Data Privacy Policy - NoFrixion Sandbox Portal

NoFrixion Privacy Policy

NoFrixion Limited respects your privacy and protecting your information is of critical importance. This Privacy Policy will explain how NoFrixion uses the personal data we collect from you when you use our website to manage customers and conduct daily business activities. We also welcome it as an opportunity to reassure you of the importance we place on keeping your data secure, and of the strict guidelines we apply to its use.

Topics:

What data do we collect?
When and how do we collect your data?
How will we use your data?
How do we store your data?
How long do we store your data?
Marketing
What are your data protection rights?
Cookies
Privacy policies of other websites
Changes to our privacy policy
How to contact us
How to contact the appropriate authorities

1. What data do we collect?

There are a number of reasons for gathering personal data about you. For instance, we need to know how to get in touch with you, we need to be certain of your identity and we need to comply with regulatory requirements regarding the provision of financial services. The personal data we collect falls into various categories, such as:

Identity & Contact information:
Name, date of birth, copies of ID, contact details, PPS number (or foreign equivalent), security details to protect identity, nationality, home status and address, email address, work and personal phone numbers, marital status, family details, tax residency and tax related information. If you engage with us through social media then this may also include your social media contact details, such as your LinkedIn address or Twitter username.
Company Detials:
Company name, date of incorporation, company number, registered address, VAT number, details of directors and shareholder information, documentation such as, but not limited to, copies of ID, proofs of address bank statements etc.
Financial details/circumstances:
Bank account details (including Account number, sort code), any International Bank Account Number (IBAN), currency information, payments information including, payment reference information (this may identify precisely who makes payments to you and who you make payments to and the purpose of the transaction), transaction credits, transaction debits, payment source/destination details, income and asset details, personal guarantees provided, application processing and administration records, transaction details, contact outcomes, authorised signatories details.
Marital status and/or financial associations:
If you are married or are financially linked to another person in the context of a particular product or service, a financial association may be created between your records and their records, including any previous and subsequent names used by you. This means that we may treat your financial affairs as affecting each other.
Information you provide us about others or others provide us about you:
If you give us information about someone else (for example, information about a spouse or financial associate provided during the course of a company application), or someone gives us information about you, we may add it to any personal information we already hold and we will use it in the ways described in this Privacy Policy. Before you disclose information to us about another person, you should be sure that you have their agreement to do so. You should also show them this Privacy Policy. You need to ensure they confirm that they know you are sharing their personal information with us for the purposes described in this Privacy Policy.
Information we collect about you from publicly available sources:
We may collect information available from social media (depending on your settings and the applicable privacy policies), including social media engagement metrics such as numbers of connections, followers and clicks, and information from resources such as Companies Registration Office and Companies House.
Sensitive or special categories of data:
We may hold information about you which includes sensitive or special categories personal data, such as but not limited criminal conviction information or biometric information used to uniquely identify you. We will only hold this data when we need to for the purposes of the product or services we provide to you, where we are processing the data for a substantial public interest, where we have a legal obligation or where we have your consent to do so. Examples of when we use this type of data include:
- If you have criminal convictions, we may process this information in the context of compliance with our anti-money laundering obligations.
- We may use your biometric information to help identify you when you open or operate an account.
Information which you have consented to us using:
Your contact details and marketing preferences are used to share news about relevant services, products and offers that we think may be of interest to you
Information from online activities:
- We collect information about your internet activity using technology known as cookies, which can often be controlled through internet browsers and by using our cookie preference centre on our website. For detailed information on the cookies we use and the purposes for which we use them, see our Cookies Policy, which is available on our website.
- We collect information about your internet browser settings and Internet Protocol (IP) address and other relevant information to help us identify your geographic location when providing you with our services.
Other personal information:
- Telephone recordings and email communications.
- Information in relation to requests made by you e.g. data access, correction, restriction, deletion, porting and complaints.
Sometimes we may collect and use your information even though you are not a customer of ours:
Sometimes we may collect and use your information even though you are not a customer of ours: For example, you may be a beneficiary, guarantor, director, cardholder or representative of one of our customers, or you may be in the process of making an application for a NoFrixion product or service. In other cases, your own circumstances may have a material impact on the ability of our customer to perform their obligations to us, and we will need to consider these. If so, we will apply the principles outlined in this Privacy Policy when dealing with your information.

2. When and How do we collect your data?

You directly provide NoFrixion with most of the data we collect. We collect data and process data when you:

Register online or apply to be a customer of our services.
Voluntarily complete a customer survey or provide feedback on any of our services.
Use or view our website via your browser's cookies.
When you use our products or services, including making transactions on your account, or instructing a third-party payment service provider to initiate payments on your account, we gather details about who you get money from, who you pay money to, how much the payments are for and when the payments are made.
Tracking cookies

3. How will we use your data?

NoFrixion collects your data so that we can:

Establish your eligibility for our products and services.
Manage and administer your accounts.
Process your applications for services.
To comply with our legal and regulatory obligations.
Contact you by post, phone, text message, email, digital message, using our website or other means, but not in a way contrary to your instructions to us or contrary to law.
Monitor and record our conversations when we communicate (for example, to check your instructions to us, to analyse, to assess and improve customer service; for training and quality purposes; and for verification, fraud analysis and prevention purposes).
Protect our business, reputation, resources, and equipment, manage network and information security (for example, developing, testing and auditing our websites and other systems, dealing with accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services) and prevent and detect fraud, dishonesty and other crimes.
Manage and respond to a complaint or appeal.

Whether we're using it to confirm your identity, to help in the processing of an application, for a product or service or to improve your experiences with us, your information is always handled with care and the principles outlined in this Privacy Policy are always applied.

4. How do we store your data?

We use appropriate technical and organisational security measures to protect the security of your personal data both online and offline including the implementation of access controls, implementation of firewalls, network intrusion detection and use of anti-virus software. Please note that no system is completely secure. So, while we strive to protect your data, we cannot guarantee that unauthorised access, hacking, data loss or a data breach will never occur. standards and codes of practice pertaining to system and data security in the cloud.

NoFrixion engages Microsoft as a Cloud Service Provider for the secure storage of your data in their Azure cloud service. Microsoft Azure has adopted numerous standards and codes of practice pertaining to system and data security in the cloud.

Your data is fully encrypted both in transit and while stored as part of this arrangement.

5. How long do we store your data?

NoFrixion shall adhere to the GDPR requirement to process personal data for no longer than is necessary for the purpose for which it was collected in the first place. In doing so, NoFrixion has defined procedures for adhering to statutory retention periods as set out by legislation.

As a general rule, we keep your information for a period of not less than 5 years after the date on which a transaction has completed or you cease to be a customer.

6. Marketing

NoFrixion would like to send you information about products and services of ours that we think you might like. If you have agreed to receive marketing, you may always opt out at a later date. You have the right at any time to stop NoFrixion from contacting you for marketing purposes.

7. What are your data protection rights?

NoFrixion would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The Right to be Informed
- GDPR, Article 13 & Article 14
  Data subjects have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under GDPR. Where personal data is being collected directly from an individual, NoFrixion’s privacy notice will be provided.
The Right of Access
- GDPR, Article 15
  Data subjects are entitled to make an access request for a copy of their personal data and for information relating to that data. NoFrixion shall ensure that this information is provided free of charge and in writing, or by other means where authorised by the data subject.
Right to Rectification
- GDPR, Article 16 & Article 19
  Under GDPR Article 5 (1)(d), personal data processed by NoFrixion should be reviewed and verified as being accurate wherever possible. Where inconsistencies are identified by NoFrixion, or where a data subject or other party informs the Company, every reasonable step should be taken to ensure that such inaccuracies are corrected with immediate effect. All requests for rectification of personal data shall be forwarded to the DPO without delay.
Right to Erasure
- GDPR, Article 17
  The right to erasure, whereby individuals can petition NoFrixion to have their data erased from its systems, is also known as ‘the right to be forgotten’. The right to erasure is not absolute and only applies in certain circumstances. All requests for erasure of personal data shall be forwarded to the DPO without delay.
Right to Data Portability
- GDPR, Article 20
  The right to data portability allows data subjects to manage their personal data for their own purposes across different platforms and services. Data portability facilitates data subjects to transmit personal data from one IT environment to another without hindrance to usability.
  The right to data portability is not absolute and will only apply to circumstances set out in Article 20(1).
  All transmission requests under the portability right should be assessed to ensure that no other data subject is concerned. Where the personal data relates to more individuals than the data subject requesting the transmission to another controller, this is always to be effected without prejudice to the rights and freedoms of the other data subjects. All requests received regarding data portability should be forwarded to NoFrixion’s DPO.
  Data subjects also have a right to complain to a relevant supervisory authority. The contact details for the DPC are as follows:
  
  Telephone: +353 578 684 800
  
  Online: Data Protection Commission - Contact Page
  A data subject and may exercise any of these rights by contacting NoFrixion’s DPO (dpo@nofrixion.com)
Right to Object
- GDPR, Article 21
  The right to object, whereby data subjects have the right to object on grounds relating to their situation, at any time to processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. NoFrixion shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Automated Individual Decision-making
- GDPR, Article 22
  The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
  This shall not apply if the decision is: necessary for entering into a contract between the data subject and NoFrixion; is authorised by Union or Member State law to which NoFrixion is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or is based on the data subject’s explicit consent.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email:

dpo@nofrixion.com

Or write to us:

c/o- Data Protection Officer
NoFrixion,
4th Floor,
8 Harcourt Street,
Dublin 2, D02 AF58
Ireland

8. Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

For further information, visit allaboutcookies.org.

How do we use cookies?

NoFrixion uses cookies in a range of ways to improve your experience on our website, including:

Keeping you signed in
Understanding how you use our website

What types of cookies do we use?

There are a number of different types of cookies, however, our website uses:

Functionality - NoFrixion uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
Advertising - NoFrixion uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address.

How to manage cookies?

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

9. Privacy policies of other websites

The NoFrixion website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

10. Changes to our privacy policy

NoFrixion keeps its privacy policy under regular review and places any updates on this web page. This Privacy Policy was last updated on 21 July 2023.

11. How to contact us

If you have any questions about NoFrixion's privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Email us at: info@nofrixion.com

Or write to us at:

NoFrixion,
4th Floor,
8 Harcourt Street,
Dublin 2, D02 AF58
Ireland

12. How to contact the appropriate authority

Should you wish to report a complaint or if you feel that NoFrixion has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner's Office:

https://www.dataprotection.ie/en/contact/how-contact-us