Masarat for IT and Financial Services (“Masarat”), located in Tripoli, Libya, is committed to protecting the privacy of Our users. This Privacy Policy explains how We collect, use, disclose, and protect information when You use Our mobile banking application, Sahara Business (the “App”), a product provided by Masarat for Sahara Bank in Libya.

Sahara Business now supports B2B (business-to-business) transactions, enabling businesses to transfer large amounts seamlessly. The new feature allows businesses to make high-value transfers within Sahara Bank and to other Libyan banks, with transaction limits starting from 1 million LYD per transfer.

Interpretation

Words with capitalized initials have defined meanings. These definitions apply regardless of whether the words appear in singular or plural form.

Definitions

For the purposes of this Privacy Policy:

· Account refers to a unique profile created to access Our Service.

· Affiliate means an entity that controls, is controlled by, or is under common control with Us.

· Application refers to the Sahara Business mobile application.

· Company (referred to as “We,” “Us,” or “Our”) means Masarat for IT and Financial Services, Tripoli, Libya.

· Country refers to Libya.

· Device means any device capable of accessing the Service, including computers, smartphones, and tablets.

· LYD (LY) refers to the Libyan Dinar, the official currency of Libya.

· Personal Data refers to any information related to an identified or identifiable individual.

· Service refers to the Application and associated functionalities.

· Service Provider means third parties engaged to process data on Our behalf.

· Usage Data refers to data collected automatically when using the Service.

· You refers to the individual or entity accessing the Service.

Types of Data Collected

Personal Data

We may collect the following personally identifiable information:

• Email address
• First and last name
• Phone number
• Usage Data

Usage Data

Usage Data is collected automatically and may include:

• IP address
• Browser type and version
• Pages visited, visit duration, and other analytics
• Device type and identifiers
• Mobile operating system details

Information Collected While Using the Application

With Your permission, We may collect:

• Camera Access: For QR code-based payments (images not stored).
• Network Access: Required for transaction processing.
• Storage Access: To create and display PDF files such as transfer receipts and statements.
• Biometric Data (Optional): For secure login via fingerprint or facial recognition.
• Push Notifications: To alert You about account activity and security updates.
• Flashlight Access (Optional): If needed for QR scanning in low-light environments.

You can enable or disable access to these features at any time via Your device settings.

Money Transfer & B2B Transactions

To facilitate secure transactions, We may collect:

• Sender Information: Name, phone number, email.
• Recipient Information: Name, IBAN.
• Transaction Details: Amount, currency, reference.
• Business Transfers: For B2B transactions, We comply with enhanced security measures, including transaction monitoring and identity verification.

Use of Your Information:

• Process transactions securely.
• Verify identity and prevent fraud.
• Provide customer support.
• Comply with regulatory obligations, including anti-money laundering (AML) and know-your-customer (KYC) requirements.

Information Sharing:

• Third-Party Service Providers (e.g., payment processors, fraud prevention tools).
• Regulatory Authorities (as required by financial regulations in Libya).

Security Measures:

We implement safeguards such as:

• Encryption: Data is encrypted in transit and at rest.
• Access Controls: Role-based access restrictions.
• Regular Security Audits: We conduct periodic assessments to identify vulnerabilities.
• Incident Response: A structured process for managing security breaches.

Masarat adheres to ISO 27001:2022 and the Libyan NISSA Information Security Manual to ensure the confidentiality, integrity, and availability of information. Our security framework includes:

• Risk Management: Continuous risk assessment to identify security threats.
• Data Encryption: Advanced encryption techniques for securing transactions.
• Incident Handling: Procedures for rapid detection and response to security breaches.
• Compliance Monitoring: Regular audits to ensure adherence to Libyan financial regulations and global security standards.

In the event of a security incident, We will promptly notify affected users and relevant authorities, as per regulatory requirements.

We retain Personal Data only as long as necessary for:

• Service provision and legal compliance.
• Fraud prevention and dispute resolution.
• Business analytics and service improvement.

Usage Data may be retained for a shorter period unless required for security or legal compliance.

Our Service is not intended for individuals under 18. We do not knowingly collect data from minors. If You are a parent or guardian and believe Your child has provided Personal Data, please contact Us for removal.

Depending on Your location and applicable laws, You may have the right to:

• Access Your Data: Request a copy of the information We hold.
• Correct Inaccuracies: Update incorrect information.
• Restrict Processing: Limit how We use Your data.
• Data Portability: Transfer Your data to another provider.
• Object to Processing: Opt-out of certain uses, such as marketing.

To exercise these rights, contact Us via the details below.

Our Service may contain links to external websites. We are not responsible for their content or privacy practices. Please review their policies before providing Personal Data.

We may update this Privacy Policy from time to time. Changes will be notified via email or a prominent notice on Our Service. Please review this policy periodically for updates.

For any questions regarding this Privacy Policy, You can contact Us at:

• Email: support@masarat.ly
• Phone: 0900300900