Website Privacy Notice

Updated on:
March 7, 2024
Home
>
Current page

1. Introduction

This Privacy Notice (“Notice”) explains how Nomo Fintech collects and uses personal data about you when you use our website, and when you contact us to provide feedback or raise complaints about our website. It applies to any personal data that you provide to us and any personal data that we collect automatically through your use of our website.

This Notice explains, amongst other things:

  • Who we are
  • How to contact us
  • The personal data we collect about you
  • The lawful bases and conditions we rely on to process your personal data
  • How we use your personal data
  • Who we share your personal data with
  • How long we retain your personal data
  • How we protect your personal data
  • Your data protection rights
  • How to make a complaint

2. Who we are

Nomo Fintech is a technology business that provides its clients with solutions to power their online digital banking services and is part of the Boubyan Banking Group. Nomo Fintech is a trading name of BB2 Digital Technology Services Limited and BB2 Digital Technology Services ME Limited.

In this Notice Nomo Fintech may be referred to as we, us,our or Nomo Fintech.

3. How to contact us

You can contact us using our website contact form or you can write to us at the relevant address below:

Nomo Fintech,
20 ChurchillPlace,
Canary Wharf,
London,
E14 5HJ 

If you have any questions about the contents of this Notice or the way we collect and use your personal data, please contact our Data Protection Officer by email: dpo@bb2.tech

4. Personal data we collect about you

  • 4.1. We may collect and process the following categories of personal data about you:
  • 4.1.1. Contact details: Incudes name, postal address, email address, telephone number and any additional contact information.
  • 4.1.2. Correspondence details: Includes details of your correspondence with us, e.g. where you contact us to provide feedback or raise a complaint about our website. 
  • 4.1.3. Online identifiers: Includes IP address, MAC address, device ID, location data, and any other online identifiers collected during your use of our website.
  • 4.1.4. Analytics information: Includes your browser type and version, browser language, date and time of visit and details of how you engage with our website, e.g. number of visits, specific pages browsed and any links you have clicked on.

5. Lawful bases for processing

  • 5.1. We are required to satisfy one or more of the lawful bases for processing personal data set out in the applicable data protection laws, before collecting and processing personal data about you. When we collect and process personal data, we rely on one or more of the following lawful bases:
  • 5.1.a. Legal obligations: Where necessary, we collect and process personal data to enable us to meet our legal obligations.
  • 5.1.b. Legitimate interests: Where necessary, we collect and process personal data to pursue our legitimate interests or the interests of a third party, except where your interests or fundamental rights and freedoms override our interests.

6. How we use your personal data

  • 6.1. This section describes in more detail how we use your personal data and which of the lawful bases (described above in section 5) we rely on to carry out the processing. Where necessary, we use your personal data to:
  • 6.1.1. Manage and operate our website
    We carry out this processing to pursue our legitimate interests, i.e. we have a legitimate interest in managing our website, maintaining the security of the website, and in analysing user engagement with our website content, to ensure we are providing appropriate content and the best user experience.
  • 6.1.2. Respond to your enquiries and complaints
    We will communicate with you in the event that you contact us to provide feedback or raise a complaint about our website. We carry out this processing to pursue our legitimate interests, i.e. we have a legitimate interest in corresponding with our website users to address their enquiries and ensure they receive the best experience.
  • 6.1.3. Conduct audits and operate our business
    We conduct audits to determine whether our website is being provided in accordance with our internal policies and procedures and our legal obligations. We carry out this processing to pursue our legitimate interests, i.e.we have a legitimate interest in setting appropriate policies and procedures for our business aligned to corporate governance best practice and our legal obligations, and monitoring compliance across our workforce to ensure adherence and a sound system of internal controls.
  • 6.1.4. Comply with our legal obligations
    We comply with our legal obligations and monitor compliance with the same.
  • 6.1.5. Exercise or defend legal claims
    We investigate, exercise and defend legal claims and disputes and enforce our rights, including where these relate to the provision of our website.
  • 6.1.6. Conduct corporate transactions and due diligence
    We conduct due diligence in relation to corporate transactions(e.g. sales, mergers and acquisitions) involving our organisation and, where appropriate, may enter into agreements to sell our organisation, in whole or in part, or acquire other organisations. We carry out this processing to pursue our legitimate interests and comply with our legal obligations.

7.  Who we share your personal data with

  • 7.1. We share your personal data with the following categories of recipients:
  • 7.1.1. Our employees: On a strict need-to-know basis, where necessary to operate our business.
  • 7.1.2. Other Boubyan Banking Group companies: Where necessary to operate our business.
  • 7.1.3. Public authorities, regulators and government agencies: Where necessary for us to comply with our legal and regulatory obligations.
  • 7.1.4. Legal advisors, insurers and claims investigators: Where necessary to obtain legal advice or investigate, exercise or defend legal claims, insurance claims or other similar claims.
  • 7.1.5. Professional advisors, accountants and auditors: Where necessary to operate our business.
  • 7.1.6. Third party partners and service providers: Where we engage third party partners or outsource our processing operations to service providers that process personal data on our behalf. Where these service providers act as our agents, the processing activities will remain under our control and will be carried out in accordance with our strict instructions and security standards.
  • 7.1.7. Law enforcement agencies: Where necessary for the prevention and detection of crime or the apprehension or prosecution of offenders.
  • 7.1.8. Successors of our business: Where our organisation is sold to, acquired by or merged with another organisation, in whole or in part.

8.  International data transfers

We are established in the United Kingdom (“UK”) and the Dubai International Financial Centre (“DIFC”). However, we operate on a global worldwide basis and we may therefore transfer your personal data to countries or territories outside the UK orDIFC. Some of these countries or territories may not be considered by data protection regulators to provide an adequate level of protection. We have therefore implemented additional safeguards to ensure your personal data receives an adequate level of protection, such as regulatory approved standard contractual clauses, and where necessary and appropriate, other risk-based safeguards. If you require further information concerning our international data transfers or the safeguards we have in place to protect your personal data, please contact our Data Protection Officer by email: dpo@bb2.tech

9.  How long we retain your personal data

We generally retain your personal data for as long as is necessary to fulfil the purpose for which it was collected and other purposes required by law. The retention period will usually include the statute of limitation period, although it’s important to note that some personal data may be retained for longer to comply with applicable legislation. When personal data is no longer required it will either be anonymised so that it no longer relates to you, or securely destroyed. If you require further information concerning the predefined retention periods that apply to your personal data, please contact us.

10.  Automated decision making

We do not use your personal data to make significant automated decisions about you without human involvement. We will notify you if we make changes to the way we collect and process your personal data in this respect. 

11.  How we protect your personal data

We are committed to protecting the personal data entrusted to us and we have therefore implemented appropriate technical and organisational measures to ensure that your personal data is afforded an adequate level of security protection, including where practicable, access controls, encryption, pseudonymisation and anonymisation measures.

12.  Job candidates

When you apply for a job with us, we will collect and process your personal data in accordance with our Candidate Privacy Notice.

13. Your data protection rights

  • 13.1. You have the following rights in relation to the processing of your personal data:
  • 13.1.1. Right of access: You have the right to request a copy of the personal data we hold about you.
  • 13.1.2. Right to rectification: You have the right to request the rectification of any in accurate or incomplete personal data we hold about you.
  • 13.1.3. Right to erasure: You have the right to request the erasure of your personal data if there is no compelling reason for us to continue holding it.
  • 13.1.4. Right to restrict processing: You have the right to request that we temporarily restrict the processing of your personal data in certain circumstances.
  • 13.1.5. Right to data portability: You have the right to ask us to provide your personal data to another organisation in a commonly used machine readable format, where you originally provided the information and the processing is based on your consent or the performance of a contract.
  • 13.1.6. Right to object: You have the right to object to the processing of your personal data.
  • 13.1.7. Right to withdraw consent: Where we rely on your consent to process your personal data, you have the right change your mind and withdraw your consent at any stage.
  • 13.1.8. Rights in relation to automated decision-making and profiling: You have the right to object to automated decisions we make about you using your personal data, which have been taken solely by automated means without human involvement.
  • 13.2. It is important to note that some of the data protection rights outlined above may only be exercised in certain circumstance and may be subject to legal exemptions. If we are unable to fulfil a request from you to exercise your rights, we will write to inform you of the reason for refusal.
  • 13.3. If you wish to exercise your data protection rights or require further information concerning these rights, please contact our Data ProtectionOfficer by email: dpo@bb2.tech

14. How to make a complaint

  • 14.1. If you wish to make a complaint about the way we collect and use your personal data, you can contact our Data Protection Officer by email: dpo@bb2.tech
  • 14.2. You also have the right to complain to the relevant data protection regulator at any stage:

UK Regulator

Information Commissioner’s Office
Wycliffe House,
Water Lane,
Wilmslow,
SK95AF

Tel: 0303 123 1113

Website: ico.org.uk

DIFC Regulator

Commissioner of Data Protection
Dubai International Financial Centre Authority,
Level 14, The Gate Building,
P.O. Box: 74777,
Dubai,UAE

Tel:+97143622222

email: commissioner@dp.difc.ae

15. Changes to this notice  

We reserve the right to update this Notice from time-to-time to ensure it accurately reflects the way we collect and process your personal data. You should periodically review this Notice to ensure you understand how we collect and use your personal data.

Nomo fintech company logo

Nomo by Bank of London and The Middle East plc (“BLME”) is a trading name of BLME. BLME is registered in England and Wales (no. 05897786), authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. BLME’s Financial Services Register number is 464292 and registered office is at Cannon Place, 78 Cannon Street, London, United Kingdom, EC4N 6HL.

Copyright © 2024 Nomo Fintech
PAges
Home
Legal
Website Privacy Notice
Terms & Conditions
Candidate Privacy Notice
BLME company logoBoubyan company logo