Nordark Privacy Policy

Here's how we protect your data and respect your privacy.

Updated 2024-08-09

Introduction

This Privacy Policy constitutes the Privacy Policy of the services and interaction between Nordark and its clients. This privacy policy outlines how Nordark gathers, utilises, stores, shares, and safeguards client personal data when clients access Nordark services and websites, or when communicating with Nordark (such as via email or internal messaging functions on the website). This document is an integral part of the Terms and Conditions governing the agreement between Nordark and its clients.

Nordark is committed to collecting only necessary information and exercises discretion in sharing client personal information. Sharing is limited to essential instances only. In line with internal policies, Nordark strictly confines access to client personal information to employees who need this data to manage compliance, identity verification, fraud prevention, and customer support tasks. 

It's crucial for you to read this Privacy Policy in conjunction with any other privacy notices we might provide on specific occasions related to the collection or processing of your personal data. This ensures that you are thoroughly informed about how and why Nordark is using your data. Understanding these policies collectively will provide you with a comprehensive view of our data handling practices.

1. Definitions

1.1. Client: any individual who uses Nordark’s services, including visiting the websites, applications and engaging in any correspondence with Nordark or its affiliates.
1.2. Data controller: Nordark when it alone or jointly with others, determines the purposes and means of the processing of personal data by instruction for processing activities given to the data processor.
1.3. Data Processor: Third party service providers authorised to exercise certain processing activities under the direct authority of that process data on behalf of the data controller.  
1.4. Data subject: any individual whose personal data may be processed in accordance with this Privacy Policy.
1.5. GDPR: This stands for the General Data Protection Regulation, which is REGULATION (EU) 2016/679 of the European Parliament and of the Council, dated 27 April 2016. It pertains to the protection of natural persons in relation to the processing of personal data and the free movement of such data, and it repeals Directive 95/46/EC.
1.6. Nordark: refers to Nordfinex UAB: a company incorporated and operating under Lithuanian Law from a registered address of Mėsinių str. 5. LT-01133 Vilnius, Lithuania, under company registration code 306129193.
1.7. Privacy Policy: the Privacy Policy outlined in this document, if not explicitly  referred to as the Privacy Policy of any third party.
1.8. Personal Data: any information about an identified or identifiable data subject. A person is considered identifiable if they can be directly or indirectly recognized, particularly through identifiers such as a name, an identification number, location data, an online identifier, or factors unique to their physical, physiological, genetic, mental, economic, cultural, or social identity. Nordark does not regard information that has been anonymized as personal data.
1.9. Services: any services offered by a company within the companies of Nordark. 
1.10. Third Party: any natural or legal person, public authority, agency, or body other than the data subject, data controller, data processor, and individuals who are authorised to process personal data under the direct authority of the controller or processor.
1.11. Website: nordark.com

2. Personal Data Collection by Nordark

2.1. General
2.1.1. To provide services to the Client, Nordark gathers various types of Personal Data from the Client.
2.1.2. Personal Data collection and utilisation occur during registration, identity verification, and the.
2.2. Processing of Registration Data
2.2.1. As part of the registration process, Nordark collects essential information about the Client. This information may include the Client's name, surname, and email address. Providing this Personal Data is compulsory for registration. Inability or refusal to supply this data, or any request to delete or object to the processing of such data, will result in the inability to complete the Client’s registration with Nordark.
2.2.2. If the Client has not completed their registration and has not removed all Personal Data entered in the registration form, Nordark will interpret this as the Client’s intention for Nordark to take preliminary steps before formalising a contract. In such cases, Nordark may reach out to the Client to assist with completing the registration for Services.
2.2.3. To finalise registration, the Client is required to confirm their email address and/or phone number after receiving a verification message. This step is essential to ensure the accuracy and ownership of the contact information provided.
2.2.4. Upon submitting initial Personal Data for registration, the Client may proceed with their application for Services. To fulfil legal and regulatory obligations, Nordark requires additional information. During this application phase, the Client should provide further Personal Data, which may include but is not limited to: phone number, date of birth, nationality, personal ID number, residential address, information on whether the individual is a politically exposed person or a resident of the USA, a copy of an identification document (ID or Passport), a recent photograph, and other necessary information to verify the Client’s eligibility for using the Services. Providing this additional Personal Data is essential for accessing and using the Services. Inability or refusal to supply this required data will result in the application for Services being declined.
2.2.5. There may be instances where Nordark is obliged to gather additional information to accurately identify the Client or to comply with legal and regulatory requirements. In such cases, the Client will be notified and requested to provide the necessary additional information.
2.2.6. The Personal Data collected by Nordark during the registration phase is utilized for the following purposes:
2.2.6.1. To facilitate the creation and management of your Nordark Account;
2.2.6.2. To verify the identity of the Client as part of our due diligence and regulatory compliance processes;
2.2.6.3. To enable access to and provision of the various services offered by Nordark;
2.2.6.4. To ensure adherence to legal and regulatory requirements applicable to our operations;
2.2.6.5. To communicate with the Client regarding account management, service updates, and other relevant information;
2.2.6.6. To enhance the security of the Client’s account and the overall platform, including fraud prevention and risk management.
2.2.7. Legal basis for Data Processing:
2.2.7.1. Nordark processes the Client's registration data based on the Client's consent, which is given when they voluntarily submit and fill in personal data details on the Nordark registration form. This includes data that is not mandatory for registration purposes;
2.2.7.2. The processing of registration data is also necessary for the conclusion and performance of contractual obligations between Nordark and the Client; as well as for compliance with legal and regulatory obligations applicable to Nordark. The Client has the right to modify, update, or request the deletion of their contact details by contacting Nordark directly. The Client acknowledges that deletion of contact details and other registration data is subject to Nordark's legal obligations to retain such data under applicable laws.
2.3. Processing of Client Verification Data
2.3.1. In order to access and utilise Nordark's services, it is mandatory for the Client to undergo identity verification. Nordark initiates this verification using the Personal Data provided by the Client during the registration process. However, simply providing this data is not sufficient for confirmation of identity. For additional verification purposes Nordark also utilises verification services managed and provided by Nordark’s external service providers, ensuring a thorough and reliable process of identity confirmation.
2.3.2. During the verification process, Clients are required to upload an identification document (ID) and participate in facial verification. To facilitate these procedures, Nordark relies on confirmations from its service providers that the Client’s identity has been successfully verified. The Client acknowledges that Nordark is obligated to collect and retain all data obtained during the Client's identification and verification process in compliance with applicable legal and regulatory requirements. This includes copies of ID documents, data from facial recognition procedures, and any other relevant information. Such data will be securely stored by Nordark in accordance with this Privacy Policy and all relevant legal and regulatory mandates.
2.3.3. Nordark may occasionally require the Client to submit additional information to facilitate reasonable identification and verification of the Client's identity. Nordark reserves the right to contact the Client for the purpose of requesting more information or confirming that the information already provided is correct, accurate, current, and valid.
2.3.4. Nordark retains the right to request the Client's participation in a video call for verification purposes. Such video calls are conducted at the sole discretion of Nordark when deemed necessary as an enhanced measure and are limited to a maximum duration of five minutes. The quality of the sound and image during these calls must be sufficiently clear to allow for the easy identification and understanding of the Client. During the video call, the Client is required to present their identification document (such as a passport or national ID card) and any other documents previously submitted to Nordark. Additionally, the Client may be asked to show other documents requested by Nordark for the purpose of verifying their identity. Nordark may also require the Client to provide any other information necessary for Nordark to fulfil its legal and regulatory obligations.
2.3.5. Nordark processes the aforementioned Personal Data, which is used for the Client's verification, to adhere to its legal and regulatory obligations. This process is also critical to ensure that Clients are not attempting to create multiple Accounts or engage in fraudulent activities. Should a Client refuse to complete the identity verification process, their application to use Nordark's Services will be terminated.
2.3.6. The processing of the Client's ID document and facial verification data, which involves uploading to a third-party database as previously outlined, falls under the privacy policy of the respective third-party service provider. The Client will be provided with a notification about the respective third party before the verification process is initiated. It is advised that the privacy policy of the respective third party is being reviewed by the Client before participating in the process.
2.4. Data processed during website usage
2.4.1. Nordark enables Clients to access its Services through the Website to ensure a quality user experience.During Client’s website usage, Nordark collects and processes the following data:
2.4.1.1. Client login history: This is recorded primarily for security purposes, to monitor account access and ensure the safety of Client accounts;
2.4.1.2. Client website interaction history: Nordark tracks and analyses the history and various activities of the Client on the Website. The purposes of this data collection include:i. Facilitating the functionality of the Website, as well as planning for future updates and improvements.ii. Ensuring compliance with legal and regulatory requirements that Nordark is subject to.
2.5. Data processed during the service usage
2.5.1. As Clients engage with Nordark's Services, Nordark collects specific information related to their transactions including:
2.5.1.1. Transaction history, including the date of the transaction, information about the payer and payee and the transaction amount. The purpose of processing this information is to ensure operational functionality and enhancement and legal and regulatory compliance.
2.5.1.2. Internal communication records, including claims and complaints from the Client, are processed to guarantee the proper and timely fulfilment of service-related obligations. It's important for the Client to acknowledge that personal information shared in these internal messages should be limited to what is essential for the provision of Services or as requested by Nordark.
2.5.1.3. Information regarding the Client’s interactions with the Services, such as clicks and visited sections. This data is gathered in order to provide an enhanced functionality and user experience of Nordarks website and applications. 
2.5.1.4. In instances where Clients include messages with their payment details, the content of these messages is retained by Nordark. 
2.5.1.5. Nordark securely saves and stores photos and/or documents provided by the Client during the usage of Nordark’s services. These photos and/or documents are retained for the duration of the Client's use of the Services and for a specified period after the termination of service provision. The retention period is determined in accordance with the legal and regulatory requirements applicable to Nordark.
2.5.1.6. Nordark uses cookies. Detailed information about the cookies used by Nordark can be found in the Nordark Cookie Policy, which is accessible on the Website.
2.5.2. Nordark processes the Personal Data collected from the Client on the following legal grounds:
2.5.2.1. for the purpose of fulfilment of contractual agreements and obligations established between Nordark and the Client; 
2.5.2.2. in order to pursue legitimate interests of Nordark as the controller and manager of the website and application; and
2.5.2.3. for compliance purposes: in order to comply with legal and regulatory requirements that apply to Nordark.
2.5.3. Privacy policy regarding Personal Data of Third Parties: When a Client provides Nordark with personal data belonging to other individuals, the Client affirms that they have acquired the necessary consents from these individuals for the disclosure of their Personal Data for collection and use by Nordark. In providing such Personal Data, the Client assumes full responsibility toward these individuals in case proper consents have not been secured. Furthermore, the Client agrees to indemnify Nordark against any liabilities or repercussions arising from the unlawful provision and/or disclosure of such Personal Data by the Client.

3. Other grounds for the collection and usage of personal data:

3.1. Website development: Nordark utilises Personal Data in the research and development of its Websites and Services. This procedure is performed in order to offer the Client and others a superior, more intuitive, and personalised experience, which contributes to the growth of our user base.
3.2. Client Support: Nordark employs Personal Data to maintain communication with its Clients. This includes providing customer service, notifying Clients about news and updates, and sharing security alerts and relevant information.
3.3. Security and Investigations: Nordark uses Personal Data for the purposes of security, fraud prevention, and investigative actions. This includes utilising the Client’s Personal Data (encompassing communications) when deemed necessary for ensuring security or investigating potential fraud or other violations in relation to the Services, the Client’s contractual obligations, this Privacy Policy, or to comply with legal and regulatory requirements applicable to Nordark.
3.4. Provision of information on similar products and services
3.4.1. Nordark uses Personal Data to inform Clients about other goods and services it offers, or may offer in the future, which are similar to those currently used by the Client. This is aimed at providing Clients with options that align with their existing service preferences.
3.5. Information from Third Parties
3.5.1. Nordark combines the Personal Data provided by the Client with information gathered from other sources about the Client. This combined data helps Nordark better understand the Client’s needs and behaviour, enabling more informed decisions regarding the provision of Services to the Client.

4. External sources of Client Data

4.1. In addition to the Personal Data collected and received directly from the Client, Nordark collects and receives Client’s Personal Data from external sources, including:
4.1.1. Business partners, subcontractors in technical and service fields, advertising networks, analytics providers, search information providers, credit reference agencies, fraud prevention agencies, customer service providers, and developers. The types of information Nordark may collect from such entities may include credit search information, identity verification data, transactional details or other relevant information concerning the Client;
4.1.2. Other legal public sources including public registers, internet search engines, and public platforms such as social media. 
4.2. Data concerning Business Client Affiliates: If an individual is a beneficial owner, shareholder, representative, or an employee of a business client of Nordark, their Personal Data is collected to fulfil the legal and regulatory obligations applicable to Nordark. In these instances, the Personal Data is usually provided by representatives of the business client. The processing of Personal Data received under this clause aligns with this Privacy Policy, and the individuals concerned have the same rights as other Data subjects as outlined in this Privacy Policy and applicable laws.

5. Sharing of Personal Data

5.1. Collaborations with Third Parties: In order to provide the Client with Nordark’s services and for the adherence to legal and regulatory requirements, Nordark engages with third-party service providers (Data processors). These Data Processors access and use Personal Data as part of their contractual agreement with Nordark. Nordark may share information collected about the Client with these Data Processors, including but not limited to the following: 
5.1.1. Third parties utilised for the secure and safe storage of Clients’ Personal Data;
5.1.2. Fraud Prevention Services, in order to prevent fraudulent activities, Nordark may share Client information with third-party identity verification services. This helps ensure the authenticity of Client identities by cross-referencing submitted details with public records and third-party databases;
5.1.3. Auditors, Accountants, and Lawyers, for conducting financial, technical, and legal audits of Nordark's operations or to receive specialised services, some Client information may be shared as part of these audits or services;
5.1.4. Analytics Service Providers, to enhance the functionality of Nordark’s services, anonymized data may be shared with service providers that assist in analysing how the services are utilised;
5.1.5. Affiliated Entities of Nordark may be provided with information if deemed necessary for the provision of optimal products and customer support to the Client.
5.2. Nordark may also share the Client’s Personal Data with the following third parties:
5.2.1. Payment Service Providers: Nordark will share the Client’s payment account information with payment service providers to facilitate transaction processing;
5.2.2. Regulatory and Law Enforcement Entities: Nordark may be required to share Client information with supervisory authorities, law enforcement agencies, or government officials. Such sharing occurs when legally mandated or upon formal request, or when Nordark believes in good faith that it is necessary to prevent physical harm or financial loss, or to report suspected illegal activity;
5.2.3. Corporate Mergers or Acquisitions: In the event of a merger or acquisition involving any company within the Nordark group, the acquiring entity will gain access to Client information. Nordark will ensure that such an entity adheres to this Privacy Policy and GDPR regulations. Clients will be notified of any such changes;
5.2.4. Authorised Third-Parties: Nordark may share the Client’s Personal Data with other third parties, but only when the Client has explicitly authorised Nordark to do so.

6. Sharing with other Nordark Clients

6.1. Nordark may share a Client's Personal Data with other Nordark clients as part of providing its Services. For example, this might occur when executing payments to other Nordark clients. Additionally, as Nordark develops and introduces new features and services that might require sharing the Client's Personal Data, all clients will be notified prior to the activation of such services.

7. Personal Data processed inside and outside the EEA

7.1. The Personal Data that Nordark collects from its Clients will be transferred to, and stored at, locations within the European Economic Area (EEA).
7.2. In order for Nordark to fulfil the contractual obligations towards the Client, it may be necessary to process the Client’s Personal Data outside of the EEA. For instance, processing of data outside the EEA may occur to execute international payments, process payment details, offer global anti-money laundering and counter-terrorist financing solutions, and provide ongoing support services. Nordark commits to taking all necessary steps to ensure that Clients' data is securely handled and treated in compliance with this Privacy Policy, regardless of the location of processing.
7.3. Conditions for Data transfer outside the EEA: Nordark will only transfer the Client’s Personal Data if the following conditions are met:
7.3.1. To ensure that the processing of data is consistent with Nordark’s service standards, the Personal Data is transfered only to trusted partners integral to the provision of Services;
7.3.2. The agreement that governs the relationship between Nordark and the respective service provider includes obligations for the service provider to adhere to legal security requirements;
7.3.3. The transfer of Personal Data to countries outside the EEA is contingent upon the European Commission’s decision regarding the adequacy of data protection levels in the recipient country. Nordark only transfers data to countries where the European Commission has determined that an appropriate level of data security is ensured.

8. Protection of Client’s Personal Data

8.1. Clients of Nordark have the following rights concerning the protection of their personal data:
8.1.1. Access: Clients have the right to request access to their Personal Data processed by Nordark. This right allows Clients to receive a copy of the Personal Data Nordark holds about them;
8.1.2. Rectification: Clients have the right to have any incorrect or inaccurate Personal Data corrected. This includes the ability to update or change information such as personal contact details through their account settings. However, certain details like name, surname, and financial information can only be modified through Nordark’s client support;
8.1.2. Data transfer: the Client has the right to request that Nordark provide them with their Personal Data in a structured, commonly used, machine-readable format. Clients can then transfer this data to another data controller as needed. It’s important to note that this right applies solely to automated information which the Client initially consented to provide to Nordark for use, or information that Nordark used to provide its Services to the Client;
8.1.3.Data deletion and retention: Clients have the right to request that Nordark delete or remove their Personal Data in situations where there is no valid reason for its continued processing, or if the Client has validly exercised their right to object to processing. It is important that the Client acknowledge and understand that Nordark is required to retain certain information provided by the Client for a specified number of years according to the laws on Prevention of Money Laundering and Terrorist Financing in the EEA and the UK, as well as other applicable laws. Therefore, Nordark may in some cases not be able to fully comply with a request for erasure due to these legal obligations. The Client will be informed at the time of their request if such circumstances apply;
8.1.4. Suspension of Data Processing: The Client have the right to request that Nordark temporarily suspend the processing of their Personal Data. It is important to note that such requests might impact Nordark's ability to perform contractual obligations or enter into agreements with the Client. In such instances, Nordark will inform the Client about the potential consequences of their request;
8.1.5. Objection of processing carried out on the basis of legitimate interests: The Client has the right to object to the processing of their Personal Data when such processing is based on legitimate interests pursued by Nordark or a third party, and the particular processing affects the Client's fundamental rights and freedoms. This right also includes the right to object when Nordark processes Personal Data for direct marketing purposes. The Client however acknowledges that Nordark is required to process certain Personal Data for compliance with laws pertaining to the prevention of money laundering and terrorist financing, as well as other applicable regulations. In such cases, Nordark may demonstrate compelling legitimate grounds for processing that override the Client’s rights. Legal requirements governing the aforementioned purposes take precedence over any objection rights under data protection laws. Consequently, objecting to the processing of certain Personal Data may result in Nordark being unable to provide its Services to the Client.
8.1.6. The rights pertaining to this Privacy Policy can be exercised by the Client by contacting Nordark on support@nordark.com. In order for the Client to exercise its rights a verification process may be carried out if deemed necessary.

9. Personal Data retention and record keeping 

9.1. Nordark retains information for the purpose of record keeping on the following grounds:
9.1.1. As per the Netherlands Act (Uitvoeringswet Algemene verordening gegevensbescherming – UAVG), Nordark retains all customer information necessary to meet our regulatory, compliance, and legal responsibilities. This includes the mandated minimum retention period of five years.
9.1.2. Nordark may retain information beyond the initial five-year period for Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) purposes or upon the request of relevant authorities.
9.1.3. In cases where it is assessed as necessary for the prevention, detection, or investigation of Money Laundering or Terrorist Financing, Nordark may extend the retention period beyond the standard requirements.
9.1.4. In alignment with our internal policies and to ensure thorough Due Diligence, Nordark maintains records such as transaction records, reports to the compliance officer, Management Information Packs, Due Diligence records, Suspicious Activity Reports, Business Wide Risk Assessments, and Employee Training Records for a minimum of seven years post-customer offboarding.
9.1.5. All records are securely stored on a server, with Nordark ensuring their completeness and accuracy. Nordark adheres strictly to statutory confidentiality and data protection requirements in the preservation of personal information, data, and documentation.

10. Personal data protection

10.1. Nordark has implemented security measures to safeguard the Client's Personal Data against risks such as loss, misuse, unauthorised access, disclosure, and alteration. These protective measures include a combination of physical, technical, and administrative strategies. To enhance the security when storing and treating the Client's Personal Data and to ensure it is performed in accordance with this Privacy Policy, Nordark may also store certain Personal Data with third-party partners and service providers. Nordark's security measures, encompassing both physical and electronic safeguards, are designed to be in full compliance with relevant laws and regulations.

11. Inquiries regarding the Privacy Policy 

11.1. For inquiries and complaints relating to this Privacy Policy and the processing/treatment of Personal Data the Client needs to contact Nordark on support@nordark.com.

Nordfinex UAB is a limited company registered in Lithuania under the code 306 129 193 as an operator of deposit virtual currency wallet and a virtual currency exchange operator.

Payment services offered in the Nordark platform are provided by third parties, licensed to operate in all jurisdictions in which Nordark operates.