Data Protection Policy

Introduction

Nithio Holdings Inc. takes data privacy and protection very seriously. In the course of its business, Nithio needs to gather and use certain information about individuals and companies. This policy describes how this data is collected, what information we collect and how it is protected, handled and stored.

We regularly review industry best practice and ensure that we meet high standards of data protection at all times and comply with the law.

Data security practices

Nithio’s data security and protection policy applies to all Nithio employees, as well as consultants, contractors. Anyone with access to Confidential Data is subject to strict contractual confidentiality obligations and may be subject to Nithio’s disciplinary procedures in the event they are breached.

Before transferring Raw Data, Nithio requests that, and by entering into a contract with Nithio which is subject to our Terms of Service, you warrant to use all reasonable efforts to, eliminate unnecessary personal identifiers, such as name and contact information, to protect your Customers’ privacy. By signing our Terms of Service and giving access to Raw Data, You represent, warrant and agree that Raw Data will not include, without limitation, bank account numbers, credit or debit card numbers, political affiliation, membership in a trade group, or sexual orientation. As between the parties, you own all right, title and interest to all Raw Data and have full rights and authority to grant access to such Raw Data.

Nithio will provide guidance on this during on-boarding.  By entering into a contract with Nithio which is subject to our Terms of Service, you acknowledge and agree that you are solely responsible for any and all Raw Data and the consequences of providing, posting, or transmitting such Raw Data to Nithio. You agree that you are solely responsible for posting all applicable privacy policies, and making all applicable disclosures and/or notifications to your end users as may be required by the laws in your jurisdiction, and for obtaining any necessary consent(s) from such individuals, with respect to your collection and use of personal information, including Raw Data and including your disclosure of Raw Data to Nithio.

As part of its data in-processing methods and before storage or further modeling, Nithio produces a fully anonymized Derived Data set from Raw Data provided.

Nithio’s preferred storage method for all client-sourced data is a secure, enterprise-grade third-party cloud storage system, with separate repositories for each client. Nithio requests that data transfers to and from clients are conducted via secured and access-restricted folder upload. In cases where Nithio is given access to client databases or information management systems, access is restricted to the client relationship manager. Access to Nithio’s data repository is restricted to relevant Nithio team members and contracted staff. Nithio employees are obligated to keep their devices in a safe place, not exposed to any external parties, and to use best-practices for password management.

To help protect the privacy of data we collect, we employ measures intended to be consistent with industry best practices for security and encryption in data transmission and storage. However, you should keep in mind that our website and systems run on software, hardware and networks, any component of which may, from time to time, require maintenance or experience problems or breaches of security beyond our control.

Please also be aware that despite our best intentions and the guidelines outlined in this Privacy Policy, no data transmission over the Internet or encryption method can be guaranteed to be 100% secure.

The data we collect

Personal data, or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We will also request Raw Data from you which will include data from your customers and suppliers. This includes information about current or potential customers of your institution (“Customers”) that you provide to us in accordance with Section 2 above, in order for us to provide the Service. Raw Data may include information that can be used to distinguish or trace the identity of an individual or institution (including a Customer or the Client) by direct or indirect means, either when used alone or when combined with other personal or identifying information that is linked or linkable to a specific individual or institution (“Identifiable Information”).

We will produce and use Derived Data which is not considered personal data in law as this data will not directly or indirectly reveal your or your Customers’ identities. 

IF YOU FAIL TO PROVIDE PERSONAL DATA  

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

How we use data

We collect data for the following Purposes:

  • To provide the best possible Service in line with our terms of service with you and to troubleshoot any  problems with and enhance that Service;
  • To comply with applicable laws, regulations, and rules, such as those relating to “know-your-customer” and anti-money laundering requirements;
  • To conduct portfolio and company due diligence; 
  • To analyze Customer behavior and portfolio performance;
  • To perform credit scoring;

We will not share, rent, sell, trade, or otherwise disclose any Confidential Data that we collect from you or your Customers, except in accordance with this Privacy Policy or when we have your permission.

Nithio uses Derived Data, in its sole discretion, to analyze and improve the performance of the Service.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

External Services

We use Hotjar in order to better understand our users’ needs and to optimize our website. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices, device screen size, device type, browser information, geographic location. Hotjar stores this information in an anonymized user profile. Neither Hotjar nor Nithio will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link. You can opt-out of the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

We also use Mixpanel to send and analyze statistics based on various events on application logic. Through Mixpanel, we collect data on users’ actions and their devices, device screen size, device type, browser information, geographic location etc.

Definitions

Raw Data means all data provided to Nithio by the Client, database backups, direct database queries, extracted datasets in the form of spreadsheets, comma separated value documents, and other data transferred directly from the Client via other media  in accordance with Section 2.

Derived Data means data which cannot be traced to an identifiable Customer or to the Client Institution, that is derived by Nithio (i) from Raw Data, such as model performance metrics and platform usage data, by applying mathematical models, aggregation or transformations to such data or (ii) by collecting data on the Client’s use of the Services or website. Nithio shall be the exclusive owner of Derived Data. 

Confidential Data means business, technical or financial information you disclose to us including non-public information regarding your Customers, loan portfolio and credit practices. For purposes hereof, Raw Data and Identifiable Information shall always be treated as Confidential Data except for any information that Nithio can document (i) is or becomes generally available to the public, (ii) was legally in its possession or known by it prior to receipt from the Client, (iii) was legally disclosed to it without restriction by a third party, (iv) was independently developed without use of any Confidential Data (v) is Derived Data; or (vi) is required to be disclosed by law.