PayLater’s Privacy Policy

1. PayLater Services

1.1 This Privacy Policy (“Policy”) describes the practices PayLater Website Services W.L.L (“PayLater”, “we”, “us”) adopted with respect to processing your Personal Data (as defined below) (“you”, ”your” or “User”) including the collection, use, storage or disclosure of Personal Data when you visit our Platform, download our app, apply for and use your PayLater Account or our Platform, or otherwise interact and engage with us in relation to our Platform, customer products, features, and Services.

1.2 Partners, retailers, online marketplaces, and suppliers that PayLater interacts with are independent of PayLater and responsible for their own privacy policies and practices. This includes, content on their websites or app, and products or services provided. Please refer to their privacy policy or reach out directly to these third parties for further information.

1.3 Please read the following carefully to understand our views and practices regarding your Personal data and how we will treat it.

1.4 By using our Services, you acknowledge you have read and understood this, Policy.

2. DEFINITIONS

“Account” shall mean your PayLater Account set up in accordance with the PayLater Terms and Conditions.

“Affiliates” shall mean PayLater or any other entity that, directly or indirectly,through one or more intermediaries, controls, is controlled by, or is under common control with PayLater.

“BNPL Regulations” shall mean the Buy Now Pay Later Regulations issued by the Qatar Central Bank.

“Company” or “Companies” shall mean any corporation(s), limited liability company or companies, partnership(s) or other similar entities.

“Law” shall mean Law no. (13) of 2016 on Protecting Personal Data Privacy</span> of the State of Qatar, as amended from time to time or any other law applicable in the territory of Qatar.

“Non-Personal Identification Information” shall mean any non-personal information collected from Users pursuant to their interaction on the Platform, including but not limited to the browser name, the type of computer and technical information about Users means of connection to the Platform such as the operating system, the Internet service providers utilized and other similar information.

“Personal Identification Information" shall mean any information that identifies or can be used to identify, contact or locate the person, to whom such information pertains including, but not limited to, when Users visit the Platform, register, conclude a transaction, respond to a survey, fill out a form, and anything else in connection with other activities, services, features or resources we make available on the Platform. Users may be asked for Personal information including, but not limited to name, email address, phone number and residential address disclosed by you in relation to the services provided by us. PayLater will collect Personal Identification Information from Users only if they voluntarily submit such information to us. Users can always refuse to supply Personal Identification Information, except that it may prevent them from services provided by us. For the purposes of this Policy, Personal Identification Information and Non-Personal Identification Information shall together be referred to as "Personal Information".

“Personal Data” shall have the meaning attributed to that term under Law no. (13) of 2016 on Protecting Personal Data Privacy of the State of Qatar, as amended from time to time.

“Personal Data” shall have the meaning attributed to that term under Law no. (13) of 2016 on Protecting Personal Data Privacy of the State of Qatar, as amended from time to time.

“Services” shall mean the services in terms of various training programmes provided by PayLater and/or its Affiliates.

"Third Party" shall mean any person or entity other than you or us.

“<span style="font-weight: bold;">Terms and Conditions</span>” shall mean the Terms and Conditions for PayLater,available at [•].

“Territory” shall mean the State of Qatar.

“Users” or “you” shall mean users, visitors, customers, prospective customers who avail or will avail the services provided by PayLater.

3. PERSONAL DATA WE COLLECT ABOUT YOU

3.1 We collect and process Personal Data about you in the following ways:

(a) when you provide it to us directly;

(b) when we gather Personal Data while you are using our Services, including through cookies and similar technologies; or

(c) when we collect Personal Data from other third party sources.

3.2 You hereby accept to provide us with the following categories of information about you through the use of our Platform:

(a) basic contact information, such as your first and last name, email address, phone number, home address, as well as billing and shipping details (“Contact”);

(b) additional information you provide, including your photo, gender, date of birth,and Personal Data in or about the content you provide (“Identity”);

(c) records of any correspondence and communications if you contact us, including information you supply if you report a problem with our Platform to us. This covers information we learn about you from (“Communications”):

(i) letters;

(ii) emails;

(iii) text’s, in-app messaging and other digital messaging; and

(iv) calls (“Communications”).

(d) technical information such as the Internet protocol (IP) address, login information, browser type and version and, browser plug-in types and versions, device settings (e.g. language, time zone), device or similar IDs, operating system and Platform, hardware version, mobile operator or ISP (“ Technical Information”);

(e) location data including specific geographic locations (such as through GPS,Bluetooth, or Wi-Fi signals) which we use to provide location services (if you ask or permit us to), so that we can deliver content, advertising or other services that are dependent on knowing where you are, like checking for fraudulent transactions (“Location Data”);

Please note that Location Data may be collected in combination with device ID, so we can recognise your mobile browser or device when you return to the Service; and

(f) information regarding your activities within our in-app browser. This includes tracking the URLs you visit while using the in-app browser. This data helps us understand your preferences and improve your user experience.

3.3 PayLater does not access, collect or store your payment information. Transactions conducted on the Platform are facilitated by our payment gateway providers specific to each country. Transactions conducted on the Platform are facilitated by our payment gateway providers specific to each country. Payment information you furnish will undergo encryption using secure sockets layer (SSL) technology prior to transmission to us online. This information falls outside our purview and is governed by their respective Privacy Notices and terms and conditions. Our liability in this sense is limited to the Personal Data we collect and process.

3.4 We may receive information about you from other organisations and our payment processor, including:

(1) (a) credit score and insolvency information, from our third party credit score providers and identity verification providers. PayLater will assess and keep your PayLater credit limit (“Credit Information);

(b) we use a third party service to verify who you are. You will be asked to provide them with an appropriate form of government ID (Qatar ID). Your use of this service is regulated by that organisation's own terms and privacy policy (“Verification Details”);

(c) advertisers may share technical information and information about your visits with them, including your experiences or interactions with them.

4. USE OF YOUR PERSONAL DATA

4.1 If you browse our Platform, we use automatically collected information to(“Automatically Collected Information”):

(a) understand how Users use our Platform, and how we can improve it;

(b) ensure content from our site is presented in the most effective manner for you and for your computer; and

(c) provide you with the information, products and services that you request from us or we think you may be interested in.

4.2 If you create and use your account with us, we use your Contact, Identity, Log- in,financial data, Credit Information, Verification Details and Automatically Collected information to:

(a) create and administer your account with us;

(b) verify your identity (including appropriate screening processes);

(c) conduct credit checks, and receive results from our third party credit check providers;

(d) verify and carry out financial transactions in relation to payments you make online/through the Platform;

(f) identify you when you sign-in to your account and give you appropriate access to our Platform (in accordance with your agreement with us);

(g) enforce or apply our terms or other agreements with you; or

(h) notify you about changes to our service.

4.3 When you contact or engage with us, we use your Contact, Identity, Log-in, financial data, Credit Information, Verification Details and Communications information for customer support, which includes reaching out to you if you've requested assistance, be it troubleshooting problems or addressing any concerns related to our Platform.

Our dedicated team is committed to providing you with the information, products, and services you require, ensuring that your experience with us is seamless and satisfactory. Whether you need guidance, assistance, or simply have inquiries, we are here to help and ensure your needs are met effectively.

4.4 If we share marketing or advertising with you, we may use your Contact and Automatically Collected information to:

(a) provide you with promotional update communications by email, SMS, in-App alerts, and phone about our services about goods or services we feel may interest you;

(b) contact you for your opinions about our Platform, including through surveys and other market research;

(c) understand how you use and interact with our services and the things you're connected to and interested in;

(d) provide you with personalised recommendations, promotional updates and marketing to improve your experience with our Platform; or

(e) measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.

4.5 When we maintain and improve our Platform, we may use your Account,Communications and Automatically Collected information (including Location data) to:

(a) administer our Platform and services and for internal operations, including audits, troubleshooting, data analysis, testing, research, statistical and survey purposes;

(b) evaluate and improve our products, services and Platform, including developing and testing new features;

(c) keep our Platform safe and secure;

(d) to detect and protect against error, fraud or other criminal activity;

(e) improve our Platform to ensure that content is presented in the most effective manner for you and for your computer, and to alert you to any hardware or software incompatibility issues; or

(f) allow you to participate in interactive features of our service, when you choose to do so.

4.6 Without prejudice to any of the provisions of the Law, we process your Personal Data, under the following legal bases:

(a) data / Information collected either from you or through a third party are included in the virtue of Article (2) of the Law;

(b) our processing is necessary to perform our obligations under a contract with you or to perform steps requested by you prior to entering into a contract with you (e.g., to verify the information you have provided to us and provide the Services to you);

(c) our processing is necessary for our legitimate interests, including to protect the security our Services; to protect the health and safety of others; to establish, protect and defend our legal rights and interests; to prevent fraud and verify identity and authorization of Users; to Personalize User experiences and content; to understand and analyse usage trends; and to improve the Services; and

(d) <span style="font-weight: bold;">Legal Compliance:</span> Where our processing is required to comply with applicable law (for example, to maintain your payment transaction history for tax reporting purposes).

5. DISCLOSURE OF YOUR INFORMATION

5.1 We may share and/or collect your Personal Data:

(a) with any member of our group (which includes our Affiliates, subsidiaries and our ultimate holding company and its subsidiaries, who support our processing of Personal data under this Notice, who we support in processing your Personal data, or who we otherwise share your Personal data with;

(b) for our legitimate reasons, including (without limitation to)

(i) run, manage, operate and develop our Platform;

(ii) sending you administrative messages and information, including messages from our trainers, notifications about changes to our Service; and updates to our agreements;

(iii) sending you information, such as by email or text messages, about your progress in the courses and related content, rewards programs, new services, new features, promotions, newsletters, and other available Services (which you can opt out of at any time);

(iv) facilitate the Services’ technical functioning, including troubleshooting and resolving issues, securing the Services and preventing fraud and abuse;

(v) carry out research and statistical analysis;

(vi) carry out marketing and business development;

(vii) verify the identity of Users, applicants and others with whom we interact;

(viii) confirm authorization of Users that access and use the Services and Platform;

(ix) for internal administrative and auditing purposes; and

(x) improve our Services and develop new products, services, and features.

(c) with selected third parties which include:

(i) entities that handle your Personal Data under our direction and in compliance with data protection regulations. This encompasses aiding the services we provide via the Platform, such as website and data hosting, fulfillment, communication distribution, marketing list maintenance, feedback facilitation, and occasional IT support. These entities, which may comprise third-party suppliers, agents, subcontractors, or affiliates, will utilize your data solely to fulfill their supportive roles;

(ii) advertisers and advertising networks may utilize data to tailor and deliver pertinent advertisements to you and other users. While we do not reveal identifiable individual information to advertisers, we may furnish them with collective data about our user base. We may leverage the Personal data obtained from you to fulfill advertisers&#39; requests by presenting their ads to the intended audience, in accordance with the cookie provisions outlined in this Policy;

(iii) business partners and merchants who offer services to you and with whom we've established agreements regarding the handling of your Personal Data. Upon request, we can furnish a list of these partners.

(iv) Qatar Credit Bureau for evaluating your creditworthiness and assess your credit score, both during the account setup process and continuously thereafter. This assists us in determining product suitability, verifying your identity, managing your account, debt tracing and recovery, as well as preventing fraudulent activities. Throughout your usage of our services, we maintain information exchange with the Qatar Credit Bureau concerning your account status, settled accounts, and any outstanding debts. These agencies may also share your information with other entities. Additionally, your data may be associated with that of your spouse, joint applicants, or other financial associates;

(v) payment processing providers who provide secure payment processing services;

(vi) debt collection agencies, should your account fall into arrears, in order to collect the amount you owe us from you;

(vii) any person to whom disclosure is necessary to enable us to enforce our rights under this Policy or under any agreement we have with you, or to protect our rights or the rights of third parties. This includes exchanging information with law enforcement agencies (including regulators) or other similar government bodies;

(viii) in instances where mandated by a court order or when obligated to disclose or distribute your information to adhere to any legal obligation, we will do so accordingly; and

(ix) if we engage in the sale or acquisition of any business or assets, we will disclose your Personal data to the potential seller or purchaser.

(d) we may also use or disclose information if required to do so by law or in the good-faith belief that such action is necessary to (a) conform to applicable law or comply with legal process served on us or the Services; (b) establish, protect and defend our rights or property, the Services or our Users, including to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms and Conditions, other agreements or policies, or as evidence in litigation in which we are involved; and (c) act under emergency circumstances to protect the Personal safety of us, our affiliates, agents, or Users of the Services or the public. This includes exchanging information with other companies and organizations for fraud protection;

(e) as we continue to develop our business, we may seek to buy, merge, or partner with other companies. In such transactions, (including in contemplation of such transactions) user information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third party, Personal Data would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.

6. WHERE DO WE STORE YOUR INFORMATION

6.1 We are based in the Territory and therefore, all information collected by us is stored in the Territory.

6.2 However, subject to the Law and BNPL Regulations, we may transfer your information outside the Territory. If we do, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism, and that it is treated securely and in accordance with this Privacy Notice.

6.3 We may transfer your personal information outside the Territory:

(a) in order to store it;

(b) in order to enable us to provide goods or services to you and fulfil our contract with you. This includes order fulfilment, processing of payment details, and the provision of support services;

(c) in order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.

7. HOW DO WE PROTECT YOUR INFORMATION

7.1 All the information you provide us with will be secured and safely stored on both our paper and digital records. We shall exercise utmost care and caution with respect to maintaining the confidentiality of all of your information. We take appropriate measures, including administrative, technical, and physical safeguards, to protect your Personal Data from loss, theft, and misuse, and unauthorized access, disclosure, alteration, and destruction. The internet is not a 100% secure environment, so we cannot guarantee absolute security of the transmission or storage of your information. We are an ISO 27001 compliant company and require our third parties to meet appropriate privacy and security standards when handling data on our behalf. Your Personal Data will be accessible by our employees, contractors and service providers who require access for the purposes described in this Policy.

7.2 We use various technical and management practices to help protect the confidentiality, security and integrity of data stored on our system. Once we have received your data we will use strict security procedures, data protection tools and anti-virus/hacking technology to prevent data loss or unauthorised access.

7.3 We strive to ensure the security, integrity and privacy of your Personal Data and Personal Data and to protect it against unauthorized access or unauthorized alteration, disclosure or destruction. We implement appropriate physical, electronic and managerial procedures to safeguard and help prevent unauthorized access and for the purposes of maintaining data security. Our payment gateway partners are compliant with the payment card industry standard (PCI standard) and also use SSL secured communication channels, encryption, passwords and physical security measures in order to protect the Personal Data and Personal Data of Users. However, we cannot guarantee absolute security as no method of protection and transmission of data is completely secure. We are also not responsible for any breach of security or for any actions of any Third Parties that receive your Personal Data. Notwithstanding anything contained in this Policy or elsewhere, we shall not be held responsible for any loss, damage or misuse of your Personal Data or Personal Data, if such loss, damage or misuse is attributable to any event that is beyond our reasonable control.

7.4 We employ various measures, encompassing physical, technical, and organizational precautions, to safeguard your Personal Data against unauthorized access, unlawful processing, accidental loss, destruction, and damage. All data you furnish us is securely stored on our servers, with any payment transactions encrypted using SSL technology. However, it's important to note that while we strive to protect your data during transmission over the internet, complete security cannot be guaranteed. Thus, any transmission to our Platform is undertaken at your own risk. Upon receiving your information, we implement stringent procedures and security features to mitigate unauthorized access. Additionally, our website may contain links to external sites, each with its own privacy policies, so we advise reviewing these policies before disclosing any Personal data. As part of our commitment to online safety, our Platform is designed for individuals aged 18 and above, and its use by minors is not permitted.

8. HOW LONG DO WE KEEP YOUR INFORMATION

8.1 We retain your Personal Data for as long as required to satisfy the purpose for which it is collected and used (for example, for the time necessary for us to provide you with customer service, answer queries or resolve technical problems), unless a longer period is necessary for our legal obligations or to establish, protect, or defend legal claims. Therefore, the provision of Article (5) of the Law is taken into account when objecting to PayLater’s retention of data.

8.2 We will retain Personal data for the duration of your account with us to fulfill our contractual obligations, and for an additional five years thereafter to address any potential issues and resolve legal matters. If you opt out of receiving promotional updates or object to any other processing of your Personal Data, we may maintain a record of your preference to ensure compliance with your marketing choices. Furthermore, we may retain aggregate information beyond this period for research purposes and service enhancement, with no possibility of identifying individuals from such aggregated data.

9. YOUR CHOICES

If you would like to update your preferences on the types of communications you receive from us, or opt out of marketing communications from us, you may do so at any time please note that we may continue to send non-promotional communications such as important notices, payment confirmations and transaction-related emails and other information about your use of the Services. If you would like to opt-out of marketing, you may also do so by emailing us your request at: _________.

10. RIGHTS OF ACCESS OF DATA SUBJECT

10.1 Subject to applicable law and as explained in this section, you may have certain rights with respect to the information we collect and process about you.

10.2 Access, Correction, Deletion and Objection Rights</span>: You may have the right to access, request correction and deletion of, and object to our use of your information. To exercise your rights, please contact us as set forth in the “Contact Information” section below. You may also access and modify much of the information that you have submitted either by telephone or email. In addition, we may retain certain information about you as required by law or as permitted by law for legitimate business purposes. For example, if you request that we delete your information, but we believe that you have violated our Terms of Use, we may retain information about you in order to attempt to resolve the issue before deleting it. Therefore, the provision of Article (5) of the Law applies.

10.3 If applicable, you may make a complaint to the privacy regulator or supervisory authority where you are based. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.

The Law entitles you the following rights:

(a) To obtain access to and/or a copy of certain information we hold about you;

(b) To obtain, in certain circumstances, a copy of certain information we of yours in a structured, commonly used and machine-readable format, and to ask us to transfer this to a third party of your choice;

(c) To request that we update your information we hold that is out of date;

(d) To request that we delete certain information we hold about you;

(e) To request that we restrict the way we process and disclose certain of your information;

(f) To revoke your consent for the processing of your information, to the extent our processing of your information is not based on another legal basis; and

(g) To object to certain processing of your information as follows:

(i) Right to object to direct marketing: you may object to our processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling). See “Your Choices” above for more info.

(ii) Right to object to processing (including profiling) based on legitimate interest grounds: in addition, where we are relying upon our legitimate interests to process information, you may object to that processing. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the information for the establishment, exercise or defense of legal claims. We will consider each case on an individual basis.

11. CHANGES TO THIS POLICY

We reserve the right to amend this Privacy Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology. If we make a material change to the Privacy Policy, you will be provided with appropriate notice in accordance with legal requirements. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Privacy Policy.

12. CONTACT US

You may exercise your rights or make a request regarding your information held by us, request further information about your legal rights under applicable law, or submit a complaint about our privacy practices by contacting us at any time, using the contact details set forth below.

We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, if we need to keep processing your information to provide services to you or to comply with a legal obligation. Moreover, you will not be permitted to examine the information of any other person or entity. We also may request you provide us with information necessary to confirm your identity before responding to your request.