Login

PRIVACY POLICY

PRIVACY POLICY

The privacy policy (“Privacy Policy”) governs the use of the website of M1xchange  [www.m1xchange.com] (“Website”, “we”, “us”) and the services (“Services”) being provided on the Website. This policy describes how we collect, use, store, share and safeguard your personal data in line with applicable Indian laws (Information Technology Act, 2000, SPDI Rules 2011, DPDP – Digital Personal Data Protection Act, 2023 etc.) and international best practices such as ISO/IEC 27001:2022 & ISO/IEC 27701:2019 (PIMS).

Privacy Commitment

We deeply recognize the critical importance our customers place on the privacy and security of their business and personal information. Our goal is to protect your information in every way that we interact with you, whether on the internet or otherwise.

We think it is important for you to be informed of the policies, procedures, and security measures that we have in place to safeguard your confidential information. With that in mind, we have developed this internet Privacy Policy to help you to understand the steps we take to protect your personal information when you utilize our online services.

By using the Website, you agree to abide by the terms and conditions pertaining to collections retention and use of information set forth in this Privacy Policy. If you do not agree with the Privacy Policy, you may exit and cease to use the Website. In addition to the considerations stipulated under this Privacy Policy, your activities undertaken on the Website shall also be governed by the Procedural Guidelines, the Master Service Agreements (i.e. the Master Buyer Agreement, Master Financier Agreement, Master Supplier Agreement) signed by the respective parties with Mynd Solutions Private Limited through its business division M1 (“Company”) and any other terms and conditions as published by the Company from time to time.

This Privacy Policy is incorporated in the Terms of Use of the Website and any other agreement, in which there is a specific clause incorporating the Privacy Policy in such agreement. In the event of conflict between the terms of such agreements and the Privacy Policy, the terms of such agreements will prevail and govern so long as they relate to matters specifically referenced herein and this Privacy Policy will apply with respect to all other matters.

1. Information We Collect

We collect the following types of information to provide and enhance our services.

1.1 Personally Identifiable Information (PII)
  • Identification information (e.g., name, father name, photograph, date of birth, government-issued ID i.e., PAN, AADHAR etc)
  • Contact information (e.g., email address, phone number)
  • Usage data (e.g., interaction with our Services, preferences)
  • CKYC

1.2 Sources from which Data is collected by the Company directly/indirectly:
  • NSDL
  • Digilocker
  • Data base maintained by the Governmental Authorities such as:
    • Anti-Money Laundering and Countering the Financing of Terrorism
    • Such other entities/data bases as prescribed by RBI/Government Authority
  • Entity with which User is employed
  • User himself/herself
  • CKYC data base

1.3 Automatically Collected Information The “Service Providers” (third parties engaged by the Company who provide range of services like website hosting, digital signature verification. etc.) and the Website may collect general information on our website visitors for security and statistical purposes. Such information may include but not limited to certain automatically generated information including your IP address, internet address of the referral site which brought you to visit our website, date and time of visiting the Website, the name and version of your web browser, online activity, and duration of your online session. We and/ or third-party service providers engaged by us may monitor and collect such information that will enable us to verify your credentials, maintain reasonable security practices, enable inclusion of better Services, fulfil your requests and enhance your user experience. Further, we and/ or our Service Providers may also collect “Cookies” (piece of software code that the Website automatically sends to your browser when you access the Website) to collect some of the above-mentioned information that enable us to provide you a better user experience. In some cases, you must accept the Cookies to view our website. We do not link the information we store on the cookies to any personally identifiable information submitted by you. Advertisements may be displayed on our website as well as on third party websites. When you click such advertisements you may receive another Cookie, which you may or may not choose to accept. The use of cookies by them is subject to the privacy policy and other terms and conditions governing their website (“Automatically Generated Information”). Customer Information, Other Information and Automatically Generated Information shall together be referred to as “User Information”.

2. Purpose of Data Collection & Use

We collect and process User information strictly for:

  • Registering customers on M1 TReDS Portal for utilizing the Factoring (Bill Discounting) transactions on M1 Platform Services (TReDS);
  • Providing platform services under our contractual framework;
  • Verifying user identity and access management;
  • Complying with financial, legal and regulatory obligations;
  • Detecting and preventing fraud or unauthorized access;
  • to communicate with you through newsletters, updates and notifications. Communication with you might be recorded but will be kept confidential otherwise than when asked to disclose to any governmental authority under applicable law.
  • You undertake that the Personal Information and other information provided by you is true and accurate to the best of your knowledge. You agree and understand that we shall not be liable for the authenticity of the Personal Information and other information provided by you.

All data adheres to purpose limitation, necessity, and proportionality as per ISO/IEC 27701:2019 & DPDP Act 2023.

3. Legal Grounds for Processing

Data processing is carried out on:

  • Performance of a contract (e.g. MSAs with Buyers/Suppliers/Financiers);
  • Legal Obligations under applicable laws;
  • Legitimate interest (e.g. fraud prevention, service improvement)
  • Explicit consent where applicable.

4. Disclosure of Information

We do not sell your data. We may share information in relation to the services of the website with

  • Authorized employees and internal teams;
  • Service Providers (e.g. Hosting, IT Security, Payment processors etc.);
  • Regulatory or law enforcement agencies as required by law;
  • Financiers registered with the Company to facilitate Factoring Transactions;
  • Insurers & other entities registered with the Company to provide Credit Protection
  • Service providers (e.g., payment processors, IT service providers)
  • Settlement partners (e.g., Sponsor bank, NPCI for settlements).
  • Contracted partners under Master Agreements and NDAs.

All disclosures follow confidentiality, access control and need-to-know principles.

5. Retention of Data

User data is retained only as long as necessary to fulfil its purpose or as mandated by:

  • Applicable financial and regulatory record keeping requirements.
  • Duration of the MSA or service engagements;
  • Archiving or dispute resolution needs.

Data shall be securely disposed upon the expiry of the retention period.

6. Security Practices

  • The User Information shall be governed by and protected by us according to the security practices and procedures mandated under the Act and more particularly described under the Information Technology (Reasonable Security Practices & Procedures and Sensitive Personal Data or Information) Rules, 2011 and Information Technology (Intermediary Guidelines) Rules, 2011, Digital Personal Data Protection Act, 2023 & ISO/IEC 27701:2019 (PIMS)
  • The Company (M1) and our Service Providers have developed stringent policies and procedures to safeguard the user Information.
  • The Website and our Service Providers maintain strong physical, electronic and procedural controls to protect against unauthorized access to customer information. Our computer systems are protected in the following ways:
  • Computer anti-virus protection detects and prevents viruses from entering our website, email, and computer network systems.
  • Firewalls and intrusion prevention systems block unauthorized access by individuals or networks.
  • We use encryption technology, such as Secure Socket Layer (SSL), to protect the transmission of your confidential information. Whenever you login to website or schedule an online transaction through our system, the communication is encrypted. Encryption scrambles the transferred data which ensures that it cannot be read by any unauthorized parties.
  • We do security audits and vulnerability scans, employee training on privacy and information security.
  • We continually monitor technological advances and upgrade our systems to ensure your information remains secure.

Security measures align with ISO/IEC 27001 and ISO/IEC 27701 frameworks.

7. User Rights

You may exercise the following rights:

  • Access to your personal data;
  • Rectifications of inaccuracies;
  • Withdrawal of previously given consent (where applicable)
  • Request for deletion, subject to legal and contractual obligations. Data to be retained by the Company for the period prescribed under the applicable laws including but not limited to Prevention of Money Laundering Act 2002, and guidelines/notifications/circulars issued by RBI from time to time.

Request may be sent to the DPO (Data Protection Officer) at dpo@m1xchange.com.

8. Cross-Border Data Transfers

Currently we do not have any Cross Border Data Transfer within M1xchange. In future, if personal data is transferred outside India, we shall ensure:

  • Appropriate safeguards (e.g. contractual clauses)
  • Protection equivalent to Domestic standards.

9. Links to third party websites

The Website contains links to third party websites. We are not responsible for any content on such third-party websites, and we shall not be liable for any breach of privacy policy by such websites. You undertake to read and understand the privacy policy of such third-party websites. For the avoidance of doubt, our Privacy Policy only governs the User Information collected, received, possessed, stored, dealt with or handled for the purposes of Services on our Website.

10. Beware of Phishing Attempts and Interest Scams

  • While email is convenient and has good business use, it can also be misused by criminals for scams and various other fraudulent purposes. “Phishing emails” are frequently used by criminals to entice the recipient to visit a fraudulent website where they try to convince the recipient to provide personal & confidential information. Some of these fraudulent websites may also be virus laden and can be used to download malware to your computer. Fraudulent websites often look identical to a legitimate site, so it’s important to look very closely at the website address. Below we have listed a few tips to help protect your personal information on the Internet:
  • Always be wary of links in emails, especially any links in emails purporting to be from this Exchange.
  • Bookmark financial websites and use these bookmarks every time you visit the website.
  • Whenever you enter personal information like your access ID or passcode, always look for the lock symbol, or https: in the address bar. Always click on the lock symbol and review the certificate details.
  • Update your Internet browser. Most browsers now offer free anti-phishing tool bars that can help alert you of fraudulent websites.
  • Make sure that your computer always has up-to-date versions of both anti-spyware and antivirus software.
  • If you receive an e-mail that you think could be a scam, delete it immediately or contact the helpline numbers of the Website.
  • If you have any questions about the legitimacy of an email, especially an email from this Website, you can also contact us at the numbers or email id provided under “contact us” section of the website

11. Notification and Updates sent by the Website

We send email notifications to individuals once they sign up to avail services of M’s1 Website as a Buyer/Supplier/Financier. We will send security related e-mail notifications after your on-boarding to our TReDS Services. Further, we may send e-mail notifications whenever you change your passcode, security question or designated e-mail address.

12. Alteration of the Privacy Policy

This Privacy Policy may be amended, modified or refined from time to time at our sole discretion and the updated Privacy Policy shall be published on the Website and no separate communication shall be made in respect of the same. It shall be your responsibility to keep yourself updated with changes to the Privacy Policy by regularly checking the Website for updates. Usage of the Website’s Services pursuant to a change in its Privacy Policy shall be deemed to be acquiescence of the changed Privacy Policy on your behalf.

13. Data Principal Rights Handling/Privacy Grievance Redressal Mechanism

If you have questions, concerns, or complaints regarding this Privacy Policy or your data, please contact:

Email:                 dpo@m1xchange.com
Address:            Unit No. A/04-01 to A/04-6D and A/04-07, 4th Floor Tower A,

Reach Commercia, Sector 68, Gurugram -122101, Haryana

All grievances will be acknowledged and addressed within 1(one) month.

In case the complaint made to Data Protection Officer remains unresolved for 90 days from the date of submission of complaint, the Data Principal may escalate the matter to the Data Protection Board constituted by the Central Government in accordance with the DPDP Act and its rules.

14. Other Grievance Redressal Mechanism

  • In order to address any of your grievances or discrepancies of information displayed on the Website, the same can be shared with the Grievance Redressal Officer of the Company at grievance@m1xchange.com
  • The Grievance Redressal Officer shall redress all the grievances expeditiously but within 1(one) month of receipt of the grievance as provided under the Act.

ABOUT US

TReDS

Partner With Us

Media

Thought Xchange

Platform Update

Contact

For Newsletter

  • To keep getting important updates on TReDS, sign up to our newsletter.

Follow US

Facebook Linkedin Youtube Instagram

Copyright © 2024 Mynd Solutions Pvt. Ltd. All Rights Reserved.