Home
Loan Simulator
FAQ

Contact Us

Arrow Left

Data Protection & Privacy Policy

How O Financy collects, uses, and protects your personal information

FileFile
Download pdf

O FINANCE SAL (“O Finance”, “we”, “us”, “our”) is a Lebanese financial institution, licensed and regulated by the Banque du Liban (“BDL”). Any reference to “you” or “your” and other wording referring to you is a reference to you as data subject of O Finance. We are committed to protecting the privacy, confidentiality, and security of personal data entrusted to us.

This Data Protection & Privacy Policy (the “Policy”) explains how we collect, use, store, disclose, and protect personal data when you interact with our website, digital platforms, and communication channels (collectively, the “Services”).

By using our Services, you acknowledge that you have read, understood, and agreed to the practices described in this Policy and you consent to our collection, use and disclosure of your data in accordance with the terms of this Policy. You may withdraw such consent at any time; however, this will not affect the lawfulness of the processing based on your consent prior to the withdrawal.

This Policy (and any updated policy when applicable) can be found at www.ofinance.com.lb

1. Scope

This Policy applies when you:

  • Visit and use our website;
  • Submit inquiries or loan applications through the website or via email;
  • Use our loan calculators and contact forms;
  • Communicate with us through email, phone, chatbot, or WhatsApp;
  • Interact with our customer service or complaint handling channels.


This Policy does not cover internal banking systems, core lending platforms, or offline operational systems used by O Finance, which remain subject to strict internal compliance, regulatory, and banking secrecy obligations.

For the purpose of this Policy, data means (i) any information relating to you as an identified or identifiable data subject; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; and (ii)  any personal data which may reveal information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, genetic or biometric data, financial and payment information, SMS and call-related data, microphone, camera, and other sensitive device or usage data. Such processing is prohibited unless made in conformity with the exceptions to the prohibitions as determined in applicable privacy and data protection laws and regulations and reflected herein. 

2. Who We Are & How to Contact Us

Controller: O Finance SAL

Commercial Register: C.R. No. 71506 – Beirut

Regulatory Status: Licensed Financial Institution No. 48, approved and regulated by the BDL under Decision No. 9701 dated 18/09/2007

Address: Achrafieh 4898, G20 Tower, 7th Floor, Beirut, Lebanon

Phone: +961 21 425 823 / +961 21 425 826

Email: info@ofinance.com.lb | Website: www.ofinance.com.lb 

Privacy & Data Protection Contact:

Requests relating specifically to personal data, privacy, consent, or data subject rights should be directed to our Compliance & Data Protection Unit – O Finance SAL

Email: info@ofinance.com.lb

Complaints Channel: For any complaints of any kind, including service-related matters, please contact: complaints@ofinance.com.lb

3. Personal Data We Collect

O Finance collects the data in a transparent manner and applies appropriate measures to protect the collected and processed data and to protect such data against unauthorized or unlawful processing and against accidental loss, destruction, misuse, or damage, using appropriate technology. We obtain your data mainly from you when you use our Services, or when you contact us for any reason, or in connection with our lending services.

We also (i) obtain your data from your authorized representatives, agents, lawyers or introducers, from entities or people with which you may have a relationship such as your employer, from entities affiliated or connected to O Finance, from third parties who provide services or payments to you or to O Finance or with whom you are engaged in business or relation, or from correspondents or reference agencies, directories, fraud prevention agencies or government agencies, and from publicly available resources, such as commercial and real estate registrars, central banks, databases of local and foreign regulatory and supervisory authorities (such as sanctions list), the press, the media, online search engines and other online resources.

Depending on how you interact with our Services, we may collect the following categories of personal data:

3.1 Identity & Contact Information

  • Full name
  • Phone number
  • Email address
  • Residential address
  • Social security number
  • Gender
  • Marital status and dependents
  • Nationality 
  • Date and place of birth
  • Educational status


3.2 Loan & Professional Information

  • Employment status (employed, self-employed, professional)
  • Employer name
  • Professional details
  • Monthly income
  • Assets and liabilities
  • Source of funds 
  • Personal net worth and origin of wealth
  • Loan purpose and requested amount


3.3 Identification Information

  • National ID number or passport number


3.4 Technical & Usage Data

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Access times
  • Website interaction logs


3.5 Communication Data

  • Emails, messages, and inquiries exchanged with us
  • Chatbot and WhatsApp communication records


3.6 Age Restriction

O Finance enforces a strict policy prohibiting individuals under the age of 18 from using our Services. We do not knowingly collect any personally identifiable information from children under the age of 18. If we become aware of any such information provided by a child under 18, we will promptly remove it from our servers. We encourage parents or guardians to contact us if they believe their child has shared personal information with us, so we can take the appropriate action. 

4. Purpose of Processing

4.1 We process personal data for the following purposes:

  • Processing inquiries and loan applications
  • Conducting credit assessment and risk analysis
  • Performing AML, KYC, and fraud prevention checks
  • Meeting regulatory, compliance, and reporting obligations
  • Customer service, communication, and complaint handling
  • Internal analytics, reporting, and operational improvements
  • Limited marketing communications (announcements, greetings, and service updates)
  • Contractual relationship with you or a third party or contractual relation between you and a third party or to be able to fulfil and apply the requirements and the rights and obligations under that contract.  
  • Safeguarding our legitimate/vital interests or those of a third party or your legitimate/vital interests. 
  • For other purposes, when we have your consent.  


4.2 Processing of Sensitive Data. We will only process your Sensitive Data in the following circumstances:

  1. We have secured your consent.
  2. Processing is necessary for the purposes of the proper implementation of the service functionality of any of our Services.
  3. Processing is necessary for carrying out our obligations and exercising our/your specific rights in the field of employment and social security laws in so far as it is authorised by applicable laws or a collective agreement pursuant to applicable laws providing for appropriate safeguards for the fundamental rights and your interests. 
  4. Processing is necessary to protect your vital interests or of another natural person where you are physically or legally incapable of giving consent.  
  5. Processing relates to data which are manifestly made public by you.  
  6. Processing is necessary for the establishment, exercise, or defense of legal claims or whenever courts are acting in their judicial capacity. 
  7. Processing is necessary for reasons of substantial public interest, based on applicable laws which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard your fundamental rights and interests.  
  8. Processing is necessary for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of applicable laws or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in applicable privacy and data protection laws and regulations.  
  9. Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of applicable laws which provide for suitable and specific measures to safeguard your rights and freedoms, in particular professional secrecy; processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes based on applicable laws which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard your fundamental rights and interests.


For the purpose of this Policy, “Sensitive Data” means your personal data which may reveal information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, genetic or biometric data, financial and payment information, SMS and call-related data, microphone, camera, and other sensitive device or usage data. Such processing is prohibited unless made in conformity with the exceptions to the prohibitions as determined in applicable privacy and data protection laws and regulations and reflected herein. 

5. Legal Basis for Processing

We process personal data based on one or more of the following legal bases:

  • Your consent
  • Pre-contractual steps and performance of contractual obligations
  • Compliance with legal and regulatory obligations
  • Legitimate interests, including security, fraud prevention, service optimization, and customer support.

6. Cookies & Online Technologies

Cookies are used subject to your preferences as configured through your browser or the cookie consent banner.
Our website uses cookies and similar technologies to:

  • Assist us in providing services to you;
  • Deliver information specific to your interests; or
  • Ensure proper website functionality
  • Improve performance and usability
  • Conduct analytics (e.g., Google Analytics)

You can choose to reject cookies at any time, either by changing your browser settings (if your browser permits) or by ceasing to our Services or by using the applicable opt-out functions. You should be aware that certain features are only available through the use of cookies and if you choose not to accept cookies, such features may not be available to you.

Details regarding cookies are provided in our Cookies Policy, available on our website.

7. Data Sharing & Disclosure

We may share personal data on a strictly need-to-know basis with:

  • Credit bureaus and verification partners
  • Regulatory authorities and competent public bodies (including BDL)
  • IT service providers, hosting providers, and cloud infrastructure partners
  • Website and analytics service providers
  • Customer Relationship Manager ‘CRM’ system
  • Customer support and communication service providers, including chatbot, used to manage customer inquiries, communications, and support requests
  • Professional advisers (legal, audit, compliance, and risk consultants)
  • Facebook, Twitter, Instagram or any other social media platforms that we may use from time to time (if you use your account with them to sign up/in with us), if applicable;
  • Service providers, business partners, suppliers, subcontractors or agents (for example IT service providers, customer relationship management, business development and marketing support services) who perform functions such as IT, marketing, payment, fulfilment and delivery of orders as well as administration and processing of payments We may share personal information with third-party providers to facilitate certain payment services through our mobile application. We will mandate these third-party providers to uphold security measures and adhere to this Policy when handling your personal data;
  • Government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons;
  • Third parties, who acquire us or substantially all of our assets, in which case your data will be one of the transferred assets (however, we will let you know before this happens);
  • Analytics and search engine providers that assist us in the improvement and optimization of our Services.

Your choices regarding our use and disclosure of your personal data. We give you choices regarding our use and disclosure of your personal data for marketing purposes. You may opt out from receiving marketing-related emails from us. If you no longer want to receive marketing related emails from us on a going-forward basis, you may opt out by sending an email to inquiries@ofinance.com.lb or by using the unsubscribed link at the bottom of each marketing email. We will try to comply with your request(s) as soon as reasonably practicable.

We do not sell personal data.

8. International Data Storage & Transfers

Your personal data may be hosted and processed in Lebanon and abroad, including:

  • Website frontend infrastructure hosted on Vercel (Paris, France – eu-west-3)
  • Backend and database services hosted using Amazon Web Services (AWS)
  • Backend data and content hosted locally (in-house) Lebanon
  • Infrastructure services provided by EMS/CIRRUS

We apply appropriate safeguards to ensure the confidentiality and security of personal data during international transfers.

9. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfill the purposes described in this Policy
  • Meet legal, regulatory, accounting, and compliance requirements
  • Resolve disputes and enforce legal rights

10. Data Security

We apply industry-standard technical and organizational security measures, including:

  • SSL/TLS encryption
  • Restricted system access
  • Secure hosting infrastructure
  • Operational access controls
  • Internal cybersecurity policies

Your privacy is important to us and we have implemented various technology and operational security measures, including encryption and security protocols, in order to protect your data from loss, misuse, alteration, destruction or unauthorized access. We have established procedures to address any suspected data breaches. Despite these measures, no system can be guaranteed 100% secure nor is stored data free from vulnerabilities. We cannot guarantee the security of our websites, databases or services, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us over the internet. We are not responsible for actions of third parties.

Third-Party websites. Through our website or applications, you may have access to other parties, websites, and platforms that offer you the benefit of their products or services. As such, you may be required to submit your data to register or apply for products or services provided by such third parties. This Policy does not apply to these third-party sites. Please note that we have no control over the information that you submit to them. You should read the relevant privacy policy of those third-party sites before responding to any offers, products or services advertised by them. 

11. Your Rights

Subject to applicable laws and regulations, you have certain rights relating to your data.

Right to withdraw consent. Where you have provided your consent to us, you will always have the right to withdraw this at any time. You can do this by either following the information provided at the time you provided your consent, or by contacting us using the following email address: inquiries@ofinance.com.lb. The withdrawal of consent will not affect any processing that was based on consent before its withdrawal.

Right to request correction of your data. You will always have the right to request that we correct any data that we process about you that is inaccurate or incomplete. You can do this by contacting us at inquiries@ofinance.com.lb.

Additional Rights. You are also provided with additional rights which allow you, subject to certain conditions, to:

  • upon request, be provided access to, or copies of, your data that we process;
  • upon request, restrict the processing of your data;
  • upon request, delete your data which we process;
  • object to our processing of your data; or
  • upon request, obtain a copy of your data which we process in a commonly used and machine-readable format.
  • restriction or deletion of data (where legally permitted)
  • opt-out from marketing communications

It is important to understand that these rights are not absolute (e.g. their application may depend upon the lawful basis we rely upon to process your data) and that we may require further information from you (e.g. to confirm your identity) in order to action your request.

Requests should be sent to: inquiries@ofinance.com.lb
We may decline, defer, or limit a request where necessary or appropriate to comply with legal or regulatory obligations, preserve confidentiality, prevent fraud or financial crime, protect security and system integrity, maintain records, investigate complaints, or establish, exercise, or defend legal rights.

12. Updates to this Policy

We reserve the right to update this Policy at any time. Updates will be posted on our website with the revised date.