Data Protection Policy
Last updated: 29 May 2026
1. Purpose and scope
PayVizio Technologies Private Limited (“we”, “us”, “our”) is committed to protecting the personal data we process across the PayVizio Payment Gateway, the Habit Money app, and our websites. This Data Protection Policy sets out the principles and controls we apply when handling personal data, and complements our Privacy Policy.
2. Data protection principles
We process personal data lawfully, fairly, and transparently; collect it only for specified, legitimate purposes; limit it to what is necessary; keep it accurate and up to date; retain it no longer than required; and protect it with appropriate security measures. We are accountable for demonstrating compliance with these principles.
3. Roles and responsibilities
For merchant and consumer payment data processed on behalf of our customers, we generally act as a data processor and process personal data only on documented instructions. For our own business and website operations, we act as a data controller. Internal accountability for data protection rests with our designated data protection contact, reachable at info@payvizio.com.
4. Lawful basis for processing
We process personal data on one or more lawful bases, including performance of a contract, compliance with legal and regulatory obligations (such as payment, KYC/AML, and tax requirements), our legitimate interests in operating and securing our services, and consent where required.
5. Security measures
We implement technical and organizational controls aligned with industry standards and PCI DSS requirements, including encryption of sensitive data in transit and at rest, tenant isolation, access controls on a least-privilege basis, audit logging, and tokenization of payment instruments. Cardholder data is handled so as to minimize the scope held by our merchants.
6. Data retention and disposal
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable law and regulatory obligations. When data is no longer required, it is securely deleted or anonymized.
7. International transfers and sub-processors
Where personal data is transferred to service providers or sub-processors (for example, hosting and infrastructure partners), we ensure appropriate safeguards and contractual protections are in place. A current list of material sub-processors is available on request.
8. Data subject rights
Depending on your jurisdiction, you may have rights to access, correct, delete, or port your data, or to object to or restrict certain processing. Requests relating to data processed on behalf of a merchant may be routed to that merchant. To exercise your rights, contact us at info@payvizio.com.
9. Data breach response
We maintain procedures to detect, report, and investigate personal data breaches. Where a breach is likely to result in a risk to affected individuals, we will notify the relevant authorities and impacted parties in accordance with applicable law and our contractual commitments.
10. Contact
For data protection questions or requests: info@payvizio.com. Registered address: 457, 17th cross, 14th main, 4th sector, HSR Layout, Bangalore, Bangalore South, Karnataka, India, 560102.