Here's how we protect your data and respect your privacy.
Nordark is committed to collecting only necessary information and exercises discretion in sharing client personal information. Sharing is limited to essential instances only. In line with internal policies, Nordark strictly confines access to client personal information to employees who need this data to manage compliance, identity verification, fraud prevention, and customer support tasks.
1.1. Client: any individual who uses Nordark’s services, including visiting the websites, applications and engaging in any correspondence with Nordark or its affiliates.
1.2. Data controller: Nordark when it alone or jointly with others, determines the purposes and means of the processing of personal data by instruction for processing activities given to the data processor.
1.3. Data Processor: Third party service providers authorised to exercise certain processing activities under the direct authority of that process data on behalf of the data controller.
1.5. GDPR: This stands for the General Data Protection Regulation, which is REGULATION (EU) 2016/679 of the European Parliament and of the Council, dated 27 April 2016. It pertains to the protection of natural persons in relation to the processing of personal data and the free movement of such data, and it repeals Directive 95/46/EC.
1.6. Nordark: refers to both a) Nordfinex UAB: a company incorporated and operating under Lithuanian Law from a registered address of Eišiškių Sodų 18-oji g. 11, LT-02194 Vilnius, under company registration code 306129193 and b) Nordfinex Holding AB: a company registered in Sweden under registration number 559315-0468.
1.8. Personal Data: any information about an identified or identifiable data subject. A person is considered identifiable if they can be directly or indirectly recognized, particularly through identifiers such as a name, an identification number, location data, an online identifier, or factors unique to their physical, physiological, genetic, mental, economic, cultural, or social identity. Nordark does not regard information that has been anonymized as personal data.
1.9. Services: any services offered by a company within the companies of Nordark.
1.10. Third Party: any natural or legal person, public authority, agency, or body other than the data subject, data controller, data processor, and individuals who are authorised to process personal data under the direct authority of the controller or processor.
1.11. Website: nordark.com
2.1.1. To provide services to the Client, Nordark gathers various types of Personal Data from the Client.
2.1.2. Personal Data collection and utilisation occur during registration, identity verification, and the.
2.2. Processing of Registration Data
2.2.1. As part of the registration process, Nordark collects essential information about the Client. This information may include the Client's name, surname, and email address. Providing this Personal Data is compulsory for registration. Inability or refusal to supply this data, or any request to delete or object to the processing of such data, will result in the inability to complete the Client’s registration with Nordark.
2.2.2. If the Client has not completed their registration and has not removed all Personal Data entered in the registration form, Nordark will interpret this as the Client’s intention for Nordark to take preliminary steps before formalising a contract. In such cases, Nordark may reach out to the Client to assist with completing the registration for Services.
2.2.3. To finalise registration, the Client is required to confirm their email address and/or phone number after receiving a verification message. This step is essential to ensure the accuracy and ownership of the contact information provided.
2.2.4. Upon submitting initial Personal Data for registration, the Client may proceed with their application for Services. To fulfil legal and regulatory obligations, Nordark requires additional information. During this application phase, the Client should provide further Personal Data, which may include but is not limited to: phone number, date of birth, nationality, personal ID number, residential address, information on whether the individual is a politically exposed person or a resident of the USA, a copy of an identification document (ID or Passport), a recent photograph, and other necessary information to verify the Client’s eligibility for using the Services. Providing this additional Personal Data is essential for accessing and using the Services. Inability or refusal to supply this required data will result in the application for Services being declined.
2.2.5. There may be instances where Nordark is obliged to gather additional information to accurately identify the Client or to comply with legal and regulatory requirements. In such cases, the Client will be notified and requested to provide the necessary additional information.
2.2.6. The Personal Data collected by Nordark during the registration phase is utilized for the following purposes:
22.214.171.124. To facilitate the creation and management of your Nordark Account;
126.96.36.199. To verify the identity of the Client as part of our due diligence and regulatory compliance processes;
188.8.131.52. To enable access to and provision of the various services offered by Nordark;
184.108.40.206. To ensure adherence to legal and regulatory requirements applicable to our operations;
220.127.116.11. To communicate with the Client regarding account management, service updates, and other relevant information;
18.104.22.168. To enhance the security of the Client’s account and the overall platform, including fraud prevention and risk management.
2.2.7. Legal basis for Data Processing:
22.214.171.124. Nordark processes the Client's registration data based on the Client's consent, which is given when they voluntarily submit and fill in personal data details on the Nordark registration form. This includes data that is not mandatory for registration purposes;
126.96.36.199. The processing of registration data is also necessary for the conclusion and performance of contractual obligations between Nordark and the Client; as well as for compliance with legal and regulatory obligations applicable to Nordark. The Client has the right to modify, update, or request the deletion of their contact details by contacting Nordark directly. The Client acknowledges that deletion of contact details and other registration data is subject to Nordark's legal obligations to retain such data under applicable laws.
2.3. Processing of Client Verification Data
2.3.1. In order to access and utilise Nordark's services, it is mandatory for the Client to undergo identity verification. Nordark initiates this verification using the Personal Data provided by the Client during the registration process. However, simply providing this data is not sufficient for confirmation of identity. For additional verification purposes Nordark also utilises verification services managed and provided by Nordark’s external service providers, ensuring a thorough and reliable process of identity confirmation.
2.3.3. Nordark may occasionally require the Client to submit additional information to facilitate reasonable identification and verification of the Client's identity. Nordark reserves the right to contact the Client for the purpose of requesting more information or confirming that the information already provided is correct, accurate, current, and valid.
2.3.4. Nordark retains the right to request the Client's participation in a video call for verification purposes. Such video calls are conducted at the sole discretion of Nordark when deemed necessary as an enhanced measure and are limited to a maximum duration of five minutes. The quality of the sound and image during these calls must be sufficiently clear to allow for the easy identification and understanding of the Client. During the video call, the Client is required to present their identification document (such as a passport or national ID card) and any other documents previously submitted to Nordark. Additionally, the Client may be asked to show other documents requested by Nordark for the purpose of verifying their identity. Nordark may also require the Client to provide any other information necessary for Nordark to fulfil its legal and regulatory obligations.
2.3.5. Nordark processes the aforementioned Personal Data, which is used for the Client's verification, to adhere to its legal and regulatory obligations. This process is also critical to ensure that Clients are not attempting to create multiple Accounts or engage in fraudulent activities. Should a Client refuse to complete the identity verification process, their application to use Nordark's Services will be terminated.
2.4. Data processed during website usage
2.4.1. Nordark enables Clients to access its Services through the Website to ensure a quality user experience.During Client’s website usage, Nordark collects and processes the following data:
188.8.131.52. Client login history: This is recorded primarily for security purposes, to monitor account access and ensure the safety of Client accounts;
184.108.40.206. Client website interaction history: Nordark tracks and analyses the history and various activities of the Client on the Website. The purposes of this data collection include:i. Facilitating the functionality of the Website, as well as planning for future updates and improvements.ii. Ensuring compliance with legal and regulatory requirements that Nordark is subject to.
2.5. Data processed during the service usage
2.5.1. As Clients engage with Nordark's Services, Nordark collects specific information related to their transactions including:
220.127.116.11. Transaction history, including the date of the transaction, information about the payer and payee and the transaction amount. The purpose of processing this information is to ensure operational functionality and enhancement and legal and regulatory compliance.
18.104.22.168. Internal communication records, including claims and complaints from the Client, are processed to guarantee the proper and timely fulfilment of service-related obligations. It's important for the Client to acknowledge that personal information shared in these internal messages should be limited to what is essential for the provision of Services or as requested by Nordark.
22.214.171.124. Information regarding the Client’s interactions with the Services, such as clicks and visited sections. This data is gathered in order to provide an enhanced functionality and user experience of Nordarks website and applications.
126.96.36.199. In instances where Clients include messages with their payment details, the content of these messages is retained by Nordark.
188.8.131.52. Nordark securely saves and stores photos and/or documents provided by the Client during the usage of Nordark’s services. These photos and/or documents are retained for the duration of the Client's use of the Services and for a specified period after the termination of service provision. The retention period is determined in accordance with the legal and regulatory requirements applicable to Nordark.
2.5.2. Nordark processes the Personal Data collected from the Client on the following legal grounds:
184.108.40.206. for the purpose of fulfilment of contractual agreements and obligations established between Nordark and the Client;
220.127.116.11. in order to pursue legitimate interests of Nordark as the controller and manager of the website and application; and
18.104.22.168. for compliance purposes: in order to comply with legal and regulatory requirements that apply to Nordark.
3.1. Website development: Nordark utilises Personal Data in the research and development of its Websites and Services. This procedure is performed in order to offer the Client and others a superior, more intuitive, and personalised experience, which contributes to the growth of our user base.
3.2. Client Support: Nordark employs Personal Data to maintain communication with its Clients. This includes providing customer service, notifying Clients about news and updates, and sharing security alerts and relevant information.
3.4. Provision of information on similar products and services
3.4.1. Nordark uses Personal Data to inform Clients about other goods and services it offers, or may offer in the future, which are similar to those currently used by the Client. This is aimed at providing Clients with options that align with their existing service preferences.
3.5. Information from Third Parties
3.5.1. Nordark combines the Personal Data provided by the Client with information gathered from other sources about the Client. This combined data helps Nordark better understand the Client’s needs and behaviour, enabling more informed decisions regarding the provision of Services to the Client.
4.1. In addition to the Personal Data collected and received directly from the Client, Nordark collects and receives Client’s Personal Data from external sources, including:
4.1.1. Business partners, subcontractors in technical and service fields, advertising networks, analytics providers, search information providers, credit reference agencies, fraud prevention agencies, customer service providers, and developers. The types of information Nordark may collect from such entities may include credit search information, identity verification data, transactional details or other relevant information concerning the Client;
4.1.2. Other legal public sources including public registers, internet search engines, and public platforms such as social media.
5.1. Collaborations with Third Parties: In order to provide the Client with Nordark’s services and for the adherence to legal and regulatory requirements, Nordark engages with third-party service providers (Data processors). These Data Processors access and use Personal Data as part of their contractual agreement with Nordark. Nordark may share information collected about the Client with these Data Processors, including but not limited to the following:
5.1.1. Third parties utilised for the secure and safe storage of Clients’ Personal Data;
5.1.2. Fraud Prevention Services, in order to prevent fraudulent activities, Nordark may share Client information with third-party identity verification services. This helps ensure the authenticity of Client identities by cross-referencing submitted details with public records and third-party databases;
5.1.3. Auditors, Accountants, and Lawyers, for conducting financial, technical, and legal audits of Nordark's operations or to receive specialised services, some Client information may be shared as part of these audits or services;
5.1.4. Analytics Service Providers, to enhance the functionality of Nordark’s services, anonymized data may be shared with service providers that assist in analysing how the services are utilised;
5.1.5. Affiliated Entities of Nordark may be provided with information if deemed necessary for the provision of optimal products and customer support to the Client.
5.2. Nordark may also share the Client’s Personal Data with the following third parties:
5.2.1. Payment Service Providers: Nordark will share the Client’s payment account information with payment service providers to facilitate transaction processing;
5.2.2. Regulatory and Law Enforcement Entities: Nordark may be required to share Client information with supervisory authorities, law enforcement agencies, or government officials. Such sharing occurs when legally mandated or upon formal request, or when Nordark believes in good faith that it is necessary to prevent physical harm or financial loss, or to report suspected illegal activity;
5.2.4. Authorised Third-Parties: Nordark may share the Client’s Personal Data with other third parties, but only when the Client has explicitly authorised Nordark to do so.
6.1. Nordark may share a Client's Personal Data with other Nordark clients as part of providing its Services. For example, this might occur when executing payments to other Nordark clients. Additionally, as Nordark develops and introduces new features and services that might require sharing the Client's Personal Data, all clients will be notified prior to the activation of such services.
7.1. The Personal Data that Nordark collects from its Clients will be transferred to, and stored at, locations within the European Economic Area (EEA).
7.3. Conditions for Data transfer outside the EEA: Nordark will only transfer the Client’s Personal Data if the following conditions are met:
7.3.1. To ensure that the processing of data is consistent with Nordark’s service standards, the Personal Data is transfered only to trusted partners integral to the provision of Services;
7.3.2. The agreement that governs the relationship between Nordark and the respective service provider includes obligations for the service provider to adhere to legal security requirements;
7.3.3. The transfer of Personal Data to countries outside the EEA is contingent upon the European Commission’s decision regarding the adequacy of data protection levels in the recipient country. Nordark only transfers data to countries where the European Commission has determined that an appropriate level of data security is ensured.
8.1. Clients of Nordark have the following rights concerning the protection of their personal data:
8.1.1. Access: Clients have the right to request access to their Personal Data processed by Nordark. This right allows Clients to receive a copy of the Personal Data Nordark holds about them;
8.1.2. Rectification: Clients have the right to have any incorrect or inaccurate Personal Data corrected. This includes the ability to update or change information such as personal contact details through their account settings. However, certain details like name, surname, and financial information can only be modified through Nordark’s client support;
8.1.2. Data transfer: the Client has the right to request that Nordark provide them with their Personal Data in a structured, commonly used, machine-readable format. Clients can then transfer this data to another data controller as needed. It’s important to note that this right applies solely to automated information which the Client initially consented to provide to Nordark for use, or information that Nordark used to provide its Services to the Client;
8.1.3.Data deletion and retention: Clients have the right to request that Nordark delete or remove their Personal Data in situations where there is no valid reason for its continued processing, or if the Client has validly exercised their right to object to processing. It is important that the Client acknowledge and understand that Nordark is required to retain certain information provided by the Client for a specified number of years according to the laws on Prevention of Money Laundering and Terrorist Financing in the EEA and the UK, as well as other applicable laws. Therefore, Nordark may in some cases not be able to fully comply with a request for erasure due to these legal obligations. The Client will be informed at the time of their request if such circumstances apply;
8.1.4. Suspension of Data Processing: The Client have the right to request that Nordark temporarily suspend the processing of their Personal Data. It is important to note that such requests might impact Nordark's ability to perform contractual obligations or enter into agreements with the Client. In such instances, Nordark will inform the Client about the potential consequences of their request;
8.1.5. Objection of processing carried out on the basis of legitimate interests: The Client has the right to object to the processing of their Personal Data when such processing is based on legitimate interests pursued by Nordark or a third party, and the particular processing affects the Client's fundamental rights and freedoms. This right also includes the right to object when Nordark processes Personal Data for direct marketing purposes. The Client however acknowledges that Nordark is required to process certain Personal Data for compliance with laws pertaining to the prevention of money laundering and terrorist financing, as well as other applicable regulations. In such cases, Nordark may demonstrate compelling legitimate grounds for processing that override the Client’s rights. Legal requirements governing the aforementioned purposes take precedence over any objection rights under data protection laws. Consequently, objecting to the processing of certain Personal Data may result in Nordark being unable to provide its Services to the Client.