This Data Protection Addendum (“DPA”), governs the transfer, collection and processing of Personal Data (as defined below), pursuant to the MOMKN PAYMENTS Merchant Terms and Conditions applicable to you (“Terms”), governing the use of MOMKN PAYMENTS Services, Merchant Application and MOMKN Payments Platform, by any Merchant (“Merchant”). Each of MOMKN PAYMENTS and Merchant shall be referred to as a “Party” and collectively the “Parties”. Any capitalized terms not defined herein shall have the meaning ascribed to such terms in the Terms

1. Definitions

  • The terms “Personal Data”, “Processor”, “Controller”, “processing”, and “Special Categories of Personal Data”, shall have the meaning ascribed to such terms in the General Data Protection Regulation (GDPR)
  • Merchant’s Customers” means customers, clients, end-users, and/or consumers of the Merchant’s products and/or services, which may use the MOMKN Payments installments services in connection with the purchase of Merchant’s products and/or services
  • Merchant’s Users” ascribes to any natural persons using the MOMKN Payments Services, MOMKN Payments Application and MOMKN Payments Platform on behalf or under authorization of the Merchant, including employees, consultants, and service providers
  • Data” means Personal Data and Non-Personal Data.
  • Data Subject(s)” means natural persons whose Data is processed by Merchant in connection with the MOMKN Payments Services, or disclosed to MOMKN PAYMENTS by Merchant pursuant to this DPA and the Terms, including without limitation, Merchant’s Customers and Merchant’s Users.
  • “GDPR” means Regulation (EU) 2016/679, of the European Parliament and of the Council of 27 April, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  • “Non-Personal Data” means any data or information of any kind relating to Data Subjects which is not Personal Data.
  • “Sub-Processors” shall have the meaning set forth in Section 8.
  • “Sub-Processor Notice” shall have the meaning set forth in Section 8.

2. Data Processing

  • In rendering the MOMKN Payments Services to Merchant, the following Personal Data may be processed by MOMKN Payments on behalf of the Merchant
    • Personal Data disclosed from time to time by Merchant to MOMKN PAYMENTS, concerning Merchant, Merchant’s Customers or Merchant’s Users;
    • Personal Data processed by MOMKN Payments on behalf of Merchant in connection with providing MOMKN Payments Services to Merchant, whether shared with MOMKN Payments by Merchant or collected independently by MOMKN Payments from Data Subjects or third parties
  • In connection with any and all processing of Personal Data in the framework of provision of the MOMKN Payments Services to the Merchant, the Parties agree and acknowledge that Merchant shall be regarded as a Controller of such Personal Data, and MOMKN Payments shall be regarded as a Processor of such Personal Data.
  • MOMKN PAYMENTS will Process on behalf of Merchant Personal Data as specified in Appendix A attached hereto
  • MOMKN PAYMENTS will Process Personal Data for the following purposes:
    • The provision of the MOMKN Payments Services to Merchant, including support and maintenance services
    • the provision of payment installments services to Merchant’s Customers under the written instruction of Merchant. For the avoidance of doubt, Merchant’s acceptance of the Terms constitutes Merchant’s explicit written instruction to MOMKN Payments to process Personal Data pursuant to this DPA;
    • To contact Merchant in connection with the MOMKN Payments Services, notifications, programs or offerings;
    • To send updates, promotional materials and newsletters to Merchant. Merchant may choose to opt-out and to not receive these communications by sending MOMKN Payments a notice to: support@momkn.sa
    • To identify and authenticate Merchant’s or Merchant’s Users’ access to parts of the Services, MOMKN Payments Application or MOMKN Payments Platform, that Merchant or Merchant’s Users’ are authorized to access
    • To provide Merchant’s Users and Merchant’s Customers, with support in connection with the MOMKN Payments Services;
    • To protect the security or integrity of MOMKN Payments databases or the MOMKN Payments Services, to take precautions against legal liability, and to analyze and improve the MOMKN Payments Services
    • As necessary, to help detect and prevent potentially illegal acts and fraud.
    • As otherwise required and appropriate for the fulfilment of the Terms and exercising MOMKN Payments’ rights and obligations thereunder, provided such processing is permitted under applicable laws

3. Representations and Undertakings of MOMKN Payments

  • MOMKN Payments shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks associated with accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
  • MOMKN Payments shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks associated with accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
  • MOMKN Payments’ employees, authorized by MOMKN Payments to process Personal Data on behalf of Merchant, are committed to customary confidentiality undertakings, or are otherwise under appropriate statutory obligations of confidentiality.
  • MOMKN Payments shall only Process Personal Data on behalf of Merchant and pursuant to the instructions as set forth herein, pursuant to the Terms, or otherwise agreed to between the Parties in writing.
  • At the choice of the Merchant, MOMKN Payments will delete or return to the Merchant Personal Data which is processed by MOMKN Payments on behalf of the Merchant under this DPA after the termination or expiration of the Terms and Merchant’s engagement with MOMKN Payments, and shall delete any existing copies unless permitted to retain such data under applicable law.
  • Merchant shall be liable to comply with obligations in connection with the rights and freedom of Data Subjects, including Merchant’s Users and Merchant’s Customers, pursuant to applicable laws
  • Without derogating from the above, MOMKN Payments shall notify Merchant upon receiving any request from a Data Subject, and shall make reasonable commercial efforts to assist the Merchant by appropriate technical and organizational measures, insofar as possible, for the fulfilment of the Merchant’s obligations to respond to requests for exercising the Data Subjects’ rights pursuant to applicable laws and the Terms.

4. Representations and Undertakings of Merchant

  • Merchant undertakes that Merchant shall Process Personal Data only as lawful and compliant with applicable law including, if applicable, the GDPR, and that Merchant shall be responsible to implement measures ensuring and demonstrating such compliance
  • Merchant’s use of the MOMKN Payments Services must comply with all applicable laws, including laws relating to spam or unsolicited commercial emails, privacy, security, obscenity, defamation, child protection, and other applicable laws.
  • Merchant acknowledges that it is aware that MOMKN Payments may not have any direct interaction with the Data Subjects, and therefore, is unable to inform them of relevant information in connection with the processing of their Personal Data, or obtain Merchant’s Customers’ consent to such processing by MOMKN Payments. In light of the above, Merchant agrees that it is responsible to inform Merchant’s Users and Merchant’s Customers, clearly and explicitly, of the processing of their Personal Data, including by MOMKN Payments, pursuant to and in accordance with Merchant’s engagement with MOMKN Payments. Merchant further represents that Merchant has all required authorizations to disclose, share or provide otherwise Personal Data to MOMKN Payments pursuant to this DPA and the Terms. In the event consent is required under applicable law including the GDPR, the Merchant shall: (i) ensure that it obtains consent from Data Subjects and displays all necessary and applicable notices in accordance with the applicable law; (ii) maintain a record of all consents obtained from Data Subject; and (iii) maintain a record of the withdrawals of consent by Data Subjects.
  • Merchant shall not upload, Process, transfer, disclose or otherwise make available to MOMKN Payments any Personal Data included in Special Categories of Personal Data. If Merchant, in contradiction to Merchant’s undertaking herein, transfers or discloses to MOMKN Payments any Personal Data included in Special Categories of Personal Data, Merchant hereby represents that Merchant has any and all required authorizations, including Data Subjects’ explicit consent, for the transfer of such data to MOMKN Payments

5. Merchant’s Instructions

  • Merchant hereby instructs MOMKN Payments to Process, on behalf of Merchant, Personal Data, uploaded, transferred or disclosed to MOMKN Payments by Merchant or otherwise in connection with the MOMKN Payments Services to Merchant and Merchant’s Customers, for the purposes and in accordance with the terms specified herein and in the Terms
  • In the event Merchant wishes to instruct MOMKN Payments to Process Personal Data other than as specified in this DPA and the Terms (“New Instructions”), Merchant shall provide MOMKN Payments with prior written notification containing the New Instructions. New Instructions shall be in force after approval in writing by MOMKN Payments
  • Notwithstanding the above, MOMKN Payments will not be obligated to perform any instruction or Processing, which, in MOMKN Payments’ reasonable determination, is in violation of applicable law, and MOMKN Payments shall notify Merchant without delay regarding such determination.

6. Audits and Reports

  • Upon Merchant’s reasonable request, MOMKN Payments will provide Merchant with relevant documentation or records (which may redacted to remove confidential commercial information not relevant to this DPA) which will enable it to verify and monitor MOMKN Payments compliance with its data protection and security obligations under the terms of this DPA, not less than thirty (30) days of receipt of such request
  • MOMKN Payments shall notify Merchant in writing upon an event of data breach that affected Merchant’s Personal Data, and/or as otherwise required under applicable law.
  • MOMKN Payments may disclose Data to law enforcement, regulatory or other government agencies, or third parties, if it reasonably believes that such disclosure is necessary to comply with a judicial proceeding, court order, or a legal process applicable to MOMKN Payments. However MOMKN Payments shall notify Merchant in writing regarding any legally binding request for disclosure of Personal Data by a law enforcement authority, unless otherwise prohibited by applicable law

7. Personal Data and Non-Personal Data

  • MOMKN Payments only collects Personal Data regarding its Merchants and Merchant’s Users which the Merchant has voluntarily provided to it by engaging with the Company for the provision of the MOMKN Payments Services. Merchant is not required by any law to provide MOMKN Payments with any Personal Data regarding Merchant’s Users or other Data Subjects
  • MOMKN Payments logs domains and IP addresses automatically; this information identifies the device that is being used to access MOMKN Payments Services.
  • MOMKN Payments also uses cookies, web beacons or similar technologies to gather Data. Merchant hereby explicitly authorizes MOMKN Payments to use cookies and similar technologies in connection with the provision of the MOMKN Payments Services, and represents that Merchant has all requisite rights to grant such authorization to MOMKN Payments
  • With respect of Non-Personal Data, Merchant agrees that MOMKN Payments has unlimited rights to such information and that MOMKN Payments may use such information without limitation. Such information shall be deemed non-confidential
  • Non-Personal Data is collected and processed mainly for analysis in order to constantly improve and maintain MOMKN Payments Services. This is to ensure the technical functioning of the MOMKN
  • Non-Personal Data is collected and processed mainly for analysis in order to constantly improve and maintain MOMKN Payments Services. This is to ensure the technical functioning of the MOMKNPayments Services, to help prevent fraudulent use of the MOMKN Payments Services, Platform and Application, and for developing new services and applications
  • MOMKN Payments may share non-personal, aggregate data regarding MOMKN Payments Services usage with its affiliates, partners and advertisers. From time to time, MOMKN Payments may release Non-Personal Data in the aggregate, e.g., by publishing a report on trends in MOMKN Payments Services and products usage
  • Merchant is entitled to review its Personal Data, and may exercise such right by logging into its account on the MOMKN Payments Application and/or Platform, or by sending MOMKN Payments a requestat: support@momkn.sa. In the event that any Personal Data is incorrect or outdated, Merchant may update and correct such data by providing MOMKN Payments with the relevant information
  • Merchant may also be entitled to request the erasure or the restriction of certain Personal Data and MOMKN Payments will comply with such requests, to the extent required under applicable law.
  • MOMKN Payments retains Personal Data for the duration necessary in order to: (i) fulfill the purposes of Processing as described herein, and (ii) defend or assert legal claims and liability, or as otherwise permitted under applicable law.

8. Sub-processing

  • Merchant acknowledges that MOMKN Payments may transfer Personal Data to and otherwise interact with third party data processors (“Sub-Processor”) with respect to the MOMKN Payments Services, for the following purposes:
    • Third parties which assist MOMKN Payments in operating the Services
    • Personalizing the experience of Merchant’s Customers;
    • As necessary, to help detect and prevent potentially illegal acts and fraud, and to guide decisions about the products, services and communications;
    • Credit bureaus and collection agencies to report account information, as permitted by law.
  • Merchant hereby, authorizes the MOMKN Payments to engage and appoint such Sub-Processors to Process Personal Data, as well as permits each Sub-Processor to appoint a Sub-Processor on its behalf. MOMKN Payments may continue its engagement with its current Sub-Processors as of the date of this DPA.
  • Merchant hereby acknowledges and confirms that in the event that Merchant’s use of the MOMKN Payments Services shall include a fraud detection feature, the Merchant will provide MOMKN Payments or any Sub-Processor on MOMKN Payment’s behalf, with Personal Data concerning transactions made prior to the engagement between Merchant and MOMKN Payments, for the purpose of enabling the fraud detection services. Merchant represents and warrants that Merchant has all required authorizations to disclose, share or provide otherwise Personal Data regarding Data Subjects to MOMKN Payments pursuant to this DPA and the Terms
  • In the event that MOMKN Payments shall appoint a new Sub-Processor, it shall provide a written notice, whether by general or specific reference to such Sub-Processor (e.g., by name or type of service), including relevant details of the Processing to be undertaken by the new Sub-Processor (the “Sub-Processor Notice”). MOMKN Payments will enter into separate contractual arrangements with such Sub-Processors binding them to comply with obligations in accordance with this DPA.
  • Notwithstanding the above, Merchant may object to the appointment of the new Sub-Processor, as follows: (i) Merchant shall provide the MOMKN Payments with prior written notice no later than 7 days following the receipt of the Sub-Processor Notice, detailing its objection, based on reasonable grounds, to the appointment of the new Sub-Processor; (ii) MOMKN Payments shall take reasonable steps to address the objections raised by Merchant and shall report these steps in writing to the Merchant; and (iii) Within 3 days of receipt of the MOMKN Payment’s notice regarding the steps taken, the Merchant may notify MOMKN Payments that it does not find such steps to be sufficient to settle its objections. In the event that the Merchant does not provide such notification, it will constitute as its approval of the Sub-Processor. In the event that the Merchant further objects, each party may terminate the relationship upon a written notification effective immediately, without liability.
  • International Transfers of Data8.6. Merchant acknowledges that MOMKN Payments is an international corporation, and that Personal Data may be transferred to a country other than the country where Data Subjects are located in connection with the provision of MOMKN Payments’ Services to Merchant and Merchant’s users.
  • In the event MOMKN Payments transfers Personal Data across international borders, the Company will use appropriate safeguards to ensure a level of security appropriate to the risks from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the Personal Data transferred.
  • Unless Merchant notifies MOMKN Payments in writing that the transfer of Personal Data is prohibited, any such transfer shall be regarded as permitted explicitly by the Merchant.

9. Liability and Indemnification

  • The Merchant will defend, indemnify, and hold harmless MOMKN Payments, and its officers, directors, employees, successors, and agents, from all claims, damages, liabilities, assessments, losses, costs, administrative fines and other expenses (including, without limitation, reasonable attorneys’ fees and legal expenses), arising out of or resulting from any claim, allegation, demand, suit, action, order or any other proceeding by a third party (including supervisory authorities) that arises out of, or relates to a violation of the Merchant’s representations and/or obligations under this DPA and/or the Terms.

10. Term

  • The term of this Notice shall continue until termination or expiration of the Terms or Merchant’s engagement with MOMKN Payments

11. General Terms

  • In the event of inconsistencies between the provisions of this Notice and the Terms, the provisions of this Notice shall prevail with regard to the Parties’ data protection and privacy protection obligations.
  • The waiver by either Party of a breach of any of the terms and conditions of this Notice must be in writing and will not be construed as a waiver of any subsequent breach of such term or condition or the waiver of the provision itself. A Party’s performance after the other Party’s breach shall not be construed as a waiver of that breach.
  • Neither party shall assign this Notice (or any part thereof) without the advance written consent of the other Party, except that MOMKN PAYMENTS may assign this Notice in connection with a merger, reorganization, acquisition or other transfer of all or substantially all of its assets or voting securities.
  • If any provision of this Notice shall be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited to the minimum extent necessary so that this Notice shall otherwise remain in effect.
  • This Notice shall be governed by and construed in accordance with the same laws the Terms[H1] . Any claim under this Notice may be solely brought to the competent courts as specified in the Terms.
  • MOMKN PAYMENTS may amend this Notice from time to time, and make the amended Notice available to Merchant.

12. Appendix A: Details of Processing of Personal Data

  • Subject matter and duration of the Processing of Personal Data
    The subject matter and duration of the Processing of the Personal Data are set out in the Terms and the DPA.
  • The nature and purpose of the Processing of Personal Data
    MOMKN Payments is engaged to provide Merchant with services which involve the processing of Personal Data. The scope of the services is set out in the Terms, and the Personal Data will be processed by MOMKN Payments to deliver those Services to Merchant and to comply with the Terms and the DPA.
  • The types of Personal Data to be processed
    Merchant’s Users contact information, such as name, email, phone number, etc.
    Merchant’s Users IP addresses, device identifiers.
    Merchant’s Customers’:

    • Contact information: full name, phone number, address (including address type) and account details.
    • IP addresses, device identifiers, order ID, order type, user agent, and connection information.
    • Card Data which include, inter alia: amount, currency, credit card details (name on the card, bin, last four digits, expiration date, verification results, card type, country of issuance, card brand, etc.), number of installments.
    • Transaction details: primary delivery details, delivery type, account owner details (such as full name, email address).
    • Additional identifiers: merchant ID, merchant category
  • The categories of Data Subject to whom the Personal Data relates
    Merchant’s Customers.
    Merchant’s Users.
  • The obligations and rights of MOMKN Payments
    The obligations and rights of MOMKN Payments are set out in the Terms and the DPA.
  • The processing operations carried out in relation to the Personal Data
    Collection, recording, hosting, organizing, adapting, analyzing, retrieving, sharing with Sub-Processors, structuring, storing, deleting, in each case for the purposes of providing services to Merchant and Merchant’s Customers, the scope of which are set out in the Terms and the DPA.

13. Appendix B: Sub-Processors

  • Fraud Detection Service Provider: BenchMatrix
  • Cloud Services: Cloud4C
  • Clearing Service Providers
  • Card and Fintech acquires, card processors and card networks, including, but not limited to, mada, American Express, Visa, Mastercard, StcPay, Bayanpay and Paypal.