Privacy Policy
Controller Details
Company: Oliver Business Development LLC (Trading as Uptex Bank)
Contact Email: legal@uptex.com
Scope of Processing
This policy applies to personal data collected from users joining our waitlist via our website or mobile app.
Lawful Basis & Consent
We collect and process your personal data (e.g., name, email) only after obtaining explicit written or electronic consent, in compliance with PDPL requirements. You can withdraw consent at any time by unsubscribing via email.
Purpose of Data Processing
We process your data for:
Managing the waitlist
Communicating updates and launch information
Gearing up for onboarding once services are live
We collect only the minimum personal data needed to fulfil these aims.
Types of Data Collected
Contact Information: Name, email address
This data is collected directly when you sign up for the waitlist.
Data Sharing & Transfers
Your data will not be shared with third parties—except:
Service providers (e.g. email, IT support) acting as processors under strict PDPL-compliant contracts.
If necessary, we may transfer data outside Oman—but only with your explicit consent and measures ensuring equivalent protection (per PDPL cross-border transfer rules).
Data Retention
We retain your data for as long as you remain on the waitlist, plus up to 2 years or until you withdraw your consent. Afterward, data is securely deleted or anonymized.
Your Rights under PDPL
You have the right to:
Access your personal data
Correct/update data
Withdraw consent
Request deletion or blocking
Port your data to another provider
Be notified of data breaches affecting your rights
Requests are handled within 45 days, per Executive Regulations. Contact our DPO at the email above to exercise these rights.
Security Measures
We employ appropriate organizational and technical measures (e.g., encryption, access controls, backups) to ensure confidentiality, integrity, and availability of your data—aligned with PDPL and best practices like ISO 27001.
Data Breach Notification
If a breach risks violating your rights or causes serious harm, we will notify both:
The Ministry of Transport, Communications & Information Technology (MTCIT), and
Affected data subjects, Within 72 hours of becoming aware, as per PDPL requirements.
Processing Record
We maintain an internal Record of Processing Activities (ROPA) documenting how personal data is processed, stored, and for how long ready for audit by the Ministry if needed.
External Audit
As required under PDPL, we will appoint an independent external auditor (approved by the Ministry) to assess our compliance with data protection obligations.
Updates to This Policy
This policy may be updated to reflect regulatory changes or service enhancements. Material updates will be notified via email, and revisions will be effective immediately upon posting.
Governing Law
This policy is governed by the Sultanate of Oman’s Personal Data Protection Law (PDPL) and its Executive Regulations.