Privacy Notice

Nivoda Limited and its affiliates (collectively “Nivoda”, “we” and “us”) take your data and privacy very seriously. 

This Privacy Notice together with the materials referred to in it  describes the types of Personal Data we collect and process through our platform (“Platform”), including our website nivoda.com. This notice also describes, among others, how we use Personal Data, with whom we share it and your rights and choices.

We need to use your personal data to operate our business, provide you with the services through our Platform and fulfill other necessary purposes as outlined in details below. Please read this Privacy Notice carefully before using our Platform.

TABLE OF CONTENTS

1. ABOUT US

Nivoda Limited, together with its affiliates (collectively referred to as “Nivoda,” “we,” or “us”), operates globally. Nivoda Limited is registered in England and Wales under company number 10736332, VAT number GB274703691 and has its registered office at 100 Hatton Garden Suite 202 London, United Kingdom EC1N 8NX We are the data controller,responsible for your personal data, and we are registered with the Information Commissioner’s Office (“ICO”)) with reference  number ZA436707.

2. PERSONAL DATA WE COLLECT ABOUT YOU

Registration, account set up, service usage: To access the Platform you need to have an Account. When you create an account at Nivoda you provide us with the following information: 

  • Your Full Name 
  • Your Email Address 
  • Your Phone Number 
  • Your chosen Password (note: we store an encrypted version of your password and are never able to see your plaintext password)
  • (optional) Your Profile Image 

In order to register your Business on the Platform you provide us with the following information: 

  • Registered Company Address, including Country, Postal Code and City 
  • Website 
  • Company Registration information, including Registration Number, Registration Date and Entity Type Applicable Tax Number (e.g. VAT number) 


Compliance with legal obligation
: To comply with our AML and KYC policy you provide us with the following information: 

  • List of Directors 
  • Identity Proof of Directors 
  • Address Proof of Directors 
  • Certificate of Incorporation 
  • Business Address Proof 

For each additional Office you register to the Platform you provide us with the following information: 

  • Registered Address, including country, postal code and city 
  • Office Email Address 
  • Business Address Proof 
  • (optional) Office Website 

When you add your Bank Account to the Platform you provide us with the following information: 

  • Bank Account Number 
  • Bank Account Holder 
  • BIC or SWIFT number 

When you make purchases on the Platform we store information about each order, including:

  • Date and Time 
  • Delivery Office 
  • Delivery Deadline 
  • Amount 


During customer service and virtual assistant interaction: 

We also collect information when you communicate with us through our customer service channels, such by phone and live chat. In compliance with applicable law we may record the call and store chat transcripts. Please note that we use chatbot/virtual assistant to assist you with customer service requests and, by using the live chat, you agree to the practice described in this Privacy Notice. 

Information that we collect automatically: 

Browser and Device data: We automatically collect technical and device information of your browser when you use the Platform service, such as: IP address, device type, operating system and Internet browse type, screen resolution, operating system name and version, device manufacturer and model and language.

Usage data: We use session replay technology to collect information such as the time spent on the platform, pages visited, links clicked, language and account preferences and the pages that led or referred you to the Platform.

3. MINORS

Protecting the privacy of the minors is of utmost importance to us. Access to the Platform is not directed to individuals under the age of thirteen (13) and we request that they not provide Personal Data through the Platform. In any case, we do not knowingly collect personal data from minors. If we become aware of any such data inadvertently collected, we will take immediate steps to delete it.

4. HOW WE USE PERSONAL DATA AND LEGAL BASIS 

A. Our Platform 

We use Personal Data to facilitate the use of the Platform, to comply with our financial regulatory and other legal obligations and to pursue our legitimate business interests.  We also use Personal Data to complete Transactions and to provide payment-related services.

B. Use of the Platform 

Personal Data allows us to enable the following (among other functions): Register an Account, Access the Platform, Search for Goods, Manage Account Settings,  Make and Manage Purchases, Send and Manage Transactions, Exchange Currencies, Manage Bank Accounts.

C. Legal and Regulatory Compliance 

We use Personal Data to verify the identity of our Users in order to comply with fraud monitoring, prevention and detection obligations, laws  associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your Customer) obligations, and financial reporting obligations. For example, we may be required to record and verify a User’s identity for the  purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the  operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties, and to submit to  third party verification audits. 

D. Marketing and events-related communication 

We may send you communications through email about Nivoda’s Platform or new features and/or products, invite you to participate in events or  surveys, or other marketing purposes in accordance with the consent requirements imposed by applicable law. 

Legal basis 

We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable laws. We rely on our legitimate business interests to process Personal Data. The following list sets out the purposes that we have identified as  legitimate:

  • Monitor, prevent and detect fraud and unauthorized Transactions 
  • Mitigate financial loss, claims, liabilities or other harm to Users and Nivoda 
  • Respond to queries, send Platform notices and provide support 
  • Promote, analyze, modify and improve our Platform, systems and tools, and develop new features and tools 
  • Monitor, operate and improve the performance of the Platform by understanding their effectiveness 
  • Analyze and advertise our Platform 
  • Conduct aggregate analysis and develop business intelligence that enables us to operate, protect, make decisions and  report on the performance of our business 
  • Share Personal Data with Third Party service providers that provide services on our behalf  
  • Ensure Security throughout Nivoda

5. HOW WE SHARE PERSONAL DATA

Nivoda does not sell or rent Personal Data to anyone. We only share Personal Data with trusted entities, as outlined below, when we have a lawful basis to do so or when you have expressly made such personal data public.

Service Providers 

We share Personal Data with a limited number of Service Providers. We have service providers that provide services on our behalf, such as  identity verification services to ensure customer security, couriers, real time transactions monitoring, credit checks and reports for assessing customer eligibility for extended payment terms, fraud checks (with provider such as CreditSafe), billing, transaction and payment services, data analysis, information technology and related infrastructure, customer service, email delivery,  and auditing services. We also use security services to help us mitigate threats such as unauthorized access, DDOs attacks,and other malicious activities. These service providers may need to access Personal Data to perform their services. These service providers may use machine learning solutions as necessary to enhance their services. We authorize such service providers  to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such  service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service  providers are predominantly located in the European Union and the United States of America. Whenever we transfer Personal Data to countries outside of the European Economic Area (“EEA”), we ensure that the information is transferred in accordance with this Privacy Notice and as permitted by the applicable laws on data protection. 

Business Partners 

We share Personal Data with third party business partners when this is necessary to provide our Platform functionality. Examples of third parties  to whom we may disclose Personal Data for this purpose are banks and payment method providers (such as credit card networks) when we  provide Transaction processing services. 

Compliance and Harm Prevention 

We share Personal Data as we believe necessary: (i) to comply with applicable law, or payment method rules; (ii) to enforce our contractual  rights; (iii) to protect the rights, privacy, safety and property of Nivoda, you or others; and (iv) to respond to requests from courts, law  enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of  residence. 

Buy Now Pay Later/Extended Payment Providers

If you use our buy now, pay later function or we otherwise provide extended payment terms to you (“BNPL Service”), the Personal Data you  provide will be processed by our third party credit and payment service provider, MarketFinance Limited ( the “BNPL Service Provider”) to  assess your eligibility for the BNPL Service and for other purposes including fraud prevention and identity verification. 

The BNPL Service Provider may share your Personal Data with credit reference agencies (“CRA”) they work with such as Experian and may  use Personal Data about you, and anyone with a financial association to you (a financial association is a link that’s created when you apply for a  financial agreement with someone else). The BNPL Service Provider may also collect this information from other credit reference agencies in  order to assist in assessing your eligibility for credit and payment services in connection with the BNPL Service. The data accessed contains  publicly held data, including the electoral roll and shared credit performance data. 

When a CRA receives a search from us or a BNPL Service Provider to assess your eligibility for the BNPL Service, the CRA will place a soft  quotation search footprint on your credit report, regardless of whether you progress any application. This search will not affect your ability to  gain credit. 

If you choose to pursue an application for the BNPL Service, any Personal Data that you provide will be shared with our BNPL Service  Provider. Upon making a purchase for goods or services using the BNPL Service, the BNPL Service Provider may undertake a search with a  CRA which will leave a hard search footprint on your credit report. The BNPL Service Provider may also continue to exchange information  about your business with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs may  share your Personal Data with other organizations.

Further information about each CRA and what it does with Personal Data is available at the following locations: 


You can contact any of the CRAs if you wish to obtain a copy of your personal or business credit report.

6. YOUR RIGHTS AND CHOICE

You have choices regarding your Personal Data:

Opting out of Electronic Communication 

If you no longer want to receive Marketing-related emails from us, you can click on the unsubscribe link provided at the bottom of  each email. We may still send you important service related messages that are required to provide our Platform functionality. 

See, change or rectify your Personal Data

You can see, change and rectify your Personal Data by going to the Settings section on the Platform. You can also contact us to inform us of changes.

Data Protection Rights 

You have the following rights: 

  • The right to request confirmation of whether Nivoda processes Personal Data relating to you
  • The right to access and to request a copy of your Personal Data 
  • The right to request Nivoda to update Personal Data that is incorrect, inaccurate or outdated 
  • The right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible
  • The right to request Nivoda to delete your Personal Data. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. For example, where we have a legal obligation to retain and store your personal data. 
  • The right to request Nivoda to stop processing your Personal Data 
  • The right to request manual review of automated decisions (including but not limited to KYC checks) 
  •  Wherever the processing of your Personal Data is based on your given consent, you have the right to revoke that consent at all times.

7. SECURITY AND DATA RETENTION

A. Security

We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain  organizational, technical, security and administrative measures designed to protect Personal Data within our organization against unauthorized access,  destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the  information to perform their duties and provide services to you. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have  reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been  compromised), please let us know immediately.

All Personal Data is stored in the European Union, stored on secure servers, and transmitted and encrypted using Secured Sockets Layer  technology.

B. Data Retention

We retain your Personal Data as long as we are providing Platform access to you. We retain Personal Data after we cease providing Platform  access to you, even if you close your Nivoda account, only to the extent necessary to comply with our legal and regulatory obligations, and for the  purpose of fraud monitoring, detection and prevention. We also retain Personal Data to comply with our tax, accounting, and financial reporting  obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is  mandated by the payment methods that we support. Where we retain data, we do so in accordance with any limitation periods and records  retention obligations that are imposed by applicable law.

8. INTERNATIONAL DATA TRANSFER

We are part of a global group of companies. When providing our services through the Platform we process your personal data in the European Economic Area (“EEA”), United Kingdom ( “UK”), US, and other countries in which we and our partners operate for purposes described in this notice. This includes sharing your information with our US parent company, and other group companies in our global group, as well as third party service providers. We will transfer your information only to those countries to which we are permitted by law to do so, and we will take all the reasonable steps to ensure that your information is protected.

Transfer Mechanisms

Whenever we transfer personal information to a third country outside of the EEA UK and Switzerland, we do so on one or more of the following legal bases and transfer mechanisms:

  • Necessary to perform our contract with you. You may choose whether or not to use our Platform. However, if you want to use the Platform you must agree to the terms and conditions, which set out the contract between us and you. As we use technical infrastructure in the EEA, UK, US and other countries to deliver the services to you, in accordance with our contract with you, we may need, occasionally,  to transfer your personal information within the EEA, to the US and to other jurisdictions as necessary to provide the Services.


Where applicable, we rely on:

  •  Existing decision by the EU Commission, based on Article 45 of Regulation (EU) 2016/679 (GDPR) in which the EU Commission has stipulated that certain third countries provide for an essentially adequate level of data protection as under the GDPR(e.g. for transfer from the EEA to the UK)
  • Adequacy decision by the UK Secretary of State, based on Article 45 of the UK GDPR and Section 17A of the Data Protection Act 2018.


In the absence of an adequacy decision, we have implemented appropriate transfer mechanisms to safeguard your personal information when we transfer it outside of the EEA:

    • Standard Contractual Clauses (SCCs).The European Commission has adopted Standard Contractual Clauses, also known as Model Clauses, which provide safeguards for personal information that is transferred outside of the UK / EU or EEA. You may view the SCCs on the Commission’s website, here.
  • Binding corporate rules (intra group transfer agreements). We use intra-group transfer agreements (BCRs) to protect your personal data during transfers from the EEA to third countries within our group.

9. HOW TO CONTACT US, DATA PROTECTION AUTHORITY, COMPLAINTS 

If you have any questions or comments about this notice, your personal data or your choice and rights, please contact: [email protected]

You have the right to file a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data  protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so  please contact us in the first instance. 

If you live in the EEA you are entitled to also file a complaint to your local Data Protection Authority. You may find details of your local authority here

We have appointed a Data Protection Officer (“DPO”). Our EU DPO has a number of important responsibilities including: monitoring Nivoda’s  compliance with the GDPR and other data protection laws, raising awareness of data protection issues, training Nivoda staff and conducting  internal audits, and cooperating with supervisory authorities such as the ICO on our behalf.  You can also contact our DPO in writing at the address in section 1 marked for the attention of the EU DPO or by sending an email to  [email protected]

10. UPDATES TO THE PRIVACY NOTICE

We may change this Notice from time to time to reflect changes in our practices or relevant laws. Any changes are effective when we publish the  updated Notice on the Platform. We will provide you with disclosures and alerts regarding the Notice or Personal Data collected by posting them  on our website and by contacting you through the Platform and email address of your Account.