NymCard Launches Open Finance Services Under CBUAE Open Finance Regulation
Learn more
Book a Demo

Global Privacy Policy

1. Introduction

This Privacy Policy (“Policy”) outlines how NymCard Payment Services LLC (UAE), NymCard Payments LTD (UAE), Nym Technologies Holding Limited (UAE), NymCard Payment Technologies (Egypt), NymCard SAL (Lebanon), NymCard Technologies (Private) Limited (Pakistan), Nym For Information Technology (Saudi Arabia), NymCard Payments Tech LLC (Qatar), and NymCard LTD (UK) (collectively referred to as “NymCard,” “we,” “us,” or “our”) collect, use, share, and protect your information when you access our website at www.nymcard.com and any associated services (collectively, the “Platform” or “Services”).

We are committed to respecting your privacy and maintaining the security of your personal information. This Policy outlines our data collection, processing, and security practices across all the countries where we operate in compliance with applicable data protection laws in the United Arab Emirates (UAE), United Kingdom (UK), Egypt, Saudi Arabia, Pakistan, Lebanon, Oman, and Qatar.

2. Why We Collect and Process Personal Data

We collect and process personal data to ensure the secure and efficient operation of our services while maintaining compliance with legal and regulatory requirements. Our data processing activities support essential business functions, safeguard user information, and enhance service quality.

Specifically, we collect and process personal data to:

  • Provide our services as a third-party payments processor, including transaction facilitation, identity verification, and fraud prevention.
  • Manage relationships with suppliers and service providers to ensure seamless operations.
  • Conduct recruitment and hiring processes for evaluating candidates and maintaining employment records.
  • Maintain employee, contractor, and staff relationships to fulfill payroll, benefits, and administrative obligations.
  • Comply with legal, regulatory, and fraud prevention requirements, including anti-money laundering (AML) and data protection laws.
  • Enhance security, risk assessment, and customer service by protecting against unauthorized access, improving user experience, and resolving inquiries effectively.

By processing personal data lawfully and transparently, we aim to protect privacy, uphold regulatory obligations, and deliver reliable services.

3. Who is Your Data Controller?

The NymCard entity responsible for your personal data depends on your location and the services you use. Each entity within NymCard operates in compliance with applicable data protection laws and acts as the data controller when processing personal data for its own purposes.

However, when NymCard processes personal data on behalf of a bank, fintech, or financial institution, those entities serve as the data controllers, determining how personal data is collected, used, and shared. In such cases, NymCard acts as a data processor, handling personal data strictly in accordance with contractual agreements and the instructions of the data controller.

4. Personal Information We Collect

We might collect different categories of personal data, including:

4.1 Standard Personal Data

  • Full name
  • Contact details (email, phone number, address)
  • Government-issued identification (passport, national ID)
  • Payment card details (card number, expiry date, CVV)
  • Bank account details
  • Bank account statements
  • Tax identification numbers

4.2 Special Personal Data (Processed Only With Consent)

  • Race or ethnic origin
  • Biometric data

4.3 Automatically Collected Data

  • Technical Data: IP address, device type, operating system
  • Usage Data: Website session details, interactions, navigation patterns
  • Location Data: Only with your consent

4.4 Data from Third Parties

  • Credit bureaus
  • Financial institutions
  • Fraud detection services
  • Public databases

5. How We Use Your Personal Information

We use the personal data we collect to deliver secure, compliant, and efficient services while protecting users from fraud and ensuring regulatory adherence. Our data processing practices are designed to enhance service quality, improve security, and support business operations.

Specifically, we use personal data for:

  • Providing our services, including card issuance, transaction processing, and payment facilitation.
  • Fraud detection and risk management to prevent unauthorized transactions and enhance security.
  • Identity verification and compliance with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations.
  • Improving customer experience and support through service enhancements, issue resolution, and communication.

It is important to note that we do not use your personal data for marketing purposes. We do not send promotional materials, newsletters, or advertisements, and we do not share your personal information with third parties for their marketing purposes.

Any use of tracking technologies or cookies for content personalization is conducted using anonymous data and does not involve marketing or profiling based on personally identifiable information.

6. Bases for Processing Personal Information

We process personal data based on the following lawful grounds:

  • Consent: When you provide explicit consent for specific processing activities, such as marketing communications or the handling of special categories of data.
  • Legal Obligations: To comply with regulatory requirements, including anti-money laundering (AML) laws, tax regulations, and data protection laws.
  • Legitimate Interests: To support essential business functions such as fraud prevention, security enhancement, and operational efficiency, ensuring our services remain reliable and secure.
  • Contractual Necessity: To fulfill agreements with our customers, including processing transactions, issuing payment instruments, and providing requested services.

Each processing activity is conducted in accordance with applicable privacy laws to ensure data protection, transparency, and accountability.

7. Who Has Access to Your Personal Data?

Access to your personal data is strictly controlled and limited to authorized parties necessary for service delivery, security, and compliance. These include:

  • NymCard employees and contractors who require access to perform their job responsibilities, all bound by strict confidentiality agreements.
  • Trusted service providers, such as payment processors, fraud detection agencies, and identity verification firms, who assist in securely processing transactions and mitigating risks.
  • Regulatory authorities and law enforcement agencies when disclosure is legally required to comply with applicable laws and regulations.

We do not sell your personal data to third parties for commercial purposes.

8. Data Breach Notification

We take data breaches seriously and have measures in place to detect, mitigate, and respond to any security incidents. In the event of a data breach involving personal data, we will:

  • Assess the nature and extent of the breach.
  • Contain and mitigate the breach to prevent further unauthorized access.
  • Notify affected financial institutions and partners promptly.
  • Report the breach to relevant regulatory authorities as required by law.
  • Provide guidance and support to affected parties, including recommended security measures.

Our response process aligns with applicable data protection regulations, including UK GDPR, UAE data protection laws, and regional financial sector guidelines.

9. Information Sharing and Disclosure

We may share personal data with authorized entities to facilitate our services, ensure compliance, and maintain security. These include:

  • Customers (banks and fintechs): To support service delivery, including transaction processing and identity verification.
  • Affiliates within our corporate group: For operational efficiency, compliance, and internal business processes.
  • Third-party service providers: Including IT infrastructure providers, KYC verification services, and fraud monitoring solutions that assist in secure and compliant service execution.
  • Regulators and law enforcement agencies: When legally required to comply with regulatory obligations, investigations, or lawful requests.

All data-sharing activities are conducted in accordance with applicable privacy laws and contractual safeguards to protect personal information.

10. Transfers to Third-Party Countries

We may transfer personal data across international borders while ensuring:

  • Compliance with local data protection regulations in all relevant jurisdictions.
  • Implementation of Standard Contractual Clauses (SCCs) or other legally recognized safeguards to protect data during transfers.
  • Robust encryption and access controls to maintain the confidentiality and security of transferred data.
  • All data transfers are conducted securely and in accordance with applicable privacy laws to ensure the protection of personal information.

11. How We Protect and Retain Your Personal Data

Data Security Measures

We implement industry-recognized security standards and frameworks to safeguard personal data against unauthorized access, disclosure, alteration, and destruction. Our approach aligns with international best practices and includes the following controls:

  • Encryption protocols to ensure secure storage and transmission of sensitive data, both at rest and in transit.
  • Strict access controls, including role-based permissions and multi-factor authentication (MFA), to limit access to authorized personnel only.
  • Continuous monitoring, vulnerability assessments, and regular security audits to detect and respond to potential threats in a timely manner.
  • Adherence to ISO/IEC 27001 standards for information security management and PCI DSS 4.0 requirements for the protection of payment card data.
  • Ongoing security awareness training and incident response planning to reduce operational risks and promote a strong security culture.

These technical and organizational measures are reviewed and updated regularly to remain compliant with evolving regulations and threats.

Data Retention

  • We retain personal data only for as long as necessary to fulfill legal, contractual, or regulatory requirements.
  • Once the retention period expires, data is securely deleted or anonymized in accordance with compliance guidelines.

Our approach ensures data confidentiality, integrity, and compliance with applicable privacy laws.

12. Automated Decision Making

We may use automated processes to:

  • Approve or deny applications
  • Prevent fraud
  • Assess risk

You have the right to request human intervention if automated decisions impact you.

13. Cookies and Tracking Technologies

We do not use cookies or tracking technologies to collect personally identifiable information for marketing purposes, nor do we share personal data with third parties for advertising or promotional activities.

14. Your Rights and Choices

Your rights may vary based on your location and applicable data protection laws. Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request corrections to any inaccurate or outdated information.
  • Request deletion of your personal data, subject to legal and regulatory requirements.
  • Object to the processing of your data for specific purposes.
  • Withdraw consent where data processing is based on your prior authorization.

To exercise any of these rights, please contact us at dpo@nymcard.com.

15. Supplemental Notices

We may issue additional privacy notices tailored to specific products, services, or jurisdictions to address unique regulatory requirements or data processing practices.

16. Changes to This Privacy Policy

We update this Policy periodically. Any changes will be posted on www.nymcard.com.

17. Third-Party Website Links

Our website may contain links to third-party sites. We are not responsible for their privacy policies.

18. Contact us

📩 Email: dpo@nymcard.com



 

Office #2703, Al Salam Tecom Tower,Sheikh Zayed Rd, Al Sufouh, P.O. Box 451240, Dubai, United Arab Emirates

PCI DSS

Card Issuing and Processing

Accelerators

Embedded Lending
By Industry
Money Movement
Developers

Company

© 2025 NymCard. All rights reserved.

NymCard Payment Services LLC is licensed by the Central Bank of the UAE and is a certified partner of Visa and Mastercard. All products and services are offered in accordance with applicable laws and regulations. The information provided on this website is for general informational purposes only and does not constitute an offer, solicitation, or financial advice.

Linkedin-in