PayBy Privacy Policy

Last updated: 12th June 2023

BY ACCEPTING PAYBY'S TERMS OF USE AND THIS PRIVACY POLICY THROUGH YOUR USE OF THE SERVICES, YOU GRANT CONSENT TO PAYBY TO COLLECT, STORE, USE AND SHARE YOUR PERSONAL DATA TO THE EXTENT PERMITTED BY THIS PRIVACY POLICY AND APPLICABLE LAWS. YOU CAN REVOKE THIS CONSENT AT ANY TIME BY EMAILING HELP@PAYBY.COM

1. GENERAL

About us
​At PayBy ("PayBy", "we", "us" or "our"), we are committed to providing you with the best service possible.  Paramount to this is protecting and respecting your privacy and personal data which we are, and always will be, committed to doing.
​The registered name of PayBy is PayBy Technology Projects LLC, and the company details are as follows: CN-3018388 

​Why you should read this privacy policy:
​You should read this policy carefully because it sets out the basis on which any personal data we collect from you, or that you provide to us, through the PayBy application (the “App”), your creation and use of your PayBy account (your “Account”) and your use of our payments services (together with the App, and your Account, the “Services”, as further defined in this privacy policy and our Terms of Use) will be processed by us.  This policy also sets out the basis upon which we collect personal data from you when you visit our website (the “Website”).We strongly encourage you to read the following information to fully understand our views and practices regarding your personal data and how we will treat it.For information regarding the general use of the Services, please see our Terms of Use. ​

Contact us
If you wish to contact us with any questions in relation to this policy or our privacy practices, you may contact us by emailing help@payby.com or by contacting us via the App.

​Updates
​At all times, we keep our privacy practices and the terms of this policy under review to ensure your personal data is processed as securely as possible. This policy was last updated on the date given above. Any changes to this policy will be posted online, within the App and, if possible, emailed to you.


​2. INFORMATION WE MAY COLLECT FROM YOU​​

To provide you with the Services, we must collect, store, transfer, analyse and otherwise process certain of your personal data.  This section of the policy explains what information we will collect about you and under what circumstances.​

The personal data we process includes: ​

- Personal data you provide us for the initial set-up of your Account

To create an Account, you must provide your display name and mobile number. You must also create an Avatar for your Account. We will not be able to create your Account without this personal data. Please note that upon completion of this initial set-up, you will not have full access to the Services. ​

- Personal data you provide us to fully set-up your Account

Following the initial set-up of your Account, you will only be able to access very limited Services. For us to open your Account fully so you can use all the Services, we must be able to verify your identity as a legal requirement. To do this, we require you provide us with your Emirates ID and any other document we may request. From such documents, we will collect your name, date of birth, Emirates ID expiration date and any other personal data we consider necessary or that which is required by law to verify your identity. Please note that should any of this information about you change, you must inform us immediately. Depending on the circumstances, we may be required to verify your identity again.

We will also request that you provide a “real time” video recording of yourself, including audio, which you will prompted to provide in the App. Please note that to record the “real time” video, we will require access to the camera and microphone on your device. If we cannot access such functions, we cannot verify your identity and therefore cannot provide you with an Account. ​

- Personal data you may provide us when creating your Account

When preparing your Account, we will also ask if you would like to add a nickname along with other information to build your profile. Some of this personal data will, in certain circumstances including when sending and receiving money to other PayBy users, be visible to the other PayBy users.

None of this personal data is required to create your Account but if provided, it will be used to create a more accurate picture of you as a customer of us and will enhance your user experience whilst operating the Services. ​

- Data related to your transactions

When you use our Services to either make purchases from merchants, to send or receive money, to pay bills, or to add value to your Account, or for any other transactional purpose related to the Services, we collect information about the transaction, as well as other information associated with the transaction such as amount sent or requested, amount paid for products or services, merchant information.

Specifically: 

1)Add value to, or remove money from, your Account: if you use our Services to add or remove value to or from your Account, we will collect personal data from you to facilitate the request. For example, if you use our Services to add value to your Account, we may collect personal data and other information including your name, Account ID, and the amount added.
Further, to add or withdraw value to or from your Account, you must do so by linking an account of yours that is separate from your PayBy Account that has the ability to transfer funds into your PayBy Account. We will ask if you would like to store this account information to make it simpler in the future to add value to your PayBy Account but you are not required to do so. We will not store such information if you do not indicate that you wish to store it for future transactions. 

2)Send or receive money: when you send or receive money through the Services, including using “cash gifts”, we collect personal data such as your name, PayBy Account ID and the name and PayBy Account ID of the other Services user who is a party to the transaction. 

3)Pay for items from our listed merchants: when you purchase items, such as a coffee, from one of our listed merchants (which can be found in the App), we will collect personal data about your transaction including your name and the merchant.  The merchant may also provide us with certain other data related to the transaction. 

4)Pay or request someone else to pay a bill: if you use our Services to pay a bill you are due to pay, or a bill for the benefit of someone else, or if you request another user pay a bill for you, we collect your Account number and certain personal data about the account holder to whom the bill is being paid to, such as name and account number. We may collect, store, and process your Emirates ID information, whether on a single or multiple occasions, in order to aggregate or retrieve details related to your pending bills from various vendors, including but not limited to mobile bills, utility bills, traffic fines, and governmental service fees. By providing your consent, you agree to our sharing of your Emirates ID and other Account Information with other vendors or merchants to facilitate the provision of bill payment services to you. Furthermore, we may share your Emirates ID and other Account Information with our partners and affiliates strictly for the purpose of providing the services to which you have consented, or those contemplated in this policy, in compliance with applicable laws and regulations.

5)Withdraw money: you can, depending on merchant capabilities, withdraw money from your Account at a merchant’s premises.  If you choose to do this, we will collect personal data about your transaction including your name and the merchant.

The merchant may also provide us with certain other data related to the transaction​.

- Messaging data

When using certain of the Services, you will be able to send messages to, and receive messages from, other PayBy users. In accordance with our retention practices (as are further detailed in “How Long We Keep Your Personal Data For”), we will store these messages, and any personal data included in the messages, to ensure the Services are fully and efficiently provided. 

- Contact data

We may request access to your device address book and/or the contacts lists of messaging applications you use on your device which, if granted, will allow us to access the relevant contacts. Note that we will ask separate consents for each of the device address book and contacts lists. If granted, each consent can be withdrawn at any time. If we have access, we can tell you which of your contacts of the relevant list is also using the Services to make the experience more beneficial for you, for example if we have access to your address book, it is simple for you to select a contact from your address book to send money to. 

- Marketing preferences

Based on your consent and marketing preferences, we may send you marketing communications such as emails. From this, we may collect further preferences from you based on how you interact and respond to our marketing communications. You have the right at any time to withdraw your consent at any time. 

- Data from other users

We will collect your personal data, namely your mobile number and PayBy Account ID, when other users of the Services interact with you, for example when they send you a request for payment or when they add you to their payee list. Further, like when we access your address book or contact lists with your consent as noted above, if another user of the Services has your details in their address book or contact lists and provides us consent to access, we will have access to your personal data. 

- Query or complaint data

Should you wish to ask us a query, report an issue (for example with the App), or make a complaint about our Services, such personal data will also be automatically added to your Account. 

- Data from service providers and automated decision making:

We use a third party to assist with verification checks which are explained in more detail above. In addition to the above, we wanted to note that once the verification process has produced a result, this result will be provided to us and can be considered your personal data. Please note that the methods for verification checks operated by us and our partner involve automated decision making. Automated decision making is a process whereby your personal data is processed to make an evaluation with respect to you – in this case, your identity. Should the automated decision making process determine you have not properly validated your identity, you will not be granted an Account.​

- Technical, usage and cookie data

We collect information about your use of the Services and/or Website, including how you use our Services and/or Website and how often you use our Services and/or Website. We do this to better understand how to provide the Services and our Website, what our users like about our Services and Website and what our users don’t like about the Services and Website. Such information may include, if applicable, your internet protocol (IP) address used to connect your device to the internet, your login information, browser plug-in types and versions, operating system and platform. 

- Device information

We collect information about the device you use to access the Services and/or Website including the hardware model, the version of the App you are using, the mobile network, and the time zone setting. ​


3. HOW WE USE YOUR PERSONAL DATA​

In this section, we explain how we use your personal data and the reasons for such use, and we also explain the lawful grounds under certain data protection legislation that we rely on to do so.  Please note we only ever process your personal data when it is lawful for us to do so.​

3.1 To provide the Services and the Website​

We process your personal data:
- to verify your identity and create your Account;
- to provide you with, and operate, the Services, including to initiate a payment, send or request money (including using “cash gifts”), pay for an item, add value to an account, withdraw money from your account, or pay a bill;
- to create an account connection between your Account and a separate third-party account or platform used to add value to your account;
- to facilitate any exchange of messages between you and other PayBy users using our instant messaging function; and
- to provide the Website.​

We process your information for the purposes set out above on the following lawful grounds:
- our legitimate interest in providing payment related Services, operating and improving PayBy, marketing our products and services to you and others and being as efficient as we can about complying with legal duties, obligations and regulations that apply to us and keeping our records up to date;
- where it is necessary for the adequate performance of a contract with you and to take steps requested by you prior to you entering into a contract with us; and
- compliance with legal obligations to which we are subject, for example in relation to carrying identity validation and other checks.​​

3.2 To perform obligations arising from the contract we have in place with you​

We process your personal data:
- to perform the purpose of the Terms of Use, namely to provide the Services to you. 

We process your information for the purposes set out above on the following lawful ground:
- where it is necessary for the adequate performance of a contract with you and to take steps requested by you prior to you entering into a contract with us.​​

3.3 To secure your Account and your money, and us and our Services​

We process your personal data:
- for anti-fraud and risk identification and management purposes. We use your personal data to comply with legal obligations relating to fraud and other financial crimes, and to ensure you, your personal data and your finances are protected; and
- to verify activity, and to promote safety and security on and off our Services. Should we believe you have breached our Terms of Use, or are acting suspiciously, we may conduct an investigation to ensure you are not breaching the Terms of Use or breaking the law. 

We process your information for the purposes set out above on the following lawful grounds:
- given our legitimate interest in ensuring the safety and securing your Account, your money, our Services, us, our group companies, and any necessary third parties, and to secure us from harmful security related breaches;
- where it is necessary for the adequate performance of a contract with you and to take steps requested by you prior to you entering into a contract with us;
- compliance with legal obligations to which we are subject, for example in relation preventing financial crimes; and
- to protect yours or another individual’s vital interests, for example if we have to investigate harmful acts. 

3.4 To communicate with you​


We will process your personal data:
- to communicate with you about your Account, including with respect to any potential fraudulent activity or any queries you have raised. 

We process your information for the purposes set out above on the following lawful grounds:
- our legitimate interest in ensuring the safety and securing your Account, your money, our Services, us, our group companies, and any necessary third parties;
- where it is necessary for the adequate performance of a contract with you and to take steps requested by you prior to you entering into a contract with us; and
- compliance with legal obligations to which we are subject, for example in relation to carrying identity validation and other checks. 

3.5 To market to you 

We will process your personal data:
- to send you marketing materials, including in relation to other products and services provided by our group companies. 

We process your information for the purposes set out above on the following lawful grounds:
- if you provide your consent to do so; and
- in certain circumstances, given our legitimate interests in marketing our products and services to you and others. 

3.6 To customise, improve and enhance our Services and/or Website 

We will process your personal data:
- to analyse your use of the Services so we can learn more about what you like or don’t like about our Services.  We may also analyse your behaviour when using the Services to ensure you do not miss out on any offers or opportunities.  In doing so, we will use the information we collect to communicate with you, for example, if you have not logged into the App for a while or if you have not completed a transaction with one of our e-commerce merchants;
- to respond to any of your queries; and
- to improve and customise our Services and/or Website. 

We process your information for the purposes set out above on the following lawful ground:
- our legitimate interest in providing payment related Services and/or Website, operating and improving PayBy and/or Website, marketing our products and services to you and others and being as efficient as we can about complying with legal duties, obligations and regulations that apply to us and keeping our records up to date.​

4. SHARING YOUR PERSONAL DATA​

We may share your personal data in the following scenarios only:
- we may share your personal data with your consent;
- we may share your personal data with other users who are using the Services to ensure you both receive the full benefit of the Services offered.  You may also use our Services to share your own personal data with other users of the Services;
- by providing personal data that forms part of your public profile on the App, such personal data may be displayed on your public profile and may be visible by other users of the App;
- we may share your personal data with certain service providers, partners or group companies that facilitate and support us in providing the Services, including in relation to carrying out verification checks, remitting funds, processing transactions, and providing other in-App functions. In certain circumstances, this will require us to share your full account and financial data and Emirates ID number, to the extent it relates to the Services, with a partner due to the degree of support they provide;
- we may share your personal data with certain service providers or group companies to analyse the Services so we can improve and provide the best Services to you and others;
- we may share your personal data if we are required to respond to law enforcement, officials, regulatory agencies and other lawful requests or legal processes, or to comply with a legal obligation to which we are subject;
- we may share your personal data if we undergo a merger, acquisition or other form or reorganisation and pursuant to such, a third party will become the controller of your personal data; and
- we may share your personal data with our group companies, subsidiaries, and affiliates if you request goods or services provided by one of our group companies, if one of our group companies provides us with services which relate to the provision of Services to you, for the purposes of improving the Services, and marketing the products of such group companies, subsidiaries and affiliates to you.

In accordance with the laws of the UAE and requirements under RPSCS, SVF, and Consumer Protection regulations, we will store your transaction and other Account data within the UAE. Notwithstanding this, if we are required and permitted by law to transfer any of your personal data to a country outside that in which we collected it pursuant to the above listed circumstances, we will only do so in accordance with applicable data privacy legislation.  The lawful requirements will depend on the flow of personal data, meaning it will depend on whether the sharing of personal data is cross-border and which countries are involved.  At all times, we will ensure a similar degree of protection is afforded to your personal data outside the country in which you are based. 

5. SECURITY OF YOUR PERSONAL DATA​

We take your privacy very seriously and work hard to protect your data from being accidentally lost, damaged, used or accessed in an unauthorized way, altered or disclosed. We have put in place appropriate security measures to prevent this from happening, for example we use encryption tools to protect the content of your messages and calls.​

In addition, we limit access to your personal data to those employees, volunteers, agents, contractors and other third parties (as listed above) who have a need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.​

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through our Services; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. 

6. HOW LONG WE KEEP YOUR PERSONAL DATA FOR​?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.​

With this in mind, we have determined that:
- as required by applicable law, particularly those that relate to anti-money laundering, we will store your financial data for six years from the date of the transaction, or longer if subject to the below retention period; and
- upon cancelling your Account, we will store all data related to your Account, including personal data and transaction data, for up to six years from the date of cancellation before permanently deleting it. ​

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation or other regulatory enforcement or action in respect of our relationship with you and/or your use of the Services.​

7. YOUR RIGHTS​

In certain circumstances and subject to certain jurisdictional restrictions, you may have the right to:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in certain scenarios.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
- Withdraw consent at any time where we are relying on consent to process your personal data.
- Complain to the appropriate regulator for any data protection issues. We would, however appreciate the chance to deal with your concerns before you approach the regulator so please contact us in the first instance.​​

To exercise one of the above rights, please contact us using the details provided above.We may need to request specific information from you to help us confirm your identity and ensure you are able to exercise the right you wish to exercise. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.​We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.​

8. THIRD PARTY LINKS​

Our Services and Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, plug-ins and/or applications and are not responsible for their privacy statements. When you leave our App or Website, we encourage you to read the privacy policy of every website or application you visit or use.An experienced team of professionals to help you set up a seamlessly operational digital payment infrastructure using PayBy solutions.