Privacy Policy

Effective Date: [Insert Date]

Last Updated: [Insert Date]

1. Purpose

This Privacy Policy outlines how MUNJZ.com (“MUNJZ”, “we”, “our”, or “us”) collects, uses, discloses, and protects personal and financial information submitted or processed through the MUNJZ Collections Management System (“Platform”). We are committed to protecting user privacy and ensuring compliance with applicable laws, including the Saudi Personal Data Protection Law (PDPL) and relevant SAMA guidelines.

2. Scope

This policy applies to:

  • All Users of the Platform, including clients, debtors, agents, and administrators.
  • All data collected via MUNJZ websites, mobile applications, APIs, or third-party integrations.
  • All personal data stored or processed in the course of collections and recovery operations.

3. Types of Data Collected

We may collect and process the following categories of personal and business data:

a. Identity & Contact Information

  • Full name, ID/Iqama number, email, phone number, national address.

b. Financial & Transactional Data

  • Debt amount, payment history, bank details (if required for payment processing), invoices, collection outcomes.

c. Technical Data

  • IP addresses, login timestamps, device identifiers, usage logs, cookies.

d. Communication Records

  • Emails, call logs, voice recordings, SMS messages, consent forms.

e. Verification Documents

  • Company license, KYC documents, POAs, legal contracts, and notarized agreements.

4. Lawful Basis for Processing

We only process personal data when a lawful basis exists under PDPL or relevant regulations, including:

  • Contractual necessity (e.g., fulfilling a debt collection agreement).
  • Legal obligations (e.g., retention required by SAMA or ZATCA).
  • User consent, where required for marketing, sharing, or advanced analytics.
  • Legitimate interest, such as fraud prevention or service improvement.

5. Data Usage

We use the data collected for:

  • Account setup and verification.
  • Performing debt collection activities on behalf of clients.
  • Sending payment reminders or legal notices to debtors.
  • Analyzing collections performance and risk scoring.
  • Responding to customer inquiries and disputes.
  • Compliance with regulatory obligations (e.g., audits, SAMA inspections).

6. Data Sharing & Third Parties

We may share data with authorized third parties under strict confidentiality and only when necessary:

  • Partnered debt recovery agents.
  • Law firms or enforcement entities (with consent or legal basis).
  • Financial/payment service providers (e.g., for direct debits).
  • CRM, ERP, or analytics service providers.
  • Government or regulatory bodies, such as SAMA, when legally required.

Note: MUNJZ does not sell personal data to any third parties.

7. Data Retention

  • Personal data is retained for a minimum of 10 years in accordance with Saudi commercial and financial regulations.
  • Call recordings, communications, and financial records are archived securely and audited periodically.
  • Upon account closure, data will be archived or deleted per retention schedules unless otherwise required by law.

8. Data Protection & Security

We implement strong technical and organizational measures to protect data, including:

  • AES-256 encryption for data at rest.
  • TLS 1.2+ encryption for data in transit.
  • Role-based access controls and audit logs.
  • Multi-factor authentication (MFA) for internal users.
  • Regular penetration testing and internal audits.

9. User Rights (under PDPL)

Users may:

  • Request access to their stored data.
  • Request correction or updating of inaccurate data.
  • Withdraw consent for non-essential data use.
  • Request data deletion, subject to legal exceptions.
  • Lodge a complaint with the relevant authority (e.g., SDAIA or SAMA).
  • Requests can be submitted to:

info@munjze.com

10. Cookies & Tracking Technologies

  • The MUNJZ website and dashboard may use cookies for:
  • Session management and login security.
  • Tracking anonymous usage statistics.
  • Improving platform functionality.

Users can control cookie settings via their browser.

11. International Transfers

As of now, all data is stored and processed within Saudi Arabia. In cases where external processing is required (e.g., backup, cloud analytics), we ensure compliance with PDPL and obtain necessary transfer permissions or user consent.

12. Breach Notification

In the event of a data breach affecting your personal information:

  • We will notify affected users and SAMA/SDAIA within the required timeframe.
  • Incident records and remediation steps will be documented and audited.

13. Policy Updates

This Privacy Policy may be updated periodically. Significant changes will be communicated to registered users via email or dashboard notification.

14. Contact Us

For privacy-related questions or requests:

info@munjze.com