Effective Date: 2025/12/01

MISpay Privacy policy

Integrated Modern Financing Solutions, a single-person Joint stock company established under the regulations of the Kingdom of Saudi Arabia, supervised and regulated by the Saudi Central Bank (SAMA), registered under Commercial Registration No. (1010764928), Unified National Number: (7026981022), Al-Thumama Road (6630), Al-Sahafa District (3296), Riyadh, Kingdom of Saudi Arabia.

A registered trademark at the Saudi Authority for Intellectual Property under No. (TM-01-00-26054-24).

Preamble

Please read this Privacy Policy carefully before using any of the services provided by us.

Based on this Privacy Policy, Excellence for Application Solutions for Information Technology (“MISpay”) is committed to respecting your privacy and protecting your personal data in accordance with the applicable laws and regulations in the Kingdom of Saudi Arabia. This Privacy Policy describes the practices and rights of MISPay service users (“you”), including how your personal data is collected, used, processed, stored, shared, and protected when you visit our website or application or use any of our services. It also explains your legal rights.

This Privacy Policy applies to MISpay’s website, application, and all related websites, applications, tools, and services, and covers all methods of access and use through electronic devices.

By subscribing to, accessing, or using any of our services, content, features, technologies, or functions provided on our website, application, or related platforms (collectively referred to as “MISpay Services”), you agree to this Privacy Policy.

1. Important Information

1.1 Purpose of This Privacy Policy

This Privacy Policy aims to provide you with clear information on how MISpay collects and processes your personal data through your use of our website or application, including any data you provide during registration.

This website and application are not intended for children, and we do not knowingly collect personal data relating to children.

It is important that you read this Privacy Policy together with our Terms and Conditions and any other privacy notices or fair processing policies we may provide at specific times when collecting or processing your personal data. This Privacy Policy supplements other notices and does not override them.

1.2 Data Controller

MISpay is the data controller and is responsible for your personal data (referred to as “the Company”, “MISpay”, “we”, “us”, or “our”).

1.3 Third-Party Links

Our website or application may contain links to third-party websites, plug-ins, or applications (including merchants). Clicking on those links or enabling such connections may allow third parties to collect or share data about you. We do not control third-party websites and are not responsible for their privacy practices. When you leave our platforms, we encourage you to review the privacy policy of every website you visit.

1.4 Purpose of Data Collection

We collect and process personal data for the following purposes:

  • Service provision: Processing deferred payment requests, assessing eligibility and creditworthiness, and reducing fraud.
  • Data analysis: Improving our services and providing personalized offers.
  • Communication: Sending notifications related to order status, service updates, and promotional offers.
  • Legal compliance: Ensuring compliance with applicable laws and regulations.
  • Marketing: Delivering relevant offers and understanding customer preferences.

2. Personal Data We Collect

“Personal data” means any information relating to an identified or identifiable individual. It does not include anonymized data.
We may collect, use, store, and transfer the following categories of personal data:
• Personal Data: Full name, marital status, address, date of birth, gender, and geographic location.
• Contact Data: Address, billing address, email address, and phone numbers.
• Financial and Credit Data: Bank account details, payment card details, and credit information obtained from SIMAH.
• Technical Data: IP address, login details, browser type and version, time zone settings, location, browser plug-ins, operating system, platform, and device-related technologies.
 Profile, Transaction, and Usage Data: Username or similar identifier, password, payment details, purchase history from partner merchants, interests, preferences, feedback, survey responses, and interactions with our website or application.
Marketing and Communication Data: Preferences related to receiving marketing communications from us or third parties.
 

2.1 Legal Basis for Processing

We collect and process your personal data based on your consent, which you may withdraw at any time unless another legal basis applies.

We may also process your personal data to comply with legal obligations, including applicable laws, regulations, and judicial orders.

2.2 Failure to Provide Data

If we are required by law or contractual arrangements to collect personal data from you and you fail to provide it, we may be unable to deliver the requested service. In such cases, we may have to cancel the service and will notify you accordingly.

2.3 How We Collect Your Data

We collect personal data through the following methods:

Direct Interactions:
You may provide personal data by filling out forms, communicating with us through the application, phone, or email, including when you:

  • Apply for our services.
  • Create an account on our website or application.
  • Subscribe to our services or communications.
  • Request marketing materials.
  • Provide feedback or contact us.

Indirect Interactions:
We may collect personal data from third parties and publicly available sources using technical means such as cookies and automated analytics tools. This includes technical data related to your device and browsing behavior. We may also receive personal data from:

  • Analytics providers (e.g., Google, based outside the Kingdom of Saudi Arabia).
  • Advertising and marketing networks.
  • Credit information providers (SIMAH).
  • Yaqeen services for national information.
  • Nafath digital identity services.
  • Technical service providers, payment processors, and delivery providers.
  • Data brokers, aggregators, or public sources.

3. How We Use Your Personal Data

We use your personal data only as permitted by applicable laws, including:

  • Entering into or performing contracts with you.
  • Providing customer support and processing transactions.
  • Pursuing our legitimate interests, provided they do not override your fundamental rights.
  • Complying with legal and regulatory obligations.
  • Detecting and preventing fraud, money laundering, and terrorism financing.
  • Communicating with you via phone, email, SMS, or application notifications.
  • Informing you of policy updates.
  • Handling disputes, defaults, and debt collection.
  • Verifying the accuracy of your information.
  • Personalizing content, conducting analytics, and providing relevant offers.

3.1 Marketing

In accordance with applicable laws and regulations, MISpay may send marketing communications to users who have provided personal data related to MISpay services or partner products. We may use your personal data to infer preferences and provide more relevant content, including preferred merchants and spending behavior.

If you opt in to receive notifications (including in-app marketing notifications), we may send you recommendations based on your location and purchase history. You may opt out of marketing notifications, including location-based notifications, at any time through your profile settings.

If you opt in to email marketing, you may unsubscribe at any time via the unsubscribe link included in emails or through application settings.

Even if you opt out of marketing communications, we may still contact you for transactional or service-related purposes, such as customer support, payment issues, surveys, or order-related inquiries.

3.2 Cookies

When you access our website or use MISpay services, we and our partners may place small data files on your device, including cookies, pixel tags, or similar technologies (“Cookies”). These technologies help us recognize you, customize content and advertising, measure promotional effectiveness, enhance security, and prevent fraud.

3.3 Change of Purpose

We will use your personal data only for the purposes for which it was collected unless we reasonably determine that another purpose is compatible with the original purpose. If required, we will notify you and explain the legal basis for such processing. We may process personal data without your knowledge or consent where permitted by Saudi law.

4. Disclosure of Personal Data

We do not share your personal data with third parties except in compliance with legal requirements and applicable regulations. All third parties are required to respect the security of your personal data and process it in accordance with our instructions.

We may disclose personal data in the following cases:

  • Service Providers: Including analytics providers, IT and technical support providers, credit reporting agencies, debt collection agencies (in case of default), advertisers, marketing networks, merchants, and business partners, subject to data protection agreements.
  • Legal Obligations: Where disclosure is required to comply with legal or regulatory requirements.
  • Change of Ownership: In the event of a merger, acquisition, or transfer of assets, personal data may be transferred to the new owners under the same Privacy Policy.

5. Data Security

We implement appropriate technical, organizational, physical, and electronic security measures to protect your personal data from unauthorized access, loss, misuse, alteration, or disclosure. Access is limited to authorized employees, agents, contractors, and third parties who require such access for legitimate purposes and are bound by confidentiality obligations.

We comply with the standards and requirements of the Saudi Central Bank (SAMA) and the National Cybersecurity Authority. In the event of a personal data breach, we will notify you and the relevant authorities as required by law.

6. Data Retention

Personal data is stored داخل the Kingdom of Saudi Arabia using secure systems in compliance with SAMA and National Cybersecurity Authority regulations.

We retain personal data only for as long as reasonably necessary to fulfill the purposes for which it was collected, including legal, regulatory, tax, accounting, reporting, fraud prevention, and dispute resolution purposes.

Under Saudi law, we are required to retain core customer data (including identity, financial, contact, and transaction data) for ten (10) years after the end of the customer relationship.

In some cases, we may anonymize non-sensitive data for research or statistical purposes and retain it indefinitely.

7. Your Legal Rights

You have the right to:

  • Right to Know: Be informed of the legal basis, purpose, and retention period of your personal data.
  • Right of Access: Request access to your personal data.
  • Right to Obtain a Copy: Request a readable copy of your personal data.
  • Right to Rectification: Request correction or updating of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data, subject to legal limitations.
  • Right to Object: Object to processing, including processing for marketing purposes.
  • Right to Restrict Processing: Request temporary suspension of processing under certain circumstances.
  • Right to Data Portability: Request transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format, subject to legal conditions.
  • Right to File Complaints: Submit complaints to MISpay or to the Saudi Central Bank (SAMA):
  • Right to Withdraw Consent: Withdraw consent at any time, noting that this may affect service availability.

Requests are generally free of charge unless excessive or unfounded. We may request additional information to verify your identity and will aim to respond within 30 days, extendable by an additional 30 days if necessary.

8. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time by publishing a revised version on our website. Material changes will be communicated via email, website notifications, or SMS. Continued use of MISpay Services after the effective date constitutes acceptance of the updated policy.

9. Contact Us

For inquiries, rights requests, or privacy complaints, contact us through:

Mailing Address:
Postal Code (13315), Building No. 6330,
Al-Thumama Road, Al-Sahafa District (3296),
Riyadh, Kingdom of Saudi Arabia.

27. Applicable laws and Jurisdiction:

27.1 The rights and the obligations referred to the mentioned parties shall undertakes the current terms and conditions and shall be explained and interpreted in accordance with the provisions and regulations of the Kingdom of Saudi Arabia, and the parties agree that any dispute, obligation or action of any kind arising under this agreement will be in the Kingdom of Saudi Arabia (Riyadh), and the parties agree irrevocably in accordance with applicable laws and regulations in the Kingdom of Saudi Arabia that any dispute, obligation or action of any kind arising under this agreement, the prevailing party has the right to get the costs and lawyer’s charge from the non-prevailing party.

27.2 You hereby agree that you bear all possible consequences and (MIS Pay) is entitled, at its absolute discretion, to file a lawsuit through the Sharia Courts of the Kingdom of Saudi Arabia (Riyadh) in the event of default or inability to repay.