1. Introduction: SADAD as Data Manager

SADAD ELECTRONIC PAYMENT GATEWAY, a company incorporated in the Sultanate of Oman under CR no. 1418586; having its registered address: Office 108, Business Centre, Road 3341, Al Khuwair, Muscat , Sultanate of Oman , PO BOX 752 , P.C 122.
SADAD is the Data Manager & Data Processor of Personal Data collected in the Sultanate of Oman through its channels including (website, application).

2. Purpose of this Statement

SADAD respects your privacy and is committed to maintaining the confidentiality and security of the Personal Data of its existing, prospective and former customers defined as "Data Owners". This Privacy Statement informs you about how we process Personal Data, how we look after it and explains about your rights with respect to your Personal Data. SADAD encourages you to review this Privacy Statement and become familiar with it.

3. Personal Data processed by SADAD

3.1 Determine the meaning of Personal Data:

Personal Data is known as any information referring to an identified or identifiable natural person (referred to as data owner). An identifiable natural person is one who can be identified, directly or indirectly such as a name, an identification number, location data, an online identifier or to one more factor specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

SADAD collects Personal Data from Data Owners mainly via all its channels. For more information on these sources of Personal Data, please refer to the sections below.

Where SADAD needs to collect Personal Data by law or under the terms of a contract we have with you, and if you fail to provide that Personal Data, SADAD may not be able to fulfil the required service upon which the cancellation may take place.

3.2 Personal Data collected by SADAD:

To provide the services requested by our customers, SADAD collects the following Personal Data through its channels:

3.2.1 Information Collected Automatically:

1. Information we collect automatically: When a customer visit SADAD website or use SADAD services, we collect information sent to us by customers computer, mobile phone or other access device. The information sent to us but is not limited to the following to: data about the pages you access, computer IP address, device ID or unique identifier, device type, geo-location information, and other information.

2. Information customers provide to us: We may collect and store any information you enter on the SADAD website, or you provide to us in context of using our site, applications, services, or tools. When customer visit the SADAD website or use SADAD services, we also collect information about customers transactions and your activities. In addition, we may collect the following types of information:

• Contact information, such as customers phone, email and other similar information.
• Detailed personal information such as customers (national ID card number, if service or products requires to obtain such information)
• We do not collect customers financial information, such as (Debit/ Credit card details)

We may also collect information from or about customers in different ways. E.g., contacting our customer support team, customers’ results when they respond to a survey, or other companies. Furthermore, for quality and training purposes or for its own protection, SADAD may monitor or record the telephone conversations with customers. By communicating with SADAD, the customer acknowledges that his/her communication may be overheard, monitored, or recorded without further notice and warning.

3.2.2 Information Collected from Other Sources:

SADAD may also obtain information about customers via third parties, e.g., credit bureaus and identity verification services, if such a service or product requires this type of information.

3.2.3 Purpose of Data Processing:

We may use the personal information to the following:

1. Monitoring and improving our services including websites and their content.
2. Sending information to Data Owners about SADAD products and services. 3. Customer care initiatives to improve SADAD services.
4. Meeting legal, regulatory, self-regulatory, risk management, fraud prevention and security requirements, which may include (among other measures) verifying the identity of the customer.
5. Maintaining business and transaction records for reasonable periods, and generally managing and administering SADAD business.
6. Meeting audit requirements.
7. Otherwise as permitted or required by law.

3.2.4 Authentication and Fraud Detection:

To protect customers from fraud or misuse of their personal information, we keep collecting customers’ information, through our several interaction channels. We might also evaluate customers’ computers, mobile phones or any other accessible device in order to identify any malicious software or activity.

4. Legal basis for processing Personal Data

Personal Data will be processed by SADAD only if it is required by national rules and regulations and to the extent that at least one of the following applies:

4.1 Contract:
SADAD may process Personal Data as required to ensure we comply with our contractual obligations towards Data Owners.

4.2 Compliance with Legal Obligations:
SADAD may process Data Owners' Personal Data when necessary to comply with a legal obligation, e.g., Anti-Money Laundering screening and reporting requirements and where required to comply with court order or judicial proceedings.

4.3 Legitimate Interest:
SADAD may process Data Owners' Personal Data in pursuance of its legitimate business interests where such processing is necessary, and our interests does not conflict with the fundamental rights and freedoms of the Data Owner. E.g., our legitimate business interests may include communication with our customers in relation to requested transactions, pursuit of customer care initiatives, internal record keeping purposes and fraud prevention.

5. Usage of Received Personal Information:

Our primary purpose in collecting personal information is to provide our customers with a secure, flexible, efficient experience. SADAD usually uses Personal Data from Data Owners for providing a service. This may include the following:

o Provide it to SADAD Services and its Customer Support team.
o To process transactions and send notices about customers’ transactions.
o For resolving disputes, collect fees and troubleshoot problems.
o Prevent potentially prohibited or illegal activities, and to enforce our user agreement.
o Customize, measure, and improve SADAD services and the content, layout, and operation of our websites and applications.
o Deliver service update notices, and promotional offers based on customers communication preferences.
o Compare information for accuracy and verify it with third parties.

6. Data Owner's Rights

Data Owners have certain rights with respect to their Personal Data. As following:

o To be informed: Data Owners have the right to receive certain information about how their Personal Data is processed. Therefore, we are providing customers with this Privacy Statement.
o Access: Data Owners have the right to access and receive a copy of their Personal Data.
o Rectify: Data Owners have the right to amend their Personal Data when there is found an error within his/her information.
o Erasure: Data Owners have the right to request deletion of their Personal Data in certain circumstances. Or if customer’s will to close his/her SADAD account, we will mark it as “Closed”, but may retain personal information from customer’s account for a certain period of time to collect any fees owed, disputes resolving or even troubleshoot problem.
o Restriction of processing (blocking): Data Owners can restrict or limit the way that SADAD processes their Personal Data in certain circumstances.
o Approval (Consent): If SADAD relies on consent to process Personal Data, Data Owners have the right to withdraw their approval at any time by contacting us using the details below.

Data Owners are also entitled to lodge a complaint with a regulatory authority, in the jurisdiction where they live or work or where they consider SADAD is processing their Personal Data unlawfully. We would, however, appreciate the chance to deal with customers’ concerns before he/she approaches the regulator, so please contact us in the first instance.

7. SADAD Contact

In case of any customer willing to exercise any of your rights, or if you have any queries or suggestions about this Privacy Statement, you can contact SADAD at: cs@sadadgateway.com

8. Retention of Personal Data

In general, the period for which SADAD retains Data Owners' Personal Data is aligned with SADAD’s data retention obligations under anti-money laundering laws, i.e., 10 years. In all cases, SADAD only retains Personal Data for as long as is necessary for the purposes described in this Privacy Statement. When determining the appropriate retention periods, SADAD will consider different factors, including contractual obligations and rights; our legal obligations (for example, anti-money laundering laws); statute of limitations under applicable law; potential disputes; guidelines issued by relevant data protection authorities; and SADAD’s legitimate business interests. SADAD securely erases Personal Data once it is no longer needed.

9. Stored and Protected Personal Information:

Throughout this policy, we use the term "personal information" to describe information that can be associated with a specific person and can be used to identify that person. We do not consider personal information to include information that has been made anonymous so that it does not identify a specific user.

We store and process your personal information on our computers in the Sultanate of Oman, MENA region and elsewhere in the world where our facilities are located. We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centers, and information access authorization controls.

10. How SADAD Shares Personal Information with its Partners:

To process your payments, we may share some of your personal information with the company that you are paying for. Your contact information, the number of payments you have received from verified SADAD users, and whether you have verified control of credit/debit cards are provided to SADAD partners with whom you transact through SADAD. If you are buying goods or services and pay through SADAD, we may also provide the seller with your transaction information as well as your transaction ID number.

The seller is not allowed to use this information to market their services to you unless you have agreed to it. If an attempt to pay your seller fails, or is later invalidated, we may also provide your seller with details of the unsuccessful payment. We work with third parties, including merchants, to enable them to accept payments from you using SADAD. In doing so, a third party may share information about you with us, such as your email address or mobile phone number, ID number to inform you that a payment has been attempted by you to pay a merchant or third party.

We use this information to confirm that you are a SADAD customer and that SADAD as a form of payment can be enabled, or to send you notification of payment status. Also, if you request that we validate your status as a SADAD customer with a third party, we will do so. Please note that merchants, sellers, and users you buy from or contract with have their own privacy policies, and although SADAD’s user agreement does not allow the other transacting party to use this information for anything other than providing SADAD Services, SADAD is not responsible for their actions, including their information protection practices. When using the SADAD mobile application, a Quick Response (QR) code or other payment code may be generated and shared with the merchant with whom you are transacting.

11. Changes to this Privacy Statement

SADAD reviews and updates this Privacy Statement from time to time. We encourage Data Owners to periodically review this Privacy Statement to make sure they are aware of the latest version. If we make any material changes, we will bring this to your attention.