Privacy Policy

Simpaisa is a global monetization and growth platform for digital content merchants. The company connects merchants to a network of more than 300 fragmented telecommunications operators and digital wallets in Pakistan. This long-term role must be accompanied by a sufficient level of trust. We ensure that your rights are protected while using our services and we will protect the data that you share with us. To protect your privacy, Simpaisa has adopted these principles in accordance with the legal requirements of the Data protection regulation of the land laws.

1. General

1.1 Who is processing my data? This privacy policy has been adopted by Publish Ex Solutions (hereinafter: Simpaisa), a private limited company established under the laws of Pakistan, located in Karachi Pakistan. The Policy also applies to members of the Simpaisa group, unless such members have adopted a separate privacy policy.

 

1.3. What is this policy about? The Policy describes how and for which purposes Simpaisa collects, processes and distributes your data (meaning any data relating to an identified or identifiable natural person) provided by you or collected by Simpaisa when you visit the website Simpaisa - Marketplace (hereinafter: Site), when you use the services or products that Simpaisa provides or may provide in the future (hereinafter jointly: Services) or when you communicate with Simpaisa.

 

1.4. Whom does this apply to? The privacy practices outlined in this Policy apply to Simpaisa only. If you are linked to other websites (including sites that offer or use the Services or which are linked on the Site or Services) or use the services of other service providers, please review the privacy policies posted by the relevant service providers.

1.5. What am I responsible for? You are responsible for ensuring the security of your device (restricting access, locking the device when not in use) and account (strong password, logging out after each session) which you use to access the Site and the Services and for communicating with Simpaisa and limiting the access of third parties to your device and account.

2. Processing and Collection of Data

2.1. Simpaisa processes your data to the minimum extent necessary for the purposes set out in this Policy.

2.2. Why does Simpaisa process my data? Generally, Simpaisa processes your data i) for the performance of a contract entered into (or before entering into a contract) between you and Simpaisa, ii) based on your consent, or iii) to fulfill a legal obligation, but may process your data also for other reasons to ensure the lawfulness of data processing. Where Simpaisa processes your data based on your consent, you may withdraw the consent at any time for any reason, or no reason at all, but this will not affect the lawfulness of processing your data by Simpaisa before the withdrawal.

2.3. Simpaisa may also process your data under Simpaisa’s legitimate interests. For more details, please see clause 2.6. and 2.7. below.

2.4. How does Simpaisa receive my data? Simpaisa collects your data using three approaches.

2.4.1. Firstly, when voluntarily provided by you on the Site (e.g. when you create an account, provide your data to access information or articles), in the process of using the Services (e.g. you insert your phone number to the payment window to make a mobile payment or to access content) or in any communication to (e.g. e-mails you send, chats), or interactions with, Simpaisa. The provision of such data by you is a requirement to enter into, or fulfill, a contract with Simpaisa, and without such data, Simpaisa would not be able to provide you the Services or fulfill the contract.

2.4.2 Secondly, when obtained by Simpaisa independently when you use the site or the services. The latter includes data that can be legally obtained using current technologies or in the course of providing you the Services, for example, data regarding your operating system, web browser, mobile network provider, country of residence, IP address, mobile phone number, network connection, device, the services that you use, how you use the Services, what content you purchase or access, how much you paid for the content, etc.

2.4.3. Thirdly, when obtained from third parties (e.g. from the content provider whose content you have purchased or accessed, or your mobile operator, or a contractual partner of the aforementioned). This may include data on your mobile phone number, what content you wish to purchase, whether your mobile payment was successful or not, why your mobile payment was unsuccessful, what you purchased if you are eligible to receive access to certain content if you have been refunded for a transaction if you have not paid your mobile phone bill etc. If you have made data about yourself public or your data is available from public sources, Simpaisa may also process your data available from such sources in accordance with this Policy.

2.5. What data does Simpaisa process about me? Simpaisa’s Services are constantly evolving and new Services are added regularly. So it is not possible to provide a complete list of data that we process about you, but some examples are set out below. The data that Simpaisa processes depend on the Services you use and differs between end-users (e.g. consumers who make mobile payments or access content) and other contractual partners (e.g. content providers, mobile operators).

2.5.1. What data does Simpaisa process, when I make a mobile payment or access content? Concerning end-users Simpaisa may process data such as phone number, IP address, what content, when, and at what price did you purchase, country of residence, mobile network provider, device data, operating system, payment behavior, purchase history, payment failure reasons (e.g. insufficient funds), etc. In case an end-user requests a refund from Simpaisa, Simpaisa may also process the e-mail address, name, bank account, or other payment account data you provided to correctly handle the refund.

2.5.2. What data does Simpaisa process, when I use Simpaisa’s Services to monetize content? Concerning partners, if you are a private individual, then we process your data, and if you are a legal entity, then we process the personal data of your employees and representatives. Simpaisa may process data such as name, names of representatives and employees, identification details (including personal identification code, date of birth), contact details, job titles, employer, country of residence, address, e-mail address, phone number, banking details, etc.

2.6. For what main purposes does Simpaisa process my data? Simpaisa may process:

2.6.1. your identification data (e.g. your name, the names of your representatives, the legal entities you represent, identification documents, personal identification codes, date of birth) mainly to identify you;

2.6.2 your contact data (e.g. phone number, address, e-mail address, preferred language) mainly to communicate with you, to provide to you information and offers;

2.6.3. your use data (e.g. how you use the Site and Services) mainly to evaluate the performance and functionality of the Site and Services;

2.6.4. your transaction data (e.g. what content you purchased, your mobile phone number, banking details) essentially to correctly process your transactions;

2.6.5. your trustworthiness data (e.g. data about payment behavior and violations) essentially for proper risk assessment and fraud management; and

2.6.6. your location data (e.g. IP address) for determining language preferences and for statistical purposes.

2.7. For what other purposes does Simpaisa process my data? The main reasons for processing your data have been outlined in the preceding clause. Additionally, Simpaisa may process your data for the following purposes:

2.7.1. deciding whether and on what terms to provide Services;

2.7.2. provision of Services and customer support;

2.7.3. processing and monitoring of transactions, the payment and billing thereof, and performance of other agreed tasks;

2.7.4. understanding how you use the Site and Services;

2.7.5. resolution of disputes and enforcement of rights and contracts;

2.7.6. accounting, calculation, and collection of fees;

2.7.7. verification of your transactions;

2.7.8. prevention and investigation of prohibited or illegal activities or fraud;

2.7.9. customization, updating, maintenance, protection, and improvement of the Site and Services;

2.7.10. provision of information, advertisements (including interest-based advertisements), offers, update notices;

2.7.11. comparison of data for accuracy, identification, and verification with third parties;

2.7.12. statistical, research, and reporting purposes;

2.7.13. to prevent money laundering and terrorist financing;

2.7.14. to anonymize it to create aggregated statistical data, which may be shared with third parties;

2.7.15. other reasonable business-related purposes, to fulfill legal obligations, or for purposes related to the above.

2.8. Does Simpaisa process my data by automated means? Simpaisa may process your data by automated means, but you will not be subjected to a decision based solely on automated processing.

2.9. Does Simpaisa process my sensitive personal data? Simpaisa does not collect, share or process your sensitive personal data (religious or political views, health-related data, etc.) in any manner. Simpaisa does not knowingly provide Services to, or process personal data of, children under the age of 16. If you believe that Simpaisa has unintentionally processed sensitive personal data or data of a child under the age of 16, please contact us.

3. Data Distribution

3.1. When does Simpaisa share my data? Simpaisa may share your data when: (1) permitted or required by law or to fulfill a contract with you; or (2) trying to protect against, prevent, investigate actual or potential fraud, security issues, technical issues, unauthorized transactions, or other violations; or (3) trying to enforce the applicable terms of service or other contracts; or (4) protecting against violations to the rights, property or safety of Simpaisa, our employees, clients or the public as required or permitted by applicable laws; (5) related to a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Simpaisa’s assets or stock, financing, public offering of securities, acquisition of all or a portion of Simpaisa’s business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), subject to standard confidentiality arrangements; or (6) you have given your consent to do so; or (7) necessary to provide you the Services as stipulated below.

3.2. With whom does Simpaisa share my data? Simpaisa may disclose your data to members of the Simpaisa group or contractors of Simpaisa to process it for Simpaisa, for managing transactions, providing content, assessing your creditworthiness, collecting fees and debts, identifying you, but also for improving your user experience, performing business support functions, providing customer support, marketing, communication, courier and postal services or other related tasks, based on Simpaisa’s instructions and in compliance with the Policy and any other applicable confidentiality and security requirements. Simpaisa may disclose your data to auditors, legal and financial consultants under a confidentiality obligation.

3.3. Does the provider of the content have access to my data? Content providers whose content you have purchased or accessed using the Services of Simpaisa may have access to your mobile phone number and transaction history relating to specific content provided by that content provider, mainly for processing transactions, customer support purposes (including for handling refund requests) and for proper delivery of content. If you raise a complaint with Simpaisa regarding a transaction, Simpaisa may be required to share data that you provide with the content provider, whose content you purchased/accessed (or tried to purchase/access), and your mobile operator.

3.4. Does my mobile operator have access to my data? Your mobile operator, and any mobile payment mediators, if applicable, will also receive data about your mobile transactions, e.g. what content you purchased/accessed from whom, when, and at what price, purchase history. The mobile operators and mediators need this data mainly to properly process, and bill you for, your mobile payments, manage fraud and provide you customer support.

3.5. Simpaisa may share non-personally identifiable data (e.g. general payment trends, statistics) publicly or with third parties.

5. Commitment to Data Security

5.1. What measures does Simpaisa use to protect my data? Your data is maintained and kept secure by applying physical, electronic, and procedural measures conforming to industry standards and applicable law where the company is geographically present. Simpaisa has implemented the privacy by design and privacy by default principles in its Services and workflows. Only authorized employees, agents, and contractors (who have agreed to keep data secure and confidential) of Simpaisa have access to your data on a need-to-know basis.

5.2. Where are Simpaisa’s servers located? Simpaisa processes your data on servers located in Karachi, Pakistan.

5.3. For how long will Simpaisa retain my data? Simpaisa will not retain your data for longer than necessary for processing. The applicable retention period will depend on our contracts, our legitimate interests for data processing, and applicable laws.

5.4. Right to access and data portability: Simpaisa gives you the right to get a copy of your data and request this data to be presented in a machine-readable format. Simpaisa facilitates downloading your data by giving downloading option.

5.5. How can I contact Simpaisa? For further information, please write to support@simpaisa.com 

---