Skip to main content

Privacy Policy

This Privacy Policy highlights the new services and features introduced in the updated version of the Mobimal mobile application. It also outlines our policies and procedures regarding the collection, use, and disclosure of your information when you use our Service. Additionally, it explains your privacy rights and how applicable laws protect you.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. Our Service also provides access to integrated financial services such as LYPay and OnePay, ensuring a high level of security and full compliance with Libyan banking regulations.

Interpretation and Definitions

Interpretation

Words with capitalized initials have defined meanings. These definitions apply regardless of whether the words appear in singular or plural form.

Definitions

For the purposes of this Privacy Policy:

  • Account refers to a unique profile created to access Our Service.
  • Affiliate means an entity that controls, is controlled by, or is under common control with Us.
  • Application refers to the Mobimal mobile application provided by the Company.
  • Company (referred to as “We,” “Us,” or “Our”) means Masarat for IT and Financial Services, Tripoli, Libya.
  • Country refers to Libya.
  • Device means any device capable of accessing the Service, including computers, smartphones, and tablets.
  • Personal Data refers to any information related to an identified or identifiable individual.
  • Service refers to the Application and associated functionalities.
  • Service Provider means third parties engaged to process data on Our behalf.
  • Usage Data refers to data collected automatically when using the Service.
  • Add Friend refers to a feature enabling users to scan a QR code to add a beneficiary for money transfers to National Commercial Bank account holders and other banks in Libya.
  • You refers to the individual or entity accessing the Service.
  • LYPay / OnePay: Legal payment services launched by the Central Bank of Libya for bank transfers using IBAN & enables you to make purchases using electronic payment methods.
  • Remote Onboarding refers to a process to perform facial forensics and verify the user’s identity by matching their face with their passport photo.
  • QR push mode: a service that allows user to generate QR code for push payment

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

We may collect the following personally identifiable information:

  • Email address
  • First and last name
  • Phone number
  • Usage Data

Usage Data

Usage Data is collected automatically and may include:

  • IP address
  • Browser type and version
  • Pages visited, visit duration, and other analytics
  • Device type and identifiers
  • Mobile operating system details

Information Collected While Using the Application

With Your permission, We may collect:

  • Location Data (used per session only, for ATM/branch locator features)
  • Camera Access (for QR code-based payments and Remote Onboarding process)
  • Network Access (to enable transaction processing)
  • Read Media: (Used to capture images of your face and passport as part of the identity verification process)
  • Read Video: (Used to verify that the facial image is captured in real time during identity verification)
  • SMS Autofill (for OTP verification)

You can enable or disable access to these features at any time via Your device settings.

Money Transfer Service Using IBAN

To facilitate money transfers, We may collect:

  • Sender Information: Name, address, phone number, email
  • Recipient Information: Name, IBAN
  • Transaction Details: Amount, currency, reference (if provided)
  • Identification Verification: (Potential future requirement for compliance)
  • Device Information: Device type and operating system

Use of Your Information:

  • Process transactions securely
  • Verify identity and prevent fraud
  • Provide customer support
  • Comply with regulatory obligations

Information Sharing:

  • Third-Party Service Providers (e.g., payment processors, fraud screening services)
  • Regulatory Authorities (for anti-money laundering (AML) and know-your-customer (KYC) compliance)

Data Security Measures:

We implement safeguards such as:

  • Encryption: Data is encrypted in transit and at rest.
  • Access Controls: Only authorized personnel have access.
  • Regular Security Audits: We conduct periodic assessments to identify vulnerabilities.

Permissions and Access Control

We request permissions solely to provide essential functionalities, including:

  • Location Services (Optional): Find ATMs/branches.
  • Read Media: To capture images of your face and passport for identity verification.
  • Read Video: To verify that the facial image is captured in real time.
  • Camera Access: Used for QR code-based payments (images not stored) and to verify and match the user’s face with their passport photo as part of the remote onboarding process (for opening a new bank account).
  • Note: No images captured by users are stored — this process is strictly limited to verifying the match between the live image and the passport photo for identity purposes only.
  • Notifications (Optional): Account activity alerts, security updates.
  • Secure Login: Encrypted data storage for enhanced performance.

You can modify permissions at any time via Your device settings.

ISO 27001 Compliance & Security

As part of Our commitment to information security, We adhere to ISO 27001:2022 standards to ensure confidentiality, integrity, and availability of data. Our security framework includes:

  • Risk Management: Regular risk assessments to identify and mitigate security threats.
  • Data Encryption: Secure encryption methods for data transmission and storage.
  • Incident Response: A structured plan to detect, respond, and recover from security incidents.
  • User Access Controls: Role-based access restrictions to limit data exposure.
  • Audit and Compliance Monitoring: Continuous audits to ensure adherence to regulatory and compliance requirements.

In case of a data breach, We will promptly notify affected users and relevant authorities, as per applicable regulations.

Data Retention

We retain Personal Data only as long as necessary for:

  • Service provision and legal compliance
  • Fraud prevention and dispute resolution
  • Business analytics and service improvement

Usage Data may be retained for a shorter period unless required for security or legal compliance.

Children’s Privacy

Our Service is not intended for individuals under 18. We do not knowingly collect data from minors. If You are a parent or guardian and believe Your child has provided Personal Data, please contact Us for removal.

Your Rights

Depending on Your location and applicable laws, You may have the right to:

  • Access Your Data: Request a copy of the information We hold.
  • Correct Inaccuracies: Update or rectify incorrect information.
  • Restrict Processing: Limit how We use Your data.
  • Deactivation request: request a temporairly deactivate your mobile banking account to proceed and delete it personally in your designated branch.
  • Data Portability: Transfer Your data to another provider.
  • Object to Processing: Opt-out of certain uses, such as marketing.

To exercise these rights, contact Us via the details below.

OnePay Service

With OnePay – one payment for everything, and transfers to anyone!
This is a unified payment service officially supported by the Central Bank of Libya, designed to make your payments and money transfers simple and secure. Through this service, you can:

  • Make electronic purchases using any of the supported payment providers such as : Masrefy Pay, Yussor Pay, Sahara Pay, Daman Pay, Seraj Pay and Waha pay.
  • Pay across banks and providers seamlessly, regardless of your primary payment app.
  • Transfer money between participating banks quickly and easily.

Privacy and Data Protection

  • We do not store your card or bank account details within the app.
  • All payment and transfer operations are processed through encrypted channels, following PCI DSS and ISO 27001 standards, and in compliance with applicable data protection regulations.
  • The app only shares the minimum required information with OnePay and the authorized payment providers to complete the transaction. Your data is never used for marketing or any unauthorized purpose.
  • We are committed to transparency in notifying you whenever your data is shared with third parties, in line with App Store and Google Play payment and consumer protection policies.

Your Consent

By using the OnePay service within the app, you consent to the processing of your financial data solely to complete your requested transactions, in accordance with the Central Bank of Libya regulations and applicable data protection laws.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be notified via email or a prominent notice on Our Service. Please review this policy periodically for updates.

Contact Us

For any questions regarding this Privacy Policy, You can contact Us at:

Used By Dorcas Theme