Privacy

Updated on September 8, 2021
  1. About us?

    Mamo Limited, Unit GA-00-SZ-L1-RT-196, Level 1, Gate Avenue - South Zone, Dubai International Financial Centre, Dubai, United Arab Emirates, Email: support@mamopay.com, Tel: 600587007.

    Mamo Limited and/or its affiliates and entities (collectively “Mamo”, “we” or “us”) values your security and privacy. Mamo is incorporated in the Dubai International Financial Centre (the “DIFC”) which applies Data Protection Law, DIFC Law No. 5 of 2020 as amended and its associated regulations (including the Data Protection Regulations dated 1 July 2020), and may for certain types of personal data processing, be subject to laws from other jurisdictions (collectively, the “DP Law”). We are the Controller for the purposes of DP Law of the personal information that we collect or receive from you as more fully described in this Policy.

    It is our policy in accordance with the DIFC to respect the privacy of our website services and app users. In accordance with DP Law and as applicable by our Terms of Use (which are available here: https://www.mamopay.com/legal/terms, https://www.mamopay.com/legal/terms-business, Mamo collects information about you when you use or access our websites and other web-based products, information or services (collectively, the “Website Services”) as well as through other interactions and communications you have with us, such as through the Mamo App (the “App”). This data protection policy (the “Policy") sets out the basis on which any information, including any personal data, we collect from you, or you provide to us, will be processed by Mamo. Each time you access or use the Website Services, the App or provide us with information, by doing so you are accepting and, where possible, consenting to the practices described in this Policy. It is important that you read this Privacy Policy so that you are fully aware of how and why we use your personal information.

    Third Party Websites: If you are using Website Services, some links on it may lead to non-Mamo websites with their own privacy notices, which may be different to this Privacy Policy. You should read those privacy notices carefully.

    Children Data: The Website Services or App are not targeted, intended or expected to be of use to children. Apart from providing information for specific services or purposes, as directed by DP Law processes, App or Website Services’ user-provided contributions of content or contact information regarding or about children are expressly prohibited.
  2. What personal information do we collect about you?

    As part of Mamo’s commitment to the privacy of Mamo’s customers and visitors while using the Website Services or App more generally, we want to be clear about the information we will collect from you.

    We will collect your personal data when you:
         •     use our website at www.mamopay.com;
         •     use the App; or
         •     use any of the services you can get access to through the App or Website Services.
         •     provide information or fill in forms on the App or through our Website Services (as provided in detail below):

    Information you give us
    We will collect the following personal information about you:

         •     your name, address, and date of birth;
         •     your email address, phone number and details of the device you use (for example, your phone, computer or tablet);
         •     your Mamo tag, password and other registration information;
         •     details of your bank account, such as your account number, and IBAN;
         •     identification documents (for example, your passport or ID), copies of any documents you have provided for identification purposes, and any other information you provide to prove you are eligible to use our services collected through a third party provider platform called IDNow; and
         •     records of our discussions, if you contact us or we contact you (including logs of phone calls).

    You should not provide us with any personal data about other people (such as your spouse or family).
         •     You will need to submit details of your debit cards and credit cards (or other debit or credit cards you have registered with us), including the card number, expiry date and CVC (the last three digits of the number on the back of the card) to access our services, however this data is not received or stored by Mamo, it is processed by a PCI-DSS compliant third party on our behalf whose systems are integrated with our platform. The third party may send us information, such as an “alias” version of the card, which will allow us to provide our services, but will not result in us collecting or storing the actual account data held on the card.

    Information obtained automatically
         •     Whenever you use our App or Website Services we collect data and information (including through third party products) on your device called Log Data. This Log Data may include technical information, including the internet protocol (IP) address used to connect your computer to the internet, your device ID for security reasons, your log-in information, the browser type and version, the time-zone setting, the operating system and platform, mobile network information, your mobile operating system and the type of mobile browser you use, as well as your account information. We collect this information to enable us to identify and fix technical issues with our services and to make improvements.

         •     Information about your visit, including the links you have clicked on, through and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page.

         •     If the App has requested location tracking and you agree to turn location tracking on, we will collect your location data in accordance with your settings, to assist with detecting fraud.

    Information we obtain from third parties
    We collect personal data, including credit records, late payment records, identity verification information and information relating to the transactions you make from third parties, such as credit-reference agencies, financial or credit institutions, official registers and databases, as well as fraud-prevention agencies and partners who help us to provide our services. These agencies and partners include IDnow, UAE Pass, Acuris and card scheme operators such as Visa and Mastercard.
  3. Our reasons for collecting your information?

    We will only use your personal information if there is a reason for doing so and if that reason is permitted under applicable DP Law. 

    We use your personal data so we can provide the best service, tell you about our App and Website Services you may be interested in, and meet our legal obligations.

    We need to use your data in order to meet our obligations under our contract that we have with you, or we may need to use your personal information to enter into a contract with you. We use details about you to:

    To provide a requested service or carry out a contract with you.
    Where we need to in order to provide you with the services you have requested or to enter into a contract, we use your information to:

         •     assess your application and create and maintain your account, once approved;
         •     provide, maintain, and improve our App and Website Services, including, for example, to facilitate payments, send receipts, provide products and services you request (and send related information about them), develop new features, provide customer support to users, authenticate users, and send administrative messages, whether for information or as required by applicable DP Law;
         •     investigate and resolve complaints and other issues;
         •     keep our App and Website Services safe and secure; and
         •     personalise and improve the App and Website Services, including to provide or recommend features, content, social connections, referrals, and advertisements.

    Where we have a legitimate interest.
    We may also process your data for our legitimate interests or those of a third party to whom your personal information has been made available. These legitimate interests may include:

         •     to detect and prevent unlawful use, misuse or abuse of the App and Website Services and to ensure the security of our networks and services;
         •     to enable Mamo’s customer services team to help you with any queries in the most efficient way possible and to provide a positive customer experience;
         •     to ensure that the content of the App and Website Services is presented in the most effective manner and tailored to the device you are accessing it from, and to enable us to track, analyse and improve the services we give you and other customers and to understand how you respond to ads we show. We may ask for feedback if you’ve shown interest in a service. We do this so that we can improve our products and understand how to market them;
         •     to notify you if there are any changes or developments to the App and/or Website Services;
         •     to contact you to respond to your queries and feedback on the App and/or Website Services (where you have asked us to do so);
         •     to send you information about the App and/or Website Services or information we feel may interest you (unless you ask us not to); and
         •     to enforce Mamo’s contractual terms with you, for the exercise or defence of legal claims and to protect the rights of Mamo (including to prevent fraud).

    Where we rely on legitimate interest for processing your information, we carry out a ‘balancing test’ to ensure that Mamo’s processing is necessary and that your fundamental rights of privacy are not outweighed by Mamo’s legitimate interests before we go ahead with such processing.

    Where we have a legal obligation.
    We also use your personal information to meet Mamo’s legal and regulatory compliance obligations and to respond to the requests of any applicable authorities. This may include using your personal information to help detect or prevent crime (including fraud detection, terrorism financing, money laundering and other financial crimes). We will only do this on the basis that it is needed to comply with a legal or regulatory obligation.

    If you do not provide the personal information necessary or do not respond to any queries that we may provide to you in respect of the processing then (where this information is necessary for us to provide our App or Website Services to you), we will not be able to provide our fully intended services to you. We will notify you where this is the case.

    Mamo should never contact you by email or otherwise to ask you to validate personal information such as your user ID, password, contact information or bank details. If you receive such a request, please email us without delay on support@mamopay.com.
  4. How we store and share your data?

    We are required by DP Law to keep records of the processing that we undertake and this includes maintaining records of the following;
         •     a description of the personal data processing being carried out;
         •     an explanation of the purpose for the personal data processing;
         •     the data subjects or class of data subjects whose personal data is being processed;
         •     a description of the class of personal data being processed; and
         •     a list of the jurisdictions to which personal data may be transferred by us, along with an indication as to whether the particular jurisdiction has been assessed as having adequate levels of protection for the purposes of DP Law.

    We only retain your information for as long as is necessary for us to use your information as described above, where it is in Mamo’s legitimate interest, or to comply with Mamo’s legal obligations. However, please be advised that we may retain some of your information after you cease to use Mamo’s Website Services or App, for instance if this is necessary to meet Mamo’s legal obligations, such as data retention obligations imposed by a financial services regulator (we are regulated by the Dubai Financial Services Authority).

    When determining the relevant retention periods, we will take into account factors including:
         •     Mamo’s contractual obligations and rights in relation to the information involved;
         •     the extent to which the personal information is still required to be processed by Mamo to provide any services to you;
         •     legal obligation(s) under DP Law and financial regulation to retain data for a certain period of time;
         •     Mamo’s legitimate interest where we have carried out a balancing test;
         •     relevant legal limitation periods for claims;
         •     (potential) disputes;
         •     if you have made a request to have your information deleted; and
         •     guidelines issued by DP Law.

    Otherwise, we securely erase your information once it is no longer needed.

    Sharing your Personal Information with Third Parties
    We may share personal data which we collect about you as described in this Policy or as described at the time of collection or sharing, including as follows:

         •     with third parties to provide you a service you requested through a partnership or promotional offering made by a third party or us;
         •     with third parties with whom you choose to let us share your personal data, for example other apps or websites that integrate with our Website Services or App, or those with a service with which we integrate;
         •     with tax authorities, regulators and other governing authorities who require reporting of processing activities in certain circumstances or as otherwise required by applicable laws;
         •     with our professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
         •     with courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
         •     with potential purchasers of or investors in our business, however we will ensure any disclosure to such parties is limited as far as is necessary and your identity is not disclosed unless necessary.

    We also need to share your data with certain suppliers, including:
         •     Know Your Customer (KYC) service providers and credit reference agencies that help us with identity verification, credit referencing or fraud checks like IDNow;
         •     cloud computing power and storage providers like Google Cloud;
         •     our business intelligence and analytics platform providers (such as the service providers used by the App, Google Play Services and Firebase Analytics).;
         •     technical suppliers that help us with functional analytics (to help us solve technical issues with the App for instance);
         •     our marketing providers (but we will not share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt out any time);
         •     IT and system administration service provider;
         •     our email service providers;
         •     companies that help us with customer support;
         •     our affiliates who support us in providing the App and Website Services to you.
  5. Do we transfer your personal information outside the UAE?

    Your information may be transferred to and stored in locations outside the DIFC. When we do this, we will ensure appropriate safeguards are in place to ensure a similar degree of protection is afforded to it and that the transfer is lawful. For example, by using the standard contractual clauses that have been approved by the Commissioner of Data Protection and to be used for transfers outside the DIFC to a non-adequate jurisdiction.

    You can obtain more details of the protection given to your information when it is transferred outside DIFC by contacting us using the contact details in this Policy.
  6. How we keep your information secure?

    We use a range of security measures to keep your information safe and secure (including, but not limited to, encryption) and we take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage. We require Mamo’s staff and any third parties who carry out any work on Mamo’s behalf to comply with appropriate compliance and confidentiality standards including obligations to protect any information and applying appropriate measures for the use and transfer of information. We also have procedures in place to deal with any suspected data security breach. We will notify you and/or any applicable regulator of a suspected data security breach where we are legally required to do so.
  7. Your rights and choices
    Under DIFC DP Law, you have a number of rights when it comes to your personal information. Please contact us using our contact details provided in this Policy to exercise any of your rights.

    Marketing and opting out
    Users have legal rights under DP Law to opt-out of receiving marketing communications from us. You have the option to ask us not to process your personal information for direct marketing purposes.

    •     You may change your preferences at any time.
    Please note that we may continue to send you transactional or service-related e-mails despite your desire to not receive promotional or marketing e-mail messages. Additionally, please note that if you elect to opt-out of receiving promotional e-mails from one of our App and Website Services, you may continue to receive promotional emails from our other websites, providers or other, non-affiliated marketers whose services you may have accessed via our App and Website Services.

    Finally, while we may remove your individual contact information from our professional contacts database, please be aware that if such information is in a different third party's marketing directory through your request or election, you will need to request removal with such third party directly.

    •     Access to and correction of your personal information
    You have the right to access information held about you. Your right of access can be exercised in accordance with DP Law and other applicable laws. You also have the right to ask us to correct inaccurate information we hold about you.

    •     Automated decision making
    We have a fraud-detection system that automatically monitors transactions to attempt to identify fraud. This system will process certain personal information and may block transactions which are identified as potentially fraudulent. We will follow-up to investigate such transactions and may contact you. If you believe a transaction has been wrongly blocked, you may contact us and ask us to review the transaction.

    •     The right to withdraw consent
    If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal information for marketing purposes.

    •     The right to have your information erased
    You are entitled to ask us to delete your information. However, if you exercise this right we will not be able to provide you with our services. Please also note that we are not required to delete information where we have a continuing compelling reason or duty to retain it (such as compliance with record keeping requirements under financial regulations).

    •     The right to object to processing and to restrict processing
    In certain circumstances, you have the right to object to our use of your personal data or to ask us to restrict certain processing activities.

    •     The right to data portability
    You have the right to receive the data we process based on your consent and for the performance of the contract with you in a structured and machine-readable format.

    •     The right to lodge a complaint
    You have the right to lodge a complaint about the way we handle or process your personal information with the DIFC Commissioner of Data Protection.
  8. Do we use Cookies to collect personal data on you?

    Cookies are little files that websites put on your device to provide you with a better, more personal and relevant experience online. Some cookies are essential for websites to work and others remember things about you to give you a better, more enjoyable experience online. By continuing to use our websites, you are agreeing to our use of cookies. Alternatively, you can manage them in your browser settings.

    The App or Website Services that Mamo provides to you may use third party code and libraries that use “cookies” to collect information and improve our services. You have the option to either accept or refuse these cookies and know when cookies are being sent through to your device. If you choose to refuse our cookies, you may not be able to use the full extent of our App or Website Services.
  9. How can you contact us?
    If you have any enquires or wish to exercise any of your rights noted in section 7, you can contact us by email at support@mamopay.com or by writing to us at:

    Imad Gharazeddine
    Data Protection Officer
    Unit GA-00-SZ-L1-RT-196, Level 1, Gate Avenue - South Zone, Dubai International Financial Centre, Dubai, United Arab Emirates

    If you are not satisfied with Mamo’s response to any complaint or believe Mamo’s processing of your information does not comply with DP Law, you can make a complaint to the DIFC Commissioner of Data Protection.
  10. Updates to this Policy
    This Policy may be updated from time to time, and you will always be able to find the most recent version on Mamo’s websites. Where appropriate we will notify you of the changes for example by email or push notification.