Privacy Policy

1. Introduction

PAYAM Technologies Limited ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services, website, or interact with us in any way.

As PAYAM operates across multiple countries in Africa and beyond, each with their own privacy and data protection laws, we have adopted the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 as our global privacy standard. This ensures that all users, regardless of their location, receive the highest level of data protection and privacy rights available.

We are the data controller for the purposes of UK GDPR and comply with additional local privacy laws in each jurisdiction where we operate. This policy explains your rights regarding your personal data and our commitments to protecting your privacy.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Name and contact details (email address, phone number, postal address)
• Identity verification documents (passport, driving licence, national ID)
• Financial information (bank account details, transaction history)
• Business information (company name, registration details, business type)
• Technical information (IP address, browser type, device information)
• Usage data (how you interact with our services)

2.2 Special Categories of Data

We do not intentionally collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, or health data) unless specifically required for compliance purposes.

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Provision

• Processing payments and financial transactions
• Managing your account and providing customer support
• Verifying your identity and preventing fraud
• Developing and improving our services

3.2 Legal and Regulatory Compliance

• Meeting anti-money laundering (AML) and know your customer (KYC) requirements
• Complying with financial services regulations
• Reporting suspicious activities to relevant authorities
• Responding to legal requests and court orders

3.3 Marketing and Communications

• Sending service-related communications
• Providing marketing materials (with your consent)
• Conducting market research and surveys

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: To perform our contractual obligations to provide financial services
• Legal Obligation: To comply with regulatory requirements and legal obligations
• Legitimate Interests: To prevent fraud, improve our services, and conduct business operations
• Consent: For marketing communications and non-essential cookies (where applicable)

5. Data Sharing and Disclosure

We may share your personal information with:

• Service Providers: Third-party companies that provide services on our behalf
• Financial Partners: Banks, payment processors, and other financial institutions
• Regulatory Bodies: Financial conduct authorities and government agencies
• Legal Authorities: Law enforcement and courts when legally required
• Business Transfers: In case of merger, acquisition, or sale of business assets

We ensure that all third parties are bound by appropriate confidentiality and data protection obligations.

6. International Data Transfers

We may transfer your personal data outside the UK and European Economic Area (EEA) to countries that may not have equivalent data protection laws. When we do so, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the UK Information Commissioner's Office
• Standard Contractual Clauses approved by regulatory authorities
• Binding Corporate Rules or certification schemes

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and employee training
• Secure data centres and backup systems
• Incident response and breach notification procedures

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

• Account data: For the duration of your account plus 7 years for regulatory compliance
• Transaction records: 7 years from the date of transaction
• Identity verification documents: 7 years after account closure
• Marketing data: Until you withdraw consent or 3 years of inactivity

9. Your Rights

Under UK GDPR, you have the following rights:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of processing in certain situations
• Right to Data Portability: Request transfer of your data to another organisation
• Right to Object: Object to processing based on legitimate interests or for marketing
• Rights regarding Automated Decision-Making: Request human review of automated decisions

To exercise these rights, please contact us using the details provided below. We will respond within one month of receiving your request.

10. Cookies and Tracking

Our website uses cookies and similar technologies to improve your experience, analyse usage, and provide personalised content. You can manage your cookie preferences through your browser settings.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of significant changes by email or through our website.

12. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us: