Privacy policy

This Privacy Policy describes how The Global Digital Financial Solutions Company (neoleap) and its affiliates or holding group (hereinafter collectively referred to as “Group”, "We", "Us", "Our" or individually as “Member”, "Neoleap", “Urpay”) each collect, use and disclose Personal Information when you use our service “Urpay” in accordance to the applicable laws within the Kingdom of Saudi Arabia.

Definitions

1. Affiliate: Refers to any entity which Global Digital Financial Solutions or any member of the group is considered a major shareholder of each entity within the Kingdom of Saudi Arabia.

2. Personal Information: Refers to any information that can be used to identify an individual, including but not limited to name, email address, contact information, and location data.

3. Data Subject: Refers to an individual who can be identified, directly or indirectly, by reference to personal information.

4. Data Controller: Refers to the entity that determines the purposes and means of processing personal information.

5. Data Processor: Refers to the entity that processes personal information on behalf of the data controller.

6. Consent: Refers to the freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal information relating to them.

7. Processing: Refers to any operation or set of operations performed on personal information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, or erasure.

8. Lawful Basis: Refers to the legal grounds on which personal information can be processed under applicable data protection laws.

9. Data Retention: Refers to the period during which personal information is stored or held by the data controller or data processor.

10. Third Party: Refers to any individual or entity other than the data subject, data controller, data processor, or persons who, under the direct authority of the data controller or data processor, are authorized to process personal information.

Scope

This policy applies to all personal information collected, processed, and stored by the Global Digital Financial Solutions Company, whether online or offline. This includes information collected through our website, mobile applications, social media, customer service interactions, and any other means. We collect personal information from our users who interact with us. This policy applies to all such individuals. By using our services, you consent to the collection and use of your personal information as outlined in this policy.

Personal Information We Collect

We may collect information about you when you use our services to enhance the performance of Our services. This information may include:

Device Information: We may collect information about the device you use to access our services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.

Transactions Information: Transactions and Products used will be collected including account activity and product usage.

Usage Information: We may collect information about how you use our services, such as the features you use, the pages you visit, and the actions you take.

Location Information: We may collect information about your location within our services that will help enhance our services performance.

Information You Provide: We may collect information that you provide to us, such as your name, email address, and other contact information through our websites, mobile apps, social media or any channels we use to communicate with the Customers.

• Data collected from partner schemes which will help us provide you with better services.

How We Use Your Information

We may use the information we collect about you to:

• Provide and improve our services.

• Respond to your inquiries and requests.

• Communicate with you about our services and related products and offers.

• Personalize your experience within our services.

• Analyze and improve our business operations and Urpay Services.

• Enforce our Terms of Service and other policies issued by legal and regulatory authorities within the Kingdom of Saudi Arabia.

• To Protect you against Fraud by conducting identity, credit and conflict checks.

• Promote new products and services that may be of interest of you.

How We Share Your Information

We may share your information with third parties in the following circumstances:

• With your consent.

• With our service providers who perform services on our behalf, such as hosting, data analysis, and customer service.

• To comply with applicable laws, regulations, or legal processes.

• To protect our rights, property, or safety, or the rights, property, or safety of others.

• In connection with a merger, acquisition, or sale of all or a portion of our assets.

Your Choices

You may choose not to provide certain information to us, but doing so may limit your ability to use our services or certain features of our services.

You may also opt-out of our services us by following instructions provided by our customer support channels.

Security and Confidentiality

We take reasonable measures to protect your information from unauthorized access, use, or disclosure. However, please not that no method of transmission or storage can guarantee absolute security.

Personal Data Storage

We take the privacy and security of your data seriously. Here's how we handle data storage:

• We store your personal information securely on servers located in Saudi Arabia.

• We implement technical and organizational measures to protect your data from unauthorized access, use, or disclosure.

• We regularly review and update our security practices to ensure the ongoing integrity and confidentiality of your data.

• We retain your data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy or as required by applicable laws.

Please note that while we take all reasonable precautions to protect your data by utilizing the necessary physical, technical, administrative and procedural security measurements to prevent unauthorized access, misuse, collection. We safeguard and protect your data in a manner that complies with applicable data protection regulation of the Kingdom of Saudi Arabia. However, the internet is not completely secure.

Usage of Cookies

In order to improve our customers’ personal experience, our websites use “Cookies” to collect information about our websites are used, which may include your data. The use of cookies is essential to the operation of our services.

Data Retention

We will retain your information only for as long as is necessary for the purposes set out in this Data Privacy Policy, unless a longer retention period is required or permitted by law.

When we no longer need to use your information, we will delete it from our systems or anonymize it so that it can no longer be associated with you.

You have the right to request the deletion of your information unless we are required to retain it by law or for legitimate business purposes.

Please note that deleting your information may impact your ability to use certain features of the App, and we may not be able to restore your information once it has been deleted.

Compliance with Legal Requirements Applicable in the Kingdom of Saudi Arabia

The Global Digital Financial Solutions is committed to complying with Saudi Arabia defined Legal Data Regulations including, but not limited to, the National Data Management Office (NDMO) Personal Data Protection Law (PDPL) guidelines. This section outlines how we collect, use, and protect personal data in accordance with the applicable laws.

Lawful Basis for Processing Personal Data

We will only process personal data in compliance with the lawful bases defined by the PDPL, including:

Consent: We will obtain your explicit consent before processing your personal data.

Contractual Necessity: We may process personal data if it is necessary as you are a party.

Legal Obligation: We may process personal data to comply with legal obligations imposed on us.

Legitimate Interests: We may process personal data based on our legitimate interests, provided that such processing does not override your rights and freedoms.

Rights of Data Subjects

As a data subject, you have certain rights under the PDPL, including:

Right to Access: You have the right to request access to the personal data we hold about you.

Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances.

Right to Correct Personal Data: You have the right to request correction to the personal data we hold about you.

Right to Withdraw Consent: If we rely on your consent as the lawful basis for processing your personal data, you have the right to withdraw your consent at any time.

Right to Request: You have the right to request obtaining the personal data we hold about you.

To exercise your rights under the Personal Data Protection Law, please contact our customer support team. Upon your exercise of one or more of the above rights, we will provide you with your request within 30 days from receiving the request correctly. With us having the right to extend the period for extra 30 days in case of receiving multiple requests of you, or if your request needs unexpected extra time or effort.

Disclosure of your Personal Data

We may share your personal data to recipients located in Saudi Arabia within the jurisdiction of the NDMO Personal Data Protection Law, ensuring that appropriate safeguards are in place to protect your personal data in accordance with the requirements of the NDMO Personal Data Privacy Law.

Recipients include (not limited to):

• Any court, regulatory body, government authority to comply with any obligations and requirements issued by legal and regulatory authorities within the Kingdom of Saudi Arabia.

• Any debt collection agency, credit bureau, insurer.

• Any member of The Global Digital Financial Solutions Company and its affiliates or holding group or their service providers for the purpose of providing you with the products or services, enhancing our products, services and your experience across our channels, and promoting new financial products and services that may be of interest to you.

By accepting this policy, you acknowledge/permit us to contact and/or send notifications to you through different channels such as, short messages (SMS), push notifications, WhatsApp, email and/or phone with regards to our products and services.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes to this Privacy Policy, we will notify you by email or by posting a notice in the App.

Contact Information

In case of any inquiries, you can reach us via email, chat and social media or through our websites and applications.

Effective Date

The information provided in this document is effective starting from December 2023.

Disclaimer

This Privacy Notice is not intended to, nor does it, create any contractual rights whatsoever or any other legal rights, nor does it create any obligations on us in respect of any other party or on behalf of any party. When you log in to third parties’ websites, you will not be subject or under this Privacy Notice. Moreover, we are not responsible for their websites’ content and we do not represent third parties. Therefore, we recommend you to review the privacy and security policy of each link you log in to.

This Privacy Policy describes how The Global Digital Financial Solutions Company (neoleap) and its affiliates or holding group (hereinafter collectively referred to as “Group”, "We", "Us", "Our" or individually as “Member”, "Neoleap", “Urpay”) each collect, use and disclose Personal Information when you use our service “Urpay” in accordance to the applicable laws within the Kingdom of Saudi Arabia.

Definitions

1. Affiliate: Refers to any entity which Global Digital Financial Solutions or any member of the group is considered a major shareholder of each entity within the Kingdom of Saudi Arabia.

2. Personal Information: Refers to any information that can be used to identify an individual, including but not limited to name, email address, contact information, and location data.

3. Data Subject: Refers to an individual who can be identified, directly or indirectly, by reference to personal information.

4. Data Controller: Refers to the entity that determines the purposes and means of processing personal information.

5. Data Processor: Refers to the entity that processes personal information on behalf of the data controller.

6. Consent: Refers to the freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal information relating to them.

7. Processing: Refers to any operation or set of operations performed on personal information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, or erasure.

8. Lawful Basis: Refers to the legal grounds on which personal information can be processed under applicable data protection laws.

9. Data Retention: Refers to the period during which personal information is stored or held by the data controller or data processor.

10. Third Party: Refers to any individual or entity other than the data subject, data controller, data processor, or persons who, under the direct authority of the data controller or data processor, are authorized to process personal information.

Scope

This policy applies to all personal information collected, processed, and stored by the Global Digital Financial Solutions Company, whether online or offline. This includes information collected through our website, mobile applications, social media, customer service interactions, and any other means. We collect personal information from our users who interact with us. This policy applies to all such individuals. By using our services, you consent to the collection and use of your personal information as outlined in this policy.

Personal Information We Collect

We may collect information about you when you use our services to enhance the performance of Our services. This information may include:

Device Information: We may collect information about the device you use to access our services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.

Transactions Information: Transactions and Products used will be collected including account activity and product usage.

Usage Information: We may collect information about how you use our services, such as the features you use, the pages you visit, and the actions you take.

Location Information: We may collect information about your location within our services that will help enhance our services performance.

Information You Provide: We may collect information that you provide to us, such as your name, email address, and other contact information through our websites, mobile apps, social media or any channels we use to communicate with the Customers.

• Data collected from partner schemes which will help us provide you with better services.

How We Use Your Information

We may use the information we collect about you to:

• Provide and improve our services.

• Respond to your inquiries and requests.

• Communicate with you about our services and related products and offers.

• Personalize your experience within our services.

• Analyze and improve our business operations and Urpay Services.

• Enforce our Terms of Service and other policies issued by legal and regulatory authorities within the Kingdom of Saudi Arabia.

• To Protect you against Fraud by conducting identity, credit and conflict checks.

• Promote new products and services that may be of interest of you.

How We Share Your Information

We may share your information with third parties in the following circumstances:

• With your consent.

• With our service providers who perform services on our behalf, such as hosting, data analysis, and customer service.

• To comply with applicable laws, regulations, or legal processes.

• To protect our rights, property, or safety, or the rights, property, or safety of others.

• In connection with a merger, acquisition, or sale of all or a portion of our assets.

Your Choices

You may choose not to provide certain information to us, but doing so may limit your ability to use our services or certain features of our services.

You may also opt-out of our services us by following instructions provided by our customer support channels.

Security and Confidentiality

We take reasonable measures to protect your information from unauthorized access, use, or disclosure. However, please not that no method of transmission or storage can guarantee absolute security.

Personal Data Storage

We take the privacy and security of your data seriously. Here's how we handle data storage:

• We store your personal information securely on servers located in Saudi Arabia.

• We implement technical and organizational measures to protect your data from unauthorized access, use, or disclosure.

• We regularly review and update our security practices to ensure the ongoing integrity and confidentiality of your data.

• We retain your data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy or as required by applicable laws.

Please note that while we take all reasonable precautions to protect your data by utilizing the necessary physical, technical, administrative and procedural security measurements to prevent unauthorized access, misuse, collection. We safeguard and protect your data in a manner that complies with applicable data protection regulation of the Kingdom of Saudi Arabia. However, the internet is not completely secure.

Usage of Cookies

In order to improve our customers’ personal experience, our websites use “Cookies” to collect information about our websites are used, which may include your data. The use of cookies is essential to the operation of our services.

Data Retention

We will retain your information only for as long as is necessary for the purposes set out in this Data Privacy Policy, unless a longer retention period is required or permitted by law.

When we no longer need to use your information, we will delete it from our systems or anonymize it so that it can no longer be associated with you.

You have the right to request the deletion of your information unless we are required to retain it by law or for legitimate business purposes.

Please note that deleting your information may impact your ability to use certain features of the App, and we may not be able to restore your information once it has been deleted.

Compliance with Legal Requirements Applicable in the Kingdom of Saudi Arabia

The Global Digital Financial Solutions is committed to complying with Saudi Arabia defined Legal Data Regulations including, but not limited to, the National Data Management Office (NDMO) Personal Data Protection Law (PDPL) guidelines. This section outlines how we collect, use, and protect personal data in accordance with the applicable laws.

Lawful Basis for Processing Personal Data

We will only process personal data in compliance with the lawful bases defined by the PDPL, including:

Consent: We will obtain your explicit consent before processing your personal data.

Contractual Necessity: We may process personal data if it is necessary as you are a party.

Legal Obligation: We may process personal data to comply with legal obligations imposed on us.

Legitimate Interests: We may process personal data based on our legitimate interests, provided that such processing does not override your rights and freedoms.

Rights of Data Subjects

As a data subject, you have certain rights under the PDPL, including:

Right to Access: You have the right to request access to the personal data we hold about you.

Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances.

Right to Correct Personal Data: You have the right to request correction to the personal data we hold about you.

Right to Withdraw Consent: If we rely on your consent as the lawful basis for processing your personal data, you have the right to withdraw your consent at any time.

Right to Request: You have the right to request obtaining the personal data we hold about you.

To exercise your rights under the Personal Data Protection Law, please contact our customer support team. Upon your exercise of one or more of the above rights, we will provide you with your request within 30 days from receiving the request correctly. With us having the right to extend the period for extra 30 days in case of receiving multiple requests of you, or if your request needs unexpected extra time or effort.

Disclosure of your Personal Data

We may share your personal data to recipients located in Saudi Arabia within the jurisdiction of the NDMO Personal Data Protection Law, ensuring that appropriate safeguards are in place to protect your personal data in accordance with the requirements of the NDMO Personal Data Privacy Law.

Recipients include (not limited to):

• Any court, regulatory body, government authority to comply with any obligations and requirements issued by legal and regulatory authorities within the Kingdom of Saudi Arabia.

• Any debt collection agency, credit bureau, insurer.

• Any member of The Global Digital Financial Solutions Company and its affiliates or holding group or their service providers for the purpose of providing you with the products or services, enhancing our products, services and your experience across our channels, and promoting new financial products and services that may be of interest to you.

By accepting this policy, you acknowledge/permit us to contact and/or send notifications to you through different channels such as, short messages (SMS), push notifications, WhatsApp, email and/or phone with regards to our products and services.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes to this Privacy Policy, we will notify you by email or by posting a notice in the App.

Contact Information

In case of any inquiries, you can reach us via email, chat and social media or through our websites and applications.

Effective Date

The information provided in this document is effective starting from December 2023.

Disclaimer

This Privacy Notice is not intended to, nor does it, create any contractual rights whatsoever or any other legal rights, nor does it create any obligations on us in respect of any other party or on behalf of any party. When you log in to third parties’ websites, you will not be subject or under this Privacy Notice. Moreover, we are not responsible for their websites’ content and we do not represent third parties. Therefore, we recommend you to review the privacy and security policy of each link you log in to.

In addition to the General Privacy Policy, the following terms apply to iOS device users:

Using the Application means that the User agrees with this Policy and the described conditions for collecting and processing information from the User's device. If the User does not agree with the terms of the Policy, it is necessary to refrain from using the Company's Application.

User's data collected and processed by the Application

According to this Policy, the Application collects and processes User's data. This data includes:

•   Personal information that the User independently provides to the Company to create an account, as well as in the process of using the Application: name, gender, date of birth, email, phone number, bank card details.

•   Data required for providing high-quality and safe services (collected using additional SDK modules):

o   Session data that is automatically collected and transmitted by the Application during its operation: IP address, version of the operating system, brand and model of the device, unique identifiers of the device, browser used, information about the time the Application was accessed, name and parameters of the network connection.

o   Information about the geolocation of the User's device: geolocation data using GPS data, nearest Wi-Fi access points and mobile networks (if the User provides permission).

o   Call status on the User's device (if the User provides permission).

Purposes for collecting and processing data

Company collects and processes only data necessary for the provision of services.

Company utilizes the User's information in accordance with this Policy and the legislation of the Company's country of origin for the following purposes:

•   identifying the User and the User's device;

•   ensuring the safety of using the Application and the services provided by the Company;

•   sending notifications, requests and information about the services provided by the Company;

•   improving the quality of the Application and the services provided by the Company;

•   researching and developing new services provided by the Company.

Conditions for processing and transferring User's data to third parties

Company stores User's data in accordance with internal regulations and rules for secure data processing. The User's data is processed and stored while preserving their confidentiality. When processing data, the Application does not disclose the User's identity.

The storage periods for the User's data are determined in accordance with the requirements of the legislation of the Company's country of origin.

To process the User's data, Company can involve partners whose actions are subject to this Policy and the corresponding data protection agreements. At the same time, the User's data can be processed in its original and impersonal form.

User information can be provided to government agencies upon request in accordance with the requirements of current legislation.

Measures for protecting User's data

Company takes organizational and technical measures to effectively protect the User's data from illegal actions or accidental access by third parties, including modification, destruction, copying, and distribution.

Changes to the Privacy Policy

The company can make changes to the Privacy Policy if necessary.

The new version of the Privacy Policy comes into force from the moment of publication, unless otherwise provided by the latest version of the Policy.

In addition to the General Privacy Policy, the following terms apply to Android device users:

Using the Application means that the User agrees with this Policy and the described conditions for collecting and processing information from the User's device. If the User does not agree with the terms of the Policy, it is necessary to refrain from using the Company's Application.

User's data collected and processed by the Application

According to this Policy, the Application collects and processes User's data. This data includes:

•   Personal information that the User independently provides to the Company to create an account, as well as in the process of using the Application: name, gender, date of birth, email, phone number, bank card details.

•   Data required. for providing high-quality and safe services (collected using additional SDK modules):

o   Session data that is automatically collected and transmitted by the Application during its operation: IP address, version of the operating system, brand and model of the device, unique identifiers of the device, browser used, information about the time the Application was accessed, name and parameters of the network connection.

o   Information about the geolocation of the User's device: geolocation data using GPS data, nearest Wi-Fi access points and mobile networks (if the User provides permission).

o   Call history on the User's device (if the User provides permission).

o   Information about applications installed on the User's device (metadata from applications): application name, application identifier and version, device identifier and checksum.

Purposes for collecting and processing data

Company collects and processes only data necessary for the provision of services.

Company utilizes the User's information in accordance with this Policy and the legislation of the Company's country of origin for the following purposes:

•   identifying the User and the User's device;

•   ensuring the safety of using the Application and the services provided by the Company;

•   sending notifications, requests and information about the services provided by the Company;

•   improving the quality of the Application and the services provided by the Company;

•   researching and developing new services provided by the Company.

Conditions for processing and transferring User's data to third parties

Company stores User's data in accordance with internal regulations and rules for secure data processing. The User's data is processed and stored while preserving their confidentiality. When processing data, the Application does not disclose the User's identity.

The storage periods for the User's data are determined in accordance with the requirements of the legislation of the Company's country of origin.

To process the User's data, Company can involve partners whose actions are subject to this Policy and the corresponding data protection agreements. At the same time, the User's data can be processed in its original and impersonal form.

User information can be provided to government agencies upon request in accordance with the requirements of current legislation.

Measures for protecting User's data

Company takes organizational and technical measures to effectively protect the User's data from illegal actions or accidental access by third parties, including modification, destruction, copying, and distribution.

Changes to the Privacy Policy

The company can make changes to the Privacy Policy if necessary.

The new version of the Privacy Policy comes into force from the moment of publication, unless otherwise provided by the latest version of the Policy.