change your device or SIM card, additional verification may be required to continue accessing your account.
We do not use any technologies for tracking or advertising purposes. All data is processed in accordance with applicable data protection laws, and we take appropriate technical and organizational measures to protect it from unauthorized access or misuse.
- Geographical Information: We may collect the geographical location of the User to help detect and prevent security-related issues, unauthorized access, or potential fraud. This information is used solely to enhance the security and integrity of our services. By using our services, you consent to the collection and use of location data for these security purposes.
- Aggregated Information: Anonymized and Aggregated information of Users is collected solely for the purpose of conducting service delivery related analytics and statistics, within the framework of Master Directions and the Digital Data Protection Act, 2023 and any other applicable laws, to enhance the quality and relevance of services provided. Such information is not used to identify or track information about individuals, but is used on anulfiltee level to enhance our services, improve the on-line experience, enhance your use of the Website, compile efficiency reports on online activity, provide other services relating to Website activity etc., within the framework of Master Directions, Digital Data Protection Act, 2023 and any other applicable laws. Company may collect such non-personal Information directly or use the services of a third party service provider such as Google Analytics, Adobe SiteCatalyst etc.
In addition to the purposes as aforementioned, the above mentioned data is collected for the following purposes:
- To ulfil/complete your requests for the services offered, subscribed or availed by you on the Website.
- Respond to any inquiries posed by the User;
- To deliver to you any administrative notices, money alerts, advice, notifications and communications relevant to your use of services on the Website;
- To analyse Website usage and improve the services offered;
- Customization, administration etc. of the Website, location of errors, Website testing, data analysis for the Website etc;
- Provision of various services on the Website through Company and its partners;
- To protect integrity of the Website, improve our platform, prevent or detect fraud or abuse of our Website;
- To conduct analytical studies on various aspects including user behavior, user preferences etc.
- To trace computer resources of any person for the purposes of determining compliance with the provisions of the Information Technology Act, 2000 and / or any other law for the time being in force.
DATA SHARING
Your encrypted data is securely processed through us strictly in accordance with the purpose for which you have provided consent. As an Account Aggregator, we operate on a consent-centric model and facilitate the sharing of your financial information solely between the FIP and the FIU, based on your explicit consent. Other than enabling this regulated and consent-driven data flow between FIPs and FIUs, we do not share your data with any third party. We do not sell, rent, or trade your data. Any other sharing occurs only with your explicit consent in certain limited circumstances as described below:
- Business Transfers: In the event of a merger, acquisition, restructuring, sale of assets or business, or insolvency, or partnerships to promote Account Aggregator services within the framework of applicable regulations and laws, your information may be transferred as part of the transaction. We will take reasonable steps to enjoin that the recipient of such information uses and protects your data in a manner consistent with this Privacy Policy. Any such third party will have the right to continue using your information as per the terms in place at the time of transfer.
- Government and Legal Obligations: We may disclose your information to government authorities or other third parties if required by applicable law, legal process, or pursuant to valid requests such as court orders, or government demands. This includes disclosures necessary to comply with legal obligations or protect our rights, interests, or safety, or those of our users or others.
DATA RETENTION
We process your data in accordance with Applicable Regulations and Laws. The data is processed in infrastructure that meets industry-standard security practices and is located within India, as mandated by applicable regulations. All data is processed or temporarily stored within India, as required under the AA regulatory framework. Your data is retained only for the duration necessary to fulfil the purposes for which you have given consent and as long as you continue to avail our Services. If you choose to withdraw consent or stop using our Services, you may revoke your consents and delete your data, related to what is shared when you downloaded our application, through the "Delete Your Data" section of this Privacy Policy.
PRIVACY CONTROLS
We believe in empowering you with full control over your data. To ensure transparency and control, we provide the following tools and mechanisms on our Website
- Review Your Data: You can view the data you have shared with us, as well as financial data retrieved from the FIPs based on your consent. This information is accessible via your user dashboard on our Website.
- Delete Your Data: If you no longer wish to use our Services, you may choose to delete your data by sending a mail to [email protected]. In furtherance to such action, any data retained will no longer be further processed in any manner and such data shall only be retained if the same is necessary for compliance with any Applicable Law, regulatory requirements and RBI Master Directions. Please note, however, that any data you have explicitly consented to share with FIUs or other regulated entities for a specific purpose is governed by their own Data Policies and Terms of Use. The Company is not responsible for deletion of data stored or processed by such FIUs or third parties.
OPERATION AND TRANSFER OF DATA
The Company does not engage in cross-border transfer of personal data, nor does it share your data with internal departments or external third-party vendors outside of India. The only data sharing that occurs is the regulated and consent-based transfer between FIPs and FIUs, as per your explicit consent. Any future changes in our data transfer practices will be notified to you, and such changes will take effect only upon your review and consent.
DATA SECURITY
In order to make every effort to ensure that your experience on the Website is secure, we use encryption technology to protect you against the loss, misuse or alteration of your personal information. When you fill out any contact forms or access your account, a secure server encrypts all of your information through the use of Secure Socket Layers (SSLs).
Company follows the International Standard IS/ISO/IEC 27001 on "Information Technology - Security Techniques - Information Security Management System – Requirements" for ensuring protection of user Information in its possession.
To be sure you're browsing secure pages for availing services rendered on the Website, check your Web browser's status bar (located at the bottom of the window) for the closed padlock icon. This icon appears in your web browser to tell you that you are viewing a secure web page. Also, all browsers display an "s" after the "http" (https://) in the Web site address to indicate that you are in a secure environment.
CHANGES TO PRIVACY POLICY
We process your data based on the consent you expressly grant to us at the time we collect such data for a specified purpose. In case we change our Privacy Policy which further changes the way we process and manage your data, we will notify and give you an opportunity to review the revised Policy before you choose to proceed with our Services.
GRIEVANCE REDRESSAL
In order to ensure compliance with these policies, Company has appointed a Grievance Redressal Officer to oversee all aspects of its privacy policies and practices. If you are dissatisfied with Company's privacy policies or practices, you should send a written request or complaint to the Grievance Redressal Officer at the address below.
Grievance Redressal Officer
Address: 3rd Floor Tower 40 The Loft, Nexity Hyderabad, Knowledge city Layout Raidurgam Village Serilingampally, Mandal, Hyderabad, Telangana, India, 500081.
Phone: +91-40-6663-5679 or +91-90100-98899
Email: [email protected]
Time: 10:30 am to 5:30 pm
The Grievance Redressal Officer will investigate the matter and respond to your request within 30 (Thirty) days. In the event that you become aware that the information we have about you is incorrect, you should notify the Grievance Redressal Officer, who will ensure the information is updated. In case of a complaint, the Grievance Redressal Officer will take corrective action (if necessary) and will advise you of the steps taken to correct the problem. If you are still unsatisfied with the actions taken, you may be entitled to make a written complaint to the Data Protection Board under the Digital Personal Data Protection Act, 2023 and rules framed thereunder.