1. Introduction

This Privacy Notice (hereafter "Notice") describes how Lean Technologies and other companies within the Lean Group (“Lean”, "we", "us", "our") manage the Information that you provide to us. This Notice explains how we will use that Information, who we might share it with, and what steps we will take to make sure it stays private and secure. This Notice continues to apply even if your agreement with Lean for Lean Services and other products ends.

This Notice may be updated from time to time and our Site will indicate when the Notice has been updated. You may access the current version of this Notice at any time by clicking on the "Privacy" link at the footer on our Site. You are advised to review this Notice periodically for any changes. Changes to this Notice are effective when they are posted on this page. If we have provided you with separate or further information about how we collect and use your Personal Information for a particular product or service, those terms will also apply. If you interact with us in a different context, separate terms might apply to that interaction. Where we provide you with other terms, those terms will always take precedence over this Notice.

There may be times when links on our Site take you to a third party's website which is not managed or connected to Lean. When this happens, that third party's own privacy notice, which may be different to this Notice, will apply.

2. Definitions

In this Notice the following capitalised terms have the meaning assigned to them below unless expressly stated otherwise:

"ADGM" means the Abu Dhabi Global Market.

"Banking Partner" means any bank or other financial institution with which Lean has a relationship with regards the provision of the Lean Services, including data sharing and payment initiation services.

"Client" means the person or business who engages or retains Lean to provide the Lean Services to their End-users.

"Cookies" means the small files stored on your device (computer or mobile device).

"DIFC" means the Dubai International Financial Centre.

"Distributor" means the intermediary or agent which enables third-party access to the Lean Services, which may include for example, payment gateways or other enterprise application services

"End-user" means the individual or corporate customer of Client who maintains account(s) with financial services providers and who use the Lean Services to enable the connection of such accounts with Client.

"Information" means your Personal Information and Usage Information, including any information you provide to us or grant us access to.

"KSA" means the Kingdom of Saudi Arabia.

"Lean" means Lean Technologies. See the 'contact us' section below for more information on how to get in touch with us depending on which country you are in.

"Lean Services" means the services and/or products offered by Lean, accessible via our Site.

"Personal Information" means any information that can be used to identify an individual, whether directly or indirectly, and may include, but is not limited to name, email address, postal address, mobile phone number, location information, an online identifier such as login information, or to one or more factors specific to your physical, physiological, biometric, economic, cultural or social information.

"Portal" means the application dashboard, widgets, portals or other application where a Client and/or End-user may access and utilise the Lean Services.

"Service Providers" means third party companies and individuals engaged by Lean to facilitate the Lean Services, provide or perform the Lean Services on Lean's behalf or assist us in analysing how the Lean Services are used.

"Site" means Lean's website at https://www.leantech.me, attached domains and other web and mobile-based applications ("app").

"UAE" means the United Arab Emirates.

"Usage Information" means information which is collected automatically and is generated by your use of the Lean Services, access to the Site, or from the Lean Service infrastructure itself through or by any device (for example, we may capture the duration of your visit to a particular page of our Site).

"User" means the person who is using the Site and/or Portal (i.e. "you") and who is the subject of the Information we collect. For example, a user may be a Client, or the employee of a Client, an End-user or their appointed representative of the Lean Services; a Banking Partner, or an employee of a Banking Partner, or a Distributor, or an employee of a Distributor.

3. What Information we collect about you

3.1 When you sign up as a Client of Lean, we may collect the following Information about you. This Information helps us to verify who you say you are. This will include Information, such as:

3.1.1 your name, date and place of birth;

3.1.2 contact details, such as your home address, work address, email and phone number;

3.1.3 details about your place of work, your role at the Client, the Client’s company incorporation details, group structure, including ultimate beneficial ownership details of the Client;

3.1.4 information about your identity, such as a copy of your ID document (i.e. passport / national ID); and

3.1.5 any details that you provide us through the Lean chat feature on our Site, during the integration process, via a dedicated Slack channel, or Information we collect or generate about you when you get in touch with us, including any details that are submitted to us via webform, email, the Lean portal or any other digital or paper mechanism.

3.2 We may also get Information about you and the Client from external sources to help us verify your identity and manage our business risk. This may include engaging with credit reference or fraud prevention agencies and Know Your Customer (“KYC”) and Anti-money laundering (“AML”) service providers to fulfil our legal duties.

3.3 When you use the Lean Services as an End-user, we may collect the following Information about you. This Information helps us to provide the Lean Services and will include Information, such as:

3.3.1 your name and banking credentials (UAE) or OAuth access token (KSA) required to access your financial services provider account which you intend to connect using Lean.

3.3.2 the Information which is available from one or more account(s) held by you with a financial service provider, to which you have provided Lean consent to access. Depending on the extent that such information is made available, in whole or in part, by the respective financial services provider, this may include the following data: (i) account details (including account name, account number, type, IBAN, currency, last four digit card number, credit limit, payment due date and next payment due amount); (ii) balance details (including balance and currency); and (iii) transaction history (including payment amount, description, currency and timestamp); and

3.3.3 any details that you provide us through the Lean chat feature on our Site, or Information we collect or generate about you when you get in touch with us, including any details that are submitted to us via webform, email, the Lean portal or any other digital or paper mechanism.

3.4 By choosing to use the Lean Services or as a result of your access to our Site, we may also collect Information concerning:

3.4.1 payments to and from your connected financial services provider account(s) and your savings activity;

3.4.2 details about services from us and our partners that you express interest in;

3.4.3 details about how you use and interact with our Site or the Lean Services;

3.4.4 the mobile network and operating system that you use so that we can analyse how our Site and the Lean Services work and fix any issues; and

3.4.5 your location if you've authorised tracking, so we can help protect you against fraud.

4. How we use your Information

4.1 Lean collects and uses your Information for various purposes, and will always have a lawful basis for doing so. We may need to process your Personal Information for the performance of an agreement we have with you, to enter into an agreement with you, to enable us to comply with the law, or we may use your Personal Information for our legitimate interests, or those of a third party (for example, to help product development, to manage our business risk, financial affairs and to protect our staff, or for security and maintenance).

4.2 We may also use your Information to:

4.2.1 develop, operate, provide, maintain, and improve the Lean Services, now and in the future;

4.2.2 keep you up-to-date on the latest Lean Service announcements, system enhancements, special offers, and other information;

4.2.3 provide and receive information, support, feedback and assistance related to the Lean Services;

4.2.4 enable you to create a personal profile, access the application dashboard and view protected content;

4.2.5 analyse usage trends and the preferences of our Users and to conduct questionnaires and surveys, in order to improve the Lean Services (your completion of these questionnaires will always be voluntary);

4.2.6 where you are a Client, or work for a Client (i) contact you for administrative purposes, such as customer support; (ii) send communications, including updates on promotions and events, relating to products and services offered by us; (iii) personalise content and advertising to your preferences; and (iv) protect, investigate, and deter against fraudulent, unauthorised, or illegal activity.

4.3 If you participate in a Lean activity or forum on our Site, the Information that you provide will be made visible to others.

5. Your rights in relation to your Personal Information

5.1 You have a number of rights in relation to the Personal Information that we hold about you. These rights include:

5.1.1 the right to obtain information regarding the processing of your Personal Information and access to the Personal Information which we hold about you. Once we have received a request from you, we will tell you about what Personal Information we hold in our databases, including available details about the origin of that data, the purposes of our processing and the categories of data concerned, the parties involved in the data collection and any data recipients (including where we transfer your Personal Information (as applicable). We will also tell you how long we will store your Personal Information (or the criteria used to determine that period), and your ability to ask us to rectify, erase or restrict our processing of your Personal Information. We will also provide information about your right to lodge a complaint with the regulatory authority or equivalent in the country where you benefit from the Lean Services, and the existence of any automated decision-making procedures we use. If you would like to obtain access to the Personal Information we hold on you, please send us a request in writing using the contact details below, together with a clearly legible copy of a valid official ID document (e.g., passport, ID card, driving licence) (known as the Right to be Informed and your Right of Access);

5.1.2 in certain circumstances, the right to withdraw your consent to our processing of your Personal Information. Please note, we may still be entitled to process your Personal Information if we have another legitimate reason for doing so and your withdrawal of consent will not affect the lawfulness of processing taken place previously (known as the Right to Withdraw Consent);

5.1.3 in some circumstances, the right to receive copies of your Personal Information electronically and/or request that we transmit the Personal Information to a third party where this is technically feasible. Please note that this right only applies to Personal Information which you have provided to us (known as the Right to Data Portability);

5.1.4 the right to request that we rectify your Personal Information if it is inaccurate or incomplete, the right to request that we restrict our processing of your Personal Information (in certain circumstances) and the right to object to the processing of your Personal Information (in certain circumstances) (known as the Right to Rectify, Restrict and Object);

5.1.5 the right to request that we erase your Personal Information in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Information but we are legally required to retain it (known as the Right to be Forgotten); and

5.1.6 the right to lodge a complaint with the relevant authority (for example, in Saudi with the Saudi Authority for Data and Artificial Intelligence (SDAIA) or equivalent regulatory authority in the Kingdom, or in the ADGM, you may lodge a complaint with the ADGM Commissioner of Data Protection) if you think that any of your rights have been infringed by us. You can find out more information about your rights by contacting SDAIA on https://sdaia.gov.sa/en/Contact/Pages/Complaints.aspx in KSA or visiting www.adgm.com/operating-in-adgm/office-of-data-protection/overview in ADGM (known as the Right to File a Complaint).

5.2 Where you have accessed the Lean Services through a Client website or application (“Developer Application”), the products and services provided to you by the Developer Application will be governed by a separate agreement between you and the provider of the Developer Application (“Developer Terms”). Lean has no responsibility for the products and services provided to you by or through the Developer Application and Lean will not be liable to you for any harm, damage or loss arising from your use of the products and services provided by or through the Developer Application.

6. What we expect from you

6.1 You are responsible for making sure the Information that you give us is accurate and up to date. And you must tell us if anything changes, as soon as possible. If we ask you for any Information and you do not provide it to us, we may stop providing the Lean Services to you.

6.2 If you give us any information about another person connected to your account, you must tell them what Personal Information you have given us, and make sure that they are informed of the contents of this Notice and agree that we can use their information as set out in this Notice. You must also tell them how they can see what Personal Information we have about them and how to request the correction of any mistakes.

7. Unsubscribing and opting out

Strictly with your permission, we may use your Information for marketing purposes. Each promotional email you receive from Lean or any of our affiliated third parties will include instructions on how you can unsubscribe from that category of mailing or from receiving emails from that third party. You may also unsubscribe from Lean's promotional emails by sending an email, including your name and email address to the contact details below.

8. Profiling, Usage Information and location data

8.1 We may analyse and evaluate your Information in an automated manner so as to identify significant characteristics or to predict insights and to create profiles. These may be used for business-related checks, product development and management.

8.2 When providing you with the Lean Services, we may make decisions about you by automated means. For example, we use technology that helps us to identify the level of risk involved in User account activity (i.e. for credit, fraud and financial crime reasons). We may also use information received by third party providers to identify if someone else is using your Lean account without your permission.

8.3 You have a right to certain information about how we make these decisions. We ensure that a suitable contact person is available if you wish to express a view on any automated individual decision, where such opportunity to express a view is required by law. Please contact us using the contact details below for more information.

8.4 In some instances, Lean may collect non-personal (aggregate or demographic) data through cookies, web logs, and web beacons. This Information may include, but is not limited to, information such as your computer's internet protocol address (e.g. IP address), browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

8.5 When you access our Site with a device, the Information may also include information such as the type of device you use, your device unique ID, the IP address of your device, your device operating system, the type of internet browser you use, unique device identifiers and other diagnostic data.

8.6 This information allows us to better understand and improve the usability, performance, and effectiveness of our Site and to correct any problems that may occur. Please read the "Cookies" section below for more information. We may also collect and store your location data when you access our Site via a mobile device or computer. You can enable or disable location services when you use our Site at any time through your device settings.

9. Sharing your Personal Information

9.1 We will never sell or rent your Personal Information to third parties for marketing purposes. We may share and transfer your Personal Information within the Lean Group and with our affiliated companies, Service Providers and any third parties engaged by us where:

9.1.1 we need to for the purposes of providing you with products or Lean Services that you have requested (i.e. application development and providing Client and End-user support);

9.1.2 we have a public or legal duty to do so (i.e. to assist with detecting fraud, regulatory reporting, litigation or defending our legal rights);

9.1.3 we have a legitimate reason for doing so (i.e. to manage risk, verify your identity, or assess your suitability for products and the Lean Services); or

9.1.4 we have asked you for your permission to share it, and you have agreed.

9.2 We only share your Personal Information to the extent that the other party reasonably needs it to complete or utilise the requested product or transaction, or to perform their function. All of our affiliated companies, Service Providers and any third parties engaged by us are not permitted to use your Personal Information except for the specific purposes, as agreed with Lean.

9.3 On occasion we may transfer and disclose your Information in other cases including:

9.3.1 in response to subpoenas, court orders, legal process or according to the requirements of applicable laws. We will only share such Information if required to do so, if we in good faith believe it is necessary, or if it is otherwise advisable to cooperate with law enforcement or other governmental agencies;

9.3.2 to establish or exercise our legal rights or defend against legal claims;

9.3.3 to investigate, prevent, or take action against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Lean's terms of service, or as otherwise that we believe in good faith is required by applicable law;

9.3.4 when there is a sale or transfer of all or part of Lean's business or assets (which could include any merger, financing, acquisition, or bankruptcy); or

9.3.5 we may also share aggregated and/or anonymised data with others, such as our financial institution partners, for their own uses, or to meet our reporting obligations, or to indicate our Users' interests, habits, and usage patterns. For example, we may share such information publicly to show trends about the general use of the Lean Services. However, you will not be able to be individually identified from this information.

10. Cross border transfers of your Personal Information

10.1 Our Site is hosted in the United Kingdom but can be accessed by any Lean affiliate worldwide. Accordingly, any Information collected through the Site may be transferred to, and stored at, a destination outside of the country or jurisdiction in which it was collected, including locations which may not have the same level of protection for your Personal Information.

10.2 Depending on where you access the Lean Services, our Portal is hosted on Oracle Cloud Infrastructure (“OCI”) in the country of origin i.e. UAE or KSA. All Personal Information is stored in an encrypted and segregated manner and access is strictly limited to such Lean employees who need to access it to fulfil a service or instruction to you.

10.3 In some cases we may need to transfer your Information outside of the country or jurisdiction in which it was collected. We may need to transfer your Information in this way to perform our agreement with you, to fulfil a legal obligation, to protect the public interest and/or for our legitimate business interests, for example in the context of an outsourcing or business arrangement with our Service Providers and affiliates.

10.4 Whenever we transfer your Information outside of the country or jurisdiction in which it was collected we will ensure that it is protected by us in a manner that is consistent and permissible under applicable data protection rules.

10.5 Depending on the kind of product or Lean Service that is used, your Personal Information may also be disclosed to third parties domiciled in jurisdictions which are deemed not have an appropriate level of data protection. If data is transferred to such a country, we take appropriate measures (for example, relying on contractual arrangements such as following the ADGM’s Standard Contractual Clauses or other precautions or justifications, as may be applicable) so that your Personal Information continues to receive the appropriate protection.

11. Security of your Personal Information

11.1 Lean is committed to protecting the Personal Information you share with us. We rely on a combination of industry-standard security technologies, procedures, and organisational measures to help protect your Personal Information from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your Personal Information transmitted, stored or otherwise processed by us.

11.2 We advise that you take every precaution to protect your Personal Information when you are accessing our Site, Portal and using the Lean Services. For example, we recommend that you change your passwords regularly, use a combination of letters and numbers when creating passwords, and make sure you use a secure browser.

12. Cookies

12.1 Lean uses technologies such as Cookies and web beacons, which allow us to make your visit to our Portal easier, more efficient and more valuable by providing you with a customised experience and recognising you when you return.

12.2 A Cookie cannot read Personal Information off your hard disk or read Cookie files created by other websites. The only Personal Information a Cookie can contain is information you supply yourself. Accepting the Cookies used on our Portal may give us access to Usage Information about your browsing behaviour, which we may use to personalise your experience and track your User traffic patterns, and to merge this information when you register. We do this in order to determine the usefulness of our Portal information to our Users and to see how effective our navigational structure is in helping Users reach that information.

12.3 In addition, Lean uses web beacons in conjunction with Cookies to understand User behaviour. Web beacons are simply a convenient way of gathering basic statistics and managing Cookies and do not give away any extra information from your computer. Turning off your browser's Cookies will prevent web beacons from tracking your specific activity.

12.4 If you prefer not to receive Cookies while browsing our Portal you can set your browser to warn you before it accepts Cookies or refuse the Cookie when your browser alerts you to its presence. You may browse most of our Portal without accepting Cookies, however some functionality may be lost by disabling Cookies on your computer. Certain features of the Portal, particularly those which require a login and password, require Cookies and cannot be used when you have disabled Cookies in your browser.

13. Linked websites and services

Our Site, Portal and the Lean Services may provide links or directly connect with other third party websites, Developer Applications and services (such as those of our Clients) which are outside of our control and are not covered by this Notice. Lean bears no responsibility for the information collected or used by any third party website or application, and you release us from any liability for the conduct of these third parties. We encourage you to review the privacy policies and notices of any third party website that you access, including the privacy notice of the application through which you access the Lean Services.

14. Service Providers

Lean may engage third party Service Providers from time to time. These Service Providers may have access to your Personal Information only to the extent necessary to perform the tasks assigned to them by us. All Service Providers engaged by Lean are legally required to maintain the confidentiality of your Personal Information, have in place systems and controls to protect against any loss or damage to your Personal Information, and must not disclose or use your Personal Information for any other purpose other than as they are instructed.

15. Children's privacy

Our Site is not intended for use by individuals under the age of 18 ("Child" or "Children") without parent or guardian supervision. We do not knowingly collect Personal Information from Children. If you become aware that a Child has provided us with Personal Information, please contact us immediately. If we become aware that we have collected Personal Information from a Child without parental or guardian consent, we will take steps to remove that Information from our servers.

16. How long we will keep your Personal Information

16.1 We will only retain your Personal Information for as long as reasonably necessary to fulfil the purposes we collected it for, including to satisfy any legal, regulatory, tax, accounting or reporting requirements.

16.2 On occasion, we may retain your Personal Information for a longer period, and even after you stop using the Lean Services, in order to: (i) to respond to enquiries and complaints; (ii) to comply with laws and regulations; (iii) in accordance with our internal policies and procedures; or (iv) to protect our interests.

17. Contact us

Should you have any privacy-related questions or comments related to this Notice, please send an email to privacy@leantech.me or you may contact us at the relevant address below:

If you access or receive the Lean Services in KSA - the Data Controller shall be Lean Technologies Saudi for Information Technology Company, Floor No. 1, Building No. 3403, Al Hawi Street, 7465, Hiteen District, 13516, Riyadh, Saudi Arabia.

If you access or receive the Lean Services in the UAE - the Data Controller shall be Lean Technologies Ltd, DD-16-121-032, Al Khatem Tower, ADGM Square, Al Maryah Island, Abu Dhabi, United Arab Emirates.

‍