Nobel Financial Limited, a limited liability company registered and incorporated under the laws of Malta, bearing company registration number C66961 and having its registered address situated at 68, Northfields, Penthouse No.9, Independence Avenue, Mosta MST9026, Malta is licensed by the Malta Financial Services Authority as a financial institution in terms of the Financial Institutions Act, (Chapter 376 of the laws of Malta) (“Act”) and is authorized inter alia to issue of electronic money as defined in the third schedule of the Act.
2. The information we collect
The personal data we hold about you is given directly by you and by people or companies authorised by you to act on your behalf, and it may also include information obtained from those third parties authorised by you to share such information with us, including:
(a) Information that you provide by filling in forms on the Service, posting User Content or requesting further services or reporting a problem;
(b) Name, addresses, date of birth, gender and contact details;
(c) Payment details (e.g. account number, sort code; payment card number, validity/expiry date, issue number and CVV number);
(d) Any other data or information that we or any of our suppliers must request from you in order to perform our service;
(e) Information about your financial interests or financial position;
(f) Your contact details, including your e-mail address, home address and telephone numbers;
(g) copies of passports or other identification evidence that you provide for anti-money laundering and anti-fraud purposes;
(h) Records of telephone calls and any correspondence between you and us;
(i) Information that you provide by filling in our surveys;
(k) Internet protocol address, timezone/region, browser type/language, operating system, internet service provider, system details/settings;
(l) Information about activities you undertake, such as the pages you visit, searches you make or marketing or links you click;
(m) Transaction Data: retailers used, items purchased, value of transactions;
(n) Credit checks to assess creditworthiness of your Business.
Some of the information that we collect about you may include special categories of personal data (such as information about racial or ethnic origin, criminal or alleged criminal offences). We will usually seek separate permission from you in writing to process these special categories of personal data.
If you fail to provide us with this information, or you object to us processing such information the consequences are that we may be prevented from conducting business with you, or continuing to manage your account(s) with us and we may be unable to provide our services to you.
Use of Personal Information
We act as data controller when processing and storing your personal data.
We may use information held about you in one or more of the following ways:
(a) To ensure that content on the Service is presented in the most effective manner for you and for your computer or other devices for which we support access;
(b) To provide you with information, products or services that you request or which we decide may interest you, where you have consented to be contacted for such purposes;
(c) For statistical analysis;
(d) To develop and improve the Service;
(e) To update our records;
(f) To identify which elements of the Service or other products might interest you;
(g) To assess creditworthiness in accordance with the provisions of the applicable Customer Agreement;
(h) To identify, prevent, detect or tackle fraud, money laundering and other crime;
(i) To carry out checks required by applicable regulation or regulatory guidance;
(j) To keep you informed about the Service and/or Transactions;
(k) To carry out our obligations arising from and exercise our rights under, any agreements between you and either of us or other users of the Service;
(l) To allow you to participate in interactive features of the Service, when you choose to do so;
(m) To give you any notices under your Customer Agreement;
(n) To administer your account;
(o) To enforce Customer Agreements;
(p) To promote the Service.
We have described the purposes for which we may use information about you. We are permitted to process such information in this way, in compliance with the Data Protection Legislation, by relying on one or more of the following lawful grounds:
(a) you have explicitly agreed to us processing such information for a specific reason;
(b) the processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you;
(c) the processing is necessary for compliance with a legal obligation we have; or
(d) the processing is necessary for the purposes of a legitimate interest pursued by us, which might be:
(i) to ensure that our Customer Accounts are well-managed;
(ii) to provide our Service;
(iii) to prevent fraud;
(iv) to protect our business interests;
(v) to ensure that complaints are investigated;
(vi) to evaluate, develop or improve our products and services; or
(vii) to keep our Customers informed about relevant products and services, unless you have indicated at any time that you do not wish us to do so.
In relation to any processing of special categories of personal data, we will generally rely on obtaining specific consent in order to process such information, although it may be necessary for us to use certain information in order to comply with our legal obligations as a regulated entity (such as in relation to an alleged offence). Where you have consented to our processing of such information (including special categories of personal data) you may withdraw such consent at any time. Please note, however, that in certain circumstances it may be still lawful for us to continue processing this information even where consent has been withdrawn, if one of the other legal bases described above is applicable.
When we use your information, we may use automated processes.
In particular, in order to comply with our obligations under anti-money laundering legislation, we are required to verify the identity of all clients and other information (including but not limited to details of any nationality, citizenship or rights of residence you hold) to satisfy our regulatory obligations. We may do this using an electronic verification system that we consider suitable or by asking you for documentary evidence.
If you want to know more about your rights in relation to automated decision making, please contact us.
3. Sharing your personal data
We will keep your personal data confidential and only disclose it to others only for the purposes explained when you applied to open an account. We will ensure that if we share such information with third parties, any such disclosure is at all times in compliance with the Data Protection Legislation. We may share your personal data:
(a) In the event that we sell or buy any business or assets, in which case it may disclose your Personal Data to the prospective seller or buyer of such business or assets;
(b) If substantially all of our assets are acquired by a third party, in which case Personal Data held by us about our customers will be one of the transferred assets;
(c) If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply any agreements to which you are a party; or to protect our rights, property, or safety, or that of our customers, or others (which includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction);
(d) If you request us, or give your permission for us to do so;
(e) To a credit reference agency to check your identity and to prevent fraud, (it will also keep a record of your request and use it whenever anyone applies to be authenticated in your name);
(f) To tell credit reference agencies that you have an account and how you run that account;
(g) To our suppliers, agents and subcontractors to use for the purpose of operating the Service, under the necessary contractual obligations to take appropriate technical and organisational security measures against the unauthorised or unlawful access to or processing of Personal Data and against the accidental loss or destruction of, or damage to, such Personal Data;
(h) To investigate, prevent or detect fraud or carry out checks against money laundering;
(i) To organisations providing a centralised application matching service which they collect from and about credit applications, for the purpose of preventing and detecting fraud;
(j) For audit purposes and to meet legal and other obligations to any relevant regulatory authority or taxing authority.
We will also check your details with a fraud prevention agency/agencies and if you give false or inaccurate information and we identify fraud, this will be recorded and we and other organisations, including law enforcement agencies and debt collection agencies, may access, use and search these records to:
(a) help make decisions about credit and credit related services, for you and members of your household;
(b) help make decisions on motor, household, credit, life and other insurance proposals and insurance claims, for you and members of your household;
(c) trace debtors, recover debt, prevent fraud, and to manage your accounts or insurance policies;
(d) prevent fraud and money laundering, for example, when:
o Checking details on applications for credit and credit related or other facilities;
o Managing credit and credit related accounts or facilities;
o Checking details on proposals and claims for all types of insurance; and
o Checking details of job applicants and employees.
Please contact us if you want to receive details of the relevant fraud prevention agencies.
Sharing Third Party Information With Us
If any information which you provide to us relates to any third party (such as a joint account holder) (a "Relevant Third Party"), by providing us with such information you confirm that you are permitted to give us this information on their behalf.
Transferring Your Information Outside Malta
You and they understand and accept that these countries may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information it holds and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process. In addition, a number of countries have agreements with other countries providing for exchange of information for law enforcement, tax and other purposes.
When we, or our permitted third parties, transfer information outside the European Economic Area, we or they will impose contractual obligations on the recipients of that data to protect such information to the standard required in the European Economic Area. We or they may require the recipient to subscribe to international frameworks intended to enable secure data sharing. In the case of transfers by us, we may also transfer your information where:
(a) the transfer is to a country deemed to provide adequate protection of your information by the European Commission; or
(b) you have consented to the transfer.
If we transfer your information outside the European Economic Area in other circumstances (for example because we have to provide such information by law), we will use best endeavours to put in place appropriate safeguards to ensure that your information remains adequately protected.
4. Your rights
You and Relevant Third Parties have a number of rights concerning the way that we use your information. You are responsible for ensuring that Relevant Third Parties are aware of these rights. At any time, you and they shall have the right:
(a) to be informed about the processing of their personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third party sources from which it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and the logic, significance and envisaged consequences);
(b) to request access to, or a copy of, any personal data we hold about them;
(c) to request the rectification of their personal data, if they consider that it is inaccurate.;
(d) to request the erasure of their personal data, if they consider that we do not have the right to hold it;
(e) to object to their personal data being processed for a particular purpose or to request that we stop using their information;
(f) to request not to be subject to a decision based on automated processing and to have safeguards put in place if they are being profiled based on their personal data;
(g) to ask us to transfer a copy of their personal data to themselves or to another service provider or third party where technically feasible and otherwise required by [applicable regulations];
(h) to withdraw, at any time, any consent that they have previously given to us for our use of their personal data; or
(i) to ask us to stop or start sending them marketing messages at any time.
Access to Your Information
You and Relevant Third Parties may have a right of access to some, or all, of the information we hold about you or them, or to have any inaccurate information corrected, under the Data Protection Legislation. Any request for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will comply with our legal obligations as regards any individual’s rights as a data subject.
We aim to ensure that the information we hold about you and Relevant Third Parties is accurate at all times. To assist us in ensuring that such information is up to date, please let us know if the personal details of you and Relevant Third Parties change by contacting us. We will correct any incorrect or incomplete information and will stop processing personal data, or erase it, where there is no legal reason for us to continue to hold or use that information.
5. Retaining Your Information
We will only keep the information we collect about you and Relevant Third Parties on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate and up-to-date and still required.
If you close an account(s) you have with us, we decline your application to open an account(s), or you decide not to go ahead with opening an account(s), we may still keep your information. We may also continue to collect information from credit reference agencies to use after you close your account(s) with us.
We will normally destroy or erase data after 5 years from the end of our agreement with you or as required by any applicable regulations. However, we may retain your information, or information relating to Relevant Third Party after you cease to be a client for longer than this, provided it is necessary for a legal, regulatory, fraud prevention or other legitimate business purpose.
Please contact us if you want to receive additional details of our retention periods of Personal Data.
6. Sending You Marketing Information
We may use your information from time to time to inform you and Relevant Third Parties by letter, telephone, text (or similar) messages, email or other electronic means, about our products and services or about our similar products and services which may be of interest to you or them. You are responsible for ensuring that Relevant Third Parties are aware that we may use their information for marketing purposes to inform them about services which may be of interest to them and have specifically accepted receiving such communications.
You and Relevant Third Parties, at any time, request that we cease or do not send such information by one, some or all channels, by contacting us.
7. Contacting Us
If you or a Relevant Third Party wish to exercise any of the rights relating to your information set out above, or if you have any questions or comments about data protection, or you wish to raise a complaint about how we are using your information you can contact us using the following details, or any other details notified to you from time to time:
(a) Write to the registered and head office of Nobel Financial Limited at firstname.lastname@example.org
If you or a Relevant Third Party have any concerns about our use of your or their information, you and they also have the right to make a complaint to the Office of the Information and Data Protection Commissioner (https://idpc.org.mt) which regulates and supervise the use of personal data in Malta.
The Service may, from time to time, contain links to and from the websites of other businesses, including networks, advertisers and affiliates. If you follow a link to any of these websites, please note that those third parties have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data directly via those websites or to those third parties.