Comera Pay | Your Gateway to Seamless Online Payments

Privacy Policy

Last Updated: February 12, 2024, Version 1.0

1. INTRODUCTION

1.1.       Comera Pay L.L.C (Company/we/our/us), are committed to protecting your privacy. This Privacy Policy (Policy) outlines our practices regarding the collection, processing, and utilization of personal data pertaining to: (i) current and former visitors of our website www.comerapay.com and mobile application (Android & iOS); (ii) individuals registered to use our payment services made available through our Platform (Services); and (iii) authorized representatives, directors or owners of entities registered to use our Services; as applicable (User/you/your).

1.2.      Personal data or personal information includes any data or information relating to you which may, by itself, or in combination with other data or information, be able to identify you.

1.3.      By using or accessing our Platform and/or Services, you consent to this Policy and to the data processing purposes and practices stated in it. If you do not agree with the data processing purposes and practices stated in this Policy, you may choose to stop using our Platform. We periodically update this Policy. We encourage you to review this Policy periodically.

2. PURPOSE AND CONSENT

2.1.      This Policy has been developed for purposes of compliance with the Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL), and the data protection-oriented provisions present in the Retail Payment Services and Card Schemes Regulation, Stored Value Facilities Regulation, Consumer Protection Regulation and Consumer Protection Standards issued by the Central Bank of the UAE (CBUAE).

2.2.     Without information about you, we may not be able to provide you with the Services or the support you request or require. Some of the Personal Data we obtain is collected to comply with applicable laws and regulations, including anti-money laundering laws. This Policy explains:

2.2.1.   The types of Personal Data we collect about you;

2.2.2.   How we use Personal Data about you;

2.2.3.   Types of information we disclose to third parties and the types of such third parties; and

2.2.4.  How we protect your Personal Data;

3.    AMENDMENTS TO THIS POLICY

3.1.           From time to time, we may revise, amend, or supplement this Policy to reflect necessary changes in law, our Personal Data collection and usage practices, the features of our offerings, or advances in technology. If any material changes are made to this Policy, the changes may be prominently posted on our Platform. However, the onus is also on you to occasionally familiarize yourself with the contents of this Policy, for your own information.

3.2.     Changes to this Policy are effective when they are published on our Platform.

4.    PERSONAL DATA PROTECTION PRINCIPLES

4.1.      Your Personal Data is collected and processed in accordance with relevant data protection principles, including lawfulness, fairness, and transparency; purpose limitation; collection limitation; data minimization; accuracy; rectification measures; storage limitation; integrity and confidentiality (security); with all relevant laws and regulations considered; and however applicable.

5.    CONSENT FOR PERFORMANCE OF CONTRACT, LEGAL OBLIGATIONS; CONSENT WITHDRAWAL

5.1.      You provide consent to your Personal Data (whether provided directly by you, whether collected by us, or received by us from third parties or otherwise) being processed to satisfy any and all legal obligations arising from any contracts entered into/ with/ involving you or to deliver any Services to you which you have contracted with us to provide to you; or to take steps at your request prior to entering into a contract with you.

5.2.     By applying or signing up for Services offered through our Platform, you authorize and consent to our obtaining from, and disclosing to, third parties any Personal Data about you in connection with identity or account verification, fraud detection, or collection procedure, or as may otherwise be allowed or required by applicable law.

5.3.     You can withdraw such consent. Such withdrawal will not affect the lawfulness of processing based on previously recorded consent. Such withdrawal will take effect within 30 calendar days of submission of request to withdraw consent to process Personal Data. If you wish to submit such a request, please contact us at privacy@comerapay.com.

5.4.     The specific Personal Data we collect, the method by which we collect such data, the purposes for which we collect such data, how we share such information, and how long we retain such information is explained individually, specifically for your clear, simple, and withdrawable consent below in this Policy.

6.    PERSONAL DATA WE COLLECT ABOUT YOU

6.1.      We collect the following Personal Data about you: –

6.1.1.     Identification information, such as your name, email address, home address, phone number, and date of birth, along with identification details of documents confirming your ID and address;

6.1.2.    Financial information, including without limitation bank account and payment card numbers, and bank statements;

6.1.3.     Information about transactions facilitated (when and where the transactions occur, the names of the transacting parties, a description of the transactions, the payment amounts, etc.);

6.1.4.   Information about the location of your device and some other device specifics, including your hardware model, operating system and version, unique device identifier, mobile network information, and information about the device’s interaction with our Services. We may also identify other software running on the device for anti-fraud and malware-prevention purposes (but will not collect any content from such software);

6.1.5.     Information about how you use our Services, including your access time, browser type and language, and Internet Protocol (IP) address;

6.1.6.   Information about you from third parties, including third-party verification services, mailing list providers, and publicly available sources (where lawful, this information may include your government-issued identification number);

6.1.7.   Information collected by Cookies and web beacons, including using web beacons and sending cookies to your device (for more information on this please see Clause 9 of this Policy);

6.1.8.   Pictures of your ID, utility bills, and other documents as may be requested by us and provided by you;

6.1.9.     Employment information;

6.1.10. Other information you provide when you participate in contests or promotions offered by us or our partners, respond to our surveys, or otherwise communicate with us; and

6.1.11.   Information contained in or relating to any communication that you send to us with or without our request, including without limitation the communication content and metadata associated with the communication.

6.2.     We may collect the Personal Data during the signup process for our Services, or in course of our identity or account verification process, or in course of your use of our Services.

6.3.     You undertake that all Personal Data provided to us by you is true, complete, and accurate and you must notify us of any changes to such Personal Data within a reasonable timeframe after such change has been affected.

6.4.    We do not knowingly collect data from, or market to, children under 18 years of age. By using the Services, you represent that you are at least 18 years. If we learn that Personal Data from users who are less than 18 years of age has been collected, we will deactivate your access to our Services and take reasonable measures to promptly delete such data from our records.

7.    MODE OF COLLECTION

7.1.         Information you provide to us directly.

7.1.1.    When you interact with us or access our Platform, open a digital wallet with us or use any other Services, we may collect basic information about you and establish an account (Account). Depending on the Services you choose, we may require you to provide us with your name, postal address, telephone number, email address and identification information to establish an Account. As a registered user you may also upload data or post various queries.

7.1.2.   From time-to-time, we invite you to participate in surveys, promotions, or contests. When you participate, we request certain Personal Data such as name and email address.

7.1.3.      If you correspond with us via email, we may gather in a file specific to you the information that you submit. This includes information provided for support purposes.

7.2.  Information collected automatically

                  We also may receive and store certain Personal Data about you and your device(s) automatically when you access or use our Services. This Personal Data may include:

7.2.1.    Technical Information: We collect technical information associated with your activity on our Platform and may include information related to your browser and operating system, IP address (the Internet address of your computer) unique device identifiers, and other information such as your device type.

7.2.2.    Site Usage Information: We collect information to better understand customer traffic patterns and site usage. This may include the webpage that you were visiting before accessing our Platform, and the pages or features of our Platform you browsed, to inform us which part of our Platform you visit and how much time you spend there.

7.2.3.    Site Preferences and Cookies: We collect information about your preferences to make your use of the Platform more productive through the use of cookies. Cookies are intended to make using our Platform easier by, among other things, saving your preferences for you. For details of how we use cookies for this purpose, please review Clause 9 of this Policy.

7.3.  Information collected from third-party services

7.3.1.     We collect Personal Data from third party partners who have your consent to provide us this data, and if you have given us consent to collect such data. We will gather Personal Data from third parties and service providers who you have authorized to collect, process, and share your Personal Data.

7.3.2.  We also collect Personal Data from you indirectly, when you provide Personal Data to our authorised partner entities who will then share the Personal Data with us to enable you to access the Services provided through our Platform.

8.    USE OF PERSONAL DATA

8.1. We do not sell, exchange, or give to any other person your Personal  Data, whether public or private, for any reason whatsoever, without your consent, other than for the express purpose of providing our Services to you.

8.2. We collect, process, and use Personal Data about you for the following purposes:

8.2.1.       To provide our Services to you;

8.2.2.   To improve, personalize and facilitate your use of our Services;

8.2.3.   To measure, customize, and enhance our Services, including the design, content, and functionality of our Platform, or to track and analyse trends and usage in connection with our Services;

8.2.4.  To analyse use of our Services;

8.2.5.  To improve our customer service;

8.2.6.  With your prior permission, to send periodic emails, news and information, or to conduct surveys and collect feedback, about our Services and to communicate with you about products, services, contests, promotions, discounts, incentives, offers and rewards offered by us and select partners, based on your communication preferences and applicable law, and the email address and phone number you provided for such communications;

8.2.7.  To administer our internal information processing and other IT systems;

8.2.8.  To maintain back-ups of our databases and to keep the records in accordance with our internal policies and procedures and the applicable law;

8.2.9.   To communicate with you, including without limitation, to deliver the information and support your request, including technical notices, security alerts, and support and administrative messages, transaction, and Service messages, to resolve disputes, collect fees, and provide assistance for problems with our Services;

8.2.10. To establish, exercise or defend legal claims, whether in court proceedings or in an administrative or out-of-court procedure for the protection and assertion of our legal rights, your legal rights, and the legal rights of others;

8.2.11. To comply with our obligations either required by law or by written agreements with third parties;

8.2.12. To develop new products and services; and

8.2.13. in order to: (i) protect our rights or property, or the security or integrity of our Services; (ii) enforce the terms of our Terms and Conditions or other applicable agreements or policies; (iii) verify your identity (e.g., some of the government-issued identification numbers we collect are used for this purpose); (iv) investigate, detect, and prevent fraud, security breaches, and other potentially prohibited or illegal activities; (v) comply with any applicable law, regulation, or legal process.

8.3.     We may use third-party service providers to process your Personal Data in the United Arab Emirates (UAE) and other countries. We ensure that processing of Personal Data by such third parties will be based on a legitimate legal ground and will be performed in accordance with lawful instructions of the Company and in compliance with the PDPL and other legal requirements.

9.    COOKIE POLICY

                    This Clause of the Privacy Policy explains what cookies are, what information we collect using cookies and how we use cookies in respect of the Platform.

9.1. What is a cookie?

9.1.1.       A ‘cookie’ is a small piece of encrypted text saved on the browser or hard drive in your computer or mobile device when you visit a website. Cookies are selected pieces of information that websites or mobile applications send to your device or computer’s hard drive, while you are viewing or using our Platform, as permissioned. It allows us to recognise you and make your next visit easier and the experience of our Services more useful to you. cookies can be stored for varying lengths of time on your browser or device.

9.1.2.   We use both session / transient cookies (which expire once you close your device web browser) and persistent cookies (which stay on your device until you delete them) to collect information to provide you with a more personalized and interactive experience in using our Platform and Services. This type of data is collected to make our Services more useful to you and to tailor your experience with us to meet your special interests and needs.

9.2. How we use cookies

9.2.1.   When you use and access our Platform, we may place a number of cookie files on your device’s web browser. We use cookies to enable certain functions of the Platform, i.e., to provide analytics, to prevent fraudulent or illegal activity, to store your preferences, to enable advertisements delivery, including behavioural advertising. We also use cookies to enhance your browsing experience by:

    a)       Recognizing when you log in and any preferred settings.

    b)       Giving you a browsing experience that is unique to you and to serve you content which we believe improves your sites experience.

    c)   Analysing how you use our sites which helps us to troubleshoot any problems and to monitor our own performance.

9.2.2.    In addition to our own cookies, we may also use various third parties’ cookies to report usage statistics of our sites, deliver advertisements on and through our Platform, and so on.

9.3.  Types of cookies we use

       We use the following four type of cookies,

9.3.1.    Essential cookies:  These cookies are essential to let you move around the Platform and use its features. These cookies allow our Platform to provide Services at your request. We use essential cookies to authenticate users and prevent fraudulent use of user accounts.

9.3.2.    Performance cookies: These cookies may be used to collect information about how you use the Platform, e.g., what Services you are selecting and if you experience any error messages. They also allow us to update our Platform to improve performance and tailor it to your preferences. These cookies do not collect any information that could identify you – all the information collected is anonymous.

9.3.3.    Functionality cookies:  These cookies are used to remember the choices you make, e.g. your username, log in details and language preferences. They also remember any customizations you make to give you enhanced, more personal features of your digital experience.

9.3.4.    Advertising and targeting cookies: These cookies are used to collect information about your visit to our sites, the content you viewed, browsing habits to deliver adverts which are more relevant to your interest, links you followed and information about your browser, device, and your IP address. They also measure the effectiveness of advertising campaigns.

9.4.  Cookies preferences

                   Please note, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer on our Platform. You may not be able to store your preferences, and some of our pages might not display properly. The Company is not responsible and will not be held liable for any loss resulting from your decision or inability to use cookies.

  10.     PROCESSING AND USE OF AGGREGATED, ANONYMIZED AND DE-IDENTIFIED DATA

          10.1. We may also create, process, collect, use, and share aggregated, anonymized, or de-identified data such as statistical or demographic data for any purpose which may be derived from your Personal Data. We may use this data to comply with legal or regulatory obligations.

          10.2. We may share such information with members of our group, service providers and our key partners. Some of these third parties may be in a jurisdiction outside the laws as stated in this Policy, in which case we will take all necessary steps to ensure that your Personal Data is treated securely and that such transfers are permitted under the applicable data protection laws.

          10.3. We may also use any or all of the Personal Data above to administer and manage our business in general, to detect and prevent misuse of our Services (including fraud and unauthorized payments), and to enforce our Terms and Conditions or any other contract to which we may be a party to.

  11.     YOUR REFUSAL, FAILURE, INABILITY TO PROVIDE US WITH NECESSARY PERSONAL DATA

          11.1. If you fail, neglect and/ or refuse to, or are unable to provide us any Personal Data which we necessarily need to provide you with Services, or which we need to collect by law (for example: identification information for KYC/AML obligations), we may not be able to provide you with Services on our Platform. In this case, we have the right to discontinue the provision of Services to you and/or close your Account. In such a situation, we will notify you at the earliest.

  12.      PROCESSING WITHOUT CONSENT

          12.1. We may collect and process some of your Personal Data without your knowledge or consent; and only where this is required or permitted by law. We may be compelled to surrender your Personal Data to legal authorities without your express consent, if presented with a court order or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state, or other applicable jurisdiction. Other situations where your Personal Data may be processed without your express consent include without limitation:

12.1.1. Where processing is related to Personal Data made publicly available by you;

12.1.2. Where processing is necessary to initiate or defend procedures relating to claim of rights and legal actions or are associated with legal or judicial procedures;

12.1.3. Where processing is necessary for the performance of any contract entered into where you are a party or for taking any action upon your request for concluding, amending, or terminating such contract; and

12.1.4. Where processing is necessary for public interest.

  13.      DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES

          13.1.  Any third party that receives or has access to Personal Data is required to protect such Personal Data and use it only to carry out the Services they are performing for you or for us, unless otherwise required or permitted by law. We shall ensure any such third party is aware of our obligations under this Policy and we enter into contracts with such third parties by which they are bound by terms no less protective of any Personal Data disclosed to them than the obligations we undertake to you under this Policy, or which are imposed on us under applicable data protection laws. In case of termination of our business relationships with such third parties we shall ensure that all your Personal Data is either retrieved from such third party or is destroyed. We shall also confirm in our contracts with such third parties that the third party does not have the right to use such data for unauthorized purposes.

          13.2. We may disclose relevant Personal Data:

13.2.1. where we are legally required to do so, to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements), or where we find it is necessary to investigate, prevent or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved disclose your Personal Data. Additionally, we may disclose your Personal Data to enforce our Terms and Conditions, or to protect our rights, safety, and security, and that of our users, other persons, or the public.

13.2.2. in connection with, or during negotiations of, any merger, sale of the Company’s assets, financing, acquisition of all or a portion of our business to another company, any dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, your Personal Data may also be transferred as a business asset forming part of our goodwill. If another company acquires us, our business, or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations held by us regarding your Personal Data, as described in this Policy.

13.2.3. governmental bodies and regulatory authorities, judicial bodies, our associates, agents, attorneys, or other representatives for compliance with legal obligations to which we are subject or for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. Such information may be shared even without your prior consent;

13.2.4. to our suppliers or subcontractors as reasonably necessary for providing our Services to you;

13.2.5. where we use third party advertising companies to serve ads when you visit or use the Services. These companies may use information about your visits to our Platform to provide advertisements about goods and services of interest to you, provided you have expressly consented to the same.

13.2.6. our group companies, including our affiliates, for rendering our Services, compliance with applicable laws and improving the quality of our Services;

13.2.7. in connection with the performance of our Services, with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples of such third parties include payment processing, customer relationship management, data analysis, email delivery, hosting services, customer service, quality assurance testing, technical support, operational support and maintenance services and marketing efforts.

13.2.8. our business partners that run advertising campaigns, contests, special offers, or other events or activities in connection with our Services; and

13.2.9. other users of our Services with whom you interact through your own use of our Services. For example, we may share information when you make a transaction.

  14.      INTERNATIONAL TRANSFER OF INFORMATION

          14.1. Your Personal Data is stored and transferred in compliance with the applicable legislation or regulations of the UAE.

          14.2.Our customers’ (e.g. merchants, individuals, and indirect beneficiaries) data privacy and protection are of utmost importance to us, and we are committed to ensuring compliance with the relevant data protection laws based on their location, in the UAE or cross-border.

          14.3. You should be aware that certain third-party service providers, such as payment transaction processors, may be in, or have facilities that are located in a different jurisdiction than either you or us.

          14.4. Some of the international organizations and countries to which your Personal Data may be transferred do not benefit from an appropriate data protection regulatory framework. For such international organizations and countries, we shall transfer your Personal Data, only upon ensuring that a suitable degree of protection is afforded to it through the implementation of the necessary safeguards, such as an adequacy decision by the relevant authority, adequate binding corporate rules or through the inclusion of standard contractual clauses in our agreements with such organizations and countries. We may also transfer your personal data to recipients outside the UAE based on your express consent; or if such transfer is necessary for judicial processes; or if such transfer is necessary for entering into or performing a contract between the Company and you or between the Company and a third party for your interests, or if such transfer is necessary for an act relating to international judicial cooperation; or if the transfer is necessary for protection of public interest. We shall notify you with regards to the specific safeguard we shall adopt in transferring your Personal Data to such an international organization and/or country if you require such data.

         14.5.If you wish to procure specific information about the third-party service providers with whom your Personal Data has been shared, please contact us at privacy@comerapay.com. If you choose to proceed with a service that requires the involvement of a third-party service provider, then your Personal Data may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. For these providers, we recommend that you read their privacy policies, so you can understand the manner in which your Personal Data will be handled by these providers.

  15.      THIRD-PARTY ADVERTISING AND ANALYTICS

          15.1. We may allow third-party service providers to deliver content and advertisements in connection with our Services and to provide anonymous site metrics and other analytics services. These third parties may use cookies, web beacons, and other technologies to collect information, such as your IP address, identifiers associated with your device, other applications on your device, the browsers you use to access our Services, webpages viewed, time spent on webpages, links clicked, and conversion information. This information may be used by us and third-party service providers on our behalf to analyse and track usage of our Services, determine the popularity of certain content, deliver advertising and content targeted to your interests, and better understand how you use our Services.

          15.2.The third-party service providers that we engage are bound by confidentiality obligations and applicable laws with respect to their use and collection of your information.

          15.3.This Policy does not apply to, and we are not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies. For more information, we encourage you to check the privacy policies of these third parties to learn about their privacy practices.

  16.      LINKS TO THIRD-PARTY WEBSITES

          16.1. Our Platform or communications may contain links to other third-party websites which are not owned or operated by us and are regulated by their own privacy policies. If you click on a third-party link, you will be directed to that third party’s platform. We strongly advise you to review the privacy policy of every platform you visit.

          16.2.   This Policy does not apply to, and we are not responsible for the privacy policies of these third-party websites regardless of whether they were accessed while using links from our Platform or communications. These third parties are typically used for the following:

16.2.1. Advertising, direct marketing, lead generation and other marketing service providers;

16.2.2. SMS and email notification service providers;

16.2.3. Foreign and domestic financial and credit institutions; and

16.2.4. Auditors.

 17.      YOUR RIGHTS IN RELATION TO YOUR INFORMATION

       You have the following rights with respect to your Personal Data:

            17.1.   Right to access to Information

17.1.1. You have the right to request and obtain the following information:

      a)        The categories of Personal Data processed;

      b)       The purpose of the processing;

      c)        Automated decision making on your Personal Data;

      d)        Target sectors or enterprises with whom your Personal Data is shared;

      e)        Controls or standards relating to storage of your Personal Data;

      f)        Actions for rectification, restriction, or erasure of your Personal Data which have been taken upon your request;

     g)        Safeguards in case of cross border Personal Data transfer;

     h)        Actions to be taken in case of personal data breach where such breach affects you; and

      i)        Procedure to lodge a complaint with the UAE Data Office.

17.1.2. We may refuse your demand if request is excessively repeated, is in contravention of judicial proceeding or investigations, negatively impacts our endeavors to maintain information security, or relates to the privacy of a third party.

           17.2.    Right to rectification 

17.2.1. You have the right to rectify any inaccurate Personal Data about you and to complete any incomplete Personal Data about you.

            17.3.    Right to erasure 

17.3.1. You have the right to demand erasure of your Personal Data with us if:

 a)        the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

     b)        you withdraw consent to consent-based processing;

     c)        you object to the processing of your Personal Data under the applicable law;

     d)        your Personal Data has been unlawfully processed; and

     e)       your Personal Data must be erased for compliance with legislation.

17.3.2. We may refuse your demand if your Personal Data is processed for compliance with a legal obligation; or establishment or exercise or defense of legal claims.

         17.4.    Right to restrict processing

17.4.1. You have the right to restrict processing of your Personal Data if:

     a)       you contest the accuracy of the Personal Data;

     b)        processing is unlawful;

     c)        we no longer need the Personal Data for the purposes of our processing, but you require Personal Data for the establishment, exercise, or defence of legal claims; and

     d)        you have objected to processing, pending the verification of that objection, in which case we may continue to store your Personal Data, but we will only otherwise process it: (i) where aforementioned processing is restricted only to storage of said Personal Data; (ii) with your consent; (iii) for the establishment, exercise or defence of legal claims; (iv) for the protection of the rights of another natural or legal person; or (v) for reasons of important public interest.

        17.5.   Right to stop processing 

17.5.1. You have the right to object to our processing of your Personal Data and stop the processing of said Personal Data in the following cases:

     a)       if such processing was done for direct marketing purposes;

     b)        if such processing was done for statistical survey purposes, unless such processing is necessary for public interest; and

     c)        where such processing is in contravention of personal data protection controls as envisaged by the PDPL and mentioned under Clause 4 (Personal data protection principles).

         17.6.    Right to Personal Data portability

17.6.1. You have the right to Personal Data portability to the extent that:

     a)       the legal basis for our processing of your Personal Data is your consent, or is a necessity to perform a contract to which you are party; or

     b)        such processing is carried out by automated means.

17.6.2. You have the right to receive your Personal Data from us in a structured, commonly used and machine- readable format. Where technically feasible, you may also request us to transmit your Personal Data directly to another entity.

         17.7.   Right to object to automated decision making

17.7.1. You have the right to object to automated decision making (if any) if it has legal or serious consequences that affect you. Such requests may be refused by us if such automated processing is performed in accordance with any contract between you and us, is necessary for compliance with other legislation, or you have specifically provided consent for such practices.

          17.8.   Right to lodge a complaint with the supervisory authority

17.8.1. In the UAE, you have the right to lodge a complaint with the UAE Data Office (if you have UAE domicile or place of business) or the Consumer Protection Department at CBUAE.

 18.      SUBMISSION OF REQUESTS FOR EXERCISE OF RIGHTS

          18.1. We aim to respond to all legitimate requests without undue delay and within 2 calendar months of receipt of any request from you. Occasionally it may take us longer than 2 calendar months, if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).

          18.2. If you wish to exercise any of the rights mentioned under Clause 17 (Your rights in relation to your Personal Data), please contact us at privacy@comerapay.com. We may need to request specific information from you to help us confirm your identity and ensure your entitlement to such rights. This security measure is to ensure that your Personal Data is not disclosed to any person who has no right to receive it.

  19.      DATA RETENTION

          19.1.  We retain Personal Data on your behalf, including customer data, transactional data, and other session data, linked to your account.

          19.2.  Your Personal Data will be processed for no period longer than as required by us for the purposes it was collected for, for the purposes of using our Services, and for meeting any legal, accounting, reporting, government, regulatory or law enforcement requirements. However, all Personal Data documents, records and files will be securely retained for a minimum of 5 years, as required under the Consumer Protection Regulations and Consumer Protection Standards issued by the CBUAE. Such retention period shall be calculated from the date of closing of your Account.

20.      SECURITY PRECAUTIONS AND MEASURES

          20.1.    Information security

20.1.1. We are committed to ensuring that your Personal Data is secure. To prevent unauthorized access or disclosure we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the Personal Data we collect via our Platform. We use industry-standard technical mechanisms and ensure that our affiliates or vendor entities use data encryption technology while implementing restrictions related to the storage of and the ability to access your Personal Data.

20.1.2. Our facilities are scanned on a regular basis for security holes and known vulnerabilities, to best ensure its security. Your Personal Data is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the Personal Data confidential.

20.1.3. We also have mechanisms in place to access your Personal Data in case of an actual or technical failure. We also ensure testing and evaluation of our technical and organizational measures at regular intervals to gauge the effectiveness of such measures.

            20.2.    No guarantee

20.2.1. Please note that no transmission over the internet or any method of electronic storage can be guaranteed to be absolutely 100% secure, however, our best endeavors will be made to secure data and the ability to access your Personal Data.

20.2.2. Without prejudice to our efforts on the protection of your data, nothing contained in this Policy constitutes a warranty of security of the facilities, and you agree to transmit data at your own risk.

20.2.3. Please note that we do not guarantee that your data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. Please, always check that any website on which you are asked for financial or payment information in relation to our Services is in fact legitimately owned or operated by us.

20.2.4. If you do receive any suspicious communication of any kind or request, do not provide your information and report it to us by contacting our offices immediately at privacy@comerapay.com. Please also immediately notify us if you become aware of any unauthorized access to or use of your account.

20.2.5. Furthermore, we cannot ensure and do not warrant the security or confidentiality of data transmitted to us or sent and received from us by internet or wireless connection, including email, phone, instant messaging service or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us at privacy@comerapay.com.

20.2.6. We also aim to conduct all applicable security risk assessments to ensure the availability of risk mitigation controls, to better safeguard the integrity of your data.

             20.3.    Data breaches

20.3.1. Should your Personal Data be breached, and your financial and personal security be at risk, we shall promptly and immediately communicate to you the nature of the breach which has taken place, the likely consequences of such a breach and shall describe thoroughly the measures we have implemented to address the breach and to mitigate any and all adverse effects to you and your rights. We will also notify the CBUAE of the breach in accordance with applicable regulations. In the unlikely event of a breach occurring, please reach out to us at privacy@comerapay.com for further information and for further advise on how to mitigate the potential adverse effects of such a breach.

   21.      CONTACTING US

          21.1. If you have any questions about our Policy as outlined above, or if you have any complaints, please contact us at privacy@comerapay.com.

          21.2. If you have any queries or issues pertaining to your information or our Policy, then please do write to us at any time by emailing us at privacy@comerapay.com.