PRIVACY POLICY

This Privacy Policy explains how Nilos Financial Services Ltd (“Nilos”, “we”, “us”, “our”) collects, uses, stores, and protects personal data when you use our website, platform, products, and services (together, the “Services”).

We are committed to safeguarding personal data and processing it in a lawful, fair, and transparent manner.

1. Who we are

Nilos Financial Services Ltd is the main controller of personal data processed for the purposes described in this Policy. Other affiliated companies within the Nilos group may act as processors or joint controllers when they support the delivery of our Services.

A list of group entities and their jurisdictions is available upon request at dataprotection@nilos.io.

2. Data we collect

We may collect the following categories of personal data:

• identity and contact data (name, email address, phone number, address, nationality, date of birth)
• identification documents (passport, ID card, driving licence)
• biometric data used for identity verification (e.g. face image through verification tools)
• financial/economic data (bank details, account numbers, transaction data)
• blockchain wallet addresses and transaction identifiers
• technical data (IP address, device identifiers, browser type, session logs)
• communications with us (emails, support chats)

We do not knowingly collect data from children.

3. How we obtain personal data

• directly from you
• from your authorised representatives
• from third-party service providers (identity verification providers, screening and analytics providers, KYC/KYB providers)
• from blockchain explorers
• from public and commercial databases

4. Purposes and legal bases

We process personal data for the following purposes:

Where required by law, we will request your consent (e.g. for non-essential cookies or direct marketing).

5. Automated decision-making

We may use automated tools (e.g., risk scoring, wallet screening) to support our AML and fraud obligations.

You have the right to obtain human review of decisions that have a legal or similarly significant effect. You may request this by contacting privacy@nilos.io.

6. International transfers

Personal data may be transferred to service providers located outside your country of residence, including outside the European Economic Area.

Where such transfers occur, we use appropriate safeguards such as:

• adequacy decisions
• standard contractual clauses
• binding corporate rules

You may request information on the safeguards applied by contacting us.

7. Data sharing

We may share personal data with:

• group entities
• regulated financial services providers (custody, payment providers, banks)
• identity verification partners
• compliance screening providers
• hosting and infrastructure providers
• professional advisers (legal, risk, audit)
• authorities, regulators, law enforcement (where required by law)

All processors acting on our behalf are subject to confidentiality and data-protection obligations.

8. Retention

We retain personal data as long as your account is active.

After account closure, we retain data only as long as permitted or required by law, to meet statutory and regulatory obligations.

For example, KYC/AML data may be retained for up to five (5) years after termination of the relationship. We periodically review data and delete or anonymise it when no longer required.

9. Security

We implement appropriate technical and organisational security measures including:

• encryption in transit and at rest when applicable
• access and identity controls
• logging and monitoring
• periodic audits and vulnerability assessments
• strict need-to-know access principles

In case of a personal data breach likely to pose a risk to individuals, we will notify the relevant supervisory authority and affected individuals where required by law.

10. Cookies

We use cookies necessary for the functioning of the Service.

Non-essential cookies (e.g. analytics) are only used with your prior consent. You can withdraw consent at any time via our cookie settings.

11. Your rights

Depending on the laws applicable to you, you may have the right to:

• access personal data
• rectify inaccuracies
• request deletion
• restrict processing
• object to certain processing
• withdraw consent (where processing is based on consent)
• data portability

You may exercise your rights by contacting dataprotection@nilos.io.

If you believe we have not resolved your request, you may lodge a complaint with your relevant data protection authority.

12. Changes to this Policy

We may update this Privacy Policy from time to time. When changes are material, we will notify you by email or via the platform before the effective date.

Older versions will be archived and available on request.

Contact

For questions, or to exercise your rights, contact: dataprotection@nilos.io