Arrow Holding Oy, trading as www.nexopay.es is an entity incorporated in Finland, Company Registration Nr: FI3358837-3 . With its Registered offices at Antinkatu 3 D, 00100 Helsinki, Finland.
This Privacy Policy outlines arrow Holding Oy trading as www.nexopay.es (” we “, ” our ” or ” the Company “) practices with respect to information collected from users who access our website at www.nexopay.es (” Site “), or otherwise share personal information with us (collectively: ” Users “).
Arrow Holding Oy trading as www.nexopay.es is the controller of your personal data. This means that we are responsible for deciding how we collect, use, process, store and share your personal data as described in this Privacy Policy and will be responsible for complying with the applicable data protection laws in European Union, under the Data Protection Act 2018 which the UK’s transported and implementation from the General Data Protection Regulation (GDPR) in the EEA this notice is provided to you as per the provisions of the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”) and the local data protections laws.
Sharing of Information with Banking Partners and Compliance Providers under GDPR
Our Commitment to Your Privacy:At Arrow Holdings Oy, we are dedicated to safeguarding your privacy and upholding the confidentiality of your personal and financial information. In alignment with the EU General Data Protection Regulation (GDPR), we maintain high standards of data protection and privacy.
Sharing Information with Banking Partners:
In our pursuit to offer you optimal and secure banking services, we may disclose your personal and financial information to our banking partners. This collaboration enables us to process transactions, manage accounts, and provide you with a comprehensive financial experience. Our banking partners adhere to stringent confidentiality and privacy standards, ensuring the protection of your data as mandated by GDPR.
Collaboration with KYC and Compliance Providers:
To comply with legal, regulatory, and GDPR requirements, particularly in relation to Know Your Customer (KYC) and anti-money laundering (AML) directives, we may share your information with specialised KYC and compliance providers. These entities aid us in identity verification, background checks, and legal compliance. This is essential for upholding the security of our services and safeguarding against financial misconduct.Scope of Information Sharing: The information shared may encompass personal identification details, financial records, transaction history, and other pertinent documents you have furnished. We disclose only the necessary information required for legal compliance, service provision, and as permitted under GDPR.
Your Consent and Rights under GDPR:
By utilising our services, you consent to the disclosure of your information as outlined in this policy. In accordance with GDPR, you have the right to access, rectify, erase, restrict, or object to the processing of your personal data. You also have the right to data portability and the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Grounds for data collection
This policy (together with our Terms of Use and Cookies Policy) sets out the basis on which We collect any personal data from You, or that You provide to us, will be processed by Us. Please read the following carefully to understand our views and practices regarding your personal data and how We will treat it.
- Processing of your personal information (meaning, any information which may potentially allow your identification with reasonable means; hereinafter ” Personal Information “)
We encourage our Users to carefully read the Privacy Policy and use it to make inform
Introduction
Arrow Holding Oy trading as www.nexopay.es takes your privacy seriously, and for this reason we collect and use personal data only as it might be needed for us to deliver to you our world-class products, services and websites (collectively, our “Services”). Your personal data includes information such as:
- Name
- Address
- Telephone number
- Email address
- Billing and payment information
- Candidate information (for job applicants)
- Other data collected that could directly or indirectly identify you.
Our Privacy Policy is intended to describe to you how and what data we collect, and how and why we use your personal data. It also describes options we provide for you to access, update or otherwise take control of your personal data that we process.
If at any time you have questions about our practices or any of your rights described below, you may reach our Data Protection Officer (“DPO”) and our dedicated team that supports this office by contacting at: [email protected] .
This inbox is actively monitored and managed so that we can deliver an experience that you can confidently trust.
Grounds for data collection
This policy (together with our Terms of Use and Cookies Policy sets out the basis on which We collect any personal data from You, or that You provide to us, will be processed by Us. Please read the following carefully to understand our views and practices regarding Your personal data and how We will treat it.
Processing of your personal information (meaning, any information which may potentially allow your identification with reasonable means; hereinafter ” Personal Information “)
- When you use the Site, you consent to the collection, storage, use, disclosure and other uses of your Personal Information as described in this Privacy Policy.
We encourage our Users to carefully read the Privacy Policy and use it to make informed decisions.
What information we collect?
We collect two types of data and information from Users.
The first type of information: is un-identified and non-identifiable information pertaining to a User(s), which may be made available or gathered via your use of the Site (“ Non-personal Information ”).
We are not aware of the identity of a User from which the Non-personal Information was collected. Non-personal Information which is being collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preference, access time, etc.) in order to enhance the functionality of our Site.
We may also collect information on your activity on the Site (e.g. pages viewed, online browsing, clicks, actions, etc.).
The second type of information: Personal Information which is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual. Such information includes:
- Device Information: We collect Personal Information from your device. Such information includes geolocation data, IP address, unique identifiers (e.g. MAC address and UUID) and other information which relates to your activity through the Site.
We process personal data in accordance to the requirements of laws and regulations, provisions of applicable contracts and Our legitimate and legal interests, including, but not limited to, the following purposes:
- Legal – We will collect and process personal data for legally grounds this include personal information, such as: is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests and for compliance with legal and financial regulatory obligations to which we are subject .
- To provide services – In order to provide our services We process personal data prior to entering into contractual relationship with a client for rendering services, for taking necessary actions prior to entering in the contract, for implementation of the contracts signed with the client, for assessment of the client and the persons related to a client with an aim to define a possibility and provisions for cooperation, for due cooperation with a client, for signing contracts in client’s interests, for settlements with the client, for communication with a client.
- To ensure performance of our legal obligations – We process personal data to perform Our legal obligations, based on applicable requirements of laws and regulations on electronic money institutions, anti-money laundering and counter-terrorism and proliferation financing, tax liabilities and bookkeeping, payment instruments, payment services, international sanctions, and requirements of other laws and regulations applicable to Us.
- To ensure risk management – before and during cooperation with a client We process personal data to provide compliance with our requirements and those of international payment systems (for example, VISA, Mastercard) and other laws and regulations, to monitor the observance of client’s liabilities, to keep evidence and information on the course of cooperation, to disclose and prevent illegal actions, to ensure physical security and security of Our information systems, to protect our rights, to protect Us against damage, to represent Our interests in the course of examination of claims and disputes. In order to manage risks We process personal data based on the necessity to perform the contract with a client or take actions prior to its signing, based on Our legitimate interests to provide that cooperation conditions are being followed, to prevent potential damages and to protect Our and/or Your interests, to ensure Our/Your security and to perform Our legal obligations in regard to risk management.
How do we receive information about you?
We receive your Personal Information from various sources:
- When you voluntarily provide us your personal details in order to register on our Site;
- When You or voluntarily provide us your personal details in or to use or access our Site in connection with your use of our services this may include;
- Contact information: We collect and process contact and personal information are collected, and respective information are collected at the time on enquiry by email or when you input your details at the time of registration by using our website;
- Registration information: When You register to our Site you will be asked to provide us certain details such as: full name; e-mail or physical address, and other information.
- From third party providers, services and public registers (for example, traffic analytics vendors).
What personal data do we collect?
We collect personal data so that we can provide the best possible experience when you utilise our Services. Much of what you likely consider personal data is collected directly from you when you:
- create an account or purchase any of our Services (e.g.: billing information, including name, address, payment details);
- request assistance from our customer support team (e.g.: phone number, case notes);
- complete contact forms or request newsletters or other information from us (e.g.: email); or
- participate in contests and surveys, apply for a job, or otherwise participate in activities we promote that might require information about you.
If we collect personal data from you in connection with a co-branded offer, it will be clear at the point of collection who is collecting the personal data and whose privacy policy applies. In addition, it will describe any choice options you have in regards to the use and/or sharing of your personal data with a co-branded partner, as well as how to exercise those options.
Cookies
We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our services.
A “cookie” is a small piece of information that a website assign to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier.
How we utilise personal data
We strongly believe in both minimising the personal data we collect and limiting its use and purpose to only that
- for which we have been given permission,
- as necessary to deliver the Services you purchase or interact with, or
- as we might be required or permitted for legal compliance or other lawful purposes. These uses include:
Third party collection of information
Our policy only addresses the use and disclosure of information we collect from you. To the extent you disclose your information to other parties or sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party that you choose to disclose information to.
This Privacy Policy does not apply to the practices of companies that we do not own or control, or to individuals whom we do not employ or manage, including any of the third parties which we may disclose information as set forth in this Privacy Policy.
Advertisements
We may use a third-party advertising technology to serve advertisements when you access the Site. This technology uses your information with regards to your use of the Services to serve advertisements to you (e.g., by placing third-party cookies on your web browser).
Third Party Opt-Out Preferences
You have right to opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). For more information about this practice by NAI and DAA members, and your choices regarding having this information used by these companies, including how to opt-out of third-party ad networks operated by NAI and DAA members, please visit their respective websites: http://optout.networkadvertising.org/#!/ and http://optout.aboutads.info/#!/ .
Marketing
We may use your Personal Information, such as your name, email address, telephone number, etc. ourselves or by using our third party subcontractors for the purpose of providing you with promotional materials, concerning our services, which we believe may interest you.
Out of respect to your right to privacy we provide you within such marketing materials with means to decline receiving further marketing offers from us. If you unsubscribe we will remove your email address or telephone number from our marketing distribution lists.
Please note that even if you have unsubscribed from receiving marketing emails from us, we may send you other types of important e-mail communications without offering you the opportunity to opt out of receiving them. These may include customer service announcements or administrative notices.
Do Not Track’ notifications
Some browsers allow you to automatically notify websites you visit not to track you using a “Do Not Track” signal. There is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” you may wish to visit www.allaboutdnt.com .
Transfer of Personal Data Abroad
Please note that some data recipients may be located outside the EEA. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection.
If you utilise our Services from a country other than the country where our servers are located, your communications with us may result in transferring your personal data across international borders, which will only be done when necessary for the performance of our contract with you, when we have your consent to do so, or when the Standard Contractual Clauses approved in UK and in Europe, a copy of which can be found here, are in place. Also, when you call us or initiate a chat, we may provide you with support from one of our global locations outside your country of origin.
Compliance with legal, regulatory and law enforcement requests.
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any personal data about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (such as subpoena requests), to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.
To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are legally required to provide your personal data to third parties. We will also share your personal data to the extent necessary to comply with data protection rules, and/or Money Laundering data protections regulations and policies when you register or open an account or card programme with us.
Sharing with trusted third parties.
We may share your personal data with affiliated companies within our corporate family, with third parties with which we have partnered to allow you to integrate their services into our own Services, and with trusted third party service providers as necessary for them to perform services on our behalf, such as:
- Processing credit card payments
- Serving advertisements
- Conducting contests or surveys
- Performing analysis of our Services and customers demographics
- Communicating with you, such as by way of email or survey delivery
- Customer relationship management
- Security, risk management and compliance
- Recruiting support and related services
These third parties (and any subcontractors they may be permitted to use) have agreed not to share, use or retain your personal data for any purpose other than as necessary for the provision of Services. For further information on our sub-processors, please refer to list of third party data processors.s
We may for legal or regulatory purposes, disclose your personal data to third parties:
- In the event that we sell or buy any business or assets (whether a result of liquidation, bankruptcy or otherwise), in which case we will disclose your personal data to the prospective seller or buyer of such business or assets; or
- If we sell, buy, merge, are acquired by, or partner with other companies or businesses, or sell some or all of our assets. In such transactions, your personal data may be among the transferred assets.
If you make use of a service that allows you to import contacts (e.g. using email marketing services to send emails on your behalf), we will only use the contacts and any other personal data for the requested service. If you believe that anyone has provided us with your personal data and you would like to request that it be removed from our database, please contact us at [email protected] .
We may use the information for the following:
- Communicating with you – sending you notices regarding our services, providing you with technical information and responding to any customer service issue you may have;
- To communicate with you and to keep you informed of our latest updates and services;
- To serve you advertisements when you use our Site (see more under “Advertisements”);
- To market our websites and products (see more under “Marketing”);
- Conducting statistical and analytical purposes, intended to improve the Site.
In addition to the different uses listed above, we may transfer or disclose Personal Information to our subsidiaries, affiliated companies and subcontractors.
In addition to the purposes listed in this Privacy Policy, we may share Personal Information with our trusted third party providers, who may be located in different jurisdictions across the world, for any of the following purposes:
Hosting and operating our Site;
- Providing you with our services, including providing a personalized display of our Site;
- Storing and processing such information on our behalf;
- Serving you with advertisements and assist us in evaluating the success of our advertising campaigns and help us retarget any of our users;
- Providing you with marketing offers and promotional materials related to our Site and services;
- Performing research, technical diagnostics or analytics;
We may also disclose information if we have good faith to believe that disclosure of such information is helpful or reasonably necessary to:
- comply with any applicable law, regulation, legal process or governmental request;
- enforce our policies (including our Agreement), including investigations of potential violations thereof;
- investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues;
- to establish or exercise our rights to defend against legal claims;
- prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies and/or in case we find it necessary in order to enforce intellectual property or other legal rights.
Delivering, improving, updating and enhancing the Services we provide to you.
We collect various personal data relating to your purchase, use and/or interactions with our Services. We utilise this personal data to:
- Improve and optimise the operation and performance of our Services (again, including our websites and mobile applications)
- Diagnose problems with and identify any security and compliance risks, errors, or needed enhancements to the Services
- Detect and prevent fraud and abuse of our Services and systems
- Collect aggregate statistics about use of the Services
- Understand and analyse how you use our Services and what products and services are most relevant to you
Often, much of the data collected is aggregated or statistical data about how individuals use our Services, and is not linked to any personal data.
Communicating with you.
We may contact you directly or through a third-party service provider regarding products or services you have signed up to or purchased from us, such as necessary to deliver transactional or service related communications.
We may also contact you with offers for additional services we think you’ll find valuable if you give us consent, or where allowed based upon legitimate interests or our existing business relationship.
You don’t need to provide consent as a condition to purchase our goods or services. These contacts may include:
- Email
- Text (SMS) messages
- Detect and prevent fraud and abuse of our Services and systems
- Telephone calls
- Automated phone calls or text messages
You may also update your subscription preferences with respect to receiving communications from us and/or our partners by accessing your “Account Settings” page.
Storage, and retain your personal data
We follow generally accepted standards to store and protect the personal data we collect, both during transmission and once received and stored, including utilisation of encryption where appropriate.
How do we safeguard your information?
We take great care in implementing and maintaining the security of the Site and your information. We employ industry standard procedures and policies to ensure the safety of the information we collect and retain, and prevent unauthorized use of any such information, and we require any third party to comply with similar security requirements, in accordance with this Privacy Policy . Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our Site, and we make no warranty, express, implied or otherwise, that we will prevent such access.
Retention
We will retain your personal information for as long as necessary to provide our services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing client personal data, account opening documents, communications and anything else as required by applicable laws and regulations.
We retain personal data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:
- mandated by law, contract or similar obligations applicable to our business operations;
- for preserving, resolving, defending or enforcing our legal/contractual rights; or
- needed to maintain adequate and accurate business and financial records.
- If you have any questions about the security or retention of your personal data, you can contact us at [email protected] .
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
User Rights
You have the following rights in relation to the personal information we hold about you:
We retain personal data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:
- Your right of access
If you ask us, we will confirm whether we are processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
- Your right to correction (rectification)
If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it corrected. If you are entitled to have information corrected and if we have shared your personal information with others, we will let them know about the rectification where possible. If you ask us, we will also tell you, where possible and lawful to do so, with whom we have shared your personal information so that you can contact them directly.
- Your right to erasure
You can ask us to delete or remove your personal information in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we have shared your personal information with others, we will let them know about the erasure where possible. If you ask us, we will also tell you, where it is possible and lawful for us to do so, with whom we have shared your personal information with so that you can contact them directly.
- Your right to restrict (block) processing
You can ask us to restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us. If you are entitled to restriction and if we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, we will also tell you, where it is possible and lawful for us to do so, with whom we have shared your personal information so that you can contact them directly.
- Your right to data portability
You have the right, in certain circumstances, to receive a copy of personal information we’ve obtain from you in a structured, commonly used and machine readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
- Your rights in relation to automated decision-making and profiling
You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
- Your right to withdraw consent
If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
- Your right to lodge a complaint with the supervisory authority
If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal information, you can report it to the relevant supervisory authority.
If you wish to exercise any of the aforementioned rights, or receive more information, please contact our Data Protection Officer (“DPO”) at: [email protected] , or by post by sending postal mail to our head office at: Arrow Holding Oy trading as www.nexopay.es , Address: Antinkatu 3 D, 00100 Helsinki, Finland
Please note that some of these rights may be limited are not absolute, and may be subject to our own legitimate interests and regulatory requirements where we have an overriding legitimate interest or legal obligation to continue to process the personal information, or where the personal information may be exempt from disclosure due to applicable law, the applicable rules of professional conduct, client privilege, legal professional privilege, other applicable privileges or protections, or professional secrecy obligations.
Corporate transaction
We may share information in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, the transferee or acquiring company will assume the rights and obligations as described in this Privacy Policy.
Age Restrictions and Minors
We understand the importance of protecting children’s privacy, especially in an online environment. The Site is not designed for or directed at children under the age of eighteen (18) years. Under no circumstances shall we allow use of our services by minors without prior consent or authorization by a parent or legal guardian. We do not knowingly collect Personal Information from minors. If you are under the age of 18 years, please do not provide any personal information, even if prompted by the Site to do so. If you are under the age of 18 years and you believe you have provided personal information to us, please ask your parent(s) or guardian(s) to notify us and we will delete all such personal information.
- If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at [email protected] , Or in writing at Address: Antinkatu 3 D, 00100 Helsinki, Finland .
How you can access, update or delete your personal data
To easily access, view, update, delete or port your personal data (where available), or to update your subscription preferences, please sign into your Account and visit “Account Settings.”
If you make a request to delete your personal data and that personal data is necessary for the products or services you have purchased, the request will be honoured only to the extent it is no longer necessary for any Services purchased or required for our legitimate business purposes or legal or contractual record keeping requirements. If you are unable for any reason to access your Account Settings, you may also contact us by one of the methods described in the “How Contact Us” section below.
How to contact us
General
- If you have any general questions about the Site or the information we collect about you and how we use it, you can contact us at [email protected].
Alternatively, you can also contact us by either of the following means:
- By Postal Mail: FAO: The Data Protection Officer, either of our offices below;
- Registered & Head Office; Arrow Holding Oy trading as www.nexopay.es Address: Antinkatu 3 D, 00100 Helsinki, Finland .
If you are not satisfied with our response, you may direct privacy complaints to the Information Commissioner’s Office. Arrow Holding Oy trading as www.nexopay.es is the data controller for www.nexopay.es
Updates or amendments to this Privacy Policy
We reserve the right to periodically amend or revise the Privacy Policy; material changes will be effective immediately upon the display of the revised Privacy policy. The last revision will be reflected in the “Last modified” section. Your continued use of the Platform, following the notification of such amendments on our website, constitutes your acknowledgment and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.
If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy and any other places we deem appropriate, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make material changes to this Privacy Policy, we will notify you here, by email, or by means of a notice on our home page, at least thirty (30) days prior to the implementation of the changes.
Updates or amendments to this Privacy Policy
We reserve the right to periodically amend or revise the Privacy Policy; material changes will be effective immediately upon the display of the revised Privacy policy. The last revision will be reflected in the “Last modified” section. Your continued use of the Platform, following the notification of such amendments on our website, constitutes your acknowledgment and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.
How to contact us
General enquires; If you have any general questions about our websites, or the information we collect about you and how we use it, you can contact us by
Email at: [email protected] .
Alternatively, should you have any questions, concerns or wish to raise a complaint about our Privacy Policy or how we handle your personal data, you may contact either of our Offices of the Data Protection Officer by email at; [email protected]
Or by contacting us by either of the following means:
By Postal Mail: FAO: The Data Protection Officer, either of our offices below;
Registered & Head Office; Arrow Holding Oy trading as www.nexopay.es, Address: Antinkatu 3 D, 00100 Helsinki, Finland .