flag

oman

LuLu Exchange Loader

Data Privacy Policy

We, Lulu Exchange Co. LLC ("Lulu Exchange Oman"), are a company incorporated in the Sultanate of Oman and licensed and regulated by the Central Bank of Oman ("CBO"). In this Privacy Policy, the terms "We", "Us", and "Our" refer to Lulu Exchange Oman.

Introduction to the Policy

This Data Privacy Policy (“Privacy Policy”) governs the collection, use, processing, storage, disclosure, and protection of personal and financial information provided by our customers while availing any of our products and services through our branches, website, mobile applications, digital platforms, or any other service channels (“Platform”).

The trust of our customers is of utmost importance to us. We are committed to protecting customer privacy and ensuring that personal information is handled securely, fairly, and transparently. This Privacy Policy explains how we collect, use, share, store, and protect Personal Data.

The information shared with us enables us to provide and continuously improve our services, including but not limited to remittance services, foreign currency exchange, wage and salary administration, bill payment services, corporate services, value-added services, and other financial services offered by Lulu Exchange Oman (“Services”).

Certain services may only be available after completion of Know Your Customer (KYC) verification and customer due diligence procedures in accordance with applicable Anti-Money Laundering (AML), Counter Terrorist Financing (CTF), Central Bank of Oman regulations, and other applicable legal and regulatory requirements.

We may update this Privacy Policy periodically to ensure continued compliance with applicable laws, regulations, industry standards, and technological advancements. Customers are encouraged to review this Privacy Policy regularly for updates.

Why We Collect Personal Data

We collect Personal Data including but not limited to:

  • Full name
  • Date and place of birth
  • Nationality
  • Civil ID, Resident Card, Passport, or other identification details
  • Specimen signature and biometric information where permitted by law
  • Present and permanent address
  • Source of income or funds
  • Employer details or nature of business
  • Contact numbers and email addresses
  • Marital status
  • Customer photographs
  • Transaction and financial information

We collect Personal Data for the following purposes:

  • To provide products and services requested by customers.
  • To process remittance, foreign exchange, and related transactions.
  • To comply with regulatory obligations and CBO requirements.
  • To perform customer identification, verification, and due diligence.
  • To prevent fraud, financial crime, money laundering, and terrorist financing.
  • To communicate service updates, alerts, and notifications.
  • To improve products, services, and customer experience.
  • To conduct research, analytics, and statistical analysis.
  • To manage customer complaints, queries, and support requests.
  • To comply with legal obligations and lawful requests from authorities.

Collection of Personal Data

Information We Collect Automatically

When customers use our Platform, we may automatically collect information including:

  • IP address
  • Device identifier
  • Device type and operating system
  • Browser information
  • Mobile network information
  • Geolocation information
  • Website usage data
  • Page views and clickstream data
  • Referral URLs
  • System logs and security monitoring information

Information Customers Provide to Us

Customers may provide information when:

  • Registering for services
  • Completing KYC requirements
  • Performing transactions
  • Updating account information
  • Contacting customer support
  • Participating in surveys, promotions, or campaigns

Such information may include:

  • Contact details
  • Identification documents
  • Financial and banking information
  • Employment information
  • Beneficiary information
  • Transaction details

Information from Other Sources

We may obtain information from:

  • Government authorities
  • Credit bureaus
  • Identity verification providers
  • Correspondent banks
  • Payment service providers
  • Publicly available databases
  • Other legally authorized sources

Authentication and Fraud Detection

To protect customers and prevent fraudulent activity, we may collect and analyze information relating to customer behavior, devices, transactions, and Platform usage patterns. Security and fraud prevention systems may be used to identify suspicious or unauthorized activities.

Using Services via Mobile Devices

When customers access our services through mobile applications or mobile-enabled websites, we may collect information relating to:

  • Device identification
  • Mobile operating system
  • Application usage
  • Device location (where permitted)
  • Security and authentication information

This information helps us provide secure, efficient, and location-based services where applicable.

Use and Storage of Personal Data

We use Personal Data to:

  • Deliver products and services requested by customers.
  • Process and manage transactions.
  • Verify customer identity.
  • Conduct customer due diligence and compliance checks.
  • Detect and prevent fraud and financial crime.
  • Improve customer experience.
  • Provide customer support.
  • Comply with legal and regulatory obligations.

The security of customer Personal Data is important to us. We implement appropriate organizational, physical, administrative, and technical controls to protect Personal Data from unauthorized access, disclosure, alteration, loss, misuse, or destruction.

All customer personal data, transaction records, KYC documentation, supporting documents, and related information collected through Lulu Exchange Oman branches, websites, mobile applications, and digital channels are stored and processed within secure data centres located in the Sultanate of Oman.

Where third-party service providers are engaged for support, hosting, cybersecurity monitoring, disaster recovery, or operational purposes, appropriate contractual and security controls are implemented to ensure continued protection of customer information.

Customer registration records and transaction records shall be retained for a minimum period of ten (10) years or such longer period as may be required by the Central Bank of Oman, applicable laws, regulations, or legitimate business requirements.

Upon expiry of the retention period, information shall be securely destroyed, anonymized, or disposed of in accordance with applicable information security requirements.

We do not sell, rent, or lease customer Personal Data to third parties.

When We Share Personal Data

Personal Data may be disclosed where necessary to:

  • Central Bank of Oman
  • Financial Intelligence Unit (FIU)
  • Royal Oman Police
  • Government authorities
  • Courts and judicial authorities
  • Correspondent banks
  • Payment service providers
  • Lulu Group entities and affiliates
  • Approved third-party service providers
  • Auditors and regulatory authorities

Any disclosure shall be made only where legally required, contractually necessary, operationally justified, or based on customer consent.

Appropriate safeguards shall be implemented to protect Personal Data shared with third parties.

Cookies

Cookies are small files stored on a user’s device to enhance website functionality and user experience. We may use cookies and similar technologies to improve delivery service, analyze website traffic, and enhance security.

Customers may modify browser settings to manage or disable cookies; however, certain services may not function correctly if cookies are disabled.

Links to Other Sites

Our Platform may contain links to third-party websites. We are not responsible for the privacy practices, content, or security of external websites. Customers are encouraged to review the privacy policies of any third-party website they visit.

Security

We maintain comprehensive security measures designed to protect customer information against unauthorized access, alteration, disclosure, destruction, misuse, or loss.

Security controls may include:

  • Access controls
  • Encryption
  • Security monitoring
  • Vulnerability management
  • Physical security measures
  • Incident response procedures
  • Employee confidentiality obligations

Consent

By accessing our Platform, using our Services, or providing Personal Data to us, customers acknowledge and consent to the collection, processing, storage, use, and disclosure of their information in accordance with this Privacy Policy and applicable laws.

How Customers Can Access Their Personal Data

As we are a transparent organization, the Customers will always have a way to access or correct their Personal Data unless there are practical, contractual, and legal reasons that would prevent us from doing so. We would just need ample time to provide or correct that information for the Customers, but rest assured it would be completed. The Customers can let us know what they think, and if they need any assistance on their data privacy needs or concerns, they can email us at: customercare@om.luluexchange.com.

The Website Policies and Terms & Conditions including this Data Privacy Policy may be changed or updated occasionally to meet the requirements and standards. Therefore, the Customers are encouraged to frequently visit these sections in order to be updated about the changes on the website.

Modifications will be effective on the day they are posted.

Quick Links

Services

Quick Links

Services

Achievements

© 2026 LuLu Exchange Co. LLC. All Rights Reserved.   |  Data Privacy Policy   |  AML/CFT Policy   |  Consumer Protection Policy   |   Terms and Conditions

Designed by IGnxT Technologies