Notwithstanding the above, we have compiled a couple of relevant FAQ's that Client could potentially share with its End-users as follows:
- What is Lean and what services do they provide?
Lean is an Open Banking service provider that enables fintech innovators like Client to seamlessly connect your bank accounts to initiate payments and/or retrieve account details, balance, and transaction history, always with your permissioned consent.
- Is Lean regulated?
Yes, Lean is regulated in the jurisdictions in which it operates. Lean is authorised and regulated by the Financial Services Regulatory Authority (FSRA) to operate in and from the Abu Dhabi Global Market (ADGM) in the UAE to provide account information services and to initiate payments.
Lean is also the first Permitted Fintech authorised and regulated by the Saudi Central Bank to operate in Saudi Arabia. Similarly to the ADGM’s regulatory framework, this authorisation permits Lean to aggregate data and to initiate payments on behalf of its Clients, such as PEMO.
- Is Lean safe?
When Lean initiates a payment on your behalf, it only does so with your consent and it does not take custody of any funds - it simply relies on your instruction to initiate the payment. Where Lean retrieves account data, this depends on the permissions requested when connecting to your account.
- How does Lean manage its data protection requirements?
In the UAE, Lean abides by the data protection requirements specified under the ADGM Data Protection Regulations 2021 (as amended from time to time). In KSA, Lean currently abides by the data protection requirements as stipulated by the Saudi Central Bank as well as the Personal Data Protection Law and accompanying regulations which are due to come into force in 2023.
- Can Lean access personal data of users in a form that links it back to that user in an identifiable form? Is the information stored anonymously?
- How will this information be used by Lean in the future? Is Lean planning to sell this information or profit from the use of such data?
No, Lean does not market or sell personal data of any End-user (i.e a Client user like you).
- If a user decides to delete their account, does Lean also confirm that they will delete the user’s data from their database?
In line with applicable Data Protection Law, all End-user's have the right to request that Lean erases their personal data in certain circumstances. Provided Lean does not have a legal obligation or legitimate reason to store that personal data, Lean will action the request, as is required. This is commonly referred to as the "Right to be Forgotten" under international privacy standards.