Nivoda Limited and its affiliates (collectively “Nivoda”, “we” and “us”) take your data and privacy very serious.
We are the data controller responsible for your personal data and we are registered with the Information Commissioner’s Office with reference number ZA436707.
We have appointed a data protection officer (“DPO”). Our DPO has a number of important responsibilities including: monitoring Nivoda’s compliance with the GDPR and other data protection laws, raising awareness of data protection issues, training Nivoda staff and conducting internal audits, and cooperating with supervisory authorities such as the ICO on our behalf. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Personal Data We Collect
A. Personal Data that we collect about you
To access the Platform you need to have an Account. When you register an account at Nivoda you provide us with the following information:
- Your Full Name
- Your Email Address
- Your Phone Number
- Your chosen Password (note: we store an encrypted version of your password and are never able to see your plaintext password – for more information click here)
- (optional) Your Profile Image
In order to register your Business on the Platform you provide us with the following information:
- Registered Company Address, including Country, Postal Code and City
- Company Registration information, including Registration Number, Registration Date and Entity Type
- Applicable Tax Number (e.g. VAT number)
To comply with our AML and KYC policy you provide us with the following information:
- List of Directors
- Identity Proof of Directors
- Address Proof of Directors
- Certificate of Incorporation
- Business Address Proof
For each additional Office you register to the Platform you provide us with the following information:
- Registered Address, including country, postal code and city
- Office Email Address
- Business Address Proof
- (optional) Office Website
When you add your Bank Account to the Platform you provide us with the following information:
- Bank Account Number
- Bank Account Holder
- BIC or SWIFT number
When you make purchases on the Platform we store information about each order, including:
- Date and Time
- Delivery Office
- Delivery Deadline
B. Information that we collect automatically
Browser and Device Data
IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model and language.
Time spent on the Platform, pages visited, links clicked, language and Account preferences, and the pages that led or referred you to the Platform.
How We Use Personal Data
A. Our Platform
We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable law. We use Personal Data to facilitate use of the Platform, to comply with our financial regulatory and other legal obligations and to pursue our legitimate business interests. We also use Personal Data to complete Transactions and to provide payment-related services.
Use of the Platform
Allowing you to do the following (but not limited to): Register an Account, Access the Platform, Search for Goods, Manage Account Settings, Make and Manage Purchases, Send and Manage Transactions, Exchange Currencies, Manage Bank Accounts.
Legal and Regulatory Compliance
We use Personal Data to verify the identity of our Users in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations. For example, we may be required to record and verify a User’s identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties, and to submit to third party verification audits.
Legitimate Business Interests
We rely on our legitimate business interests to process Personal Data. The following list sets out the purposes that we have identified as legitimate. We:
- Monitor, prevent and detect fraud and unauthorized Transactions
- Mitigate financial loss, claims, liabilities or other harm to Users and Nivoda
- Respond to queries, send Platform notices and provide support
- Promote, analyze, modify and improve our Platform, systems and tools, and develop new features and tools
- Monitor, operate and improve the performance of the Platform by understanding their effectiveness
- Analyze and advertise our Platform
- Conduct aggregate analysis and develop business intelligence that enables us to operate, protect, make decisions and report on the performance of our business
- Share Personal Data with Third Party service providers that provide services on our behalf
- Ensure Security throughout Nivoda
B. Marketing and events-related communication
We may send you communications through email about Nivoda’s Platform or new features and/or products, invite you to participate in Events or Surveys, or other Marketing purposes in accordance with the consent requirements imposed by applicable law.
How We Disclose Personal Data
Nivoda does not sell or rent Personal Data to anyone. We share your Personal Data with trusted entities, as outlined below:
We share Personal Data with a limited number of Service Providers. We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing services. These service providers may need to access Personal Data to perform their services. We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union and the United States of America.
We share Personal Data with third party business partners when this is necessary to provide our Platform functionality. Examples of third parties to whom we may disclose Personal Data for this purpose are banks and payment method providers (such as credit card networks) when we provide Transaction processing services.
Compliance and Harm Prevention
We share Personal Data as we believe necessary: (i) to comply with applicable law, or payment method rules; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of Nivoda, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
Buy Now Pay Later/Extended Payment Providers
If you use our buy now, pay later function or we otherwise provide extended payment terms to you (“BNPL Service”), the Personal Data you provide will be processed by our third party credit and payment service provider, MarketFinance Limited ( the “BNPL Service Provider”) to assess your eligibility for the BNPL Service and for other purposes including fraud prevention and identity verification.
The BNPL Service Provider may share your Personal Data with credit reference agencies (“CRA”) they work with such as Experian, and may use Personal Data about you, and anyone with a financial association to you (a financial association is a link that’s created when you apply for a financial agreement with someone else); the BNPL Service Provider may also collect this information from other credit reference agencies in order to assist in assessing your eligibility for credit and payment services in connection with the BNPL Service. The data accessed contains publicly held data including the electoral roll, and shared credit performance data.
When a CRA receives a search from us or a BNPL Service Provider to assess your eligibility for the BNPL Service, the CRA will place a soft quotation search footprint on your credit report, regardless of whether you progress any application. This search will not affect your ability to gain credit.
If you choose to pursue an application for the BNPL Service, any Personal Data that you provide will be shared with our BNPL Service Provider. Upon you making a purchase for goods or services using the BNPL Service, the BNPL Service Provider may undertake a search with a CRA which will leave a hard search footprint on your credit report. The BNPL Service Provider may also continue to exchange information about your business with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs may share your Personal Data with other organisations.
Further information about each CRA and what it does with Personal Data is available at the following locations:
You can contact any of the CRAs if you wish to obtain a copy of your personal or business credit report.
Your Rights and Choices
You have choices regarding your Personal Data:
Opting out of Electronic Communication
If you no longer want to receive Marketing-related emails from us, you can tell us by clicking the unsubscribe link provided at the bottom of each email. We may still send you important administrative messages that are required to provide our Platform functionality.
See or Change your Personal Data
You can see and change your Personal Data by going to the Settings section on the Platform. You can also contact us to inform us of changes.
Data Protection Rights
You have the following rights:
- The right to request confirmation of whether Nivoda processes Personal Data relating to you, and if so a copy of that Personal Data
- The right to request Nivoda to update Personal Data that is incorrect, inaccurate or outdated
- The right to request Nivoda to delete your Personal Data
- The right to request Nivoda to stop processing your Personal Data
- The right to request manual review of automated decisions (including but not limited to KYC checks)
- Wherever the processing of your Personal Data is based on your given consent, you have the right to revoke that consent at all times
Security & Data Retention
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please let us know immediately.
All Personal Data is stored in the European Union, stored on secure servers, and transmitted and encrypted using Secured Sockets Layer technology.
We retain your Personal Data as long as we are providing Platform access to you. We retain Personal Data after we cease providing Platform access to you, even if you close your Nivoda account, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods that we support. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
C. Data Breach
We will inform the ICO and other relevant local authorities of any occurance of a Data Breach, and will notify affected users if applicable.
Use By Minors
Access to the Platform is not directed to individuals under the age of thirteen (13) and we request that they not provide Personal Data through the Platform.
We may change this Policy from time to time to reflect changes in our practices or relevant laws. Any changes are effective when we publish the updated Policy on the Platform. We will provide you with disclosures and alerts regarding the Policy or Personal Data collected by posting them on our website and by contacting you through the Platform and email address of your Account.
If you have any questions about this policy you can contact us.
|Cookie Consent||CookieConsent||This will remember that you are happy to allow cookies on our website. This cookie is set to expire after 90 days if accepted or declined (no other GA Cookies are stored, if this is declined).|
|Google Analytics||_ga||Used to distinguish users and expires in 2 years|
|Google Analytics||_gid||Used to distinguish users and expires in 24 hours|
|Google Analytics||_gat||Used to throttle request rate and expires in 1 minute|
|Google Analytics||-utma||This allows Google Analytics to determine unique visitors to our site. The cookie expires 2 years from initial creation or from update of cookie|
|Google Analytics||-utmb||This cookie is used to establish and continue a user session on our site. The cookie will expire 30 minutes from initial creation of from update of the cookie|
|Google Analytics||-utmc||This is used in conjunction with the -utmb cookie to determine whether or not to establish a new session for the user. This cookie will expire once you have closed your session with our website (once you have closed your browser)|
|Google Analytics||-utmz||This cookie is used by google to store where a visitor came from (search engine, search keyword, link). This cookie will expire 6 months from its initial creation or from update of cookie.|
|AddThis||_atuvs / _atuvc||This is a third-party cookie from AddThis service and will expire in 2 years. This will share Standard Chartered content via social media share buttons. Also monitors user activity on the site and on other AddThis sites.|
|AddThis||s_sq / ouid / notice_gdpr_prefs / s_nr / na_id / loc / s_fid / ssc / na_tc / notice_preferences / mus / gpw_e24 / sshs / s_cc / uvc / uid||This is a third-party cookie from AddThis service. Up to 5 years expiry dates, with some session based. This will share Standard Chartered content via social media share buttons. Also monitors user activity on the site and on other AddThis sites.|
|Litespeed cache||_lscache_vary||This cookie is used to store whether you are logged into the site and what your user role is. It us used to help improve site performance for logged in users. This cookie will expire after 2 days.|
|Vimeo Player||player / vuid||We embed videos from our official Vimeo channel. When you press play (or played automatically) Vimeo will drop third party cookies to enable the video to play and to collect analytics data such as how long a viewer has watched the video. These cookies do not track individuals.|