Top

Privacy Policy

1. Purpose and Scope
This Privacy Policy ("Policy") governs the collection, processing, transfer, use, disclosure, and safeguarding of personal data by MasrPay S.A.E ("MasrPay", "we", "us", or "our"). This Policy is issued pursuant to and in accordance with the Egyptian Personal Data Protection Law No. 151 of 2020 (the "PDPL"), its Executive Regulations, and any other applicable laws and regulations issued by competent authorities, including but not limited to the Central Bank of Egypt and the Financial Regulatory Authority.
This Policy is binding upon users and applicable to any person who accesses or uses our Platform or otherwise interacts with our services, including merchants, end users, legal representatives, and corporate clients (hereinafter referred to as "User" or "You").
By accessing, browsing, or using our services, You acknowledge and irrevocably accept the terms of this Policy and any amendments hereto. We reserve the right to amend this Policy at our sole discretion at any time. Any substantial amendments shall be communicated via email or by a notification displayed on our Platform.

 

2. MasrPay Information
MasrPay For Payment Solutions S.A.E is a joint stock company incorporated under the laws of the Arab Republic of Egypt, registered under Commercial Registration No. 122661. Its registered office is located at: 21 Nagati Serag St., Ibrahim ElRefaie St., Al Manteqah Ath Thamenah, Nasr City, Cairo, Egypt. 1061

 

3. Definitions
"Personal Data": Any data related to an identified or identifiable natural person, whether directly or indirectly, including but not limited to names, contact information, financial data, identification documents, online identifiers, or other information defined under the PDPL.
"Sensitive Personal Data": Any Personal Data relating to financial status, health, biometric data, or minors.
"Cookies": Small data files placed on your browser or device to enhance your interaction with the Platform.
"Platform": https://masrpay.com/en and any subdomains or mobile applications owned, managed, or operated by MasrPay.
"Data Subject": A natural person whose data is being processed.
"Employee": Any individual employed by MasrPay or any of its affiliates or subsidiaries.

 

  • 4. Data Collection
    Categories of Personal Data:
    • Full name, national ID, email address, phone number, residence address
    Bank account details, credit/debit card information, transaction logs
    • IP address, geolocation, browser type, device identifier
    • Login credentials and authentication data
    • Behavioral tracking and online activity history
    • Documentation required for AML/KYC compliance
     
  • Means of Collection:
    • Data directly submitted through the Platform
    • Automatically collected via cookies, logs, and analytics tools
    • From financial institutions, payment partners, and verification providers
     
  • Purposes of Collection:
    • To perform contractual obligations and process transactions
    • To conduct KYC and AML verification
    • To secure and operate the Platform effectively
    • To comply with all relevant legal obligations
    • To manage and maintain customer relationships
    • For marketing and research (subject to consent)

 

5. Legal Basis for Processing
Our processing of Personal Data is justified by one or more legal grounds under the PDPL:
• Consent: where legally required.
• Contractual Necessity: for delivering services.
• Legal Obligation: to comply with AML/CFT and tax requirements.
• Legitimate Interests: for fraud prevention, cybersecurity, and service improvement.

 

6. Data of Minors
MasrPay does not knowingly collect or process Personal Data of individuals under the age of 18 without verified parental or guardian consent, in accordance with Article 9 of the PDPL. If we become aware that such data has been collected without proper authorization, we will take immediate steps to delete it.


7. Data Sharing and Disclosure
We may share Personal Data with:
• Governmental Authorities: Including the Central Bank of Egypt, Egyptian Tax Authority, the Anti-Money Laundering Unit, and the Data Protection Centre, where required by law
• Service Providers and Processors: Including payment processors, cloud hosting providers, fraud detection vendors
• Affiliates: As necessary for operations or support services
• Auditors and Legal Advisors: Under strict confidentiality agreements
• Business Transfers: In case of merger, acquisition, restructuring, or sale of assets

 

8. Cross-Border Transfers
MasrPay may transfer Personal Data outside the Arab Republic of Egypt only where such transfer complies with the requirements and conditions of the Egyptian Personal Data Protection Law No. 151 of 2020 ("PDPL"), including Article 14 thereof and relevant executive regulations.
Cross-border transfers will be undertaken only when:
• The transfer is necessary for the performance of a contract between the Data Subject and MasrPay, or for the implementation of pre-contractual measures taken at the Data Subject's request.
• The Data Subject has explicitly consented to the transfer after being informed of the risks involved.
• The destination country or recipient ensures an adequate level of data protection as determined by the Data Protection Centre, or contractual clauses have been adopted to safeguard the transferred data.
• The transfer is necessary for public interest, legal proceedings, or establishment, exercise or defense of legal claims.
In all cases, MasrPay shall:
• Conduct a data transfer impact assessment, where applicable.
• Notify the Egyptian Data Protection Centre prior to initiating regular or large-scale cross-border transfers.
• Maintain a record of such transfers, detailing the nature of data transferred, recipient entities, safeguards applied, and purpose of transfer.
•  Ensure that recipients of data are contractually bound to maintain equivalent levels of security and compliance with PDPL standards.
• Examples of lawful cross-border data transfers include:
• Using international payment processors and acquirers located in the EU, UK, or US for transaction settlement.
• Utilizing cloud hosting services based in jurisdictions with adequate data protection frameworks.
• Collaborating with global fraud detection systems or compliance solutions to fulfill AML obligations.
MasrPay shall not transfer Personal Data to any entity or jurisdiction deemed insecure by the Data Protection Centre unless a derogation under PDPL applies or specific approval is granted

 

MasrPay shall be liable for any breach of Personal Data resulting from such cross-border transfer unless it demonstrates that it is not in any way responsible for the event giving rise to the damage. Where cross-border transfers of Personal Data are necessary, we ensure appropriate safeguards, including:

• Compliance with Article 14 of PDPL
• Contractual clauses with international service providers
• Prior notification to the Data Protection Centre, where applicable

 

9. Data Retention
We retain Personal Data:
• For no less than 365 days
• As long as required for legitimate business or legal reasons
• In anonymized form beyond legal limits, where appropriate
In accordance with retention schedules defined in regulatory frameworks

 

10. Security and Safeguards
MasrPay employs industry-standard measures, including but not limited to:
• End-to-end encryption (TLS 1.3) for data in transit
• AES-256 encryption for data at rest
• Secure server facilities and firewalls
• Multi-factor authentication (MFA) and least-privilege access policies
• Regular vulnerability assessments and penetration testing
Users may report security vulnerabilities to: securityreporting@masrpay.com

 

11. Rights of Data Subjects
Under PDPL, You have the right to:
• Access: Request a copy of your Personal Data
• Rectify: Correct inaccurate or incomplete data
• Erase: Request deletion where not legally restricted
• Restrict/ Object: Object to certain processing activities
• Port: Request transfer to another provider in machine-readable format
Requests should be submitted to: DPO@masrpay.com


12. Cookies and Tracking Technologies
We use cookies and tracking tools for:
• Performance analytics (e.g., Google Analytics)
• Advertising (e.g., Meta Pixel)
• Fraud prevention and session management
Users may disable cookies in their browser settings but doing so may impair the Platform’s functionality.

 

13. Communications
You hereby consent to receive all service-related communications and legal notices from MasrPay, including but not limited to transaction confirmations, account-related alerts, compliance requests, and security notifications, via email, SMS, push notifications, or telephone calls to the contact details you have provided.
Such communications are deemed necessary for the proper execution of the contractual relationship and the fulfillment of legal obligations under Egyptian law, particularly the provisions of Law No. 151 of 2020 (the Personal Data Protection Law) and Law No. 88 of 2003 (Central Bank and Banking System Law), where applicable.
You retain the right to withdraw your consent to receive marketing or promotional communications at any time by submitting a written request to support@masrpay.com or info@masrpay.com, provided that such withdrawal shall not affect the legality of any processing carried out prior to the withdrawal. Withdrawal of consent to service-related communications may impact your ability to fully access or use the services provided by MasrPay.
MasrPay shall record and document all opt-out requests and act on them within a legally compliant period not exceeding five (5) business days from the date of receipt, unless otherwise mandated by applicable law or regulatory directives.

 

14. Breach Notification
In accordance with Article 37 of the Egyptian Personal Data Protection Law No. 151 of 2020 and its Executive Regulations, in the event of a breach of Personal Data in our custody, MasrPay shall take the following actions without undue delay and in any case within a maximum period of seventy-two (72) hours from becoming aware of the breach, unless such delay is justified under exceptional circumstances permitted by law:
• Notify the Egyptian Data Protection Centre (the "Centre"): This includes a comprehensive incident report comprising the nature of the breach, the categories and volume of data affected, the number and classification of Data Subjects impacted, likely consequences of the breach, and remedial or mitigation measures undertaken.
• Data Subject Notification: Where the breach is likely to result in a high risk to the rights and freedoms of Data Subjects, MasrPay shall inform affected individuals promptly in clear and plain language, including the nature of the breach, the name and contact details of our Data Protection Officer (DPO), the likely consequences, and the actions taken or proposed.
• Documentation and Internal Logging: Maintain an internal register of all Personal Data breaches, regardless of whether notification to the Centre or to Data Subjects is required. This includes the cause, affected systems, remedial measures, and prevention strategies.
• Examples of Breaches: Unauthorized access to payment data by an external actor, accidental deletion of user records without backup, a ransomware attack that encrypts user financial details, or a malicious internal leak of KYC documentation.

• Mitigation Measures: Depending on the type of breach, MasrPay may initiate incident response protocols including suspension of compromised systems, resetting user credentials, engaging external cybersecurity firms, or cooperating with law enforcement and regulatory authorities.
• Liability & Cooperation: Users agree to promptly cooperate with MasrPay to assess impact and execute remediation plans, including validation of identity if required. Failure to comply with breach response protocols may result in account suspension or legal proceedings, without prejudice to any statutory rights or obligations.
These obligations apply in tandem with MasrPay's contractual duties, internal incident management protocols, and any specific instructions issued by the Centre or other competent Egyptian authorities.
If you believe your data protection rights have been violated, you may file a complaint with the Egyptian Data Protection Centre or contact our DPO directly. We are committed to resolving all complaints in a lawful and timely manner.
"MasrPay has appointed a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and ensuring compliance with the PDPL. You may contact the DPO for any inquiries related to your personal data at DPO@masrpay.com."

 

15. Limitation of Liability
MasrPay shall not be held liable for:
• Indirect, incidental, or consequential damages
• Failures of third-party networks or systems
• Unauthorized access beyond our reasonable control
You hereby agree to fully indemnify, defend, and hold harmless MasrPay, its affiliates, officers, directors, employees, agents, and representatives from and against any and all claims, actions, proceedings, demands, liabilities, damages, losses, penalties, fines, costs, and expenses (including reasonable legal and accounting fees) arising out of or relating to: (i) your breach or alleged breach of this Privacy Policy; (ii) your violation of applicable data protection or financial laws, including without limitation, the Egyptian Personal Data Protection Law No. 151 of 2020 and its Executive Regulations; (iii) your misuse or unauthorized use of the Platform; or (iv) your failure to obtain any necessary consents or legal authorizations required under applicable law. This indemnity shall survive the termination or expiration of this Privacy Policy and shall be in addition to any other remedies available at law or in equity.

 

16. Termination
MasrPay reserves the right, at its sole discretion and without liability, to:
Terminate, suspend, or restrict any User account or access to the Platform with or without notice, for any reason including but not limited to fraud, abuse, suspected criminal activity, breach of this Policy, non-compliance with legal obligations, or inactivity.
Immediately block access to Personal Data or any part of the Platform, and to take all necessary technical or legal measures to safeguard its operations.
Retain, erase, or anonymize any Personal Data associated with a terminated account in accordance with applicable laws and regulatory requirements.
In the event of termination, all provisions of this Policy which by their nature should survive termination shall remain in effect, including but not limited to intellectual property rights, indemnities, limitations of liability, dispute resolution, and governing law provisions.

 

17. Assignment
You may not assign, transfer, delegate, or sub-license any of your rights or obligations under this Policy, whether by operation of law or otherwise, without the prior written consent of MasrPay. Any attempted assignment without such consent shall be null and void.
MasrPay may assign or transfer this Policy, in whole or in part, without restriction and without prior notice to You, to any of its affiliates, successors, acquirers, or as part of a merger, acquisition, restructuring, or sale of assets, provided such assignment ensures continued protection of Personal Data in accordance with this Policy and applicable law.


18. Waiver
Any failure or delay by MasrPay to enforce any right, term, or provision of this Policy shall not be construed as a waiver of such right, term, or provision, nor shall any single or partial exercise of any right or remedy preclude any further or other exercise of such right or remedy. A waiver shall only be effective if made explicitly in writing and signed by an authorized representative of MasrPay. No course of dealing, performance, or other conduct shall be deemed to waive any provision of this Policy. Any waiver of a breach or default shall not constitute a waiver of any subsequent breach or default, whether of the same or a different nature.

 

19. Governing Law and Jurisdiction
This Policy shall be governed by and construed in accordance with the laws of the Arab Republic of Egypt, particularly:
• Law No. 151 of 2020 (Personal Data Protection Law - PDPL), especially:
• Article 2 (Territorial Scope): Establishes that the law applies to any entity processing personal data in Egypt or related to Egyptians.
• Article 4 (Legal Basis for Processing): Enumerates the lawful grounds for data processing.
• Articles 7–10 (Data Subject Rights): Detail the rights to access, correct, erase, and object to processing.
• Article 14 (Cross-Border Transfers): Regulates international transfer of data.
• Articles 20–22 (Obligations of Data Controllers and Processors).
• Article 37 (Breach Notification): Requires breach reporting to the Data Protection Centre within 72 hours.
• The Civil Code (Law No. 131 of 1948) in matters related to contractual interpretation and obligations.
• Law No. 88 of 2003 (Central Bank and Banking System Law) and its amendments, to the extent that financial data is involved.
• Relevant executive regulations and decrees issued by the Ministry of Communications and Information Technology (MCIT).

Any dispute, controversy, or claim arising from or related to this Policy, including its formation, validity, or breach, shall be subject to the exclusive jurisdiction of the Economic Courts of Cairo, or other competent courts within the jurisdiction of Cairo, in accordance with the Egyptian Judiciary Law and the Civil and Commercial Procedures Law.

 

20. Language 

This Privacy Policy is available in both English and Arabic. In case of any discrepancy, the Arabic version shall prevail in accordance with Egyptian legal interpretation norms.
This Privacy Policy has been prepared in accordance with the Egyptian Personal Data Protection Law No. 151 of 2020 and its Executive Regulations, and is subject to periodic review and approval by MasrPay’s legal and compliance departments.


21. Mobile-Specific Data Collection and Usage
The MasrPay mobile application may collect additional data specific to mobile usage, including device identifiers, app usage statistics, crash logs, and session metadata. These are used to enhance app performance, ensure security, and comply with mobile platform requirements (iOS, Android, Huawei).


22. Use of SDKs and Local Storage
The app may use software development kits (SDKs) and local storage mechanisms to maintain session state, authenticate users, and improve user experience. These technologies are not used for advertising or behavioral tracking.


23. Platform Permissions
The app may request access to device features such as camera (for KYC), location (for fraud prevention), and biometric authentication. All permissions are requested with user consent and are used solely for security and compliance purposes.


24. Changes
This Privacy Policy may be updated from time to time. Users will be notified of major changes through the App or via registered email. Continued use of the App indicates acceptance of the latest policy version.

  • Contact Details: MasrPay For Payment Solutions S.A.E 
  • Commercial Registration No.: 122661 
  • Address: 21 Nagati Serag St., Ibrahim ElRefaie St., Al Manteqah Ath Thamenah, Nasr City, Cairo, Egypt 
  • Email: DPO@masrpay.com 
  • Security: securityreporting@masrpay.com

We may use cookies or any other tracking technologies when you visit our website, including any other media form, mobile website, or mobile application related or connected to help customize the Site and improve your experience. Privacy & Policy

Copyright © 2023 All Rights Reserved MasrPay