Privacy Policy
Introduction
Pak Paisa ("we," "us," or "our") is committed to safeguarding your personal information. This Privacy Policy outlines how we collect, process, and protect your personal data when you access our website (pakpaisa.com.pk) and associated applications (collectively, the "Platform"). It also informs you of your legal rights and how the law safeguards your privacy.
Your Rights
Under applicable data protection laws, you have the following rights concerning your personal information:
1. Right to Object to Direct Marketing:
You may request that we cease processing your personal information for direct marketing purposes. Upon such a request, we will promptly discontinue these activities.
2. Right to Object to Legitimate Interests:
You may object to the processing of your personal information where such processing is based on our or a third party’s legitimate interest. We will assess your objections and comply where appropriate under the law.
Your Responsibilities
Please review this Privacy Policy thoroughly to understand our data processing practices. By using our Platform or engaging with us as described herein, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy.
Your Personal Information and How We Use It
Definition of Personal Information
Personal information refers to any data relating to a living individual that can identify that individual. This does not include anonymized data where the identity has been removed. Throughout this policy, the term "Platform" encompasses both our website and app.
Categories of Personal Information Collected
We, or authorized third parties acting on our behalf, may collect and process the following types of personal information:
1. Identification Information: Your name, including title.
2. Contact Information: Your postal address, email address, and telephone number.
3. Professional Information: Your employment history.
4. Financial Information:
a. Savings and salary details.
b. Credit history.
c. Information necessary to complete loan applications.
d. Investing history and investment portfolio details.
5. Communications: Information you provide when corresponding with us.
6. Updates: Any updates or amendments to the personal information you provide.
7. Third-Party Sources: Personal information obtained from third-party data sources.
This information is collected and processed to facilitate your use of the Platform, comply with legal requirements, and enhance your experience and interactions with us.
Information Automatically Collected and Recorded
When you visit our Platform, certain information is automatically generated and logged, including:
1. Technical Information:
a. Internet Protocol (IP) address used to connect your device to the internet.
b. The referring website address and country of access.
c. Files accessed or requested.
d. Browser type, version, and plug-ins.
e. Operating system and platform.
Purpose: Administering the Platform, analyzing user access locations, and evaluating system efficiency.
2. Behavioral Information:
a. Pages visited, including interactions (e.g., scrolling, clicks, mouseovers).
b. Websites visited before and after accessing our Platform (including date and time).
c. Duration of visits and methods of navigation between pages.
d. Traffic data, location data, weblogs, and other communication data.
e. Details provided when requesting services or downloads.
Purpose: Analyzing user behavior to improve user experience, content delivery, and interface customization.
Uses of Automatically Collected Information
The above information may be collected, processed, and stored for the following purposes:
1. Platform Access:
Enabling access to and use of the Platform, including loan applications.
2. User Inquiries:
Facilitating responses to your queries submitted via the Platform.
3. Maintenance and Improvement:
Enhancing and maintaining the Platform and providing technical support.
4. Security:
Ensuring the safety and security of the Platform.
5. Personalization:
Recognizing returning users, storing preferences, and tailoring content to individual interests.
6. Analytics and Reporting:
a. Evaluating Platform usage to prepare reports and compile anonymized statistics.
b. Gaining insights into user demographics and behavior to optimize functionality.
Wherever feasible, data used for analytics will be anonymized to prevent identification of individuals.
Collection of Installed Applications
We collect metadata information related to the applications installed on your device. This includes:
Application name,
Update time,
Package name,
Installation time,
Version name, and
Version code.
This information is essential for assessing your creditworthiness and tailoring customized, pre-approved loan offers to improve your user profile.
Camera Access
We require access to your device’s camera to:
Scan, capture, and access essential documents as part of the Know Your Customer (KYC) process,
Auto-fill relevant fields in your application, and
Allow our authorized agents to verify your documents and capture screenshots for verification purposes.
Camera access is integral to initiating and completing the KYC process.
Microphone Access
Microphone access is required to facilitate two-way communication between you and our authorized agents. This is necessary to:
Conduct and complete the KYC process,
Record audio as part of regulatory compliance requirements.
CNIC and Facial Photo Collection
The information provided through uploaded CNICs and facial photos is used exclusively for client identification and verification purposes. This data:
Becomes part of your loan file, and
Is retained for the minimum period required under applicable data retention laws.
Data Security and Retention
All data collected through the aforementioned processes is securely stored and managed in compliance with applicable regulatory and legal requirements to ensure your privacy and the integrity of the KYC and loan application processes.
Aggregated Data
We may collect, use, and share Aggregated Data, such as statistical or demographic information, for various purposes. While Aggregated Data may be derived from personal information, it is not classified as personal data under applicable laws, as it does not reveal your identity directly or indirectly.
Special Categories of Data
We do not collect Special Categories of personal information, which include details about your race, ethnicity, religious or philosophical beliefs, political opinions, trade union membership, health, or genetic data.
Additional Uses of Personal Information
Regardless of the nature of our relationship with you, we may process your personal information for the following purposes:
1. Responding to Inquiries:
Addressing your concerns or requests regarding how we collect, store, or use your personal information, including requests for copies of data we hold.
a. Legal Basis: Legitimate interests, where applicable, to provide customer service or support in the absence of a formal contract.
2. Internal Administration:
For purposes such as corporate reporting, business administration, maintaining adequate insurance coverage, securing company facilities, research and development, and improving operational efficiencies.
a. Legal Basis: Legitimate interests to enhance business operations and ensure compliance.
3. Regulatory Compliance:
Complying with applicable laws, regulations, and procedures, including those we reasonably consider necessary for our legitimate interests or the legitimate interests of others.
a. Legal Basis: Legal obligations and legitimate interests as applicable.
4. Legal Rights: Establishing, exercising, or defending legal claims, whether for our legitimate interests, the legitimate interests of others, or as required by law.
a. Legal Basis: Legal obligations and legitimate interests as appropriate.
Further Processing
Should we need to use your personal information for purposes beyond those outlined in this Privacy Policy, we will first conduct an analysis to determine whether the new use aligns with the purposes described herein.
For further details on the analysis undertaken to assess compatibility, please reach out to us via the Contact Us form available on our Platform. How We Collect Your Personal Information We primarily collect personal information directly from you in the following instances:
1. Applications and Accounts:
a. When you apply for one of our products.
b. When you create an account on our app.
2. Forms and Requests:
a. By completing online forms, including callback requests.
b. When requesting marketing materials or information.
3. Engagement Activities:
a. Through participation in competitions, promotions, or surveys.
b. Via interactions with us on social media.
4. Employment and Partnerships:
a. When applying for employment or Ambassador roles.
b. If you are personnel at or seeking to partner with one of our referral partners or associated establishments (e.g., universities or organizations).
5. Feedback and Communication:
a. When providing feedback or contacting us directly.
Automated Collection
We also collect data from your devices (including mobile devices) and applications used to access our Platform, using cookies and similar technologies, as detailed in the relevant sections of this Privacy Policy.
Third-Party Sources
We may enhance the information collected from you with data obtained from third-party sources that have a lawful right to share such data. These include:
1. Technical Data: From analytics providers, advertising networks, and search engine providers.
2. Financial and Transaction Data: From providers of technical services, payment processors, and credit history databases.
3. Identity and Contact Data: From publicly available sources, including social media platforms.
Visitors to Our Website
Analytics
When you visit our website, we utilize third-party services to gather standard internet log details and analyze visitor behavior patterns. This enables us to determine metrics such as the number of visitors to various sections of the site.
All information collected is processed in a manner that does not directly identify individuals. We neither attempt nor permit third parties (including Google) to identify visitors to our website.
Cookies and Similar Technologies
Cookies are small data files stored on your device to enhance your experience on our website.
1. Managing Cookies:
You can manage cookies through the settings on your browser. Adjusting these settings allows you to block or delete cookies based on your preferences.
2. Essential Cookies:
Cookies necessary for the functionality, security, and accessibility of our website are automatically set and cannot be removed through the browser tool, as they are vital for the website’s operation.
Legal Basis for Processing Your Personal Information
We process your personal information under the following legal bases, as outlined in this Privacy Policy:
1. Contractual Necessity
a. Processing your personal information is necessary to perform the contract we have entered into with you or to take steps at your request before entering into such a contract.
2. Legitimate Interests
a. Processing is necessary for our legitimate business interests (or those of a third party), provided such interests are not overridden by your interests or fundamental rights and freedoms. Our legitimate interests include:
i. Operating and maintaining our website and app.
ii. Conducting internal administration and automated backups.
iii. Performing data analytics and benchmarking.
iv. Conducting direct marketing.
v. Detecting and preventing fraudulent or criminal activities.
b. If we rely on legitimate interests, we will perform a balancing test to ensure your rights are not infringed.
3. Legal Obligations
a. Processing is necessary for compliance with a legal obligation to which we are subject.
4. Consent
a. In some instances, we will rely on your explicit consent to process your personal information, such as for marketing purposes.
i. You may withdraw your consent at any time by contacting us, and we will cease the processing for which consent was granted.
ii. Withdrawal of consent may affect our ability to provide certain services to you.
Sharing your personal information
1. Internal Use
We may share your personal information with our group companies where it is in our legitimate interest to do so for internal administrative purposes. This includes, but is not limited to, corporate strategy, compliance, auditing, monitoring, research and development, and quality assurance.
2. Disclosure to Third Parties
Your personal information may be disclosed to the following third parties or categories of third parties:
a. Service Providers and Agents:
Third-party service providers acting on our behalf, including but not limited to:
Internet service and platform providers,
Payment processing providers,
Debt collection agencies (in cases of default), and
Identity verification providers.
b. Strategic Partners:
Partners engaged in providing products, services, or information requested by you or deemed relevant to your interests.
c. Payment Facilitators:
Third parties involved in processing payment transactions.
d. Marketing Partners:
Entities engaged for marketing purposes, including referral partners.
e. Credit Bureaus:
Credit reference agencies, credit reporting agencies, and credit information bureaus.
f. Verification Entities:
Organizations such as universities, degree awarding institutions (DAIs), or employers, for confirmation of enrolment or employment status.
g. Lenders' Service Providers:
Entities involved in any part of the origination, lending, collections process, or payment facilitation.
h. Regulatory and Taxing Authorities:
Third parties for audit purposes or to meet obligations to relevant regulatory or taxing authorities.
i. Advertising Entities:
Search engines and social networks for advertising and marketing purposes.
3. Conditions for Disclosure
We impose strict obligations on all third-party recipients to safeguard the security of your personal information and to process it in compliance with applicable laws. They are prohibited from using your personal information for purposes outside the scope of our instructions.
4. Additional Scenarios for Disclosure
We may also disclose your personal information under the following circumstances:
a. Business Operations:
Where it is in our legitimate interest to do so for the growth and development of our business.
b. Consent:
Where you explicitly request or authorize such disclosure.
c. Loan Verification:
To universities, DAIs, or your employer for verification of loan applications or status.
d. Corporate Transactions:
In the event of a sale or purchase of business or assets, your personal information may be shared with prospective sellers or buyers.
In cases where substantially all our assets or those of an affiliate are acquired, personal information will form part of the transferred assets.
e. Third-Party Transfers:
Where our agreement with you is transferred to a third party.
f. Investor Relations:
In discussions with potential lenders or investors.
g. Legal Obligations:
To comply with lawful requests from government authorities, law enforcement, national security requirements, or other legal obligations.
h. Rights Protection:
To enforce our terms of use or agreements, respond to claims, safeguard our rights or those of third parties, protect individual safety, or prevent illegal activity.
i. Aggregated Data Reporting:
We may use anonymized and aggregated data for internal or external reporting and marketing purposes, ensuring such data does not personally identify you.
5. No Unauthorized Disclosure
Except as expressly provided above, we will not share, sell, or rent your personal information to third parties without notifying you and, where necessary, obtaining your explicit consent.
6. Revocation of Consent
If you have provided consent for the use of your personal information but wish to withdraw it, you may contact us, and we will cease processing your personal information for the specified purpose.
Lending
1. Verification of Information
Pak Paisa reserves the right to communicate with your university, DAI, or employer to verify your most recent physical address and contact details during the servicing of your loan.
2. Consent for Information Collection and Disclosure
As part of the loan application process, you will be required to review and acknowledge the terms outlined in this Privacy Policy, including the provisions concerning the collection, use, and disclosure of your personal information in connection with the services provided.
In particular, you will be required to authorize the following:
a. Pak Paisa Authorization:
You authorize Pak Paisa to request personal information from your university, DAI, or employer, as necessary, for the purposes of assessing, originating, and servicing your loan.
b. Disclosure by Third Parties:
You authorize your university, DAI, or employer to disclose to Pak Paisa any personal information validly requested by Pak Paisa for the purposes of assessing, originating, and servicing your loan.
Third-Party Platforms
1. Social Media Features and Tracking Technologies Our website incorporates social media features such as the Facebook, YouTube, Instagram, and TikTok “Like” and “Share” buttons, as well as other widgets provided by third parties. These features may utilize cookies or tracking technologies to collect data about your interactions on our website. For further details, consult the cookie policy of the respective third parties.
2. User Interactions on Third-Party Platforms If you respond to our communications on third-party platforms (e.g., LinkedIn, Instagram, Facebook, Google, and YouTube), we may share your information with those platforms to facilitate targeted advertising or content delivery.
The shared information allows the platform provider to identify your account and serve advertisements based on your profile and interests.
You can manage your advertisement preferences through the privacy settings of the respective platform or by consulting their support center.
Fraud Prevention and Credit Bureaus
1. Credit and Identity Checks
To process your application, we may conduct credit and identity checks using one or more Credit Information Bureaus (CIBs). For this purpose, we will share your personal information with CIBs, who will provide:
Data from your credit application, financial history, and financial situation.
Public information (e.g., electoral register data) and shared credit data.
Fraud prevention information.
2. Purposes of Credit Bureau Information
The information obtained from CIBs will be used to:
Assess Creditworthiness: Determine your eligibility for a Pak Paisa loan or related services.
Verify Data Accuracy: Confirm the accuracy of the information you provided.
Prevent Fraud and Money Laundering: This includes verifying details during credit applications, managing credit accounts, and screening job applicants.
Account Management: Oversee and manage your account(s).
Debt Recovery: Trace and recover unpaid debts.
Personalized Offers: Ensure any offers provided to you are suitable for your financial circumstances.
3. Continuous Data Exchange with CIBs
While you maintain a relationship with us, we will:
Exchange your personal information with CIBs.
Inform CIBs about account settlements.
Report any default in loan repayment, which CIBs may share with other organizations.
4. Impact on Your Credit File
When CIBs receive a search request from us, a "search footprint" will be added to your credit file, visible to other lenders.
CIBs will retain a record of the search and may share it with other lenders for their assessments.
If you default on your repayment obligations, a notice of default may be recorded on your credit file, usually with at least 30 calendar days’ prior notice, unless immediate enforcement action is required.
5. Further Information
Details about the CIBs we work with, their roles, data usage, retention periods, and your data protection rights are available on their respective websites.
Marketing
1. Purpose of Marketing Communications
We may collect and utilize your personal information to engage in marketing activities through SMS, WhatsApp, email, telephone, and postal mail.
2. Basis for Sending Marketing Communications
Marketing communications may be sent to you based on the following:
a. Legitimate Interests:
We may send marketing communications if it aligns with our legitimate business interests for marketing and business development purposes, particularly if:
o You are an existing client,
o You have previously availed our services, or
o You have substantially entered into negotiations to purchase our services (“soft opt-in”).
b. Consent:
Where required by law, we will seek your explicit consent before sending direct marketing communications, particularly in cases where:
o Electronic marketing communications are sent, or
o Your personal information is disclosed to third parties for marketing purposes.
3. Opting Out of Marketing Communications
If you wish to stop receiving marketing communications from us, you may:
Contact us via email, or
Use the opt-out mechanisms provided in our communications.
Your request to opt-out will be processed promptly in accordance with applicable laws.
Your Legal Rights
Under data protection laws, you have specific rights regarding your personal information. These rights, subject to applicable conditions and limitations, include:
1. Right of Access
You have the right to request access to your personal information by submitting a Data Subject Access Request (DSAR).
This allows you to receive a copy of the data we hold about you and verify its lawful processing.
2. Right to Update Your Information
You may request corrections to incomplete or inaccurate data we hold.
We may need to verify the accuracy of the updated information you provide.
3. Right to Delete Your Information
You can request the deletion of your personal information where there is no valid reason for us to continue processing it.
In some cases, we may deny deletion requests due to specific legal obligations, which will be communicated at the time of the request.
4. Right to Object to Processing
You can object to our processing of your personal data if it impacts your fundamental rights and freedoms, particularly when processing is based on:
o Our legitimate interests (or those of a third party), or
o The performance of a public task.
This right is not absolute; we may demonstrate compelling legitimate grounds that override your objection.
5. Right to Stop Marketing
You have an absolute right to object to the use of your personal data for direct marketing.
Upon exercising this right, we will immediately cease all direct marketing activities. 6. Right to Restrict Processing
You may request suspension of your personal data processing in the following scenarios:
o To verify its accuracy.
o When its use is unlawful, but you prefer restriction over deletion.
o When you need it retained to establish, exercise, or defend legal claims, even if we no longer require it.
o If you object to processing, pending verification of overriding legitimate grounds.
7. Right to Data Portability
You can request that we provide your personal information in a structured, commonly used, machine-readable format, either to you or a third party.
This right applies only to automated data processing based on your consent or a contract with you.
8. How to Exercise Your Rights
To exercise any of these rights, contact us directly.
We will respond within a reasonable period, typically within one month, unless an extension is allowed under applicable law.
9. Exceptions and Exemptions
Some requests may be denied if the data is required for legal obligations or to establish, exercise, or defend legal claims.
We will inform you of such exceptions when responding.
10. Identity Verification
We may request additional information to verify your identity before processing your request.
11. Fees for Requests
Access to your personal information and exercising other rights is free of charge.
However, we may charge a reasonable fee or refuse to comply if your request is unfounded, repetitive, or excessive.
For further details or to submit a request, please contact us at the designated email address.
Data Security
We employ appropriate technical and organizational measures to safeguard your personal information against accidental loss, unauthorized access, misuse, alteration, or disclosure. While we strive to protect your data with robust security protocols, please note:
We cannot guarantee the absolute security of information transmitted over the internet or similar networks to our websites, applications, or services, or to other platforms.
You are responsible for ensuring that any data transmitted is done so securely.
Data Retention
1. Retention Period
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected.
The duration of retention depends on:
o The purposes of data collection and processing.
o Legal, regulatory, tax, accounting, or reporting obligations.
o Requirements for addressing complaints or establishing, exercising, or defending legal claims.
2. Deletion of Data
You have the right to request the deletion of your data under certain circumstances, as outlined in the section on legal rights.
3. Anonymization for Research and Statistics
In some cases, we will anonymize personal information to ensure it can no longer be linked to you.
Anonymized data may be retained and used indefinitely for research or statistical purposes without further notice to you.
Links to other websites
Where we provide links to websites of other organizations, this privacy policy does not cover how that organization processes personal information. We encourage you to read the privacy notices on the other websites you visit.
Changes to this privacy policy
We regularly review our Privacy Policy and may change it from time to time. We will always update this Privacy Policy on our website and, where appropriate, notify you by email. Please check back frequently to see any updates or changes to our privacy policy.
CONTROLLER’S CONTACT DETAILS
Pak Paisa is the controller and responsible for your personal information, unless otherwise stated. You are welcome to contact us by website, app, phone, email or post. More details can be found on our contact us page.
COMPLAINTS
You have the right to make a complaint at any time with the National Commission for Personal Data Protection of Pakistan (NCPDP) for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the Commission, please contact us in the first instance. The practices described in this privacy policy statement are current as of December 2024.