We are a payment service provider incorporated and operating in the Republic of Azerbaijan. Information about us and contact details are as follows:

• Name: “PashaPay” MMC (PashaPay)
• Address: AZ1010, 153 Neftchilar Ave., Nasimi distr,. Baku city, Azerbaijan
• Registration number: 1300615891
• E-mail address: [email protected]
• Telephone number: +994124044110

We, as a controller of your data, collect a wide range of personal data about you through our applications, payment terminals, ATMs, websites, and other products. The categories of the personal data that we process are as follows:
We, as a controller of your data, collect a wide range of personal data about you through our applications, payment terminals, ATMs, websites, and other products. The categories of the personal data that we process are as follows:

• Name, surname, patronymic name
• Date of birth, place of birth
• Address
• ID card data
• Personal identification number
• Financial data, including but not limited to:
• Details of your card issuer and account servicing payment service provider
• Amount of funds in your bank account and other payment accounts
• Credit history
• Loan returning plan
• Payment transaction data (transaction ID, date and amount of transaction, receiver, name, and address of merchant, merchant category code (MCC), etc.)
• Terminal device data, including but not limited to:
• IP address of your phone, computer, and other devices
• Brand of your phone, type of operating system, hardware, browser, etc.
• Real-time locations
• Device ID (Data from which your device could be identified, such as device serial number) for example, your device's IMEI number, the MAC address of the device's wireless network interface
• Usage Data. Data about your activity on and use of our offerings, such as app launches within our services, including browsing history; search history; product interaction; crash data, performance, and other diagnostic data; and other usage data
• E-mail address
• Phone number
• Employment (workplace, work experience amount of salary, etc.) and social insurance data
• Biometrics (fingerprint etc.)
• Cookies
• Contact list information for facilitating the wallet-to-wallet transfer.

E-wallets on the m10 platform are linked to the users’ phone numbers. Therefore, we process your contact information when you initiate a wallet-to-wallet money transfer through the m10 platform. This lets us identify the holders of the e-wallets and designate the transactions more user-friendly.

When you visit our websites, we may collect your personal data, majorly known as ‘cookies’. Cookies are small text file data that we use to identify your terminal device. Our primary goals in processing cookies, identifying your device, and personalizing you are to measure your behavior. We understand that regardless of the type of cookies we are processing if it is directly or indirectly identifiable to you, it is personal data and to be processed as per laws.
We are processing cookies in the manner and for purposes set out in this Privacy Policy.

We have your data if we directly collected them, you or third parties (resources) provided them to us. In this chapter, we inform you how and from which sources we get your data.

• Data that we directly collect from you. These data are majorly about your terminal device and financial data that emerges because of using our platform and products.
• Data that we collect from open sources. We may collect data about you from open sources. This may include open websites, social and professional media, etc.
• Data that you provide us. Those types of data are the most common. These may include but are not limited to your name, surname, patronymic name, address, date of birth, place of birth, financial data,
• Data that third parties provide us. This type of data may include a wide variety of personal data like your name, surname, patronymic name, address, date of birth, place of birth, family members, financial data, insurance data, etc. We collect those data if third parties provided them to us. To find a legal basis for the transfer of personal data by them to us rests solely on them as controllers.

As we respect the purpose limitation principle, we collect and process your data for certain purposes that we make you know in advance. These purposes are as follows:

• Providing you services. To provide the services that you ordered from us, we shall process your data. For example, if you want to open an account with us, we may need to process your name, surname, patronymic name, phone number, ID card number, personal identification code, etc. Or to remit money, we shall process your and the receiver’s data.
• Measuring customer behavior. We never do a social scoring, but we may need to measure customer behavior to set our products and platforms for your needs. This may help us to improve our services and offer you the most suitable products.
• Financial and risk scoring. We may evaluate your financial status to offer you services that fit you best. For example, if the sale of our product depends on your income, we can score your income.
• We process your data to offer you our and our partners’ services. For example, we may process your data to offer you a service that you may be interested in. Or we can contact you to offer and make you know about our partner’s loan product.
• Improving our and our partners’ services. To make it the best fit for customer needs, we evolvingly improve our services, products, platforms, etc.
• Ensuring security. To ensure the security of the services and your experience with our products, we are evolving our security measures. To this end, we provide you with personalized security credentials to authenticate you and your transactions.

We may store your data at our in-house data centers and cloud infrastructure. Currently, we store your data at the following data centers:

• Our in-house data center
• A cloud infrastructure of “PASHA Technology” MMC

We secure your data by using advanced organizational and technical measures like encryption, hashing, pseudonymization, etc. While the data is at rest at the data center and in transit, we encrypt them.

As we disclosed above, we market our and our partners’ products and improve them. Furthermore, we get some services from banks, technical support providers, consultants, etc. To this end, sometimes we shall transfer your data to third parties. These third parties are the following:

• Our consultants
• Auditors
• Technical, marketing, analytics and other service providers
• Companies within “PASHA Holding” MMC group
• State bodies authorized in their capacity to request certain data
• Courts

We store your data for an unlimited period but to the extent that we need to process as set out in this Privacy Policy. When we do not need to process the data as per this Privacy Policy, we will destruct the data and delete their copies.

The Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect information from anyone under the age of 18

Please do note that we can regularly update and amend this Privacy Policy. We will provide the text of an updated or amended Privacy Policy at least 3 (three) days in advance before coming into force.

Should you have any questions or concerns about your privacy with us, feel free to contact us. You can contact us by using details set out in the “Who are we?” chapter above and the platforms that we provide you (questions and concerns that are directly related to the platform).