PayBy Privacy Policy

Last updated: March 13, 2023

BY ACCEPTING PAYBY'S TERMS OF USE AND THIS PRIVACY POLICY THROUGH YOUR USE OF THE SERVICES, YOU GRANT CONSENT TO PAYBY TO COLLECT, STORE, USE AND SHARE YOUR PERSONAL DATA TO THE EXTENT PERMITTED BY THIS PRIVACY POLICY AND APPLICABLE LAWS. YOU CAN REVOKE THIS CONSENT AT ANY TIME BY EMAILING HELP@PAYBY.COM

1. GENERAL

About us

At PayBy ("PayBy", "we", "us" or "our"), we are committed to providing you with the best service possible.  Paramount to this is protecting and respecting your privacy and personal data which we are, and always will be, committed to doing.

​The registered name of PayBy is PayBy Technology Projects LLC, and the company details are as follows: CN-3018388 

Why you should read this privacy policy

You should read this policy carefully because it sets out the basis on which any personal data we collect from you, or that you provide to us, through the PayBy application (the “App”), your creation and use of your PayBy account (your “Account”) and your use of our payments services (together with the App, and your Account, the “Services”, as further defined in this privacy policy and our Terms of Use) will be processed by us.  This policy also sets out the basis upon which we collect personal data from you when you visit our website (the “Website”).

We strongly encourage you to read the following information to fully understand our views and practices regarding your personal data and how we will treat it.

For information regarding the general use of the Services, please see our Terms of Use. ​

Contact us

If you wish to contact us with any questions in relation to this policy or our privacy practices, you may contact us by emailing help@payby.com or by contacting us via the App.

Updates

At all times, we keep our privacy practices and the terms of this policy under review to ensure your personal data is processed as securely as possible. This policy was last updated on the date given above. Any changes to this policy will be posted online, within the App and, if possible, emailed to you.

2. INFORMATION WE MAY COLLECT FROM YOU

To provide you with the Services, we must collect, store, transfer, analyse and otherwise process certain of your personal data.  This section of the policy explains what information we will collect about you and under what circumstances.

The personal data we process includes: ​

To create an Account, you must provide your display name and mobile number. You must also create an Avatar for your Account. We will not be able to create your Account without this personal data. Please note that upon completion of this initial set-up, you will not have full access to the Services. ​

Following the initial set-up of your Account, you will only be able to access very limited Services. For us to open your Account fully so you can use all the Services, we must be able to verify your identity as a legal requirement. To do this, we require you provide us with your Emirates ID and any other document we may request. From such documents, we will collect your name, date of birth, Emirates ID expiration date and any other personal data we consider necessary or that which is required by law to verify your identity. Please note that should any of this information about you change, you must inform us immediately. Depending on the circumstances, we may be required to verify your identity again.

We will also request that you provide a “real time” video recording of yourself, including audio, which you will prompted to provide in the App. Please note that to record the “real time” video, we will require access to the camera and microphone on your device. If we cannot access such functions, we cannot verify your identity and therefore cannot provide you with an Account. ​

When preparing your Account, we will also ask if you would like to add a nickname along with other information to build your profile. Some of this personal data will, in certain circumstances including when sending and receiving money to other PayBy users, be visible to the other PayBy users.

None of this personal data is required to create your Account but if provided, it will be used to create a more accurate picture of you as a customer of us and will enhance your user experience whilst operating the Services. ​

When you use our Services to either make purchases from merchants, to send or receive money, to pay bills, or to add value to your Account, or for any other transactional purpose related to the Services, we collect information about the transaction, as well as other information associated with the transaction such as amount sent or requested, amount paid for products or services, merchant information. Specifically: 

1)Add value to, or remove money from, your Account: if you use our Services to add or remove value to or from your Account, we will collect personal data from you to facilitate the request. For example, if you use our Services to add value to your Account, we may collect personal data and other information including your name, Account ID, and the amount added.

Further, to add or withdraw value to or from your Account, you must do so by linking an account of yours that is separate from your PayBy Account that has the ability to transfer funds into your PayBy Account.We will ask if you would like to store this account information to make it simpler in the future to add value to your PayBy Account but you are not required to do so.We will not store such information if you do not indicate that you wish to store it for future transactions. 

2)Send or receive money: when you send or receive money through the Services, including using “cash gifts”, we collect personal data such as your name, PayBy Account ID and the name and PayBy Account ID of the other Services user who is a party to the transaction. 

3)Pay for items from our listed merchants: when you purchase items, such as a coffee, from one of our listed merchants (which can be found in the App), we will collect personal data about your transaction including your name and the merchant.  The merchant may also provide us with certain other data related to the transaction. 

4)Pay or request someone else to pay a bill: if you use our Services to pay a bill you are due to pay, or a bill for the benefit of someone else, or if you request another user pay a bill for you, we collect your Account number and certain personal data about the account holder to whom the bill is being paid to, such as name and account number. 

5)Withdraw money: you can, depending on merchant capabilities, withdraw money from your Account at a merchant’s premises.  If you choose to do this, we will collect personal data about your transaction including your name and the merchant. The merchant may also provide us with certain other data related to the transaction​.

When using certain of the Services, you will be able to send messages to, and receive messages from, other PayBy users. In accordance with our retention practices (as are further detailed in “How Long We Keep Your Personal Data For”), we will store these messages, and any personal data included in the messages, to ensure the Services are fully and efficiently provided. 

We may request access to your device address book and/or the contacts lists of messaging applications you use on your device which, if granted, will allow us to access the relevant contacts. Note that we will ask separate consents for each of the device address book and contacts lists. If granted, each consent can be withdrawn at any time. If we have access, we can tell you which of your contacts of the relevant list is also using the Services to make the experience more beneficial for you, for example if we have access to your address book, it is simple for you to select a contact from your address book to send money to. 

Based on your consent and marketing preferences, we may send you marketing communications such as emails. From this, we may collect further preferences from you based on how you interact and respond to our marketing communications. You have the right at any time to withdraw your consent at any time. 

We will collect your personal data, namely your mobile number and PayBy Account ID, when other users of the Services interact with you, for example when they send you a request for payment or when they add you to their payee list. Further, like when we access your address book or contact lists with your consent as noted above, if another user of the Services has your details in their address book or contact lists and provides us consent to access, we will have access to your personal data. 

Should you wish to ask us a query, report an issue (for example with the App), or make a complaint about our Services, such personal data will also be automatically added to your Account. 

We use a third party to assist with verification checks which are explained in more detail above. In addition to the above, we wanted to note that once the verification process has produced a result, this result will be provided to us and can be considered your personal data. Please note that the methods for verification checks operated by us and our partner involve automated decision making. Automated decision making is a process whereby your personal data is processed to make an evaluation with respect to you – in this case, your identity. Should the automated decision making process determine you have not properly validated your identity, you will not be granted an Account.​

We collect information about your use of the Services and/or Website, including how you use our Services and/or Website and how often you use our Services and/or Website. We do this to better understand how to provide the Services and our Website, what our users like about our Services and Website and what our users don’t like about the Services and Website. Such information may include, if applicable, your internet protocol (IP) address used to connect your device to the internet, your login information, browser plug-in types and versions, operating system and platform. 

We collect information about the device you use to access the Services and/or Website including the hardware model, the version of the App you are using, the mobile network, and the time zone setting. ​

3. HOW WE USE YOUR PERSONAL DATA​

In this section, we explain how we use your personal data and the reasons for such use, and we also explain the lawful grounds under certain data protection legislation that we rely on to do so.  Please note we only ever process your personal data when it is lawful for us to do so.​

3.1 To provide the Services and the Website​

We process your personal data:

We process your information for the purposes set out above on the following lawful grounds:

3.2 To perform obligations arising from the contract we have in place with you​

We process your personal data:

We process your information for the purposes set out above on the following lawful ground:

3.3 To secure your Account and your money, and us and our Services​

We process your personal data:

We process your information for the purposes set out above on the following lawful grounds:

3.4 To communicate with you​

We will process your personal data:

We process your information for the purposes set out above on the following lawful grounds:

3.5 To market to you 

We will process your personal data:

We process your information for the purposes set out above on the following lawful grounds:

3.6 To customise, improve and enhance our Services and/or Website 

We will process your personal data:

We process your information for the purposes set out above on the following lawful ground:

4. SHARING YOUR PERSONAL DATA

We may share your personal data in the following scenarios only:

In accordance with the laws of the UAE and requirements under RPSCS, SVF, and Consumer Protection regulations, we will store your transaction and other Account data within the UAE. Notwithstanding this, if we are required and permitted by law to transfer any of your personal data to a country outside that in which we collected it pursuant to the above listed circumstances, we will only do so in accordance with applicable data privacy legislation.  The lawful requirements will depend on the flow of personal data, meaning it will depend on whether the sharing of personal data is cross-border and which countries are involved.  At all times, we will ensure a similar degree of protection is afforded to your personal data outside the country in which you are based. 

5. SECURITY OF YOUR PERSONAL DATA

We take your privacy very seriously and work hard to protect your data from being accidentally lost, damaged, used or accessed in an unauthorized way, altered or disclosed. We have put in place appropriate security measures to prevent this from happening, for example we use encryption tools to protect the content of your messages and calls.​

In addition, we limit access to your personal data to those employees, volunteers, agents, contractors and other third parties (as listed above) who have a need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.​

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through our Services; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. 

6. HOW LONG WE KEEP YOUR PERSONAL DATA FOR

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.​

With this in mind, we have determined that:

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation or other regulatory enforcement or action in respect of our relationship with you and/or your use of the Services.​

7. YOUR RIGHTS

In certain circumstances and subject to certain jurisdictional restrictions, you may have the right to:

To exercise one of the above rights, please contact us using the details provided above.

We may need to request specific information from you to help us confirm your identity and ensure you are able to exercise the right you wish to exercise. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.​

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.​

8. THIRD PARTY LINKS

Our Services and Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, plug-ins and/or applications and are not responsible for their privacy statements. When you leave our App or Website, we encourage you to read the privacy policy of every website or application you visit or use.