IPS Privacy policy

Last updated: 11th May 2022

This privacy policy is designed to address the users of Infinity Payment Solutions L.L. C’s iPay Service.

Who we are

Infinity Payment Solutions L.L.C is an e-wallet services provider, with company registration number 144821, and registered office is at 46^th Floor, Tornado Tower, West Bay, Doha Qatar (“IPS” or “We” or “Us” or “Our”). Please refer to the ‘Contact Us’ section of this privacy policy for Our contact information.

The way we handle the privacy and security of our customers’ personal information is a vital part of our responsibility to our customers and essential to the success of our business. We are committed to foster the trust and confidence of our customers, employees and other stakeholders in the way we handle personal information, communications and in the products and services we provide. Protecting that information and respecting privacy is fundamental to maintaining that trust. We have created this privacy policy to help you understand how we collect, use, and protect your data.

By using Our iPay Services, you agree to your data being processed in accordance with this privacy policy.

Definitions

“Data Privacy” means the relevant laws and regulations related to data privacy which details how data should be collected, handled and protected, based on its sensitive and importance;

“iPay Service” means the platform that enables Users to perform cashless transactions;

“Merchant(s)” means any location that accepts iPay Service as a payment for goods and/or services;

“Personal Identifiable Information” means any information and/or data which is linked to the unique identity of an individual and which can be used to identify them; and

“User(s)” means a user of iPay Service

1. What kinds of data We collect?

Personal data: While using our service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. This information might include, but is not limited to:

1. a)

   Registration information: email address, first and last name, phone number, date of birth, and any other identification information as set out in your identity card, passport or other travel document information and your address proof and/or other information from checks, credit cards, bank statements, address proofs or money orders, contact information (including your address, phone number, email, or other information that permits us to contact you) and other registration details.

2. b)

   Financial information: including bank account numbers, billing and delivery information, transaction data, credit/debit card numbers (including security codes) and cardholder names, expiration dates and bank statements.

3. c)

   Payment Transaction details: including name, account number, contact information and/or other information relating to you or another recipient of a payment, remittance, or fund transfer.

4. d)

   Technical information: information obtained from the device you use to interact with us (including IP address, geographical location, device identification codes and other features/data that can be used to identify a device) and information from your visits to our websites or mobile sites (including browser/platform type and version, internet service provider, operating system, referral source/exit pages, length of visit/usage, page views and any search term you use, device logs in the event of a crash or error report).

2. How we collect the data?

We obtain personal information about Users while they use our services. This includes browsing Our website, registering as a User of iPay, logging into iPay Service account to use Our services, or contacting Us using phone, email, webchat, or otherwise. We also receive personal information from other sources, including:

1. a)

   Merchants from which you buy goods or services using our services.

2. b)

   IPS’s affiliates, and other third-party suppliers providing services on our behalf.

3. c)

   Banks and other financial institutions that we cooperate with to provide you with our services.

4. d)

   Credit reference and fraud prevention agencies.

5. e)

   Your contact with Us, such as: a note or recording of a call You make to one of our contact centres; an email or letter You send to us; chat in IPS App or Social Media and other records of any contact You have with us.

6. f)

   By downloading the IPS APP using Apple Store or Play Store, your contact list information will be captured by the APP.

3. How We use the data?

We will process your personal data based on:

The performance of your contract or to enter into the contract and to take action on your requests. For example, so you can transfer funds to another account or make payment to a third party beneficiary, We process things like the amount being transferred, the account holder information, date and time of the transaction etc., so We can provide the service. We also need to conduct credit checks when you apply for the iPay Service and create an account.

IPS’s legitimate business interests, for example, fraud prevention, maintaining the security of our services, direct marketing, and the improvement of our services. Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they do not override your rights. Additionally, in some cases you have the right to object to this processing. For more information, please refer to the 'Your rights' section of this privacy policy.

Compliance with a mandatory legal obligation, including for example accounting and tax requirements, which are subject to strict internal policies (such as retention periods), procedures, and your right to restrict usage of your data, which control the scope of legal assistance to be provided.

Consent you provide where IPS does not rely on another legal basis. Consent may be withdrawn at any time. When you give your consent, you will be given details on how to change your mind or refer to the 'Your rights' section of this privacy policy for more information.

We may use personal information for the following purposes:

1. a)

   Verifying your identity, including during account creation and payment password reset processes.

2. b)

   Verifying your eligibility as a User of the iPay Service (including know your customer (KYC), anti-money laundering (AML) and counter-terrorist financing checks and verification).

3. c)

   Processing, maintaining, and managing your registration as a User of the iPay Service.

4. d)

   Providing you with iPay Services and related User services, including operating the iPay Services and enabling transactions, customizing your user experience, facilitating the payments, remittances, fund transfers, sending notices about transactions, and responding to your queries, feedback, claims or disputes.

5. e)

   Contacting you in relation to Our provision of iPay Services and other legal purposes, contacting you in connection with any communication preferences or requests you have expressed, asking you for feedback about Our services or other related products and services.

6. f)

   Collecting feedback from you about our products and services and using such feedback to improve our business and/or customize products and services for you.

7. g)

   Unless you opt-out, sending you direct marketing or other information about products and services offered by Us, our business partners or other third parties including Entities with whom We maintain commercial arrangements, including online and offline Merchants; including for promotional purposes.

8. h)

   Managing risk, performing creditworthiness and solvency checks, or assessing, detecting, investigating, preventing, or remediating fraud, data breaches or other potentially prohibited or illegal activities and otherwise protecting the integrity of our services and payment platform.

9. i)

   Detecting, investigating, preventing or remediating violations of your agreements with us or any Merchant or any applicable policy, industry standards, guidelines, laws and regulations and Our policies.

10. j)

    Making disclosures as may be required by any law or regulation, government official or other third party, including any card association or other payment network. Disclosures may also be made pursuant to any subpoena, court order or other legal process or requirement applicable to us (including “know your customer”, anti-money laundering and counter-terrorist financing reporting requirements or other commercial disputes).

11. k)

    Making disclosures to third parties including relevant regulators to prevent any harm or financial loss, to report suspected illegal activity or to establish, exercise or defend claims or potential claims on behalf of ourselves; or to enable any due diligence and other appraisals or evaluations for any actual or proposed merger, acquisition, financing transaction or joint venture.

12. l)

    Conducting research and analysis, or otherwise using data to improve, optimize and expand the product functions of our services, if applicable, to develop related products and services.

13. m)

    Managing our business including to protect Users, prevent harm, fraud or theft to ourselves and others, maintain the security of our products, and protect our rights or property and those of others.

14. n)

    For everyday business purposes, to comply with law, or in other ways for which we provide specific notice at the time of collection.

4. With whom We share the data?

We share your personal information to operate and manage our business, including for the purposes indicated under this privacy policy.

5. How We Use Your Personal Information.

For example, we may share your information with:

1. a)

   Merchants to whom payments are made using the iPay Service.

2. b)

   IPS’s affiliates, who may use and disclose your information for the same purposes as Us;

3. c)

   Companies and/or third parties that provide the service on Our behalf such as but not limited to Vodafone Qatar P.Q.S.C.

4. d)

   Third parties, including:

1. i.

   Any agent, contractor or third party service provider that we work with in providing iPay Services. For example, we work with third parties to help us with fraud prevention, anti-money laundering checks, credit checking, bill collection, data entry, database management, promotions, marketing, customer service, technology services, products and services alerts, payment settlement and processing and payment extension services.

2. ii.

   Entities with whom we maintain commercial arrangements, including online and offline Merchants.

3. iii.

   Banks, card associations, payment networks or acquiring institutions, including those involved in the processing of payments and conducting transactions through the iPay Service.

4. iv.

   Law enforcement agencies, insurers, government and regulatory authorities or any other organizations to which we, or third party service providers are under an obligation to make disclosure under the requirements of any applicable law, regulation or commercial arrangement.

5. e)

   Individuals and entities involved in any merger, acquisition, corporate reorganization or financing, or similar transaction with Us, including in the event of the sale of all or part of Our assets.

6. f)

   Our own and others’ professional advisors (e.g., lawyers, accountants, auditors and trustees).

7. g)

   Third parties in accordance with the provision in sub-section 3 (g) of this privacy policy.

6. Retention of the personal data.

We will keep your personal information in accordance with our policies and for as long as it is necessary to provide you with the iPay Service or other purposes as set out in this privacy policy. In addition, we may retain your personal information for 15 years or for a longer period (including after you are no longer a User), if it is necessary to comply with laws and regulations applicable to us.

We use a variety of security measures and technologies designed to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection and privacy laws and regulations.

Following are the prerequisites, which are required to be accomplished for a successful implementation of the data privacy policy and/or capability:

• Personal Identifiable Information or Data to be protected has been identified and documented;

• Personal Identified Information or Data have been classified for required security controls implementation;

• Staff are educated and fully aware of the contractual, statutory or regulatory regulations and implications of any Data Privacy breaches;

• Staff have access to the Data Privacy related policies and are aware of the importance of Data Privacy practices and their responsibilities for maintaining Data Privacy;

• There is a process established for collection, legal usage, disclosure/ transfer, retention, archival and disposal of information or data based on the role organization will have such as information processor/controller;

• Third-party (es) collecting, storing and processing personal information on behalf of the entities are identified;

• Applicable regulations and contracts regarding the maintenance of Data Privacy, protection and cross border transfer of personal information are identified

• Management leadership and support to ensure compliance to Data Privacy requirements once established

• Availability of necessary resources to enforce the Data Privacy rules and regulations within the Entity

• Entity to have identified competent department/resource to monitor, report and manage noncompliance or breach to the Data Privacy regulation/laws

• Roles and responsibilities for data privacy are clearly defined in contracts, acknowledgments, terms and conditions between the entity and service providers (where applicable)

• Security risks are identified for the data privacy during the risk assessment have been communicated and considered

You are responsible for maintaining the security of your account information (username, email, password, etc.) for iPay Services in your possession or control. We recommend that you do not divulge your password to anyone. Our staff will never ask you for your password in an unsolicited phone call or in an unsolicited email. If you share a device with others, you should not choose to save your log-in information for the iPay Service (e.g., user ID and password) on that shared device.

7. Third party services and sites

The iPay Service and Our website may provide links to other websites, apps, and services (including other online merchant sites) for your convenience and information. These services, apps and websites may operate independently from us. Linked services, apps and websites may have their own privacy notices or policies, which we strongly suggest you review if you visit any linked websites. To the extent any linked websites you visit are not owned or controlled by Us, We are not responsible for these websites’, apps’ or services’ content, any use of these services, apps or websites by you, or the privacy practices of these services, apps or websites.

8. Your rights

Below we set out details on how you can exercise your rights. If you have a question, cannot find the answer or would like to request a copy of your personal data, please contact support@ipay.qa and a member of our team will respond to you.

Right to access personal data

You have the right to make a request for a copy of the personal data that IPS holds about you. To make this request as an individual or an authorised third party, please contact support@ipay.qa and a member of Our team will respond to you.

Right to correct personal data

You have the right to correct non –mandatory information held about you if it’s not accurate. If the information We hold about you is inaccurate or needs to be updated, you can log in to My IPS to update it or you can contact support@ipay.qa and a member of Our team will respond to you.

Right to data portability

You have the right to be able to take with you the personal data you provided to Us in certain circumstances. For example, You may download your transactions history in accordance with the IPS Terms & Conditions.

Right to object to use of personal data

You have the right, in certain circumstances, to object to IPS processing your personal information. For more information or to exercise this right, please contact support@ipay.qa. If this relates to an automated decision performed on you (this means with no human involvement), please let Us know and We will review your request.

To opt out of marketing messages:

If you no longer want to receive marketing messages from IPS, you can choose to opt out at any time.

If you wish to opt out, please:

1. -

   Contact the call centre on +974 40000555, or email support@ipay.qa

2. -

   Disable push notification messages, including marketing messages, at any time in Our apps by changing the notification settings on your device or by uninstalling the app.

Please note: If you’re opted out of marketing, you may still receive service-related messages.

Please note: You may still receive marketing messages for a short period after opting out while We update Our records.

How to lodge a complaint

If you want to contact Us about any of your rights or complain about how We use your information, please contact support@ipay.qa and a member of our dedicated team will respond to you. If We are still unable to address your concern you can contact the Compliance and Data Protection (CDP) Department. Their website https://compliance.qcert.org/en/contactus has details on how to contact the CDP.

Right to be informed of inaccurate disclosure

You have the right to be informed by IPS of inaccurate disclosures of personal data in certain circumstances. We will contact you by sending you an SMS, notification on the IPS App or a call from our customer care team.

Right to restrict use of your data

If you feel data We hold on you is inaccurate, or you believe We shouldn’t be processing your data, please contact support@ipay.qa to discuss your rights. In certain circumstances, you have the right to ask Us to restrict processing.

Right to erasure

IPS strives to only process and retain your data for as long as We need to. In certain circumstances you have the right to request that We erase personal data of yours that We hold. If you feel that We are retaining your data longer than We need, it is worth first checking that your contract with IPS has been terminated, which you can do by contacting support@ipay.qa. If your contract with IPS has been terminated, We may still have lawful grounds to process your personal data. For more information on retention periods, see the section in this privacy policy called ‘Retention of the personal data’.

9. Changes to this privacy policy

We may update Our privacy policy from time to time. We will notify you of any changes by posting the new privacy policy in this page.

We will let you know via email and/or a prominent notice on Our service, prior to the change becoming effective and update the “Last updated” date at the top of this privacy policy.

You are advised to review this privacy policy periodically for any changes. Changes to this privacy policy are effective when they are posted in this page.

10. Contact Us

If you have questions or requests about the privacy issues relating to the processing of your personal information, you can contact Us:

• By email: support@ipay.qa

• By visiting this page on our website: ipay.qa

• By calling: +974 40000555