privacy policy


NSDL Payments Bank Limited (‘The Bank’) recognizes the expectations of its customers with regard to privacy, confidentiality and security of their personal information that resides with the Bank. Keeping personal information of customers secure and using it solely for activities related to the Bank and preventing any misuse thereof is a top priority of the Bank. The Bank has adopted the privacy policy aimed at protecting the personal information entrusted and disclosed by the customers [“the Policy”]. This policy governs the way in which the Bank collects, uses, discloses, stores, secures and disposes of personal information and sensitive personal data or information.


“Personal information” means any information that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available with the Bank, is capable of identifying such person.

“Sensitive personal data or information” of a person means such personal information which consists of information relating to:

  • password;
  • financial information such as Bank account or credit card or debit card or other payment instrument details;
  • physical, physiological and mental health condition;
  • sexual orientation;
  • medical records & history;
  • biometric information;
  • any detail relating to the above clauses as provided to body corporate for providing service;
  • any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise.

Provided that, any information that is freely available or accessible in public domain or furnished under the right to information act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of this policy.

This Policy is applicable to personal information and sensitive personal data or information collected by the Bank or it’s affiliates directly from the customer or through the Bank’s online portals, mobile apps and electronic communications as also any information collected by the Bank’s server from the customer’s browser.

Purpose of Collection and Use of Personal Information

The Bank collects and uses the financial information and other personal information from its customers. This information is collected and used for specific business purposes or for other related purposes designated by the Bank or for a lawful purpose to comply with the applicable laws and regulations. The Bank shall not divulge any personal information collected from the customer, for cross selling or any other purposes.

The authenticity of the personal information provided by the customer shall not be the responsibility of the Bank.

Any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as personal information for the purposes of this Policy and the Bank shall not be responsible for the same.

Disclosure of Personal Information

The personal information collected by the Bank shall not be disclosed to any other organization except:

  • where the disclosure has been agreed in a written contract or otherwise between the Bank and the customer;
  • where the disclosure has been agreed in a written contract or otherwise between the Bank and the customer;

where the Bank is required to disclose the personal information to a third party on a need-to-know basis, provided that in such case the Bank shall inform such third party of the confidential nature of the personal information and shall keep the same standards of information/ data security as that of the Bank.

Data privacy for Aadhar related information

The Bank shall ensure that employees and officials understand the implications of confidentiality and data privacy breach. The Bank does not solicit any Aadhar based information over website or over call.

For customer onboarding channels, the Bank shall ensure all compliance to security and privacy requirements for storage as per Aadhar Act 2016 and regulations.

While considering authentication for Aadhar holders the following shall be ensured:

  1. Customer consent shall be taken that he/she has no objection in authenticating himself/herself with Aadhaar based authentication system and consent to providing his/her Aadhaar number, Biometric and/or One Time Pin (OTP) data (and/or any similar authentication mechanism) for Aadhaar based authentication for the purposes of KYC for opening the account and availing of the Banking Services from NSDL Payments Bank.
  2. The Biometrics and/or OTP and/or any other authentication mechanism that customer provides for authentication shall be used only for authenticating his/her identity through the Aadhaar Authentication system for that specific transaction and for no other purposes.
  3. NSDL Payments Bank shall ensure security and confidentiality of his/her personal identity data provided for the purpose of Aadhaar based authentication and shall not publish, display or post publicly, except for the purposes as may be specified by regulations,
  4. NSDL Payments Bank shall not retain Aadhaar number or any document or database containing his/her Aadhaar number for longer than is necessary for the purpose specified above. 
  5. Bank utilizes this Aadhar based authentication services by UIDAI for delivering the services under welfare schemes or notification(s) issued under Section 7 of Aadhaar Act, 2016 or for any other purpose which is backed by law

Reasonable Security Practices and Procedures

The security of personal information is a priority and is protected by maintaining physical, electronic, and procedural safeguards that meet applicable laws. The Bank shall take reasonable steps and measures to protect the security of the customer’s personal information from misuse and loss, un-authorized access, modification or disclosure. The Bank maintains its security systems to ensure that the personal information of the customer is appropriately protected and follows the extant standard encryption norms followed for the transmission of information. The Bank ensures that its employees and affiliates respect the confidentiality of any personal information held by the Bank.

Contact Information

In order to address any discrepancies or grievances related to the personal information residing with the Bank, the customer may visit:

Notice of Change

The Bank may, from time to time, change this Policy. The effective date of this Policy, as stated below, indicates the last time this Policy was revised or materially changed.