Effective Date: 2025/12/01

MISPay Privacy policy

Excellence for Application Solutions for Information Technology, a single-person limited liability company established under the regulations of the Kingdom of Saudi Arabia, supervised and regulated by the Saudi Central Bank (SAMA), registered under Commercial Registration No. (1010764928), Unified National Number: (7026981022), Al-Thumama Road (6630), Al-Sahafa District (3296), Riyadh, Kingdom of Saudi Arabia.

A registered trademark at the Saudi Authority for Intellectual Property under No. (TM-01-00-26054-24).

Preamble

Please read this Privacy Policy carefully before using any of the services we provide.

Based on this policy, Excellence for Application Solutions for Information Technology (“MISPay”, “we”, “us”, or “our”) is committed to respecting your privacy and protecting your personal data in accordance with the applicable laws within the Kingdom of Saudi Arabia. This Privacy Policy describes the practices and rights of MISPay service users (“you”), including an explanation of how your personal data is collected, used, processed, stored, shared, and protected when you visit our website or application or when you use any of our services. It also informs you of your rights guaranteed by law.

This policy applies to MISPay’s website, application, all related websites, applications, tools, and services, including all access and usage methods through electronic devices.

You agree to this Privacy Policy when you subscribe to use or access our services, content, features, technologies, or functions provided on our website or any related websites and applications (referred to as “MISPay Services”).

1. Important Information

1.1 Purpose of This Privacy Policy

This Privacy Policy aims to provide you with information on how MISPay collects and processes your personal data through your use of this website or application, including any data you provide through registration.

This website is not intended for children, and we do not knowingly collect children’s data.

It is important that you read this Privacy Policy along with our terms and conditions, as well as any other privacy notices we may provide on specific occasions when we collect or process personal data about you. This ensures you are fully aware of how and why we use your data. This Privacy Policy supplements other notices and is not intended to override them.

1.2 Data Controller

MISPay is the controller and responsible party for your personal data (“the company”, “MISPay”, “we”, “us”, or “our”).

1.3 Third-Party Links

Our website may contain links to third-party websites, plug-ins, or applications (e.g., merchants). Clicking these links or enabling such connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave our website, we encourage you to read the privacy policy of every website you visit.

1.4 Purpose of Data Collection

We collect data for the following purposes:

  • Service delivery: processing deferred payment requests, assessing eligibility and creditworthiness, and reducing fraud.

  • Data analysis: improving our services and offering personalized deals.

  • Communication: sending notifications about order status, service updates, and special offers.

  • Legal compliance: ensuring adherence to applicable laws and regulations.

  • Marketing: delivering appropriate offers and services and understanding customer preferences.

2. Data We Collect About You

“Personal data” means any information relating to an identifiable individual. It does not include anonymized data.

We may collect, use, store, and transfer different categories of personal data, including:

Personal Data
Full name, marital status, address, date of birth, gender, and geographic location.

Contact Information
Address, billing address, email address, phone numbers.

Financial & Credit Data
Bank account details, payment card details, and credit data collected from SIMAH.

Technical Data
IP address, login data, browser type and version, time zone settings, location, plug-in types and versions, operating system, and device details.

Profile, Transaction & Usage Data
Username, password, payment details, purchase history from partner stores, preferences, feedback, survey responses, and your interactions with our website/app.

Marketing & Communication Data
Your preferences regarding marketing communications from us or third parties.

2.1 Legal Basis for Processing

We process your personal data based on:

  • Your consent, which you may withdraw at any time (unless another legal basis applies).

  • Legal obligations, including applicable laws, regulations, and judicial orders.

2.2 Failure to Provide Data

If you fail to provide required personal data, we may be unable to deliver the requested service and may be forced to cancel it. We will notify you if this occurs.

2.3 How We Collect Your Data

We collect your data through:

Direct Interactions

You provide personal data when:

  • Applying for our services

  • Creating an account

  • Subscribing to our services

  • Requesting marketing materials

  • Providing feedback or contacting us

Indirect Interactions

Data collected from:

  • Cookies, analytics, automatic tracking

  • Third-party sources, including:

    • Analytics providers (e.g., Google)

    • Advertising networks

    • SIMAH credit bureau

    • Yaqeen service for national information

    • Nafath ID services

    • Payment and delivery service providers

    • Public sources and data brokers

4. How We Use Your Personal Data

We will use your personal data where allowed under the law, including:

  • When entering or executing contracts you are part of

  • Customer support and transaction processing

  • When necessary for our legitimate interests

  • When required for legal compliance

  • Detecting and preventing money laundering, terrorism financing, and fraud

  • Communicating with customers via phone, email, SMS, or app

  • Sending policy updates

  • Handling disputes, defaults, and debt collection

  • Verifying accuracy of your information

  • Personalization, analytics, and offers

4.1 Marketing

We may send marketing materials based on:

  • Your personal information

  • Purchase history

  • Preferences

  • Location (if you opt in)

You may opt out of marketing at any time through:

  • App/website profile settings

  • Unsubscribe links in emails

  • Notification settings

Even after opting out of marketing, we may still contact you regarding service-related or transactional matters.

4.2 Cookies

We use cookies and similar technologies to:

  • Recognize you

  • Customize content, services, and ads

  • Measure promotional effectiveness

  • Improve security and fraud prevention

4.4 Change of Purpose

If we need to use your data for a new purpose, we will notify you and explain the legal basis. We may process your data without your knowledge where permitted by Saudi law.

5. Disclosure of Personal Data

We only share data with third parties when legally required or necessary, including:

Service Providers
Analytics providers, technical support, IT providers, credit agencies, debt collectors, advertisers, partner merchants, and business partners — with agreements ensuring data protection.

Legal Requirements
When required by law or regulatory authorities.

Business Transfers
In the event of mergers, acquisitions, or asset transfers, new owners may continue to use your data under this Privacy Policy.

6. Data Security

We use strong security measures to prevent unauthorized access, alteration, disclosure, or loss of your data. Access is limited to employees, agents, and contractors who require it for their duties. They are bound by confidentiality obligations.

We also follow SAMA and the National Cybersecurity Authority standards.

We will notify you and relevant regulators of any data breach as required by law.

7. Data Retention

Your personal data is stored inside Saudi Arabia under secure and compliant systems.

We retain data only for as long as necessary for:

  • Service provision

  • Legal, regulatory, tax, and reporting requirements

  • Fraud prevention

  • Dispute handling

Under Saudi law, core customer data (identity, financial, contact, and transaction data) must be retained for 10 years after a customer relationship ends.

Anonymized data may be retained indefinitely for research or statistical purposes.

You may request deletion, but legal obligations may require retention.

8. Your Legal Rights

You have the right to:

8.1 Right to Know
Understand the legal basis, purpose, and retention period of your data.

8.2 Right to Access
Request access to your personal data.

8.3 Right to Obtain
Request a readable copy of your personal data.

8.4 Right to Correct
Request correction or updating of inaccurate data.

8.5 Right to Delete
Request deletion of your personal data (subject to legal limitations).

8.6 Right to Object
Object to processing, including marketing.

8.7 Right to Restrict Processing

Request temporary suspension of data processing.

8.8 Right to Transfer
Request transfer of your data to yourself or a third party.

8.9 Right to File Complaints
You may file complaints with us or the Saudi Central Bank (SAMA):

  • Website: sama.gov.sa

  • Call Center: 8001256666

8.10 Right to Withdraw Consent
You may withdraw consent at any time, though this may affect service delivery.

Fees
Requests are generally free unless excessive or unfounded.

Verification
We may request additional information to verify your identity.

Response Time
We aim to respond within 30 days, extendable once by an additional 30 days with notice.

9. Changes to This Policy

We may update this Privacy Policy at any time by posting a revised version. We will notify you of major changes through email, website notices, or SMS.

You are responsible for reviewing updates. Continued use of MISPay services means acceptance of the updated policy.

10. Contact Us

For inquiries, rights requests, or privacy complaints, contact us:

27. Applicable laws and Jurisdiction:

27.1 The rights and the obligations referred to the mentioned parties shall undertakes the current terms and conditions and shall be explained and interpreted in accordance with the provisions and regulations of the Kingdom of Saudi Arabia, and the parties agree that any dispute, obligation or action of any kind arising under this agreement will be in the Kingdom of Saudi Arabia (Riyadh), and the parties agree irrevocably in accordance with applicable laws and regulations in the Kingdom of Saudi Arabia that any dispute, obligation or action of any kind arising under this agreement, the prevailing party has the right to get the costs and lawyer’s charge from the non-prevailing party.

27.2 You hereby agree that you bear all possible consequences and (MIS Pay) is entitled, at its absolute discretion, to file a lawsuit through the Sharia Courts of the Kingdom of Saudi Arabia (Riyadh) in the event of default or inability to repay.