1. About us?
Mamo Limited and/or its affiliates and entities (collectively “Mamo”, “we” or “us”) values your security and privacy. Mamo is incorporated in the Dubai International Financial Centre (the “DIFC”) which applies Data Protection Law, DIFC Law No. 5 of 2020 as amended and its associated regulations (including the Data Protection Regulations dated 1 July 2020), and may for certain types of personal data processing, be subject to laws from other jurisdictions (collectively, the “DP Law”). We are the Controller for the purposes of DP Law of the personal information that we collect or receive from you as more fully described in this Policy.
Children Data: The Website Services or App are not targeted, intended or expected to be of use to children. Apart from providing information for specific services or purposes, as directed by DP Law processes, App or Website Services’ user-provided contributions of content or contact information regarding or about children are expressly prohibited.
2. What personal information do we collect about you?
As part of Mamo’s commitment to the privacy of Mamo’s customers and visitors while using the Website Services or App more generally, we want to be clear about the information we will collect from you.
We will collect your personal data when you:
- use our website at www.mamopay.com;
- use the App; or
- use any of the services you can get access to through the App or Website Services.
- provide information or fill in forms on the App or through our Website Services (as provided in detail below):
Information you give us
We will collect the following personal information about you:
- your name, address, and date of birth;
- your email address, phone number and details of the device you use (for example, your phone, computer or tablet);
- your Mamo tag, password and other registration information;
- details of your bank account, such as your account number, and IBAN;
- identification documents (for example, your passport or ID), copies of any documents you have provided for identification purposes, and any other information you provide to prove you are eligible to use our services collected through a third party provider platform called IDNow; and
- records of our discussions, if you contact us or we contact you (including logs of phone calls).
You should not provide us with any personal data about other people (such as your spouse or family).
- You will need to submit details of your debit cards and credit cards (or other debit or credit cards you have registered with us), including the card number, expiry date and CVC (the last three digits of the number on the back of the card) to access our services, however this data is not received or stored by Mamo, it is processed by a PCI-DSS compliant third party on our behalf whose systems are integrated with our platform. The third party may send us information, such as an “alias” version of the card, which will allow us to provide our services, but will not result in us collecting or storing the actual account data held on the card.
Information obtained automatically
- Whenever you use our App or Website Services we collect data and information (including through third party products) on your device called Log Data. This Log Data may include technical information, including the internet protocol (IP) address used to connect your computer to the internet, your device ID for security reasons, your log-in information, the browser type and version, the time-zone setting, the operating system and platform, mobile network information, your mobile operating system and the type of mobile browser you use, as well as your account information. We collect this information to enable us to identify and fix technical issues with our services and to make improvements.
- Information about your visit, including the links you have clicked on, through and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page.
- If the App has requested location tracking and you agree to turn location tracking on, we will collect your location data in accordance with your settings, to assist with detecting fraud.
Information we obtain from third parties
We collect personal data, including credit records, late payment records, identity verification information and information relating to the transactions you make from third parties, such as credit-reference agencies, financial or credit institutions, official registers and databases, as well as fraud-prevention agencies and partners who help us to provide our services. These agencies and partners include IDnow, UAE Pass, Acuris and card scheme operators such as Visa and Mastercard.
3. Our reasons for collecting your information?
We will only use your personal information if there is a reason for doing so and if that reason is permitted under applicable DP Law.
We use your personal data so we can provide the best service, tell you about our App and Website Services you may be interested in, and meet our legal obligations.
We need to use your data in order to meet our obligations under our contract that we have with you, or we may need to use your personal information to enter into a contract with you. We use details about you to:
To provide a requested service or carry out a contract with you.
Where we need to in order to provide you with the services you have requested or to enter into a contract, we use your information to:
- assess your application and create and maintain your account, once approved;
- provide, maintain, and improve our App and Website Services, including, for example, to facilitate payments, send receipts, provide products and services you request (and send related information about them), develop new features, provide customer support to users, authenticate users, and send administrative messages, whether for information or as required by applicable DP Law;
- investigate and resolve complaints and other issues;
- keep our App and Website Services safe and secure; and
- personalise and improve the App and Website Services, including to provide or recommend features, content, social connections, referrals, and advertisements.
Where we have a legitimate interest.
We may also process your data for our legitimate interests or those of a third party to whom your personal information has been made available. These legitimate interests may include:
- to detect and prevent unlawful use, misuse or abuse of the App and Website Services and to ensure the security of our networks and services;
- to enable Mamo’s customer services team to help you with any queries in the most efficient way possible and to provide a positive customer experience;
- to ensure that the content of the App and Website Services is presented in the most effective manner and tailored to the device you are accessing it from, and to enable us to track, analyse and improve the services we give you and other customers and to understand how you respond to ads we show. We may ask for feedback if you’ve shown interest in a service. We do this so that we can improve our products and understand how to market them;
- to notify you if there are any changes or developments to the App and/or Website Services;
- to contact you to respond to your queries and feedback on the App and/or Website Services (where you have asked us to do so);
- to send you information about the App and/or Website Services or information we feel may interest you (unless you ask us not to); and
- to enforce Mamo’s contractual terms with you, for the exercise or defence of legal claims and to protect the rights of Mamo (including to prevent fraud).
Where we rely on legitimate interest for processing your information, we carry out a ‘balancing test’ to ensure that Mamo’s processing is necessary and that your fundamental rights of privacy are not outweighed by Mamo’s legitimate interests before we go ahead with such processing.
Where we have a legal obligation.
We also use your personal information to meet Mamo’s legal and regulatory compliance obligations and to respond to the requests of any applicable authorities. This may include using your personal information to help detect or prevent crime (including fraud detection, terrorism financing, money laundering and other financial crimes). We will only do this on the basis that it is needed to comply with a legal or regulatory obligation.
If you do not provide the personal information necessary or do not respond to any queries that we may provide to you in respect of the processing then (where this information is necessary for us to provide our App or Website Services to you), we will not be able to provide our fully intended services to you. We will notify you where this is the case.
Mamo should never contact you by email or otherwise to ask you to validate personal information such as your user ID, password, contact information or bank details. If you receive such a request, please email us without delay on email@example.com.
5. Do we transfer your personal information outside the UAE?
Your information may be transferred to and stored in locations outside the DIFC. When we do this, we will ensure appropriate safeguards are in place to ensure a similar degree of protection is afforded to it and that the transfer is lawful. For example, by using the standard contractual clauses that have been approved by the Commissioner of Data Protection and to be used for transfers outside the DIFC to a non-adequate jurisdiction.
You can obtain more details of the protection given to your information when it is transferred outside DIFC by contacting us using the contact details in this Policy.
6. How we keep your information secure?
We use a range of security measures to keep your information safe and secure (including, but not limited to, encryption) and we take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage. We require Mamo’s staff and any third parties who carry out any work on Mamo’s behalf to comply with appropriate compliance and confidentiality standards including obligations to protect any information and applying appropriate measures for the use and transfer of information. We also have procedures in place to deal with any suspected data security breach. We will notify you and/or any applicable regulator of a suspected data security breach where we are legally required to do so.
7. Your rights and choices
Under DIFC DP Law, you have a number of rights when it comes to your personal information. Please contact us using our contact details provided in this Policy to exercise any of your rights.
Marketing and opting out
Users have legal rights under DP Law to opt-out of receiving marketing communications from us. You have the option to ask us not to process your personal information for direct marketing purposes.
You may change your preferences at any time.
Please note that we may continue to send you transactional or service-related e-mails despite your desire to not receive promotional or marketing e-mail messages. Additionally, please note that if you elect to opt-out of receiving promotional e-mails from one of our App and Website Services, you may continue to receive promotional emails from our other websites, providers or other, non-affiliated marketers whose services you may have accessed via our App and Website Services.
Finally, while we may remove your individual contact information from our professional contacts database, please be aware that if such information is in a different third party's marketing directory through your request or election, you will need to request removal with such third party directly.
Access to and correction of your personal information
You have the right to access information held about you. Your right of access can be exercised in accordance with DP Law and other applicable laws. You also have the right to ask us to correct inaccurate information we hold about you.
Automated decision making
We have a fraud-detection system that automatically monitors transactions to attempt to identify fraud. This system will process certain personal information and may block transactions which are identified as potentially fraudulent. We will follow-up to investigate such transactions and may contact you. If you believe a transaction has been wrongly blocked, you may contact us and ask us to review the transaction.
The right to withdraw consent
If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal information for marketing purposes.
The right to have your information erased
You are entitled to ask us to delete your information. However, if you exercise this right we will not be able to provide you with our services. Please also note that we are not required to delete information where we have a continuing compelling reason or duty to retain it (such as compliance with record keeping requirements under financial regulations).
The right to object to processing and to restrict processing
In certain circumstances, you have the right to object to our use of your personal data or to ask us to restrict certain processing activities.
The right to data portability
You have the right to receive the data we process based on your consent and for the performance of the contract with you in a structured and machine-readable format.
The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal information with the DIFC Commissioner of Data Protection.
9. How can you contact us?
If you have any enquires or wish to exercise any of your rights noted in section 7, you can contact us by email at firstname.lastname@example.org or by writing to us at:
Data Protection Officer
Unit GA-00-SZ-L1-RT-196, Level 1, Gate Avenue - South Zone, Dubai International Financial Centre, Dubai, United Arab Emirates
If you are not satisfied with Mamo’s response to any complaint or believe Mamo’s processing of your information does not comply with DP Law, you can make a complaint to the DIFC Commissioner of Data Protection.
10. Updates to this Policy
This Policy may be updated from time to time, and you will always be able to find the most recent version on Mamo’s websites. Where appropriate we will notify you of the changes for example by email or push notification.