Privacy Policy

This privacy policy (Which we will refer to as “Policy”) describes how we collect, use, process, and disclose your data in conjunction with your access to and use of our services. When this policy mentions “we”, “us”, “our” or “our firm”, those refer to Nexus Pay, UK FRONTIER LTD, or any affiliate company, providing payment services to our clients, that are responsible for your data under this Privacy Policy (the “Data Controller”).

For the purposes of this Policy, our services consist of products, services, content, features, technologies, or functions, and all related websites, applications and services offered to you by us through mobile apps, online platform, official social media platforms, or other online properties through which we provide payment services.

We give utmost importance to the protection of personal data of our clients. In this Policy, we inform the clients about the collection, use and processing of your personal data when you apply, register or use our services and all functionalities, including our website https://Nexus-Pay.co, and mobile App.

Our service is designed for business purposes and may be used by individuals or entities. In case you are registering for and/or using our services on behalf of an entity we will treat you as authorized person and you may be obliged to disclose to us personal data of the legal representatives, the employees, the agents, the beneficial owners or any other third-party related to the entity pursuant to the rules described below. You certify that where you have provided data regarding any third person beside yourself you have received prior consent from that other person to provide their personal data to us.

1. What Data We Collect

You are informed that there are three general categories of data that is collected from you differentiated on grounds as defined by the General Data Protection Regulation and The UK Data Protection Act 2018.

We ask for and collect from you the following personal data when you or your entity use(s) our service. These data are necessary for us to comply with our regulatory obligations and for the adequate performance of the contract between you and us. Without it, we may not be able to provide you effectively with our service for which you register.

•   Full name
•   Date and place of birth (for individual) or date and place of incorporation (for corporate)
•   Email address
•   Phone number
•   Nationality
•   Residential address (for individual) or registered address (for corporate)
•   Full name, nationality, date and place of birth of all beneficial owner(s)/ shareholder(s), director(s) and authorized person(s) (for corporate)
•   Occupation (for individual) or business nature (for corporate)
•   Any other data which we may choose to collect in our onboarding and/or order forms, which is necessary for your identification and verification.
•   Identification documents and all data from the identification documents.
•   Risk and fraud related data, such as demographic data or fraud detection data, from third party service providers and/or partners, and combine it with data we have about you. For example, we may receive background check results (with your consent where required) or fraud warnings from service providers like identity verification services for our fraud prevention and risk assessment efforts. We may receive data about you and your activities on and off our services through partnerships, or about your experiences and interactions from our partner and networks.
•   Sources of fund and income, annual turnover estimates, transaction amount estimates, business activity details, and any other similar financial data about you which would help us prevent money laundering and/or terrorism financing.
•   Bank account data, including bank name, account name, account number and sort code.
•   Payment transaction data. We collect data related to your payment transactions under our service. For example, transaction amount, how transaction is performed, status of each transaction. The data may also include personal data provided at the point of payment by your end-customer. For example, your customer’s name and correspondence bank account data.
•   Usage data. We collect data about your interactions with our services such as your usage of any Apps or functionalities, for detection of any services or system failures.
•   Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our platform(s).

Our services are not intended for children and we do not knowingly collect data relating to children.

Where we need to collect personal data by law, or under the terms of an agreement we have with you, and you fail to provide that data when requested, we may not be able to perform the agreement we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel our services you have with us, but we will notify you if this is the case at the time.

2. How Is Your Data Collected

We use different methods to collect data from and about you including:

2.1 Direct interactions

You may give us your data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes data you provide when you apply for our services, set-up preferences, and notifications/ alerts connected to our services, and request marketing to be sent to you.

2.2 Automated technologies or interactions

As you interact with our platform(s), including website and mobile App, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect these data by using cookies and other similar technologies. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

2.3 Third parties or publicly available sources

We will receive data about you from various third parties and public sources as set out below:

•   Technical data by using tracking and analytics tools, such as pixel tags, action tags, web beacons and JavaScript amongst others to collect and analyze information on behavior and engagement with our services.
•   Identity and contact data from publicly available sources such as Companies House or Financial Conduct Authority.

3. How We Use Data We Collect

We use, store, and process data, including personal data, about you to provide, understand, improve, and develop our services, create and maintain a secure environment, and comply with our legal obligations.

•    Customer due diligences and transaction monitoring;
•    Enable you to access and use our services;
•    Process payments, issue invoices and or other kind of documents for payment processing;
•    Operate, protect, improve, and optimize our services and your experience, such as by performing analytics and conducting research;
•    Provide customer services;
•    Communicate with you about your use of our services;
•    Send you service or support messages, updates, security alerts, and transaction notifications;
•    Fraud detection and prevention;
•    Conduct security investigations and risk assessments;
•    Regulatory reporting;
•    Comply with legal obligations (such as anti-money laundering regulations, GDPR);
•    Enforce our rights, interests and claims arising from any legal documents between you and our firm.

We strive to provide you with choices regarding certain data uses, particularly around marketing and advertising. We may also use your data to personalise and to target more effectively our marketing communications to ensure, to the extent possible, that any marketing-related correspondence is relevant to you. To opt out of receiving marketing-related correspondence from us, please contact us. We will get your express opt-in consent before we share your data with any third party for marketing purposes.

We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

4. With Whom Do We Share Personal Data

With third party service providers: We may share personal data with third party service providers that support us in providing our services, products and/or platforms with functions at our decision and our behalf.

These third-party service providers may for example:

•    Conduct due diligence and transaction monitoring;
•    Fraud detection and prevention;
•    Risk assessment and monitoring;
•    Process your transactions through third party platforms and software tools (e.g. through the integration with our APIs);
•    Provide customer support, IT support and development services;
•    Provide audit and accountancy services;
•    Provide legal, compliance or other consultancy services;
•    Provide Marketing and Public Relations services.

These providers have limited access only to your data necessary to perform the tasks for which they were contracted for on our behalf and are contractually bound to protect and to use it only for the purposes for which it was disclosed and consistent with this Policy.

With other third parties as permitted or required by law: We may share data about you:

•    If we need to do so to comply with a law, legal process or regulations;
•    As requested by law enforcement authorities or other
•    government officials, or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to us;
•    If we believe, in our sole discretion, that the disclosure of
•    Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
•    To protect the vital interests of a person;
•    To investigate violations of or enforce a user agreement or other legal terms applicable to our services;
•    To protect our property, services and legal rights;
•    To facilitate a purchase or sale of all or part of our business;
•    To help assess and manage risk and prevent fraud against us, our clients and fraud involving our services; and
•    To support our audit, compliance, and corporate governance functions.

With your consent: We will also share your personal data and other data with your consent or direction, including if you authorize an account connection with a third-party account or platform.

We may also share aggregated data (data about our users that we combine together so that it no longer identifies or references an individual user) and other anonymized data for regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising, and other business purposes. Aggregated data is not considered personal data in law. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Policy.

We may monitor or record telephone calls, emails, web chat or other communications with you for regulatory, security, customer services or training purposes.

If the Data Controller is involved in any merger, acquisition, reorganization, sale of assets, transfer of portfolio, bankruptcy, or insolvency event, then we may sell, transfer or share some or all of our assets, including your data in connection with such transaction or in contemplation of such transaction (e.g., pre-trading due diligence). In this event, we will notify you before your personal data is transferred to a different legal person and/or becomes subject to a different privacy policy.

5. Your Rights

You may exercise any of the rights described in this section by contacting us at info@Nexus-Pay.co. Please note that we may ask you to verify your identity before taking further action on your request. Please note that upon receipt of your instruction we shall try our best to provide you with the requested data and resolve your request in reasonable time, subject to all obligations which we or the related companies have under the applicable laws.

5.1 Managing your data

You have the right to obtain the following:

•    Confirmation of whether, and where, we are processing your personal data;
•    Data about the purposes of the processing;
•    Data about the categories of data being processed;
•    Data about the categories of recipients with whom the data may be shared;
•    Data about the period for which the data will be stored (or the criteria used to determine that period);
•    Data about the existence of the rights to erasure, to rectification, to restriction of processing and to object to processing;
•    Data about the existence of the right to complain to any regulator;
•    Where the data was not collected from you, data as to the source of the data; and data about the existence of, and an explanation of the logic involved in, any automated processing.

Additionally, you may request a copy of the personal data being processed.

5.2 Rectification of inaccurate or incomplete data

You have the right to ask us to correct inaccurate or incomplete personal data concerning you (and which you cannot update yourself via our platform(s)).

5.3 Data access and portability

You have the right to receive a copy of your personal data in a structured, commonly used, machine-readable format that supports re-use, and store your personal data for further personal use on a private device.

5.4 Data Retention and Erasure

We generally retain your personal data for as long as is necessary for the performance of the contract between you and us and to comply with our regulatory obligations. If you no longer want us to use your data to provide service to you, you can request that we erase your personal data and cancel our services to you, providing you are in good standing, not blocked or somehow limited for compliance, risk or regulatory reasons, or due to your outstanding obligation to us, court order, pledge or order by another regulator or other reason which prevent us by law to cancel our services to you. Because we are a financial institution regulated by Financial Conduct Authority, we are obliged under Payment Services Regulations and anti-money laundering regulations to keep your personal data and all transaction history for a period of 5 years after the termination of the relationship with you. Please note that if you request the erasure of your personal data:

•    We may retain some of your data as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing security. For example, if we suspend services to a particular client for fraud or safety reasons, we may retain certain data from that client to prevent the client concerned applies for a new service in the future. We are also obliged to retain personal data which we have collected for the purposes of complying with the relevant anti-money laundering and anti-terrorism financing for a period as defined under the applicable law, that is, 5 years after termination of an agreement;
•    We may retain and use your data to the extent necessary to comply with our legal obligations;
•    Because we maintain the system to protect from accidental or malicious loss and destruction, residual copies of your personal data may not be removed from our backup systems for a limited period of time.

5.5 Withdrawing consent and restriction of processing

Where you have provided your consent to the processing of your personal data by us you may withdraw your consent at any time by changing your Account settings or by sending a communication to us specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. Additionally, in some jurisdictions, applicable law may give you the right to limit the ways in which we use your personal data, in particular where:

•    you contest the accuracy of your personal data;
•    the processing is unlawful and you oppose the erasure of your personal data;
•    we no longer need your personal data for the purposes of the processing, but you require the data for the establishment, exercise or defense of legal claims; or
•    you have objected to the processing and pending the verification whether our legitimate grounds override your own.

5.6 Objection to processing

In some jurisdictions, applicable law may entitle you to require us not to process your personal data for certain specific purposes where such processing is based on legitimate interest. If you object to such processing we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for such processing, or such processing is required for the establishment, exercise or defense of legal claims. Please note that we are obliged under AML laws to make risk profiling of our customers upon opening of the relationship and constantly during the relationship and this is a legitimate reason. In case you do not wish us to process your personal data for certain specific purposes, which are legitimate purposes to us, you shall have to close your account or we may have to stop providing you some or all of the Services, subject to all conditions for the closing of the account, specified above in this Section.

Where your personal data is processed for direct marketing purposes, you may, at any time ask us to cease processing your data for these direct marketing purposes by sending an e-mail to info@Nexus-Pay.co.

5.7 Right to Withdraw Consent

Where you have consented to our processing of your data, you have the right to withdraw such consent at any time. In the event you wish to withdraw your consent to processing, please contact us at info@Nexus-Pay.co.

5.8 Prevent automated decision-taking

In certain circumstances, you have the right not to be subject to decisions being taken solely on the basis of automated processing.

6. International Transfers

In case personal data is shared with corporate affiliates or third-party service providers outside the EEA, we have – prior to sharing your data with such corporate affiliate or third-party service provider – established the necessary means to ensure an adequate level of data protection. We will only transfer your data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of Personal Data in non-EU countries.

Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of Personal Data to third countries.

We will provide further data on the means to ensure an adequate level of data protection on request.

7. Third-party links

Our platform(s), including website and mobile App, may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our website, we encourage you to read the privacy policy of every website you visit.

8. Security

We take the responsibility to ensure that your personal data is secure. To prevent unauthorized access or disclosure of data we maintain physical, electronic and procedural safeguards that comply with applicable regulations to guard non-public personal data. All internet communication is secured using Secure Socket Layer (SSL) technology. We restrict access to your personally identifiable data only to employees who need to know that data in order to provide services to you.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

While we are dedicated to securing our systems, you are responsible for verifying that the data we maintain about you is accurate and current.

9. Changes To This Policy

We keep our privacy policy under regular review. We reserve the right to modify this Policy at any time in accordance with this provision. If we make changes to this Policy, we will post the revised Policy on our platform(s). If you disagree with the revised Policy, please inform us immediately and we may have to cancel our services you have with us. Otherwise, your continued use of our services or access to our platform(s) after the effective date of the revised Policy will be subject to the updated Policy.

10. Your Duty To Inform Us Of Changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your data changes during your relationship with us.

11. Contact Us

We have appointed a data protection manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the data protection manager using the details set out below.

Email: info@Nexus-Pay.co

Postal address: Suite 8 2nd Floor, St James House, Pendleton Way, Salford, Great Manchester, M6 5FW, United Kingdom

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Please tick the appropriate box(s) and sign below.

I/We acknowledge receipt and accept this Privacy Policy.

I/We were told and understood that I am/we are allowed to give separate consent for different personal data processing operations as mentioned above. [If applicable] At the time of signing this Privacy Policy, I/We refuse consent on the following personal data processing operation(s):Please specify

Name:

Signature:

Date: