Customer Privacy Notice
Date: 06 July 2020
1.1 This is the Privacy Notice ("Notice") for the website hosted at www.tabby.ai ("site") and the Tabby app "App" (together, the "Platform"). The Platform is operated by or on behalf of Tabby FZ LLC (UAE) and Tabby Saudi for Communications and IT (Kingdom of Saudi Arabia) as Tabby ("Tabby", "we", "us" and "our"). This Notice applies to individuals browsing our Platform, and individuals using our services and our Platform ("you" and "your"). We are committed to protecting and respecting your privacy.
1.2 This Notice sets out:
What information do we collect about you?
- How do we use your information?
- Who do we share your information with?
- Where do we store your information?
- Where do we store your information?
- What about payment processing?
- How do we protect your information?
- How long we keep your information?
- What rights do you have?
- Changes to this Notice
- Contact Us
- Cookies and other technologies
1.3 Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
1.4 By using our services you acknowledge you have read and understood this Privacy Notice.
We will collect and use the following categories of personal data from you, from other organisations and automatically via our Platform -- for example, when you fill in any of the application forms on our Platform. We explain what we do with each of the categories in the next section.
2.1 You provide us with the following categories of information about you
This is information about you that you give us, usually via our Platform, or by phone, e-mail or otherwise. It includes information you provide when you register to use our Platform, subscribe to our service, search for a product, place an order, submit a query, and when you report a problem with our Platform.
- Contact: basic contact information, such as your first and last name, email address, home address, as well as billing and shipping details
- Identity: additional information you provide, including your photo, gender, date of birth, and personal information in or about the content you provide
- Communications: records of any correspondence and communications if you contact us, including information you supply if you report a problem with our Platform to us. This covers information we learn about you from:
- Financial: Tabby does not access, collect or store your payment information. We use a payment processor to manage this for us.
- Marketing: you may also provide us with your personal direct marketing preferences, like whether you would like to receive email or text updates from us
2.2 Information we receive from other sources.
We are working closely with third parties (including, for example, retailers, business partners, sub-contractors in technical, payment and delivery services, debt collection agencies, advertising networks, analytics providers, and search information providers).
We may receive information about you from other organisations, including:
- Credit: credit score and insolvency information, from our third party credit score providers and identity verification providers. Tabby will assess and keep your Tabby credit limit.
- Verification: We use a third party service to verify who you are. You will be asked to provide them with an appropriate form of government ID (like scan of a the ID or ID number) and in some cases, a selfie (to match against your ID). Your use of this service is regulated by that organisation's own terms and privacy policy.
- Advertising: Advertisers may share technical information and information about your visits with them, including your experiences or interactions with them (see the next section for more detail about what this means).
2.3 Information we collect about you from your use of our Platform:
We will automatically collect information from you each time you use our Platform. (a) Technical information
Technical information may include the Internet protocol (IP) address, login information, browser type and version and, browser plug-in types and versions, device settings (e.g. language, time zone), device or similar IDs, operating system and platform, hardware version, mobile operator or ISP.
(b) Information about your visit
Information about your visit may include the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number or social media handle used to connect with our customer service team and our social media accounts.
(c) Location data
Location data includes specific geographic locations (such as through GPS, Bluetooth, or Wi-Fi signals) which we use to provide location services (if you ask or permit us to), so that we can deliver content, advertising or other services that are dependent on knowing where you are, like checking for fraudulent transactions.
Location data may be collected in combination with device ID, so we can recognise your mobile browser or device when you return to the Service.
Delivery of location services will involve us checking any of the following: - the coordinates (latitude/longitude) of your location;
- your current country or region, by referencing your current IP address against public sources; and/or
- your Identifier for Advertisers (IFA) code for your Apple device, or the Android ID for your Android device, or a similar device identifier.
You can opt-out of location sharing.
(d) Information on In-app Browser Usage
We also collect information regarding your activities within our in-app browser. This includes tracking the URLs you visit while using the in-app browser. This data helps us understand your preferences and improve your user experience.
We use information held about you in the following ways, and we explain the legal reason (or 'lawful basis') for each use as well. For more information about what these legal reasons mean, please read the next section: 'Legal reasons explained'.
3.1 If you browse our Platform, we use automatically collected information to:
understand how individuals use our Platform, and how we can improve it.
ensure content from our site is presented in the most effective manner for you and for your computer.
- provide you with the information, products and services that you request from us or we think you may be interested in.
We do this with your consent, where required, or in our legitimate interests, where we have considered these are not overridden by your rights.
3.2 If you create and use your account with us, we use your Contact, Identity, Log- in, Financial, Credit, Verification and Automatically Collected information to:
- create and administer your account with us.
- verify your identity (including appropriate screening processes).
- conduct credit checks, and receive results from our third party credit check providers.
- verify and carry out financial transactions in relation to payments you make online/through the Platform.
- provide aggregated reporting information to, and otherwise manage and fulfil our agreements with, our shareholders, investors and finance providers.
- identify you when you sign-in to your account and give you appropriate access to our Platform (in accordance with your agreement with us).
- enforce or apply our terms or other agreements with you.
- notify you about changes to our service.
We may conduct some profiling and automated decision-making to help us determine whether or not to verify and approve your account, including on the basis of your credit history. If you would like more information about our automated-decision making practices, or would like to request a manual review of any decision, please contact us.
3.3 When you contact or engage with us, we use your Contact, Identity, Log-in, Financial, Credit Verification and Communications information to:
- provide you with customer support, including
- contacting you if you've asked us to do so, including troubleshooting problems, and helping with any issues concerning our Platform, and
- providing you with the information, products and services that you request from us.
3.4 If we share marketing or advertising with you, we may use your Contact, Marketing, Advertising and Automatically Collected information to:
- provide you with promotional update communications by email, SMS, in-App alerts, and phone about our services about goods or services we feel may interest you.
- contact you for your opinions about our Platform, including through surveys and other market research.
- understand how you use and interact with our services and the things you're connected to and interested in.
- provide you with personalised recommendations, promotional updates and marketing to improve your experience with our Platform.
- measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
We may conduct some profiling and automated decision-making to help us provide you with relevant information, suggestions and recommendations for products.
We do this if permitted in our legitimate interests (where we have considered these are not overridden by your rights) or with your prior consent (where required by law).
You can opt-out of further marketing at any time by selecting the "unsubscribe" link at the end of all our promotional updates and marketing to you, or by sending us an email at [email protected]
3.5 When we maintain and improve our Platform, we may use your Account, Marketing Advertising and Automatically Collected information (including Location data) to:
- administer our Platform and services and for internal operations, including audits, troubleshooting, data analysis, testing, research, statistical and survey purposes.
- evaluate and improve our products, services and Platform, including developing and testing new features.
- keep our Platform safe and secure.
- to detect and protect against error, fraud or other criminal activity.
- improve our Platform to ensure that content is presented in the most effective manner for you and for your computer, and to alert you to any hardware or software incompatibility issues.
- allow you to participate in interactive features of our service, when you choose to do so.
We do this in our legitimate interests, where we have considered these are not overridden by your rights. We also do this to comply with our legal obligations.
3.6 Information we receive from other sources
We may combine this information with information you give to us and information we collect about you in our legitimate interests (where we have considered that these are not overridden by your rights). We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
3.7 Aggregated Data
We may pseudonymise and/or anonymise and aggregate any of the above categories of information.
What does this mean?
- Pseudonymised means that you cannot be identified from the data unless it's combined with additional information hold.
- Anonymised means that you cannot be identified from the data -- for example, if we create aggregated statistics.
We use aggregated information (such as statistical data or customer profile information) to help us analyse how visitors use our site (including behaviour patterns and the tracking of visits across multiple devices) and interact with us on social media (for example, statistics about demographics or users per country), provide more useful information to our customers, and understand which of our services are of most interest.
We may provide aggregated data (for example, demographic statistics about our customers) to our partners or other third parties in exchange for access to the products or services that they provide, or to promote our Platform.
Where such aggregate information is derived from your personal data we will take steps to pseudonymise or anonymise your personal data, so that you cannot be easily re-identified from aggregate information retained or used for these purposes.
3.8 Legal reasons (or 'lawful bases') explained
In accordance with applicable data protection law, we rely on one or more of the following
grounds when processing your data:
- Contract: We collect, store and process your personal information where it is necessary for performing a contract you have with us (such as our Terms & Conditions), or where you have asked us to take specific steps before entering into that contract. This includes notifying you about changes to our Services.
- Legal Obligation: We may need to process your personal information to comply with our legal obligations, including under applicable local laws and/or any court orders. This may include compliance with know-your-client and anti-money laundering rules.
- Legitimate interests: We may process your personal information if it is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests.
Our legitimate interests include:
- Providing you with the information, products and services that you request from us.
- Providing you with our promotional updates and marketing if we reach out to you and/or you are interacting with us in a business-to-business context (or in certain cases if you have purchased a service from us and have not opted-out at the time of purchase or any time since) (you are free to opt-out at any time).
- Providing you and our other customers with personalised recommendations, promotional updates and marketing to improve your experience with our Services.
- Gaining insights into how customers use our Services; delivering, developing and improving our Services, and growing our business and informing our marketing strategy.
- Measuring and understanding the effectiveness of advertising we serve to you and others, and delivering relevant advertising to you.
- Keeping our Services safe and secure.
- Improving our Site to ensure that content is presented in the most effective manner for you and for your computer.
- Administering our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- Carrying out our obligations in our agreements with our business partners.
We may share your personal information:
(a) with any member of our group (which includes our subsidiaries and our ultimate holding company and its subsidiaries, who support our processing of personal data under this Notice, who we support in processing your personal data, or who we otherwise share your personal data with.
(b) with selected third parties, including the credit reference agencies we work with. Our selected third parties may include:
(i) Organisations who process your personal data on our behalf and in accordance with our instructions and the Data Protection Law. This includes in supporting the services we offer through the Platform in particular those providing website and data hosting services, providing fulfilment services, distributing any communications we send, supporting or updating marketing lists, facilitating feedback on our services and providing IT support services from time to time. These organisations (which may include third party suppliers, agents, sub-contractors and/or other companies in our group) will only use your information to the extent necessary to perform their support functions.
(ii) Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users. We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience and subject to the cookie section of this Notice.
(iii) Analytics and search engine providers that assist us in the improvement and optimisation of our site (this will not identify you as an individual).
(iv) Merchants and business partners who provide services to you, and with whom we have entered into agreements in relation to the processing of your personal data a list of whom can be provided upon request.
(v) Credit Reference Agencies for the purpose of assessing your credit score whether when setting up an account with us or on an ongoing basis. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We continue to exchange information about you, your settled accounts and debts not fully repaid on time with the Credit Reference Agencies while you use our services. The Credit Reference Agencies will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.
(vi) Payment processing providers who provide secure payment processing services.
(vii) Debt collection agencies, should your account fall into arrears, in order to collect the amount you owe us from you.
(c) any person to whom disclosure is necessary to enable us to enforce our rights under this Privacy Notice or under any agreement we have with you, or to protect our rights or the rights of third parties. This includes exchanging information with law enforcement agencies (including regulators) or other similar government bodies
(d) where required to do so by court order or where we are under a duty to disclose or share your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation.
(e) in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer.
If we share your personal information with our group companies or other third parties, we will take steps to protect your personal information in our contractual agreements with these third parties, and to require that they have appropriate technical and organisational security measures in place, in compliance with applicable data protection laws.
5.1 We are based in the UAE and Saudi Arabia. Our parent company is Tabby Inc in Cayman Islands.
5.2 We may transfer your information outside the UAE. If we do, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism, and that it is treated securely and in accordance with this Privacy Notice.
5.3 We may transfer your personal information outside the UAE:
(a) in order to store it.
(b) in order to enable us to provide goods or services to you and fulfil our contract with you. This includes order fulfilment, processing of payment details, and the provision of support services.
(c) in order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.
5.4 We may transfer your personal information as detailed below.
6.1 Payment details you provide will be encrypted using secure sockets layer (SSL) technology before they are submitted to us over the internet.
6.2 Payments made on the Platform are made through our payment gateway providers in each country. You will be providing credit or debit card information directly to our payment gateway providers which operate a secure server to process payment details, encrypting your credit/debit card information and authorising payment. Information which you supply is not within our control and is subject to their own Privacy Notice and terms and conditions.
7.1 We take reasonable steps, including physical, technical and organisational measures, to protect your personal information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.
7.2 All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology.
7.3 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Platform; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7.4 External links
Our site may, from time to time, contain links to external sites. If you follow a link to any of these websites, please note that these websites have their own privacy policies. Please check these policies before you submit any personal data to these websites. We are not responsible for the privacy policies or the content of such sites.
7.5 Child safety
Protecting the safety of children when they use the Internet is important to us. Our Platform is intended for use only by persons who are at least 18 years of age. You may not use our Platform unless you are 18 or older.
8.1 We will keep personal data for:
(a) as long as you have an account with us in order to meet our contractual obligations to you, and
(b) for five years after that to identify any issues and resolve any legal proceedings.
8.2 If you opt-out from us sending you promotional updates and marketing, or object to any other processing of your personal information, we may keep a record of your opt-out or objection so we can ensure we respect your direct marketing preferences.
8.3 We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
Any changes we make to our Privacy Notice in future will be posted on this page and, in relation to substantive changes, will be notified to you by e-mail. This Notice was last updated on 06 July 2020.
Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to: [email protected]