Privacy Policy

The following privacy policy (hereafter referred to as “Privacy Policy”) has been drafted by Nilos Financial Services Ltd (“Nilos” or “we”, “our”, “ours”), editor and developer of the Nilos application.

While Nilos is acting as a data controller, other companies owned by Nilos may process personal data.

Nilos can be contacted by email, at the following email address: privacy@nilos.io

This Privacy Policy will describe how we process personal data of natural persons using our services, how we share data with third parties, the rights of data subjects or how data subjects can contact us to have information on personal data or exercise some offered by privacy regulations. Personal data refer to any information relating to an identified or identifiable natural person.

In drafting this Privacy Policy and making it available to the public, we intend to fulfill our duty to informdata subjects within the meaning of articles 13/14 of the Regulation EU (2016/679) of the EU Parliament and the Council of 27 April 2016, better known as the “GDPR”.

We may amend this Privacy Policy from time to time, in which case we will update you by any available means, including by email or a pop-up notification.

1. Definitions

In order for data subjects to better understand this Privacy Policy, we will use the following definitions to better refer to some technical terms relevant to our Services. Accordingly, where they are written with a capital letter, these terms shall have the following meaning:

  • “Account” refers to the dedicated and individualized digital interface associated with a Client and part of the App.
  • "App” or “Nilos App” refers to the website-hosted software solution accessible through https://nilos.io.
  • “Blockchain”: refers to a permissionless public online ledger supporting the distributedrecording of encrypted data, e.g., the Ethereum blockchain.
  • “Blockchain Address” refers to a unique sequence of numbers, letters and cryptographic functions stored and recorded on a Blockchain.
  • “Services” refer to all the services provided by Nilos through the Nilos App.
  • "Website" refers to the Website https://nilos.io.
2. Data subjects

Depending on the context, Data Subjects to whom this Privacy Policy is primarily addressed include, andas the case may be, “you”, “your” or “yours” may refer to:

  • “Client” refers to one of our client subscribing to the App as a legal person. Depending on the context, “Client” may also refer to the legal entity contracting with us.
  • “Business Representative” refers to an employee, legal representative or otherwise member of a Client contracting with Nilos.

Our Clients and Business Representatives are our “Users”. Other Data Subjects include:

  • “Effective Beneficiaries” refers to natural persons that may appear on legal documents when we undertake KYC/AML procedures.
  • “Partner” refers to a natural person identified in the Nilos App having participated in a project with a Client and receiving some payments (in fiat currency or digital assets).
  • “Visitors” refers to any natural person visiting our Website.

The term “Data Subjects” shall refer to all of those individuals.

3. Personal data we collect

While using the Nilos App, we may collect directly or indirectly the following personal data:

  • Identification data: we collect personal data necessary to identify some Data Subjects and in particular our Users, Effective Beneficiaries and Partners, in particular by collecting official documents. We collect personal data such as name, surname, address and face images (through a face recognition tool)
  • Economic and financial information: we collect personal data necessary to evaluate thefinancial situation of some Data Subjects and in particular our Users, which may includebanking details, past transactions executed on Blockchains, Blockchain Addresses, revenues,etc.
  • Connection / technical data: we collect personal data necessary to provide our Services such as email, passwords, IP addresses, logs, authentication cookies, etc.
4. Purposes and legal basis

Below is a table which summarizes the purposes and legal basis of the personal data we collect through our various data processing.

Processing Purpose Legal Basis
AML / Compliance Undertaking KYC and KYB procedures in order to meet legal obligations Compliance with a legal obligation: in particular AML regulations around the world
Use of the Nilos App and account Enabling Users to access and use the Nilos App & Services Performance of a contract: the Nilos Service Agreement
Product analytics Having a better understanding of our Users Legitimate interest: our legitimate interest of improving the Nilos App
Website analytics Having a better understanding of the behavior of Visitors Legitimate interest: our legitimate interest to understand who is visiting our Website
Marketing Offering the Nilos App & Services to future customers Legitimate interest: our legitimate interest of marketing the Nilos App
5. Data Storage

From a general standpoint, we store personal data as long as you use the App and the Services and more broadly any of our services.

Once your Account has been inactive for a certain period of time, if you choose to delete your onlineAccount or end your relationship with Nilos in any manner or if we terminate our relationship with you,we will nevertheless keep and store your personal data for a certain period of time.

As a general rule, we will keep record of personal data for a period up to 8 years after the end of ourrelationship (materialized, for instance, by the deletion of your Account), for various legal reasons,including AML regulations, digital assets regulation, statute of limitation rules and potential litigationwhere we may be involved and where we might need your personal data. This retention period isapplicable, at the moment, to most of the personal data we process.

6. Sharing your personal data with other recipients

We use a series of third-party service providers in order to provide the Services. These providers include:

  • Hosting: we use third-party cloud & hosting service providers to store our data, which include all personal data from Data Subjects.
  • Custody: we use a third-party service provider in order to securely store part of the private keys of Blockchain Addresses and grant access to digital assets on the Blockchain. Such 4 providers have access to your (public) Blockchain Address but they do not know which identity is linked to such Blockchain Address.
  • Payments: we use payment service providers to process fiat payments. Those providers may have access to your identity and your banking details.
  • Compliance: we use third-party service providers for compliance purposes, such as the screening of Blockchain Addresses, the onboarding and KYC of our Users or face recognition tools. Those providers have access to some identification data appearing on the official documents you provide.
  • Analytics & monitoring: we use technical providers to monitor the activity of Visitors and Users on our Website and / or the Nilos App.
7. Your rights

Data Subjects are informed that they benefit from a number of privacy rights as provided for in articles 15 to 22 of the GDPR, that is, in particular:

  • The right to request confirmation of whether Nilos processes personal data relating to you, and if so, to request a copy of that personal data;
  • The right to request that Nilos rectifies or updates your personal data that is inaccurate, incomplete or outdated;
  • The right to request that Nilos erase your personal data in certain circumstances provided by the law;
  • The right to request that Nilos restrict the use of your Personal Data in certain circumstances, such as while Nilos considers another request that you have submitted (including a request that Nilos make an update to your personal data);
  • The right to request that we export your personal data that we hold to another company, where technically feasible;
  • Where the processing of your personal data is based on your previously given consent, you have the right to withdraw your consent at any time; and/or
  • Where we process your information based on our legitimate interests, you may also have the right to object to the processing of your personal data. Unless we have compelling legitimate grounds or where it is needed for legal reasons, we will cease processing your information when you object.

According to French privacy laws (articles 84 to 86 of Act n°78-17 of 6 January 1978), you also have theright to specify instructions defining how Nilos shall manage personal data after your death under theconditions of such law.

Although you have rights, the exercise of such rights is not unlimited and each of the rights offered bythe GDPR may be subject to specific conditions. This being said, you should be aware of the following:

  • Your identity: to exercise your right or for any question on privacy, you shall make a request accompanied by a proof of your identity (by email at privacy@nilos.io);
  • Delay to respond: we will process the requests within a reasonable timeframe taking into account the complexity and the number of requests. We shall strive to reply without undue delay and at the latest within one month of receipt of the request. We may extend this period to three (3) months in the case of a complex requests;
  • Potential costs: the exercise of the rights offered by the GDPR are in practice free. However, where your requests may involve important costs, you may have to bear some of them

Finally, you have the option to refer to Nilos’ competent supervisory authority:

Privacy Protection Authority

Government complex, P.O. Box 7360

Tel Aviv, 6107202, Israel

https://www.gov.il/en/departments/the_privacy_protection_authority/govil-landing-page

8. Other information

You are informed that the provision of some of the personal data provided in the context of the use ofthe Services is mandatory and that failure to provide some personal data, in particular, identification data and economic financial information may result in the termination of our contractual relationship.

This is because we are subject to various AML, digital assets and financial regulations which require us to conduct thorough procedures and background checks and failure to do so would expose us to criminal penalties. Consequently, we will not be in a position to provide our Services to you if you fail to provide personal data we may request.

9. Cookies

9.1. A cookie is a small computer file playing the same role as a tracker, stored and read for instance at the moment where a website is visited, an email is read or a mobile app is used, whatever the device used.

9.2 In compliance with EU privacy regulations, Users are informed that “non-essential” cookies maybe deposited on their device without their consent. Non-essential cookies include (i) cookies having astheir essential purpose to allow or enable electronic communications and (ii) are strictly necessary forthe provision of online communication service.