Privacy Policy
1. Introduction.
At AlaanPay Technology FZCO (hereafter referred to as "Alaan"), we will never misuse your data and we will always stick to the letter and spirit of the law. We will never sell it, give it away or use it for anything other than for the purposes stipulated under this privacy policy (hereafter referred to as “Policy”).
This Policy applies to all individuals who supply personal data to us in relation to our services for businesses. This includes the person who signs up to our services on behalf of our business customer, the super administrators who have authority to create and approve user accounts, the users who access and use our services in the course of their employment / engagement with our business customer, and such other users who may access and/or use our websites, mobile applications, and any associated digital services, features, or connected ecosystems operated by us (“Platform”).
We do not collect or process your personal data without your prior consent. Your consent is strictly required and captured prior to your signing in and/or onboarding onto the Alaan Platform by presenting you with a mandatory, un-checked confirmation checkbox alongside links to this Policy and our Terms and Conditions. By ticking the aforementioned checkbox and clicking the “Sign In”, “Log In”, "Continue," or an equivalent button, you affirmatively execute a clear, unambiguous action confirming that you have read, understood, and agreed to our data practices and policies.
By continuing to interact with our Platforms, or by using any of Alaan’s services, you hereby agree that you have provided your explicit and informed consent to be bound by this Policy and to the collection, storage, and processing of your personal data as outlined in this Policy.
Please note that if you are a customer or a prospective customer and do not agree to the terms of this Policy or decline to check the box, the onboarding process will be halted, and no personal data will be collected or stored by Alaan.
2. The basis for collecting your data.
2.1. Legal obligation
We have to collect and use some of your data to comply with laws to which we are subject. This is called a 'legal obligation'.
2.2. Legitimate interest.
This means we can collect and use your data for legitimate business objectives pursued by Alaan, in a way that most people would think was reasonable. For instance, if you signed up to Alaan and gave us your email address, you might reasonably assume we'd use it to update you about your account activity.
3. Purpose
This Privacy Policy aims to provide you with some helpful information regarding our use of your personal data and to help you understand the rights you have in connection with your personal data. This Privacy Policy informs you of our policies regarding the collection, use and disclosure of Personal information when you use our Platform and/or services. We will not use or share your information with anyone except as described in this Privacy Policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible at https://www.alaan.com/terms-and-conditions.
4. What is personal data?
Personal data is widely defined by United Arab Emirates law and includes all types of information that directly or indirectly can identify a natural person. This means that name, address, phone number are considered personal data, but that log data, encrypted data or other types of electronic ID such as an IP-Address can also be classified as personal data, if they can be connected to a natural person.
5. What is processing of personal data?
Processing is similarly defined very widely by United Arab Emirates law and includes almost every action taken in relation to personal data - for example collection, registration, organization, structuring, storage, adaption, transfer or deletion.
6. Types of data, purposes of processing and lawful basis for processing.
6.1. Customers, representatives and authorised users/cardholders of Alaan’s customers(collectively referred to as “Customers”).
Categories of personal data we may collect/process: Identity documents (KYC/KYB data), business contact info, transaction history, card spend limits, receipts, invoices, system login credentials or such other related information.
Specific Retention Period: Five (5) years from account closure or transaction completion, or as may be required under applicable laws.

6.2. Leads, website visitors, individuals interacting via webchat, emailing or telephoning our support (collectively referred to as “Users”).
Categories of personal data we may process: Name, address, position, business phone number, email or such other equivalent or related information, location data, behavioural patterns, personal preferences, IP-number, cookie identifiers (, unique identifier of devices you use to access and/or use the services or our websites or Platform.
Where users manage their cookie preferences, including submitting an opt-out request or selecting the “Reject All” option through our cookie banner, Alaan will process such preference and provide confirmation that the cookie preference has been successfully updated.
Specific Retention Period: Five (5) years from account closure or transaction completion, or as may be required under applicable laws.

6.3. Prospects and referrals.
Categories of personal data we may process: Name, address, position, business phone number, email or equivalent or such other related information, location data, behavioural patterns, personal preferences and IP-number you use to access and use the services or our Platforms.

6.4. Vendors, suppliers, and other external service providers (“Service Providers”)
Categories of data we may process: Corporate contact details of account managers, signed corporate contracts, purchase orders, vendor bank details for payment processing, and corporate tax information.
Specific Retention Period: Corporate and transaction-related vendor records are stored for a minimum of five (5) years, or as may be required under applicable laws.

6.5. Employees and Potential Candidates.
Categories of personal data we may process: Name; Address (if provided); Phone Number; Email or equivalent, CVs, employment history, academic qualifications, national identification (Emirates ID/Passport/Visa details), payroll/bank account data, tax designations, performance evaluations, and emergency contact details .
Specific Retention Period: Candidate data is retained for twelve (12) months with consent. Active employee files are retained for the duration of employment plus an additional period as may be required under applicable laws.

7. What personal data does Alaan collect from third parties?
We process personal data obtained from selected third parties such as fraud detection agencies, other financial institutions and other information providers, and from publicly available sources including population registers, company registration offices, enforcement authorities, as well as services such as LinkedIn.
Other external resources from which we may collect information are sanctions lists and other commercial information providers providing information on e.g., beneficial owners and politically exposed persons.
8. How Alaan uses information.
We use information for business and commercial purposes in accordance with the practices described in this Policy. In addition, Alaan uses information to operate our services as follows:
- Providing and Maintaining Our Services, Platforms and Business. To provide, operate and manage our services, Platforms and other parts of our business, including to perform customer validation and enable you to use cards and our other payment tools, verify financial information to establish spend limits, prevent or address technical issues and disruptions, and analyze and monitor usage and activities.
- Communicating with You. To send you notices, updates, security alerts, information regarding changes to our policies and terms, and support administrative messages.
- Security and Fraud Prevention. To maintain the safety and security of our business and manage risk, including identifying and troubleshooting any issues with the services, investigating suspicious activity, detecting and preventing potentially fraudulent or unauthorized transactions and breaches of policies and terms, and threats of harm, including in an automated fashion.
- Legal Obligations and Enforcing Our Rights To fulfill legal, regulatory and contractual obligations, including when cooperating with government authorities, courts and regulators in accordance with applicable law, maintaining records to demonstrate compliance with applicable law and regulation, protecting our legal rights and pursuing remedies available to us.
- Developing and Improving Our Business. To make the services and other aspects of our business as useful as possible for customers, including by improving and expanding our products and operations. For example, we may develop or improve services by analyzing how you use features, the documentation you submit or information associated with your transactions.
- Auditing and Research. To conduct internal reporting, auditing, and research, including focus groups and surveys.
- Marketing and Advertising. To develop, send and measure advertising, direct marketing, and communications about our products, offers, promotions, rewards, events, and services. We may also use information to engage in personalized advertising, including Interest-based Advertising (discussed further below in the "Analytics and Advertising" section).
- Generating Aggregate or De-identified Information. To develop de-identified information by removing or masking information that could be used to identify you and by aggregating or combining information with other information.
- At Your Direction. To fulfill any other purpose at your direction, including as expressed through your or your Company's use of services functionality.
- With Notice to You and Your Consent. We may otherwise use the information we collect after providing notice to you and obtaining your consent.
Notwithstanding the above, we may use information that does not identify you for any purpose permitted by law or contractual obligation applicable to us.
9. Ways we will never use personal data.
We will never use your personal data for any other purposes than those listed in this Privacy Policy. The only exception being if we obtain your written consent, or inform you of a new purpose for processing that is also compatible with the original purpose for which we collected the personal data, in accordance with applicable laws and regulations. We will not share personal data with third parties for them to use for their own marketing purposes without ensuring that there is a lawful ground to do so. We do not sell your personal data to third parties.
10. Policy regarding sharing of data with third parties.
10.1. Third party service providers.
Where necessary to provide our services we may disclose personal data about you to identify you and perform an assignment or agreement with companies that we cooperate with in order to perform our services. These services include, but are not limited to, secure identification solutions and between parties in the financial system such as banks. Our designated banks and relevant card networks may also come to process your personal data for their own fraud prevention and risk management.
10.2. Authorities.
We also disclose personal data to authorities to the extent we are under a statutory obligation to do so. Such authorities include tax authorities, police authorities, enforcement authorities and supervisory authorities in relevant countries. We may also be required to provide competent authorities information about your use of our services, e.g., revenue or tax authorities, as required by law, which may include personal data such as your name, address and information regarding card transactions processed by us on your behalf through your use of our services.
11. Security and integrity.
We take security seriously. We always process personal data in accordance with applicable laws and regulations, and we have implemented appropriate technical and organizational security measures to prevent that your personal data is used for non-legitimate purposes or disclosed to unauthorized third parties and otherwise protected from misuse, loss, alteration or destruction. The technical and organizational measures that we have implemented are designed to ensure a level of security appropriate to the risks that are associated with our data processing activities, in particular accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your personal data including access control to premises, facilities, systems and data, disclosure control, input control, job control, availability control and segregation control.
12. Storage of personal data.
We will not process personal data for a longer period than is necessary for fulfilling the purpose of such processing during the tenure of our relationship with you and as set out in this Privacy Policy. Your personal data will be anonymized or deleted once it is no longer relevant for the purposes for which it was collected. Notwithstanding any request for the deletion of personal data or the withdrawal of consent, please note that Alaan is bound by strict regulatory obligations in the United Arab Emirates. To comply with the regulations of the Central Bank of UAE and applicable financial and anti-money laundering laws, Alaan is legally required to securely store your personal data, corporate onboarding records (including KYC documents), and transactional data. All such data will be maintained for a minimum period of five (5) years from the date your account is closed, the business relationship is terminated, or the specific transaction is completed, provided an extension of the same is not mandated by the relevant regulatory authorities or applicable laws. This regulatory retention period overrides any requests for premature data erasure or consent withdrawal. Once this five-year statutory period expires, your data will be permanently deleted or securely anonymized.
We securely store, log, and maintain verifiable records of the consent you provide during onboarding or through your engagement with our Platforms or services. These records include the timestamp of consent and the specific mechanism used to secure such consent.
Consent logs are maintained systematically for regulatory compliance, legal accountability, and auditing purposes in strict accordance with applicable data protection laws and the regulations of applicable governing bodies. Upon the withdrawal of consent or termination of your relationship with us, we may retain such consent records for a legally permissible period, which shall not be less than a period of five (5) years, to demonstrate regulatory compliance and to defend against potential legal, regulatory or financial claims.
13. Your Rights and Options.
You hold full ownership of your personal data and have the the following rights you can exercise at any time regarding the personal data we process:
- Right to Access: You have the right to request and obtain detailed information from us regarding our processing of your personal data including the types of your data being processed, the purposes of processing, with whom data is shared, and such other related information.
- Right to Rectify: If any of your personal or corporate information changes, or if you spot an error in our records, you have the right to request that we update or correct it.
- Right to Erase: You can ask us to delete your personal data from our systems. Please note that if we are legally obligated to keep your data to comply with financial regulations, we will be required to retain said data until said statutory window closes.
- Right to Object or Stop Processing: You have an absolute right to opt-out of your data being used for direct marketing, statistical surveys or if the processing violates applicable data protection laws..
- Right to Restrict Processing: You can request that we restrict or temporarily halt the processing of your data if you are disputing its accuracy or objecting to how it is being handled.
- Right to Data Portability: You have the right to receive your personal data from us in a structured, electronic, and commonly used format so you can easily transfer it to another service provider.
- Right to Withdraw Consent: You have the right to withdraw your consent to us processing your data at any time.
To exercise your right to access, opt-out, correct, restrict, or request the deletion of your data, please write to us at support@alaanpay.com from your registered email address. We will verify your identity to safeguard your account and provide a response or confirmation of your request within thirty (30) days.
14. Change to our Privacy Policy.
Any changes we make to our Policy will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Policy.
15. Contact.
Questions, comments and requests regarding this Policy are welcomed and should be addressed to support@alaanpay.com. Additional communication channels can be found at www.alaan.com/help.
.avif)

