Privacy Notice
How we protect and handle your personal data
Last Updated: 17 December 2025
1. Introduction and Commitment
At Hazara Pay, we recognize that trust is the foundation of our service. This Privacy Notice outlines our firm commitment to protecting your personal data and explains how we collect, use, disclose, and safeguard your information when you use our website, www.hazarapay.com, and our mobile topup services.
Your privacy is of paramount importance to us. We process your personal data transparently, lawfully, and only for the purposes described herein. We encourage you to read this notice carefully to understand our practices.
Your Rights:
You have the right to object to the processing of your personal data where such processing is based on our legitimate interests. You also have the right to opt-out of direct marketing at any time.
2. Data Controller
The data controller responsible for your personal data is:
Hazara Pay
Email us: privacy@hazarapay.com
3. Scope and Information We Collect
This notice applies to all users of our Services: visitors to our website, customers who create an account, and anyone who sends a topup.
To provide our Services, we may collect and process the following categories of personal data:
| Category | Examples of Data Collected | Primary Purpose |
|---|---|---|
| Identity & Contact Data | Full name, email address, telephone number. | To create and manage your account, communicate about transactions, and provide customer support. |
| Financial & Transaction Data | Transaction history (amount, destination number, date/time), partial payment card information (processed securely via PCI-DSS compliant partners), billing address, PayPal ID. | To process your payments, fulfill your topup requests, and manage refunds or chargebacks. |
| Technical & Usage Data | IP address, browser type and version, device identifiers, time zone, operating system, pages you visit, and journey through our website. | To ensure our website functions correctly, for security monitoring, and to analyze and improve our Services' performance and user experience. |
| Recipient Data | The Afghan mobile phone number you are topping up. | This is the essential data required to execute the service you have requested. |
We collect this data:
- Directly from you: When you register, make a transaction, or contact our support team.
- Automatically: As you interact with our website, via cookies and similar technologies (see our Cookie Policy).
- From third parties: Such as payment processors, fraud prevention services, and (where applicable and lawful) marketing partners.
4. How We Use Your Data (Purposes & Legal Bases)
We will only use your personal data when the law allows us to. The table below details our purposes and the legal bases we rely on.
| Purpose of Processing | Legal Basis (Under GDPR/Similar Regulations) |
|---|---|
| To register you as a customer and manage your account. | Performance of a Contract with you. |
| To process and complete your topup transaction, including transferring funds to the Afghan mobile operator. | Performance of a Contract with you. |
| To manage our relationship, including notifying you of service changes, and providing customer care. | Performance of a Contract and Legitimate Interests (to grow our business and improve service). |
| To administer and protect our business and website (e.g., troubleshooting, security, fraud prevention). | Legitimate Interests (for running our business, network security) and Compliance with a Legal Obligation. |
| To use data analytics to improve our website, products/services, and user experience. | Legitimate Interests (to define types of customers, keep our website updated, and inform marketing strategy). |
| To send you non-essential marketing communications about promotions or similar services. | Consent (where required by law) or Legitimate Interests (for existing customers regarding similar services). |
5. Data Sharing and International Transfers
We may share your personal data with the following categories of third parties under strict confidentiality agreements:
-
•
Afghan Mobile Network Operators (MNOs): (e.g., AWCC, ATOMA, Roshan, Salaam, Etisalat). We must share the recipient's number and topup amount to fulfill your transaction.
-
•
Payment Service Providers: Secure third parties who process your financial transactions.
-
•
Cloud Infrastructure & IT Service Providers: Companies that host our website and data, typically within the EU or other jurisdictions with adequate data protection levels.
-
•
Professional Advisors: Such as lawyers, auditors, and insurers.
-
•
Government & Law Enforcement: Where required by applicable law, regulation, or legal process.
International Transfers:
Our core service involves transferring transaction instructions to Afghanistan. Where we transfer data to countries not deemed to have adequate data protection laws (like Afghanistan), we ensure safeguards are in place, such as relying on explicit consent for the specific transaction or implementing strict contractual clauses with partners to protect your data.
6. Data Security
We have implemented robust technical and organizational security measures designed to protect your personal data from accidental loss, unauthorized access, alteration, or disclosure. These include encryption, access controls, and secure server environments. While we strive to protect your data, no electronic transmission or storage system is 100% secure.
7. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. Our retention periods are based on:
- The ongoing need to provide services to you.
- Our legal obligations (e.g., tax laws require keeping transaction records for several years).
- Whether retention is advisable for fraud prevention or dispute resolution.
8. Your Legal Rights
Depending on your location, you may have rights under data protection laws, which may include:
-
•
Access: Request a copy of your personal data.
-
•
Rectification: Request correction of inaccurate or incomplete data.
-
•
Erasure ("Right to be Forgotten"): Request deletion of your data under certain conditions.
-
•
Restriction: Request we limit the processing of your data.
-
•
Objection: Object to processing based on legitimate interests or for direct marketing.
-
•
Portability: Request transfer of your data to another service provider.
-
•
Withdraw Consent: Revoke consent at any time where processing is based on consent.
To exercise any of these rights, please contact us at privacy@hazarapay.com. We may need to verify your identity before proceeding. You also have the right to lodge a complaint with your local data protection authority.
9. Marketing Choices
You will receive service-related transactional messages essential to your account. For promotional marketing, we will seek your explicit consent where required. You can opt-out of marketing emails at any time by clicking the "unsubscribe" link in any email or by contacting us.
10. Third-Party Links
Our website may contain links to third-party sites (e.g., mobile operator websites). This Privacy Notice does not apply to those sites. We encourage you to read the privacy notice of any website you visit.
11. Changes to This Privacy Notice
We may update this notice periodically to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the new notice on our website and updating the "Last Updated" date. We encourage you to review this notice periodically.
12. Contact Us
For any questions, concerns, or requests regarding this Privacy Notice or your personal data, please contact our Data Protection lead:
Email: privacy@hazarapay.com
Subject Line: Privacy Notice Inquiry