Privacy Policy

1. Information We Collect

1.1 Personal Information

We collect personal information that you provide directly to us, including:

• Account Information: Name, email address, phone number, company name, business type
• Financial Information: Bank account details, beneficiary ID, payment preferences
• Identity Verification: Government-issued ID, business licenses, tax identification numbers
• Contact Information: Billing address, business address, authorized contact persons

1.2 Transaction Information

When you process payments through our gateway, we collect:

• Transaction amounts, currency, and payment methods
• Customer payment information (encrypted and tokenized)
• Transaction timestamps and status updates
• Refund and chargeback information

1.3 Technical Information

We automatically collect certain technical information, including:

• IP addresses, device identifiers, and browser information
• Log files, usage patterns, and API call data
• Security event logs and fraud detection data
• Performance metrics and system diagnostics

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Provision

• Processing payment transactions and managing your account
• Providing customer support and technical assistance
• Monitoring and improving our payment gateway services
• Generating transaction reports and analytics

2.2 Security and Compliance

• Detecting and preventing fraud, money laundering, and unauthorized access
• Complying with legal obligations and regulatory requirements
• Conducting risk assessments and due diligence
• Maintaining audit trails and transaction records

2.3 Communication

• Sending transaction confirmations and status updates
• Providing important service announcements and security alerts
• Responding to inquiries and support requests
• Sending marketing communications (with your consent)

3. Information Sharing and Disclosure

We may share your information in the following circumstances:

3.1 Service Providers

We work with trusted third-party service providers who assist us in:

• Payment processing and banking services
• Identity verification and fraud prevention
• Cloud hosting and data storage
• Customer support and communication services

3.2 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our terms of service and protect our rights
• Investigate suspected fraud or security incidents
• Protect the safety and security of our users and the public

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction, subject to appropriate confidentiality protections.

4. Data Security

We implement comprehensive security measures to protect your information:

4.1 Technical Safeguards

• Encryption: All sensitive data is encrypted using industry-standard AES-256 encryption
• Secure Transmission: All communications use TLS 1.3 encryption
• Access Controls: Multi-factor authentication and role-based access controls
• Network Security: Firewalls, intrusion detection, and DDoS protection

4.2 Operational Safeguards

• Regular security audits and penetration testing
• Employee background checks and security training
• Incident response procedures and breach notification protocols
• Data backup and disaster recovery plans

4.3 Compliance Standards

Our security practices comply with:

• PCI DSS (Payment Card Industry Data Security Standard)
• ISO 27001 Information Security Management
• RMA (Royal Monetary Authority) regulations
• International banking security standards

5. Data Retention

We retain your information for different periods based on the type of data and legal requirements:

5.1 Transaction Data

• Payment Records: 7 years (as required by financial regulations)
• Transaction Logs: 5 years for audit and compliance purposes
• Fraud Detection Data: 3 years or until resolved

5.2 Account Data

• Active Accounts: For the duration of the business relationship
• Inactive Accounts: 2 years after last activity
• Closed Accounts: 1 year after closure (unless legal requirements apply)

5.3 Marketing Data

• Until you withdraw consent or request deletion
• Automatically deleted after 3 years of inactivity

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Portability

• Request access to your personal information
• Obtain a copy of your data in a portable format
• Review transaction history and account details

6.2 Correction and Updates

• Update your account information through the client portal
• Request correction of inaccurate information
• Modify communication preferences

6.3 Deletion and Restriction

• Request deletion of your personal information (subject to legal requirements)
• Restrict processing of your data in certain circumstances
• Object to processing for marketing purposes

6.4 How to Exercise Your Rights

To exercise these rights, please contact us at:

• Email: privacy@rmapayments.bt
• Phone: +975 17 123 456
• Client Portal: Account Settings > Privacy Controls

7. Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

7.1 Types of Cookies

• Essential Cookies: Required for basic website functionality
• Security Cookies: Used for fraud prevention and security
• Analytics Cookies: Help us understand website usage
• Preference Cookies: Remember your settings and preferences

7.2 Cookie Management

You can control cookies through:

• Browser settings and preferences
• Our cookie consent banner
• Third-party opt-out tools

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: