On the course of using our Services, or corresponding with the Nova Money team, you may provide us with various pieces of personal data. We collect and use the data outlined below to provide contracted Services to you or to further operate and develop our business.
Nova uses two trusted third-party providers, TrueLayer Ltd and Google Cloud Platform (GCP), to securely collect and process your transaction history, direct debits, and balance information. These providers are selected for their expertise and adherence to the highest standards of data protection and privacy, including ISO 27001 and SOC 2 certifications. All financial data collected through TrueLayer Ltd and GCP is encrypted using industry best practices and remains strictly confidential. We never share your financial data with any third party.
Nova collects your email address for the purpose of user account registration and authentication as required by the PSD2 regulation.
Nova may explicitly ask you to access your contact list to invite your friends. We never store nor share your contact list.
Nova Money may share your personal data with selected third parties, including business partners, suppliers, and subcontractors that assist us in the provision of our Services to you. The third-party providers used by us will only collect, use, and disclose your information as instructed by us to provide Services to you.
Nova Money does not collect nor process any kind of sensitive user data as defined by GDPR.
When you use Nova or visit our website, we automatically collect information, including personal information, about the parts of the product you use and how you use them:
Information about your device — your visits to and use of the site or the Service (including without limitation your IP address, geographical location, browser/platform type and version), internet service provider, operating system.Information about your use of the product — length of visit, page views, website navigation, and search terms that you use, referral source/exit pages.
This information is collected in an anonymous way to help us continuously improve our products. We never sell any of this data. The tools and services that we use to collect and process the information are all GDPR compliant.
We take the security of your personal information very seriously. All information you provide to us is stored on secure cloud servers. Any transmission of information to our partners (including information to facilitate payments) is encrypted using TLS technology, which is the current standard in secure communications over the Internet. Once we have received your information, we use strict procedures and security features to prevent unauthorized access. Information is stored using state-of-the-art symmetric encryption (AES).
If we transfer your personal information outside the European Economic Area (EEA) to our suppliers, we ensure that it is protected to the same extent as in the EEA. This may include the use of standard contractual clauses approved by the European Commission, ensuring that appropriate safeguards are in place to protect your personal information.
Under the General Data Protection Regulation (GDPR), you have certain rights regarding the personal information that we hold about you. These rights include the right to access, rectify, erase, and restrict processing of your personal data. You also have the right to data portability and the right to object to the processing of your personal data.
If you wish to exercise any of these rights, please contact us at email@example.com. We will respond to your request as soon as possible and, in any case, within the timeframes required by applicable data protection laws.
Please note that we may require additional information from you in order to verify your identity before disclosing or making any changes to your personal data. We will also inform you of any potential costs associated with fulfilling your request, should any apply.
We take your privacy rights seriously and will make every effort to address your concerns and ensure compliance with all applicable data protection laws.