Total Processing is now part of
Nomupay (we, us, ours) and its subsidiaries, namely Total Processing Payment Services Provider LLC (TP UAE, we us, ours), are committed to safeguarding your privacy and ensuring the protection of your personal data. Our global privacy and data protection programme reflects our dedication to maintaining the highest standards of data security and privacy compliance across all our operations. This policy outlines how we collect, use, disclose, and protect your information, ensuring transparency and trust in our practices.
We are committed to compliance with Data Protection Laws, regulations and rules. This privacy policy applies to TP UAE and is based on the fundamental principles of the Federal Data Protection Laws of the UAE.
TP UAE is part of Nomupay Group, a global payment technology company that provides a range of services designed to enable businesses, platforms, and merchants to manage and process secure online payment transactions. We are committed to providing innovative solutions that streamline financial operations while prioritising the security and privacy of the data we handle.
This Privacy Policy applies to the personal data we collect within the UAE through our products, merchant services (“Services”), and our online presence, including our website nomupay.com (our "Site"). It explains the types of Personal Data we collect, how we use it, who we share it with, and your rights and choices regarding your data.
We also provide information on how you can contact us regarding our privacy practices and exercise your rights under applicable data protection laws.
This Privacy Policy does not apply to any third-party websites, products, or services that may be linked to or accessible via our Services or Site. We encourage you to carefully review the privacy policies of those third parties, as they may have different practices.
TP UAE and Nomupay have appointed a Group Data Protection Officer (DPO), who acts as the central point of contact for all data protection matters across our global operations. TP UAE follows the group DPO.
You can contact the Group Data Protection Officer at any time for inquiries related to your personal data, including the exercise of your data protection rights, by using the following contact details:
Contact Information:
We take your privacy seriously and aim to respond to your inquiries promptly. If you have concerns about how we handle your personal data, the DPO will assist in addressing them in accordance with the law.
As a Data Subject you have a number of rights that you are entitled to exercise subject to the Federal Data Protection Law. To exercise any of these rights, please contact us at data.privacy@nomupay.com
| Examples of Data Subject Rights | Description |
| Right to receive information (Article 13) | You have the right to be informed about how your Personal Data is collected, used, and shared. This includes clear and transparent privacy policies that explain how we handle your Personal Data. |
| Right to request transfer of personal data (Article 14) | You have the right to request that we transfer your Personal Data to another service provider, where technically feasible. This allows you to move, copy, or transfer your data in a structured, commonly used, and machine-readable format. |
| Right to correction or erasure of Personal data (Article 15) | You have the right to request that we correct or update your Personal Data if it is inaccurate, incomplete, or outdated. You have the right request that we erase your Personal Data in certain circumstances, for example, if the data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent and there is no other lawful basis for processing |
| Right of restriction (Article 16) | You have the right to request that we restrict the processing of your Personal Data in certain circumstances. This means we can store your Personal Data but not use it, for example, while we assess or verify another request you’ve made. |
| Right to stop Processing (Article 17) | You have the right to object to the processing of your Personal Data in the following cases: If the processing is intended for the purposes of direct marketing, including profiling related to direct marketing If the processing is intended for the purposes of conducting statistical surveys, unless the processing is necessary to serve the public interest If the processing is carried out in violation of the data processing controls as documented in Article 5 |
| Rights to processing and automated processing (Article 18) | You have the right to object to any decisions resulting from automated processing, including profiling, which may significantly affect you. If we use automated decision-making, you have the right to request human intervention and challenge such decisions. |
If you wish to exercise any of the rights outlined above, please contact us by emailing data.privacy@nomupay.com
We will make every effort to comply with your request as required by law. If we no longer hold your Personal Data, we will not be able to respond to your request.
Automated Decision-Making (Profiling)
TP UAE and Nomupay do not currently use automated decision-making or profiling mechanisms. If we introduce such processes in the future, we will update this privacy policy to provide more details about how we use them and how you can exercise your rights in relation to them.
Identity Verification
For your protection, we may need to verify your identity before processing your request. This could include verifying that the email address you use to submit the request matches the one we have on file for you or providing copies of identification so that we can verify you. We will not gather more data than necessary to verify your identity.
Complaints
If you are dissatisfied with how we have handled your request or believe your rights have been infringed, you have the right in the first instance to lodge a complaint with us by contacting data.privacy@nomupay.com. If you are still not happy with the outcome following the internal review, then you have the right to log your complaint to the Data Office who are the local supervisory authority within the UAE.
We use many kinds of personal data. The type of data that we collect about you depends on the circumstances of the collection, the nature of requested service(s), and the transaction(s) performed.
| Purpose | Type of Data processed | Specific Data Items | Source of the data | Legal Basis for processing |
| When users visit the website and collecting data to understand how users interact with the website and improve their experience. | Usage Data, Technology Data | IP address, browser type, operating system, device information, pages visited, time spent on site, Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the language version of the Sites you are visiting; | Directly from user’s device via cookies and tracking technologies | Consent (Primary) |
| To facilitate and enable our relationship with you as a prospective, new or existing merchant. | Personal Identifiable Data, Contact Data | Name, email address, phone number, address, date of birth | Directly from you | Consent Performance of a Contract |
| Processing data to facilitate and manage transactions and services. | Transaction Data, Financial Data | Payment details, transaction history, account balance, payment method | Directly from user, financial institutions | Performance of a Contract, Legal Obligation |
| Collecting data to send marketing materials and communication with users. Such as: in response to marketing or other communications, through social media or online forums, through participation in an offer, program or promotion, in connection with an actual or potential business relationship with us, or by giving us your business card or contact details at trade shows or other events. | Contact Data, Usage Data | Full name, Email address, browsing behaviour, preferences | Directly from user, cookies and tracking technologies | Consent |
| Ensuring compliance with our legal and regulatory requirements. | Personal Identifiable Data, Financial Data | Identification documents, transaction records, compliance checks | Directly from user, regulatory bodies | Legal Obligation This is legally required to cover “Anti-Money Laundering (“AML”) and Know-Your-Customer (“KYC”)” obligations. |
| You may provide us with your personal data by filing forms online, corresponding with us by phone, email, through social media, in person, through a recruitment agency or otherwise when you apply for a job position at Nomupay. | Personal Identifiable Data, Employment Data | Full name, contact details, education history, training and professional experience, current and previous employment history, information required to prepare your employment agreement with us including a clear criminal record certificate and reference letters, interview notes, information about your health such as any disability you may have, and you need to disclose with us. | Directly from job applicants | Consent |
| Using data to manage relationships with partners and vendors. | Contact Data, Contract Data | Name, contact details, contract terms, payment details | Directly from partners and vendors | Performance of a Contract, |
| If you are a cardholder, when you make payments or conduct transactions | Personal Identifiable Data, Financial Data | Payment Method such as credit or debit card information, purchase amount, date of purchase, and payment method | Directly from you or via a Nomupay Merchant | Performance of a Contract |
| Auditing and financial reporting for statutory auditing, tax filings, and compliance with financial regulations. | Financial Data, Transaction Data | Account information, transaction records, compliance documentation | Directly from user, internal systems | Legal Obligation |
| Corporate due diligence for mergers or acquisitions to assess business assets, including data, during mergers or acquisitions. | Personal Identifiable Data, Financial Data, Transaction Data | Customer information, transaction records, employee data, business contracts | Directly from internal systems or external auditors | Legal Obligation |
| Health and safety monitoring for workplace safety and emergency management. | Personal Identifiable Data, Employment Data, Health Data | Emergency contact details, workplace health disclosures | Directly from employees or contractors | Legal Obligation, Consent |
TP UAE and Nomupay do not sell or rent Personal Data to marketers or unaffiliated third parties. We share your Personal Data with trusted entities, as outlined below, and always ensure that appropriate safeguards are in place to protect your data.
TP UAE and Nomupay Group
We share Personal Data with other Nomupay entities globally to provide our Services, ensure operational efficiency, and for legitimate internal administrative purposes. Such sharing is done in accordance with applicable data protection laws, including the use of appropriate safeguards (e.g., Standard Contractual Clauses) to ensure the secure transfer of data between entities.
Service Providers
We share Personal Data with a limited number of trusted service providers who perform services on our behalf, such as website hosting, data analysis, IT and infrastructure support, customer service, email delivery, and auditing. These service providers are contractually obligated to use or disclose Personal Data only to perform services on our behalf or comply with legal requirements. We require all service providers to implement robust security measures and ensure confidentiality.
Business Partners
We share Personal Data with third-party business partners, such as banks, payment method providers, and financial institutions, to facilitate payment processing and provide our Services to Business Merchants. These entities use the Personal Data solely for purposes related to processing transactions or other agreed-upon services.
Authorised Third Parties
We share Personal Data with third parties explicitly authorised by a Business Merchant to receive such information. The use of Personal Data by these third parties is governed by their own privacy policies.
Corporate Transactions
In the event of a corporate transaction, such as a reorganisation, merger, acquisition, sale, joint venture, assignment, transfer, change of control, or other business disposition, we may share Personal Data with relevant parties. This sharing is necessary to facilitate and complete the transaction, and we ensure that appropriate confidentiality measures are in place throughout the process.
Compliance and Harm Prevention
We share Personal Data when we believe it is necessary to:
Regulatory Compliance and Reporting
We may share Personal Data with relevant regulatory or tax authorities to fulfil our legal or compliance obligations, including anti-money laundering (AML) and counter-terrorist financing (CTF) requirements, where applicable. This may include sharing transaction records, customer identification documents, and other compliance-related data.
Analytics and Service Improvement
We use aggregated and anonymised Personal Data for analytics and research purposes to improve our products, services, and user experience. This data cannot be used to identify any individual and is shared with trusted partners who assist in improving our systems and offerings.
Employee and Contractor Management
We share Personal Data internally or with third-party service providers for employee and contractor-related purposes, such as payroll processing, benefits administration, training, and compliance with employment regulations. All shared data is strictly limited to what is necessary for these purposes.
In order for us to perform and comply with our contractual and statutory obligations your personal data may be provided to various service providers and third parties only in cases we have a legal basis to do so. Such service providers and third parties enter into contractual agreements with TP UAE and / or Nomupay - to ensure confidentiality of your personal data and compliance with applicable Data Protection Regulations and local laws and regulations.
Recipients of your personal data may be:
| Type of Recipients | Why we share your personal data |
| Supervisory Authorities, Law Enforcement Agencies | To comply with legal and regulatory obligations, including combating money laundering, terrorism financing, tax compliance, and other statutory obligations. |
| Background Screening Agencies | To conduct fraud prevention, anti-money laundering (AML) checks, sanctions screening, criminal record checks, and commercial and credit risk assessments. |
| Banking and Financial Service Partners | To facilitate the provision of payment services, including partnerships with correspondent banks, payment networks (e.g., Visa and MasterCard), and card associations. |
| Analytics and Search Information Providers | To understand how users interact with our services, improve user experience, and optimise service delivery. For more information or to opt out, refer to our Cookie Policy. |
| Technology Service Providers | To secure, store, and manage data through file storage, cloud storage, and IT infrastructure services that ensure the resilience and security of our services. |
| Marketing Service Providers | To run campaigns, events, and activities, including advertising via social media and other platforms. |
| Professional Advisors | To comply with regulatory and legal obligations, through assistance from lawyers, financial consultants, and internal and external auditors. |
| Acquiring Partners and Alternative Payment Providers | To provide the payment services requested by you, ensuring a seamless and secure transaction process. |
| Regulatory and Tax Authorities | To comply with statutory tax reporting and other regulatory compliance requirements, including cross-border reporting obligations where applicable. |
| Third-Party Vendors for Customer Support | To facilitate customer service and support, including handling inquiries, complaints, and technical support issues. |
| Fraud Monitoring and Security Providers | To prevent fraud, ensure security, and protect against unauthorised access or malicious activities affecting our systems or services. |
| Insurance Providers | To manage risk, ensure compliance with insurance obligations, and provide coverage for potential liabilities. |
| To manage risk, ensure compliance with insurance obligations, and provide coverage for potential liabilities. | To facilitate the recruitment process, including background checks, verification of qualifications, and assessment of candidates. |
| Corporate Transaction Participants | In the event of mergers, acquisitions, restructuring, or similar corporate transactions, to facilitate due diligence and compliance with legal obligations. |
At TP UAE and Nomupay, we implement a range of organisational, technical, and administrative measures to ensure a level of security appropriate to the risk associated with processing Personal Data. These measures are designed to safeguard Personal Data from unauthorised access, destruction, loss, alteration, or misuse.
Access to Personal Data is strictly limited to authorised personnel who require the data to perform their duties. These individuals undergo regular training on secure data handling practices to ensure the confidentiality and integrity of the information entrusted to us.
Although we make every effort to protect Personal Data, no data transmission or storage system can be guaranteed to be completely secure. If you suspect that the security of your account or Personal Data has been compromised, please notify our Data Protection Officer immediately at data.privacy@nomupay.com or alex.knox@nomupay.com
Data Retention
We retain Personal Data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, or as required by law.
For TP UAE and Nomupay Business Merchants:
Legal, Tax, and Regulatory Compliance:
Dispute Resolution and Record-Keeping:
Personal Data may also be retained for longer periods to resolve disputes, enforce our agreements, or comply with statutory limitation periods where applicable.
Security Monitoring and Fraud Prevention:
Personal Data may be retained to monitor for potential security threats and fraudulent activity, even after your account or relationship with TP UAE and Nomupay ends.
Data Minimisation:
When Personal Data is no longer required, we securely delete or anonymise it in line with applicable legal and regulatory requirements.
This Privacy Policy applies to the United Arab Emirates (UAE).
We comply with the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.
Supervisory Authority - UAE Data Office
Website: https://u.ae/en/about-the-uae/digital-uae/data-protection
TP UAE and Nomupay operate as a global business, and in providing our services, your personal data may be shared with other Nomupay entities or third-party suppliers located in various countries. This may involve transferring your personal data outside the United Arab Emirates.
To facilitate our global operations, we may share your personal data within the Nomupay group, including entities located in jurisdictions such as the United Kingdom, Malaysia, Thailand, the Philippines, Singapore, and Hong Kong. Additionally, many of our vendors and service providers are based outside the UAE, meaning that the processing of your personal data may require transfers to these regions.
Whenever personal data is transferred outside the UAE Nomupay ensures that appropriate safeguards are implemented to protect your data. Specifically:
By implementing these measures, we ensure that your personal data is protected in compliance with the Federal Data Protection Law.
If you have any questions or require further information about our international data transfer practices, please contact us at data.privacy@nomupay.com. Please contact Alex.knox@nomupay.com if you want additional information on the mechanisms used when transferring your personal data outside of the UAE.
As part of our operations, TP UAE and/or Nomupay may engage third-party companies, known as sub-processors, to process Personal Data on our behalf. This is typically the case where we are acting as a Controller and have delegated certain processing activities to third parties who provide services such as hosting, data analysis, customer support, and payment processing.
We take great care in selecting our sub-processors, ensuring that they meet high standards of data protection. All sub-processors are contractually bound to adhere to the same data protection obligations as we do. Specifically, we ensure that sub-processors provide sufficient guarantees and implement appropriate technical and organisational measures to protect Personal Data and comply with the UAE Federal Data Protection Law.
Our Services are not directed at children under the age of 18 (eighteen). If we learn that any information, we collect has been provided by a child under the age of 18 (eighteen), we will promptly investigate, quarantine and or delete the information, depending on the case.
When you visit our sites or use our services, we may place or read cookies on your device, subject always to obtaining your consent, where required and in accordance with applicable laws. We use cookies to provide you with a better user experience, record information about your device, browser and in some cases your preferences. To learn more about the cookies that may be served through our Sites and how you can control our use of cookies and third-party analytics, please see our Cookie Policy
Our sites may contain links to other websites, including via our social media buttons. While we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other websites and a link does not constitute an endorsement of that website. Once you link to another website from our site you are subject to the terms and conditions of that website, including, but not limited to, its privacy policy and practices. Please check these policies before you submit any data to these websites.
Social media buttons such as LinkedIn, Facebook, Instagram, X (Twitter), Spotify, and YouTube, to name a few, are used on our website and can be recognised by their logos. We also use buttons for the embedded videos on our website.
Our buttons will not collect personal data about you unless you click on these logos or videos. If you click on them, these buttons are activated and automatically transmit data to the button provider. We do not have any influence over which data these providers collect from you, and we are also not aware of the extent of their data processing. If you would like more information about their data processing, this can be found in the respective privacy policies on the websites of these providers.
We may change this Privacy Policy from time to time to reflect new services, changes in our Personal Data practices or relevant laws. In such case we will post the updated privacy policy via this link. We do however encourage you to review this statement periodically by visiting our website, so you always stay informed about how we are processing and protecting your personal information.
Any changes are effective when we post the revised Privacy Policy on the Services. We may provide you with disclosures and alerts regarding the Privacy Policy or Personal Data collected by posting them on our website and, if you are a Business Merchant, by contacting you through your TP UAE and / or your Nomupay Account Manager, email address and/or the physical address listed in your TP UAE or Nomupay account.
Date Privacy Policy last updated: February 2025
