Privacy policy
Last update: 1 May 2023
Your privacy is of significance to NECTARO (NECTARO, “Platform”, “we”, “us”, “our”) and we are committed to maximally avoiding risk when processing your personal data, as well as to process only as much data as it would be necessary for achievement of our purposes or providing services upon your request taking into consideration the proportionality principle.
This Privacy policy:
- applies if you are visiting our Platform, applying for services, using our services or otherwise communicating with us;
- aims to give you information on how we process your personal data;
- is instrumental in NECTARO personal data protection system and it is bound to every NECTARO's employee, associated company and subcontractor;
- supplements other notices and privacy policies and is not intended to override them.
NECTARO applies the Privacy policy concluding agreements and maintaining relationships with data protection authorities.
NECTARO processes your personal data in material compliance with the following principal provisions:
- We respect and comply with the requirements of the General Data Protection Regulation (GDPR) and other applicable national and international laws (“LAWS”).
- We are fair and maximally transparent with you regarding your data processing and protection.
- All the information is being provided to you in concise, transparent, intelligible and easily accessible form, using plain and clear language.
- We will not process your data without having a legal basis and specified, explicit and legitimate purposes.
- By default, we process only personal data, which is:
- necessary to achieve the current purpose.
- accurate and, where necessary, kept up to date.
- Upon achievement of a purpose, we are either deleting your personal data or anonymizing it, so it is impossible to identify you. When data is being processed for security, statistical and analytical purposes, we apply anonymization or additional safeguards preventing any undue impact on your person (functional separation).
- We perform and constantly improve organizational and technical measures ensuring your data protection against any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the data.
- We conduct staff training on a regular basis regarding data protection matters.
- We carry out all the necessary measures for the relevant safeguards to be included in agreements with other data controllers and processors, as well as responsibilities are clearly shared subject to the requirements of LAWS.
- We use LAWS-compliant information and communication technologies (ICT) in processing your data, ensuring ICT integrity, confidentiality, availability and resilience in line with relevant risk level.
- Our employees are held accountable for any breaches of this Privacy policy.
WHAT DATA DOES NECTARO COLLECT ABOUT YOU?
We are collecting different categories of data depending on your request for services, requirements of LAWS and our legitimate interests conducting our business.
When you provide us with your data, you are telling us that the information is true, accurate, complete and current. You also confirm that you have authorization to provide it to us.
Any contact data (emails, phones etc.) provided by you throughout any interaction will be treated as your personal contacts and saved in your profile for future communications, unless specifically requested not to be stored (one-time communication only).
CHILDREN DATA
NECTARO does not aim any of our products or services directly at children and we do not knowingly collect personal data about children, except in cases where it might be indirectly implied by the nature of the services.
Separately from other data, there are specified categories of data as cookies. We use cookies when you are using our web-based Platforms (e.g. browsing websites, applications of NECTARO, sending email and text messages, communicating through social media accounts). The cookies mostly relate to the necessity of providing services You have explicitly requested (e.g., to open a website or some section of it, making payments etc.) or Your authentication during the login process.
Additionally, when You are visiting our websites, we may collect certain information automatically from your device in order to provide services requested by you, ensure security and for statistical purposes; automatic collection might include Your IP address, device type, browser-type (such as Chrome, Safari, Firefox or Internet Explorer), Your operating system and carrier, as well as details of any referring website or exit pages.
Please find additional information on the usage of cookies HERE.
WHY DO WE NEED YOUR DATA?
Depending on relationship (client, partner agreement, website user, etc.) we collect only the minimal personal data that is absolutely necessary for achieving processing purposes (e.g. conclude the service contract, open an account, make a payment, detect fraud, prevent identity thefts, send You special offers, handle Your requests and claims, render customer support etc.).
Main groups of processing purposes you can find HERE.
Note that we may process Your personal data for more than one lawful ground depending on the specific purpose for which we are using Your data. For example, when You have closed the account (contractual obligations) we will still keep processing minimal personal data to comply with anti-money laundering laws (legal obligation) or to protect/ exercise our legal claims (legitimate interests).
For the most part in rendering our services, the legal basis of processing will be our contractual obligations, Your consent or our legitimate interest. Please contact us if You need details about the specific legal ground, we are relying on to process Your personal data in each case.
WHO IS RESPONSIBLE FOR YOUR DATA PROTECTION?
The controller (also operator of website) involved in processing is liable for confidentiality, integrity and availability of your personal data, as well as for the damage caused by his activities which infringe the LAWS and/ or your privacy.
A processor shall be liable only where it has not complied with the obligations of the LAWS specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller.
When the data is collected, we will either inform You on the current controller or it will arise out of the document/ web form you are filling in. If You are providing personal data of other data subjects, You shall be solely liable for obtaining consent from them or using other legal basis for their data processing (e.g. contract, power of attorney etc.) and inform them on NECTARO's policies about their personal data transmitting and processing by NECTARO.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we collect personal data to comply with LAWS or under the terms of a contract where you are a party to such a contract, and you fail to provide your data when requested, we may not be able to perform the contract (for example, to provide you with goods or services, open an account, make a transaction etc.). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
DISCLOSURE AFTER COLLECTING
Generally, we do not share your data with third parties.
The only way NECTARO is doing so, when it has a legal basis and processing purpose for doing so. When disclosing your data, we require recipients to follow LAWS and data protection measures when they process your data.
Our Platform and services may contain links to third-party websites, products and services. We may also use or offer products or services from third parties - for example, a t
When you use a third-party service or click a link to a third-party website, our Privacy policy is not applicable. Please, contact the relevant third party to obtain their
Depending on processing purposes, we might share your data with associated companies of NECTARO, our services and goods suppliers, as well as other third parties. Other detailed information on our sharing practices you can find HERE.
SECURITY MEASURES
Considering the state of the art and costs of implementation, the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for your rights and freedoms posed by the processing, NECTARO ensures and permanently improves security measures to protect your data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
To achieve the highest security level, we are using organizational and technical measures. The most typical measures you can find HERE.
YOUR RIGHTS
The scope of your rights (as data subjects) is set under each current processing purpose and legal basis which will be informed to you when NECTARO collects / you are providing y
In case we are a processor, the main contact for data subjects should remain a data controller. In such cases we will provide possible support in contacting the relevant controller.
Right to be informed
Every time we collect your data, NECTARO will inform you at least of the identity of a controller, the purposes of data processing and sources, where to find additional information.
In the event we collect your data from other controllers (processors) you will also be informed in a timely manner.
So, our communication is made in an intelligible, plain and clear way, but the texts are not burdensome, we will not inform you of details you already know.
In case the processing of your data is based on consent, you will have the right to withdraw your consent at any time. Please, be informed that the withdrawal of consent is not affecting the lawfulness of processing based on consent before its withdrawal.
There might also be other cases where your rights to be informed are limited.
Right of access
You are entitled to receive confirmation from NECTARO as to whether or not your data is being processed by us, and if so, you have a right to access the relevant data.
According to AML law article 52(2) we might limit access to your personal data.
Right to rectify and add
You are entitled to obtain from NECTARO without undue delay the rectification of inaccurate personal data. Considering purposes of processing you are also entitled to supplement incomplete personal data.
Right to erasure (“right to be forgotten”)
You are entitled to obtain the erasure of your data from NECTARO. In cases set by LAWS we shall delete your data.
Unfortunately, since the exceptional character of exercitation of such rights the LAWS set restrictions when your request might be refused.
Right to restriction of processing
In current cases you are entitled to file a request to restrict your data processing.
Nonetheless the restriction of processing we will still be entitled to:
- Store your data;
- Process your data in any manner, if:
- You have consented to it;
- We must establish, exercise or defend our legal claims;
- The rights of another person shall be protected;
- There are reasons for this important public interest.
Right to data portability
You are entitled to transmit your data, which you have provided to NECTARO, to another controller, where:
- the processing is based on consent or on a contract; and
- the processing is carried out by automated means.
Unfortunately, there might be cases when your data transmission to another controller is not technically feasible. In this regard we will try to do our best in providing maximum support, so another controller receives your data.
Right to object (opt-out)
If NECTARO processes your data:
- the performance of a task carried out in the public interest, or
- in the exercise of official authority vested in us, or
- for the purposes of the legitimate interests pursued by us or by a third party,
You are entitled to object to such processing, specifying in your request the particular situation (reason for objection).
In such cases we will not process your data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
There are also other cases set by LAWS, when you are entitled to object, as well as the conditions under which the right to object might be exercised.
Your rights regarding automated individual decision-making, including profiling
You are entitled not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where the decision:
- is necessary for entering into, or performance of, a contract between you and NECTARO; or
- is authorized by LAWS to which NECTARO is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
Right to lodge a complaint
If we are not able to resolve any dispute or claim arising from Your data processing under this Policy in an amicable way, you are entitled to lodge a complaint with a supervisory authority.
RESTRICTIONS OF YOUR RIGHTS AND PRINCIPAL PROVISIONS
Please, be informed that each of your rights and some of the principal provisions set herein might be restricted due to legislative measures, mostly to the advantage of other natural and legal persons, as well as national interests and public security.
DATA TRANSFERS TO THIRD COUNTRIES AND INTERNATIONAL ORGANIZATIONS
NECTARO might transfer your data to a third country (outside EEA) providing safeguards and security measures.
Such transfers might take place in cases, if:
- we have to perform an agreement concluded between you and NECTARO;
- we have to carry out pre-contractual measures in order to prepare a contract;
- if you consented to the proposed transfer;
- transfer is based on adequacy decision made by the European Commission or standard data protection clauses, e.g. when we share the data with associated companies located in Moldova, India and the Philippines or when we use data storage facilities of our partners operating in the USA under relevant safeguards;
- other cases may be applicable (you shall be informed prior to any such transfer).
HOW DOES NECTARO TREAT YOUR REQUESTS?
Due to the remote nature of our services, it is important for us to keep communicating through the same email (Verified Email), which was used by you to request a price quote, open an account or purchase our services. Verified Email is the key communication channel for us, so we can give quick answers and not divulge your data to any malicious person. You might also submit a request via voice call, but still, we must use Verified Email to reply, due to law requirements and in order to protect our legal claims.
Receiving your request on exercising your rights under this Privacy policy, we will process your request without undue delay and in any event within one month of receipt of the request, except in cases where we are not able to identify you (we are either not processing your personal data or it was anonymized/ erased) or the requested fee was not paid. One-month period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
In case, your requests are manifestly unfounded or excessive (e.g., repeats the substance of previous requests within period of 12 months or providing false or misleading information), we might refuse to act on your request explaining reasons or you might be charged a reasonable fee considering the administrative costs of providing the information or communication or taking the action requested.
In case we have reasonable doubts concerning the identity of the natural person (also authorized representative) making the request, we may request the provision of additional information necessary to confirm the identity of such a natural person and/ or to prevent identity fraud.
You are entitled to receive one copy of your data free of charge. For any further copies we may charge a reasonable fee based on administrative costs. The right to obtain a copy shall not adversely affect the rights and freedoms of others.
NECTARO CONTACTS
The controller of your data is Nectaro LLC (Latvia), with legal address at Jeruzalemes street 1, Riga, LV-1010, Latvia.
In case you have any questions regarding your data processing by NECTARO, please contact us at [email protected]
AMENDMENTS AND EFFECTIVE DATE
NECTARO might make minor amendments to this Privacy policy which shall not leave negative impact to your privacy, except if LAWS set otherwise.
In case of material changes we will publish such amendments and amended policy on our websites and, as far as possible, notify you either by email or by pop-up windows when you are entering our websites next time.
Amendments shall enter into force on the Effective Date.
The actual version of the Privacy policy is published on our websites.
The Effective Date of the Privacy policy: May 1st, 2023
The term "processing" means:
any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The term "personal data" means:
any information relating to an identified or identifiable natural person ("data subject");
Why do we need your data?
NECTARO processes your personal data in order to:
The purpose of processing
The legal basis of processing
Data Storage Period (criteria)
Creation and usage of online account
Contractual obligations
Till the account is closed, except if other purposes set a longer period (e.g. law requirements or protection/exercise of our legal claims)
Providing investment services and ancillary (non-core) investment services - MAIN ACTIVITY, including any alerts, transactional and administrative announcements
Contractual obligations
Till the contract is terminated, except if other purposes set a longer period (e.g. law requirements or protection/exercise of our legal claims)
Client identification, including biometric data processing for the remote identification
Legal obligation (Section III and art.37 of AML law, also GDPR art.9(2)(g))
No more than 5 years after the contract on MAIN ACTIVITY is terminated or an occasional transaction is executed, except if authorities require to expand the period;
the total retention period shall not exceed 10 years after the contract on MAIN ACTIVITY is terminated
Sanction screening
Not more than 10 years after the current sanctions are repealed
Assessing the AML risk of applicant/actual client and organizing due diligence
Legal obligation (Section III and art.37 of AML law)
No more than 5 years after the contract on MAIN ACTIVITY is terminated or an occasional transaction is executed, except if authorities require to expand the period;
the total retention period shall not exceed 10 years after the contract on MAIN ACTIVITY is terminated
Assessing AML risk of Politically Exposed Persons
Legal obligation (Section III and art.37 of AML law, also GDPR art.9(2)(g))
No more than 5 years after the contract on MAIN ACTIVITY is terminated or an occasional transaction is executed, except if authorities require to expand the period;
the total retention period shall not exceed 10 years after the contract on MAIN ACTIVITY is terminated
Reporting suspicious transactions to state authorities
Legal obligation (Section IV2 of AML law)
No more than 5 years after the contract on MAIN ACTIVITY is terminated or an occasional transaction is executed, except if authorities require to expand the period; the total retention period shall not exceed 10 years after the contract on MAIN ACTIVITY is terminated
Exchange of information between financial institutions
No more than 5 years after the contract on MAIN ACTIVITY is terminated or an occasional transaction is executed, except if authorities require to expand the period; the total retention period shall not exceed 10 years after the contract on MAIN ACTIVITY is terminated
Fraud Prevention
Legitimate Interests (fraud prevention)
not more than 10 years, except if laws require longer/shorter period
to provide customer support related to the MAIN ACTIVITY (managing inquiries, etc.);
legitimate interest (provision of customer support)
no longer that it is necessary to comply with the current request or to prevent possible negative consequences, as well as protecting/ exercising NECTARO legal claims;
To send marketing sms and chat messages
consent
until the consent was withdrawn; evidence of consent and its withdrawal will be used for our legal claim protection during survival period of legal claims
To send email marketing
Legitimate interests (sending email promotions)
until the consent was withdrawn; evidence of consent and its withdrawal will be used for our legal claim protection during survival period of legal claims
complying with the requirements of data subject requests regarding objection to process personal data for direct marketing purposes (maintenance of Unsubscribe list)
legal obligations (Law on Information Society Services art.9(2))
not more than 10 years, except if laws require longer/shorter period
to ensure the security of our services, property and your data, including troubleshooting, data security analysis, error testing, system maintenance, support, reporting and hosting of data;
legitimate interests
no longer that it is necessary to investigate the incident, no longer than for preventing or remediating any negative consequences, as well as protecting/ exercising NECTARO legal claims
to enhance the quality of our services and customer experience, e.g. conducting surveys, improving staff communication culture, sending holiday greetings;
legitimate interest
until opted out, except evidence of opting out used for our legal claim protection; ORno longer than it is necessary to resolve issues related to the customer experience
to exercise and protect NECTAROS's and our partners' legal claims;
legitimate interests
not more than 10 years after the full termination of relationships with the client, except if laws require longer/shorter period
to comply with the requirements of tax and accounting LAWS;
legal obligations (Accountancy law art.28)
Mostly the retention period is 10 years, but in employment relations the period might be 75 years
To comply with audit requirements (data transfers to certified auditors)
Legal obligations (Law on annual reports art.91)
Evidence of data transfers will be stored not more than 10 years, except if laws require longer/shorter period<
To manage data subject requests under GDPR;
legitimate interests (DS request management)
no longer than it is necessary to investigate and reply to the current request, except if longer period is necessary to protect, exercise legal claims of NECTARO/ third parties
to maintain backup and archive systems and restore data (if necessary);
legitimate interests (for restoring data)
no longer than the backup or archived system is restored to an active system or next processed for the performance of the MAIN ACTIVITY (commercial purposes) or shared with third parties
to use personal data in aggregated form for statistical and analytical purposes, e.g. to improve our website, products/services, UX/UI
legitimate interests (for aggregated reports in order to improve controller's practices)
no longer than the statistical/ analytical report was created
We might collect the following data categories:
- Identifiers or Identity Data such as a first/ middle/ last name, alias, postal address, unique personal identifier (cookie), date of birth, online identifier Internet Protocol address, or other similar identifiers.
- Contact Data includes (billing address, delivery address, email address and telephone numbers, carrier, line type, general location city/ country).
- Commercial Information, including products or services purchased or other purchasing or consuming histories or tendencies, as well as Financial Data (bank account and payment card details) and Transaction Data (details about payments to and from you and other details of products and services you have purchased from us).
- Network Activity Information, including, but not limited to Technical Data (your login data, browser type and version, browsing history, search history, browser plug-in types and versions, operating system and Platform, and other technology on the devices you use to access our Platform), and information regarding your interaction with our Platform (Usage Data).
- General (country, state or city, time zone) Geolocation data (phone code area, IP address)
- Audio (e.g. call records) and Electronic (e.g. email threads) information
- Inferences (conclusions) drawn from any type of personal data collected by us, including, but not limited to Profile Data (your preferences, characteristics, psychological trends, behavior, attitudes, intelligence, feedback and survey responses) and Marketing Data (your preferences in receiving marketing from us and our partners and your communication preferences).
- Copy of Passport/ID - for identification purposes.
- Biometric data solely for the remote identification.
The term "controller" means:
the natural or legal person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of the processing of personal data.
The term "processor" means:
a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
NECTARO TYPICAL SECURITY MEASURES
- Authorization and authentication mechanisms;
- Content encryption;
- Pseudonymization;
- Audit trails;
- Access restriction;
- Backup systems;
- Physical security:
- Security staff;
- Pass entry system;
- Alarm system;
- Video surveillance;
- Limited access to server rooms;
- Fire alarm;
- Protection from power cuts;
- Internal control procedures;
- Timely communication on data protection breaches, maximally mitigating possible adverse effects;
- Firewalls;
- Strong Password Criteria;
- Penetration tests;
- Incorporated internal policies, procedures and documents;
- Staff training;
- Etc.
Information we are providing to you, if we are collecting your data directly from you
- the identity and the contact details of NECTARO/our representative;
- the contact details of the data protection officer, where applicable;
- the purposes of the processing for which your personal data are intended as well as the legal basis for the processing;
- the legitimate interests pursued by NECTARO or by a third party, where applicable;
- the recipients or categories of recipients of your personal data, if any;
- where applicable, the fact that NECTARO intends to transfer personal data to a third country or international organization and reference to the appropriate or suitable safeguards;
- the period for which your personal data will be stored, or if that is not possible, the criteria used to determine that period;
- the existence of the right to request from NECTARO access to and rectification or erasure of personal data or restriction of processing concerning you or to object to processing as well as the right to data portability;
- where the processing is based on consent, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- the right to lodge a complaint with a supervisory authority;
- whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide your personal data and of the possible consequences of failure to provide such data;
- the existence of automated decision-making, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Information we are providing to you, if we are collecting your data indirectly
- the identity and the contact details of NECTARO and, where applicable, of the NECTARO's representative;
- the contact details of the data protection officer, where applicable;
- the purposes of the processing for which your personal data are intended as well as the legal basis for the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients of your personal data, if any;
- where applicable, the fact that NECTARO intends to transfer personal data to a third country or international organization and the reference to the appropriate or suitable safeguards;
- the period for which your personal data will be stored, or if that is not possible, the criteria used to determine that period;
- the legitimate interests pursued by NECTARO or by a third party, where applicable;
- the existence of the right to request from NECTARO access to and rectification or erasure of personal data or restriction of processing concerning you or to object to processing as well as the right to data portability;
- where the processing is based on consent, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- the right to lodge a complaint with a supervisory authority;
- from which source your personal data originate, and if applicable, whether it came from publicly accessible sources;
- the existence of automated decision-making, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
In case the data is not collected directly from you we shall provide the information:
- within a reasonable period after obtaining your personal data, but at the latest within one month, having regard to the specific circumstances in which your personal data are processed;
- if your personal data are to be used for communication with you, at the latest at the time of the first communication; or
- if a disclosure to another recipient is envisaged, at the latest when your personal data are first disclosed.
In case data is not collected directly from you, the right to be informed shall not apply when:
- obtaining or disclosure of your data is expressly laid down by LAWS, or
- the provision of such information proves impossible or would involve a disproportionate effort, in particular for processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
- we are prohibited to inform you on it, if and insofar as the data must remain confidential subject to an obligation of professional secrecy regulated by LAWS, including a statutory obligation of secrecy
In such cases we will provide appropriate safeguards.
You are entitled to access to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from us rectification or erasure of your data or restriction of processing of your data or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where your personal data are not collected from you, any available information as to their source;
- the existence of automated decision-making, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you;
- about appropriate safeguards we are providing regarding your data transfers to a third country or to an international organization in accordance with the requirements of LAWS.
Cases, when you have the right to obtain from NECTARO the erasure of your data:
- your data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw consent on which the processing is based, and we have no other legal ground for the processing;
- you object to the processing pursuant to law requirements and there are no overriding legitimate grounds for the processing, or you object against the processing for the marketing purposes;
- your personal data has been unlawfully processed;
- your personal data has to be erased for compliance with a legal obligation in LAWS to which we are subject.
The erasure of your personal data is not applicable to the extent that processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by LAWS to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- for reasons of public interest in the area of public health in accordance with LAWS;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with law requirements in to inform data subjects is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defense of legal claims.
You are entitled to obtain from us restriction of processing where one of the following applies:
- you are contesting the accuracy of your data, for a period enabling us to verify the accuracy of your data;
- the processing is unlawful and you oppose the erasure of your data and request the restriction of their use instead;
- we no longer need your data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
- you have objected to processing pursuant to law requirements pending the verification whether our legitimate grounds override those of your interests.
Conditions of right to object
Where personal data are processed for direct marketing purposes1, you are entitled to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes, unless you have provided your consent.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to law requirements, you, on grounds relating to your particular situation, are entitled to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
'Profiling'
means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
Restrictions
- The law to which NECTARO is subject may restrict by way of a legislative measure the scope of the obligations and rights provided in this Policy, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:
- national security;
- defense;
- public security;
- the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
- other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation a matters, public health and social security;
- the protection of judicial independence and judicial proceedings;
- the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;
- a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a) to (e) and (g);
- the protection of the data subject or the rights and freedoms of others;
- the enforcement of civil law claims.
- In particular, any legislative measure referred to in paragraph 1 shall contain specific provisions at least, where relevant, as to:
- the purposes of the processing or categories of processing;
- the categories of personal data;
- the scope of the restrictions introduced;
- the safeguards to prevent abuse or unlawful access or transfer;
- the specification of the controller or categories of controllers;
- the storage periods and the applicable safeguards taking into account the nature, scope and purposes of the processing or categories of processing;
- the risks to the rights and freedoms of data subjects; and
- the right of data subjects to be informed about the restriction, unless that may be prejudicial to the purpose of the restriction.
Objection rights
You are entitled to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is necessary (1) for the performance of a task carried out in the public interest or (2) for the purposes of the legitimate interests pursued by NECTARO or by a third party. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Automated individual decision-making, including profiling
- You are entitled not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affects You.
- Paragraph 1 shall not apply if the decision:
- is necessary for entering into, or performance of, a contract between You and NECTARO;
- is authorized by law;
- is based on Your explicit consent.
- In the cases referred to in points (a) and (c) of paragraph 2, NECTARO shall provide at least the right to obtain human intervention on the part of NECTARO, to express Your point of view and to contest the decision.
- Decisions referred to in paragraph 2 shall not be based on special categories of personal data , unless You have provided the explicit consent or the processing is necessary for reasons of substantial public interest and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.
Objection against marketing purposes
Where Your personal data are processed for direct marketing purposes, You are entitled to object at any time to processing of personal data concerning You for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Processing for the scientific, archiving or historical research purposes
Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with LAWS, for the rights and freedoms of the data subject. Those safeguards shall ensure that technical and organizational measures are in place in particular in order to ensure respect for the principle of data minimization. Those measures may include pseudonymization provided that those purposes can be fulfilled in that manner. Where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner.
AML
"AML" means prevention of money laundering, terrorism and proliferation financing.
Unlock the potential of your money today!
Set up your account in minutes and backupyour future by investing with Nectaro.