1. Introduction
   
   1. This ‘Privacy Notice’ (Notice) describes how Lean Technologies and its affiliated entities (together Lean) collect, use, manage and protect Information provided to Lean. This Notice explains how we use your Information, who Lean may share it with, and the measures Lean take to keep it secure.
   2. This Notice applies to all access and use of the Lean Services, Website, and Portal, regardless of where it is accessed from.      
   3. This Notice continues to apply even if your agreement with Lean for the Lean Services and other products ends.
   4. This Notice may be updated from time to time. You may access the latest version of this Notice at any time on the Website. You are advised to review this Notice periodically for any changes. Updates will take effect when they are published, and Lean may notify you of material changes where required by Applicable Law.
   5. If Lean has provided you with additional terms about how Lean collects and uses your Personal Information specific to a particular product, service, or context, those terms shall prevail in the event of a conflict with this Notice.
2. Definitions
   
   1. In this Notice, the following capitalised terms have the meaning assigned to them below, unless expressly stated otherwise:
   2. Applicable Law means all applicable:
      1. legislation including statute, statutory instrument, treaty, regulation, order, directive, bylaw and decree;
      2. regulatory rules and license conditions relating to the parties or otherwise as issued by a Regulatory Authority;
      3. judgments, resolutions, decisions, orders, notices or demands of a competent court, tribunal, regulatory body or governmental authority; and
      4. industry guidelines or codes of conduct which are mandatory where the Lean Services are provided.
      ADGM means the Abu Dhabi Global Market.
      ‍
      ‍Banking Partner means any bank or other financial institution with which Lean has a relationship with regards the provision of the Lean Services.
      ‍
      ‍Client means the person or business who engages or retains Lean to provide the Lean Services to their end users.
      ‍
      ‍Cookies means the small files stored on your device (computer or mobile device).
      ‍
      ‍CBUAE means the Central Bank of the United Arab Emirates.
      ‍Distributor means the intermediary or agent which enables third-party access to the Lean Services, which may include for example, payment gateways or other enterprise application services
      ‍End User means the (individual or corporate) customer of Client who maintains account(s) with services providers and who use the Lean Services to enable the connection of such accounts with Client.
      ‍End User Agreement means the agreement between Lean and End User which governs the terms under which Lean provides, and End User accesses, uses or benefits from the Lean Services.
      ‍Information means your Personal Information and Usage Information, including any information you provide to Lean or grant Lean access to at any time.
      ‍
      ‍KSA means the Kingdom of Saudi Arabia.
      ‍
      ‍Lean Services means any current or future services and/or products provided by Lean, accessible via the Website or any Client, and includes any regulated or unregulated services and/or products which Lean may provide to or for the benefit of End User in due course provided under current regulatory licence(s), future regulatory license(s), or otherwise.
      ‍
      ‍Personal Information means any information that can be used to identify an individual, whether directly or indirectly, and may include, but is not limited to name, email address, postal address, mobile phone number, location information, an online identifier such as login information, or to one or more factors specific to your physical, physiological, biometric, economic, cultural or social information, banking credentials, or other identifiers used to provide Lean Services.
      ‍
      ‍Portal means the application dashboard, widgets, portals or other application where Client and/or End User may access and utilise the Lean Services.
      ‍
      ‍Regulatory Authority means any regulatory, administrative, supervisory, or governmental agency, body, or authority, whether regional, national, or international that Lean is subject to or voluntarily complies with, including their applicable rules, regulations, or guidance from time to time.
      ‍
      ‍Service Providers means third party (companies and individuals) engaged by Lean to facilitate the Lean Services, provide or perform the Lean Services on Lean's behalf or assist Lean in analysing how the Lean Services are used.
      ‍
      ‍UAE means the United Arab Emirates.
      ‍
      ‍Usage Information means information which is collected automatically and is generated by your use of the Lean Services, access to the Website, or from the Lean Service infrastructure itself through or by any device (for example, Lean may capture the duration of your visit to a particular page of the Website).
      ‍
      ‍User means any person using the Website and/or Portal (i.e. you) who is the subject of the Information that Lean collects. This may include a Client, a Banking Partner, or a Distributor or any of their employees, or an End User or their appointed representative.
      
      ‍Website means Lean's website at https://www.leantech.me, attached domains and other web and mobile-based applications.
3. ‍What Information Lean collects about you
   ‍
   
   1. Lean may collect the following Information to verify your identity. This may include:
      
      1. your name, date of birth, and place of birth;
      2. contact details, such as your home address, work address, email and phone number;
      3. details about your employment, your role with the Client, the Client’s company incorporation details, group structure, and ultimate beneficial ownership details of the Client;
      4. proof of identity, such as a copy of a valid passport or national ID; and
      5. any details that you provide Lean through the Lean chat feature on the Website, during the integration process, via a dedicated Slack channel, or Information Lean collect or generate about you when you get in touch with Lean, including any details that are submitted to Lean via webform, email, the Lean portal or any other digital or paper mechanism.
      6. Lean may also get Information about you and the Client from external sources to help Lean verify your identity and manage Lean’s business risk. This may include engaging with credit reference or fraud prevention agencies and Know Your Customer (KYC) and Anti-money laundering (AML) service providers to fulfil Lean’s legal duties.
   2. When you use the Lean Services as an End User, Lean may collect the following Information about you. This Information helps Lean to provide the Lean Services and will include Information, such as:
      
      1. your name and banking credentials (UAE) or OAuth access token (KSA) required to access your financial services provider account which you intend to connect using Lean.
      2. the Information which is available from one or more account(s) held by you with a financial service provider, to which you have provided Lean consent to access. Depending on the extent that such information is made available, in whole or in part, by the respective financial services provider, this may include the following data:
      3. account details (including account name, account number, type, IBAN, currency, last four (4) digit card number, credit limit, payment due date and next payment due amount);
      4. balance details (including balance and currency);
      5. details of payment accounts issued or transactions processed under Lean’s applicable regulatory licenses and permissions; and
      6. transaction history (including payment amount, description, currency and timestamp);
      7. your contact details, such as your address, email and/or phone number;
      8. details about your employment; and
      9. proof of identity, such as a copy of a valid passport or national ID.
      10. any details that you provide Lean through the Lean chat feature on the Website, or Information Lean collect or generate about you when you get in touch with Lean, including any details that are submitted to Lean via webform, email, the Lean portal or any other digital or paper mechanism.
      11. Lean will collect your official identification details and verified phone number to create and maintain your End User profile.
   3. By choosing to use the Lean Services or as a result of your access to the Website, Lean may also collect Information concerning:
      ‍
      
      1. payments to and from your connected financial services provider account(s) and your savings activity;
      2. information about your preferences and interactions with the Lean Services to personalize your experience, with your consent;
      3. details about how you use and interact with the Website or the Lean Services;
      4. the mobile network, device and operating system that you use so that Lean can analyse how the Website and the Lean Services work and fix any issues; and
      5. your location if you've authorised tracking, so Lean can help protect you against fraud.‍
4. How Lean use your Information
   ‍
   
   1. Lean collects and uses your Information for various purposes and will always have a lawful basis for doing so. Lean may need to process your Personal Information for the performance of an agreement Lean have with you, to enter into an agreement with you, to enable Lean to comply with the law, or Lean may use your Personal Information for our legitimate interests, or those of a third party (for example, to help product development, to manage Lean’s business risk, financial affairs and to protect Lean’s staff / personnel, or for security and maintenance).
   2. Lean may also use your Information to:
      
      1. develop, operate, provide, maintain, and improve the Lean Services, now and in the future;    
      2. communicate with you about your use of Lean Services, including updates and support, where permitted by Applicable Law;
      3. provide and receive information, support, feedback and assistance related to the Lean Services;
      4. enable you to create a personal profile, access the application dashboard and view protected content;
      5. analyse usage trends and the preferences of the User and to conduct questionnaires and surveys, in order to improve the Lean Services (your completion of these questionnaires will always be voluntary);
      6. where you are a Client, or work for a Client:
         
         1. contact you for administrative purposes, such as customer support;
         2. send communications, including updates on promotions and events, relating to products and services offered by us;
         3. personalise content and advertising to your preferences; and
         4. protect, investigate, and deter against fraudulent, unauthorised, or illegal activity;
      7. where you are an End User, with your consent, Lean will create and maintain a profile to remember your identity, preferences, and account details across different Clients. This enables a seamless experience when you interact with the Lean Services through multiple platforms or providers, and allows Lean to enhance service delivery under all current and future regulatory licenses held by Lean or its affiliates, ensuring continuity and efficiency in your interactions with the Lean Services; and
      8. with your consent, personalize your experience by remembering your preferences and interactions across Lean Services, ensuring consistency whether you access Lean Services directly or through different Clients.
   3. If you participate in a Lean activity or forum on the Website, the Information that you provide will be made visible to others.‍
5. Your rights in relation to your Personal Information
   ‍
   
   1. You have a number of rights in relation to the Personal Information that Lean collect about you. These rights include:
      
      1. the right to obtain information regarding the processing of your Personal Information and access to the Personal Information which Lean holds about you. Once Lean has received a request from you, Lean will tell you about what Personal Information Lean holds in its databases, including available details about the origin of that data, the purposes of Lean processing and the categories of data concerned, the parties involved in the data collection and any data recipients (including where Lean transfers your Personal Information (as applicable). Lean will also tell you how long Lean will store your Personal Information (or the criteria used to determine that period), and your ability to ask Lean to rectify, erase or restrict Lean’s processing of your Personal Information. Lean will also provide information about your right to lodge a complaint with the regulatory authority or equivalent in the country where you benefit from the Lean Services, and the existence of any automated decision-making procedures Lean uses. If you would like to obtain access to the Personal Information Lean holds on you, please send Lean a request in writing using the contact details below, together with a clearly legible copy of a valid official ID document (e.g., passport, ID card, driving licence) (known as the Right to be Informed and your Right of Access);
      2. in certain circumstances, the right to withdraw your consent for Lean to process your Personal Information, including any consent previously granted under this Privacy Notice and/or the End User Agreement (where applicable). If you choose to exercise this right, Lean will discontinue maintaining your End User profile and cease processing your data for that specific purpose, except where Lean is legally or regulatorily required to retain certain information. Please note, Lean may still be entitled to process your Personal Information if Lean has another legitimate reason for doing so and your withdrawal of consent will not affect the lawfulness of processing taken place previously (known as the Right to Withdraw Consent). If you withdraw consent to Lean remembering your identity and preferences across different Clients, Lean will stop such processing, but this may limit the continuity and efficiency of your experience of the Lean Services;
      3. in some circumstances, the right to receive copies of your Personal Information electronically and/or request that Lean transmit the Personal Information to a third party, where this is technically feasible. Please note that this right only applies to Personal Information which you have provided to Lean including the data associated with your End User profile, if applicable (known as the Right to Data Portability);
      4. the right to request that Lean rectify your Personal Information if it is inaccurate or incomplete, the right to request that Lean restrict Lean’s processing of your Personal Information (in certain circumstances) and the right to object to the processing of your Personal Information (in certain circumstances) (known as the Right to Rectify, Restrict and Object);
      5. the right to request that Lean erase your Personal Information in certain circumstances. Please note that there may be circumstances where you ask Lean to erase your Personal Information, but Lean are legally required to retain it (known as the Right to be Forgotten); and
      6. the right to lodge a complaint with the relevant authority in the jurisdiction where you access Lean Services. In the UAE, you may contact, as applicable and based on how you access the Lean Services, the ADGM Commissioner of Data Protection, the UAE Data Office or, in certain circumstances, the CBUAE; in KSA, you may contact the Saudi Authority for Data and Artificial Intelligence (SDAIA). You can find out more information about your rights by contacting the relevant authority in your jurisdiction (known as the Right to File a Complaint).Where you have accessed the Lean Services through a Client website or application (Developer Application), the products and services provided to you by the Developer Application will be governed by a separate agreement between you and the provider of the Developer Application (Developer Terms). Lean has no responsibility for the products and services provided to you by or through the Developer Application and Lean will not be liable to you for any harm, damage or loss arising from your use of the products and services provided by or through the Developer Application.
   2. Lean and Clients will cooperate to address your requests to exercise your data subject rights promptly and in accordance with Applicable Law. If you make a request through a Client, they will notify Lean, and Lean will work together to respond. Similarly, Lean will notify Clients of any requests Lean receive directly from you to ensure compliance with data protection laws. ‍
6. What Lean expects from you
   ‍
   
   1. You are responsible for making sure the Information that you give Lean is accurate and up to date. And you must tell Lean if anything changes, as soon as possible. If Lean asks you for any Information and you do not provide it to Lean, Lean may stop providing the Lean Services to you.
   2. If you give Lean any information about another person connected to your account, you must tell them what Personal Information you have given Lean, and make sure that they are informed of the contents of this Notice and agree that Lean can use their information as set out in this Notice. You must also tell them how they can see what Personal Information Lean have about them and how to request the correction of any mistakes.‍
7. Unsubscribing and opting out
   ‍
   
   1. Strictly with your permission, Lean may use your Information for marketing purposes. Each promotional email you receive from Lean or any of its affiliated third parties will include instructions on how you can unsubscribe from that category of mailing or from receiving emails from that third party. You may also unsubscribe from Lean's promotional emails by sending an email, including your name and email address to the contact details below.‍
8. Profiling, Usage Information and location data
   ‍
   
   1. Lean may analyse and evaluate your Information in an automated manner so as to identify significant characteristics or to predict insights and to create profiles. These may be used for business-related checks, product development and management.
   2. When providing you with the Lean Services, Lean may make decisions about you by automated means. For example, Lean uses technology that helps Lean to identify the level of risk involved in User account activity (i.e. for credit, fraud and financial crime reasons). Lean may also use information received by third party providers to identify if someone else is using your Lean account without your permission.
   3. You have a right to certain information about how Lean makes these decisions. Lean ensures that a suitable contact person is available if you wish to express a view on any automated individual decision, where such opportunity to express a view is required by law. Please contact Lean using the contact details below for more information.
   4. In some instances, Lean may collect non-personal (aggregate or demographic) data through cookies, web logs, and web beacons. This Information may include, but is not limited to, information such as your computer's internet protocol address (e.g. IP address), browser type, browser version, the pages of the Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
   5. When you access the Website with a device, the Information may also include information such as the type of device you use, your device unique ID, the IP address of your device, your device operating system, the type of internet browser you use, unique device identifiers and other diagnostic data.
   6. This information allows Lean to better understand and improve the usability, performance, and effectiveness of the Website and to correct any problems that may occur. Please read clause ‎12 (Cookies) for more information. Lean may also collect and store your location data when you access the Website via a mobile device or computer. You can enable or disable location services when you use the Website at any time through your device settings.‍
9. Sharing your Personal Information
   ‍
   
   1. Lean will never sell or rent your Personal Information to third parties for marketing purposes. Lean may share and transfer your Personal Information within the Lean group and with Lean’s affiliated companies, Service Providers and any third parties engaged by Lean where:
      
      1. Lean needs to for the purposes of providing you with products or Lean Services that you have requested (i.e. providing new features, application development and providing Client and End User support);
      2. Lean has a public or legal duty to do so (i.e. to comply with Applicable Law, to assist with detecting fraud, regulatory reporting, litigation or defending Lean’s legal rights);
      3. Lean has a legitimate reason for doing so (i.e. to manage risk, verify your identity, or assess your suitability for products and the Lean Services); or
      4. Lean have asked you for your permission to share it, and you have agreed.
   2. Lean may need to share your Personal Information with Lean’s affiliated companies, Service Providers, and other third parties to provide the Lean Services. These parties are authorized to use your Personal Information only to the extent necessary to perform their functions related to the Lean Services and are contractually prohibited from using it for any other purposes. Lean may maintain a persistent identity of you and will reuse such data across the Lean integrated platforms. Lean may use your profile across the various Lean integrated platforms to enable (among other things) you a seamless experience when accessing and/or using the Lean Services.
   3. On occasion Lean may transfer and disclose your Information in other cases including:
      
      1. in response to subpoenas, court orders, legal process or according to the requirements of Applicable Laws. Lean will only share such Information if required to do so, if Lean in good faith believe it is necessary, or if it is otherwise advisable to cooperate with law enforcement or other governmental agencies;
      2. to establish or exercise Lean’s legal rights or defend against legal claims;
      3. to investigate, prevent, or take action against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Lean's terms of service, or as otherwise that Lean believe in good faith is required by Applicable Law;
      4. when there is a sale or transfer of all or part of Lean's business or assets (which could include any merger, financing, acquisition, or bankruptcy); or
      5. Lean may also share aggregated and/or anonymised data with others, such as Lean’s financial institution partners, for their own uses, or to meet Lean’s reporting obligations, or to indicate Users' interests, habits, and usage patterns. For example, Lean may share such information publicly to show trends about the general use of the Lean Services. However, you will not be able to be individually identified from this information.‍
10. Cross border transfers of your Personal Information
    ‍
    
    1. The Website is hosted in the United Kingdom but can be accessed by any Lean group entity worldwide. Accordingly, any Information collected through the Website may be transferred to, and stored at, a destination outside of the country or jurisdiction in which it was collected, including locations which may not have the same level of protection for your Personal Information.
    2. Depending on where you access the Lean Services, the Portal is hosted in the country of origin i.e. UAE or KSA. All Personal Information is stored in an encrypted and segregated manner and access is strictly limited to such Lean employees who need to access it to fulfil a service or instruction to you.
    3. In some cases, Lean may need to transfer your Information outside of the country or jurisdiction in which it was collected. Lean may need to transfer your Information in this way to perform its agreement with you, to fulfil a legal obligation, to protect the public interest and/or for Lean’s legitimate business interests, for example in the context of an outsourcing or business arrangement with the Service Providers and affiliates.
    4. Whenever Lean transfers your Information outside of the country or jurisdiction in which it was collected Lean will ensure that it is protected by Lean in a manner that is consistent and permissible under applicable data protection rules.
    5. Depending on the kind of product or Lean Service that is used, your Personal Information may also be disclosed to third parties domiciled in jurisdictions which are deemed not to have an appropriate level of data protection. If data is transferred to such a country, Lean takes appropriate measures (for example, relying on contractual arrangements such as following relevant Standard Contractual Clauses or other precautions or justifications, as may be applicable) so that your Personal Information continues to receive the appropriate protection.‍
11. Security of your Personal Information
    ‍
    
    1. Lean is committed to protecting the Personal Information you share with Lean. Lean relies on a combination of industry-standard security technologies, procedures, and organisational measures to help protect your Personal Information from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your Personal Information transmitted, stored or otherwise processed by Lean.
    2. Lean advises that you take every precaution to protect your Personal Information when you are accessing the Website, Portal and using the Lean Services. For example, Lean recommends that you change your passwords regularly, use a combination of letters and numbers when creating passwords, and make sure you use a secure browser.‍
12. Cookies
    ‍
    
    1. Lean uses technologies such as Cookies and web beacons, which allow Lean to make your visit to the Portal easier, more efficient and more valuable by providing you with a customised experience and recognising you when you return.
    2. A Cookie cannot read Personal Information off your hard disk or read Cookie files created by other websites. The only Personal Information a Cookie can contain is information you supply yourself. Accepting the Cookies used on the Portal may give Lean access to Usage Information about your browsing behaviour, which Lean may use to personalise your experience and track your User traffic patterns, and to merge this information when you register. Lean do this in order to determine the usefulness of the Portal information to the Users and to see how effective our navigational structure is in helping Users reach that information.
    3. In addition, Lean uses web beacons in conjunction with Cookies to understand User behaviour. Web beacons are simply a convenient way of gathering basic statistics and managing Cookies and do not give away any extra information from your computer. Turning off your browser's Cookies will prevent web beacons from tracking your specific activity.
    4. If you prefer not to receive Cookies while browsing the Portal, you can set your browser to warn you before it accepts Cookies or refuse the Cookie when your browser alerts you to its presence. You may browse most of the Portal without accepting Cookies, however some functionality may be lost by disabling Cookies on your computer. Certain features of the Portal, particularly those which require a login and password, require Cookies and cannot be used when you have disabled Cookies in your browser.
    5. If you consent, Lean may use cookies or similar technologies to recognize you when you return to the Lean Services through different platforms, enabling Lean to provide a seamless experience.‍
13. Linked websites and services
    ‍
    
    1. The Website, Portal and/or the Lean Services may contain links or directly connect with third-party websites, Developer Applications and/or services (such as those of the Clients’) not managed or controlled by Lean. In such cases, the privacy notice of the respective third party will apply, and Lean bears no responsibility for the information collected or used by any third-party website or application, and you release Lean from any liability for the conduct of these third parties.
    2. Lean encourages you to review the privacy policies and notices of any third-party website that you access, including the privacy notice of the application through which you access the Lean Services.
    3. Where you have consented to Lean facilitating your access to Lean Services through multiple Clients, each Client's privacy policy will govern their use of your information. Lean is not responsible for the data privacy of these third parties.
14. ‍Service Providers
    ‍
    
    1. Lean may engage third party Service Providers from time to time. These Service Providers may have access to your Personal Information only to the extent necessary to perform the tasks assigned to them by Lean. All Service Providers engaged by Lean are legally required to maintain the confidentiality of your Personal Information, have in place systems and controls to protect against any loss or damage to your Personal Information, and must not disclose or use your Personal Information for any other purpose other than as they are instructed.‍
15. Children's privacy
    ‍
    
    1. The Website is not intended for use by individuals under the age of 18 (Child or Children) without parent or guardian supervision. Lean does not knowingly collect Personal Information from Children. If you become aware that a Child has provided Lean with Personal Information, please contact Lean immediately. If Lean becomes aware that Lean has collected Personal Information from a Child without parental or guardian consent, Lean will take steps to remove that Information from our servers.‍
16. How long Lean will keep your Personal Information
    ‍
    
    1. Lean will only retain your Personal Information for as long as reasonably necessary to fulfil the purposes Lean collected it for, including to satisfy any legal, regulatory, tax, accounting or reporting requirements.
    2. On occasion, Lean may retain your Personal Information for a longer period, and even after you stop using the Lean Services, in order to:
       
       1. to respond to enquiries and complaints;
       2. to comply with laws and regulations;
       3. in accordance with Lean’s internal policies and procedures; or
       4. to protect Lean’s interests.
    3. If you have consented and subject to any legal or regulatory requirements that may require Lean to retain certain information, Lean will retain your End User profile data for as long as your consent remains valid or until you withdraw your consent.‍
17. Contact Lean
    ‍
    
    1. Should you have any privacy-related questions or comments related to this Notice, please send an email to privacy@leantech.me or you may contact Lean at the relevant address below:
    2. If you access or receive the Lean Services in KSA - the Data Controller and/or Processor (as applicable) shall be Lean Technologies Saudi for Information Technology Company, Floor No. 1, Building No. 3403, Al Hawi Street, 7465, Hiteen District, 13516, Riyadh, Saudi Arabia.
    3. If you access or receive the Lean Services in the UAE - the Data Controller and/or Processor (as applicable) shall be the relevant Lean entity designated for those Lean Services being either of –
       
       1. Lean Technologies Ltd, DD-16-121-032, Al Khatem Tower, ADGM Square, Al Maryah Island, Abu Dhabi, United Arab Emirates; or
       2. LeanTech Systems Information Technology L.L.C, Office 101 - 103, Nassima Tower, Trade Center First, Dubai, United Arab Emirates.

‍

‍