Privacy Policy

Nivoda Limited and its affiliates (collectively “Nivoda”, “we” and “us”) take your data and privacy very seriously.

This Data & Privacy Policy describes the types of Personal Data we collect through our platform (“Platform”), including our website This policy also describes how we use Personal Data, with whom we share it and your rights and choices.

We are the data controller responsible for your personal data and we are registered with the Information Commissioner’s Office with reference number ZA436707.

We have appointed a data protection officer (“DPO”). Our DPO has a number of important responsibilities including: monitoring Nivoda’s compliance with the GDPR and other data protection laws, raising awareness of data protection issues, training Nivoda staff and conducting internal audits, and cooperating with supervisory authorities such as the ICO on our behalf. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us.


You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Personal Data We Collect

A. Personal Data that we collect about you

To access the Platform you need to have an Account. When you register an account at Nivoda you provide us with the following information:

  • Your Full Name
  • Your Email Address
  • Your Phone Number
  • Your chosen Password (note: we store an encrypted version of your password and are never able to see your plaintext password)
  • (optional) Your Profile Image

In order to register your Business on the Platform you provide us with the following information:

  • Registered Company Address, including Country, Postal Code and City
  • Website
  • Company Registration information, including Registration Number, Registration Date and Entity Type
  • Applicable Tax Number (e.g. VAT number)

To comply with our AML and KYC policy you provide us with the following information:

  • List of Directors
  • Identity Proof of Directors
  • Address Proof of Directors
  • Certificate of Incorporation
  • Business Address Proof

For each additional Office you register to the Platform you provide us with the following information:

  • Registered Address, including country, postal code and city
  • Office Email Address
  • Business Address Proof
  • (optional) Office Website

When you add your Bank Account to the Platform you provide us with the following information:

  • Bank Account Number
  • Bank Account Holder
  • BIC or SWIFT number

When you make purchases on the Platform we store information about each order, including:

  • Date and Time
  • Delivery Office
  • Delivery Deadline
  • Amount

B. Information that we collect automatically

The Platform uses cookies and other technologies to function effectively. These technologies record information about your use of the Platform, including:

Browser and Device Data

IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model and language.

Usage Data

Time spent on the Platform, pages visited, links clicked, language and Account preferences, and the pages that led or referred you to the Platform.

How We Use Personal Data

A. Our Platform

We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable law. We use Personal Data to facilitate use of the Platform, to comply with our financial regulatory and other legal obligations and to pursue our legitimate business interests. We also use Personal Data to complete Transactions and to provide payment-related services.

Use of the Platform

Allowing you to do the following (but not limited to): Register an Account, Access the Platform, Search for Goods, Manage Account Settings, Make and Manage Purchases, Send and Manage Transactions, Exchange Currencies, Manage Bank Accounts.

Legal and Regulatory Compliance

We use Personal Data to verify the identity of our Users in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations. For example, we may be required to record and verify a User’s identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties, and to submit to third party verification audits.

Legitimate Business Interests

We rely on our legitimate business interests to process Personal Data. The following list sets out the purposes that we have identified as legitimate. We:

  • Monitor, prevent and detect fraud and unauthorized Transactions
  • Mitigate financial loss, claims, liabilities or other harm to Users and Nivoda
  • Respond to queries, send Platform notices and provide support
  • Promote, analyze, modify and improve our Platform, systems and tools, and develop new features and tools
  • Monitor, operate and improve the performance of the Platform by understanding their effectiveness
  • Analyze and advertise our Platform
  • Conduct aggregate analysis and develop business intelligence that enables us to operate, protect, make decisions and report on the performance of our business
  • Share Personal Data with Third Party service providers that provide services on our behalf
  • Ensure Security throughout Nivoda

B. Marketing and events-related communication

We may send you communications through email about Nivoda’s Platform or new features and/or products, invite you to participate in Events or Surveys, or other Marketing purposes in accordance with the consent requirements imposed by applicable law.

How We Disclose Personal Data

Nivoda does not sell or rent Personal Data to anyone. We share your Personal Data with trusted entities, as outlined below:

Service Providers

We share Personal Data with a limited number of Service Providers. We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing services. These service providers may need to access Personal Data to perform their services. We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union and the United States of America.

Business Partners

We share Personal Data with third party business partners when this is necessary to provide our Platform functionality. Examples of third parties to whom we may disclose Personal Data for this purpose are banks and payment method providers (such as credit card networks) when we provide Transaction processing services.

Compliance and Harm Prevention

We share Personal Data as we believe necessary: (i) to comply with applicable law, or payment method rules; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of Nivoda, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.

Buy Now Pay Later/Extended Payment Providers

If you use our buy now, pay later function or we otherwise provide extended payment terms to you (“BNPL Service”), the Personal Data you provide will be processed by our third party credit and payment service provider, MarketFinance Limited ( the “BNPL Service Provider”) to assess your eligibility for the BNPL Service and for other purposes including fraud prevention and identity verification.

The BNPL Service Provider may share your Personal Data with credit reference agencies (“CRA”) they work with such as Experian, and may use Personal Data about you, and anyone with a financial association to you (a financial association is a link that’s created when you apply for a financial agreement with someone else); the BNPL Service Provider may also collect this information from other credit reference agencies in order to assist in assessing your eligibility for credit and payment services in connection with the BNPL Service. The data accessed contains publicly held data including the electoral roll, and shared credit performance data.

When a CRA receives a search from us or a BNPL Service Provider to assess your eligibility for the BNPL Service, the CRA will place a soft quotation search footprint on your credit report, regardless of whether you progress any application. This search will not affect your ability to gain credit.

If you choose to pursue an application for the BNPL Service, any Personal Data that you provide will be shared with our BNPL Service Provider. Upon you making a purchase for goods or services using the BNPL Service, the BNPL Service Provider may undertake a search with a CRA which will leave a hard search footprint on your credit report. The BNPL Service Provider may also continue to exchange information about your business with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs may share your Personal Data with other organisations.

Further information about each CRA and what it does with Personal Data is available at the following locations:


You can contact any of the CRAs if you wish to obtain a copy of your personal or business credit report.

Your Rights and Choices

You have choices regarding your Personal Data:

Opting out of Electronic Communication

If you no longer want to receive Marketing-related emails from us, you can tell us by clicking the unsubscribe link provided at the bottom of each email. We may still send you important administrative messages that are required to provide our Platform functionality.

See or Change your Personal Data

You can see and change your Personal Data by going to the Settings section on the Platform. You can also contact us to inform us of changes.

Data Protection Rights

You have the following rights:

  • The right to request confirmation of whether Nivoda processes Personal Data relating to you, and if so a copy of that Personal Data
  • The right to request Nivoda to update Personal Data that is incorrect, inaccurate or outdated
  • The right to request Nivoda to delete your Personal Data
  • The right to request Nivoda to stop processing your Personal Data
  • The right to request manual review of automated decisions (including but not limited to KYC checks)
  • Wherever the processing of your Personal Data is based on your given consent, you have the right to revoke that consent at all times

Security & Data Retention

A. Security

We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please let us know immediately.

All Personal Data is stored in the European Union, stored on secure servers, and transmitted and encrypted using Secured Sockets Layer technology.

B. Retention

We retain your Personal Data as long as we are providing Platform access to you. We retain Personal Data after we cease providing Platform access to you, even if you close your Nivoda account, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods that we support. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

C. Data Breach

We will inform the ICO and other relevant local authorities of any occurrence of a Data Breach, and will notify affected users if applicable.

Use By Minors

Access to the Platform is not directed to individuals under the age of thirteen (13) and we request that they not provide Personal Data through the Platform.

Updates to the Data & Privacy Policy

We may change this Policy from time to time to reflect changes in our practices or relevant laws. Any changes are effective when we publish the updated Policy on the Platform. We will provide you with disclosures and alerts regarding the Policy or Personal Data collected by posting them on our website and by contacting you through the Platform and email address of your Account.


If you have any questions about this policy, please contact us.

Cookie Cookie Name Purpose
Cookie Consent CookieConsent This will remember that you are happy to allow cookies on our website. This cookie is set to expire after 90 days if accepted or declined (no other GA Cookies are stored, if this is declined).
Google Analytics _ga Used to distinguish users and expires in 2 years
Google Analytics _gid Used to distinguish users and expires in 24 hours
Google Analytics _gat Used to throttle request rate and expires in 1 minute
Google Analytics -utma This allows Google Analytics to determine unique visitors to our site. The cookie expires 2 years from initial creation or from update of cookie
Google Analytics -utmb This cookie is used to establish and continue a user session on our site. The cookie will expire 30 minutes from initial creation of from update of the cookie
Google Analytics -utmc This is used in conjunction with the -utmb cookie to determine whether or not to establish a new session for the user. This cookie will expire once you have closed your session with our website (once you have closed your browser)
Google Analytics -utmz This cookie is used by google to store where a visitor came from (search engine, search keyword, link). This cookie will expire 6 months from its initial creation or from update of cookie.
AddThis _atuvs / _atuvc This is a third-party cookie from AddThis service and will expire in 2 years. This will share Standard Chartered content via social media share buttons. Also monitors user activity on the site and on other AddThis sites.
AddThis s_sq / ouid / notice_gdpr_prefs / s_nr / na_id / loc / s_fid / ssc / na_tc / notice_preferences / mus / gpw_e24 / sshs / s_cc / uvc / uid This is a third-party cookie from AddThis service. Up to 5 years expiry dates, with some session based. This will share Standard Chartered content via social media share buttons. Also monitors user activity on the site and on other AddThis sites.
Litespeed cache _lscache_vary This cookie is used to store whether you are logged into the site and what your user role is. It us used to help improve site performance for logged in users. This cookie will expire after 2 days.
Vimeo Player player / vuid We embed videos from our official Vimeo channel. When you press play (or played automatically) Vimeo will drop third party cookies to enable the video to play and to collect analytics data such as how long a viewer has watched the video. These cookies do not track individuals.