Privacy Notice

SUMU Open Banking Provider · Open Banking · Oman

Last updated: February 2025

1. Who We Are

SUMU acts as a Third Party Provider (Open Banking Provider) in open banking. This notice explains how we collect, use, and protect your personal and financial data when you use our services, including when you give consent (e.g. for payments or account information) and when you sign up as a merchant.

2. Data We Collect

  • When you consent (PIS, AIS, subscription, payroll): We receive from your bank the data needed to perform the service—e.g. account identifiers, balances, transaction details (for AIS), and payment status (for PIS). We also process the fact that you gave consent, when, and for which merchant or flow.
  • When you sign up as a merchant: Contact details (email, phone, country), company/business name, password (stored securely), and any information you provide during onboarding (e.g. verification details).
  • When you use our portals: Logs of use (e.g. IP address, timestamps, actions) and any data you enter in forms or requests.

3. How We Use Your Data

We use your data to:

  • Provide Open Banking services (initiate payments, request account information, manage recurring mandates or payroll flows) in line with your consent.
  • Operate and secure your merchant account and our systems.
  • Comply with legal and regulatory obligations (e.g. anti‑money laundering, open banking rules).
  • Improve our services and resolve support issues.

4. Sharing Your Data

We may share data:

  • With your bank: To request account information or initiate payments, as authorised by your consent.
  • With merchants / requesting parties: Only the data necessary for the service (e.g. payment status, account or transaction data you have consented to share).
  • With regulators or law enforcement: When required by law.
  • With service providers: Who help us run our systems, under strict confidentiality and data protection obligations.

We do not sell your personal or financial data.

5. Retention

We keep your data only as long as needed for the purposes above, including legal and regulatory requirements. Consent and transaction records may be retained for a period required by regulation; after that, we delete or anonymise data where possible.

6. Your Rights

Depending on applicable law, you may have the right to access, correct, delete, or restrict use of your data, or to object to processing. You can revoke consent for future access via your bank or, where offered, through SUMU or the merchant. To exercise your rights, contact us using the details in the Contact section.

7. Security

We use technical and organisational measures to protect your data (e.g. encryption, access controls, secure development). We do not have access to your bank login credentials; you authenticate only with your bank.

8. Cookies and Similar Technologies

We may use cookies and similar technologies to operate our portals (e.g. session management, security). Where we use non-essential cookies, we will describe them and, where required, obtain your consent.

9. Changes

We may update this notice. The “Last updated” date at the top will change. We encourage you to review it periodically. Continued use of our services after changes constitutes acceptance of the updated notice where permitted by law.

10. Contact

For privacy questions or to exercise your rights: contact SUMU (e.g. via the merchant portal or the contact details published on our site).

Terms of Service