Privacy Policy

Home > Privacy Policy

Last Updated: October 2025

1. Introduction

1.1 This Privacy Policy (“Policy”) explains how KashyBee (“KashyBee,” “we,” “us,” or “our”) collects, uses, discloses, stores, and protects Personal Data when individuals (“Users”) and partner merchants (“Merchants”) access, purchase, redeem, or distribute electronic vouchers (“e-vouchers”) and related services through our websites, mobile applications, APIs, and dashboards (collectively, the “Platform”).

1.2 By using or accessing the Platform, you acknowledge that you have read and understood this Policy. If you do not agree, you must not use the Platform or any Services.

1.3 This Policy aligns with global privacy frameworks, including the EU/UK GDPR, UAE PDPL, and comparable international laws, and adheres to ISO/IEC 27001 and ISO/IEC 27701 standards for information and privacy management.

1.4 Where local law conflicts with this Policy, the applicable mandatory law shall prevail to the extent of that conflict.

2. Scope and Roles

2.1 This Policy applies to all Personal Data collected from Users and Merchants when interacting with the Platform, purchasing or redeeming e-vouchers, registering accounts, or engaging with customer support or marketing communications.

2.2 Role Allocation:

  • (a) Controller: KashyBee acts as the Controller for account, billing, and platform data, as well as data processed for fraud prevention, analytics, and compliance purposes.
  • (b) Processor: KashyBee may act as a Processor for partner merchants that use our Platform to issue and manage their e-vouchers.
  • (c) Merchant Controllers: Merchants are independent controllers for data collected directly during voucher redemption or in-store transactions.

3. Categories of Personal Data Collected

3.1 Data You Provide: name, contact details, account credentials, merchant registration details, and KYC/AML documentation where required by law.

3.2 Transaction Data: voucher IDs, transaction timestamps, purchase history, redemption location and method, merchant identifiers, and payment references.

3.3 Technical Data: IP address, device identifiers, browser and OS type, app usage, telemetry, and geolocation (country or region level).

3.4 Marketing and Communication Data: consent preferences, engagement metrics, and promotional campaign participation.

3.5 Sensitive Data: only collected where strictly necessary (e.g., biometric verification for KYC) and handled with enhanced safeguards or consent.

4. Purposes and Legal Bases for Processing

4.1 Service Delivery: to register accounts, issue e-vouchers, process purchases and redemptions, and provide customer support.

Legal Basis: Contract performance; legitimate interests; consent where required.

4.2 Compliance and Risk Management: to perform KYC/AML checks, sanctions screening, and fraud detection.

Legal Basis: Legal obligation; substantial public interest; legitimate interests.

4.3 Merchant Operations: to enable merchants to create, distribute, and manage e-vouchers and access analytics dashboards.

Legal Basis: Contract performance; legitimate interests.

4.4 Product Improvement and Analytics: to monitor performance, conduct research, and enhance the Platform.

Legal Basis: Legitimate interests; consent where required.

4.5 Marketing and Promotions: to send promotional offers, merchant campaigns, and service updates (with opt-in consent where required).

Legal Basis: Consent; legitimate interests.

4.6 Legal Defense and Enforcement: to resolve disputes, enforce Terms, and respond to lawful requests.

Legal Basis: Legal obligation; legitimate interests.

5. Data Minimization, Retention, and Deletion

5.1 KashyBee collects only data necessary for its stated purposes and retains it no longer than required.

5.2 Retention Periods:

  • (a) Account and transaction records: retained while the account is active and as required for accounting and legal compliance.
  • (b) KYC/AML records: retained 5–10 years, subject to jurisdiction.
  • (c) Marketing data: retained until consent is withdrawn or campaigns end.

5.3 When data is no longer required, it is securely deleted or anonymized, except where retention is legally mandated.

6. Disclosures to Third Parties

6.1 KashyBee may share Personal Data with:

  • (a) Payment processors and financial institutions to complete transactions;
  • (b) Compliance vendors for verification and fraud screening;
  • (c) Cloud hosting and analytics service providers under strict contractual controls;
  • (d) Merchants, only to the extent necessary for voucher redemption or support;
  • (e) Regulators or authorities where required by law.

6.2 All third parties are bound by confidentiality and data protection obligations consistent with ISO/IEC 27701 requirements.

7. International Data Transfers

7.1 KashyBee operates globally, and data may be transferred to jurisdictions with differing privacy laws.

7.2 Transfers are safeguarded by:

  • (a) Standard Contractual Clauses (SCCs) or equivalent frameworks;
  • (b) Binding Corporate Rules (BCRs);
  • (c) Encryption and restricted access controls.

7.3 All cross-border transfers follow risk assessments and comply with applicable international standards.

8. Security Measures

8.1 KashyBee maintains a certified Information Security Management System (ISMS) and Privacy Information Management System (PIMS) aligned to ISO/IEC 27001 and 27701.

8.2 Security controls include encryption at rest and in transit, MFA, role-based access, incident monitoring, and regular penetration testing.

8.3 No system is entirely risk-free; however, KashyBee continuously monitors and improves its security posture.

9. Your Privacy Rights

9.1 Depending on your jurisdiction, you may have rights to access, rectify, erase, restrict, object to, or port your Personal Data, and withdraw consent where applicable.

9.2 Requests should be submitted through KashyBee’s contact channels. Verification may be required before processing your request.

9.3 You may opt out of marketing communications at any time.

10. Cookies and Similar Technologies

10.1 The Platform uses cookies and SDKs for essential functionality, analytics, and marketing (with consent where required).

10.2 Users may manage cookie preferences through browser settings or in-app controls.

11. Children’s Privacy

11.1 The Platform is not intended for individuals under 18. KashyBee does not knowingly collect data from minors. If a child’s data is discovered, it will be promptly deleted.

12. Automated Decision-Making and Profiling

12.1 Automated systems may be used for fraud detection and compliance screening.

12.2 Users have the right to request human review where legally applicable.

13. Data Breach Notification

13.1 In the event of a Personal Data Breach, KashyBee will promptly investigate and notify affected parties and authorities as required by law.

14. Global and Regional Provisions

14.1 KashyBee complies with major international privacy laws, including GDPR (EU/UK), PDPL (UAE), and other applicable regional frameworks.

14.2 Regional differences in data rights and retention will be honored as required by local law.

15. Changes to this Policy

15.1 KashyBee may update this Policy periodically. The “Last Updated” date indicates the latest version. Material changes will be communicated through email, in-app notice, or website updates.

16. Contact and Data Protection Officer (DPO)

For privacy inquiries or to exercise your rights, contact:

  • Email (General): info@kashybee.com
  • Email (Privacy/DPO): privacy@kashybee.com
  • PhoneWebsite: www.kashybee.com
KashyBee
facebook
instagram
x
tiktok

© 2025 KashyBee. All rights reserved. Based in Dubai, UAE.

Privacy Policy|Terms of Service|Blogs|Contact Us