PRIVACY POLICY

This Privacy Policy (also "Policy") describes the practices of Nonox Development Ltd, a company incorporated with registration number HE 441519, having its registered office at Leoforos Larnakos 5, Block A, Apt. 303, Aglantzia, 2101 Nicosia, Cyprus (also “Company” or “we”), concerning the collection, utilization, and safeguarding of personal data from individuals (also “data subjects” or “you”) who visit our website, utilize our services, contact us or interact with us in any manner.

We kindly request you to become acquainted with this document before engaging with us or availing of our services. Your use of our services or interaction with us signifies that you have read, comprehended, and consented to the practices outlined in this Policy.

Should you have any queries or concerns pertaining to this Policy or our data protection practices, we invite you to contact us at support@finexperts.tech.

Our Company assumes the role of the Data Controller concerning the personal data you provide. As the Data Controller, we are accountable for defining the purposes and means of processing your personal data. We are dedicated to ensuring that all data processing activities are conducted lawfully, fairly, and transparently, in alignment with applicable data protection laws and regulations.

We undertake to implement appropriate measures to safeguard your personal data throughout its lifecycle, adhering to the principles of data minimization, accuracy, and accountability.

For any inquiries or concerns regarding your personal data or this Policy, please do not hesitate to contact us using the contact information provided above.

We collect various types of personal data for the purposes delineated in this Policy. The primary categories of personal data we process include, but are not limited to:

(a) Contact Information: e.g., your email addresses, phone numbers, and mailing addresses, other similar information enabling us to communicate with you.
(b) Identity Information: e.g., full names, identification numbers, details from official documents, other data required for verifying your identity.
(c) Legal Compliance Data: i.e., information necessary for fulfilling legal obligations, such as Anti-Money Laundering (AML) screenings, Know Your Customer (KYC) processes, Politically Exposed Persons (PEP) checks, and compliance with international sanctions.
(d) Device and Technical Data: e.g., information collected from the devices and technologies you use to access our services, such as IP addresses, browser specifications, and operating system details.
(e) Risk and Fraud Assessment Data: e.g., information related to business transactions, associations, affiliations, as well as other data that aids in risk evaluation and fraud prevention.
(f) Representation and Professional Position Data: e.g., details related to your current position, authorizations you hold, represented persons, and similar data.
(g) Communication Records: i.e., records of communications, including but not limited to phone calls, emails, and other channels, along with related metadata.
(h) Employment and Referral Data: Information from job applicants and referrals, including CVs, employment history, educational background, and professional references, as well as other data used for recruitment and staffing purposes.
(i) On-Site Security Surveillance Information: Video recordings and associated metadata from our premises to maintain security and safety.

Some data is necessary for accessing and using our services, and failure to provide this essential information may limit your ability to utilize these services. Other data is optional and can be provided at your discretion without affecting your access to our services. We will explicitly specify when the provision of data is mandatory.

Our processing of personal data is carried out for specific, legitimate purposes, each supported by corresponding legal grounds to ensure compliance with applicable laws:

(a) Service Delivery: To finalize agreements, fulfil contractual commitments, and deliver the requested services (Legal Basis: Contractual necessity).
(b) Legal and Regulatory Compliance: To adhere to applicable laws, regulatory and industry standards, including Anti-Money Laundering (AML) screenings, Know Your Customer (KYC) processes, Politically Exposed Persons (PEP) checks, and compliance with international sanctions (Legal Basis: Compliance with legal obligations and public tasks).
(c) Contractual Obligations: To honour contractual duties, execute agreed-upon actions, and prevent breaches of contract terms (Legal Basis: Contractual necessity and legal obligations).
(d) Recruitment and Employment: To conduct recruitment activities, both directly and through referral programs, and make decisions regarding employment offers and contracts with potential employees (Legal Basis: Contractual necessity, consent of the data subjects, and legitimate interests).
(e) Communication and Inquiries: To engage in communication with our users or customers, address their inquiries, and keep them informed about our services (Legal Basis: Contractual necessity, compliance with legal obligations, and legitimate interests).
(f) Marketing: To send marketing materials and updates about our services that may interest existing or potential customers (Legal Basis: Consent of the data subjects and legitimate interests).
(g) Service Improvement and Development: To improve the quality of our services and operational efficiencies, enhancing the overall experience for our users and customers (Legal Basis: Legitimate interests).
(h) Legal Dispute Management: To manage, establish, or defend against legal claims in the event of disputes involving data subjects (Legal Basis: Legitimate interests).

We collect personal data directly from you whenever you interact with us, such as when you use our services, contact us, or participate in our activities. Additionally, we may gather data from indirect sources, including third-party service providers, state authorities, and publicly available sources. All data collection is conducted in strict compliance with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR). We are committed to ensuring that your personal data is collected lawfully, fairly, and transparently, adhering to the highest standards of data protection and privacy.

We share personal data solely with trusted partners and service providers to facilitate the effective delivery of our services. These entities are selected with care and are bound by contractual obligations to protect your data and use it exclusively for purposes specified by us. Additionally, personal data may be disclosed to state authorities when required by law or regulation. We take all necessary measures to ensure that your data is handled securely and in accordance with this Privacy Policy.

We may transfer personal data to countries outside the European Union (EU) and the European Economic Area (EEA). To ensure the protection of your data, we implement appropriate safeguards. These safeguards include, for example, transferring data to countries that the European Commission has deemed to provide an adequate level of data protection through adequacy decisions. Furthermore, we utilize Standard Contractual Clauses (SCCs) approved by the European Commission to ensure that your data is afforded the necessary protection in accordance with EU and EEA standards. For further information regarding our international data transfer practices, please contact us using the provided contact information.

We retain personal data for the duration necessary to fulfil our obligations and provide exemplary service, with the retention period contingent upon regulatory requirements, the nature of the data, and its intended purposes. During your active use of our services, personal data is maintained to ensure support and service quality. To comply with legal and regulatory requirements, such as Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) regulations, as well as Know Your Customer (KYC) obligations, data is typically retained for a minimum of five years. Additional regulatory mandates, including tax laws and financial reporting obligations, may extend this period. Data collected based on consent is retained until such consent is withdrawn, after which it is securely deleted or anonymized unless retention is required for other lawful purposes. For contractual obligations, data is retained for the duration of the contract plus an additional period, usually up to seven years, to address any post-contractual issues. Data related to disputes and claims is retained until such matters are fully resolved, generally aligning with a statutory limitation period of up to ten years. We conduct periodic reviews to ensure the accuracy and necessity of the data, and when no longer needed, it is securely deleted or anonymized. Our data retention practices are designed to balance the need to retain necessary information while respecting privacy and adhering to applicable laws and regulations. For any inquiries regarding our data retention policies, please contact us.

We are firmly committed to upholding your rights as stipulated under the General Data Protection Regulation (GDPR). These rights are designed to give you greater control and transparency over your personal data. Below is an overview of these rights:

(a) Right to Access: You have the right to request access to the personal data that we hold about you. This allows you to be informed about what data we have collected and how it is being used.
(b) Right to Rectification: If you find that any of your personal data is incorrect or incomplete, you have the right to request that we correct or update this information promptly.
(c) Right to Erasure: Also known as the "right to be forgotten," this allows you to request the deletion of your personal data when it is no longer necessary for the purposes it was collected, or if you withdraw your consent for its use.
(d) Right to Restrict Processing: Under certain circumstances, you can request that we limit the processing of your personal data. This means that while we store your data, we will not process it further without your consent.
(e) Right to Data Portability: You are entitled to request a copy of your personal data in a machine-readable format. This allows you to transfer your data to another data controller easily.
(f) Right to Object: You can object to the processing of your personal data for specific reasons, such as direct marketing. If you make such an objection, we will cease processing your data for that purpose unless we can demonstrate compelling legitimate grounds for the processing.
(g) Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of any processing carried out before you withdraw your consent.

To exercise any of the rights mentioned above, please contact us using the contact information provided in this Policy. We may need to verify your identity before fulfilling your request to ensure the security and confidentiality of your personal data. Please note that there may be certain limitations or legal grounds that prevent us from fully complying with your request. These limitations are necessary to protect the rights and freedoms of all individuals and to ensure that our data processing activities remain lawful and equitable. Should such limitations apply in your particular case, we will provide you with a comprehensive explanation detailing the reasons for our inability to fulfil your request.

We do not engage in automated decision-making processes that produce legal or similarly significant effects concerning data subjects. However, we may use profiling techniques to enhance and personalize your experience with our services. Profiling involves analysing certain aspects of your personal data to predict your preferences and interests.

We prioritize the protection of your personal data and implement a range of robust security measures designed to safeguard it against unauthorized access, alteration, disclosure, or destruction. Our approach to data security includes, but is not limited to, several critical practices. Firstly, we employ stringent access controls to ensure that only authorized personnel can access sensitive information. This is complemented by the use of advanced encryption techniques to secure data both in transit and at rest. Additionally, we incorporate security best practices into our system and application design, known as secure development. To further bolster our defences, we provide ongoing data protection training to our employees, ensuring they are well-versed in the latest security protocols.

We are committed to continuously updating our security protocols to address evolving threats and leverage technological advancements, thereby ensuring the highest level of protection for your data at all times.

Moreover, while we take extensive measures to protect your data, you also play a crucial role in safeguarding your information. We recommend creating complex passwords and changing them regularly to prevent unauthorized access. Enabling Two-Factor Authentication (2FA) adds an extra layer of security to your accounts, making it more difficult for unauthorized users to gain access. Be vigilant against phishing attempts by verifying sources before providing personal information. Regularly updating your devices and software helps protect against vulnerabilities that can be exploited by malicious actors. Additionally, avoid sharing your login credentials, such as usernames, passwords, or authentication codes, with anyone else.

By following these steps, you can significantly enhance the security of your personal data. Should you require further assistance or have any questions regarding data protection, please do not hesitate to contact us. We are here to support you in ensuring that your personal data remains secure.

If you have any concerns complaints, please do not hesitate to contact us. Our team will work diligently to address them promptly and effectively. In addition to reaching out to us directly, you have the right to lodge a complaint with the supervisory authority in Cyprus, which is the Office of the Commissioner for Personal Data Protection.

We are committed to maintaining transparency and keeping you informed about how we handle your personal data. From time to time, we may make updates to this Privacy Policy to reflect changes in our practices, advancements in technology, or alterations in legal and regulatory requirements. Whenever we make changes to this Policy, we will publish the revised version on our website to ensure you always have access to the most current information regarding our data protection practices. For any significant changes that could affect your rights or the manner in which your personal data is processed, we will take additional steps to notify you directly.

If you require further information or assistance, or if you have any questions about this Privacy Policy, please do not hesitate to reach out to us via email at support@finexperts.tech.