1. INTRODUCTION
1.1 Astra Tech is dedicated to protecting your privacy. This Privacy Policy (Policy) outlines our practices concerning the collection, processing, and usage of Personal Data with respect to:
(a) Members of the Astra Tech Group, including without limitation, Algento DMCC, Botim Money LLC and Quantix Technology Projects LLC, (Group, we, our, or us);
(b) Past and present visitors to any Astra Tech website, including Botim.me and CashNow.ai and mobile application (Android & iOS) (collectively, the Platform);
(c) Users registered to access any of the services provided by the Group and available on our Platform (Services); and
(d) Authorized representatives, directors, or owners of entities using our Services (User, you, or your).
1.2 As used herein, the term Personal Data refers to any information associated with you that, alone or combined with other data, may identify you.
1.3 By accessing or using our Platform and/or Services, you agree to this Policy and the Personal Data processing purposes and practices outlined within it. If you disagree, please discontinue use of our Platform. We may periodically update this Policy and encourage you to review it regularly.
2. PURPOSE AND CONSENT
2.1 This Policy has been developed in compliance with the Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL) and incorporates data protection provisions within the Retail Payment Services and Card Schemes Regulation, Stored Value Facilities Regulation, Consumer Protection Regulation, and Consumer Protection Standards issued by the Central Bank of the United Arab Emirates (CBUAE).
2.2 Without certain information, we may not be able to deliver the Services or support you need. Some of the Personal Data we collect is required by law, including for anti-money laundering compliance. This Policy provides details on:
(a) The types of Personal Data we collect about you;
(b) How we use this Personal Data;
(c) The types of data we share with third parties and the categories of such third parties and,
(d) How we protect your Personal Data.
3. AMENDMENTS TO THIS POLICY
3.1 We may occasionally revise, amend, or supplement this Policy to reflect changes in law, our Personal Data practices, service features, or technological advancements. If significant changes occur, they may be prominently posted on our Platform. We recommend reviewing this Policy periodically for your own information.
3.2 Changes to this Policy become effective upon publication on our Platform.
4. PERSONAL DATA PROTECTION
4.1 Your Personal Data is collected and processed in adherence to key data protection principles, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, rectification, storage limitation, and integrity and confidentiality. We adhere to all relevant laws and regulations where applicable.
5. CONSENT FOR CONTRACTUAL PERFORMANCE, LEGAL OBLIGATION, AND CONSENT WITHDRAWAL
5.1 You consent to the processing of your Personal Data (whether provided directly by you, collected by us, or received from third parties) to fulfil legal obligations arising from any contracts involving you or to provide Services you have contracted with us, including preliminary steps before contract initiation.
5.2 By registering for our Services through the Platform, you authorize us to obtain and disclose relevant Personal Data to third parties for purposes such as identity or account verification, fraud detection, or collections, as permitted or required by law.
5.3 You may withdraw your consent at any time. Withdrawal will not affect the lawfulness of prior data processing based on previously given consent and will take effect within 30 days of your request. To withdraw consent, contact us at dpo@astratech.ae.
5.4 The Personal Data we collect, our collection methods, purposes, information-sharing practices, and data retention periods are explained specifically and in detail throughout this Policy for your informed and withdrawable consent.
6. PERSONAL DATA WE COLLECT
6.1 We may collect the following types of Personal Data:
(a) Identification details, such as your name, email address, residential address, phone number, and date of birth, along with identification documentation confirming your ID and address;
(b) Financial information, including bank account numbers, payment card numbers, and bank statements;
(c) Transaction details, including transaction times and locations, party names, transaction descriptions, and payment amounts;
(d) Device information, such as device location, model, operating system, unique device identifier, mobile network, and device interactions with our Services. We may also identify other software running on the device for anti-fraud and malware-prevention purposes, but without accessing its content;
(e) Service usage information, including access time, browser type and language, and IP address;
(f) Information obtained from third-party sources, such as verification services, mailing lists, and publicly available information, including your government-issued ID number, where lawful;
(g) Data collected via cookies and web beacons, as explained further in Clause 9 of this Policy;
(h) ID images, utility bills, and other documents requested by us and provided by you;
(i) Employment information;
(j) Information you provide in response to our contests, promotions, surveys, or other communications; and
(k) Any communications you send to us, along with metadata associated with such communications.
6.2 We may collect Personal Data during the registration for our Services, our identity or account verification processes, or during your use of our Services.
6.3 You affirm that all Personal Data you provide is accurate and complete. You agree to notify us of any changes to your Personal Data within a reasonable timeframe.
6.4 We do not knowingly collect Personal Data from, or market to, individuals under 18 years of age. By using our Services, you confirm that you are at least 18 years old. If we learn that Personal Data from users under 18 has been collected, we will deactivate their access and take appropriate steps to delete such Personal Data promptly.
7. MODE OF COLLECTION
7.1 Information You Provide Directly:
(a) When you interact with us or access our Platform such as opening a digital wallet or using other Services, we may collect essential information about you to create an account (Account). Depending on the Services you select, we may request your name, postal address, telephone number, email address, and identification details. As a registered user, you may also upload data or submit various inquiries.
(b) Occasionally, we invite you to participate in surveys, promotions, or contests. Participation may require providing Personal Data, such as your name and email address.
(c) If you correspond with us via email, we may collect the information you provide for specific purposes, including support, and store it in a record associated with you.
7.2 Information Collected Automatically. We may also receive and store certain Personal Data about you and your device(s) automatically when you access or use our Services. This Personal Data may include:
(a) Technical Information: Data related to your activity on our Platform, which may include your browser type, operating system, IP address (internet address), unique device identifiers, and device type.
(b) Site Usage Information: Information that helps us understand customer traffic patterns and usage, such as the page you visited before accessing our Platform and the specific Platform pages or features you accessed and how long you spent on each.
(c) Site Preferences and Cookies: Information about your preferences to improve your productivity on our Platform via cookies. Cookies enhance your experience by saving preferences for you. For details on our cookie usage, please see Clause 9 of this Policy.
7.3 Information Collected from Third-Party Services:
(a) We may collect Personal Data from third-party partners who have your consent to provide us with this Personal Data. With your authorization, we obtain data from third parties and service providers you permit to collect, process, and share your information.
(b) Additionally, we may collect Personal Data indirectly from you through authorized partner entities that share your Personal Data with us to enable your access to our Services on the Platform.
8. USE OF PERSONAL DATA
8.1 We do not sell, exchange, or disclose your Personal Data, whether public or private, to any other person without your consent, except for the explicit purpose of delivering our Services to you and complying with legal or regulatory obligations we have.
8.2 We collect, process, and use your Personal Data for the following purposes:
(a) to deliver our Services;
(b) to enhance, personalize, and facilitate your use of our Services;
(c) to measure, customize, and improve our Services, including Platform design, content, and functionality, or to track and analyse usage trends related to our Services;
(d) to analyse Service usage;
(e) to improve our customer service;
(f) with your consent, to send you periodic emails, news, information, conduct surveys, or collect feedback about our Services. We may also communicate with you regarding products, services, contests, promotions, offers, rewards, and other matters based on your preferences and applicable law;
(g) to manage our internal information systems;
(h) to maintain backup databases and retain records in accordance with our policies and applicable law;
(i) to communicate with you, including delivering information or support your request, sending technical notices, security alerts, support messages, transaction messages, and Service-related notices, resolving disputes, collecting fees, or providing assistance;
(j) to establish, exercise, or defend legal claims in court, administrative, or out-of-court procedures to protect our legal rights, your rights, or those of others;
(k) to comply with legal obligations or contractual requirements with third parties;
(l) to develop new products and services; and
(m) for purposes including Safeguarding our rights, property, or the security and integrity of our Services; enforcing the terms of our agreements or policies; verifying your identity (using government issued identification numbers); preventing, detecting, and investigating fraud, security breaches, and other prohibited activities; and complying with any applicable law, regulation, or legal process.
8.3 We may engage third-party service providers to process your Personal Data within the United Arab Emirates (UAE) or in other countries. We ensure that third parties process Personal Data based on legitimate grounds and lawful instructions, in compliance with the PDPL and other legal standards.
9. COOKIE POLICY
9.1 What is a Cookie?
(a) A cookie is a small, encrypted text file stored on your computer or mobile device when you visit a website. Cookies are selected pieces of information sent from websites or applications to your device, enabling us to recognize you and enhance your experience. Cookies can remain stored for varying lengths of time on your browser or device.
(b) We use both session cookies (which expire upon closing your browser) and persistent cookies (which remain on your device until deleted) to collect Personal Data, allowing us to personalize your Platform experience based on your interests and needs.
9.2 How We Use Cookies
(a) When you use and access our Platform, we may place several cookie files on your browser. We use cookies to enable essential Platform functions, such as analytics, fraud prevention, preferences storage, and to deliver advertisements, including behavioural advertising. Cookies also enhance your browsing experience by:
i. Recognizing your login and preferred settings;
ii. Providing a tailored experience with content relevant to you; and
iii. Analysing site usage to troubleshoot issues and monitor performance.
(b) In addition to our own cookies, we may also utilize third-party cookies to report site usage, deliver ads, and provide related services.
9.3 We utilize the following types of cookies:
(a) Essential Cookies: Necessary for navigation on our Platform, these cookies enable Services at your request, authenticate users, and prevent fraud.
(b) Performance Cookies: Used to gather data on Platform use, such as selected Services and error messages, enabling us to improve performance and customization. Performance cookies do not collect identifiable information, as they operate anonymously.
(c) Functionality Cookies: Used to remember your choices, such as username, login details, and language preferences, allowing for enhanced, customized features.
(d) Advertising and Targeting Cookies: Used to collect details about your site visit, content viewed, browsing habits, links followed, and information about your browser, device, and IP address, aiding in targeted ads and measuring ad effectiveness.
9.4 Please note that if you delete or refuse cookies, some Platform features may be unavailable, and certain pages may not display correctly. The Group disclaims responsibility and liability for any losses resulting from your decision or inability to use cookies.
10. PROCESSING AND USE OF USE AGGREGATED, ANONYMIZED, AND DE-IDENTIFIED DATA
10.1 We may create, process, collect, use, and share aggregated, anonymized, or de-identified data such as statistical or demographic information derived from your Personal Data. This data may be used to meet legal or regulatory obligations.
10.2 We may share this information with members of our group, service providers, and key partners. If any third parties are located outside the jurisdictions governed by this Policy, we will take all necessary steps to ensure the secure handling of your Personal Data and compliance with applicable data protection laws for such transfers.
10.3 Additionally, we may use any Personal Data described above to manage and operate our business, detect and prevent misuse of our Services (including fraud and unauthorized transactions), and to enforce our Terms and Conditions or any other relevant agreements.
11. YOUR REFUSAL OR INABILITY TO PROVIDE NECESSARY PERSONAL DATA
11.1 If you fail, neglect, refuse, or are otherwise unable to provide us with the Personal Data required to deliver our Services or to comply with legal obligations (e.g., identification information for KYC/AML compliance), we may be unable to offer you access to our Platform. In such cases, we reserve the right to discontinue providing Services or to close your Account. We will notify you as soon as possible in such an event.
12. PROCESSING WITHOUT CONSENT
12.1 We may, in certain instances, collect and process your Personal Data without your knowledge or consent, but only where required or permitted by law. If required by court order or similar legal directive, we may be obligated to disclose your Personal Data to legal authorities. Other situations in which processing may occur without your explicit consent include:
(a) processing of Personal Data you have made publicly available;
(b) processing necessary to initiate or defend legal claims or associated with judicial proceedings;
(c) processing necessary to perform any contract involving you, or actions taken upon your request to conclude, amend, or terminate a contract; and
(d) processing necessary for public interest.
13. DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES
13.1 Any third party receiving or accessing Personal Data must protect it and use it solely for the purposes of performing services for you or us, unless otherwise required or permitted by law. We ensure that third parties are aware of our obligations under this Policy and contractually bound by terms that offer data protection equivalent to or exceeding our commitments under this Policy and applicable data protection laws. Upon the termination of a business relationship, we ensure all Personal Data is either retrieved or destroyed by such third parties. Contracts with third parties also prohibit unauthorized use of your data.
13.2 We may disclose relevant Personal Data in the following instances:
(a) Where legally required, to comply with applicable laws, governmental requests, judicial proceedings, court orders, or legal processes (e.g., responding to public authorities for national security or law enforcement). Additionally, we may disclose Personal Data to investigate, prevent, or act upon potential policy violations, fraud, safety threats, illegal activities, or for use as evidence in legal proceedings. We may also disclose Personal Data to enforce the terms and conditions of contracts or to protect the rights, safety, and security of our users, others, or the public.
(b) In connection with, or during negotiations of, a merger, sale of assets, financing, acquisition of all or part of our business, dissolution, or other business transaction. In the case of insolvency, bankruptcy, or receivership, your Personal Data may be transferred as a business asset. If acquired, the new entity will assume the rights and obligations associated with your Personal Data under this Policy.
(c) To governmental, regulatory, or judicial authorities, associates, agents, attorneys, or representatives as required for compliance with legal obligations or for legal claim establishment, exercise, or defence in any judicial, administrative, or alternative legal process.
(d) To suppliers or subcontractors as necessary to deliver our Services to you;
(e) Where we use third-party advertisers to deliver ads relevant to your interests, subject to your express consent;
(f) To group companies, including affiliates, for Service provision, legal compliance, and quality improvements;
(g) To third-party vendors, service providers, contractors, or agents who perform specific tasks on our behalf and require Personal Data access to complete their work, such as payment processing, customer management, data analysis, email delivery, hosting, customer support, quality assurance, technical support, and marketing;
(h) To business partners conducting campaigns, contests, offers, or other events in connection with our Services; and
(i) To other users of our Services with whom you interact. For example, Personal Data may be shared when you execute a transaction.
14. INTERNATIONAL TRANSFER FOR YOUR PERSONAL DATA
14.1 Your Personal Data is stored and transferred in compliance with UAE laws and regulations.
14.2 We prioritize customer Personal Data privacy and protection, whether for merchants, individuals, or indirect beneficiaries, and ensure compliance with relevant data protection laws applicable to domestic and cross-border Personal Data transfers.
14.3 Be aware that certain third-party service providers, such as payment processors, may operate in or have facilities located outside your jurisdiction or ours.
14.4 In cases where Personal Data is transferred to international organizations or countries without adequate data protection laws, we will ensure your Personal Data is safeguarded using necessary protections, such as adequacy decisions, binding corporate rules, or standard contractual clauses. Transfers may also occur based on your express consent, for judicial processes, to perform or enter into a contract, for international judicial cooperation, or for public interest protection. We will notify you if additional safeguards are applied for international transfers, upon request.
14.5 For specific information on third-party service providers with whom we have shared your Personal Data, please contact us at dpo@astratech.ae. If you engage a third-party service provider, your Personal Data may be subject to the laws of that provider’s jurisdiction. We recommend reviewing their privacy policies for further information on Personal Data handling practices.
15. THIRD PARTY ADVERTISING AND ANALYTICS
15.1 We may permit third-party service providers to deliver content and advertisements associated with our Services, as well as provide anonymous metrics and analytics. These providers may use cookies, web beacons, and other tools to collect information such as IP addresses, device identifiers, browsers, viewed webpages, time spent on pages, clicked links, and conversion data. This Personal Data helps us and our service providers analyse Service usage, assess content popularity, deliver targeted ads, and better understand user interactions.
15.2 The third-party service providers we engage are contractually obligated to maintain confidentiality and comply with applicable laws concerning the use of your Personal Data.
15.3 This Policy does not govern third-party cookies, web beacons, or other tracking technologies, which are subject to their respective privacy policies. For further details, we encourage you to consult these third parties’ privacy practices.
16. LINKS TO THIRD PARTY WEBSITES
16.1 Our Platform or communications may contain links to third-party websites not owned or operated by us. These sites are governed by their own privacy policies. If you click on a third-party link, you will be redirected to that third-party’s platform. We strongly recommend reviewing the privacy policy of each platform you visit.
16.2 This Policy does not apply to third-party websites, and we are not responsible for their privacy practices, even if accessed through links on our Platform or communications. These third parties typically include:
(a) Advertising, direct marketing, lead generation, and other marketing service providers;
(b) SMS and email notification service providers;
(c) Foreign and domestic financial and credit institutions; and
(d) Auditors.
17. YOUR RIGHTS
17.1 You have the following rights concerning your Personal Data:
(a) Right to Access Information. You may request and obtain details such as:
(b) Categories of Personal Data processed
(c) Purpose of processing;
(d) Any automated decision-making involving your Personal Data;
(e) Entities with whom your Personal Data is shared;
(f) Controls or standards governing Personal Data storage;
(g) Actions taken for Personal Data rectification, restriction, or erasure upon your request;
(h) Safeguards for cross-border Personal Data transfers;
(i) Measures for Personal Data breach management affecting you; and
(j) Procedures for filing complaints with the UAE Data Office.
17.2 We may refuse your request if it is repetitive, conflicts with judicial proceedings or investigations, compromises information security efforts, or involves third-party privacy concerns.
17.3 Right to Rectification. You may correct any inaccuracies or complete incomplete Personal Data concerning you.
17.4 Right to Erasure. You may request erasure of your Personal Data if:
(a) The Personal Data is no longer necessary for the original purpose;
(b) You withdraw consent for consent-based processing;
(c) You object to processing under applicable law;
(d) Your Personal Data was unlawfully processed; or
(e) Erasure is required for legal compliance.
17.5 We may decline erasure if the Personal Data is needed for legal obligations or for establishing or defending legal claims.
17.6 Right to Restrict Processing. You may restrict Personal Data processing if:
(a) you contest the Personal Data’s accuracy;
(b) processing is unlawful;
(c) Personal Data is no longer necessary for processing, but you need it for legal claims; or
(d) you have objected to processing, pending verification. We may continue to store Personal Data but will limit other processing unless: (i) you consent; (ii) for legal claims; (iii) to protect rights of another person; or (iv) for public interest.
17.7 Right to Stop Processing. You may object to and stop processing of your Personal Data in the following cases:
(a) if processing is for direct marketing;
(b) if processing is for statistical surveys, unless required for public interest;
(c) if processing contravenes PDPL controls as per Clause 4 (Personal Data Protection).
17.8 Right to Data Portability. You may request Personal Data portability to the extent that:
(a) processing is based on your consent or a contractual necessity; or
(b) processing is automated.
17.9 You may receive your Personal Data in a structured, machine-readable format and may also request direct transmission to another entity, where feasible.
17.10 Right to Object to Automated Decision Making. You may object to automated decision-making with legal or significant effects. We may deny requests if such processing aligns with a contract, complies with legal requirements, or is expressly consented by you.
17.11 Right to Lodge a Complaint. In the UAE, you may file complaints with the UAE Data Office (if domiciled or operating in the UAE) or the CBUAE Consumer Protection Department.
18. SUBMISSION OF REQUESTS FOR EXERCISING YOUR RIGHTS
18.1 We aim to respond promptly to legitimate requests, typically within two calendar months. If additional time is required due to complexity or volume, we will inform you of receipt and provide progress updates.
18.2 To exercise rights under Clause 17, contact us at dpo@astratech.ae. We may request specific information to verify your identity and entitlement to these rights, ensuring your Personal Data is disclosed only to authorized individuals.
19. DATA RETENTION
19.1 We retain your Personal Data on your behalf, including customer, transactional, and session data linked to your account.
19.2 Your Personal Data will be processed only for the necessary duration to fulfil collection purposes, provide Services, and meet legal, accounting, reporting, regulatory, or law enforcement requirements. All documents and records will be securely retained for a minimum of five years, as mandated by CBUAE Consumer Protection Regulations and Standards, starting from the date your Account is closed.
20. SECURITY PRECAUTIONS AND MEASURES
20.1 Information Security:
(a) We prioritize data security and have implemented physical, electronic, and managerial safeguards to prevent unauthorized access or disclosure. Industry-standard encryption and access restrictions apply to stored Personal Data, which is accessible only by authorized personnel with confidentiality obligations.
(b) Our facilities are regularly scanned for security vulnerabilities. Your Personal Data is stored on secured networks with limited access.
(c) We also have contingency mechanisms for accessing your Personal Data in case of system failure and conduct periodic testing of security measures to ensure their effectiveness.
20.2 No Guarantee:
(a) While we strive to secure Personal Data, we cannot guarantee 100% security for internet transmissions or electronic storage.
(b) Despite our efforts, we do not warrant the complete security of facilities; Personal Data transmission is at your own risk.
(c) We do not guarantee against unauthorized access, disclosure, alteration, or destruction of data. Always verify that websites requesting financial or payment information are legitimate.
(d) If you receive suspicious communication, avoid providing information and report it immediately to dpo@astratech.ae. Notify us promptly of any unauthorized account access.
(e) We cannot secure Personal Data once transmitted to us or received by us via internet or wireless means. If you suspect data security issues, please contact dpo@astratech.ae.
(f) We conduct security risk assessments and implement risk mitigation measures to safeguard Personal Data integrity.
20.3 Data Breaches. In the event of a Personal Data breach threatening your security, we will promptly inform you of the breach’s nature, potential consequences, and the measures taken to mitigate its impact on your rights. The CBUAE will also be notified in accordance with regulations. For more information, contact dpo@astratech.ae.
21. CONTACTING US
21.1 For questions or complaints about this Policy, please reach out to us at dpo@astratech.ae.
21.2 For inquiries about your information or this Policy, contact us anytime at dpo@astratech.ae.
LAST UPDATED 24 MARCH 2025