WELCOME TO PEKO PRIVACY POLICY!

Last updated: October 4th, 2025

Peko Payment Services LLC and our affiliates ("Peko", “we”, “our”, and “us”) are dedicated to safeguarding your privacy and ensuring the protection of your Personal Data. We want to make sure you feel safe and comfortable using our services, so please take a moment to read through our Privacy Policy. This Privacy Policy outlines how we collect, process, and secure your Personal Data in accordance with the Federal Decree Law 45 of 2021 on Personal Data Protection("the Law") and its implementing regulations, as well as other relevant legislation. By using our products and services, whether on our website or mobile application or through any other means, you agree to this Privacy Policy. This Policy applies to all users in the UAE. For users located outside the UAE, additional or diﬀerent rights may apply under local laws.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be posted on our website with the revised eﬀective date. Continued use of our services after the updated Privacy Policy takes eﬀect constitutes acceptance of the changes.

It is important that the Personal Data we hold about you is accurate and current. You are responsible for ensuring that the Personal Data you provide to us is accurate and up-to-date. You may contact us at privacy@peko.one to update or correct your Personal Data. Please keep us informed if your Personal Data changes during your relationship with us. Personal data, or information about you, is anything that can identify you as an individual. But don't worry, we also deal with anonymous data where your identity isn't known.

Definition of Terms

Personal Data: Refers to any information concerning an identified or identifiable natural person, as defined by the Law. This encompasses a wide array of identifiers such as name, voice, picture, ID numbers, and various personal characteristics.
Aggregated Data: Refers to information that has been gathered and processed in a manner that obscures or removes any identifiers that could link the data to specific individuals via Personal Data. This type of data is typically used for statistical analysis, trend identification, or other analytical purposes. Aggregated Data does not contain any personal identifiers and therefore cannot be used to directly or indirectly to identify individuals.
Technical Data: Refers to information collected automatically during user interactions with the Platform. This includes data such as internet protocol (IP) addresses, login data, browser types and versions, time zone settings, browser plug-in types and versions, operating systems, and platform information. Technical Data assists in managing the Platform's functionality, optimizing user experiences, and ensuring cybersecurity measures.
Sensitive Personal Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, biometric or genetic data, health data, or sexual orientation. Processing such data requires explicit consent.
Data Subject: Any individual whose Personal Data is collected, processed, or stored by Peko.
Processing: Any operation performed on Personal Data, including collection, recording, storage, use, disclosure, or erasure.
Controller: Peko determines the purposes and means of processing Personal Data.
Processor: Any third-party engaged by Peko to process Personal Data on its behalf.

Applicability

This Privacy Policy applies to all individuals whose Personal Data we process, including users of our websites, mobile applications ("Platform"), and services, as well as data processed by our authorized service providers. We process Personal Data lawfully, fairly, and transparently, in accordance with the Law principles.

This Privacy Policy should be in conjunction with our Peko Platform Agreement and Cookie Policy. By utilizing our services, users acknowledge that internet transmissions are inherently susceptible to interception, and any information transmitted to our Platform may be subject to unauthorized access.

Our use of cookies and similar technologies is governed by our separate Cookie Policy, available on our website, which explains how you can manage your preferences.

Here's What You Need to Know

Peko is the Data Controller responsible for determining the purposes and means of processing your Personal Data in accordance with the Law and its implementing regulations.

This Privacy Policy explains how we collect, use, store, and disclose Personal Data when you interact with our Platforms, services, websites, and mobile applications, whether directly or through our authorized service providers. It also describes your rights under the Law and how you can exercise them.

This Privacy Policy should be read together with any other privacy notices, terms, or consents provided to you. It supplements but does not replace any such notices. By using our services, you agree to the collection and processing of your Personal Data as described in this Privacy Policy.

For any questions regarding this Privacy Policy or the processing of your Personal Data, or to exercise your rights under the Law, you may contact us at privacy@peko.one

Data Collection

Peko collects, uses, stores, and shares Personal Data in accordance with the Law its implementing regulations. All Personal Data is collected lawfully, fairly, and transparently for specified, explicit, and legitimate purposes, including the provision of our services, compliance with legal obligations, and enhancement of user experience.

When you open an account or use our services, whether directly, through a merchant partner, or via a third- party platform, we may collect the following categories of Personal Data:

Identity Data: Information that identifies you as an individual, including your name, username, date of birth, gender, and marital status.
Contact Data: Information to contact you, including your email address, phone number, and postal address.
Financial Data: Information required for payments and transactions, including bank account details, and payment card information.
Transaction Data: Records of your purchases, payments, and other interactions with our services.
Technical Data: Automatically collected information related to your devices and platform usage, including IP address, login credentials, browser type and version, operating system, device identifiers, time zone, location information, and other technology-related data.
Profile Data: Information about your preferences, interests, purchase history, username, and feedback.
Usage Data: Data on how you interact with our website, mobile applications, and services, including feature usage and service activity.
Marketing and Communications Data: Your preferences regarding receiving marketing communications and your preferred communication channels.

Aggregated Data: Data collected and processed in a manner that does not identify you as an individual, such as statistical information about platform usage. If Aggregated Data is later combined with Personal Data in a way that could identify you, it will be treated as Personal Data and protected under the Law.

Sensitive Personal Data: We do not currently collect Sensitive Personal Data, which includes information about racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health data, or genetic/biometric data. Should we require such data in the future, it will only be collected with your explicit consent in accordance with the Law.

Sharing with Third Parties: When you use our services through merchant partners or third-party platforms, your Personal Data may be shared with authorized partners solely for the purpose of providing the requested services. All such partners are required to process your Personal Data in compliance with PDPL standards and under our instructions.

Consequences of Not Providing Data: If you fail to provide Personal Data that is necessary to comply with legal obligations or contractual requirements, we may be unable to provide the requested service or fulfill our contractual obligations. In such cases, we reserve the right to suspend or terminate the relevant product or service, and we will notify you promptly if such action becomes necessary.

How is your Personal Data collected?

Peko collects Personal Data through a variety of methods in accordance with the law. All Personal Data is collected lawfully, fairly, and transparently, and only for specified, explicit, and legitimate purposes.

Direct interactions: You may provide Personal Data directly to us, including Identity, Contact, and Financial Data, when you:

Apply for our products or services.
Create an account on our Platform.
Subscribe to our service or publications.
Request marketing communications.
Participate in promotions, survey or competitions.
Provide feedback or contact us regarding our services.

Personal Data collected via direct interactions is processed on the basis of your consent, the performance of a contract, or compliance with legal obligations, as applicable.

Automated Technologies: When you interact with our Platform, we may automatically collect Technical Data about your devices, browsing actions, and usage patterns. This includes, but is not limited to:

IP addresses and device identifiers.
Browser type and version, operating system, and platform.
Login data, time zone, and location information.
Cookies and similar tracking technologies.

This data is collected for the purposes of operating and improving the Platform, ensuring security, detecting and preventing fraud, analyzing usage patterns, and optimizing user experience, and is processed in compliance with PDPL principles.

Where automated tools or third-party technologies (such as analytics or tracking providers) collect Personal Data, we obtain your explicit consent through our cookie banners, privacy prompts, or equivalent consent mechanisms before such collection takes place. You can manage or withdraw your consent for these technologies at any time through your browser settings or via the options available in our Cookie Policy.

Third parties or publicly available sources: We may receive Personal Data from authorized third parties or publicly available sources, including:

Technical Data from analytics providers, advertising networks, and search information providers.
Contact, Financial, and Transaction Data from providers of technical, payment, or delivery services.
Identity and Contact Data from data brokers, aggregators, or publicly available sources.

All third-party service providers are required to process Personal Data in accordance with PDPL standards, solely for legitimate purposes consistent with this Privacy Policy.

Sensitive Personal Data: We do not collect Sensitive Personal Data from direct interactions, automated technologies, third parties, or public sources. Should we require Sensitive Personal Data in the future, it will only be collected with your explicit consent in compliance with the Law

How We Utilize Your Personal Data?

At Peko, all processing is carried out lawfully, fairly, and transparently, and only for specified, explicit, and legitimate purposes:

Legal Basis for Processing: We process Personal Data on the following lawful bases:

Performance of Contract: To fulfill contractual obligations, or take steps prior to entering into a contract with you.
Legitimate Interests: For our legitimate interests or those of third parties, provided such interests do not override your fundamental rights and freedoms.
Compliance with legal obligations requires us to process your data.
Legal Obligation To comply with applicable laws, regulations, or legal requests.
Consent Where required, including for sending direct marketing communications via email, SMS, or other channels. You may withdraw consent at any time without aﬀecting other lawful processing.

Purpose of Processing: We may process your Personal Data for the following purposes:

Customer Registration and Account Management: Creating and maintaining accounts, verifying identity, and providing access to our services.
Contractual Performance: Managing payments, fees, charges, and collection of amounts due.
Personalization and Service Improvement: Analyzing Identity, Contact, Technical, Usage, and Profile Data to enhance our services, tailor content, and optimize user experience.
Marketing and Communications: Sending you marketing messages, oﬀers, and communications, based on your preferences and consent.
Analytics and Research: Conducting statistical analysis, service improvement, and trend identification.
Legal and Regulatory Compliance: Fulfilling obligations imposed by applicable laws or regulations.

Marketing Communications: Marketing communications are only sent if you have provided explicit consent. We may share Personal Data with third parties solely for marketing purposes after obtaining your consent. You may withdraw your consent at any time via the opt-out link in marketing emails, or by contacting us directly. Withdrawal of consent does not aﬀect processing necessary for service delivery, contractual obligations, or legal compliance.

Data Usage: Personal Data is only processed for the purposes for which it was collected or for compatible purposes as permitted by law. If we intend to use your Personal Data for a purpose not compatible with the original purpose, we will notify you and obtain your consent where required.

Data Security: We implement appropriate technical and organizational measures to safeguard Personal Data from unauthorized access, disclosure, alteration, or destruction. This includes encryption, access controls, monitoring, and regular security assessments. All Personal Data, including payment information, is handled in accordance with the Law and industry-standard security practices. Your credit/debit card details and personally identifiable information are not stored, sold, shared, rented, or leased to any third parties.

At Peko, we are committed to protecting your privacy and ensuring the responsible handling of your Personal Data. If you have any questions or concerns regarding our data practices, please feel free to contact us.

Automated Decision-Making and Profiling: Peko does not engage in automated decision-making or profiling that produces legal or similarly significant eﬀects on individuals. If such processing is introduced in the future, it will be carried out in full compliance with the Law and its Executive Regulations. Aﬀected users will be notified in advance and provided with information about the logic involved, potential consequences, and their rights in relation to such processing.

SHARING OF PERSONAL DATA

Peko may share your Personal Data with authorized third parties only when necessary, lawful, and in accordance with the law. All third parties are required to process Personal Data in compliance with the Law and solely for purposes consistent with this Privacy Policy.

Categories of Recipients: Your Personal Data may be shared with the following categories of recipients:

Service Providers and Processors: Third-party vendors and contractors who perform services on our behalf, including payment processors, delivery providers, IT service providers, analytics, and marketing partners. These parties are bound by agreements to protect your data.
Business Partners and Aﬀiliates: Our subsidiaries, aﬀiliates, or strategic partners, where sharing is necessary to provide services, products, or support.
Legal and Regulatory Authorities: Where disclosure is required to comply with legal obligations, enforce contracts, or respond to lawful requests from government or regulatory authorities.
Professional Advisors: Lawyers, auditors, consultants, and other professional advisors engaged by Peko to support lawful business operations.

Purpose of Sharing: Personal Data is shared strictly for purposes that are:

Necessary for the provision of services and products.
Required to comply with legal or regulatory obligations.
Required to comply with legal or regulatory obligations.
Necessary for legitimate business interests, provided such interests do not override your fundamental rights and freedoms.

Joint Controllers: Where Peko jointly determines the purposes and means of processing Personal Data with another entity, both parties shall be considered Joint Controllers in accordance with the Law. Peko and the other controller shall enter into a written arrangement outlining their respective responsibilities for compliance, including obligations relating to transparency, data subject rights, and security measures.

Service Fulfilment and Third-Party Providers: When you request or purchase a service through the Platform, certain Personal Data may be shared with third-party service providers engaged by Peko to deliver or support that service. Such sharing is strictly limited to information necessary for fulfilment and communication related to the requested service.

By placing an order or proceeding with a service request, you consent to Peko sharing your Personal Data with these providers solely for the purpose of service delivery.

All such third-party providers are bound by contractual obligations to maintain confidentiality, ensure appropriate security measures, and process Personal Data only under Peko’s instructions and in accordance with applicable data protection laws.

Cross-Border Transfers: Sometimes, we may need to transfer your Personal Data outside the United Arab Emirates (UAE). This can happen when our service providers, partners, or data hosting systems are based in other countries.

Whenever we transfer your data internationally, we make sure it stays protected to the same high standards required under the Law and its Executive Regulations.

We only transfer your Personal Data when one or more of the following apply:

The transfer is necessary for performing a contract with you or to take steps at your request before entering into a contract.
The destination country has been approved by the UAE Data Oﬀice as providing an adequate level of protection.
Appropriate safeguards are in place, such as data transfer agreements or standard contractual clauses that ensure your rights are protected.
You have provided clear consent for the transfer, after being informed of any potential risks.
The transfer is required to establish, exercise, or defend legal claims, or to protect the public interest.

All transfers are monitored to ensure ongoing compliance, and we take steps to prevent unauthorized access, misuse, or disclosure of your Personal Data during and after transfer.

Third-party Marketing: We do not share your Personal Data with third parties for marketing purposes without your explicit consent. You have the right to withdraw your consent at any time, without aﬀecting other processing activities necessary for service delivery or legal compliance.

Data Sharing Principles

Personal Data is shared only to the extent necessary for the purpose for which it was collected.
All recipients are contractually obligated to protect your Personal Data and use it only for permitted purposes.
Sharing of Personal Data is monitored to ensure ongoing PDPL compliance.

DATA RETENTION

We keep your Personal Data only for as long as we need it and not longer. The length of time depends on what we're using the data for, including providing you with services, meeting legal or regulatory requirements, resolving disputes, and enforcing our agreements.

When deciding how long to keep your information, we consider:

The type of Personal Data and its sensitivity.
The reason we collected it in the first place.
The potential risk of harm from unauthorized use or disclosure.
Any legal, regulatory, tax, or accounting obligations that require us to keep certain records.

Upon expiry of the retention period, Personal Data will be permanently deleted or irreversibly anonymized using secure methods in accordance with PDPL guidelines. Retention periods are defined based on contractual, legal, and business needs.

Protecting your data

We take your data security seriously. Peko uses a combination of technical, organizational, and administrative measures to protect your Personal Data from being accidentally lost, accessed, used, altered, or disclosed in an unauthorized way

Access to your Personal Data is strictly limited to employees, agents, contractors, and other third parties who have a legitimate business need to know it. They are bound by confidentiality obligations and only process your data based on our instructions.

User Account Security and Awareness: To enhance the protection of your Personal Data, Peko provides users with tools and guidance to secure their accounts, including multi-factor authentication (MFA) and password best practices. We also monitor our systems for suspicious activity and may alert you if we detect any unusual account behavior.

While we implement robust technical and organizational measures, we also encourage users to remain vigilant against phishing or fraudulent communications claiming to represent Peko. Please contact us immediately if you suspect any unauthorized access or suspicious activity involving your account.

Data Breach Notification: We continuously monitor our systems and security controls to detect, prevent, and respond to potential threats. In the event that we become aware of a Personal Data breach, we will act promptly in accordance with our internal Incident Response and Breach Management Procedures.

Where the breach is likely to result in a risk to your rights and freedoms, we will notify you without undue delay, providing clear information about the nature of the breach, the categories of data aﬀected, and any recommended measures you can take to mitigate potential harm.

In accordance with Article 9(5) of the UAE Personal Data Protection Law (PDPL), Peko shall also notify the UAE Data Oﬀice within seventy-two (72) hours of becoming aware of the breach, including details of its nature, impact, and remedial steps taken to address it.

Continuous Security Improvement: Peko continually monitors emerging cybersecurity and data protection risks, including developments in AI, advanced encryption standards, and threat intelligence. Our security framework is periodically reviewed and updated to address evolving technologies and regulatory expectations.

Customer Compliance Support and Breach Response SLA: Peko is committed to supporting its customers’ compliance requirements under applicable data protection laws. In the event of a Personal Data breach aﬀecting customer information, we will notify aﬀected customers promptly and, where applicable, within the timelines agreed under our contractual obligations or applicable law. We will also provide reasonable assistance to enable customers to meet their own legal or regulatory reporting duties.

YOUR RIGHTS UNDER THE LAW

In accordance with the Law and its Executive Regulations, you are entitled to exercise certain rights in relation to your Personal Data held or processed by Peko. These rights are outlined below, subject to applicable legal limitations and verification requirements.

Right to access: You may request confirmation of whether we process your Personal Data and obtain a copy of such data, along with information on the purposes of processing and categories of data involved.

Right to correction: You have the right to request the correction or updating of inaccurate, incomplete, or outdated Personal Data that we hold about you.

Right to erasure: You may request the deletion of your Personal Data where:
The data is no longer necessary for the purposes for which it was collected;
You withdraw consent (where processing is based on consent); or
The data has been unlawfully processed.

Right to restrict processing: You may request that we restrict the processing of your Personal Data in certain circumstances, such as when the accuracy of the data is contested or when processing is unlawful but you do not wish for the data to be erased.

Right to object: You have the right to object to the processing of your Personal Data, including for direct marketing purposes, or where processing is based on our legitimate interests.

Right to data portability: You may request to receive your Personal Data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller, where technically feasible.

Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal of consent will not aﬀect the lawfulness of any processing carried out before the withdrawal.

Withdrawal of Consent:Where processing is based on your consent, you can withdraw it at any time. This won’t aﬀect any processing already carried out before you withdrew consent.

To exercise any of your rights, please contact us using the details provided below. You will not be required to pay a fee to access your Personal Data or to exercise your rights. However, we may charge a reasonable fee or refuse to act on requests that are unfounded, repetitive, or excessive.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

To protect your privacy and security, we may need to verify your identity before fulfilling your request. In certain cases, we may request additional information to clarify or expedite our response. We aim to respond to all legitimate requests within one (1) month. Where a request is complex or involves multiple submissions, we may extend this period by an additional one (1) month, and we will notify you accordingly.

Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal of consent will not aﬀect the lawfulness of any processing carried out before the withdrawal.

Contact, Complaints & Data Oﬀice:If you have any questions, concerns, or complaints about how Peko collects or uses your Personal Data, or if you wish to exercise any of your data protection rights, you may contact us using the details below:

Data Protection Contact:

Email:privacy@peko.one

Address: Peko Payment Services LLC, UG05, A7 Building, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates.

Peko takes all privacy-related concerns seriously. We will acknowledge and investigate your request or complaint promptly and provide a response within the timeframes required by law.

If you are not satisfied with how we have handled your concern, you have the right to file a complaint directly with the UAE Data Oﬀice, the competent supervisory authority for data protection in the UAE.

THIRD-PARTY LINKS AND EXTERNAL SERVICES

Our Platform may include links to third-party websites, plug-ins, or applications that are not operated or controlled by Peko. Clicking on those links or enabling such connections may allow third parties to collect or share data about you.

We are not responsible for the privacy practices, security standards, or content of such third-party websites or services. When you leave our Platform, we encourage you to read the privacy policies of every website or service you visit to understand how your Personal Data may be collected and used.

Peko does not endorse or make any representations about third-party websites, their content, products, or services. Your use of third-party links or resources is entirely at your own risk and subject to the respective third party’s terms and privacy policy.

CHILDREN’S PRIVACY

We recognize the importance of protecting the privacy and safety of children, especially in an online environment. Our Platform and services are not intended for, and should not be used by individuals under the age of 18 without verified parental or guardian consent.

Peko does not knowingly collect or process Personal Data from anyone under 18 years of age, except where it is necessary to provide services directly to such individuals and only with the documented consent of a parent or legal guardian, as required under applicable laws.

If we become aware that we have inadvertently collected Personal Data from a minor without the required consent, we will take immediate steps to delete such information from our records.

Parents or guardians who believe that their child may have provided us with Personal Data without their consent are encouraged to contact us at privacy@peko.one

REVIEW AND UPDATES

We are committed to keeping this Privacy Policy current and compliant with applicable data protection laws, including the Law and its implementing regulations.

Peko periodically reviews and updates this Policy to reflect changes in our business practices, legal obligations, or technological developments. The most recent version will always be available on our website, with the “effective Date” clearly indicated at the top of the Policy.

If any material changes are made that affect how we process your Personal Data, we will notify you in advance through reasonable means such as by email (if available) or a prominent notice on our Platform before the changes take effect.

Continued use of our services after the Effective Date of an updated Policy constitutes your acknowledgment and acceptance of the revised terms. If you do not agree to the updated Policy, you may discontinue use of our Services and request account deletion.

This Privacy Policy applies solely to Peko and its aﬀiliated entities. It does not extend to third-party websites, applications, or entities not owned or controlled by Peko.

For any questions or concerns regarding this Privacy Policy or our data protection practices, you may contact us at:privacy@peko.one

WELCOME TO PEKO PRIVACY POLICY!

Last updated: October 4th, 2025

Definition of Terms

Personal Data: Refers to any information concerning an identified or identifiable natural person, as defined by the Law. This encompasses a wide array of identifiers such as name, voice, picture, ID numbers, and various personal characteristics.
Aggregated Data: Refers to information that has been gathered and processed in a manner that obscures or removes any identifiers that could link the data to specific individuals via Personal Data. This type of data is typically used for statistical analysis, trend identification, or other analytical purposes. Aggregated Data does not contain any personal identifiers and therefore cannot be used to directly or indirectly to identify individuals.
Technical Data: Refers to information collected automatically during user interactions with the Platform. This includes data such as internet protocol (IP) addresses, login data, browser types and versions, time zone settings, browser plug-in types and versions, operating systems, and platform information. Technical Data assists in managing the Platform's functionality, optimizing user experiences, and ensuring cybersecurity measures.
Sensitive Personal Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, biometric or genetic data, health data, or sexual orientation. Processing such data requires explicit consent.
Data Subject: Any individual whose Personal Data is collected, processed, or stored by Peko.
Processing: Any operation performed on Personal Data, including collection, recording, storage, use, disclosure, or erasure.
Controller: Peko determines the purposes and means of processing Personal Data.
Processor: Any third-party engaged by Peko to process Personal Data on its behalf.

Applicability

Our use of cookies and similar technologies is governed by our separate Cookie Policy, available on our website, which explains how you can manage your preferences.

Here's What You Need to Know

Peko is the Data Controller responsible for determining the purposes and means of processing your Personal Data in accordance with the Law and its implementing regulations.

For any questions regarding this Privacy Policy or the processing of your Personal Data, or to exercise your rights under the Law, you may contact us at privacy@peko.one

Data Collection

When you open an account or use our services, whether directly, through a merchant partner, or via a third- party platform, we may collect the following categories of Personal Data:

Identity Data: Information that identifies you as an individual, including your name, username, date of birth, gender, and marital status.
Contact Data: Information to contact you, including your email address, phone number, and postal address.
Financial Data: Information required for payments and transactions, including bank account details, and payment card information.
Transaction Data: Records of your purchases, payments, and other interactions with our services.
Technical Data: Automatically collected information related to your devices and platform usage, including IP address, login credentials, browser type and version, operating system, device identifiers, time zone, location information, and other technology-related data.
Profile Data: Information about your preferences, interests, purchase history, username, and feedback.
Usage Data: Data on how you interact with our website, mobile applications, and services, including feature usage and service activity.
Marketing and Communications Data: Your preferences regarding receiving marketing communications and your preferred communication channels.

How is your Personal Data collected?

Direct interactions: You may provide Personal Data directly to us, including Identity, Contact, and Financial Data, when you:

Apply for our products or services.
Create an account on our Platform.
Subscribe to our service or publications.
Request marketing communications.
Participate in promotions, survey or competitions.
Provide feedback or contact us regarding our services.

Personal Data collected via direct interactions is processed on the basis of your consent, the performance of a contract, or compliance with legal obligations, as applicable.

IP addresses and device identifiers.
Browser type and version, operating system, and platform.
Login data, time zone, and location information.
Cookies and similar tracking technologies.

Third parties or publicly available sources: We may receive Personal Data from authorized third parties or publicly available sources, including:

Technical Data from analytics providers, advertising networks, and search information providers.
Contact, Financial, and Transaction Data from providers of technical, payment, or delivery services.
Identity and Contact Data from data brokers, aggregators, or publicly available sources.

All third-party service providers are required to process Personal Data in accordance with PDPL standards, solely for legitimate purposes consistent with this Privacy Policy.

How We Utilize Your Personal Data?

At Peko, all processing is carried out lawfully, fairly, and transparently, and only for specified, explicit, and legitimate purposes:

Legal Basis for Processing: We process Personal Data on the following lawful bases:

Performance of Contract: To fulfill contractual obligations, or take steps prior to entering into a contract with you.
Legitimate Interests: For our legitimate interests or those of third parties, provided such interests do not override your fundamental rights and freedoms.
Compliance with legal obligations requires us to process your data.
Legal Obligation To comply with applicable laws, regulations, or legal requests.
Consent Where required, including for sending direct marketing communications via email, SMS, or other channels. You may withdraw consent at any time without aﬀecting other lawful processing.

Purpose of Processing: We may process your Personal Data for the following purposes:

Customer Registration and Account Management: Creating and maintaining accounts, verifying identity, and providing access to our services.
Contractual Performance: Managing payments, fees, charges, and collection of amounts due.
Personalization and Service Improvement: Analyzing Identity, Contact, Technical, Usage, and Profile Data to enhance our services, tailor content, and optimize user experience.
Marketing and Communications: Sending you marketing messages, oﬀers, and communications, based on your preferences and consent.
Analytics and Research: Conducting statistical analysis, service improvement, and trend identification.
Legal and Regulatory Compliance: Fulfilling obligations imposed by applicable laws or regulations.

SHARING OF PERSONAL DATA

Categories of Recipients: Your Personal Data may be shared with the following categories of recipients:

Service Providers and Processors: Third-party vendors and contractors who perform services on our behalf, including payment processors, delivery providers, IT service providers, analytics, and marketing partners. These parties are bound by agreements to protect your data.
Business Partners and Aﬀiliates: Our subsidiaries, aﬀiliates, or strategic partners, where sharing is necessary to provide services, products, or support.
Legal and Regulatory Authorities: Where disclosure is required to comply with legal obligations, enforce contracts, or respond to lawful requests from government or regulatory authorities.
Professional Advisors: Lawyers, auditors, consultants, and other professional advisors engaged by Peko to support lawful business operations.

Purpose of Sharing: Personal Data is shared strictly for purposes that are:

Necessary for the provision of services and products.
Required to comply with legal or regulatory obligations.
Required to comply with legal or regulatory obligations.
Necessary for legitimate business interests, provided such interests do not override your fundamental rights and freedoms.

By placing an order or proceeding with a service request, you consent to Peko sharing your Personal Data with these providers solely for the purpose of service delivery.

Whenever we transfer your data internationally, we make sure it stays protected to the same high standards required under the Law and its Executive Regulations.

We only transfer your Personal Data when one or more of the following apply:

The transfer is necessary for performing a contract with you or to take steps at your request before entering into a contract.
The destination country has been approved by the UAE Data Oﬀice as providing an adequate level of protection.
Appropriate safeguards are in place, such as data transfer agreements or standard contractual clauses that ensure your rights are protected.
You have provided clear consent for the transfer, after being informed of any potential risks.
The transfer is required to establish, exercise, or defend legal claims, or to protect the public interest.

All transfers are monitored to ensure ongoing compliance, and we take steps to prevent unauthorized access, misuse, or disclosure of your Personal Data during and after transfer.

Data Sharing Principles

Personal Data is shared only to the extent necessary for the purpose for which it was collected.
All recipients are contractually obligated to protect your Personal Data and use it only for permitted purposes.
Sharing of Personal Data is monitored to ensure ongoing PDPL compliance.

DATA RETENTION

When deciding how long to keep your information, we consider:

The type of Personal Data and its sensitivity.
The reason we collected it in the first place.
The potential risk of harm from unauthorized use or disclosure.
Any legal, regulatory, tax, or accounting obligations that require us to keep certain records.

Protecting your data

YOUR RIGHTS UNDER THE LAW

Right to access: You may request confirmation of whether we process your Personal Data and obtain a copy of such data, along with information on the purposes of processing and categories of data involved.

Right to correction: You have the right to request the correction or updating of inaccurate, incomplete, or outdated Personal Data that we hold about you.

Right to erasure: You may request the deletion of your Personal Data where:
The data is no longer necessary for the purposes for which it was collected;
You withdraw consent (where processing is based on consent); or
The data has been unlawfully processed.

Right to restrict processing: You may request that we restrict the processing of your Personal Data in certain circumstances, such as when the accuracy of the data is contested or when processing is unlawful but you do not wish for the data to be erased.

Right to object: You have the right to object to the processing of your Personal Data, including for direct marketing purposes, or where processing is based on our legitimate interests.

Right to data portability: You may request to receive your Personal Data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller, where technically feasible.

Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal of consent will not aﬀect the lawfulness of any processing carried out before the withdrawal.

Withdrawal of Consent:Where processing is based on your consent, you can withdraw it at any time. This won’t aﬀect any processing already carried out before you withdrew consent.

Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal of consent will not aﬀect the lawfulness of any processing carried out before the withdrawal.

Data Protection Contact:

Email:privacy@peko.one

Address: Peko Payment Services LLC, UG05, A7 Building, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates.

Peko takes all privacy-related concerns seriously. We will acknowledge and investigate your request or complaint promptly and provide a response within the timeframes required by law.

THIRD-PARTY LINKS AND EXTERNAL SERVICES

CHILDREN’S PRIVACY

If we become aware that we have inadvertently collected Personal Data from a minor without the required consent, we will take immediate steps to delete such information from our records.

Parents or guardians who believe that their child may have provided us with Personal Data without their consent are encouraged to contact us at privacy@peko.one

REVIEW AND UPDATES

We are committed to keeping this Privacy Policy current and compliant with applicable data protection laws, including the Law and its implementing regulations.

This Privacy Policy applies solely to Peko and its aﬀiliated entities. It does not extend to third-party websites, applications, or entities not owned or controlled by Peko.

For any questions or concerns regarding this Privacy Policy or our data protection practices, you may contact us at:privacy@peko.one

WELCOME TO PEKO PRIVACY POLICY!

Loading...

WELCOME TO PEKO PRIVACY POLICY!