Friendi Pay
Privacy Policy Privacy Policy

Privacy Policy

Effective Date:   February 2026

INTRODUCTION

Payments Arabia LLC  (collectively “Payments Arabia”, “us”, “we”, “our”).

At Payments Arabia, we look after your (“you,” “user,” “subscriber,” “customer”) personal data carefully. This privacy policy (hereafter referred as Privacy Policy) together with our Cookie Policy and Terms and Conditions, which may be found on our website describes how we collect, use, process and store the data that you provide to us or that is generated or collected when you use our online services (via our website or our App).  

Please take a moment to read our Privacy Policy and any other privacy information we provide you when we are collecting or processing your data, so you know what choices you have about your personal data. By “you”, we mean the customer who contracts with us, the person we communicate with or a visitor to our website and/or App. It is important that the personal data we hold about you is accurate. Please keep us informed if your personal data changes.

DEFINITIONS

1)    App: The Friendi Pay Oman app. A mobile application that allows users to register with us as customers and then perform a range of payments transactions including sending money overseas, paying bills issued in Oman, sending and receiving funds using their Friendi Pay Oman electronic wallet and paying retailers in Oman.

2)    Contact Data: As defined in Article 2, Clause 2 of this Privacy Policy.

3)    Data Breach: Any incident that leads to unauthorized disclosure, destruction, or access to Personal Data, whether intentional or accidental, and by any means, whether automated or manual.

4)    Data Controller: The entity (Payments Arabia in this case) that determines the purposes and means of processing personal data.

5)    Data Processor: A third party that processes personal data on behalf of and under the instructions of the data controller.

6)    Data Subject: The individual to whom the personal data relates.

7)    Group Companies: The companies or organisations that are part of the Payments Arabia corporate family and share common ownership or control.

8)    Identity Data: As defined in Article 2, Clause1 of this Privacy Policy.

9)    Lawful Basis: The legal grounds under which we process personal data, which may include consent, contract, legitimate interest, public interest or legal obligation, amongst any other lawful basis applicable in your jurisdiction.

10) Marketing Communications: Any communication we send to you that promotes our products or services, or the products or services of third parties we work with.

11) Marketing and Communications Data: As defined in Article 2, Clause 5 of this Privacy Policy.

12) Personal Data: Any data, regardless of its source or form, that identifies or makes it possible to identify a natural person, either directly or indirectly, by referencing one or more identifiers such as a name, civil number, electronic identifiers, or location data, or by referencing one or more factors specific to the physical, genetic, mental, psychological, social, or cultural identity of that person.

13) Sensitive Personal Data: This includes any personal data of high degree of sensitivity for the data subject, which could include information such as any personal data revealing racial or ethnic origin, religious, intellectual, or political beliefs, criminal offenses or security-related data, biometric data (for identification purposes), genetic data, health data, or data indicating if one or both parents are unknown, as well as any other data that may pose a significant risk to the individual's privacy and security if disclosed or processed improperly.

14) Services and Financial data: As defined in Article 2, Clause3 of this Privacy Policy.

15) Technical Data: As defined in Article 2, Clause 4 of this Privacy Policy.

16) Third-Party Partners: External companies or organisations we collaborate with to provide you with our services or to enhance your experience. These may include infrastructure providers, payment processors, and marketing partners.

17) Third-Party Services: Any websites, services, or applications that are not owned or controlled by Payment Arabia and are accessed through our services.

18) Usage Data: As defined in Article 2, Clause 6 of this Privacy Policy. 

 

2   INFORMATION WE COLLECT ABOUT YOU

We may collect personal data about you from you directly, for example, when you provide information on the website or order or use our products or services, request more information on our contact us page, respond to a survey or questionnaire or from third parties, for example, partners who help provide our products and services, or for instance, from cookies when you use our website or App. We may collect information from you even if you’re not yet a customer, for example, if you provide information via our website or App.

Some of the types of personally identifiable data, as defined in applicable law, that we may collect about you could include the following:

1)    Identity Data: Such as name; title; date of birth; gender; passport copy; mother name, mother’s maiden name, ID number; national ID card; photographic image; and employment information: profession and monthly income range.

2)    Contact Data: Such as address; email; mobile number.

3)    Services and Financial data: Such as bank account details; payment card details; payment history, consumer account status.

4)    Usage data: Such as website browsing information; usage of any other product or service.

5)    Marketing and Communications data: Such as marketing preferences; queries / complaints; interests, preferences; survey responses.

6)    Technical data: Such as IP address; login data; time zone setting; location; device name; device model; browser information; operating system and platform details; system logs; other technology on the devices used to access the website; cookies; device identifier; device type.

With regards to your beneficiaries, we may collect and process the following information:

A)    For Account Transfers:

1.     Identity Data: first name; middle name; last name; nationality; bank account number; relationship.

2.     Contact Data: address.

B)    For Wallet Transfers:

1.     Identity Data: first name; middle name; last name; nationality; wallet ID number; relationship.

2.     Contact Data: address.

C)    For Cash Pickup:

1.     Identity Data: first name; middle name; last name; nationality; relationship.

2.     Contact Data: address.

 

3       HOW WE USE THE DATA WE COLLECT ABOUT YOU AND THE LEGAL BASIS FOR USING YOUR DATA

We will only use your personal data for the purposes we collected it or other reasons compatible with the original purpose.

We need a legal basis to use your personal data. For most uses of personal data, we will need your consent. However, we may use other legal bases strictly to the extent permitted by local privacy laws, such as:

1)     When you enter a contract with us for the provision of services to you, we may use your personal data to perform that contract, for example, to process your order or provide you with the services.

2)     We may rely on our “legitimate interests” to use your personal data where permitted by Oman’s Data Privacy laws.

3)     Some uses of your personal data are required to comply with a legal obligation, for example, tax or accounting requirements or co-operating with law enforcement agencies.

 

 

Purpose for which data is used

Type of data used

To process and deliver your order for products and services, including managing payments and registering you as a new customer

Identity

Contact

Marketing and Communications

To process financial services and transactions in relation to our mobile financial services

Identity

Contact

Services and Financial

To manage our relationship with you, including notifying changes to terms and conditions or Privacy Policy; keeping our records up to date; surveys; prize draws and competitions; communications between us, including service messages; monitoring communications and calls to our customer care service for training, compliance or operational purposes

Identity

Contact

Technical

Marketing Activities:

(1)  To provide you with relevant marketing communications and website or App content about our and third-party products and services that may be of interest to you and measure the effectiveness of such marketing.

(2)  Using your online browsing behaviour, purchases, and usage of our products and services to better understand you as a customer, and to provide you with personalised content and marketing. We may share this information with third parties on an anonymised basis; and

(3)  To analyse the current use of our products and services, to research and develop improved products and services and information technology systems, to better meet customer needs.

Identity

Contact

Technical

Usage

Services and Financial

Marketing and communications

To administer our business:

-       Operating, maintaining, and testing our network and IT systems; managing traffic; maintaining the security of network and services.

-       Responding to your comments and questions to provide customer support.

-       managing your account, including to communicate with you regarding your account; and

-       Efficient and proper operation of our business, including preventing and detecting fraud, complying with tax, accounting and legal or regulatory requirements and cooperating with law enforcement or regulatory bodies.

Identity

Contact

Technical

Services and Financial

Usage

 

4       WHOM WE SHARE YOUR DATA WITH

4.1   We may share your personal data with the following:

4.1.1 Our group companies.

4.1.2 Partners acting as data processors who help us provide our services to you or to supply their services to you, for example,

4.1.2.1 Infrastructure and software suppliers and managed service partners who may, for example, provide support and maintenance services to support the services we provide to you.

4.1.2.2 Our customer care centre provider.

4.1.2.3 Sales partners; content providers; advertising agencies who help us with our marketing to you; and survey companies who help us run customer surveys.

4.1.2.4 Payment processing agents.

4.1.2.5 Debt recovery or fraud agencies.

4.1.2.6 Law enforcement agencies or other public or regulatory bodies where required by law or to protect our or third party’s rights, business or assets.

4.1.2.7 Some of our mobile financial service partners.

4.1.3 Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, personal data may be transferred to the acquiring entity, provided that the recipient agrees to protect personal data in a manner consistent with this Privacy Policy.

4.1.4 Consent: We may share personal data with third parties where we have obtained the data subject's explicit consent to do so. This consent will be specific, informed, and freely given.

4.1.5 Cross-Border Transfers: Unless prohibited by local law, we may transfer your personal data to one of our group companies outside of your home country and process it in accordance with the Oman Personal Data Protection Law (PDPL).

4.2   Data Storage and Processing Location: All Personal Data is processed and stored exclusively within the Sultanate of Oman, in full compliance with the data localization requirements as mandated in the Oman Personal Data Protection Law (PDPL). We ensure that our data hosting infrastructure and service providers are located within Oman.

 

5       COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar tracking technology (collectively, “Cookies”) to help us understand how our website is used and to measure the effectiveness of our advertising. These cookies do not collect personal information that directly identifies you. They operate on an aggregate and anonymized basis, and no login or user-specific tracking occurs on this website.  For further information about the types of Cookies we use, the functions they perform, and how you can control Cookies, please see our Cookie Notice.

6       HOW WE PROTECT YOUR DATA

We use industry-standard technologies and processes to:

1)    check your identity when you contact us, but remember you are responsible for keeping your personal and account information secure and not sharing it, including passwords.

2)    protect your personal data from unauthorised access and accidental loss, disclosure, or destruction, while in storage or transit. For example, we use data encryption. However, we cannot guarantee the security of the personal data that you transfer to us over the Internet.

3)    limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. Where appropriate, they will only process your personal data on our instructions and are subject to a duty of confidentiality.

Please remember that third-party websites are outside our control and operate in line with their privacy policies. Your personal data entered in such websites, or your communications sent over the internet may therefore be at risk of unauthorised access or use.

We take the security of your personal data very seriously. In the event of a data breach that may compromise your personal data and resulted in the risk to your rights, we are committed to notifying both you and the relevant Omani data protection authorities within 72 hours of becoming aware of the breach, in accordance with the regulation.

We will provide you with clear information regarding the nature of the breach, the data affected, the potential consequences, and the measures taken or proposed to mitigate any potential risks.

 

7       HOW LONG WE HOLD ONTO YOUR DATA

7.1 We will hold personal data for a specific period of time for as long as reasonably necessary to fulfil the purpose we collected it for and in line with any legal obligations. In some circumstances we may store your personal information for longer periods of time, for example, where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements, so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings. When there is no longer need for your Personal Data, it will be safely destroyed in all our systems, with the use of appropriate electronic means, to ensure that the destroyed data cannot be accessed or restored.

7.2 We will retain your consent and preferences for as long as your consent remains active. If you withdraw your consent, we will cease communications and delete your marketing preferences within 30 days, unless retention is required for legal compliance or fraud prevention. 7.3 If you require further information about how we retain particular information, please contact us by sending an email to dataprivacy@beyond.one

8       YOUR RIGHTS CONCERNING THE DATA WE HOLD ABOUT YOU

Payments Arabia respect your rights concerning your personal data. This section outlines your rights under applicable data protection laws, and how to exercise them. To exercise any of these rights, please contact us through the channels provided below. We will respond to your request within 45 days required by applicable law. Please note that we may need to verify your identity before processing your request.

1)    Right to be Informed.

You have the right to clear, easily understandable, accessible information about the collection and use of your personal data, your rights and our contact details. This is set out in this Privacy Policy and any relevant privacy information given to you when we collect or process your personal data.

2)    Right to Access

You can ask us to send you a copy of the personal data we hold about you. We shall provide you with the copy of your data within the timeline prescribed in the applicable law.

3)    Right to Correction

You can request that we correct personal data about you that we hold where it is incomplete, inaccurate or obsolete. We may need to verify the accuracy of the new data you provide to us.

4)    Right to Deletion or Destruction

As per the relevant applicable law, in some situations, you can request we destroy personal data we hold about you, for example, where you no longer consent to our use of your personal data or there is no longer a compelling purpose for us to hold it.

5)    Right to be Notified in Case of a Data Breach 

Your security is our priority. If we discover a data breach that compromises your personal information, we are committed to notifying you promptly and transparently, in accordance with applicable legal requirements.

6)    Right to Data Portability.

You can ask us to provide your personal information to you in a structured, commonly used, machine readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:

(a)   the processing is based on your consent or on the performance of a contract with you; and

(b)  the processing is carried out by automated means

7)    Right to Withdraw Consent

If we process your personal data based on your consent, you can withdraw it at any time. However, this will not affect the lawfulness of any processing based on your consent before its withdrawal.

9       CHANGES TO OUR PRIVACY POLICY

This Privacy Policy may change from time to time. Any changes we make will be posted on this page. We will notify you of any significant changes to this Privacy Policy by appropriate means.

10   CONTACTING US

If you have any comments or queries regarding our products or services, please contact the Customer Services team at 79-525252. If you have any questions or concerns about our use of your personal data or this Privacy Policy, please contact our data protection team at dataprivacy@beyond.one.