1. Privacy Policy

Al-Qaseh Company for Financial Services and Electronic Payment realizes the importance of privacy and protection of personal data in the digital world, and therefore it is committed to protecting the privacy of users of Al-Qaseh while browsing or using our websites, applications or services.
This privacy policy will explain how Al-Qaseh ensures the protection of personal data at an advanced level, such as any information relating to users who can be identified, directly or indirectly, in particular by reference to an identifying feature such as a name, an identification number, location information, an online identifier, or one or more user identifiers hereinafter referred to as “Personal Data”
This privacy policy applies to all services offered and provided by Al-Qaseh on its websites, digital applications, and other digital properties.
We may also send other special notices highlighting certain uses we want to make of your personal data as well as the ability to subscribe or cancel specific uses including new services or other services that may have their own privacy policy.

2. Who We Are

Al-Qaseh Company for Financial Services and Electronic Payment: It is an Iraqi company specialized in electronic payment services and licensed by the Central Bank of Iraq.
It helps the financial, banking, government and various business sectors manage their financial transactions electronically with confidence and security, while providing an electronic application to complete payment operations, through which it is possible to follow up the operations that take place and transfer money from one card to another and other features.
Al-Qaseh scope of work includes the following:

– Issuing and managing electronic cards.
– Preparing and managing electronic payment points.
– Accepting all card transactions on POS machines and ATMs.
– Processing transactions.
– Transfer money service.
– Compliance and anti-fraud management services.
– Maintaining confidentiality of information according to international certification standards (PCI-DSS).
– Providing advisory services.
– Providing various services to banks and state institutions.

3. Third-Party

Al-Qaseh websites may contain links that allow you to leave their website and access another website. Linked sites are not under our privacy control and these sites have different privacy policies. Al-Qaseh privacy policy applies to personal information obtained through websites or through Al-Qaseh applications or any related products. Therefore, we urge you to be careful not to use any personal information via the Internet, and Al-Qaseh is not responsible for any obligation towards other sites.

4. Why do we collect and process your personal data

We collect and process your personal data for the following purposes:

• To provide the services you request, facilitate the use of online forms and surveys, and enable you to sign up for specific services such as newsletters, SMS updates, or account creation.
• To maintain and improve our services, understand how you interact with them, implement additional features, and develop new offerings tailored to your needs.
• To customize services according to your preferences and interests, deliver tailored content (e.g., advertisements and related services), and provide a better user experience. This includes identifying which ads, services, or information are most relevant to you.
• To process payment transactions, store transaction history, and comply with legal or regulatory obligations.
• To communicate with you, address your inquiries, resolve issues, and keep you informed about promotions, direct marketing campaigns, service updates, upcoming programs, and modifications to our digital platforms.
• To create a safe and secure environment by detecting, preventing, and reporting fraud, breaches, or illegal activities; safeguarding rights; ensuring service integrity; and enforcing our Terms of Service and other policies.
• To comply with applicable laws, respond to lawful requests from government authorities or through legal processes, fulfill disclosed purposes related to our services, and resolve disputes or provide assistance as necessary.

5. How do we collect information about you

When you request to create an account and start using the services of Al-Qaseh, you will be asked to provide us with personal information (KYC), including your full name, date of birth, address, email address, phone number, and other identifying information that we collect. In addition, in order to verify your identity, we may be required to ask you for valid proof of your identity (for example, a copy of your passport and/or national identity card).

You must ensure that the e-mail address and phone number that you have registered are always up to date so that we can always contact you with important information related to your account.

Al-Qaseh may monitor or record telephone conversations with you or anyone acting on your behalf. By contacting the Al-Qaseh company, you acknowledge that your communication may be monitored, or recorded without notice or subsequent notification.

We may collect additional information from or about you in other ways not specifically described herein, for example, we may collect information about your contact with our customer service team or save results when you answer a survey we offer.

6. Personal data records
Al-Qaseh retains your personal information for as long as necessary in order to achieve any of the previously mentioned purposes and also keeps the data for the purpose of complying with applicable legislation, regulatory purposes.

7. How do we secure information

At Al-Qaseh, we prioritize the security and privacy of your personal information. Our systems are designed with robust security measures to ensure the confidentiality, integrity, and availability of your data.
We protect your personal information during transmission by using encryption protocols and software, such as SSL and VPN, to safeguard sensitive data.
Payment card information and account data are stored strictly in compliance with PCI-DSS (Payment Card Industry Data Security Standard). This data is encrypted and stored in secure databases accessible only by authorized personnel.
We utilize firewalls and Privileged Access Management (PAM) systems to prevent unauthorized access to our servers. These servers are located in secure facilities with access restricted to authorized Al-Qaseh staff.
All staff members and individuals involved in data processing are bound by confidentiality agreements and legal obligations to adhere to data protection laws. Access to personal data is limited to employees who require it to deliver products or services.
We implement appropriate safeguards to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure, or unauthorized access.
Protecting your account credentials is critical. We recommend:

• Using a unique password for your account that is not shared with other online services.
• Signing out after using shared devices.
• Keeping your password confidential and not sharing it with third parties.

8. What are the limits of liability

Al-Qaseh is not liable for any loss or misuse of a card if the customer fails to notify the company promptly through official communication channels or the application in the event of damage or theft.
Al-Qaseh reserves the right to disclose card-related information and transaction details to third parties as deemed necessary and in accordance with the applicable regulations and instructions of Iraqi law, the Central Bank of Iraq, Visa International, or MasterCard, in situations requiring such disclosures.
Al-Qaseh disclaims liability for any loss or damage resulting from a customer’s use of websites that may be vulnerable to hacking or cyberattacks, particularly when such sites use web analysis software that compromises security.

9. Responsibility, Review, and Audit
Al-Qaseh reviews and updates its security policies and plans to maintain organizational security objectives and meet regulatory requirements at least annually.