Privacy Policy for BAS FAST

Last updated: 01.05.2026

Legal and Operational Notice

BAS FAST is operated locally by BAS FAST Company under the applicable authorization framework in North and East Syria.

Emitis Group Ltd, United Kingdom, acts as the authorized app publisher, technology provider, software provider, and/or brand licensor for the BAS FAST application.

Emitis Group Ltd does not provide regulated financial services, banking services, electronic money services, money transmission services, or payment services in the United Kingdom, European Union, or United States through the BAS FAST application.

All financial wallet services, local payment services, cash-in and cash-out services, agent services, KYC procedures, customer support, and operational financial activities made available through BAS FAST are provided within the applicable local authorization and operational framework in North and East Syria, and not as regulated financial services offered by Emitis Group Ltd in the United Kingdom, European Union, or United States.

 1. Introduction

BAS FAST respects the privacy of its users and is committed to protecting their personal and financial data when using the BAS FAST application, website, electronic wallet, payment services, transfers, QR code payments, cash-in and cash-out services, agent services, merchant services, and related support services.

BAS FAST is an electronic wallet and digital payment service owned and operated by Emitis Group Ltd. BAS FAST provides its services in accordance with the operational licenses and approvals issued by the competent authorities in North and East Syria, and in accordance with the terms and policies approved for the service.

This Policy explains how personal data, financial data, and verification data relating to users are collected, used, stored, processed, shared, and protected. It also explains users’ rights and the options available to them regarding their data.

Because BAS FAST provides electronic financial services, the processing of certain data is not limited to account operation purposes only, but also includes identity verification, account protection, transaction execution, fraud prevention, anti-money laundering and counter-terrorist financing compliance, compliance with legal and regulatory requirements, and protection of the safety of the platform and its users.

By using BAS FAST services, creating an account, executing any transaction, or providing any personal or financial data, you acknowledge that you have read and understood this Policy and agree to the processing of your data in accordance with it, unless the law requires separate or explicit consent in specific cases.

2. Scope of this Policy

This Policy applies to all BAS FAST services, including:

• The BAS FAST mobile application.

• The official website.

• Electronic wallet services.

• Internal transfer services.

• QR code payment services.

• Cash-in and cash-out services.

• Bill payment services, if available.

• Authorized agent services.

• Merchant and business services.

• Technical support and customer service.

• Any dashboard, interface, digital service, or operational service connected to BAS FAST.

This Policy does not apply to external websites, applications, or services that are not owned or operated by BAS FAST, even if they are accessed through a link within the application or website.

3. Definitions

For the purposes of this Policy, the following terms shall have the meanings set out below:

• BAS FAST: The BAS FAST platform, its electronic wallet, and its financial, technical, and operational services, as well as the owner or operator of such services, as applicable.

• The Company: Emitis Group Ltd, in its capacity as the owner, operator, or supporting entity of the BAS FAST service, or any related legal entity that may later be approved to operate the service.

• The Service: All services provided by BAS FAST through the application, website, agents, or official channels.

• User: Any natural or legal person who uses or attempts to use BAS FAST services.

• Account: The electronic account created in the user’s name within the platform.

• Wallet: The electronic financial account through which balances are held and transactions are carried out.

• Transaction: Any financial or operational process carried out through BAS FAST, such as transfer, payment, cash-in, cash-out, settlement, refund, freezing, or review.

• Agent: Any person, center, or entity authorized by BAS FAST to provide specific services such as cash-in, cash-out, verification, or customer service.

• Merchant: Any person, company, or entity that accepts payment through BAS FAST in exchange for goods or services.

• Personal Data: Any information that identifies a user or may lead to the identification of a user, directly or indirectly.

• Financial Data: Any data relating to balance, transactions, fees, transfers, payments, settlements, cash-out, cash-in, or financial activity history.

• KYC Data: Data, documents, and information required to verify the user’s identity in accordance with “Know Your Customer” procedures.

• Sensitive Data: Data whose disclosure or misuse may cause greater harm, such as identity data, documents, photos, financial data, verification data, login data, or security data.

• Service Provider: Any external party that assists BAS FAST in operating, protecting, or improving the service, such as hosting, messaging, verification, analytics, support, cybersecurity, or transaction processing providers.

4. Data Collected by BAS FAST

BAS FAST may collect different types of data depending on the type of account, level of verification, nature of the service, region, risk level, and legal or operational requirements.

4.1 Registration and Account Creation Data

This may include:

• Full name.

• Phone number.

• Email address, if available.

• Date of birth.

• Address, area, city, or governorate.

• Occupation or nature of activity.

• Account type: individual, merchant, company, agent, or otherwise.

• Username, account number, or wallet number.

• Password or PIN in a protected, encrypted, or hashed form.

• Language preferences and account settings.

• Any other data required to create or operate the account.

4.2 Identity Verification Data KYC

Because BAS FAST operates as an electronic wallet and financial service, we may request data and documents to verify the user’s identity, such as:

• A regular personal photo of the user.

• A copy of the personal identity card, passport, or approved identification document.

• Document number.

• Document issue date and expiry date, if applicable.

• Issuing authority of the document.

• Information about the source of funds or purpose of using the account, when required.

• Additional data for risk assessment, compliance, or fraud prevention.

• Beneficial owner information or authorized signatory information for company and merchant accounts.

BAS FAST does not currently use biometric facial recognition technologies, does not create biometric templates, and does not use automated face matching, unless this is expressly disclosed in a later update to this Policy.

BAS FAST may refuse to open an account, restrict it, or suspend it if the required verification data is not provided, or if the data is incorrect, incomplete, inconsistent, or unreliable.

4.3 Financial Data and Transaction Data

BAS FAST may collect and retain data related to financial transactions, including:

• Transaction number or reference number.

• Transaction type.

• Transaction amount.

• Currency used.

• Fees or commissions.

• Date and time of the transaction.

• Transaction status: successful, rejected, pending, under review, cancelled, or frozen.

• Sender and recipient data.

• Agent, merchant, or beneficiary data, where applicable.

• Balance data before and after the transaction, where required for accounting and auditing.

• Purpose or description of the transaction, if required.

• Settlement, reconciliation, and internal review records.

• Dispute, error, or objection records related to the transaction.

4.4 Device and Usage Data

When using the application or website, we may automatically collect technical and operational data, such as:

• Device type.

• Operating system and version.

• Browser type.

• IP address.

• Device or application identifiers.

• Language and time zone.

• Date and time of access.

• Active sessions.

• Successful or failed login attempts.

• Pages or screens used.

• Technical errors and crash logs.

• Performance and stability data.

• Security-related activity, such as changes to password, PIN, phone number, or device.

4.5 Geolocation Data

BAS FAST may collect geolocation data or approximate location data when needed for purposes such as:

• Identifying the nearest agent.

• Protecting the account.

• Preventing fraud.

• Verifying unusual transactions.

• Improving the service.

• Complying with operational or regulatory requirements.

The user may disable location permission through the device settings, but doing so may disable certain features that depend on location.

4.6 Camera, Photos, and Files Data

The application may request permission to access the camera, photos, or files in specific cases, such as:

• Capturing identity documents.

• Taking a regular personal photo for verification.

• Scanning a QR code.

• Uploading documents required for the account.

• Sending attachments for support or complaints.

• Documenting a request or procedure related to the service.

BAS FAST does not use the camera, photos, or files except for purposes related to the service and according to the permissions granted by the user.

4.7 Support and Complaints Data

When contacting support or submitting a complaint, we may collect:

• User name and account data.

• Phone number or email address.

• Details of the request or complaint.

• Transaction number subject to objection.

• Attachments or photos provided by the user.

• Conversation or correspondence records.

• Outcome of the processing or decision taken.

• Verification data required to confirm the identity of the request owner.

4.8 Marketing and Notification Data

We may collect data related to communication with the user, such as:

• The user’s consent or refusal to receive marketing messages.

• Records of notifications sent.

• User interaction with messages or offers.

• Preferred communication channels.

The user may unsubscribe from marketing messages when available. However, security messages, verification codes, transaction notifications, and necessary alerts cannot be fully disabled because they are an essential part of operating the service and protecting the account.

5. Sources of Data

BAS FAST may obtain data from:

• The user directly when registering or using the service.

• The application or website during use.

• Authorized agents when providing cash-in, cash-out, or verification services.

• Merchants or beneficiaries when executing payments.

• Messaging, verification, security, hosting, or support service providers.

• Fraud and risk monitoring systems.

• Legal, regulatory, or governmental authorities where there is a legitimate basis.

• Documents or information provided by the user, legal representative, or authorized representative.

6. Purposes of Data Use

BAS FAST uses data for the following purposes:

6.1 Account Creation and Operation

• Opening the account.

• Managing the wallet.

• Enabling login.

• Verifying the user’s identity.

• Activating or restricting services.

• Managing account limits.

• Updating user data.

• Sending necessary alerts.

6.2 Execution of Financial Services

• Executing transfers.

• Processing payments.

• Executing cash-in and cash-out transactions.

• Executing QR payments.

• Processing bill payments.

• Sending transaction notifications.

• Issuing records and receipts.

• Settling transactions between users, agents, merchants, and the Company.

• Reviewing disputed or erroneous transactions.

6.3 Verification, Compliance, and AML/CFT

BAS FAST uses data to:

• Verify the user’s identity.

• Apply KYC, CDD, and EDD procedures when required.

• Understand the nature of account use.

• Identify the beneficial owner in company and merchant accounts.

• Monitor unusual activities.

• Prevent fake or impersonated accounts.

• Combat money laundering and terrorist financing.

• Combat fraud and misuse.

• Respond to legal or regulatory requests.

• Maintain records required for compliance and auditing.

• Suspend, reject, or restrict transactions where risk indicators exist.

6.4 Protection of the Account and Platform

We use data to:

• Detect unauthorized login attempts.

• Prevent hacking or misuse.

• Verify devices and sessions.

• Send OTP or additional verification methods.

• Monitor suspicious activities.

• Investigate security reports.

• Protect users, agents, merchants, and the platform.

6.5 Support and Complaint Resolution

We use data to:

• Respond to user inquiries.

• Process complaints.

• Review errors or disputes.

• Verify the identity of the request submitter.

• Monitor service quality.

• Maintain a clear record of decisions and actions.

6.6 Service Improvement and Analytics

BAS FAST may use usage and analytics data to:

• Improve application performance.

• Fix errors.

• Develop the user experience.

• Understand the most frequently used services.

• Improve stability and security.

• Develop new services.

• Prepare internal statistics, preferably in aggregated or anonymized form whenever possible.

6.7 Communication with the User

BAS FAST may use contact data to:

• Send verification codes.

• Send transaction notifications.

• Send security alerts.

• Inform the user of account updates.

• Inform the user of policy changes.

• Respond to support requests.

• Send offers or informational messages when permitted.

7. OTP Verification Codes and Communication Channels

BAS FAST may use different verification and communication channels to send OTP verification codes, security notifications, account alerts, or messages necessary to operate the service and protect the user.

These channels include:

• WhatsApp.

• Email.

• Application notifications.

• Any other official channel that BAS FAST may later approve.

When using WhatsApp, email, or any external provider to send verification codes or necessary messages, the phone number, email address, message content, or certain technical data related to delivery may be processed by these service providers, to the extent necessary to provide the service and protect the account.

The user must not share OTP codes, verification codes, login links, or any authentication method with any person, including agents, support staff, or any party claiming to represent BAS FAST.

8. Legal or Operational Basis for Data Processing

Depending on the applicable laws and regulations, BAS FAST may rely on one or more of the following bases for processing data:

• Performing the contractual relationship with the user.

• Providing the service and operating the account.

• Executing financial transactions.

• Complying with legal, regulatory, or supervisory obligations.

• Protecting the legitimate interests of BAS FAST, such as security, fraud prevention, service improvement, and system protection.

• User consent in cases where explicit consent is required.

• Protecting and defending legal rights.

• Cooperating with competent authorities where there is a legitimate basis.

9. Sharing Data with Other Parties

BAS FAST does not sell users’ personal or financial data.

However, BAS FAST may share or provide access to certain data where necessary and to the extent required with the following parties:

9.1 Affiliated, Owning, or Related Companies

Certain data may be shared with Emitis Group or any company affiliated with, related to, operating, or supporting BAS FAST, for purposes of operation, management, compliance, support, security, audit, or service development.

9.2 Technical and Operational Service Providers

BAS FAST may use external service providers to operate, protect, and improve the service, such as:

• Cloud hosting and technical infrastructure providers.

• OTP messaging providers.

• WhatsApp service providers.

• Email service providers.

• Operational analytics providers.

• Crash monitoring providers.

• Cybersecurity providers.

• Backup service providers.

• Customer service providers.

• Compliance and verification tool providers, when needed.

BAS FAST is responsible for selecting appropriate service providers and taking reasonable measures to ensure that data is used only for the specified purposes and to the extent necessary to provide the service.

BAS FAST is not required to mention the name of every service provider in this Policy unless legally, regulatorily, or operationally required. A list of service providers may be published or updated separately if BAS FAST considers it necessary.

9.3 Authorized Agents

Agents may receive only the data necessary to provide the authorized services, such as:

• Verifying the account holder.

• Executing cash-in transactions.

• Executing cash-out transactions.

• Confirming a financial transaction.

• Providing support or assistance.

• Reviewing a transaction within the limits of their permissions.

Agents may not use user data for any personal purpose or outside the scope of the service.

9.4 Merchants and Beneficiaries

When paying a merchant or service provider through BAS FAST, limited data necessary to complete the transaction may be shared, such as:

• User name or account number, where required.

• Transaction number.

• Transaction amount.

• Payment status.

• Date and time of the transaction.

• Settlement data.

• Any information necessary to evidence or execute the transaction.

BAS FAST is not responsible for the privacy practices of the merchant outside the scope of the payment transaction conducted through the platform.

9.5 Legal, Regulatory, and Competent Authorities

BAS FAST may disclose data when required or legally permitted, such as to:

• Comply with a legal or regulatory request.

• Respond to a judicial, regulatory, or competent authority.

• Combat fraud.

• Combat money laundering and terrorist financing.

• Protect the rights of BAS FAST, users, or third parties.

• Investigate unlawful or suspicious activity.

• Protect the security of the platform or financial system.

In certain cases, BAS FAST may be unable to notify the user due to legal or regulatory restrictions, investigation requirements, or non-disclosure obligations.

9.6 Advisors, Auditors, and Reviewers

Limited data may be shared with:

• Lawyers.

• Auditors.

• Financial advisors.

• Technical consultants.

• Compliance teams.

• Review or investigation service providers.

This may occur where necessary to protect rights, conduct audits, ensure compliance, resolve disputes, or improve systems.

9.7 Merger or Restructuring Cases

If BAS FAST or Emitis Group Ltd enters into a merger, sale, restructuring, asset transfer, or change in ownership or operation, certain data may be transferred as part of that process, while taking appropriate measures to protect the data and notify users where required.

10. International Data Transfer

Certain data may be processed or stored inside or outside the user’s country, depending on the location of servers, service providers, support tools, or the technical infrastructure used.

When data is transferred to another country, BAS FAST takes reasonable and appropriate measures to protect the data, such as:

• Using secure communication channels.

• Restricting access to data.

• Encryption where possible.

• Selecting reliable service providers.

• Using appropriate contractual agreements or obligations.

• Applying technical, organizational, and security controls.

The user acknowledges that operating a digital financial service may require the processing of certain data through technical infrastructure or service providers located outside the user’s place of residence, to the extent necessary to operate and protect the service and comply with its requirements.

11. Data Retention

BAS FAST retains data for the period necessary to achieve the purposes stated in this Policy, to comply with legal and regulatory requirements, to protect rights, prevent fraud, resolve disputes, or fulfill financial and accounting obligations.

BAS FAST applies different retention periods depending on the type of data and the purpose of processing, as follows:

11.1 Account Data

Account data is retained for the duration of the relationship with the user and for up to 24 months after account closure or termination of the relationship, unless there is a legal, financial, compliance, or security need to retain it for a longer period.

11.2 Support and Complaint Data

Support, complaint, and correspondence records are retained for up to 24 months from the date the request or complaint is closed, for follow-up, quality improvement, dispute resolution, and protection of rights.

11.3 Usage Data and Technical Logs

Usage data, login logs, server logs, and IP addresses may be retained for up to 24 months, for security, fraud prevention, operational analysis, service improvement, and investigation of errors or unusual activities.

11.4 KYC Data and Documents

KYC identity verification data, document images, personal photos, and compliance data may be retained throughout the account duration and after account closure for the legally, regulatorily, compliance-related, or security-required period, particularly for fraud prevention, anti-money laundering and counter-terrorist financing, dispute resolution, auditing, or responding to requests from competent authorities.

11.5 Financial Transaction Data

Financial transaction records, settlements, fees, balances, entries, receipts, and review logs may be retained for the period necessary for accounting, auditing, compliance, evidence of rights, dispute resolution, fraud prevention, or responding to legal and regulatory requirements.

11.6 Marketing Data

Marketing data and preferences are retained until the user unsubscribes or until the legitimate need for them ends, unless retention is required to evidence compliance or manage user preferences.

11.7 Backups

Copies of certain data may remain for a limited period within secure backup systems before deletion according to approved technical schedules. Backups are used only for restoration, security, business continuity, or compliance purposes when required.

When the need for data ends, BAS FAST deletes it, anonymizes it, or securely archives it, unless retention is required or permitted for legal, financial, regulatory, or security reasons.

12. Account and Data Deletion

The user may request deletion of the account through the account deletion option inside the application, or through the official support channels.

BAS FAST is committed to providing an appropriate option or mechanism inside the application that allows the user to request account deletion before the application is made available on official app stores, in accordance with operational, compliance, and user protection requirements.

When an account deletion request is submitted, BAS FAST may:

• Verify the identity of the requester.

• Disable or close the account.

• Stop access to services.

• Delete or anonymize unnecessary data.

• Retain data that must or may be retained for legal, financial, accounting, compliance, or security reasons.

An account deletion request does not mean that all data will be deleted immediately, because BAS FAST may be required or permitted to retain certain data, especially:

• Financial transaction records.

• KYC identity verification data.

• Compliance records.

• Complaint and dispute records.

• Data required for auditing and accounting.

• Data required to prevent fraud or misuse.

• Data required under the law, license, or requests from competent authorities.

If the account contains an existing balance, pending transactions, disputes, a compliance review, or unresolved obligations, BAS FAST may delay full deletion until such matters are settled in accordance with the approved policies.

13. User Rights Relating to Data

Depending on applicable laws and regulations, the user may have the right to:

• Know the types of data that BAS FAST holds about the user.

• Request correction of inaccurate data.

• Request an update of account data.

• Request deletion of certain data where there is no legitimate reason to retain it.

• Request restriction of certain types of processing.

• Object to certain types of processing.

• Withdraw consent in cases where processing is based on consent.

• Request information about data sharing.

• Submit a complaint to BAS FAST or to a competent authority, where applicable.

BAS FAST may request verification of the user’s identity before fulfilling any data-related request, in order to protect the account and prevent unauthorized access.

A request may be rejected or restricted if it conflicts with legal, regulatory, security, financial, or compliance obligations, or if it affects the rights of others or the safety of the platform.

14. Data Security

BAS FAST uses reasonable and proportionate technical and organizational measures to protect personal, financial, and sensitive data. These measures include:

• Encrypting communication using secure protocols such as SSL/TLS.

• Protecting passwords and PINs using secure storage methods.

• Applying limited access permissions based on the need-to-know principle.

• Using audit logs for sensitive operations.

• Monitoring login attempts and suspicious activities.

• Using OTP or additional verification methods for sensitive operations.

• Protecting servers and databases from unauthorized access.

• Secure backups.

• Periodic review of systems and vulnerabilities.

• Training employees and agents on confidentiality and data protection.

• Restricting employee and agent access to the minimum necessary to perform their duties.

Nevertheless, no electronic transmission or storage method is 100% secure. Therefore, BAS FAST is committed to taking reasonable and professional measures, but it does not guarantee absolute protection against all risks, attacks, failures, or errors beyond reasonable control.

15. User Responsibility for Protecting Data

The user is required to:

• Keep the password and PIN confidential.

• Not share OTP codes with any person.

• Not hand over the account, phone, or SIM card to any third party.

• Use the official application only.

• Not use modified or untrusted versions of the application.

• Update contact data when it changes.

• Notify BAS FAST immediately in case of phone loss or suspected account compromise.

• Verify recipient details before executing any transaction.

• Not use the account on behalf of others or as a front for unauthorized accounts or transactions.

BAS FAST may not be responsible for losses resulting from the user’s negligence, sharing of login data or codes, or executing transactions based on incorrect data entered by the user.

16. Application Permissions

The BAS FAST application may request certain permissions from the device, depending on the service features, including:

• Camera: To scan QR codes or capture identity documents or photos required for verification.

• Photos or files: To upload required documents or attachments.

• Notifications: To send security, transaction, and account alerts.

• Location: To identify the nearest agent, support fraud prevention, or operate a location-related service.

• Internet: To operate the application and services.

• Device information: For security, fraud prevention, and performance improvement.

BAS FAST requests device permissions only when they are connected to a clear function within the service. These permissions must match the privacy disclosures on Google Play and Apple App Store and the actual use inside the application.

The user may manage certain permissions through the device settings, but disabling some permissions may cause certain services not to work properly.

17. Cookies and Tracking Technologies

When using the website or certain digital interfaces, BAS FAST may use cookies or similar technologies to:

• Operate the website.

• Maintain sessions.

• Save certain preferences.

• Improve performance.

• Analyze usage.

• Protect accounts.

• Detect fraudulent or unusual behavior.

• Improve the user experience.

The user may control some of these technologies through browser or device settings. Disabling certain cookies or technologies may cause some website or service features not to work properly.

If BAS FAST later uses advanced analytics or marketing tools, this may be explained in a separate Cookie Policy or through an appropriate consent notice on the website.

18. Analytics and Third-Party Tools

BAS FAST may use analytics, performance monitoring, crash reporting, or security tools provided by third parties for purposes such as:

• Improving the service.

• Diagnosing errors.

• Measuring performance.

• Monitoring stability.

• Preventing fraud.

• Protecting the platform.

• Understanding general service usage.

When using these tools, BAS FAST seeks to minimize the data sent as much as possible and configure the settings in a manner consistent with privacy protection.

If external tools or SDKs are used inside the application, their practices must be consistent with the privacy disclosures in the app stores and with this Policy.

19. No Sale of Data and No Advertising Tracking

BAS FAST does not sell users’ personal or financial data to third parties.

BAS FAST does not currently use user data for advertising tracking across third-party applications or websites, and does not currently use advertising SDKs to track users outside BAS FAST services.

BAS FAST may use operational or internal statistical data to improve the service, measure performance, send service-related notifications, or provide informational messages when permitted, without selling user data or using it to track users for advertising purposes across third-party services.

If BAS FAST decides in the future to use any external advertising or tracking tools, this Policy and the required app store disclosures will be updated before such use is activated, where required.

20. Fraud Prevention and Risk Monitoring

Due to the nature of BAS FAST as a financial service, the Company may use internal or external systems to monitor risks and detect unusual activities.

These procedures may include:

• Analyzing transaction patterns.

• Reviewing transaction frequency.

• Comparing activity with the user profile.

• Monitoring related accounts, devices, or transactions.

• Requesting additional verification.

• Suspending, delaying, or rejecting certain transactions.

• Temporarily restricting the account.

• Reporting or cooperating with competent authorities where there is a legitimate basis.

Suspension of an account or transaction does not necessarily mean that a violation has been established. It may be a precautionary measure to protect users, the platform, and compliance.

21. Minors’ Data and Minimum Age

BAS FAST does not target children.

BAS FAST may not be used by anyone under the age of 16.

If the user is under the legal age of majority according to the applicable law, BAS FAST may request the consent of a parent or legal guardian, impose restrictions on the account or certain services, refuse to open the account, or restrict it.

If BAS FAST becomes aware that it has collected data from a minor in an unauthorized manner or without required consent, it may delete the data, restrict the account, request legal consent, or take any appropriate action.

22. Notifications and Communications

BAS FAST may communicate with the user through:

• WhatsApp messages.

• Email.

• Application notifications.

• In-app messages.

• Phone calls when needed.

• Any other official channel that BAS FAST may later approve.

These communications may include:

• OTP verification codes.

• Transaction confirmations.

• Security alerts.

• Support messages.

• Policy change notifications.

• Account notifications.

• Marketing or informational messages when permitted.

Certain notifications related to security, transactions, or compliance cannot be disabled because they are part of operating the service and protecting the user.

23. External Links and Services

The application or website may contain links or external services that BAS FAST does not own or operate.

BAS FAST is not responsible for the privacy, security, or content practices of those websites or services. The user should read the privacy policies of any third party before using its services.

24. Updates to this Privacy Policy

BAS FAST may update this Policy from time to time for reasons including:

• Adding new services.

• Technical or operational changes.

• Legal or regulatory changes.

• Updates to Google Play or Apple App Store requirements.

• Improving transparency.

• Enhancing security and compliance.

The updated version will be published on the website or inside the application, with the “Last updated” date amended. In the event of material changes, BAS FAST may notify users through the application, email, or any appropriate official channel.

Continued use of the service after the update is published constitutes acceptance of the updated Policy, unless the law requires explicit consent.

25. App Store Requirements and Disclosures

For the purpose of publishing the application on Google Play and Apple App Store, this Policy must be available through a public and active link and must be consistent with the data disclosed in the privacy forms of the app stores.

BAS FAST is committed to ensuring that app store privacy disclosures are consistent with:

• The data actually collected by the application.

• The permissions requested by the application.

• The third-party tools or SDKs used.

• Google Play Data Safety forms.

• Apple App Privacy forms.

• The account deletion or account deletion request mechanism.

• In-app disclosures.

Any inconsistency between this Policy, the actual application, device permissions, and app store forms may require modification of the Policy, modification of the application, or updating of the disclosures before or after publication.

26. Contact Us

For any question or request relating to privacy, data protection, account deletion, or correction of information, BAS FAST may be contacted through the following channels:

• Official privacy email: privacy@basfast.com

• Technical support email:support@basfast.com

• Phone number: 00963936335231

• Website: www.basfast.com

The user must use only the official channels when submitting any request related to the account, data, or privacy. BAS FAST may request additional information to verify the identity of the requester before processing any request related to data or the account.

27. Acknowledgment

By using BAS FAST, creating an account, or continuing to use any of its services, you acknowledge that:

• You have read and understood this Privacy Policy.

• You agree to the collection, processing, use, and sharing of your data in accordance with this Policy.

• You understand that BAS FAST processes certain data for necessary financial, compliance, and security purposes.

• You understand that account deletion does not necessarily mean immediate deletion of all records, especially KYC records, financial transaction records, and compliance records.

• You are responsible for protecting your login data, verification codes, and authentication methods.

• You agree that this Policy may be updated from time to time as required by the service, law, operational requirements, or app store requirements.

BAS FAST Electronic Wallet and Digital Payment Service/ Electronic Financial Services

Owned and operated by Emitis Group Ltd