1.1. “TG” or “the Company” means Tarabut Gateway Group, its affiliates, and subsidiaries.
1.2. “Client” or “End-User” in certain instances may be a visitor to the Company’s site, a customer that is an individual, or a corporate customer (Bank, Merchant, FinTech, etc.) or a user of the Company’s products and services.
1.3. “Staff or Applicant” means any individual who currently holds an employment contract with TG (either part-time or full-time) or an individual that applies for a job opportunity.
1.4. “Developer” means an entity or an individual person accessing or using TG’s Developer Portal under their sole discretion or on behalf of another entity.
1.5. “Developer Portal” means the development and sandbox environment that is provided by TG.
1.6. “Data Subject” means the Client, End-User, Staff, or Applicant who owns the data.
1.7. “Data Provider” means the Data Subjects, collectively, which consensually provide their personal data to TG.
1.8. “Services” means account information services (AIS), payment initiation services (PIS), or developer portal services – open banking-related services.
2.1. TG as a Group of regulated and licensed entities in various jurisdictions aims to build a new world of financial services in the MENA region through its Open Banking services (AIS/PIS).
- Application and acceptance
- Personal Data
5.1. Data providers must refer to Appendix A for details on the type of personal data TG collects and the purpose of data processing.
5.3. TG will collect and process information for legitimate purposes and:
- not use the information in ways that have unjustified adverse effects on the data providers,
- be transparent about how TG intends to use the information and provide notification of the same,
- handle the information only in ways the data providers would reasonably expect; and
- not commit any unlawful act with the collected information.
- Collection of Data
6.1. TG collects Personal Data as stated in Appendix A in the following manner:
- For AIS/PIS end-users, TG collects the Personal Data obtained from the Account Servicing Payment Services Providers “ASPSPs” (i.e., any payment service provider, such as a bank or a credit card issuer that maintains an online payment account on behalf of the End-User).
- For Clients, TG collects Personal Data from the Know Your Business “KYB” form and supporting documentation, email correspondences, and information provided during project execution or through third-party sources.
- For a visitor to TG’s website, Personal Data is collected when subscribing to the newsletter or through the ‘contact us form.
- For Staff, TG collects Personal Data during the recruitment process and performance reviews either from the Staff, third-party application/process, or is created by TG in course of the recruitment process after obtaining Staff explicit consent.
- For an Applicant, TG collects Personal Data through social media platforms, other recruiting portals, email correspondence, information provided by the Data Subject via email and through TG career page in its website.
- For a Developer, TG collects Personal Data during registration to the Developer Portal.
- manage, develop, operate, improve, deliver, maintain, and protect its services
- communicate by all means of communications, including by email (for example, to exchange information about its services and promotional offers that it thinks may interest data providers)
- monitor, analyse trends and usage
- enhance the safety and security of services
- verify Client or End-User identity and prevent fraud or other unauthorized/illegal activity
- verify accounts, records, and information
- satisfy governmental agencies’ requirements
- manage the data and data bank
- Retention of Data
7.1. TG will not retain the Personal Data for longer than necessary.
7.2. TG defines the length of the Personal Data retention period after considering the following factors:
- TG’s contractual obligations and rights in relation to the Personal Data involved (including the Terms and Conditions provided when utilizing services)
- Legal obligations and legal retention period as defined in the applicable Data Protection Laws
- Whether TG has relied on the Client and End-User consent to use the Personal Data, but the consent has been later withdrawn
- TG’s legitimate interests
- Fraud and risk management
- Potential disputes, and guidelines issued by relevant data protection authorities
- Data Provider data will be held in the country in which they reside.
- For Staff and Applicants data will be held in the country in which they reside in and / or shared with sub-processors for reasons mentioned in clause 8.
- Sharing of Data
8.1. By utilizing TG’s AIS/PIS services as an ‘End-User’, the Personal Data will be shared with the Client (as applicable).
8.2. If TG gets involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of its business to another company, TG may share the data provider’s information with that company before and after the transaction closes.
8.3. TG may also share the Personal Data during the occurrence of the following circumstances with due regard to the personal data protection rights of the data providers and post adequate clearance from legal:
- If TG reasonably considers that it is under a duty to disclose or share personal data to comply with any legal obligations.
- To protect the rights, property, or safety of the data providers, TG, TG’s affiliates, or subsidiaries.
- To another company in the Group, if this is necessary to ensure continuity in the provision of services to the data providers or to reflect any business reorganization or expansion that TG may engage in from time to time.
8.4. TG shares Staff’s personal information with third parties (employment agencies, background checks, online test providers, credit reference agencies, regulators, and competent authorities) for the purposes of processing applications. TG will also share personal data with its affiliates and subsidiaries for the purposes of administration, accounting, and reporting purposes.
- International Transfer of Data
9.1. TG might transfer the Personal Data overseas (as needed) and will strive to ensure that the country the data is being transferred to, is a country or territory which has equivalent or higher personal data protection laws and if required the Data Protection Authority approval will be sought.
9.2. In cases where data may need to be transferred to countries with no equivalent or no personal data laws, TG’s Clients will be notified, and the appropriate safeguards will be deployed to ensure the security of the data being transferred.
9.2. The Staff and Applicants hereby consents for its data to be transferred to sub-processors mentioned in clause
- Accuracy and Security of Data
- Data Protection and Confidentiality
11.1. TG understands that the information collected and shared by data providers contains sensitive data. Therefore, TG undertakes its role to protect the information very seriously. TG also provides high-quality security programs on its services based on high industry standards and implements best practices and ensures its vendors (if applicable) provide the same. In addition, TG takes a strong defensive approach to countering cyber-attacks and securing information from unauthorized access or misuse.
11.2. Data providers acknowledge and accept, when utilizing TG’s services, that the provision of services may be susceptible to faults and technical difficulties. As such, TG cannot guarantee a fault-free service. If any information subject to TG’s control is attacked by a cyber-attack as a result of a security breach, TG’s policy is to take reasonable steps to investigate the situation and to communicate with and compensate the affected data providers provided that the issue at hand is resolved by TG as soon as practical.
11.3. TG will maintain the confidentiality of the data providers’ information and assure secure processing of this information including without limitation how such information is accessed, stored, disseminated, and destroyed.
- Notification of Breaches
12.1. TG undertakes that it will immediately notify its Clients of any breach, hack, leak, cyberattack, or otherwise to the information provided and will take the necessary measures and precautions to remedy the such issue.
12.2. TG undertakes that it will process information in a manner that ensures data security using appropriate technical and organizational measures to protect against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
12.3. TG shall not request any sensitive or private information via text message or through any other form of social network communication. TG shall contact the data provider directly via the contact information provided in the event of suspected or actual fraud or security threats.
- Data Subject Rights
The Data Subject rights, as permitted by law are as follows:
13.1. Right to access: the right to request TG to view the personal information and the purpose for which it is intended and disclosed. Also, the right to request the nature of personal information collected.
13.2. Right to object to processing: the right to request TG to cease processing of personal data for direct marketing purposes and processing causing material or moral damage to the Data Subject or Others.
13.3. Right to rectification, blocking, erasure: the right to request TG to rectify, block or erase personal data when the processing of such data is in breach of the law.
13.4. Right to opt out: the right to choose to opt-out of TG’s communication and mailing services at any time.
13.5. Right to withdraw consent: the right to revoke consent for continuous personal data processing subject to notifying TG through email mentioned in clause 18.
13.6. Right to complain: the right to inquire, complain and provide feedback.
13.7. Should the Data Subject wish to utilize its rights, you are requested to kindly do so by sending an email to TG Complaints Officer (refer to clause 18). The rights of Data subjects will be exercised by TG free of charge and within a period not exceeding 15 working days of receiving such request.
13.8. TG may reject a request if the Data Subject misuses his right in obtaining information.
- Communication and Mailing Services
14.1. By utilizing TG’s Services, subscribing to the newsletter, or applying for a job through a social media channel/portal, the data providers hereby consent to receive communication from TG, and its affiliates, in the form of, but not limited to, emails, newsletters, and advertisements.
14.2. TG may engage with third-party providers during direct marketing. In such cases, TG will ensure third parties maintain confidentiality and security measures for Data Subject’s data.
14.3. Data providers may choose to opt-out of such communication and mailing service at any time, subject to TG’s prior notification.
- Third-Party Privacy Policies
- TG shares Staff and Applicant data with the following third parties for further processing:
Purpose of Processing:
Employee’s background screening
Managing employee interviews, hiring process.
Managing employee’s onboarding
Managing employee’s profile information
- Regulatory Compliance
17.1. Any services provided by TG shall only be offered in jurisdictions where TG lawfully obtains a regulated license to operate and are not intended for use in jurisdictions that restrict those services.
19.1. To provide any compliment, lodge complaints, or exercise your rights, please send an email to firstname.lastname@example.org or call the Complaints Officer at +973 17449999.
19.2. For any queries or requests raised by employees or job applicants, please send an email to email@example.com.
Appendix A – Personal data
Type of personal data collected
Purpose of processing
If you are TG’s Client (Bank, Merchant, FinTech, etc.)
On-boarding information (KYB), incorporation documents, shareholders identities, contact details, financial statements, other supporting documents (as applicable).
To conduct due diligence that TG is legally required to undertake to ascertain Client fits regulatory requirements and passes background checks (criminal checks, etc.)
If you are an End-User of the AIS service
Account details: account balances, details, statements, transactions, beneficiary, standing order details, etc.
Other: personal data registered on the account such as name, contact details, phone number, email, and customer identifiers such as ID information (as applicable).
To successfully deliver the AIS Service.
If you are an End-User of our PIS service
Transaction details: (merchant ID, payee identity / payer bank, bank account number (IBAN), transaction reference ID, transaction amount, account names, various other IDs to uniquely identify a transaction, status of transaction) which will also be shared with the merchant / payee for transaction recording, enabling subsequent payments and initiating refunds (if required)
Customer experience data: user journey details, location, device type, IP address, telecom carrier, OS version, etc.
Other: Name, contact details, email, phone number, customer identifiers such as ID.
To successfully deliver the PIS Service and monitor customer experience for analytical purposes.
If you are an End-User of our AIS/PIS service and have raised a complaint, query, or wish to exercise any of your legal rights etc.
Name, email address, supporting information/ documents (nature of the complaint, query, transaction record, etc.)
To conduct the investigation that is required to resolve any issues faced.
If you register to the Developer Portal
Sign up phase: Email id, first name, last name, company name, phone number (optional)
Registration phase: Customer company name, customer contact name, customer contract email, account email, sandbox clientid, merchant/client logo, beneficiary account (for PIS) beneficiary account holder name (for PIS), merchant category (for PIS) and maximin transaction limit (for PIS)..
To ensure a seamless user journey for utilizing TG products and services.
If you are visitor to TG’s official website
First name, last name, business email, job title, company name, company industry, country, phone number (optional), unique message
To provide updates on TG’s activities, services, and products;
To share details with sales team to get in-touch;
to record the marketing preferences and any feedback or responses for the purposes of improving our services.
If you are a part of TG’s Staff
Information provided in curriculum vitae, application form, covering letter and during the interview process including: your name, date of birth, age, gender, home address, personal email address, education, qualification and work experience details, and references. Information collected or created by us during the recruitment process including interview notes, test scores and correspondence between us. Information about criminal convictions: we carry out background checks as part of the recruitment process. Sensitive information like your racial and ethnic origin information and information relating to disabilities, religious beliefs or sexual orientation, marital status for visas, physical or mental health information and immigration/naturalization records (if this discloses racial/ethnic origin information
Necessary to enter an employment control; to comply with a legal or regulatory obligation; have a legitimate interest to ensure the effective administration and management of the recruitment process; ensure TG hires suitable individual for a role; deal with disputes and accidents and take legal or other professional advice; and ascertain Staff fitness to work. Special category data is processed to consider the need to provide appropriate adjustments during the recruitment process and to ascertain fitness to work for equal opportunity monitoring purposes. Criminal conviction information is processed to assess suitability for a regulated role; to protect interests, because it is necessary in relation to legal claims. TG is allowed to utilize Staff personal information where it is necessary to carry out employment rights and obligations.
If you are an applicant
Name, contact details, email address, cover letters, and information included in curriculum vitae.
To verify adequacy of applicant for a job opening.