data consent

Borrower Data-Sharing Consent

Effective Date: May 7, 2025

Version: V1.1

Last Version: V1.0 - Jan 1, 2025

Entity: Klub Capital Technologies Limited (“KCTL”)

Regulated by: Financial Services Regulatory Authority (FSRA), Abu Dhabi Global Market (ADGM), Licence No. 220119

This Data-Sharing Consent (“Consent”) outlines how KCTL collects, uses, stores, and shares your personal and financial information when you engage with our financing services. By clicking “I Consent” or submitting your application via our Platform, you expressly authorise KCTL to process your data as detailed below, in accordance with applicable laws and FSRA Data Protection Regulations.

If you do not agree to this Consent, you must refrain from using our Platform or applying for financing.

1. Purpose of Data Collection and Use

Your data is collected and processed strictly for the following lawful purposes:

a. Verification and Onboarding

To verify your identity and assess eligibility under FSRA’s Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations, KCTL requires access to your body corporate KYC documents such as trade licence, MOA and/or AOA, Commercial Lease, Bank account details, VAT registration, Beneficial Ownership disclosures, and personal KYC documents of directors, shareholders such as Emirates ID, Passport, VISA.

b. Credit Assessment and Financing Evaluation

KCTL may use your sales history, banking transactions, invoice data, or other financial records to:

  • Determine your financing eligibility;
  • Calculate offer amounts and repayment capacity;
  • Recommend relevant financing Products offered through regulated Capital Partners or through KCTL on behalf of a Capital Partner.
c. Transaction Processing and Repayment Servicing

Your data enables KCTL to:

  • Disburse approved advances to your bank account;
  • Collect repayments via set-offs, debits, or reconciliations;
  • Notify you of repayment obligations, outstanding balances, or repayment failures.
d. Regulatory Compliance

As a regulated entity, KCTL must retain and submit relevant customer and transaction information to:

  • FSRA;
  • The UAE Central Bank;
  • Other competent authorities, as required by law;
  • Auditors and compliance monitors.
e. Fraud Monitoring and Risk Management

Your account usage, device data, geolocation, and login activity may be monitored to detect anomalies, prevent misuse, and ensure compliance with applicable cybersecurity requirements.

2. Categories of Data Collected

The information KCTL collects about you includes, but is not limited to:

a. Identification and Contact Details
  • Full legal name;
  • Emirates ID or passport number;
  • Date of birth and nationality;
  • Residential and business address;
  • Mobile number and email address.
b. Business and Financial Records
  • Trade licence, MOA or AOA (if a company);
  • Bank account details and IBAN;
  • Sales statements and settlement summaries from e-commerce platforms (e.g. Noon, Amazon, Shopify);
  • Uploaded invoices, purchase orders, or customer payment confirmations.
c. Behavioural and Technical Data
  • IP address, device type, operating system, and browser;
  • Timestamped activity logs from the Platform;
  • Clickstream data and interaction metrics;
  • Cookies and analytics tools used for session tracking.

3. Parties with Whom Your Data May Be Shared

KCTL shares your data strictly on a need-to-know basis with the following types of recipients:

a. Regulatory Authorities
  • The FSRA, for reporting and audit purposes;
  • UAE federal or local law enforcement agencies, if legally mandated;
  • Financial intelligence units for suspected fraud or money laundering cases.
b. Capital Partners

When you apply for a financing Product offered by a third-party financier (a “Capital Partner”), we will share relevant parts of your application and financial documents with that partner so they can assess your application, offer financing, disburse funds, and reconcile repayments.

Note: Each Capital Partner is bound by their own data protection and confidentiality obligations and is not permitted to use your data for any purpose outside the scope of their financing agreement with you.

c. Third-Party Service Providers

KCTL may engage carefully vetted vendors to assist with:

  • KYC/AML checks (e.g. ID validation, sanctions screening);
  • Payment gateway processing;
  • Cloud hosting and document storage;
  • Email and SMS delivery platforms;
  • Legal advisors and statutory auditors.

All such providers are bound by strict data confidentiality contracts.

4. Retention of Data

KCTL retains your data for as long as necessary to:

  • Complete the purpose for which it was collected;
  • Comply with statutory, regulatory, or contractual obligations;
  • Defend or establish legal claims.

Under FSRA Data Protection Regulations and ADGM’s record-keeping guidelines, your data may be stored for a minimum period of seven (7) years from the date of your last financial transaction or account closure, unless a longer period is legally required.

5. Additional Documentation for Capital Partner-Specific Offers

Depending on the specific Product you select and the Capital Partner offering it, additional documentation may be required, such as:

  • Audited financial statements;
  • Customer purchase orders or credit notes;
  • Inventory or receivables reports;
  • Updated bank statements or VAT filings.

You will be notified of these requirements during the application process, and failure to provide the requested documents may result in application rejection or offer withdrawal.

6. Your Rights Under FSRA Data Protection Framework

As a data subject, you have the following rights under the ADGM Data Protection Regulations:

a. Right to Access

You may request a summary of the data KCTL holds about you, and how it has been used or shared.

b. Right to Rectification

If any part of your data is inaccurate, outdated, or incomplete, you may request correction or updates.

c. Right to Deletion

You may request deletion of your personal data, provided:

  • You have no outstanding financial obligations or open applications; and
  • Retention is not legally required.
d. Right to Restriction

You may request that we limit the use of your data to specific lawful purposes only.

e. Right to Object to Processing

You may object to your data being used for profiling, automated decision-making, or direct marketing (where applicable).

f. Right to Withdraw Consent

You may withdraw your consent at any time by emailing dpo@klubworks.com. Please note that this may affect your eligibility for ongoing or future financing.

7. Restrictions to Your Data Rights under ADGM Regulations

a. Legal, Security, and Regulatory Exemptions

Your data rights may not apply where processing is required for national security, crime prevention, tax collection, legal proceedings, or to meet legal and regulatory obligations.

b. Public Interest and Oversight

We may limit your rights when necessary to protect the public from financial misconduct, support regulatory functions, ensure health and safety, or uphold judicial independence.

c. Confidentiality and Third-Party Rights

Access to your data may be restricted to protect legal privilege, professional confidentiality, ongoing negotiations, or third-party privacy.

d. Market and Business Integrity

We may withhold data if disclosure could affect financial markets, business decisions, forecasting, or strategic planning.

e. Archiving and Research

Some rights do not apply when data is processed solely for scientific, historical, or statistical research, provided results do not identify individuals.

8. Contact and Escalation

For all data protection or privacy-related queries, corrections, complaints or consent withdrawals, contact:

Email: dpo@klubworks.com
Phone: +971524109479
Hours: Monday to Friday, 9:00 AM – 6:00 PM GST

If you are not satisfied with the resolution provided, you have the right to escalate your complaint to the FSRA’s Office of Data Protection via www.adgm.com.