CMPak ECCL (the “Company“) is an EMI company operating under authorization from the State Bank of Pakistan. All activities of the Company are governed by the SBPs laws, rules and regulations. Customer data processing is a necessary aspect of ensuring that customers receive seamless and high quality services. The purpose of this privacy statement is to outline the principles adopted by the Company for customer data processing and to inform customers of said principles. This statement and terms and conditions provided herein shall be deemed accepted, and consented to, by Customers upon use of services. This statement is legally non-binding on the Company and is subject to change from time to time.

Collection of Information. Customer information is collected by the Company through various channels (e.g. customer input, NADRA). Such collections are made in accordance with applicable SBP frameworks and law. In this regards, we may collect and store your following information:

• Name, CNIC number, Contact Numbers, Father’s/Mother’s name, Email ID, Date of Birth and Place of Birth, OTP received via SMS etc.
• Transactional information based on your transactions performed by you, through our mobile application or website.
• Your Mobile/browser information, and your IP address
• “SMS and Call Log Permissions” are being used to ensure that financial account access is provided to the valid mobile number only

Use of Information. Customer information is used, transmitted, stored, processed and shared to ensure seamless, integrated and high quality services are provided to the end user. Services and features that require processing of customer information include, but are not limited to, marketing, promotional campaigns, biometric verification, business intelligence, complaint resolution, security and risk management etc. Data will be stored on the Company’s own servers and may be shared with authorized vendors, partners and/or service providers.

Sharing of Information. The Company will not sell personal customer information without their consent. Further, the Company shall not share personal information of customers except (i) where required for any third party integration and enabling products and services, (ii) where required by any government entity or law enforcement agency or (iii) where required under law or to ensure compliance of law. Sharing of aggregated or anonymized data is not subject to these restrictions.

Security of Information. The Company is committed to following best practices in information security, to safeguard customer information through encryption, firewalls, secure transmission of customer data, access controls etc.