Experience real-time spend control on your corporate cards, see how it works in action

Register for free

ArrowIcon
CloseIcon
Logo

Start your business

Products

Arrow

Platforms

Arrow
Flag

UAE

WELCOME TO PEKO PRIVACY POLICY!

Last updated: October 4th, 2025

Peko Payment Services LLC and our affiliates ("Peko", “we”, “our”, and “us”) are dedicated to safeguarding your privacy and ensuring the protection of your Personal Data. We want to make sure you feel safe and comfortable using our services, so please take a moment to read through this Privacy Policy. This Privacy Policy outlines how we collect, use, process, and secure your Personal Data in accordance with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and its implementing regulations, as well as any other Applicable Laws and regulatory requirements, as amended from time to time (“ Applicable Law(s)”).

This Privacy Policy explains how Personal Data is collected and processed when you use our products and services, whether through our website, mobile application, or other means. For users located outside the UAE, additional or different rights may apply under applicable local laws.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be posted on our website with the revised effective date. Continued use of our services after the updated Privacy Policy takes effect constitutes acceptance of the changes.

It is important that the Personal Data we hold about you is accurate and current. You are responsible for ensuring that the Personal Data you provide to us is accurate and up-to-date. You may contact us at privacy@peko.one to update or correct your Personal Data. Please keep us informed if your Personal Data changes during your relationship with us. Personal data, or information about you, is anything that can identify you as an individual. But don't worry, we also deal with anonymous data where your identity isn't known.

DEFINITION OF TERMS

  • Personal Data: Refers to any information concerning an identified or identifiable natural person, as defined by Applicable Laws. This encompasses a wide array of identifiers such as name, voice, picture, ID numbers, and various personal characteristics and includes information relating to users, authorized cardholders, account administrators, business representatives, beneficial owners, directors, authorized signatories, and any other individuals whose data is processed in connection with the provision of Peko’s services, including Corporate Cards.
  • Aggregated Data: Refers to information that has been gathered and processed in a manner that obscures or removes any identifiers that could link the data to specific individuals via Personal Data. This type of data is typically used for statistical analysis, trend identification, or other analytical purposes. Aggregated Data does not contain any personal identifiers and therefore cannot be used to directly or indirectly to identify individuals.
  • Technical Data: Refers to information collected automatically during user interactions with the Platform. This includes data such as internet protocol (IP) addresses, login data, browser types and versions, time zone settings, browser plug-in types and versions, operating systems, and platform information. Technical Data assists in managing the Platform's functionality, optimizing user experiences, and ensuring cybersecurity measures.
  • Sensitive Personal Data: Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, biometric or genetic data, health data, or sexual orientation. Processing such data requires explicit consent.
  • Data Subject: Any individual whose Personal Data is collected, processed, or stored by Peko.
  • Processing: Any operation performed on Personal Data, including collection, recording, storage, use, disclosure, or erasure.
  • Controller: Depending on the context of the processing activity, Peko and/or other parties (including regulated financial institutions) may determine the purposes and means of processing Personal Data in accordance with Applicable Laws.
  • Processor: Any third-party engaged by Peko to process Personal Data on its behalf.
  • Corporate Cards: means the corporate or business payment cards (including physical or virtual cards) made available through the Platform as part of Peko’s services, which are issued by a licensed and regulated financial institution and may be used by authorized users for business-related transactions, subject to applicable terms and conditions.

APPLICABILITY

This Privacy Policy applies to all individuals whose Personal Data we process, including users of our websites, mobile applications (“Platform”), and services, as well as data processed by our authorized service providers. We process Personal Data lawfully, fairly, and transparently, in accordance with Applicable Laws principles.

This Privacy Policy should be read in conjunction with our Peko Platform Agreement, Cookie Policy and any additional privacy notices if provided in connection with specific products or services. By utilizing our services, users acknowledge that internet transmissions are inherently susceptible to interception, and any information transmitted to our Platform may be subject to unauthorized access.

HERE'S WHAT YOU NEED TO KNOW

This Privacy Policy explains how we collect, use, store, and disclose Personal Data when you interact with our Platforms, services, websites, and mobile applications, whether directly or through our authorized service providers. It also describes your rights under Applicable Laws and how you can exercise them.

This Privacy Policy should be read together with any other privacy notices, terms, or consents provided to you. It supplements but does not replace any such notices. This Privacy Policy describes how Personal Data is collected and processed when you use our services, in accordance with Applicable Laws.

For any questions regarding this Privacy Policy or the processing of your Personal Data, or to exercise your rights under Applicable Laws, you may contact us at privacy@peko.one

CORPORATE CARDS PROGRAMME

Corporate Cards available on the Platform, are issued by a licensed financial institution and regulated by the Central Bank of the UAE (the “Issuer”) under a BIN sponsorship arrangement. Peko is not a bank and does not itself issue payment cards.

In connection with the issuance, administration, and use of Corporate Cards, Personal Data relating to authorized users, cardholders, and transactions is processed as part of a single card program involving Peko, the Issuer, and multiple third-party service providers engaged by Peko to support the operation of the program.

The Issuer retains regulatory responsibility for the Corporate Cards program and determines the purposes and means of regulated financial processing required under applicable banking, anti-money laundering, counter-terrorist financing, and card scheme rules. This includes, without limitation, customer due diligence (KYC), identity verification, sanctions and screening checks, transaction authorization, fraud monitoring, dispute handling, chargebacks, settlement, regulatory reporting, and statutory record-keeping.

Peko processes Personal Data in its capacity as the program manager and platform provider, including for onboarding workflows, user and account management, spend controls, reporting, first line customer support, service communications, and operational administration of the Corporate Cards program.

To enable the operation of the Corporate Cards program, Peko engages third-party service providers (including verification providers, processing and technology vendors, fraud and compliance service providers, infrastructure and hosting providers, and customer support partners). For certain regulated processing activities required under banking, anti-money laundering (AML), and fraud monitoring rules, third-party service providers engaged by Peko (such as AML and compliance vendors) may process Personal Data on behalf of the Issuer. While Peko contractually engages these vendors, they operate under the regulatory oversight of the Issuer to ensure compliance with CBUAE standards and Applicable Laws.

Each party processes Personal Data only to the extent necessary for its role within the Corporate Cards program and remains responsible for compliance with Applicable Laws within its respective scope.

Peko does not independently assess creditworthiness, risk eligibility, or regulatory suitability where such determinations are required by law.

DATA COLLECTION

Peko collects, uses, stores, and shares Personal Data in accordance with Applicable Laws its implementing regulations. All Personal Data is collected lawfully, fairly, and transparently for specified, explicit, and legitimate purposes, including the provision of our services, compliance with legal obligations, and enhancement of user experience.

When you open an account or use our services, whether directly, through a merchant partner, or via a third-party platform, we may collect the following categories of Personal Data:

  • Identity Data: Information that identifies you as an individual, including your name, username, date of birth, gender, and marital status.
  • Contact Data: Information to contact you, including your email address, phone number, and postal address.
  • Financial Data: Information required for payments and transactions, including bank account details, and payment card information.
  • Transaction Data: Records of your purchases, payments, and other interactions with our services.
  • Technical Data: Automatically collected information related to your devices and platform usage, including IP address, login credentials, browser type and version, operating system, device identifiers, time zone, location information, and other technology-related data.
  • Profile Data: Information about your preferences, interests, purchase history, username, and feedback.
  • Usage Data: Data on how you interact with our website, mobile applications, and services, including feature usage and service activity.
  • Marketing and Communications Data: Your preferences regarding receiving marketing communications and your preferred communication channels.
  • We may also process this information using automated and AI-assisted tools to support platform features, including document processing, analytics, and workflow assistance.

Aggregated Data: Data collected and processed in a manner that does not identify you as an individual, such as statistical information about platform usage. If Aggregated Data is later combined with Personal Data in a way that could identify you, it will be treated as Personal Data and protected under Applicable Laws

Sensitive Personal Data: Sensitive Personal Data includes information about racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health data, or genetic or biometric data. Peko does not collect Sensitive Personal Data for general platform use.
For the Corporate Cards program, Peko, the Issuer and its third-party verification providers may process biometric data for identity verification purposes, where required to comply with the Issuer’s regulatory KYC obligations under UAE law. Such processing is carried out with your explicit consent obtained during onboarding and in accordance with applicable legal requirements.

Sharing with Third Parties: When you use our services through merchant partners or third-party platforms, your Personal Data may be shared with authorized partners solely for the purpose of providing the requested services. All such partners are required to process your Personal Data in compliance with PDPL standards and under our instructions.

Consequences of Not Providing Data: If you fail to provide Personal Data required to comply with applicable legal, regulatory, or contractual obligations, or if required verification, screening, or compliance checks cannot be completed or are not satisfactorily met, Peko may be unable to provide, continue, or maintain the requested products or services. This may result in the refusal to provide a service, limitations or restrictions on access or functionality, suspension, or termination of the relevant product or service, in accordance with applicable law and contractual terms.

HOW IS YOUR PERSONAL DATA COLLECTED?

Peko collects Personal Data through a variety of methods in accordance with Applicable Laws. All Personal Data is collected lawfully, fairly, and transparently, and only for specified, explicit, and legitimate purposes.

Direct interactions: You may provide Personal Data directly to us, including Identity, Contact, and Financial Data, when you:

  • Apply for our products or services.
  • Create an account on our Platform.
  • Subscribe to our services, newsletters or publications.
  • Request marketing communications.
  • Participate in promotions, survey or competitions.
  • Provide feedback or contact us regarding our services.

Personal Data collected via direct interactions is processed on the basis of your consent, the performance of a contract, or compliance with legal obligations, as applicable.

Automated Technologies: When you interact with our Platform, we may automatically collect Technical Data about your devices, browsing actions, and usage patterns. This includes, but is not limited to: IP addresses and device identifiers; browser type and version, operating system, and platform; login data, time zone, and location information; and cookies and similar technologies. This data is collected for the purposes of operating and improving the Platform, ensuring security, detecting and preventing fraud, analyzing usage patterns, and optimizing user experience, and is processed in accordance with Applicable Laws.

Where automated tools or third-party technologies (such as analytics or tracking providers) are used, we obtain consent where required under Applicable Laws, including through cookie banners or similar mechanisms. Certain cookies and technologies that are strictly necessary for the operation, security, or integrity of the Platform may be used without consent, where permitted by law. You can manage your preferences or withdraw consent for optional cookies through your browser settings or via the options described in our Cookie Policy.

Certain features may use automated or AI-assisted processing to support user workflows. These processes do not independently make legally binding or financial decisions, initiate transactions, issue cards, or move funds without user action or approval.

Third parties or publicly available sources: We may receive Personal Data from authorized third parties or publicly available sources, including:

  • Technical Data from analytics providers, advertising networks, and search information providers.
  • Contact, Financial, and Transaction Data from providers of technical, payment, or delivery services.
  • Identity and Contact Data from data brokers, aggregators, or publicly available sources.

All third-party service providers are required to process Personal Data in accordance with PDPL standards, solely for legitimate purposes consistent with this Privacy Policy.

In the context of business accounts and Corporate Cards, Personal Data may also be provided to Peko by the relevant company, employer, account administrator, or authorized representative, including information relating to employees, cardholders, beneficial owners, directors, or signatories. Where Personal Data is provided to Peko by a company, employer, account administrator, or authorized representative, such entity represents that it has a lawful basis to share this information with Peko, the Issuer, and relevant third-party service providers, and that it has brought this Privacy Policy to the attention of the relevant Data Subjects. Such data is processed solely for purposes necessary to provide the requested services, comply with legal and regulatory requirements, and operate the Corporate Cards program.

HOW WE UTILIZE YOUR PERSONAL DATA?

At Peko, all processing is carried out lawfully, fairly, and transparently, and only for specified, explicit, and legitimate purposes:

Legal basis for processing: We process Personal Data on the following lawful bases:

  • Performance of Contract: To fulfill contractual obligations, or take steps prior to entering into a contract with you.
  • Legitimate Interests: For our legitimate interests or those of third parties, provided such interests do not override your fundamental rights and freedoms.
  • Compliance with legal obligations requires us to process your data.
  • Legal obligation: To comply with Applicable Laws, regulations, or legal requests.
  • Consent: Where required, including for sending direct marketing communications via email, SMS, or other channels. You may withdraw consent at any time without affecting other lawful processing.

Certain processing of Personal Data in connection with regulated financial products, including Corporate Cards, is mandatory under applicable law and regulatory requirements. Such processing does not rely on consent and may continue regardless of whether consent is withdrawn, where necessary to comply with legal obligations, prevent fraud and financial crime, manage disputes, or meet card scheme and regulatory requirements. The engagement of third-party service providers for AML and fraud monitoring is a prerequisite for the provision of Corporate Cards. This processing is mandatory to comply with legal obligations and cannot be opted out of if you wish to use these services.

Purpose of processing: We may process your Personal Data for the following purposes:

  • Customer Registration and Account Management: Creating and maintaining accounts, verifying identity, and providing access to our services.
  • Contractual Performance: Managing payments, fees, charges, and collection of amounts due.
  • Personalization and Service Improvement: Analyzing Identity, Contact, Technical, Usage, and Profile Data to enhance our services, tailor content, and optimize user experience.
  • Marketing and Communications: Sending you marketing messages, offers, and communications, based on your preferences and consent.
  • Analytics and Research: Conducting statistical analysis, service improvement, and trend identification.
  • Legal and Regulatory Compliance: Fulfilling obligations imposed by Applicable Laws or regulations.
  • Product development and improvement: to develop, test, maintain, analyse, and improve our products, features, and services, including troubleshooting, data analysis, research, and service optimisation, based on our legitimate interests and in accordance with Applicable Law.
  • To support AI-assisted features on the platform (such as information retrieval, document organisation, and workflow support), using user-provided inputs and relevant platform data.

Marketing Communications: Marketing communications are only sent if you have provided explicit consent. We may share Personal Data with third parties solely for marketing purposes after obtaining your consent. You may withdraw your consent at any time via the opt-out link in marketing emails, or by contacting us directly. Withdrawal of consent does not affect processing necessary for service delivery, contractual obligations, or legal compliance.

Data Usage: Personal Data is only processed for the purposes for which it was collected or for compatible purposes as permitted by law. If we intend to use your Personal Data for a purpose not compatible with the original purpose, we will notify you and obtain your consent where required.

Legal Compliance: In certain circumstances, we may process Personal Data without your consent if required or permitted by applicable law. Such processing is strictly limited to the extent necessary to comply with legal obligations or regulatory requirements.

Data Security: We implement appropriate technical and organizational measures to safeguard Personal Data from unauthorized access, disclosure, alteration, or destruction. This includes encryption, access controls, monitoring, and regular security assessments. All Personal Data, including payment information, is handled in accordance with Applicable Laws and industry-standard security practices. Your credit/debit card details and personally identifiable information are not stored, sold, shared, rented, or leased to any third parties.

At Peko, we are committed to protecting your privacy and ensuring the responsible handling of your Personal Data. If you have any questions or concerns regarding our data practices, please feel free to contact us.

Automated Processing, Monitoring & Program Controls: Peko does not independently carry out solely automated decision-making that produces legal or similarly significant effects on individuals without human involvement.

However, as part of the BIN-sponsored Corporate Cards program, automated processing activities are conducted within the card program infrastructure operated through systems and service providers engaged by Peko, in accordance with requirements imposed by the Issuer, Applicable Laws, and card scheme rules.

These activities include automated transaction monitoring, fraud detection, sanctions screening, transaction authorization, risk scoring, and compliance controls.

Such automated processing may result in outcomes including transaction approvals or declines, temporary card restrictions, investigations, enhanced due diligence reviews, or other compliance-related actions. These processes are intrinsic to the provision of regulated payment services and the prevention of financial crime. Where automated processing (such as fraud detection) results in a legal or similarly significant effect, such as a declined transaction, Data Subjects may request human intervention or further review, subject to applicable regulatory and legal limitations. You may exercise this right by contacting us at privacy@peko.one, subject to regulatory limitations.

SHARING OF PERSONAL DATA

Peko may share your Personal Data with authorized third parties only when necessary, lawful, and in accordance with Applicable Laws. All third parties are required to process Personal Data in compliance with Applicable Laws and solely for purposes consistent with this Privacy Policy.

Categories of Recipients: Your Personal Data may be shared with the following categories of recipients:

  • Service Providers and Processors: Third-party vendors and contractors who perform services on our behalf, including payment processors, delivery providers, IT service providers, analytics, and marketing partners. These parties are bound by agreements to protect your data.
  • Business Partners and Affiliates: Our subsidiaries, affiliates, or strategic partners, where sharing is necessary to provide services, products, or support.
  • Legal and Regulatory Authorities: Where disclosure is required to comply with legal obligations, enforce contracts, or respond to lawful requests from government or regulatory authorities.
  • Professional Advisors: Lawyers, auditors, consultants, and other professional advisors engaged by Peko to support lawful business operations.
  • Corporate Cards Program Participants: Where you apply for or use Corporate Cards, Personal Data is processed within the Corporate Cards program by Peko, the Issuer, and third-party service providers engaged by Peko to support issuance, transaction processing, compliance, fraud prevention, dispute handling, customer support, technology infrastructure, and regulatory obligations. Such processing occurs as part of the operation of the card program and is limited to purposes necessary for the provision of the Corporate Cards services.

Purpose of Sharing: Personal Data is shared strictly for purposes that are::

  • Necessary for the provision of services and products.
  • Required to comply with legal or regulatory obligations.
  • Necessary for legitimate business interests, provided such interests do not override your fundamental rights and freedoms.

Allocation of roles within the Corporate Cards Program: The roles of Peko, the Issuer, and third-party service providers in relation to Personal Data depend on the specific processing activity and the applicable legal framework.

Within the Corporate Cards program, the Issuer retains regulatory responsibility for processing required by banking law and card scheme rules. Peko determines and controls processing related to platform functionality and program administration. Third-party service providers engaged by Peko process Personal Data as processors or sub-processors within the program, acting under Peko’s instructions and within the scope of the Issuer-regulated arrangement.

The allocation of responsibilities is governed by contractual arrangements and applicable law, and each party remains responsible for compliance with its own data protection obligations within its respective scope.

In connection with payment card transactions, Personal Data is processed in accordance with applicable card network rules and operating regulations. Such processing is necessary for transaction routing, authorization, settlement, fraud prevention, and dispute management and is carried out within the framework of the Corporate Cards program.

Service Fulfilment and Third-Party Providers: When you request or purchase a service through the Platform, certain Personal Data may be shared with third-party service providers engaged by Peko to deliver or support that service. Such sharing is strictly limited to information necessary for fulfilment and communication related to the requested service.

By placing an order or proceeding with a service request, you consent to Peko sharing your Personal Data with these providers solely for the purpose of service delivery.

All such third-party providers are bound by contractual obligations to maintain confidentiality, ensure appropriate security measures, and process Personal Data only under Peko’s instructions and in accordance with Applicable Laws.

Cross-Border Transfers: Sometimes, we may need to transfer your Personal Data outside the United Arab Emirates (UAE). This can happen when our service providers, partners, or data hosting systems are based in other countries.

Whenever we transfer your data internationally, we make sure it stays protected to the same high standards required under Applicable Laws and its Executive Regulations.

We only transfer your Personal Data when one or more of the following apply:

  • The transfer is necessary for performing a contract with you or to take steps at your request before entering into a contract.
  • The destination country has been approved by the UAE Data Office as providing an adequate level of protection.
  • Appropriate safeguards are in place, such as data transfer agreements or standard contractual clauses that ensure your rights are protected.
  • You have provided clear consent for the transfer, after being informed of any potential risks.
  • The transfer is required to establish, exercise, or defend legal claims, or to protect the public interest.

All transfers are monitored to ensure ongoing compliance, and we take steps to prevent unauthorized access, misuse, or disclosure of your Personal Data during and after transfer.

As the Corporate Cards program operates through global payment card network infrastructure and third-party service providers engaged by Peko, Personal Data may be transmitted and processed across multiple jurisdictions as part of transaction routing, authorization, settlement, fraud prevention, and dispute management. Such transfers occur within the framework of the Issuer-regulated card program and are subject to appropriate safeguards in accordance with Applicable Laws. In certain cases, including for compliance, fraud prevention, and sanctions screening purposes, Personal Data may be transmitted to jurisdictions outside the UAE in accordance with applicable law and appropriate safeguards.

Third-party marketing: We do not share your Personal Data with third parties for marketing purposes without your explicit consent. You have the right to withdraw your consent at any time, without affecting other processing activities necessary for service delivery or legal compliance.

Data Sharing Principles

  • Personal Data is shared only to the extent necessary for the purpose for which it was collected.
  • All recipients are contractually obligated to protect your Personal Data and use it only for permitted purposes.
  • Sharing of Personal Data is monitored to ensure ongoing PDPL compliance.

DATA RETENTION

We keep your Personal Data only for as long as we need it and not longer. The length of time depends on what we’re using the data for, including providing you with services, meeting legal or regulatory requirements, resolving disputes, and enforcing our agreements.

When deciding how long to keep your information, we consider:

  • The type of Personal Data and its sensitivity.
  • The reason we collected it in the first place.
  • The potential risk of harm from unauthorized use or disclosure.
  • Any legal, regulatory, tax, or accounting obligations that require us to keep certain records.

Upon expiry of the retention period, Personal Data will be permanently deleted or irreversibly anonymized using secure methods in accordance with PDPL guidelines. Retention periods are defined based on contractual, legal, and business needs. For Corporate Cards and other regulated financial products, Personal Data may be retained for longer periods where required under applicable banking, financial services, anti-money laundering, or regulatory record-keeping obligations imposed on the Issuer or the card program.

PROTECTING YOUR DATA

We take your data security seriously. Peko uses a combination of technical, organizational, and administrative measures to protect your Personal Data from being accidentally lost, accessed, used, altered, or disclosed in an unauthorized way.

Access to your Personal Data is strictly limited to employees, agents, contractors, and other third parties who have a legitimate business need to know it. They are bound by confidentiality obligations and only process your data based on our instructions.

User Account security and awareness: To enhance the protection of your Personal Data, Peko provides users with tools and guidance to secure their accounts, including multi-factor authentication (MFA) and password best practices. We also monitor our systems for suspicious activity and may alert you if we detect any unusual account behavior.

While we implement robust technical and organizational measures, we also encourage users to remain vigilant against phishing or fraudulent communications claiming to represent Peko. Please contact us immediately if you suspect any unauthorized access or suspicious activity involving your account.

Data breach notification: We continuously monitor our systems and security controls to detect, prevent, and respond to potential threats. In the event that we become aware of a Personal Data breach, we will act promptly in accordance with our internal Incident Response and Breach Management Procedures. In the event of a breach involving the Corporate Cards program, Peko will coordinate its response and notifications with the Issuer to ensure all regulatory reporting obligations to the Central Bank of the UAE (CBUAE) and the UAE Data Office are met in a synchronized manner.

Where the breach is likely to result in a risk to your rights and freedoms, we will notify you without undue delay, providing clear information about the nature of the breach, the categories of data affected, and any recommended measures you can take to mitigate potential harm.

In accordance with Article 9(5) of the UAE Personal Data Protection Law (PDPL), Peko shall also notify the UAE Data Office within seventy-two (72) hours of becoming aware of the breach, including details of its nature, impact, and remedial steps taken to address it.

Continuous security improvement: Peko continually monitors emerging cybersecurity and data protection risks, including developments in AI, advanced encryption standards, and threat intelligence. Our security framework is periodically reviewed and updated to address evolving technologies and regulatory expectations. We conduct Data Protection Impact Assessments (DPIA) for high-risk processing activities, such as automated monitoring and biometric verification, to mitigate potential risks to your privacy.

Customer compliance support and breach response SLA: Peko is committed to supporting its customers’ compliance requirements under Applicable Laws. In the event of a Personal Data breach affecting customer information, we will notify affected customers promptly and, where applicable, within the timelines agreed under our contractual obligations or applicable law. We will also provide reasonable assistance to enable customers to meet their own legal or regulatory reporting duties.

YOUR RIGHTS UNDER THE LAW

In accordance with Applicable Laws and its Executive Regulations, you are entitled to exercise certain rights in relation to your Personal Data held or processed by Peko. These rights are outlined below, subject to applicable legal limitations and verification requirements.

  • Right to access: You may request confirmation of whether we process your Personal Data and obtain a copy of such data, along with information on the purposes of processing and categories of data involved.

  • Right to correction: You have the right to request the correction or updating of inaccurate, incomplete, or outdated Personal Data that we hold about you.

  • Right to erasure: You may request the deletion of your Personal Data where:
    • The data is no longer necessary for the purposes for which it was collected;
    • You withdraw consent (where processing is based on consent); or
    • The data has been unlawfully processed.

    • Please note that for Corporate Cardholders, the Right to Erasure is subject to significant legal restrictions. Under UAE AML and banking regulations, we and the Issuer are required to retain transaction and identity records for a statutory period (typically 5 to 10 years). Consequently, we may be legally unable to delete your data until this mandatory retention period has expired, even if an erasure request is made.

  • Right to restrict processing: You may request that we restrict the processing of your Personal Data in certain circumstances, such as when the accuracy of the data is contested or when processing is unlawful but you do not wish for the data to be erased.

  • Right to object: You have the right to object to the processing of your Personal Data, including for direct marketing purposes, or where processing is based on our legitimate interests.

  • Right to data portability: You may request to receive your Personal Data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another Controller, where technically feasible

  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal of consent will not affect the lawfulness of any processing carried out before the withdrawal.

    • Please note that the exercise of certain data protection rights may be restricted or limited where Personal Data is processed to comply with legal or regulatory obligations, including banking, anti-money laundering, counter-terrorist financing, fraud prevention, transaction monitoring, dispute handling, and record-keeping requirements. In such cases, Peko may be unable to fulfil a request in full and will inform you where applicable.

    To exercise any of your rights, please contact us using the details provided below. For requests specifically relating to data controlled by the Issuer, we may facilitate your request or provide you with the appropriate contact details for the Issuer’s data protection team. You will not be required to pay a fee to access your Personal Data or to exercise your rights. However, we may charge a reasonable fee or refuse to act on requests that are unfounded, repetitive, or excessive.

    To protect your privacy and security, we may need to verify your identity before fulfilling your request. In certain cases, we may request additional information to clarify or expedite our response. We aim to respond to all legitimate requests within one (1) month. Where a request is complex or involves multiple submissions, we may extend this period by an additional one (1) month, and we will notify you accordingly.

  • Contact, Complaints & Data Office: If you have any questions, concerns, or complaints about how Peko collects or uses your Personal Data, or if you wish to exercise any of your data protection rights, you may contact us using the details below:

Contact, Complaints & Data Office:If you have any questions, concerns, or complaints about how Peko collects or uses your Personal Data, or if you wish to exercise any of your data protection rights, you may contact us using the details below:

Data Protection Contact:

Email:privacy@peko.one

Address: Peko Payment Services LLC, UG 05-07, A7 Building, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates.

Peko takes all privacy-related concerns seriously. We will acknowledge and investigate your request or complaint promptly and provide a response within the timeframes required by law.

If you are not satisfied with how we have handled your concern, you have the right to file a complaint directly with the UAE Data Office, the competent supervisory authority for data protection in the UAE.

THIRD-PARTY LINKS AND EXTERNAL SERVICES

Our Platform may include links to third-party websites, plug-ins, or applications that are not operated or controlled by Peko. Clicking on those links or enabling such connections may allow third parties to collect or share data about you.

We are not responsible for the privacy practices, security standards, or content of such third-party websites or services. When you leave our Platform, we encourage you to read the privacy policies of every website or service you visit to understand how your Personal Data may be collected and used.

Peko does not endorse or make any representations about third-party websites, their content, products, or services. Your use of third-party links or resources is entirely at your own risk and subject to the respective third party’s terms and privacy policy.

CHILDREN’S PRIVACY

We recognize the importance of protecting the privacy and safety of children, especially in an online environment. Our Platform and services are not intended for, and should not be used by individuals under the age of 18 without verified parental or guardian consent.

Peko does not knowingly collect or process Personal Data from anyone under 18 years of age, except where it is necessary to provide services directly to such individuals and only with the documented consent of a parent or legal guardian, as required under Applicable Laws.

If we become aware that we have inadvertently collected Personal Data from a minor without the required consent, we will take immediate steps to delete such information from our records.

Parents or guardians who believe that their child may have provided us with Personal Data without their consent are encouraged to contact us at privacy@peko.one

REVIEW AND UPDATES

We are committed to keeping this Privacy Policy current and compliant with Applicable Laws.

Peko periodically reviews and updates this Policy to reflect changes in our business practices, legal obligations, or technological developments. The most recent version will always be available on our website, with the “Effective Date” clearly indicated at the top of the Policy. This Privacy Policy applies from the Effective Date stated above and supersedes all prior versions.”

If any material changes are made that affect how we process your Personal Data, we will notify you in advance through reasonable means such as by email (if available) or a prominent notice on our Platform before the changes take effect.

Continued use of our services after the Effective Date of an updated Policy constitutes your acknowledgment and acceptance of the revised terms. If you do not agree to the updated Policy, you may discontinue use of our Services and request account deletion.

This Privacy Policy applies solely to Peko and its affiliated entities. It does not extend to third-party websites, applications, or entities not owned or controlled by Peko.

For any questions or concerns regarding this Privacy Policy or our data protection practices, you may contact us at: privacy@peko.one

An all-in-one platform for businesses, to manage all their payments, expenses, and automate their multiple operations.

Ready to experience your all-in-one business commander?

Download now

Company

About us

Press

Careers

Products

Co-founder AI

Corporate Cards

Accounting

WPS Payroll & HR

Corporate Travel

Invoicing & Payment Links

Bill Payments

Business Essentials

Logistics

Other Services

Platforms

Peko Platinum

Banks

Freezones

Government

Telecom

Payment Aggregators

Incubators/Accelerators​

E-commerce

Other Industries

Resources

Partner with us

Peko's Marketplace

Pricing

Blog

User Feedback

Contact Us

Zero Carbon

Legal

Peko Platform Agreement

Corporate Card T&Cs

Corporate Cards Disclosures

Privacy Policy

Cookie Policy

Refund & Cancellation Policy

Acceptable Use Policy

© 2026 Peko Payment Services LLC

Content on this website is provided for general informational purposes only and should not be relied upon as legal, financial, or professional advice. You are responsible for seeking independent professional advice appropriate to your circumstances.

This website may contain links to third-party websites. Peko does not control or endorse such sites and is not responsible for their content, accuracy, advertisements, or data practices. You should review the applicable terms and privacy policies of any third-party sites you visit.

Corporate cards made available through the Peko platform are issued by licensed financial institutions and are subject to applicable regulatory oversight, including by the Central Bank of the UAE where relevant. Peko is not a bank, does not issue cards, and does not provide regulated financial services.

The website and its content are provided on an “as is” and “as available” basis. To the extent permitted by law, Peko disclaims all warranties and shall not be liable for any loss or damage arising from the use of this website or its content.

Peko may update the website or this disclaimer at any time without prior notice. Continued use of the website constitutes acceptance of such changes. All content on this website is protected by applicable intellectual property laws.

For questions, contact info@peko.one.