Privacy Policy

1.Introduction

Elite Payment Offering Corp ("the Company") prioritizes the protection of personal data belonging to credit cardholders and prospective users ("Customers"). All personal data is processed in accordance with the UAE Federal Decree-Law on the Protection of Personal Data ("PDPL") and other applicable laws.

2.Scope of Application

This policy applies to the collection, use, storage, sharing, and transfer of personal data conducted by the Company both within and outside the UAE. It does not apply to data excluded under the PDPL, such as governmental data.

3.Definitions

Terms such as "personal data," "sensitive personal data," "processing," and "data subject" are defined as per the PDPL.

4.Personal Data Collected

Category Key Details Typical Sources Legal Basis*
Identification Name, nationality, ID/passport number, DOB Applications, KYC documents (a)(b)(c)
Contact Details Address, phone number, email Applications,member portals (a)(b)(c)
Financial Info Income, credit data, card usage history Banks, credit agencies, merchants (b)(c)
Transaction Logs Amounts, merchants, devices/IP, location Payment networks (b)(c)(d)
Marketing Data Campaign entries, cookies, online identifiers Website/app, social media (a)(d)

Legal Basis Notes:

  • (a) Explicit consent from the data subject
  • (b) Necessary for contract performance or pre-contract procedures
  • (c) Compliance with legal obligations (e.g., Central Bank, AML/CFT laws)
  • (d) Legitimate interest (e.g., fraud detection, service improvement) — provided that data subjects’ rights are not unduly harmed.

5.Purpose of Use

  • 1.Card issuance, membership management, KYC/AML verification
  • 2.Payment processing, merchant settlements, credit evaluation
  • 3.Fraud detection, risk management, internal audit
  • 4.Compliance with regulatory or legal obligations
  • 5.Marketing communications and promotions (opt-in only)
  • 6.Service quality improvement and new product development

6.Data Sharing
Third-party Categories:

  • • International card brands, merchants, acquirers, remittance providers
  • • Credit bureaus, fraud prevention networks
  • • Regulators (e.g., Central Bank, UAE Data Office), judiciary, law enforcement
    Sharing is limited to the extent necessary to achieve the stated purposes and is subject to confidentiality agreements or clauses compliant with Article 24 of the PDPL.

7.Cross-Border Transfers

When transferring data to foreign organizations (e.g., payment networks), the Company ensures at least one of the following:

  • 1.Transfer to countries recognized as having adequate protection
  • 2.Use of Standard Contractual Clauses (SCCs) or equivalent safeguards
  • 3.Explicit consent from the data subject (excluding sensitive data, as applicable)
  • 4.Other exemptions under Article 22 of the PDPL (e.g., public interest, legal claims)

8.Security Measures

The Company implements technical and organizational security measures including encryption, access controls, two-factor authentication, logging, and vulnerability assessments. In case of a serious data breach, the Company will promptly notify the UAE Data Office and affected Customers in accordance with Central Bank regulations.

9.Cookies and Similar Technologies

The Company’s website and apps use cookies and similar technologies for functionality, analytics, and advertising. Marketing cookies operate on an opt-in basis.

10.Automated Decision-Making and Profiling

The Company may use automated processes for credit assessments and fraud detection. Data subjects have the right to request a human review of automated decisions.

11.Data Subject Rights

Under the PDPL, Customers have the following rights:

  • • Right to information and access
  • • Data portability
  • • Correction and erasure
  • • Objection or restriction of processing, opt-out from direct marketing
  • • Withdrawal of consent