Privacy Policy

1. Introduction

This Privacy Notice ("Notice") describes how Moyasar Financial Company ("Moyasar", "we", "our", "us") collects, uses, manages, and protects personal data in accordance with the Personal Data Protection Law (PDPL) issued by the Saudi Data & Artificial Intelligence Authority (SDAIA), and the requirements of the Saudi Central Bank (SAMA), as well as other applicable laws and regulations in the Kingdom of Saudi Arabia

This Notice explains how we process your personal data, with whom we may share it, and the measures we take to keep it secure. This applies to all access and use of Moyasar’s services, website, and platform, regardless of the location from which it is accessed.

This Notice continues to apply even if your relationship with Moyasar ends. We may update this Notice from time to time. The latest version will always be available on our website. Updates will take effect when published. We encourage you to review this Notice periodically to stay informed of any updates.

If Moyasar provides you with additional terms about how we collect and use your personal data for a particular service or context, those terms shall prevail in case of conflict with this Notice.

2. Definitions

If Moyasar provides you with additional terms about how we collect and use your personal data for a particular service or context, those terms shall prevail in case of conflict with this Notice.

• Applicable Lawmeans all Saudi Arabian laws and regulations, including but not limited to:
  • The Personal Data Protection Law (PDPL) and its Implementing Regulations.
  • Rules, circulars, and directives issued by the Saudi Central Bank (SAMA).
  • Regulatory requirements, judgments, and official mandates issued by competent Saudi authorities.
• Controllermeans Moyasar Financial Company, which determines the purposes and means of processing personal data.
• Servicesmeans the products and services that Moyasar indicates are covered by this Notice or in the Agreements/contracts with the Merchants, Payment Method Holders, Payment schemes, or Marketplaces.
• Processormeans Moyasar or any third party engaged by Moyasar to process personal data on its behalf and under its instructions.
• Data Subject / Usermeans any natural person whose personal data is collected, including customers, merchants, employees, and service users.
• Merchantmeans the user of our Payment Services.
• Customermeans the customer of the Merchant.
• Third-partymeans any external entity other than Moyasar, such as service providers, regulators, or business partners, that may lawfully receive personal data. These providers are also committed to protecting your information.
• Personal Datarefers to any information that relates to an identified or identifiable natural person, such as name, national ID, email address, phone number, financial information, or other identifiers.
• Sensitive Personal Datameans any category of personal data requiring special protection, including financial, biometric, and health.
• Usage Informationmeans information collected automatically, such as IP address, device identifiers, browser type, operating system, and logs generated by your use of our services (e.g., website cookies).

3. What Personal Data We Collect

Moyasar collects personal data directly from you and, where required by law, from official sources and service providers (e.g., the Ministry of Commerce and the Ministry of Interior via official platforms). Moyasar may collect and process the following categories of personal data:

Category	Type of data
Identification data	full name, date/place of birth, a copy of a valid passport or national ID, signatures.
Contact information	address, email, phone number.
Financial information	account details, transaction history, credit/debit card details, KYC/AML verification data.
Sensitive data	data relating to financial standing, potential criminal records.
Employment and business information	details about your employment, role with the Merchant, company incorporation details, ownership structure.
Device / Usage information	IP address, geolocation, device identifiers, cookies.
Communications	inquiries, support tickets, recorded calls, chat interactions.

We collect this data through these sources:

• Application and onboarding forms.
• Moyasar’s website, dashboard, and digital channels.
• Direct communications (email, phone, chat).
• Official government registers to comply with AML/KYC legal obligations.

Providing personal data may be a precondition for us to deliver services. Without it, we may not be able to provide the requested services.

4. Lawful Bases for Processing

We process personal data only when we have a lawful basis under applicable laws and requirements. These include:

• Legal obligation: to comply with applicable laws and regulatory mandates, including AML/KYC checks against official government registers and databases
• Contractual necessity: to enter into or perform a contract with you.
• Legitimate interest: where processing is necessary for Moyasar’s operations or to protect your or the Kingdom’s interests or fulfill an obligation under Saudi public laws, provided it does not override your rights.
• Explicit consent: for specific processing activities where required.

Providing personal data may be a precondition for us to deliver services. Without it, we may not be able to provide the requested services.

How We Use Personal Data

We may use personal data to:

• Provide, operate, and improve Moyasar’s services.
• Verify identity and conduct KYC/AML checks.
• Process transactions and perform payment reconciliation.
• Ensure compliance with legal and regulatory requirements.
• Prevent and detect fraud, financial crime, or unauthorized activities.
• Respond to questions, inquiries, or complaints.
• Maintain business continuity and secure our systems.
• Conduct audits, risk assessments, and reporting to regulators.
• Improve customer experience and develop new services.

Moyasar does not use personal data for advertising or marketing. If a need occurs in the future, the Privacy Notice will be updated.

5. Consent

In some cases, Moyasar may request your explicit consent for processing activities that go beyond the purposes already described in this Notice or agreed upon in our services. When additional consent is required, Moyasar will explain the purpose, scope, and implications of the processing. You will always have the right to accept or decline, and you may withdraw your consent at any time through the channels provided in this Notice. Withdrawal will not affect the validity of prior processing, and Moyasar may continue to process personal data where another lawful basis applies.

6. Processing & Profiling

Moyasar may use automated systems to support fraud detection, risk management, and AML monitoring. These processes may evaluate transactions and flag unusual activity. A suitable contact person is available if you wish to express a view on an automated decision, where required by law.

7. Sharing Personal Data

We do not sell or rent personal data. We may share personal data only with:

• Regulators, authorities, and courts:Where required by Applicable Law, we may disclose information to regulators, government agencies, law enforcement, courts, dispute resolution bodies, auditors, or any party appointed by regulators to conduct investigations or audits of Moyasar’s activities.
• Service Providers:Selected companies that provide services for us (e.g., cloud hosting, IT infrastructure, background verification, and email services). These providers are required to protect your information and use it only for the purposes specified by Moyasar.
• Business Partners:Where integration is required to provide payment services or support merchant onboarding.
• Other Parties with Your Consent or Legal Basis:When you provide explicit consent, or when another lawful basis permits such sharing.

8. Cross-Border Transfers

Moyasar does not transfer personal data outside the Kingdom of Saudi Arabia. All personal data is stored and processed locally in compliance with applicable laws and regulations.

Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, processed, or requested, in line with applicable laws. Retention may be extended in certain cases, such as:

• To comply with regulatory record-keeping obligations.
• To respond to ongoing disputes or investigations.
• To exercise or defend legal claims.

When no longer required, personal data will be securely destroyed or anonymized so that it can no longer be linked to you.

9. Your Rights

We will respond to your request within 30 days; if more time is needed due to the nature of your request, we will notify you with reasons and may extend the period by up to an additional 30 days. We may verify your identity before processing your request. You can submit requests using Moyasar’s official communication channels, as provided on our website or within the notice below.

You have the following rights under the PDPL:

• Right to Be Informed:You have the right to be informed about the collection and usage of your personal data
• Right of access:to view your personal data and receive it in a clear, structured format.
• Right to request correction:to fix inaccurate or incomplete data or outdated data.
• Right to request destruction:to delete your data where applicable.
• Right to withdraw consent:where processing is based on consent.
• Right to restrict or object:to certain types of processing.
• Right to data portability:to receive your data in a transferable format.
• Right to compensation:if harm results from unlawful processing.
• Right to complain:complaints can be sent to Moyasar at [email protected]. If you are not satisfied with how we handle your complaint, you may take your complaint to the Saudi Central Bank (SAMA).

Exceptions: Some rights may be restricted where:

• Retention is legally required.
• Data is part of ongoing legal proceedings or investigations.
• Exercising the right would conflict with the rights of others or Legitimate interests.

10. Eligibility

Moyasar’s services are intended only for eligible individuals who are legally competent to contract under Saudi law. We do not knowingly collect personal data from minors or any individual who requires a legal guardian.

11. Cookies & Usage Information

Moyasar may use cookies and similar technologies to:

• Recognize you when you return to our site.
• Enhance your browsing experience.
• Analyze site performance and improve services.

12. Security measures

To protect your data, we have implemented security measures, including administrative, technical, physical, and organizational controls.

• We maintain information security and data privacy policies, including incident management and reporting procedures.
• We apply technical measures, including but not limited to data loss prevention solutions, to safeguard personal data and comply with legal and regulatory requirements.
• We require our service providers and third parties who process personal data on our behalf to apply the same confidentiality, data protection, and security standards when handling your information.

13. Contact Us

If you have any questions about this Notice or how Moyasar processes your personal data, or privacy inquiries, you may contact us through the following channels:

Address: Olaya St, Al Wurud, Riyadh 12215, Saudi Arabia

Email: [email protected]

Phone: 800 111 1848