Here you can find our Privacy Policy

Introduction statement.

I: As a business headquartered in Europe, we are subject to certain regulations (among which, the European General Data Protection Regulation) that require us to comply with a number of obligations regarding your data.

II. Nexa Cards is strongly committed to protecting personal data. In this document, you can learn everything about how we use your data: that we collect it from you and your actions, that we process only what we need in order to perform what you have asked or consented to (or what the law requires us to…), that we protect with appropriate technology.

III. We may also disclose personal information under the following circumstances:

. . . (1) with professional advisers, for example, law firms, as necessary to establish, exercise or defend our legal rights and obtain advice in connection with the running of our business - personal data may be shared with these advisers as necessary in connection with the services they have been engaged to provide;

. . . (2) when explicitly requested by you;

. . . (3) when required to deliver publications or reference materials requested by you;

. . . (4) when required to facilitate conferences or events hosted by a third party;

. . . (5) to law enforcement, regulatory and other government agencies and to professional bodies, as required by and/or in accordance with applicable law or regulation.

IV. Nexa Cards may also review and use your personal information to determine whether disclosure is required or permitted.

V. Your local law may require us to set out in this privacy statement the legal grounds on which we rely in order to process your personal information. In such cases, we rely on one or more of the following processing conditions:

. . . (1) our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses and the legitimate interests of our clients in receiving services from us as part of running their organisation (provided these do not interfere with your rights);

. . . (2) our legitimate interests in developing and improving our businesses, services and offerings and in developing new Nexa Cards technologies and offerings (provided these do not interfere with your rights);

. . . (3) to satisfy any requirement of law, regulation or professional body of which we are a member (for example, for some of our services, we have a legal obligation to provide the service in a certain statutory way);

. . . (4) to perform our obligations under a contractual arrangement with you; or

. . . (5) where no other processing condition is available, if you have agreed to us processing your personal information for the relevant purpose.

VI. The right to privacy is a basic human right. We will fight for yours.

VII. We may update this privacy statement at any time by publishing an updated version here. So you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to review this privacy statement periodically to be informed about how we are protecting your information.

How do we protect your personal data

4.1. We are committed to protecting the privacy and confidentiality of your personal data. Access to your data is limited only to authorised Nexa Cards officers, employees, contractors or others who may require access to it in order to perform the services requested by you.

4.2. We have security measures in place to protect our and our clients' information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake. We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures. As part of those procedures we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from a particular client (eg. sanctions).

4.3. More specifically, we have implemented the following security measures:

. . . (1) Staff dedicated to cyber and physical security, that designs, implements and provides oversight to our information security program;

. . . (2) The use of specialised technology such as host-based security tools, network defence monitors, and intrusion detection systems;

. . . (3) Testing of the security and operability of products and services before they are introduced to the Internet, as well as ongoing scanning for publicly known vulnerabilities in the technology;

. . . (4) Internal and external reviews of our Internet website and services;

. . . (5) Monitoring of our systems infrastructure to detect weaknesses and potential intrusions;

. . . (6) Implementing controls to identify, authenticate and authorise access to various systems or sites;

. . . (7) Protecting information during transmission through various means including, where appropriate, encryption; and

. . . (8) Providing Nexa Cards personnel with relevant training and continually updating our security practices in light of new risks and developments in technology.

How can you exercise your data subjects rights

5.1. You may have certain rights under GDPR law in relation to the personal information we hold about you. In particular, you have a legal right to:

. . . (1) obtain confirmation as to whether we process personal data about you, receive a copy of your personal data and obtain certain other information about how and why we process your personal data

. . . (2) the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your address) and to have incomplete personal data completed.

5.2. Rights of the individual:

A. The right to delete your personal data in the following cases:

. . . (1) the personal data is no longer necessary in relation to the purposes for which they were collected and processed;

. . . (2) our legal ground for processing is consent, you withdraw consent and we have no other lawful basis for the processing;

. . . (3) our legal ground for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to the processing and we do not have overriding legitimate grounds;

. . . (4) you object to processing for direct marketing purposes;

. . . (5) your personal data has been unlawfully processed; or

. . . (6) your personal data must be erased to comply with a legal obligation to which we are subject.

B. The right to restrict personal data processing in the following cases:

. . . (1) for a period enabling us to verify the accuracy of personal data where you contested the accuracy of the personal data;

. . . (2) your personal data have been unlawfully processed and you request restriction of processing instead of deletion;

. . . (3) your personal data are no longer necessary in relation to the purposes for which they were collected and processed but the personal data is required by you to establish, exercise or defend legal claims; or

. . . (4) for a period enabling us to verify whether the legitimate grounds relied on by us override your interests where you have objected to processing based on it being necessary for the pursuit of a legitimate interest identified by us.

C: The right to object to the processing of your personal data in the following cases:

. . . (1) our legal ground for processing is that the processing is necessary for a legitimate interest pursued by us or a third party; or

. . . (2) our processing is for direct marketing purposes.

D: The right to data portability.

The right to receive your personal data provided by you to us and the right to send the data to another organisation (or ask us to do so if technically feasible) where our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you and the processing is carried out by automated means.

E: The right to withdraw consent.

Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis).

If you consider that the processing of your personal data infringes the law, you may have the right to lodge a complaint with the data protection regulatory authority responsible for enforcement of data protection law in the country where you normally reside or work, or in the place where the alleged infringement occurred.

Point 7 Minors

We understand the importance of protecting children's privacy, especially in an online environment. The Websites covered by this Privacy statement are not intentionally designed for or directed at children, and our Terms and conditions and Terms of use require all users to be above the age of majority in their local country. We adhere to laws regarding marketing to children. We never knowingly collect or maintain personal information about individuals under the age of 18.

Point 9 Miscellaneous

9.1. Complying with any requirement of law, regulations or a professional body of which we are a member.

As with any provider of such type of services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

9.2. Improving and developing our services.

Where agreed with our clients, we may use information that we receive in the course of providing services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, to improve our business, service delivery and offerings and to develop new Nexa Cards technologies and offerings. To the extent that the information we receive in the course of providing professional services contains personal data, we will de-identify the data prior to using the information for these purposes.

9.3. Websites.

This section describes how Nexa Cards handles personal information collected through the Websites on www.nexacards.com and any other Nexa Cards Websites that link to this privacy statement (collectively, "the Websites").

By using the Websites and providing personal information to us, you acknowledge you have read this privacy statement, and, to the extent your consent is necessary and valid under applicable law, you consent to the collection, use and disclosure of such personal information by the Nexa Cards and any third party recipients in accordance with this privacy statement.

Some sites of the Websites may have (might have in future) privacy statements that differ from this one and/or contain additional information as required under local law. Please refer to the privacy statements on the sites you visit in order to understand how they collect and process your data. By accessing any sites available within the Websites or content within them, you (a) acknowledge you will review those Privacy statements and (b) to the extent required under applicable law, consent to the collection, processing and use of your personal data as described in those Privacy statements.

Point 10 Cookies Policy.

This policy relates to the website www.nexacards.com, owned by Nexa Cards Solutions Ltd, and explains how it deploys cookies and what options do you have to control them (the "Cookie Policy").

10.1. What are "cookies"?

Cookies are very small pieces of data, stored in text files on your computer or other device when websites are loaded in a browser. They are used mainly to "remember" you and your preferences. In many sites, they ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies can be set by the site that you are visiting (known as "first party cookies"), or by third parties, such as those who serve content or provide advertising or analytics services on the website ("third party cookies"). Websites may also contain other similar technologies such as "web beacons" or "pixels." These are typically small transparent images that provide us with statistics, for similar purposes as cookies. They are often used in conjunction with cookies, though they are not stored on your computer in the same way. As a result, if you disable cookies, web beacons may still load, but their functionality will be restricted. For the purposes of this policy, we will use "cookies" as also including "web beacons" or "pixels".

Point 11 GDPR Complaint Policy

11.1. Under the General Data Protection Regulation (GDPR), which is a comprehensive data protection law in the European Union (EU), organizations are required to have a clear and transparent complaint policy related to privacy data. This policy ensures that individuals have avenues to raise concerns or complaints regarding the handling of their personal data by organizations.

11.2. Complaint Submission Process.

11.2.1. Nexa Cards's Complaint Channel - complaints related to GDPR compliance may be submitted to Nexa Cards using [email protected].

11.4. Polish data protection authority - The President of the Office for Personal Data Protection. Office of the President for Personal Data Protection [Urzad Ochrony Danych Osobowych]. Stawki 2 Str. 00-193 Warsaw. Poland.

Point 12. Legal Disclaimer

The information contained in this site is for general guidance on matters of interest only. The application and impact of laws can vary widely based on the specific facts involved. Given the changing nature of laws, rules and regulations, and the inherent hazards of electronic communication, there may be delays, omissions or inaccuracies in information contained in Websites. While we have made every attempt to ensure that the information contained in this site has been obtained from reliable sources, Nexa Cards is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information in this site is provided "as is", with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose. In no event will Nexa Cards, its related member entities, or the partners, agents or employees thereof be liable to you or anyone else for any decision made or action taken in reliance on the information in this Site or for any consequential, special or similar damages, even if advised of the possibility of such damages.

[01/01/2024] – Policy created, accepted by the board, and published on this site

12/03/2024 – Policy amended, accepted by the board, and published on this site

Nexa Platform Agreements

Nexa Premium Card Terms