Privacy Notice
Nivoda Limited and its affiliates (collectively “Nivoda”, “we” and “us”) take your data and privacy very seriously.
This Privacy Notice together with the materials referred to in it describes the types of Personal Data we collect and process through our platform (“Platform”), including our website nivoda.com. This notice also describes, among others, how we use Personal Data, with whom we share it and your rights and choices.
We need to use your personal data to operate our business, provide you with the services through our Platform and fulfill other necessary purposes as outlined in details below. Please read this Privacy Notice carefully before using our Platform.
TABLE OF CONTENTS
1. ABOUT US
Nivoda Limited, together with its affiliates (collectively referred to as “Nivoda,” “we,” or “us”), operates globally. Nivoda Limited is registered in England and Wales under company number 10736332, VAT number GB274703691 and has its registered office at 100 Hatton Garden Suite 202 London, United Kingdom EC1N 8NX We are the data controller,responsible for your personal data, and we are registered with the Information Commissioner’s Office (“ICO”)) with reference number ZA436707.
2. PERSONAL DATA WE COLLECT ABOUT YOU
Registration, account set up, service usage: To access the Platform you need to have an Account. When you create an account at Nivoda you provide us with the following information:
- Your Full Name
- Your Email Address
- Your Phone Number
- Your chosen Password (note: we store an encrypted version of your password and are never able to see your plaintext password)
- (optional) Your Profile Image
In order to register your Business on the Platform you provide us with the following information:
- Registered Company Address, including Country, Postal Code and City
- Website
- Company Registration information, including Registration Number, Registration Date and Entity Type • Applicable Tax Number (e.g. VAT number)
Compliance with legal obligation: To comply with our AML and KYC policy you provide us with the following information:
- List of Directors
- Identity Proof of Directors
- Address Proof of Directors
- Certificate of Incorporation
- Business Address Proof
For each additional Office you register to the Platform you provide us with the following information:
- Registered Address, including country, postal code and city
- Office Email Address
- Business Address Proof
- (optional) Office Website
When you add your Bank Account to the Platform you provide us with the following information:
- Bank Account Number
- Bank Account Holder
- BIC or SWIFT number
When you make purchases on the Platform we store information about each order, including:
- Date and Time
- Delivery Office
- Delivery Deadline
- Amount
During customer service and virtual assistant interaction:
We also collect information when you communicate with us through our customer service channels, such by phone and live chat. In compliance with applicable law we may record the call and store chat transcripts. Please note that we use chatbot/virtual assistant to assist you with customer service requests and, by using the live chat, you agree to the practice described in this Privacy Notice.
Information that we collect automatically:
Browser and Device data: We automatically collect technical and device information of your browser when you use the Platform service, such as: IP address, device type, operating system and Internet browse type, screen resolution, operating system name and version, device manufacturer and model and language.
Usage data: We use session replay technology to collect information such as the time spent on the platform, pages visited, links clicked, language and account preferences and the pages that led or referred you to the Platform.
3. MINORS
Protecting the privacy of the minors is of utmost importance to us. Access to the Platform is not directed to individuals under the age of thirteen (13) and we request that they not provide Personal Data through the Platform. In any case, we do not knowingly collect personal data from minors. If we become aware of any such data inadvertently collected, we will take immediate steps to delete it.
4. HOW WE USE PERSONAL DATA AND LEGAL BASIS
A. Our Platform
We use Personal Data to facilitate the use of the Platform, to comply with our financial regulatory and other legal obligations and to pursue our legitimate business interests. We also use Personal Data to complete Transactions and to provide payment-related services.
B. Use of the Platform
Personal Data allows us to enable the following (among other functions): Register an Account, Access the Platform, Search for Goods, Manage Account Settings, Make and Manage Purchases, Send and Manage Transactions, Exchange Currencies, Manage Bank Accounts.
C. Legal and Regulatory Compliance
We use Personal Data to verify the identity of our Users in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your Customer) obligations, and financial reporting obligations. For example, we may be required to record and verify a User’s identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties, and to submit to third party verification audits.
D. Marketing and events-related communication
We may send you communications through email about Nivoda’s Platform or new features and/or products, invite you to participate in events or surveys, or other marketing purposes in accordance with the consent requirements imposed by applicable law.
Legal basis
We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable laws. We rely on our legitimate business interests to process Personal Data. The following list sets out the purposes that we have identified as legitimate:
- Monitor, prevent and detect fraud and unauthorized Transactions
- Mitigate financial loss, claims, liabilities or other harm to Users and Nivoda
- Respond to queries, send Platform notices and provide support
- Promote, analyze, modify and improve our Platform, systems and tools, and develop new features and tools
- Monitor, operate and improve the performance of the Platform by understanding their effectiveness
- Analyze and advertise our Platform
- Conduct aggregate analysis and develop business intelligence that enables us to operate, protect, make decisions and report on the performance of our business
- Share Personal Data with Third Party service providers that provide services on our behalf
- Ensure Security throughout Nivoda
5. HOW WE SHARE PERSONAL DATA
Nivoda does not sell or rent Personal Data to anyone. We only share Personal Data with trusted entities, as outlined below, when we have a lawful basis to do so or when you have expressly made such personal data public.
Service Providers
We share Personal Data with a limited number of Service Providers. We have service providers that provide services on our behalf, such as identity verification services to ensure customer security, couriers, real time transactions monitoring, credit checks and reports for assessing customer eligibility for extended payment terms, fraud checks (with provider such as CreditSafe), billing, transaction and payment services, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing services. We also use security services to help us mitigate threats such as unauthorized access, DDOs attacks,and other malicious activities. These service providers may need to access Personal Data to perform their services. These service providers may use machine learning solutions as necessary to enhance their services. We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union and the United States of America. Whenever we transfer Personal Data to countries outside of the European Economic Area (“EEA”), we ensure that the information is transferred in accordance with this Privacy Notice and as permitted by the applicable laws on data protection.
Business Partners
We share Personal Data with third party business partners when this is necessary to provide our Platform functionality. Examples of third parties to whom we may disclose Personal Data for this purpose are banks and payment method providers (such as credit card networks) when we provide Transaction processing services.
Compliance and Harm Prevention
We share Personal Data as we believe necessary: (i) to comply with applicable law, or payment method rules; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of Nivoda, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
Buy Now Pay Later/Extended Payment Providers
If you use our buy now, pay later function or we otherwise provide extended payment terms to you (“BNPL Service”), the Personal Data you provide will be processed by our third party credit and payment service provider, MarketFinance Limited ( the “BNPL Service Provider”) to assess your eligibility for the BNPL Service and for other purposes including fraud prevention and identity verification.
The BNPL Service Provider may share your Personal Data with credit reference agencies (“CRA”) they work with such as Experian and may use Personal Data about you, and anyone with a financial association to you (a financial association is a link that’s created when you apply for a financial agreement with someone else). The BNPL Service Provider may also collect this information from other credit reference agencies in order to assist in assessing your eligibility for credit and payment services in connection with the BNPL Service. The data accessed contains publicly held data, including the electoral roll and shared credit performance data.
When a CRA receives a search from us or a BNPL Service Provider to assess your eligibility for the BNPL Service, the CRA will place a soft quotation search footprint on your credit report, regardless of whether you progress any application. This search will not affect your ability to gain credit.
If you choose to pursue an application for the BNPL Service, any Personal Data that you provide will be shared with our BNPL Service Provider. Upon making a purchase for goods or services using the BNPL Service, the BNPL Service Provider may undertake a search with a CRA which will leave a hard search footprint on your credit report. The BNPL Service Provider may also continue to exchange information about your business with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs may share your Personal Data with other organizations.
Further information about each CRA and what it does with Personal Data is available at the following locations:
You can contact any of the CRAs if you wish to obtain a copy of your personal or business credit report.
6. YOUR RIGHTS AND CHOICE
You have choices regarding your Personal Data:
Opting out of Electronic Communication
If you no longer want to receive Marketing-related emails from us, you can click on the unsubscribe link provided at the bottom of each email. We may still send you important service related messages that are required to provide our Platform functionality.
See, change or rectify your Personal Data
You can see, change and rectify your Personal Data by going to the Settings section on the Platform. You can also contact us to inform us of changes.
Data Protection Rights
You have the following rights:
- The right to request confirmation of whether Nivoda processes Personal Data relating to you
- The right to access and to request a copy of your Personal Data
- The right to request Nivoda to update Personal Data that is incorrect, inaccurate or outdated
- The right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible
- The right to request Nivoda to delete your Personal Data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. For example, where we have a legal obligation to retain and store your personal data.
- The right to request Nivoda to stop processing your Personal Data
- The right to request manual review of automated decisions (including but not limited to KYC checks)
- Wherever the processing of your Personal Data is based on your given consent, you have the right to revoke that consent at all times.
7. SECURITY AND DATA RETENTION
A. Security
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical, security and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties and provide services to you. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please let us know immediately.
All Personal Data is stored in the European Union, stored on secure servers, and transmitted and encrypted using Secured Sockets Layer technology.
B. Data Retention
We retain your Personal Data as long as we are providing Platform access to you. We retain Personal Data after we cease providing Platform access to you, even if you close your Nivoda account, only to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods that we support. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
8. INTERNATIONAL DATA TRANSFER
We are part of a global group of companies. When providing our services through the Platform we process your personal data in the European Economic Area (“EEA”), United Kingdom ( “UK”), US, and other countries in which we and our partners operate for purposes described in this notice. This includes sharing your information with our US parent company, and other group companies in our global group, as well as third party service providers. We will transfer your information only to those countries to which we are permitted by law to do so, and we will take all the reasonable steps to ensure that your information is protected.
Transfer Mechanisms
Whenever we transfer personal information to a third country outside of the EEA UK and Switzerland, we do so on one or more of the following legal bases and transfer mechanisms:
- Necessary to perform our contract with you. You may choose whether or not to use our Platform. However, if you want to use the Platform you must agree to the terms and conditions, which set out the contract between us and you. As we use technical infrastructure in the EEA, UK, US and other countries to deliver the services to you, in accordance with our contract with you, we may need, occasionally, to transfer your personal information within the EEA, to the US and to other jurisdictions as necessary to provide the Services.
Where applicable, we rely on:
- Existing decision by the EU Commission, based on Article 45 of Regulation (EU) 2016/679 (GDPR) in which the EU Commission has stipulated that certain third countries provide for an essentially adequate level of data protection as under the GDPR(e.g. for transfer from the EEA to the UK)
- Adequacy decision by the UK Secretary of State, based on Article 45 of the UK GDPR and Section 17A of the Data Protection Act 2018.
In the absence of an adequacy decision, we have implemented appropriate transfer mechanisms to safeguard your personal information when we transfer it outside of the EEA:
-
- Standard Contractual Clauses (SCCs).The European Commission has adopted Standard Contractual Clauses, also known as Model Clauses, which provide safeguards for personal information that is transferred outside of the UK / EU or EEA. You may view the SCCs on the Commission’s website, here.
- Binding corporate rules (intra group transfer agreements). We use intra-group transfer agreements (BCRs) to protect your personal data during transfers from the EEA to third countries within our group.
9. HOW TO CONTACT US, DATA PROTECTION AUTHORITY, COMPLAINTS
If you have any questions or comments about this notice, your personal data or your choice and rights, please contact: [email protected]
You have the right to file a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
If you live in the EEA you are entitled to also file a complaint to your local Data Protection Authority. You may find details of your local authority here
We have appointed a Data Protection Officer (“DPO”). Our EU DPO has a number of important responsibilities including: monitoring Nivoda’s compliance with the GDPR and other data protection laws, raising awareness of data protection issues, training Nivoda staff and conducting internal audits, and cooperating with supervisory authorities such as the ICO on our behalf. You can also contact our DPO in writing at the address in section 1 marked for the attention of the EU DPO or by sending an email to [email protected]
10. UPDATES TO THE PRIVACY NOTICE
We may change this Notice from time to time to reflect changes in our practices or relevant laws. Any changes are effective when we publish the updated Notice on the Platform. We will provide you with disclosures and alerts regarding the Notice or Personal Data collected by posting them on our website and by contacting you through the Platform and email address of your Account.