Privacy Policy
This Privacy Policy sets out the basis on which Mercury Payments Services LLC (“Mercury”, “we”, “us”, or “our”) collects, uses, shares, and otherwise processes Personal Data. By using our services, including websites, mobile applications, and related platforms, you consent to the collection, transfer, storage, and processing of Personal Data in accordance with this Privacy Policy.
Definitions
• “Card”: All types of payment instruments, physical or digital, processed through Mercury systems.
• “Mercury”: Refers to Mercury Payments Services LLC.
• “Services”: Acquiring and payment processing services provided by Mercury.
• “Personal Data”: Any information relating to an identified or identifiable individual.
• “End-Customer/Cardholder” refers to individuals whose payment transactions are processed by
Mercury.
Guiding Principles for Handling Personal Data
1. Fair and Transparent Use – All processing of Personal Data is carried out in compliance with
applicable laws and communicated in a clear and open manner to individuals.
2. Clear Purpose – Information is collected and used strictly for defined and legitimate business or
regulatory purposes, without deviation.
3. Limited Collection – Mercury only gathers information that is relevant and necessary to deliver
services, avoiding excessive or unnecessary data.
4. Retention with Justification – Personal Data is kept only for the period required by law,
regulation, or business need, after which it is securely disposed of.
5. Security and Confidential Handling – Data is safeguarded against unauthorized use, accidental
loss, or breaches through robust technical and organizational measures.
6. Accuracy and Relevance – Records are kept correct, current, and relevant to ensure decisions
based on the data are reliable.
7. Responsibility and Oversight – Mercury accepts full responsibility for adhering to these principles
and maintains controls, monitoring, and audit mechanisms to evidence compliance.
Personal Data
We Collect
To provide our services and meet regulatory obligations, Mercury may collect and process different
categories of Personal Data from merchants, cardholders, suppliers, partners, and prospective
employees. The type of information collected will depend on the nature of the relationship with
Mercury and the services being used.
The types of Personal Data that Mercury may collect and process include, but are not limited to:
• Contact Information – such as names, addresses, email addresses, and telephone numbers,
used for communication and to provide our services.
• Identity Information – details from official identification documents, which may be required to
verify identity and comply with legal or regulatory obligations.
• Business and Corporate Information – details relating to merchants or partners, such as
business licenses, registration details, ownership structures, and related records, collected as
part of our due diligence and onboarding processes.
• Transaction Information – details about payment transactions, including amounts, dates,
merchants, authorization records, and settlement information, required for processing and
recordkeeping.
• Technical and Usage Information – information automatically collected when interacting with
our systems, websites, or applications, such as device details, system logs, and browsing data,
used for security, fraud detection, and to improve services.
• Employment and Recruitment Information – information provided by job applicants or
employees, such as qualifications, work history, and references, for recruitment and human
resources purposes.
• Communications Data – records of correspondence with our teams, including service requests,
feedback, complaints, or call recordings, maintained for quality, training, and dispute
resolution.
– Aggregated or Anonymized Data – information that does not identify individuals and may be
used for research, analysis, reporting, product development, or service enhancement.
How We Use Personal Data
Mercury processes Personal Data for a range of operational, regulatory, and service-related purposes,
including:
Business and Compliance Needs – supporting day-to-day operations, transaction processing, risk
management, product development, marketing (where consent is given), and fulfilling legal,
regulatory, and law-enforcement obligations.
Technical Improvements – gathering technical and usage information (e.g., browser type, IP address,
pages visited) to optimize system performance, enhance user experience, and resolve technical or
compatibility issues.
Cookies and Tracking – applying cookies and similar technologies to understand user behaviour,
evaluate service effectiveness, and improve website functionality. You may disable cookies in your
browser settings, though this may limit certain features.
Analytics and Research – processing anonymised or aggregated data for reporting, research, product
development, and benchmarking. This type of data does not identify any individual.
Sharing of Personal Data
Mercury may share Personal Data with:
• Payment networks, settlement and issuing banks.
• Regulatory authorities (including CBUAE).
• Vendors and service providers (fraud detection, IT hosting, KYC validation).
• Auditors, consultants, and professional advisors.
• Third parties in potential business restructuring or acquisitions.
All third parties are subject to confidentiality and legal obligations.
Cross-Border Data Transfers
Personal Data may, in limited cases, be transferred or processed outside the UAE. Such transfers are
carried out in line with the UAE Personal Data Protection Law (PDPL) and CBUAE requirements,
including the RPSCS, ISR, and Outsourcing Regulation. Mercury also ensures that third parties handling
such data apply appropriate confidentiality, security, and protection measures.
Your Rights
You may have rights under UAE law, including:
• Access to your data.
• Correction of inaccuracies.
• Deletion in certain cases.
• Restriction or objection to processing.
• Data portability (where feasible).
• Withdrawal of consent for optional processing.
Requests should be submitted to legal.shukria@mercury-pay.com
How We Protect Your Personal Data
Mercury takes the security of your Personal Data seriously and applies physical, technical, and
administrative safeguards to protect it against loss, misuse, or unauthorised access. We follow
recognised industry standards, with controls aligned PCI-DSS, and our systems are subject to regular
independent assessments.
While no method of transmission or storage is completely secure, we use layered protections such as
firewalls, encryption, multi-factor authentication, and continuous monitoring to reduce risks and
safeguard the information we process.
Data Retention
Mercury will retain Personal Data for the longer of: (i) the period necessary to fulfil the purposes for
which it was collected, or (ii) the period required under applicable laws and regulations. Retention
periods may vary depending on the type of data and our legal, regulatory, contractual, and operational
obligations.
For example, compliance with Anti-Money Laundering (AML) and Know Your Customer (KYC)
requirements, business and operational needs, or contractual commitments may require us to retain
certain records for minimum of Five (5) years after the data was collected or after the end of a
merchant or customer relationship.
Data Breach Notification
In case of a data breach, Mercury will notify the UAE Data Office, CBUAE, and affected individuals where required by law.
Third-party websites
External links to third-party websites may appear on our Platforms. Please be aware that our Privacy
Notice does not govern your use of any third-party site. We accept no responsibility for the privacy
practices of websites not managed by Mercury Group entities and recommend reviewing the privacy
policies of each third-party website you visit.
Changes to this Privacy Policy
This Policy may be updated periodically. Updates will be published on our website with the effective
date. Continued use of our services indicates acceptance of updates.
Contact Us
If you have questions, concerns, or would like to exercise your privacy rights, please contact:
Privacy Office – Mercury Payments Services LLC
Email: legal.shukria@mercury-pay.com