Privacy Policy
Privacy Policy
Effective Date: 02 July 2025
1 Who We Are
[Company Name] ("we," "our," or "us") operates the Syria Payment “SYRPAYMENT” mobile application and www.syrpayment.com website (together, the "Services"). We are registered in the Syrian Arab Republic and licensed by the Central Bank of Syria to provide electronic payment, wallet, and peer‑to‑peer money‑transfer services.
2 Scope of This Policy
This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our Services and describes the rights and choices available to you.
3 Legal Framework
We process personal data in accordance with:
Law No. 12 of 2024 on the Protection of Electronic Personal Data in Syria (the "Syrian Data Protection Law");
Regulation (EU) 2016/679 (General Data Protection Regulation – "GDPR") where it applies to users in the European Economic Area;
Applicable anti‑money‑laundering ("AML") and counter‑terrorism‑financing ("CTF") regulations, including Central Bank of Syria Circular 5/2020.
4 Personal Data We Collect
| Category | Examples | Source |
|---|---|---|
| Identity | Full name, national ID/passport number, date of birth | Provided by you |
| Contact | Mailing address, email, phone number, messaging handles | Provided by you |
| Financial | Bank‑account and card details, wallet balance, transaction history | Provided by you and payment partners |
| Compliance | KYC documents, sanctions‑screening results | Provided by you / third‑party databases |
| Technical | IP address, device ID, OS, browser, log files | Collected automatically |
| Usage | In‑app actions, clickstream, referral links | Collected automatically |
| Cookies & Tracking | Session cookies, preference cookies, analytics pixels | Collected automatically |
5 How We Use Personal Data
Deliver Services – create accounts, execute payments, remit funds, issue receipts.
Comply with Law – identity verification, AML/CTF monitoring and statutory reporting.
Prevent Fraud & Secure Platform – risk scoring, security logging, intrusion detection.
Communicate with You – transactional emails/SMS, account alerts, customer support.
Improve & Market Services – analytics, usability research, promotional offers (with consent).
Enforce Terms & Defend Claims.
6 Legal Bases for Processing
Depending on context and jurisdiction, we rely on:
Performance of a contract (Art. 6(1)(b) GDPR);
Compliance with legal obligations (Art. 6(1)(c) GDPR; Syrian Data Protection Law, Art. 5);
Legitimate interests (Art. 6(1)(f) GDPR) in preventing fraud and improving our Services;
Consent where required (Art. 6(1)(a) GDPR).
7 Sharing Personal Data
We share data only with:
Banks, payment networks, and money‑transfer operators to complete transactions;
Identity‑verification providers and sanctions‑screening databases;
IT and cloud‑hosting vendors under confidentiality obligations;
Competent regulatory, tax, or law‑enforcement authorities when legally required;
Prospective investors or acquirers under strict NDA in connection with corporate transactions.
We never sell or rent your personal data.
8 International Transfers
Data may be stored on servers located in Germany, the UAE, or other jurisdictions. We implement encryption in transit and at rest and, where required, Standard Contractual Clauses or equivalent safeguards to ensure an adequate level of protection.
9 Security Measures
We employ industry‑standard technical and organisational measures, including:
TLS 1.3 encryption for all traffic;
AES‑256 encryption of databases and wallet keys;
Tokenisation of card numbers (PCI‑DSS v4.0 compliance);
Network segmentation and firewalls managed via WHM/cPanel;
Multi‑factor authentication for administrative accounts;
24 × 7 intrusion‑detection and log monitoring;
Quarterly external penetration tests and annual ISO/IEC 27001 audits.
Although no system is 100 % secure, we take reasonable steps to minimise risk and will notify authorities and affected users of any breach in line with Article 19 of the Syrian Data Protection Law.
10 Data Retention
Transaction and KYC records are retained for 10 years after account closure to satisfy AML/CTF requirements. Other data is deleted or anonymised when no longer necessary.
11 Your Rights
Subject to local law, you may:
Access your data and obtain a copy;
Request correction or deletion;
Object to or restrict processing;
Withdraw consent at any time;
Port certain data to another provider.
To exercise these rights, contact us at privacy@[domain].com. We respond within 30 days.
12 Children’s Privacy
Our Services are not directed to persons under 18. We do not knowingly process children’s data.
13 Cookies & Tracking Technologies
We use first‑party session cookies and Google Analytics to analyse traffic. You can disable cookies in your browser, but some features may not function.
14 Changes to This Policy
We may update this Policy periodically. Material changes will be announced via email and in‑app notifications at least 14 days before they take effect.
15 Contact
Data Protection Officer
[Company Name]
Damascus, Syrian Arab Republic
Email: privacy@syrpayment.com
Phone/WhatsApp: +963‑##‑#######
