Privacy Policy
Last Updated: Jun - 14 -2023
Mena Paytech Systems Limited (MPTS) Limited and/or its affiliates and entities (collectively “PayDart”, PayVault, “we” or “us”) values your security and privacy. PayDart is incorporated in the Dubai International Financial Center (the “DIFC”) which applies Data Protection Law, DIFC Law No. 5 of 2020 as amended and its associated regulations (including the Data Protection Regulations dated 1 July 2020), and may for certain types of personal data processing, be subject to laws from other jurisdictions (collectively, the “DP Law”). We are the Controller for the purposes of DP Law of the personal information that we collect or receive from you as more fully described in this Policy.
It is our policy in accordance with the DIFC to respect the privacy of our website services, portal and app users. In accordance with DP Law and as applicable by our Terms of Use. PayDart collects information about you when you use or access our websites and other web-based products, information or services (collectively, the “Website Services”) as well as through other interactions and communications you have with us, such as through the PayVault App (the “App”) or PayDart Portal (the “Portal”) or PayDart Checkout Page ( the “page”). This data protection policy (the “Policy") sets out the basis on which any information, including any personal data, we collect from you, or you provide to us, will be processed by PayDart. Each time you access or use the Website Services, the App, the Page, the Portal or provide us with information, by doing so you are accepting and, where possible, consenting to the practices described in this Policy. It is important that you read this Privacy Policy so that you are fully aware of how and why we use your personal information.
Third Party Websites: If you are using Website Services, some links on it may lead to non-PayDart websites with their own privacy notices, which may be different to this Privacy Policy. You should read those privacy notices carefully.
Children Data: The Website Services, App, portal or page are not targeted, intended or expected to be of use to children. Apart from providing information for specific services or purposes, as directed by DP Law processes, App, Website, portal or page Services’ user-provided contributions of content or contact information regarding or about children are expressly prohibited.
2. What personal information do we collect about you?
As part of PayDart’s commitment to the privacy of PayDart’s customers and visitors while using the Website Services, App, Portal or Page more generally, we want to be clear about the information we will collect from you.
We will collect your personal data when you:
-
use our website at www.PayDart.co OR
-
use the PayVaultApp OR
-
Use the Portal OR
-
Use the Page OR
use any of the services you can get access to through the App, Portal, Page or Website Services.
-
provide information or fill in forms on the App or through our Website Services (as provided in detail below):
Information you give us
We will collect the following personal information about you:
-
your name, address, and date of birth;
-
your email address, phone number and details of the device you use (for example, your phone, computer or tablet);
-
Your browser and cookie information
-
your PayDart account ID, password and other registration information;
-
Details about your business,
-
details of your bank account, such as your account number, and IBAN;
-
identification documents (for example, your passport or ID), copies of any documents you have provided for identification purposes, and any other information you provide
-
and
-
records of our discussions, if you contact us or we contact you (including logs of phone calls).
You should not provide us with any personal data about other people (such as your spouse or family).You will need to submit details of your debit cards and credit cards (or other debit or credit cards you have transacted with us), including the card number, expiry date and CVC (the last three digits of the number on the back of the card) to access our services, this data may be shared by PayDart to its partners for processing or other business related purposes.
-
Whenever you use our App, Portal, Page or Website Services we collect data and information (including through third party products) on your device called Log Data. This Log Data may include technical information, including the
-
1. internet protocol (IP) address used to connect your computer to the internet
-
2. your device ID for security reasons
-
3.your log-in information
-
4.the browser type and version
-
5. the time-zone setting
-
6. the operating system and platform
-
7. mobile network information
-
8. your mobile operating system and the type of mobile browser you use,
-
as well as your account information. We collect this information to enable us to identify and fix technical issues with our services and to make improvements. If the website, App, portal or page has requested location tracking and you agree to turn location tracking on, we may collect your location data in accordance with your settings, to assist with detecting fraud and improve our service offerings.
3. Our reasons for collecting your information?
We will only use your personal information if there is a reason for doing so and if that reason is permitted under applicable DP Law. We use your personal data so we can provide the best service, tell you about our App, Portal, Page and Website Services you may be interested in, and meet our legal obligations.We need to use your data in order to meet our obligations under our contract that we have with you, or we may need to use your personal information to enter into a contract with you. We use details about you to:
3.1 To provide a requested service or carry out a contract with you.
Where we need to in order to provide you with the services you have requested or to enter into a contract, we use your information to:
-
3.1.1: Assess your application and create and maintain your account, once approved;
-
3.1.2: Provide, Maintain, and Improve our App, Portal, Page and Website Services, including, for example, to facilitate payments, send receipts, provide products and services you request (and send related information about them), develop new features, provide customer support to users, authenticate users, and send administrative messages, whether for information or as required by applicable DP Law;
-
3.1.3: Investigate and resolve complaints and other issues;
-
3.1.4: keep our App, Portal, page and Website Services safe and secure; and
-
personalize and improve the App, portal, page and Website Services, including to provide or recommend features, content, social connections, referrals, and advertisements.
3.2 Where we have a legitimate interest.
We may also process your data for our legitimate interests or those of a third party to whom your personal information has been made available. These legitimate interests may include:
-
3.2.1: To detect and prevent unlawful use, misuse or abuse of the App, Portal, Page and Website Services and to ensure the security of our networks and services;
-
3.2.2: To enable PayDart’s customer services team to help you with any queries in the most efficient way possible and to provide a positive customer experience;
-
3.2.3: To ensure that the content of the App, Portal, Page and Website Services is presented in the most effective manner and tailored to the device you are accessing it from, and to enable us to track, analyse and improve the services we give you and other customers. We may ask for feedback if you’ve shown interest in a service. We do this so that we can improve our products and understand how to market them;
-
3.2.4: To notify you if there are any changes or developments to the App, Portal, Page and Website Services;
-
3.2.5: To contact you to respond to your queries and feedback on the App, Portal, Page and Website Services (where you have asked us to do so);
-
3.2.6: To send you information about the App, Portal, Page and Website Services or information we feel may interest you (unless you ask us not to); and
-
3.2.7: To enforce PayDart’s contractual terms with you, for the exercise or defense of legal claims and to protect the rights of PayDart (including to prevent fraud).
Where we rely on legitimate interest for processing your information, we carry out a ‘balancing test’ to ensure that PayDart’s processing is necessary and that your fundamental rights of privacy are not outweighed by PayDart’s legitimate interests before we go ahead with such processing.
3.3.: Where we have a legal obligation.
We also use your personal information to meet PayDart’s legal and regulatory compliance obligations and to respond to the requests of any applicable authorities. This may include using your personal information to help detect or prevent crime (including fraud detection, terrorism financing, money laundering and other financial crimes). We will only do this on the basis that it is needed to comply with a legal or regulatory obligation.
If you do not provide the personal information necessary or do not respond to any queries that we may provide to you in respect of the processing then (where this information is necessary for us to provide our App or Website Services to you), we will not be able to provide our fully intended services to you. We will notify you where this is the case.
PayDart should never contact you by email or otherwise to ask you to validate personal information such as your user ID, password, contact information or bank details. If you receive such a request, please email us without delay on [email protected]
4. How do we store and share your data?
We are required by DP Law to keep records of the processing that we undertake and this includes maintaining records of the following;
-
4.1 a description of the personal data processing being carried out;
-
4.2 an explanation of the purpose for the personal data processing;
-
4.3 the data subjects or class of data subjects whose personal data is being processed;
-
4.4 a description of the class of personal data being processed; and
-
4.5 a list of the jurisdictions to which personal data may be transferred by us, along with an indication as to whether the particular jurisdiction has been assessed as having adequate levels of protection for the purposes of DP Law.
We only retain your information for as long as is necessary for us to use your information as described above, where it is in PayDart’s legitimate interest, or to comply with PayDart’s legal obligations. However, please be advised that we may retain some of your information after you cease to use PayDart’s App, Portal, Page or Website Services, for instance if this is necessary to meet PayDart’s legal obligations, such as data retention obligations imposed by a financial services regulator (we are regulated by the Dubai Financial Services Authority).
When determining the relevant retention periods, we will take into account factors including:
-
1. PayDart’s contractual obligations and rights in relation to the information involved;
-
2. the extent to which the personal information is still required to be processed by PayDart to provide any services to you;
-
3. legal obligation(s) under DP Law and financial regulation to retain data for a certain period of time;
-
4. PayDart’s legitimate interest where we have carried out a balancing test;
-
5. relevant legal limitation periods for claims;
-
6. (potential) disputes;
-
7. if you have made a request to have your information deleted; and
-
8. guidelines issued by DP Law.
Otherwise, we securely erase your information once it is no longer needed.
Sharing your Personal Information with Third Parties
We may share personal data which we collect about you as described in this Policy or as described at the time of collection or sharing, including as follows:
-
1. with third parties to provide you a service you requested through a partnership or promotional offering made by a third party or us;
-
2. with third parties with whom you choose to let us share your personal data, for example Payment providers, payment orchestrators etc.
-
3. With tax authorities, regulators and other governing authorities who require reporting of processing activities in certain circumstances or as otherwise required by applicable laws;
-
4. With our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
-
5. With courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
-
6. with potential purchasers of or investors in our business, however we will ensure any disclosure to such parties is limited as far as is necessary and your identity is not disclosed unless necessary.
We also need to share your data with certain suppliers, including but not limited to
-
1. cloud computing power and storage providers
-
2. our business intelligence and analytics platform providers
-
3. technical suppliers that help us with functional analytics (to help us solve technical issues with the App for instance);
-
4. our marketing providers (but we will not share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt out any time);
-
5. IT and system administration service provider;
-
6. our email service providers;
-
7. companies that help us with customer support;
-
8. our affiliates who support us in providing the App and Website Services to you.
5. Do we transfer your personal information outside the UAE?
Your information may be transferred to and stored in locations outside the DIFC. When we do this, we will ensure appropriate safeguards are in place to ensure a similar degree of protection is afforded to it and that the transfer is lawful. For example, by using the standard contractual clauses that have been approved by the Commissioner of Data Protection and to be used for transfers outside the DIFC to a non-adequate jurisdiction.
You can obtain more details of the protection given to your information when it is transferred outside DIFC by contacting us using the contact details in this Policy.
6. How do we keep your information secure?
We use a range of security measures to keep your information safe and secure (including, but not limited to, encryption) and we take steps to protect your information from unauthorized access and against unlawful processing, accidental loss, destruction and damage. We require PayDart’s staff and any third parties who carry out any work on PayDart’s behalf to comply with appropriate compliance and confidentiality standards including obligations to protect any information and applying appropriate measures for the use and transfer of information. We also have procedures in place to deal with any suspected data security breach. We will notify you and/or any applicable regulator of a suspected data security breach where we are legally required to do so.
7. Your rights and choices
Under DIFC DP Law, you have a number of rights when it comes to your personal information. Please contact us using our contact details provided in this Policy to exercise any of your rights.
Marketing and opting out
Users have legal rights under DP Law to opt-out of receiving marketing communications from us. You have the option to ask us not to process your personal information for direct marketing purposes.
You may change your preferences at any time.
Please note that we may continue to send you transactional or service-related emails despite your desire to not receive promotional or marketing e-mail messages. Additionally, please note that if you elect to opt-out of receiving promotional emails from one of our App and Website Services, you may continue to receive promotional emails from our other websites, providers or other, non-affiliated marketers whose services you may have accessed via our App and Website Services.
Finally, while we may remove your individual contact information from our professional contacts database, please be aware that if such information is in a different third party's marketing directory through your request or election, you will need to request removal with such third party directly.
Access to and correction of your personal information
You have the right to access information held about you. Your right of access can be exercised in accordance with DP Law and other applicable laws. You also have the right to ask us to correct inaccurate information we hold about you.
Automated decision making
We have a fraud-detection system that automatically monitors transactions to attempt to identify fraud. This system will process certain personal information and may block transactions which are identified as potentially fraudulent. We will follow-up to investigate such transactions and may contact you. If you believe a transaction has been wrongly blocked, you may contact us and ask us to review the transaction.
The right to withdraw consent
If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal information for marketing purposes.
The right to have your information erased
You are entitled to ask us to delete your information. However, if you exercise this right we will not be able to provide you with our services. Please also note that we are not required to delete information where we have a continuing compelling reason or duty to retain it (such as compliance with record keeping requirements under financial regulations).
The right to object to processing and to restrict processing
In certain circumstances, you have the right to object to our use of your personal data or to ask us to restrict certain processing activities.
The right to data portability
You have the right to receive the data we process based on your consent and for the performance of the contract with you in a structured and machine-readable format.
The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal information with the DIFC Commissioner of Data Protection.
8. Do we use Cookies to collect personal data on you?
8.1 What is a Cookie
Cookies are small text files placed in visitors’ device browsers to store their preferences. Cookies are widely used in order to make App, Portal, Page or websites work or work more efficiently, as well as to provide reporting information. A cookie may have unique identifiers and reside, among other places, on your device, in emails we send to you, on the Services, and on third-party sites using our plug-ins, widgets, embedded content, and pixels. Cookies set by us are called “first-party cookies.”
Cookies set by parties other than us are called “third-party cookies.” Third-party cookies enable features or functionality provided by third parties in connection with the Services. For example, we may use third-party cookies to assist us with advertising, interactive features, and analytics. The parties that set these third-party cookies can recognize your device both when it visits the App, Portal, Page and Website and also when it visits certain other websites in their networks.
There are also technologies similar to cookies, such as pixel tags and web beacons, that are covered by this Cookie Policy. A pixel tag (also known as a web beacon) is a piece of code embedded on the Site and/or App that collects information about users’ engagement on that page or feature. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
Some cookies are essential for websites to work and others remember things about you to give you a better, more enjoyable experience online. By continuing to use our App, Portal, Page or websites, you are agreeing to our use of cookies. Alternatively, you can manage them in your browser settings.
9. How can you contact us?
If you have any enquires or wish to exercise any of your rights noted in section 7, you can contact us by email at [email protected] or by writing to us at:
Sridhar Gorantla
Data Protection Officer
Unit GV-00-10- 07-OF-02, Level 7, Gate Village Building 10,
Dubai International Financial Center (DIFC)
Dubai, , United Arab Emirates
If you are not satisfied with PayDart’s response to any complaint or believe PayDart’s processing of your information does not comply with DP Law, you can make a complaint to the DIFC Commissioner of Data Protection.
10. Updates to this Policy
This Policy may be updated from time to time, and you will always be able to find the most recent version on PayDart’s websites. Where appropriate we will notify you of the changes for example by email or push notification.
Mena PayTech Systems Limited (PayDart),
Dubai International Financial Center (DIFC)
Dubai, , United Arab Emirates
eMail: [email protected]