PRIVACY POLICY

This privacy notice applies to Noomisma Ltd., in the future referred to as “Company”, incorporated in Canada under registration number 1000567092, the registered office of which is 201 CARLAW AVE, UNIT 226 TORONTO, ON, M4M2S3, CANADA . Company is regulated by Financial Transactions and Report Analysis Centre of Canada (“FINTRAC”) as Money Service Business, license n. M23383839.

1The purposes of processing

1.1Data collection and use of personal information

  • Noomisma Ltd. collects and process Your data for the following purposes:

  • a)Provision of Payment services; Verification of the identity; prevention of fraud, money laundering, counter-terrorist financing, other financial crimes; implementation of other obligations under AML requirements;

  • b)Notification about changes in our Services and dispute prevention;

  • c)Dispute settlement;

  • d)Provision of Payment services; Verification of the identity; prevention of fraud, money laundering, counter-terrorist financing, other financial crimes;

1.2Data collection and use of personal information

  • a)Provision of Payment services; Verification of the identity; prevention of fraud, money laundering, counter-terrorist financing, other financial crimes; implementation of other obligations under AML requirements;

  • b)Notification about changes in our Services and dispute prevention;

    • Data about your identity: name, surname, personal identification number or other unique sequence of symbols assigned to the person for identification purposes, date of birth, personal identification document number, copy of personal identification document, nationality or the state which has issued the personal identification document, country of residence, ID number in Noomisma Ltd. system, Account number in Noomisma Ltd. system, face photo, etc. („Identity data“);
    • Contact data: address, phone number, email address, etc. ( „Contact data“);
    • KYC data: account number on other payment service providers, checks on public and private registries, fraud, money laundering, counter-terrorist financing and other financial crimes prevention agencies, employer, position, address, occupation, used Services, payment and other transactions, turnover, source of funds, countries from to which funds will be received / transferred, information of political involvement, other data of monitoring of Client’s activity, etc. („KYC data“);
    • Usage Data: Survey responses, information provided to our support team, public social networking posts, authentication data, security questions, user ID, click-stream data and other data collected via cookies and similar technologies. Please read our Cookie Statement for more information. („Usage data“)
    • Any other information that you or your customer provide to us.

  • c.Noomisma Ltd. may also collect and process Identity data about Beneficial owners of legal entity. Also Identity data might be collected and processed about Head of legal entity if Profile has been opened by other representative of the Client;

  • d.Noomisma Ltd. may collect data from You and from third parties, Noomisma Ltd. may search publicly available information about You in order to Verify your identity, process transactions, detect and prevent fraud or other similar purposes,

  • e.Noomisma Ltd. collects data mentioned above as Noomisma Ltd. is required by law and Noomisma Ltd. needs this information as to enter contractual relationship with the Client. If you or a representative of legal entity won’t provide required data, Noomisma Ltd. may refuse to enter into contractual relationship and provide Services for the Client,

  • f.Noomisma Ltd. may provide your data to: supervisory institutions, banking and financial services partners, other payment service providers, payment card manufacturing/ personalization and delivery companies, companies that provide identification and sanctions/ watch lists screening, transaction monitoring services, government institutions, attorneys, bailiffs, pre-trial investigation institutions, courts, auditors, debt recovery agencies, companies that handle joint debtor data files, fraud, money laundering, terrorist financing and other financial crimes prevention agencies, other subjects that have legitimate interest or Your acceptance.

  • g.Noomisma Ltd. process personal data for as long as is necessary for the relevant purpose(s) or as required by law (e.g., our tax obligations, AML obligations and obligations to retain business records).

  • h.Noomisma Ltd. may provide your data to third countries as to perform Your payment transaction to third country recipient or using third country partners services for the payment transaction, in which case Noomisma Ltd. ensure that there is adequate protection for such personal data either by ensuring that the transfer is made on the basis of an adequacy decision.

2.Notification about changes in our Services and dispute prevention.

  • Noomisma Ltd. is required by law to notify You about changes in our Services and Terms & Conditions for provision of services. These notifications are not marketing material and are to be provided as required by law. According to this You shall not have the right to object receiving such notifications. For this purpose, Noomisma Ltd. may process Your Contact data.

  • Noomisma Ltd. processes above mentioned data as Noomisma Ltd. is required by law and for the performance of the contract with the client.

  • You can also refer to Us requiring information from Us, to consult with Us about our Services or to inform Us about unauthorized payments, demand to block Your payment instrument or ask to provide other information. You may contact Us by phone or email. As You contact Us Noomisma Ltd. may process Your Identity data, Contact data, Device data, also record our phone conversations and store content of our correspondence and history of it.

    • Above mentioned data is processed:
    • As You refer to Us by phone: for the purposes of the legitimate interests pursued by Us to prevent disputes between you and Us about proper provision or receiving of information.
    • As You refer to Us by email or letter: data is collected for the law requirement purposes and for the purposes of the legitimate interests pursued by Us to prevent disputes between you and Us about proper provision or receiving of information.

  • Your data may be provided to supervisory institutions, attorneys, pre-trial investigation institutions, courts, auditors, debt recovery agencies, companies that handle joint debtor data files, other subjects having Your acceptance.

3.Dispute Settlement

  • Before starting a dispute with Us firstly You should contact Noomisma Ltd. so that Noomisma Ltd. can handle your complaint and satisfy it. If you are not satisfied with our reply, You can address competent authority,

  • As the dispute may arise, for dispute settlement purposes Noomisma Ltd. may collect and process such data: Identity data, Contact data, KYC data, also data provided in Your claim and its supplements, other data needed to investigate Your claim. The data is processed as Noomisma Ltd. is required by the law.

  • Your data may be provided to supervisory institutions, attorneys, pre-trial investigation institutions, courts, auditors, debt recovery agencies, companies that handle joint debtor data files, other subjects having Your acceptance.

4.Data processing

  • Your data will be processed by automated means, as well as to manual processing, including automated individual decision-making and profiling, for various processing purposes.

  • Automated decision making and profiling might be used for Verification of your identity, monitoring Your operations and activity in the Profile, predicting other aspects of Your behaviour. Noomisma Ltd. implements suitable measures to safeguard Your rights and freedoms and legitimate interests, including the right to obtain human intervention. You also have the right to express your point of view and to contest the decision.

  • The information Noomisma Ltd. processes about You is stored on our secure servers. Noomisma Ltd. uses all needed technical, organizational and other means to protect your data.

5.Disclosures to Third Parties

  • There are certain circumstances where Noomisma Ltd. may transfer your Personal Data to employees, contractors and to other parties:

    • Noomisma Ltd. may also share your information with certain contractors or service providers. They may process your Personal Data for us. Other recipients/service providers include IT specialists, database providers, backup and disaster recovery specialists, email providers. Our suppliers and service providers will be required to meet our standards on processing information and security. The information Noomisma Ltd. provides them, including your information, will only be provided in connection with the performance of their function.

    • Noomisma Ltd. may also share your information with certain other third parties. Noomisma Ltd. will do this either when Noomisma Ltd. receives your consent or because Noomisma Ltd. needs them to see your information to provide products or services to you. These include, anti-fraud databases, screening agencies and other partners Noomisma Ltd. does business with.

  • Your Personal Data may be transferred to other third-party organisations in certain scenarios:

    • If Noomisma Ltd. is required to by law, or under any regulatory code or practice Noomisma Ltd. follows, or if Noomisma Ltd. is asked by any public or regulatory authority – for example the Police.

    • If Noomisma Ltd. is defending a legal claim your information may be transferred as required in connection with defending such claim.

    • To comply with local and national laws.

    • To prevent, detect and prosecute fraud or crime, Noomisma Ltd. may participate in anti-fraud initiatives, which involve assessing you (and/or your customers) and monitoring your transactions and/or locations, to detect patterns requiring investigations or otherwise profile and assess the likelihood of fraud occurring. Noomisma Ltd. can do so utilizing products and services from third parties. Besides, if you give us false or inaccurate information about you, or Noomisma Ltd. identifies or suspects a fraud or a crime, Noomisma Ltd. may pass your information to fraud prevention agencies and to law enforcement agencies, and Noomisma Ltd. may decide to take legal action against you.

    • To prevent or mitigate information security risk.

    • To manage and enforce our rights, Terms of Use or any other contracts with you (and/or your business), including to manage any circumstances where transactions, rewards or points are disputed; manage, investigate and resolve complaints; or recover debt or in relation to your insolvency.

    • Your Personal Data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be Personal Data.

    • Your information will not be sold, exchanged, or shared with any third parties without your consent, except to provide Noomisma Ltd. Services or as required by law.

    • The third-party service providers of Noomisma Ltd. is contractually bound to protect and use such information only for the purposes for which it was disclosed, except as otherwise required or permitted by law. Noomisma Ltd. ensures that such third parties will be bound by terms complying with DPL.

6.Disclosures to Legal Authorities

  • Noomisma Ltd. may be required by law to pass information about you to regulatory authorities and law enforcement bodies worldwide, or Noomisma Ltd. may otherwise determine that it is appropriate or necessary to do so. Such disclosures may also include requests from governmental or public authorities, or with commercial organizations with whom you may have had dealings and whom are seeking to mitigate fraud risk, or for the purposes of litigation or legal process, national security or where Noomisma Ltd. deems it in the national or public interest or otherwise lawful to do so. As such, Noomisma Ltd. may share your Personal Data with law enforcement, data protection authorities, government officials, and other authorities when:

    • a)Compelled by court order, or other legal procedure.

    • b) Disclosure is necessary to report suspected illegal activity.

    • c)Disclosure is necessary to investigate violations of this Privacy Policy or our Terms of Use.

7.Your rights

  • a)Right to Information: The right to ask us for information about what personal data of Yours is being processed and the rationale for such processing.

  • b)Right of Access: The right to access your personal data;

  • c)Right of Rectification: The right of rectification of inaccurate personal data concerning you, and the right to have incomplete personal data completed. Please be advised that Noomisma Ltd. may need to verify the accuracy of the new data You provide to Us;

  • d)Right of Erasure (the right to be forgotten): The right of erasure of personal data concerning You if there is no convincing reason for Us continuing to process it. Please be advised that Noomisma Ltd. may not always be able to comply with your request of erasure for specific legal reasons which will be notified to You, if applicable, at the time of your request. Please note that Under GDPR Article 17(3)(b), legal requirements take precedence over the right to be forgotten. From an AML perspective, both customer due diligence and transaction records have to be retained for a minimum of a set number of years after the end of the customer relationship and Noomisma Ltd. will retain Your data, in line with AML regulations, for a minimum of 10 years. In this context, the right to be forgotten would only be enforceable after this period had ended. Noomisma Ltd. will then take reasonable steps to securely destroy such information or permanently de-identify it.

  • e)Right of Restriction of Processing (Right to withdraw Consent): The right to obtain from Us restriction of processing if there is legitimate reason. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or of a Member State.

  • f)Right to Data Portability: The right to receive the personal data concerning You, which you provided to Us and have the right to transmit data to another controller. Please be advised that this right only applies to information which You provided for Us.

  • g)Right to object: The right to object at any time to processing of personal data concerning You which is processed for the purposes of our legitimate interests. Noomisma Ltd. shall no longer process the personal data unless the Noomisma Ltd. demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of You or for the establishment, exercise or defense of legal claims. Where personal data is processed for marketing purposes, You shall have the right to object at any time to processing of personal data concerning You for such marketing.

  • h)Right to Object to Automated Processing: This right to object to a decision based on automated processing. Using this right, a customer may ask for his or her request (for instance, a loan request) to be reviewed manually, because he or she believes that automated processing of his or her loan may not consider the unique situation of the customer.

  • i)Right to withdraw consent: The right to withdraw Your consent at any time where Noomisma Ltd. is relying on consent to process Your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. In some cases, if you withdraw Your consent, Noomisma Ltd. may not be able to provide the Services to You.

  • j)Right to complain: You have right to make a complaint in regard to the privacy or data processing issues at any time. However, Noomisma Ltd. appreciates the chance to deal with Your concerns before You approach the supervisory authority so please contact Us in the first instance.

8.SECURITY OF YOUR DATA

  • Noomisma Ltd. take protecting of your personal data very seriously and strive to apply all necessary organizational and technological security measures.

  • Noomisma Ltd. use a variety of security measures to ensure the confidentiality of your Personal Data, and to protect your Personal Data from loss, theft, unauthorised access, misuse, alteration or destruction. These security measures include, but are not limited to:

  • Password protected directories and databases;

  • Please note, the transmission of information via the internet is not completely secure. Although Noomisma Ltd. will do our best to protect your personal information, Noomisma Ltd. cannot guarantee the security of your information transmitted to our site, unless you are communicating with us through a secure channel that Noomisma Ltd. has provided. Once Noomisma Ltd. has received your information, Noomisma Ltd. will use strict procedures and security features to try to prevent unauthorized access. By browsing the website and/or using the services of the Company you expressly acknowledge and agree that any personal information or other data provided by you to us or third persons is provided at your own risk.

9.Final Provisions

  • This notice is global in scope but is not intended to override any legal rights or prohibitions in any territory where such rights or prohibitions prevail. In such event, the rights and obligations set out in this notice will apply, subject only to amendment under any applicable local law having precedence.

  • Noomisma Ltd. has the right to adjust the provisions of this Privacy Policy. In such case, Noomisma Ltd. will notify you of any changes of the Privacy Policy in advance and will publish a new version of the Privacy Policy on our website. The Privacy Policy was last amended on September 15th, 2024