This Privacy Policy aims to provide clarity on the type of information we collect, how we utilize it, and whom we may disclose it to. It also outlines your rights concerning your data and whom to contact for further inquiries. Please review the following details accordingly
NOVAC’S FRAMEWORK TERMS RELATING TO THE USE OF THE NOVAC APP, THE NOVAC WALLET, FOREIGN EXCHANGE AND PAYMENTS
1.0 Privacy Policy
2.0 Information We Collect And Process About You
3.0 Cookies
4.0 Purposes And Legal basis for Uing Your Personal Data
5.0 Automated Decision Making
6.0 Who Your Data Can Be Disclosed to
7.0 Direct Marketing And How You Can Change your Preference
8.0 Where We Store And Transfer Your Data
9.0 How do We Protect Your Personal Data?
10.0 How Long We Keep Your Information For
1.0. Third-Party Websites
12.0 Your legal Rights
14.0 Changes To Our Privacy Policy
15.0 Contact-Us
1.0 Privacy Policy
Novac Payment Solution respects your privacy and protecting your personal data is paramount. As a financial services provider, we take data security extremely seriously and we make sure we have appropriate security measures in place to prevent your personal data from being accidentally lost and from unauthorised use and access. Please read this Privacy Policy carefully as it explains our practices regarding your personal data and how we will treat it.
This Privacy Policy (together with our cookie policy) sets out how we collect and processes your personal data. This Privacy Policy will inform you about your privacy rights and how the law protects you. It is important that you read this Privacy Policy together with any other Privacy Policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
This Privacy Policy supplements the other notices and is not intended to override them.
References in this Privacy Policy and on our website and Mobile Application to “we”, “our” or “us” are references to Novac Payment Solution. References to “you” and “your” means each natural or legal person who interacts with us, uses our website or the products and services we provide.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
Postal Address: Novac Payment Solution, 86-90 Paul Street London EC2A 4NE, United Kingdom.
You have the right to make a complaint at any time to the Information Commissioners Office (ICO), the UK supervisory authority for data protection issues www.ico.org.uk/esdwebpages/search). We are registered with the ICO and our ICO registration number is ZB898766. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance using the email address above.
For the purpose of the applicable data protection legislation (meaning, prior to 25 May 2018 the Data Protection Act 1998 and from 25 May 2018 the General Data Protection Regulation and any legislation which implements it) (the “Data Protection Legislation).
We keep our Privacy Policy under regular review. This version was last updated in May 2025
It is important that the personal data we hold about you is accurate and current. Please keep us informed if any of the details you provide to us should change, during your relationship with us.
2.0 Information We Collect and Process About You
2.1 We may collect and process the following personal data about you:
2.1.1. Personal Data
The data we collect about you. You may give us information about you when you register with our website com or on our Mobile Application or by communicating with us by phone, email or otherwise. This may include data that we receive when you create a profile on our website and App. This also includes information you provide when you
subscribe to our services, provide us with feedback, participate in surveys, and when you report a problem with our website and Mobile Application. The information you give us may include your name, address, email address, phone numbers, date of birth, marital status, identity documents, username (or similar identifier). This may include financial data relating to your means and method of payment such as your bank and card details. It may include salary, job title and company information. It may include data relating to the transactionsyou have carried out with us, such as details about payments. If you engage with us through social media then this may also include your social media contact details
2.1.2. Information Collected Through Communications
Information we collect about you when you communicate with us by phone, email, post,in person or otherwise, and when you use our products and services. We collect engagement metric information such as information about how, when and how often you contacted us, and how, when and how often you responded to communications from us and about how and when you use our products and services. It could include your preferences in relation to whether or not you want to receive marketing from us and our third-party partners and also your communication preferences.
2.1.3. Information From Our Website
Information we collect about you if you use our website, Mobile Application or interact with us over the internet, including via social media. Each time you visit our website or interact with us we may automatically collect the following information: (a) technical information, including the Internet protocol (IP) address used to connect your device to the Internet, your login information, browser type and version, time zone setting, browser plug- in types and versions, operating system and platform; (b) information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
2.1.4. Public Source
Information we collect about you from publicly available sources. This may include information available from social media (depending on your settings and the applicable Privacy Policies), including social media engagement metrics such as numbers of connections, followers and clicks, and information from resources such as Companies House.
2.1.5. Information from Third Parties
Information we receive from other sources. We may receive further information about you if you use any of the services we provide. We work closely with third parties (including, for example, business partners, service providers, identity verification providers) and may receive information about you from them. We may combine information we receive from these other sources with information you give to us and information we collect about you.
2.1.6. Communication Recordings
We may monitor or record telephone conversations or other communications between you and us and keep recordings or transcripts of them and, if you contact us, we may keep a record or copy of that correspondence.
2.1.7. Financial Information
Financial information, such as data related to your mobile money account and payment method that we may collect when you purchase, order, return, exchange, or request information about our services from the Application. Please note that we store only very limited, if any, financial information that we collect in line with regulatory requirements for safeguarding such information. Otherwise, all financial information is stored by our payment processor.
2.1.8. Mobile Device Data
Mobile Device Data Information such as your mobile device ID number, model, and manufacturer, version of your operating system, phone number, country, location, and any other data you choose to provide.
2.1.9. Notifications
Push Notifications we may request to send you push notifications regarding your account or the Application. If you wish to opt-out from receiving these types of communications, you may turn them off in the application under the settings tab.
2.2.1 Aggregated Data
We also collect, use and share aggregated data such as statistical or demographic data. Aggregated data may be derived from your personal data, but it is not considered personal data under the Data Protection Legislation as it does not directly or indirectly identify you. If at any time we combine any aggregated data with your personal data so that it can identify you, we treat the combined data as personal data, which we will use and process in accordance with this Privacy Policy.
2.2.3. Mandatory Data Disclosure
Where we need to collect personal data by law or under the terms of a contract, we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you. Where we are acting as an agent and we need to collect personal data to enter you into a contract with the supplier, we may not be able to take steps to enter you into that contract if you fail to provide the data when requested. In other words, where we require details from you to provide you with your chosen services, if you do not provide us with the necessary details then we will not be able to provide (or arrange for the provision of) the services you want.
3.0 Cookies
We and our service providers collect information about your use of our website and mobile application from cookies. For information about our use of cookies and how to decline them please read our Cookie Policy.
4.0. Purposes And Legal Basis For Using Your Personal Data
4.1. Where you have requested that we provide a specific product or service to you, or you otherwise make use of those products or services, we will process your personal data to perform our contract with you and provide that product or service.
4.2. We also use the personal data we hold about you to pursue our legitimate interests in providing and marketing our products and services to you, improving our website, services and interactions with you and other users of our products and services in the following ways:
i
Administer your account and relationship with us and to communicate with you by telephone, mail, email, text (SMS) message, instant messaging or other electronic means
ii
Verify your identity as part of our identity authentication process and to prevent, detect and prosecute fraud and crime and comply with legal or regulatory requirements
iii
Provide you with information about the products and services that you request from us
iv
Provide you with information about other products and services we offer that are similar to those that you have already purchased or enquired about
v
Provide you with information about products or services we feel may interest you or be best for you
vi
Your data may be shared with product or service providers to validate if you are an existing customer (which may affect whether you can be accepted for one of their products) or for fraud prevention purposes. The product or service provider does not have permission to use these data for any other purpose including marketing
vii
Notify you about changes to our services
viii
Ensure that content from our website is presented in the most effective manner for you and your device
ix
Aggregate it on an anonymous basis with other data for data analytical and reporting purposes
x
To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
xi
To build up a picture of your interests so that you don’t miss information relevant to you when you visit our website
xii
To improve the service we offer you and to try and ensure that you get the best from our website in the short term, for example by providing you with relevant search results
xiii
To improve the service we offer you and to try and ensure that you get the best from our website over the longer term, for example by understanding how you and other users interact with our website
xiv
To allow you to participate in interactive features of our service, when you choose to do so
xv
As part of our efforts to keep our website safe and secure
xvi
To measure or understand the effectiveness of advertising we serve to you and others and to deliver relevant advertising to you
xvii
To make suggestions and recommendations (both through the website and other channels, such as email) to you and others about products or services that we think may interest you or them based on your and their usage patterns both on our website and in relation to our communications with you and them on other channels (such as email)
xviii
For training and quality purposes;
xix
To check any instructions you give to us and for the purposes of investigating any complaint you may make, or as evidence in any dispute or anticipated disputes between you and us
4.3 We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
4.4 In some cases we may also use the personal data we hold about you to comply with our legal obligations or enter into or perform a contract with you.
4.5 Where we have your consent, we may also send you direct marketing communications (for example, by email). You can withdraw this consent at any time as described in section 6 below.
5. Automated Decision Making
We use an automated decision-making system to determine whether a user has provided appropriate authentication to engage with the application, including verification of Personally Identifiable Information (“PII”). This includes:
i
matching PII against national databases, publicly available information, sanctions lists, lists of politically exposed persons and other databases that provide information on potentially illegal activity;
ii
comparison by facial recognition of your selfie image against the image provide with your identification document or other database containing your image; and
iii
tracking your PII in the context of automated monitoring of transactions undertaken by you to look for potentially fraudulent or illegal activity. In the event that we receive an automated report that there is a discrepancy, insufficiency or inaccuracy in the information provided by you, we receive a response from a service provider that your information appears on a list that prohibits our engaging with you, suggests the potential for fraudulent or illegal activity, or if our automated transaction monitoring uncovers the potential for your transactions to be fraudulent or illegal, our compliance and customer service teams will engage to review the background information that generated the automated response and determine if the information provided about you is incorrect and we can proceed to either onboard you as a user or continue to allow your use of the Application and if there is still a need for additional information, we may contact you (most likely via SMS message or email) to seek additional information or clarification. If we are unable to continue with you as a user on our platform, we may provide you with the basis for the decision.
6.0 Who Your Data Can Be Disclosed To
6.1. Disclosure of your data to others may be necessary to ensure the smooth provision to you of the products, services, and information you request. Your data may be disclosed to the other entities as described below.
6.2. We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
6.3. We may share your information with selected third parties including :
i
Our partner service providers;
ii
Fraud prevention agencies, to prevent crime and trace those responsible;
iii
Identity verification providers, to comply with legal or regulatory requirements;
iv
Sub-contractors for the performance of any contract we enter into with you including Credit Reference Agencies;
6.4 Analytics and search engine providers that assist us in the improvement and optimisation of our website and App;
6.5. IT and software providers who supply us with our IT infrastructure for the provision of our services and administering our business (including our internal and external communications) and who also help us manage our customer and contact databases, customer relationships and marketing.
6.6. We May Disclose Your Personal Information To Third Parties If:
i
We sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
ii
Novac UK or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; and
iii
We are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any contract with you and other agreements; or to protect the rights, property, or safety of Novac Payment Solution UK, our
iv
Customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud and other crime prevention and detection.
6.7. We have processes and systems that protect our customers and ourselves against fraud and other crimes. Customer information can be used to prevent crime and trace those responsible. We will share your personal information with fraud prevention agencies. If false or inaccurate information is provided and fraud is identified, details of this fraud will be passed to these agencies. Law enforcement agencies may access and use this information. Other organisations may also access and use this information to prevent fraud and money laundering, for example when checking details on applications for financial services, or checking details of job applicants and employees.
6.8. We and other organisations may access and use the information recorded by fraud prevention agencies from other countries.
6.9. We review all our relationships with third parties carefully so that we can be sure as possible that their practices match our own commitments to you relating to privacy and security. We also comply with the Data Protection Legislation in our dealings with these third parties to ensure that your information is appropriately protected.
6.10 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7.0 Direct Marketing And How You Can Change Your Preference
7.1. Where we have your consent we may send direct marketing communications to you, including by email, telephone or SMS or mail.
7.2. Whenever you receive direct marketing from us you will be told how you can unsubscribe so that you no longer receive it. When we communicate with you via email you will also be given the opportunity to set or amend any preferences that you have indicated to us.
7.3. You are also able at any time to withdraw any consent to receive marketing communications that you have given to us. You can do this by contacting at dpo@reflow.zone Details of how to contact us can also be found at http://www.novacpayment.com/uk
7.4. Please provide us with your full name, address and other contact details to enable us to find your records. Sometimes we may also need to contact you further to ask you for additional information so that we can comply with your request.
8.0 Where We Store And Transfer Your Data
8.1. Where we store your information ourselves it is stored on our secure servers in the European Economic Area (EEA). However, where we share your information with third parties this may involve transferring it to a country outside the EEA. This may include countries that do not have data protection laws that are as strong as those in the UK or the EEA. Where we do this we will take the steps required under the Data Protection Legislation to ensure that your information is appropriately protected. If you would like any further information about this then please contact us.
8.2. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, loss or damage.
9.0 How Do We Protect Your Personal Data?
Novac Payment understands the importance of safeguarding and maintaining your personal information. We will treat any personal data we process with the greatest care and security. This section explains some of the safeguards we have in place.
i
To keep your personal data safe and prevent unauthorised access, use, or disclosure, we employ a range of physical and technical safeguards. Electronic data and databases are stored on secure computer systems, with physical and electronic access to information controlled. Our employees are trained in data protection and information security. When our employees handle your personal data, they must adhere to our rigorous security and data protection standards.
ii
While we take all reasonable precautions to protect your personal data from unauthorised access, we cannot guarantee that it will be secure during transfer to our app, website, or other services by you. For all of our app, web, and payment-processing services, we employ HTTPS (HTTP Safe), where the communication protocol is secured by Transport Layer Security (TLS) for secure communication over networks.
iii
Although we take all reasonable precautions to protect your personal data from unauthorised access, we cannot guarantee that it will be secure when transferred to our app, website or other services by you. For all our application, website and payment processing services, we use HTTPS (HTTP Safe), where the communication protocol is secured by Transport Layer Security (TLS) for secure communication over networks.
iv
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, changed, shared or accessed in a way it shouldn’t be. We will employ adequate technical and organisational security measures to protect your personal data. These methods include
v
The pseudonymisation and encryption of personal data, where possible
vi
Ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems and services via role-based access controls, confidentiality undertakings of our staff, etc.
vii
The ability to restore the availability and access to personal data quickly in the event of or technical incident
viii
A process for regularly testing, assessing and evaluating the effectiveness of our technical and organisational measures.
ix
We will also limit access to your personal data to employees, agents, contractors and other third parties who have a strict need to see it in order to perform their business functions. They will only process your personal data on a ‘need-to-know’ basis, pursuant to our instructions and they will keep your personal data confidential.
x
We have put in place procedures to deal with any suspected personal data breach and will let you and any applicable regulator know of a breach when we have to by law.
10.0 How long We Keep Your Information For
10.1. How long we keep your information will depend on the purpose for which we use it and so may vary. We will only retain your information for as long as is necessary for the purposes set out in this Privacy Policy and as is necessary to comply with our legal obligations. We do not keep more information than we need for a particular purpose.
10.2. Where we have provided you with a product or service we will keep an archived record of your personal data for a period of up to 6 years after termination (unless a longer period is prescribed by law) for the purposes of responding to legal disputes and legal or regulatory enquiries or investigations only, but will not use this data for any other purpose.
10.3. In order to ensure that we provide reliable and effective products and services, and to comply with our regulatory obligations, we regularly make back-up copies of our data. If we have provided any products or services to you then this will include your personal data. Where we delete your personal data from our systems, for whatever reason, then a copy may be retained in our data back-ups for a period of up to 90 (ninety) days afterwards. These are kept securely and only accessed in order to delete old versions or in the event of an emergency which means we have to utilise a back-up copy to reinstate data on our active systems. Where we have to do this, we will work to ensure as soon as we reasonably can that the copy of the data that has been used to reinstate data on our active systems is updated to take account of any previous amendments and deletions regarding your personal data.
10.4. If you ask us to stop sending direct marketing communications to you (see section 5, above), we will keep the minimum amount of information necessary (such as your name and email address) to ensure that we are able to adhere to your request. We also routinely seek to minimise the amount of personal data we hold where any marketing contact is deemed inactive. We deem a contact to be inactive if we have not been able to identify any engagement (e.g. through opening an email or visiting our website) for a period of 12 (twelve) months or if an email is not delivered due to a hard bounce. In such circumstances, we will anonymise all relevant data for aggregation purposes, with the exception of an email address. This does not affect your rights as set out in section 5 of this Privacy Policy.
10.5. In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
11. Third-Party Websites
11.1. Our website and Novac Payment UK Mobile Application may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own Privacy Policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
12.0 Your legal Rights
i
Under the Data Protection Legislation, you have certain rights in respect of the personal data we hold about you.
ii
These may include rights to: request a copy of the personal data that we hold, request that we correct personal data if it is inaccurate, withdraw consent to our processing of your data, request that we erase or block your personal data, and to object to our processing of your personal data or to restrict our processing and right to data portability. These rights are limited in some situations. For example, if we have a legal requirement or a compelling legitimate ground, we may continue to process your data even where you request its deletion.
iii
If you would like to exercise any of these rights, please contact us using the details in the Contact section.
iv
You also have the right to make a complaint if you feel your personal data has been mishandled. You are entitled to complain directly to the Information Commissioner’s Office (ICO) (if you are in the UK), or to your local data protection authority (if you are outside the UK).
v
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
vi
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
vii
If you withdraw your consent and/or opt-out, we may not be able to provide certain products or services to you. If this is so, we will tell you. You then have the option to give us your consent again if you want to access our products or services.
13.0 Our Key Partners
13.1. In addition to the above ways in which we process and share your personal data, Novac Payment also shares this data with companies who are central in allowing us to offer our products and services to customers.
14.0 Changes To Our Privacy Policy
Any changes we may make to our Privacy Policy in the future will be posted on this page and, where we consider it appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.
Contact-Us
Questions, comments, and requests regarding this Privacy Policy should be addressed to dpo@reflow.zone. Details of how to contact us can also be found at www.novacpayment.com/uk.