Privacy Policy

1. About Fi.om and This Policy

Fi.om ("we", "our", "us") is a digital loan marketplace operated within the Sultanate of Oman. We are not a bank, lender, or financial institution. We operate as a comparison and referral platform, connecting individuals and businesses with licensed banks and finance companies regulated by the Central Bank of Oman (CBO).

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you access or use our website at fi.om, submit a loan eligibility application, create an account, or otherwise interact with our services.

By using Fi.om, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy. If you do not agree with any part of this policy, please do not use our platform.

2. Legal Framework

Fi.om operates in full compliance with all applicable laws and regulations of the Sultanate of Oman, including but not limited to:

• Personal Data Protection Law — Royal Decree No. 6/2022 and its Executive Regulations, which govern the collection, processing, storage, and transfer of personal data in Oman.
• Electronic Transactions Law — Royal Decree No. 69/2008, governing electronic contracts, electronic records, and digital communications.
• Cybercrime Law — Royal Decree No. 12/2011, as amended, relating to cybersecurity and the protection of digital systems.
• Consumer Protection Law — Royal Decree No. 66/2014 and its amendments, protecting consumers from unfair commercial practices.
• Central Bank of Oman (CBO) Regulations — applicable guidelines governing financial referral services, data handling by entities interacting with licensed financial institutions.
• Telecom Regulatory Authority (TRA) Guidelines — relating to digital service providers and data handling within Oman's telecommunications framework.

As a data controller under Oman's Personal Data Protection Law (Royal Decree No. 6/2022), Fi.om is responsible for ensuring that your personal data is processed lawfully, fairly, and transparently, and that appropriate technical and organisational measures are in place to protect it.

3. Information We Collect

We collect information in several ways — directly from you when you use our platform, automatically through your device and browser, and from third parties where applicable. Below is a detailed breakdown of the categories of information we may collect.

3.1 Information You Provide Directly

• Identity Information: Full name, date of birth, gender, nationality, Civil ID or Resident Card number, ID expiry date, and marital status.
• Contact Information: Mobile number (Oman +968), email address, and governorate of residence.
• Financial Information: Monthly basic salary, total monthly income, existing loan repayments, monthly expenses, debt-to-burden ratio data, and salary transfer bank details.
• Employment Information: Employment status, employer name, job title, employment type (government, semi-government, private sector), and years at current employer.
• Loan Application Data: Loan type, requested amount, preferred repayment tenure, and loan purpose. For specific loan types, this may also include vehicle details, property information, business registration data, or educational institution information.
• Account Information: Name, email address, mobile number, date of birth, and password (stored in encrypted form) when you create a Fi.om account.
• Communications: Any messages, queries, or feedback you submit to us directly.

3.2 Information Collected Automatically

• Device and Browser Data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Usage Data: Pages visited, time spent on each page, links clicked, search queries entered, and navigation paths through our website.
• Session Data: Timestamps of visits, session duration, and referring website or source.
• Cookie Data: Information stored in cookies and similar tracking technologies on your device. Please refer to our Cookie Policy for full details.

3.3 Information from Third Parties

• Google Sign-In: If you choose to register or log in using Google, we receive your name, email address, and profile picture from Google in accordance with your Google account privacy settings.
• Analytics Providers: We may receive aggregated or anonymised data from analytics providers to understand how users interact with our platform.

3.4 Sensitive Personal Data

Under Oman's Personal Data Protection Law, certain categories of data are considered sensitive. To the extent that our loan eligibility process requires information that may fall into sensitive categories (such as financial health data), we only collect such data with your explicit consent and where it is strictly necessary for the provision of our services.

4. How We Use Your Information

We use your personal information only for the purposes for which it was collected, or for compatible purposes that you would reasonably expect. Specifically, we use your information to:

4.1 Provide and Operate Our Services

• Process your loan eligibility application and calculate indicative eligibility results based on your financial profile.
• Match your profile with appropriate banks and finance companies registered and regulated in Oman.
• Display personalised loan offers and indicative rates from our partner lenders.
• Create and manage your Fi.om account and authenticate your identity upon login.
• Generate unique reference numbers for your loan applications.
• Transmit your application details to your selected bank or finance company for their review.

4.2 Communications

• Send you application confirmation messages and reference IDs via email or SMS.
• Notify you of updates to your application status where applicable.
• Respond to your enquiries and customer support requests.
• Send service-related announcements, security alerts, and administrative messages.
• With your explicit consent, send you promotional communications, product updates, and relevant financial insights.

4.3 Platform Improvement and Analytics

• Analyse usage patterns to understand how users interact with our platform and identify areas for improvement.
• Conduct internal research and testing to improve the accuracy of our eligibility engine and recommendations.
• Monitor and resolve technical issues, bugs, and security vulnerabilities.

4.4 Legal and Compliance Obligations

• Comply with applicable Omani laws, regulations, and regulatory requirements.
• Respond to lawful requests from courts, law enforcement, or regulatory authorities.
• Detect, prevent, and investigate fraudulent, abusive, or illegal activity.
• Enforce our Terms of Use and protect the rights and safety of Fi.om, our users, and third parties.

4.5 Legal Basis for Processing

Under Oman's Personal Data Protection Law (Royal Decree No. 6/2022), we process your personal data on the following legal bases:

• Consent: Where you have given clear, informed, and specific consent to processing, such as account creation, marketing communications, or Google Sign-In.
• Contractual Necessity: Processing required to provide the services you have requested, including the submission of your loan application to partner lenders.
• Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, platform security, and service improvement, where these interests are not overridden by your rights.
• Legal Obligation: Processing required to comply with a legal obligation under Omani law.

5. Sharing Your Information

Fi.om does not sell your personal data to any third party. We do not operate a data brokerage model. We share your information only in the following carefully defined circumstances:

5.1 Partner Banks and Finance Companies

When you select a specific lender from our results page and click "Select This Offer", your application data — including identity, financial, and employment information — is shared with that specific lender for the purpose of assessing your loan application. By proceeding with a selection, you provide explicit consent to this transfer. Partner lenders are licensed and regulated by the Central Bank of Oman and are independently responsible for handling your data in accordance with Omani law once received.

5.2 Service Providers and Technology Partners

We work with carefully vetted third-party service providers who assist us in operating our platform. These may include:

• Cloud hosting and infrastructure providers.
• Authentication service providers (including Google LLC for Google Sign-In).
• Analytics and performance monitoring platforms.
• Customer support software providers.
• Email and SMS communication services.

All such providers are contractually bound to use your data only as instructed by Fi.om and to maintain appropriate security standards. They are not permitted to use your data for their own purposes.

5.3 Legal Disclosures

We may disclose your information to courts, law enforcement agencies, regulatory authorities (including the Central Bank of Oman, the Telecom Regulatory Authority, or the Capital Market Authority), or other governmental bodies when required to do so by law, court order, or regulatory direction under Omani law.

5.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of Fi.om's business, your information may be transferred to the relevant successor entity. You will be notified of any such transfer and of any material changes to how your data is handled.

5.5 Aggregated and Anonymised Data

We may share aggregated, anonymised, or de-identified data — from which it is not reasonably possible to identify you — with research institutions, financial analytics partners, or publicly, for the purposes of market insight and platform benchmarking.

6. Data Retention

We retain your personal data for no longer than is necessary to fulfil the purposes for which it was collected, or as required by applicable Omani law. Our retention periods are as follows:

• Account Data: Retained for as long as your account is active, plus a period of five (5) years following account closure or deletion to satisfy legal and regulatory obligations.
• Loan Application Data: Retained for a minimum of five (5) years from the date of submission, in accordance with Oman's financial record-keeping requirements and the Electronic Transactions Law.
• Communication Records: Retained for three (3) years from the date of the communication.
• Analytics and Usage Data: Retained in identifiable form for up to twenty-four (24) months, after which it is anonymised or deleted.
• Cookie Data: Retention periods vary by cookie type. See our Cookie Policy for details.

After the relevant retention period, personal data is securely deleted or anonymised in a manner that prevents reconstruction of the original data.

7. Your Rights Under Omani Law

Under Oman's Personal Data Protection Law (Royal Decree No. 6/2022), you have the following rights with respect to your personal data held by Fi.om:

7.1 Right to Access

You have the right to request confirmation of whether we hold personal data about you, and to receive a copy of that data together with information about how it is being processed.

7.2 Right to Rectification

You have the right to request that inaccurate or incomplete personal data we hold about you be corrected or completed without undue delay.

7.3 Right to Erasure

You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent (and no other legal basis applies), or where processing is unlawful. This right is subject to any overriding legal obligations we may have to retain certain data.

7.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, while the accuracy of the data is being contested, or where you object to processing based on legitimate interests.

7.5 Right to Data Portability

Where processing is based on your consent or a contract, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that it be transmitted to another data controller where technically feasible.

7.6 Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes at any time. You also have the right to object to processing based on legitimate interests, on grounds relating to your particular situation.

7.7 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

7.8 Exercising Your Rights

To exercise any of the above rights, please contact us at privacy@fi.om. We will respond to your request within thirty (30) days. We may need to verify your identity before processing your request. There is no charge for making a rights request, unless requests are manifestly unfounded or excessive.

7.9 Right to Lodge a Complaint

If you believe that we have processed your personal data in violation of applicable law, you have the right to lodge a complaint with the competent supervisory authority in Oman. For matters relating to financial services and data protection, the relevant authorities include the Telecom Regulatory Authority (TRA) and the Central Bank of Oman (CBO).

8. Data Security

We take the security of your personal data seriously and implement a range of technical and organisational measures designed to protect it against unauthorised access, accidental loss, alteration, disclosure, or destruction. These measures include:

• Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard TLS (Transport Layer Security) protocols. Passwords are stored using one-way cryptographic hashing and are never stored in plain text.
• Access Controls: Access to personal data is restricted on a strict need-to-know basis. All staff and contractors with access to personal data are subject to confidentiality obligations.
• Session Management: User sessions are managed securely with appropriate timeout and invalidation controls. Authentication tokens are not stored in insecure locations.
• Data Minimisation: We only collect the minimum personal data necessary to provide our services. We do not store sensitive financial data beyond what is required for the eligibility process.
• Regular Reviews: Our security practices are reviewed periodically and updated in response to new threats, vulnerabilities, and regulatory guidance.
• Incident Response: We maintain a data breach response procedure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant regulatory authority in accordance with Oman's Personal Data Protection Law.

While we implement all reasonable security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we commit to responding promptly and responsibly to any security incident that affects your data.

9. Cookies and Tracking

We use cookies and similar tracking technologies on our website to ensure it functions correctly, to understand how users interact with our services, and to improve your experience. A detailed explanation of the cookies we use, their purposes, and how to manage them is provided in our Cookie Policy.

By continuing to use our website after being presented with our cookie notice, you consent to the use of cookies in accordance with our Cookie Policy. You may withdraw or adjust your cookie preferences at any time using the controls described therein.

10. Cross-Border Data Transfers

Fi.om is operated from the Sultanate of Oman and primarily processes your data within Oman. However, some of our third-party service providers — including cloud infrastructure and authentication providers — may process your data in data centres located outside of Oman.

Where personal data is transferred outside of Oman, we ensure that appropriate safeguards are in place in accordance with Oman's Personal Data Protection Law (Royal Decree No. 6/2022). These safeguards may include:

• Transfers to countries or territories that have been assessed as providing an adequate level of data protection.
• Standard contractual clauses or data processing agreements that impose equivalent data protection obligations on the recipient.
• Your explicit consent, where required.

You may request information about the specific safeguards in place for any cross-border transfers involving your data by contacting us at privacy@fi.om.

11. Children's Privacy

Fi.om's services are intended for individuals who are at least eighteen (18) years of age. We do not knowingly collect personal data from individuals under the age of 18. The minimum age for financial products in Oman is 18 years, and our eligibility process is designed accordingly.

If we become aware that we have inadvertently collected personal data from a person under the age of 18, we will take prompt steps to delete that data. If you are a parent or guardian and believe your child has submitted information to us without your consent, please contact us immediately at privacy@fi.om.

12. Third-Party Links

Our website may contain links to the websites of our partner banks, finance companies, and other third parties. These websites are operated independently of Fi.om and are governed by their own privacy policies. We have no responsibility for, and make no representations regarding, the content or privacy practices of any third-party websites.

We encourage you to review the privacy policy of any website you visit before submitting personal data. The inclusion of a link on our website does not constitute an endorsement of the linked website or its operators.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Display a prominent notice on our website for a reasonable period following the change.
• Where required by law, notify you directly by email or other communication channel.

Your continued use of Fi.om after any changes to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this page periodically to stay informed of how we are protecting your information.

14. Contact and Complaints

We value your trust and are committed to addressing any questions, concerns, or complaints you may have regarding the handling of your personal data.