NINJA KIRANA PRIVACY POLICY

63Ideas Infolabs Private Limited

  1. What is the Ninja Kirana Application?

    The “Ninja Kirana” application is owned and operated by 63Ideas Infolabs Private Limited, a company incorporated under the laws of India, having its registered office at Vaishnavi Signature, Ninth Floor, 78/9 Outer Ring Road, Bellandur Village, Varthur Hobli Bengaluru – 560103, Karnataka – India and its affiliates. Ninja Kirana is an application in Apple & Android Store that facilitates users registered on Ninja Kirana that facilitates credit from banks, non-banking financial institutions, and other financial institutions approved by the Reserve Bank of India (“Lending

    Partners”) or via any fin-tech entities who have partnered with the Company (“Trade Enabling Services”) of 63Ideas Infolabs Private Limited including its subsidiaries (“Services”)

  2. What is this Privacy Policy?

    This Privacy Policy (the “Privacy Policy”) describes how and why Ninja Kirana collects, uses, transfers and discloses the information provided by the Users. All Users shall be bound by this Privacy Policy and the Company shall not use any information supplied by Users, except in accordance with this Privacy Policy.

    By clicking on ‘I/We Accept’ during the sign-up process, or when consenting to the Trade Enabling Services terms available here. Users agree to and accept the terms and conditions provided under this Privacy Policy, read in addition to the Ninja Kirana Terms & Conditions (Termsavailable here. Users who do not agree with the terms set out in this Privacy Policy and the Terms are advised to refrain from accepting them and are also advised to refrain from using any Services or Trade Enabling Services. Users’ visit to and/or use of the Ninja Kirana and any dispute over privacy is subject to this Privacy Policy and the Terms.

  3. Why does the Company have this Privacy Policy?

    This Privacy Policy is published pursuant to:

    1. Section 43A of the Information Technology Act, 2000;
    2. Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“Privacy Rules”);
    3. Rule 3(1) of the Information Technology (Intermediaries Guidelines and Digital Media Ethics Code) Rules, 2021; and
    4. Guidelines and regulations issued by Reserve Bank of India from time to time, to the extent applicable to the Company.

      In this Privacy Policy, the Company will disclose what kind of information is collected from Users. It will also specify why the Company collects this information, the modes and means by which it will be used, and the entities or persons who will have access to this information.

  4. What is Sensitive Personal Data or Information?

    Under the Privacy Rules, sensitive personal data or information of a person means and includes such personal information about that person relating to the following (“Personal Information”):

    1. Passwords;
    2. Financial information such as bank accounts, credit and debit card details or other payment instrument details (“Financial Information”);
    3. Physical, physiological and mental health condition;
    4. Sexual orientation;
    5. Medical records and history;
    6. Biometric information; and
    7. Information received by body corporates under lawful contract or otherwise.

      There is also certain information which will be collected from Users such as addresses, email addresses, telephone numbers, address proof and identity proof, User photographs and other contact information which may be used to personally identify Users directly or indirectly either from the collected information alone or from said information combined with other information which the Company may have access to about the User (“Personally Identifiable Information”). It is important to note that information that is freely available in the public domain, or accessible under the Right to Information Act, 2005, or any other law will not be considered Sensitive Personal Information, or as Personally Identifiable Information. Sensitive Personal Information and Personally Identifiable Information is collectively referred to as “User Information”.

  5.  What Sensitive Personal Information and Personally Identifiable Information does the Company collect from Users?

    The Company will only collect User Information that is necessary for the purposes of rendering the Services or Trade Enabling Services and will not further process it in a manner that is incompatible with those purposes unless otherwise consented by the User.

    1. Sensitive Personal Information:

      In the course of transacting on the Ninja Kirana, the Company may provide the Users the option to pay with a credit card, wire-transfer, or debit card through the Ninja Kirana’s third-party payment gateway provider or any other platform. This third-party payment gateway provider may be required to collect certain Financial Information from Users including, but not restricted to, their Financial Information. The Financial Information so collected will only be used for billing and payment for the use of the Services through the Ninja Kirana. The processes of verifying the Financial Information will be entirely conducted by Users and the Ninja Kirana shall have no part in such processes.

      In case a User chooses to avail Trade Enabling Services from the Company through the Lending Partner via the Ninja Kirana and its affiliates or in cases where the User voluntarily shares such data, Ninja Kirana will also collect Users credit bureau data (based solely on the Users terms of consent for such sharing of credit bureau data with Ninja Kirana), income data, bank statements and other financial information for providing support services related to the Trade Enabling Services such as sharing credit bureau data and Know Your Customer (KYC) information with Lending Partners and authorized third parties for their verification and facilitation of Trade Enabling Services etc. with the consent of the User.

      While the Company shall make commercially reasonable efforts to ensure that Users’ financial information is duly protected by undertaking security measures prescribed under applicable laws, Users are strongly advised to exercise discretion while providing financial information while using the Services, given that the Company cannot guarantee absolute security over the internet.

    2. Personally, Identifiable Information

      The Company may collect the following PII from its Users in the normal course of a User’s use of the Ninja Kirana:

      1. Basic data such as name, address, contact details etc. of the User (which shall be stored with the Company for providing various services as availed by the User from time to time).
      2. In case a User chooses to avail Trade Enabling Services from Lending Partners via the Ninja Kirana, the Company may with explicit consent of the User, collect KYC data from Users such as user photographs, identity proof and address proof (such as Aadhaar data) and the following documents -Aadhaar, PAN, Business PAN, Business Proof (Market license or GST certificate or Udyam Aadhaar or FSSAI or certificate of incorporation or Krishi Smiti Certificate or MSME Udyam Registration Certificate or Labor Department Registration Certificate or Shop Act Certificate) and fields – Business PAN number, business name, date of incorporation (in case they have uploaded business information). Provided however that Ninja Kirana shall not store or collect the biometric information pertaining to any of its Users.
    3. Automatically Generated Information

      When a User visits Ninja Kirana, the Company automatically receives the following information:

      • Uniform resource locator of the site from which such user visits the Ninja Kirana;
      • Details of the website such User is visiting on leaving the Ninja Kirana;
      • The internet protocol (“IP”) address of each User’s computer operating system;
      • Type of web browser the User is using, email patterns; and
      • The User’s internet service provider.
    4. Locations

      The Company may with explicit consent of the User, also access, collect and/ or store information regarding the User’s location via Ninja Kirana, which includes but is not limited to their global positioning system coordinates vis-à-vis the device used to access the Ninja Kirana. The location data collected does not include any Personally Identifiable Information about the User.

    5. Telephone Calls and Other Communications Received from Users

    Subject to applicable laws, the Company may keep records of telephone calls, emails, SMS and other channels of communication received from and made to Users for the purpose of administration of Services (and Trade Enabling Services), research and development, training, business intelligence, business development, or for User administration. The Ninja Kirana may share the telephone records, emails, SMSs and other communications received from Users with third parties when required by law or when required to provide or facilitate the User with the Services or Credit Service (as applicable).

    In addition to the User Information collected by the Company (as outlined above), the Company may also collect other types of information which are not directly or indirectly linked to a User and which is aggregated, anonymized or de-identified excluding mobile phone resources, files and media, contact list, call, logs, telephony functions etc. However, the Company shall with explicit consent of the User, have one-time access to camera, microphone, location, or any other facility necessary for the purpose of onboarding/KYC requirements. Such information is collected in order to improve the services we provide to you.

    Please note that all User Information is collected by the Company on an as-is basis and the Company shall not be responsible for the authenticity of the User Information provided by Users.

    Further, without prejudice to the above and subject to applicable laws, you hereby expressly consent to providing the following permissions to us in relation to the respective data usage:

    User Permission requiredData usage
    SMS dataTo understand User’s income and spending patterns thereby helping us in the credit evaluation and facilitating higher limits and faster approval rates.
    Phone PermissionTo collect and monitor specific information about a User’s device including hardware model, operating system and version, unique device identifiers like IMEI and serial number, user profile information to uniquely identify the devices and ensure that unauthorized devices are not able to act on User’s behalf to prevent frauds.
  6. When does the Company collect User Information?

    The Company collects User information from Users when Users register on the Ninja Kirana and/or apply for Trade Enabling Services from the Ninja Kirana , subscribe to a newsletter, or enter information on the Ninja Kirana. The Company may use email, app notifications, short message service (SMS), multimedia message service (MMS) or other forms of communication (such as WhatsApp) to share information with Users about certain promotions or features regarding the Ninja Kirana which the Company or its affiliates, subsidiaries, business partners, advertisers and sponsors may choose to offer. Users may receive such communication when they opt to receive the same or have consented to the same during the registration process.

  7. Who has access to your information?

    1. Employees, Authorised Personnel and Affiliates
    2. All information that is collected, stored, processed or disclosed to the Company by Users is accessible only to authorised personnel and employees of the Company on a need-to-know basis. All employees and data processors, who have access to and are associated with the processing of User Information are obliged to respect its confidentiality. The Company may also disclose User Information to its affiliates for business purposes, such as for the promotion, sales or marketing of such affiliates’ services Government Institutions or Authorities

      The Company may be required to disclose User Information to governmental institutions or authorities under any law or judicial decree. The Company may disclose User Information in its sole discretion, in case Ninja Kirana deems it necessary in order to protect its rights or the rights of others, to prevent harm to persons or property, to fight fraud and credit risk, or to enforce or apply this Privacy Policy or the Terms. The Ninja Kirana shall not be responsible for the manner or method in which such institutions and authorities use or disclose such User Information.

    3. Other Parties

      The Ninja Kirana may share/use User Information with the other parties (such as Lending Partners , payment gateways service providers, logistics service providers, Contact Point Verification (CPV), Collection Agencies etc.) for the below specified purposes. The details of such parties are disclosed in the Schedule-I of:

      1. providing services, technical support, etc. in relation to the Services (and Trade Enabling Services), and enhancing User experience; or
      2. detecting and preventing identity theft, fraud or any other potentially illegal acts; or
      3. monitoring enhancing User interest and engagement, including through promotional activity, personal messages to users using Personally Identifiable Information provided by Users, etc; or
      4. processing the purchase of Services on the Ninja Kirana.

        If Ninja Kirana intends to disclose or share the User Information with any other third party, Ninja Kirana will be entitled to appropriately amend the Privacy Policy, including the details set out in Schedule –I, and share the details with such third party.

    4. Merging/Acquiring Parties/Investing Parties

      In the event that the Company is merged with or acquired by another business entity, it will be required to transfer all User Information to such merging or acquiring party. We may also share User Information with bona fide potential investors and investors. In such cases, the Company will take all reasonable efforts to make sure that the User Information is protected by the merging, acquiring, or investing entity, in conformity with applicable laws.

    5. Third Party upon Sale

      The Company may also disclose or transfer the User Information provided by Users, to any third party as a part of reorganization or a sale of the assets, division or transfer of a part or whole of the Company. Any third party to which the Company transfers or sells its assets (such as the Ninja Kirana) will have the right to continue to use the User Information that Users provide to the Company.

    6. Third-Party Sites

    The Company does not exercise control over the websites displayed as search results or links from within the Services or the Trade Enabling Services. These other sites may place their own cookies or other files on the Users’ computer, collect data or solicit User Information from Users, for which the Company shall not be held responsible or liable. The Company does not make any representations concerning the privacy practices or policies of such third parties including the Lending Partners or terms of use of such websites, nor does the Company guarantee the accuracy, integrity, or quality of the information, data, text, software, sound, photographs, graphics, videos, messages or other materials available on such websites. The inclusion or exclusion of such websites does not imply any endorsement by the Company of such websites, the websites’ provider, or the information on the website.

  8. How do we use your information?

    The Company may use the User Information collected from the User when said Users register, make a purchase, sign up for the Company newsletter, respond to a survey or marketing communication, or when Users use certain other application features of the Ninja Kirana (such as availing Trade Enabling Services), in the following ways:

    1. To identify the User, to understand their needs and resolve disputes, if any.
    2. To personalize User experience and to allow the Company to deliver the type of content and product offerings in which Users are most interested.
    3. To improve the Ninja Kirana in order to better serve Users.
    4. To set up, manage and facilitate the offer of products, and to enhance the Services and Trade Enabling Services (as applicable) to meet User requirements.
    5. To allow the Company to better service Users by responding to User customer service requests.
    6. To provide ongoing Services and Trade Enabling Services (as applicable).
    7. To administer a contest, promotion, survey or other Ninja Kirana features, and to keep Users apprised of the Ninja Kirana promotions and offers.
    8. To quickly facilitate the processing of User transactions by third party payment gateways.
    9. To ask for the ratings and reviews of services or products offered on the Ninja Kirana
    10. To meet legal and regulatory requirements.
    11. To resolve technical issues and troubleshoot problems that may arise in the Services, the Trade Enabling Services, or the Ninja Kirana.
    12. To detect and protect the Company and the Ninja Kirana from error, fraud and other criminal activities.
    13. To enforce the Terms.
    14. Other reasons which, prior to being put into effect, shall be communicated to Users through an update carried out to this Privacy Policy.
  9. How do we protect your information?

    The Company has implemented security policies, rules and technical measures, as required under applicable law including firewalls, transport layer security and other physical and electronic security measures to protect the User Information that it has under its control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. While the Company is committed to maintaining confidentiality of all User Information, it shall not be responsible for any breach of security or for any action of any third parties that receive a User’s User Information due to events that are beyond the reasonable control of the Company including, acts of government, computer hacking, unauthorised access to the Company’s computers and storage devices, computer crashes, breach of security and encryption, etc. All information collected from the Users by the Company via Ninja Kirana is maintained in electronic form on servers and/or cloud systems and shall

    be accessible by certain employees of the Company. The User Information collected by the Company is stored by Microsoft Azure located at Pune, India and such other locations as determined by the Company from time to time.

    The User Information may also be converted to/stored in physical form (such as hard drives or server racks) from time to time. Regardless of the manner of storage, the Company shall make commercially reasonable efforts to ensure that the User Information is rendered confidential and that the Company will only disclose such User Information in accordance with the terms of this Privacy Policy.

  10. Retention of User Information

    User Information will be held for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. The Company shall cease to retain User Information, or remove the means by which the User Information can be associated with particular Users, as soon as it is reasonable to assume that the purpose for which that User Information was collected is no longer being served by retention of the User Information.

  11. Withdrawal of User Consent

    Users may withdraw their consent for the collection, use and/or disclosure of User Information in the Company’s possession or control by submitting a request to cloud queries@ninjacart.com The Company will process your request within a reasonable time from when the request was made, and thereafter not collect, use and/or disclose said User’s User Information as per their request.

    Depending on the extent of a User’s withdrawal of consent for us to process User Information, it may mean that said User will not be able to further use or access Ninja Kirana, avail Services or Trade Enabling Services.

  12. User’s Right to Review and Modify User Information

    Users can access their User Information at any time to review the same. Users can seek to rectify any inaccurate or deficient User Information, and the Company may rectify it, if feasible.

  13. Do we use ‘Cookies’?

    We will use cookies for tracking purposes and for the collection of relevant meta data. Users can choose to have their devices warn them each time a cookie is being sent, or Users can choose to turn off all cookies. Users may do this through their device browser settings. As Users may use different browsers, Users may look at their browser’s help menu to learn the correct way to modify their cookies.

    If Users turn cookies off, some of the Ninja Kirana’s features that make User experience more efficient may no longer function as intended.

  14. Changes in Privacy Policy

    We reserve the right to modify this Privacy Policy at any time, with or without notice, hence please review it frequently. Changes and clarifications will take effect immediately upon their posting on Ninja Kirana. If the Company makes any material changes to this Privacy Policy, the Company may notify Users that the policy has been updated, so that Users are aware of what information is collected by the Company, how it is used, and under what circumstances, if any, can the Company use and/or disclose it.

  15. Contact Us and Details of Grievance officer

We understand that you may have questions about this Privacy Policy, on how we process or handle your information, or may otherwise want to understand these aspects. We welcome you to reach out to us with your queries, grievances, feedback, and comments and contact our grievance officer, whose details are provided below:

Name: Mr. Raghavendra Rao T S Designation: Grievance Officer

Email Id:privacy@ninjacart.com || Contact Details: +91-080-35018270 Address: 63Ideas Infolabs Pvt. ltd, Registered Office: Vaishnavi Signature Ninth Floor, 78/9 Outer Ring Road, Bellandur Village, Varthur Hobli Bengaluru, Karnataka – 560103

Schedule-I

List of the Third Parties for 63Ideas Infolabs Pvt Ltd s Infolabs Pvt. Ltd
Sr. NoName of Third PartiesPurpose
1PAMAC Finserve Private LimitedCPV Agency
2Astute Corporate Services Private LimitedCPV Agency
3Minions Ventures Private Limited (Kredx)Sourcing Partner
4Rupifi Technology Solutions Private LimitedSourcing Partner
5Arthashastra Epaylater Financial Private LimitedSourcing Partner
6eSolve Infotech Pvt LtdCollection Service Partner
7Terra Activa SolutionsCollection Service Partner
8SN EnterprisesCollection Service Partner
9JJ AssociatesCollection Service Partner
10Image MarketingCollection Service Partner
11Shree Mahadev SolutionsCollection Service Partner