Welcome to NALA Payments Limited (“NALA”, “we”, “our”, “us”). We are committed to privacy compliance and to earning our users’ (“you”, “your”) trust.
This is the Privacy Notice for www.nala.com (the “Website”) and any mobile application (the “App”) that provides support to our services, which are operated by us.
Our Group’s registered address is International House, 64 Nile Street, London, United Kingdom, N1 7SR. For the purposes of the General Data Protection Regulation (“GDPR”), we are the data controller of your personal data.
We are committed to protecting your privacy and the security of the personal data we hold and process about you. This Privacy Notice explains how we collect information, what we use the information for, our legal basis for doing so, and what controls you have.
We reserve the right to change this Privacy Notice from time to time. This Privacy Notice was last updated on 5th of October of 2020
Information you give to us:
We may collect and process the following personal information about you:
General personal details, which may include:
Account sign-in information, which will include the following as set by you:
Communications you send to us, (by telephone, email or otherwise), for example, to report a problem or to submit queries, concerns or comments regarding the Website, our service, or general comments.
With regard to each of your visits to the Website we may collect the following information:
We may receive information about you if you use any of the other websites we operate or the other services we provide.
Information we receive from others:
We are also working closely with third parties (including, for example, service providers, business partners, sub-contractors in technical, payment and delivery service providers, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
If the personal information we hold about you is incorrect, please let us know. You may decide not to provide your personal information to us. However, in that case, please note we may not be able to deliver our services to you.
We may also collect and process your contact list information on your mobile device but only with your express permission.This information may include names, phone numbers, email addresses, images associated with the contacts etc.
This is to make it easier for the recipient data to be pre-filled and enable transactions to be processed faster and free of apparent errors.We shall only access your contact list with your explicit consent and only share applicable information with third parties solely for the purpose of processing the transaction.
We shall not send any information to your contacts or make use of any of the collected data for any other purpose apart from what is provided here.
We use your personal data for the following purposes:
Under GDPR we are required to tell you about the legal basis under which we collect and process your data. We will only collect and process your personal data in accordance with one of the below lawful bases:
Performance of a contract: This is where the processing is necessary for a contract we have with you, or you have asked us to take specific steps before entering into a contract, such as providing you with a quote. This lawful basis covers the following purposes: Providing our services to you.Providing customer support and account administration and communicating with you and about your engagement with us.Managing payments for the services we provide you which includes billing process through our Website.Communicating with you at your request to provide you with information of our services in order to take steps prior to entering into a service engagement.
Our legitimate interests: This is where we collect and process data in accordance with our “legitimate interests” which may be pursued by us or our service providers acting on our behalf or by a third-party insofar as such interests do not pose a high risk to your rights and freedoms. Our legitimate interests include the following purposes: Performing service enhancement activities. Our legitimate interest is making services and features more relevant and improving our services and user experience.Ensuring proper administration of our business. Our legitimate interest is ensuring the continuity of our service.Preventing, detecting and fighting fraud or other illegal or unauthorized activities, as well as checking your identity and credentials. Our legitimate interest is preserving the security of our service.Providing you with marketing communications about our services. Where consent is not required, as you or the company you represent are an existing customer who purchased or negotiated to purchase a similar service or product in the past, we may send you marketing communications based on our legitimate interest pursued by us or our service providers acting on our behalf or by a third-party. Our legitimate interest is promoting our business and to provide you with offers of relevant services.
Consent: We may provide and send you marketing communications based on your consent. You may be given the option to explicitly consent to share your data with selected third parties for marketing purposes or to sign up for related products and services. This will be via a separate notice via the Website or App. We will never assume that we have your consent unless you have explicitly opted in, and you can withdraw your consent at any time by contacting us.
Compliance with our legal obligations: We may be required to process or share your personal data in compliance with a legal obligation, statutory codes of practice and other legal or tax related obligations to:Exercise or perform any right or obligation which is conferred or imposed by law on us. This may include the request and verification of your financial information to comply with our legal obligations related to financial, Anti-Money Laundering and tax regulations, among others.Establish, exercise or defend legal claims in suspected or actual legal proceedings when investigating, for example, a civil claim.
In order to deliver our services, your personal data may also be transferred to the following third parties:
Our service providers and partners:
In order to deliver our services, your personal data may also be transferred to the following third parties:
We use third parties to help us operate and improve our services and facilitate the fulfilment of essential service functions. These third parties assist us with various tasks, including personal information hosting and maintenance, with security tools and others, to verify and confirm the information that you provide to us. We may also share your information with the banks, telecommunications providers and other financial services firms who facilitate payments, among others.
In corporate transactions:
We may transfer your personal information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.
When required by law:
We may disclose your personal information if reasonably necessary with regulators, law enforcement agencies or authorities or where mandatory under a court order: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government / law enforcement investigation or other legal requirements; (ii) to assist in the prevention or detection of crime (subject in each case to applicable law); or (iii) to protect the safety of any person.
To enforce legal rights:
We may also share information: (i) if disclosure would mitigate our liability in an actual or threatened lawsuit; (ii) as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
With other entities within NALA Group:
When it is necessary for operational reasons such as the use of a group-wide logistics and IT infrastructure and for any administrative purposes to organise, develop and deliver our services and products, run our organisation and decide on future strategies.
In certain circumstances we may ask for your consent to share your personal data with explicitly identified third parties, including entities within NALA Group, so that they can contact you for marketing purposes or provide you with their own products or services. We will only do so if you have given us your explicit consent to share your personal information in this way, which can be given via a pop-up screen on the Website. You can withdraw your consent at any time by emailing us.
NALA may collect and use clickstream data to profile your behaviour on our website and to understand how you interact with our online presence. This data is collected through the use of web analytics software, and may include information about the websites and pages you visit, as well as the actions you take on those pages.
We use this data to improve our website and to better understand our users' needs and preferences. We may also use this data to personalise your experience on our website and to show you relevant content and offers.
We take the protection of your personal data seriously and have implemented appropriate technical and organisational measures to ensure that your data is collected, used, and stored in compliance with the General Data Protection Regulation (GDPR) and other relevant local legislation in our various countries of operation. We also ensure that your data is only used for legitimate business purposes and is not shared or sold to third parties without your consent.
You have the right to access, correct, and delete any personal data that we collect about you. If you wish to exercise any of these rights, please contact us at email@example.com
How do we send information outside of your country?
We take the security of your data very seriously, and all of your personal data will be kept according to strict safeguards and in compliance with the GDPR. Your data will be stored on cloud servers within the EEA and we will only store or transfer your data outside the EEA in the event that the jurisdiction in question has been assessed as compliant with the GDPR.
You may request further information on the measures used for the international transfers at firstname.lastname@example.org.
What are your rights?
In certain circumstances, you may exercise the rights available to you under applicable data protection legislation as follows:
You have the right to be informed over what personal data we hold and how we are using it. This information is contained within this Privacy Notice.
If you have consented to particular uses of your personal data, you have the right to withdraw this consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to portability of your personal data. This means that you can request copies of the personal data we hold in a structured, commonly used, and machine-readable form.
You have the right to request a copy of the personal data we hold under the GDPR by making a “subject access request” to us.
If some of the personal data we hold is inaccurate or incomplete, you can request that we rectify our records by contacting us.
Where we are using your personal data in accordance with our legitimate interests, you can object to further use of your data. If you object, we will stop using your personal data in this way immediately, unless there are compelling legitimate grounds for processing your personal data which override your interests, rights and freedoms (such as requests by law enforcement) or we need to process your data for the establishment, exercise or defence of legal claims.
You have the right to request erasure of the personal data we hold by contacting us.
You have the right to restrict the processing of your personal data in certain circumstances.
You have the right to not be subject to automated decision making.
You have the right to complain to a data protection authority about our collection and use of your personal information if you feel that we have not been complying with our obligations on data protection law. For more information, please contact the Information Commissioner’s Office (ICO) or your applicable local data protection authority. A list of European data protection authorities is available here.
You can exercise any of your rights by contacting us via the details at the bottom of this page in Section “How can you contact NALA”. Please note that we may need to verify your identity before complying with any of the above requests.
We respond to all requests we receive from users in accordance with applicable data protection laws. In some cases, we may reject requests for certain reasons (for example, if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user).
How long will we keep your data for?
We will only keep your personal data for as long as is necessary. This means that we will retain your personal data for as long as we have an active contract or business relationship with you, and after this, we will only keep your data for as long as is necessary for the purposes which it is stored.
In some cases, we may be required to retain your personal data for a longer period where applicable laws or regulations require or allow us to do so. Where possible, we aim to anonymise the information or remove unnecessary identifiers from records that we may need to keep for longer periods beyond the specified retention period.
In case of any questions relating to data retention, please contact us at: email@example.com.
How do we protect your information?
We have implemented, and will maintain current, reasonable physical, technical, and organizational security measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
What cookies and similar technologies do we use?
Please see our Cookie Notice for more information on why we use them and how you can better control their use through your browser settings and other tools.
How can you contact NALA?
If you have questions regarding your privacy and rights, please let us know how we can help.
Email: firstname.lastname@example.org Post mail: International House, 64 Nile Street, London, N1 7SR