Privacy Policy
At Nebeus Solutions Limited, safeguarding your personal information is one of our highest priorities. This Privacy Policy is designed to provide you with clear and comprehensive information on how we collect, process, and protect your data, in strict compliance with the UK General Data Protection Regulation (UK GDPR), Electronic Money Regulations 2011, and the Digital Operational Resilience Act (DORA).
This document has been reviewed and approved by our Data Protection Officer (DPO), who is responsible for ensuring the highest standards of data protection and operational resilience across all our services. The DPO’s oversight ensures that your rights as a data subject are fully respected and that all data-handling practices align with regulatory requirements.
If you have questions, concerns, or wish to exercise your data rights, please contact our DPO:
▪ E-mail: dpo@nebeus.com
▪ Phone: +44 204 577 1199
▪ Postal Address: Data Protection Officer, 60 Cannon Street, London, EC4N 6NP.
We are committed to:
▪ Providing you with transparent and accessible information about how we use your personal data.
▪ Continuously improving our systems to protect your information against unauthorized access and breaches.
▪ Responding promptly to your inquiries and data protection requests.
Your trust is at the heart of what we do, and this Privacy Policy reflects our dedication to keeping your information secure and your rights respected.
Legal Basis for Processing
We process your personal data to provide our services effectively and ensure compliance with legal obligations. The main reason we process your data is that it is necessary for the performance of a contract between us. This includes fulfilling our obligations and delivering the services you have requested.
In certain situations, we process your data to comply with legal obligations, such as those set by the Financial Conduct Authority (FCA) or other statutory requirements. Additionally, we may process your data based on our legitimate interests, such as improving our services, maintaining security, or providing you with updates about new products or important developments, including data protection news.
Where your explicit consent is required, for instance, when you opt to receive marketing communications, we will process your data only after obtaining your permission. In all cases, we ensure that our processing activities are aligned with applicable laws and respect your rights as a data subject.
Operational Resilience (DORA Compliance)
We are dedicated to maintaining strong digital operational resilience to ensure the security and continuity of our services. Our commitment includes effective incident management, which allows us to promptly address and report any operational disruptions or data breaches, minimizing their impact on our customers and systems.
Additionally, we actively monitor and manage risks associated with third-party service providers to safeguard the integrity of our operations. Regular security testing and updates to our IT infrastructure are also conducted to identify vulnerabilities and strengthen our systems against potential threats. These measures align with the requirements of the Digital Operational Resilience Act (DORA) and ensure that our operations remain compliant, secure, and reliable at all times.
Information We Collect
We collect only the personal information necessary to provide you with the services you request or to respond to your inquiries. Occasionally, we may also receive your contact details from trusted third parties, but only where you have explicitly consented to such sharing.
The types of personal data we collect include your name, contact details (such as email and phone), and, if applicable, your company’s name. If we enter into a business relationship with you, additional information may be required, such as financial details to facilitate transactions.
We may also gather records of your interactions with us, such as correspondence via email or phone, and data about how you use our website or services (e.g., cookies or analytics data, subject to your consent). In some cases, we may collect data required to comply with legal obligations, such as anti-money laundering regulations.
Data is collected directly from you through forms, inquiries, or the use of our services. Additionally, some data may be collected automatically via cookies and similar technologies, as outlined in our Cookie Policy.
Cookies
Cookies are small text files that we use to improve your experience of our website. The cookie file is generated by our website and is accepted and processed by your computer’s browser software. You can disable the cookies using your browser’s options although if you do this you may not be able to use some of the services shown on this site.
The Nebeus.Solutions set no third-party (tracking) cookies in your browser.
We use cookies to improve website performance and provide tailored experiences. First-party cookies are those set by our server. Third-party cookies are set by a server outside our control. The Nebeus.Solutions only set first-party cookies to store any custom preferences. First-party cookies are set by our web server and shared only with our domain.
First-Party cookies we set are:
▪ WordPress preference cookies
▪ Google Analytics cookies
How we use your data
The information you provide is used to deliver the services or information you request and to manage your interactions with us. This includes facilitating access to online assessments and surveys, ensuring you can participate effectively.
We may also use your data to keep you informed about products or services that may be of interest to you, as well as share useful information about data-related news, events, and conferences. Additionally, your data helps us enhance our website and improve the range of services and products we offer to better meet your needs.
In cases where we administer accounts or assist clients with data processing services, we ensure that all data is handled securely and in compliance with applicable regulations. Please note that we do not collect or store credit card details.
Sharing Your Data
We value your privacy and do not sell your personal data under any circumstances. However, there may be instances where your data is shared with trusted third parties to ensure the seamless delivery of our services. For example, we may share data with service providers who assist with IT infrastructure, payment processing, or customer support operations.
Additionally, we may be required to share your information with regulatory authorities, such as the Financial Conduct Authority (FCA), to comply with legal obligations.
We do not transfer your personal data outside the UK or European Economic Area (EEA) unless appropriate safeguards are in place, ensuring compliance with applicable data protection laws and standards.
Data Retention
We retain personal data for as long as necessary to fulfill legal, regulatory, or business requirements. For instance, transaction records are retained for at least seven years in compliance with the Electronic Money Regulations 2011 and anti-money laundering laws.
If we have not interacted with you for a period of two years, we will review the data we hold and securely delete it where no legal, regulatory, or business reason requires further retention.
However, in certain circumstances, data may need to be retained beyond the standard retention periods. For example, this includes situations where:
▪ Retention is required to comply with legal or regulatory obligations.
▪ Data is necessary for the establishment, exercise, or defense of legal claims.
We regularly review our data retention policies to ensure compliance with applicable laws and to minimize the retention of data beyond what is necessary.
Your Rights
As a data subject, you have several rights under data protection laws to ensure transparency and control over how your personal data is processed. You have the right to request access to the personal data we hold about you, allowing you to receive a copy and understand how it is being used. If you find that any information is inaccurate or incomplete, you have the right to request its rectification.
In certain circumstances, you may also request the deletion of your personal data. However, please note that this right is subject to legal and regulatory obligations that may require us to retain certain information. If you prefer, you can request that we restrict the processing of your data, limiting it to specific purposes where applicable.
Additionally, you have the right to receive your personal data in a structured, machine-readable format to facilitate its transfer to another data controller, a right known as data portability. Finally, you may object to the processing of your personal data, particularly when it is based on legitimate interests or used for direct marketing purposes.
To exercise any of these rights, please contact us at dpo@nebeus.com. We are committed to responding promptly and ensuring that your data rights are fully respected.
Keeping Your Data Secure
We take the security of your personal data very seriously and employ advanced measures to ensure it remains protected. Our security practices include the use of encryption to safeguard data during transmission and storage, as well as robust firewalls and access controls to prevent unauthorized access.
To maintain the integrity of our systems, we conduct regular security audits and vulnerability assessments to identify and address potential risks promptly. Access to personal data is strictly limited to authorized personnel who require it to perform their duties, and all such personnel are bound by strict confidentiality obligations.
By implementing these measures, we aim to ensure that your personal data remains secure against unauthorized access, loss, or misuse at all times.
Updates to This Privacy Policy
This Privacy Policy may be updated periodically to reflect changes in applicable laws, regulatory requirements, or updates to our services. Any changes will be communicated by posting the revised Privacy Policy on our website, with a clearly stated effective date. We encourage you to review this Privacy Policy regularly to stay informed about how we are protecting your data.
Complaints
If you have any concerns about how your personal data is handled or believe your data rights are not being respected, you can contact our Data Protection Officer (DPO) at dpo@nebeus.com. Our DPO will address your concerns promptly and work with you to find a resolution.
Should you remain dissatisfied with our response, you have the right to file a complaint with the Information Commissioner’s Office (ICO). For further details on how to raise a concern, visit their website at https://ico.org.uk/concerns.
About Us
Nebeus Solutions Limited is authorized by the Financial Conduct Authority (FCA) under the Electronic Money Regulations 2011 (FCA Registration No. 900993). We are committed to providing secure and compliant financial services to our customers.
Our registered office is:
60 Cannon Street,
London, EC4N 6NP,
United Kingdom.