Privacy Policy

Introduction

Welcome to Nebula Finance Ltd's Privacy and Data Protection Policy. At Nebula Finance Ltd ("we", "us", or "our") we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and all other mandatory laws and regulations of the United Kingdom.

This Privacy Policy explains how we collect, process, and keep your data safe. It will tell you about your privacy rights, how the law protects you, and inform our employees and staff members of all their obligations and protocols when processing data.

The individuals from which we may gather and use data can include: Customers, Suppliers, Business contacts, Employees/Staff Members, Third parties connected to your customers, and any other people that the organisation has a relationship with or may need to contact.

Who is Your Data Controller

Nebula Finance Ltd is your Data Controller and responsible for your Personal Data. We are not obliged by the UK GDPR to appoint a data protection officer and have not voluntarily appointed one at this time.

Any inquiries about your data should be sent to us at hiep.do@nebulafin.co or by letter to 124 City Road, London, EC1V 2NX, United Kingdom.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Processing Data on Behalf of a Controller

As Data Controller, we have employees who will deal with your data on our behalf ("Processors"). The Data Controller and our Processors have the following responsibilities:

• Ensure that all processing of Personal Data is governed by one of the legal bases laid out in the UK GDPR
• Ensure that Processors are committed to confidentiality or are under an appropriate statutory obligation of confidentiality
• Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk
• Obtain prior specific or general authorisation of the Controller before engaging another Processor
• Assist the Controller in fulfilling obligations to respond to requests for exercising data subject rights
• Maintain a record of all categories of processing activities carried out on behalf of a Controller
• Notify the Controller without undue delay after becoming aware of a Personal Data Breach

Types of Data / Privacy Policy Scope

"Personal Data" means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of Personal Data about you:

We do not collect any Special Categories of Personal Data about you (including race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, or genetic and biometric data), nor any information about criminal convictions and offences.

The Legal Basis for Collecting That Data

The main lawful bases we rely on under the UK GDPR are:

• Consent — Certain situations allow us to collect your Personal Data, such as when you opt in to receive email newsletters.
• Contractual Obligations — We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.
• Legal Compliance — We're required by law to collect and process certain types of data, such as in cases of fraudulent activity or other illegal actions.
• Legitimate Interest — We might need to collect certain information to meet our legitimate interests, where this will not have a material impact on your rights, freedom, or interests.

How We Use Your Personal Data

We will only use your Personal Data when the law allows us to. We will never process your data without a legal basis for doing so.

Marketing and Content Updates

You will receive marketing and new content communications from us if you have created an account and chosen to opt into receiving those communications.

Change of Purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another compatible reason. If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

Your Rights and How You Are Protected

Your account information will be protected by a password for your privacy and security. You need to prevent unauthorised access to your account by selecting and protecting your password appropriately and limiting access to your computer or device.

Account Deletion: You may delete your account and associated personal data directly from within the App via Settings → Delete Account, or by contacting us to request deletion. Certain records may be retained where required by law.

California Privacy Rights: Under California Civil Code sections 1798.83–1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information we share with affiliates and/or third parties for marketing purposes. Please submit a written request to us if you are a California resident and would like a copy of this notice.

Children's Privacy

Our services are not directed at children under 13. We do not knowingly collect data from children under 13. If we learn we have done so, we will delete such data promptly.

How Nebula Finance Ltd Protects Your Personal Data

We are concerned with keeping your data secure and protecting it from inappropriate disclosure. Any Personal Data collected by us is only accessible by a limited number of employees who have special access rights and are bound by obligations of confidentiality.

Your data is stored on AWS (Amazon Web Services) infrastructure, fully compliant with AWS GDPR standards, including encryption at rest and in transit. AWS maintains ISO 27001, SOC 1/2/3, and GDPR certifications across its EU regions. Your data is processed and stored within the AWS EU (London) region and never leaves UK/EEA jurisdiction.

Unfortunately, no transmission of data over the internet is guaranteed to be completely secure. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any data you transmit to us. Any such transmission is done at your own risk. If you believe that your interaction with us is no longer secure, please contact us immediately.

Opting Out of Marketing Promotions

You can ask us to stop sending you marketing messages at any time by contacting us. Where you opt out of marketing messages, we will continue to retain other Personal Data provided to us as a result of interactions with us not related to your marketing preferences.

How to Request Your Data

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, if your request is clearly unfounded, we could refuse to comply with your request.

We may need to request specific information from you to help confirm your identity and ensure your right to access your Personal Data. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

Your Data and Third Parties

We may share Personal Data with interested parties in the event that Nebula Finance Ltd anticipates a change in control or the acquisition of all or part of our business or assets. If Nebula Finance Ltd is sold or makes a sale or transfer, we may transfer, sell, or assign your Personal Data to a third party as part of that transaction.

We may share your Personal Data at any time if required for legal reasons or in order to enforce our terms or this Privacy Policy.

Third-Party Links

This site may include links to third-party websites, plug-ins, and applications. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our site, we encourage you to read the privacy policy of every website you visit.

How Long Will We Retain Your Data

We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

International Transfer of Data

Your information may be stored and processed in the EU, UK, US, or other countries. By using Nebula Finance Ltd's services, you consent to such transfers. Where data is transferred outside the UK/EU, we will use safeguards such as adequacy decisions or Standard Contractual Clauses.

Notification of Changes and Acceptance of Policy

We keep our Privacy Policy under review and will place any updates on this page. This version is dated 7 June 2020. By using Nebula Finance Ltd, you consent to the collection and use of data by us as set out in this Privacy Policy. Continued access or use of Nebula Finance Ltd will constitute your express acceptance of any modifications to this Privacy Policy.

Contact Us

For any inquiries about your data or this Privacy Policy, please contact us: