NOAH Application Privacy Policy
WE ARE COMMITTED TO PROTECTING AND RESPECTING YOUR PRIVACY.
We will:
Always keep your personal data safe and private;
Never sell your personal data; and
Allow you to manage and review your marketing choices at any time.
1. About NOAH
NOAH is made up of different entities. We will let you know which NOAH entity you have a relationship with when you first apply for or use a NOAH product or service.
You can always tell which NOAH entity you have a primary relationship with by scrolling to the bottom of the ‘settings’ section in the NOAH app and checking our T&C’s.
2. Why do I need to read this policy?
This Privacy Policy (‘policy’) describes how NOAH collects, uses, stores and transfers your personal information and what statutory rights do you have.
We may collect, use, store and transfer your personal data when you use:
our website at www.noah.com;
the NOAH app; or
any of the services you can get access to through the NOAH app or website.
When we say ‘personal data’, we mean information which can be used to personally identify you (for example, a combination of your name and postal address).
THIS POLICY CONTAINS IMPORTANT INFORMATION
If you have concerns about how we use your personal data, you can contact us at help@noah.com
3. What personal data do you collect about me?
WE MAY COLLECT, USE, STORE AND TRANSFER DIFFERENT TYPES OF PERSONAL DATA FROM YOU AND OTHERS
The information below explains what personal data we collect and use.
Information You Give Us
We may collect, use, store and transfer information you provide when you:
fill in any forms;
correspond with us;
register to use the NOAH app;
open an account or use any of our services;
take part in online discussions, surveys or promotions;
speak with a member of our customer support team (either on the phone or through the NOAH app);
enter a competition; or
contact us for other reasons.
IDENTITY DATA:
Your first name, last name, title, date of birth and gender;
Your NOAH username, password and other registration information;
Identification documents (for example, your passport or driving license), copies of any documents you have provided for identification purposes, and any other information you provide to prove you are eligible to use our services;
Records of our discussions, if you contact us or we contact you (including records of phone calls);
Your image in photo or video form (where required as part of our Know-Your-Client (KYC) checks or where you upload a photo to your NOAH account).
CONTACT DATA:
Your billing and delivery address, email address, phone number and details of the device you use (for example, your phone, computer or tablet);
FINANCIAL DATA:
your public key addresses and credit and debit card numbers.
MARKETING DATA:
includes your choices as to whether to receive marketing from us and/or our third parties, and your communication preferences.
Information from your device
Whenever you use our website or the NOAH app, we collect the following information:
TECHNICAL DATA:
Technical information, including the internet protocol (IP) address used to connect your computer to the internet, your log-in information, the browser type and version, the time-zone setting, the operating system and platform, the type of device you use, a unique device identifier (for example, your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system, the type of mobile browser you use.
Information about your visit, including the links you have clicked on, through and from our site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page.
Information stored on your device, including if you give us access to contact information from your contacts list. The NOAH app will regularly collect this information in order to stay up to date (but only if you have given us permission).
TRANSACTION DATA:
Information on transactions (for example, payments into and out of your account), including the date, time, amount, currencies, exchange rate, beneficiary details, IP address of sender and receiver, sender's and receiver's name and registration information, messages sent or received with the payment, details of device used to arrange the payment and the payment method used.
Information about your location
If you have location services in the NOAH app switched on, we will see your ‘last known location’ provided by your IP address.
USAGE DATA:
Behavior Biometrics are signals relating to an individual’s behavior or use of a device access our services, including any user behavioral traits, interactions and gestures (e.g., how an individual types on a keyboard, moves a mouse, holds a phone or taps a touch screen or otherwise interacts with a device).
Information from social media
Occasionally, we may use publicly available information about you from selected social media websites or apps to carry out enhanced due diligence checks. Publicly available information from social media websites or apps may also be provided to us if we conduct general searches on you (for example, to comply with our anti-money laundering or sanctions screening obligations).
Information from publicly available sources
We collect information and contact details from publicly available sources, such as media stories, online registers or directories, and websites for enhanced due diligence checks, security searches, and KYC purposes.
We do not collect any Special Categories of Personal Data about you, this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. We also do not collect any information about criminal convictions and offences.
4. What is your legal basis for using my personal data?
We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following:
Explanation | Lawful basis for processing including basis of legitimate interest |
---|---|
We need certain personal data to provide our services and cannot provide them without this personal data. | The processing is necessary for a contract with you |
In some cases, we have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws we must hold certain information about our customers). | The processing is necessary to comply with the legal obligations |
We sometimes collect and use your personal data, or share it with other organisations, because we have a legitimate reason to use it and this is reasonable when balanced against your right to privacy. | The processing is necessary for our legitimate interests |
Where you've agreed to us collecting your personal data, for example when you have ticked a box to indicate you are happy for us to use your personal data in a certain way. | You have consented to the processing of your personal data |
Where we process your sensitive personal data (sometimes known as special category personal data) to adhere to government regulations or guidance, such as our obligation to support you if you are or become a vulnerable customer. | Substantial public interest |
We have explained more about how we use your personal data in the How do you use my information? section below.
5. How do you use my personal data?
We will only use your Personal Data when the law allows us to. We use your personal data so we can provide the best service, tell you about products and services you may be interested in, and meet our legal obligations.
Note that we may process Personal Data on more than one lawful ground where more than one lawful ground applies, depending on the specific purpose for which we are using your Personal Data.
Purpose | Type of Data | Lawful basis for processing including basis of legitimate interest |
---|---|---|
Registration as a new customer/ registering to become prospective customer | Contact | the processing is necessary for a contract with you; you have consented to the processing of your personal data; |
Registration as a new customer for NOAH Buy & Sell | Contact, Identity | the processing is necessary for a contract with you; the processing is necessary for our legitimate interests; |
Providing our Services: Whenever you apply for a product or service, we will use your personal data to check your identity; We use your personal data to meet our obligations relating to any transactions you make; We use your personal data to give you details of our products and services and to help us develop new products and services; We use your personal data to contact you by phone and provide you with information about our products or services, as well as customer support services. We may monitor or record any communications between you and us, including phone calls, to maintain appropriate records, check your instructions, analyze, assess and improve our services, and for training and quality control purposes. | Identity, Contact, Financial,Transaction | the processing is necessary for a contract with you; |
To manage our relationship with you which include: Notifying you about changes to our T&Cs or Privacy Policy; Managing our service provision and communicating with you about your request/s; Verifying accurate claims and cover related administration services; Responding to any complaints or enquiries which you may raise. | Identity, Contact, Transaction, Marketing | the processing is necessary for a contract with you; the processing is necessary to comply with the legal obligation; the processing is necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services). |
To enable third parties to provide support services to you. | Identity, Contact, Financial | the processing is necessary for a contract with you; |
To conduct troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data: We use your personal data to manage our website and the NOAH app; We also use your personal data to allow you to take part in interactive features of our services, to tell you about changes to our services, and to help keep our website and the NOAH app safe and secure. | Identity, Contact, Technical | the processing is necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud); the processing is necessary to comply with the legal obligation; you have consented to the processing of your personal data; |
To deliver relevant website content and advertisements to you, and measure or understand the effectiveness of the advertising we serve to you | Identity, Contact, Technical, Usage, Marketing | the processing is necessary for our legitimate interests (to study how customers use our website in order to improve and develop our website and subsequently, our business); you have consented to the processing of your personal data; |
To improve our products and services, customer relationships and experiences: Provide you with information about other products and services we offer that are similar to those you have already used; provide you with information about our products or services which we think you might be interested in; To define types of customers for our products and services and develop such products and services in order to develop and grow our business. Measure or understand the effectiveness of our marketing and advertising, and provide relevant advertising to you. | Identity, Contact, Technical, Usage | the processing is necessary for our legitimate interests; you have consented to the processing of your personal data; |
To administer any competition, prize draw or promotion which you have entered | Identity, Contact, Marketing | the processing is necessary for a contract with you; the processing is necessary to comply with the legal obligation. |
To comply with all legal and regulatory obligations to which we are subject to: We may need to share your personal data with other organizations (for example, fraud-prevention agencies); | Identity, Contact, Financial, Transaction, Usage, Marketing | - the processing is necessary to comply with the legal obligation; the processing is necessary for our legitimate interests (to ensure compliance with applicable laws and regulations). |
We prepare anonymized statistical datasets about our customers’ spending patterns for forecasting purposes or to help governments in policy-making. These datasets may be shared internally or externally with others, including non-NOAH companies. We produce these reports using information about you and other customers. The information used and shared in this way is never personal data, therefore you will never be identifiable from it.
We will only use your Personal Data for the purposes for which we collected it (which are set out in the table above), unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you require further information on how this data is collected and processed, please contact us hello@noah.com. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
6. Do you make automated decisions about me?
Depending on the NOAH products or services you use, we may make automated decisions about you.
This means that we may use technology that can evaluate your personal circumstances and other factors to predict risks or outcomes. We do this for the efficient running of our services and to ensure decisions are fair, consistent, and based on the right information.
When we make an automated decision about you, you have the right to ask that it is manually reviewed by a person. We may make automated decisions about you that relate to:
- Opening accounts
- Anti-money laundering and sanctions checks; and
- Identity and address checks.
7. How do you use my information for marketing?
Once you sign up for our services, you can choose how you want us to contact you with any marketing related material. We may use the personal data we have collected about you in order to tailor our offers to you.
You can adjust your preferences, or tell us you don't want to hear from us, at any time. Just use the privacy settings in the NOAH app or click on the unsubscribe links on any marketing message we send you.
8. What are my rights?
You have the right to be told about how we use your personal data;
Upon your request, we will provide a copy of the personal data we hold about you. We can’t give you any personal data about other people, personal data which is linked to an ongoing criminal or fraud investigation, or personal data which is linked to settlement negotiations with you. We also won't provide you with any communication we've had with our legal advisers;
You can ask us to correct your personal data if you think it is wrong. You can have incomplete or inaccurate personal data corrected. Before we update your file, we may need to check the accuracy of the new personal data you have provided;
You can ask us to delete your personal data. However, we may not be able to agree to your request. As a regulated financial services provider, we must keep certain customer personal data even where you ask us to delete it. We will always let you know if we can't delete your information;
You can object to us processing your personal data for marketing purposes;
You can tell us to stop using your personal data for marketing;
You can object to us processing other personal data (if we are using it for legitimate interests).
You can object to us processing your personal data, however, if you object to us using personal data which we need in order to provide our services, we may need to close your account as we won’t be able to provide the services;
You can ask us to restrict how we use your personal data;
You can ask us to suspend using your personal data if:
(a) you want us to investigate whether it is accurate;
(b) our use of your personal data is unlawful but you do not want us to delete it;
(c) we no longer need the information, but you want us to continue holding it for you in connection with a legal claim;
You can ask us to transfer personal data to you. If we can, and are allowed to do so under regulatory requirements, we will provide your personal data in a structured, commonly used, machine-readable format;
You can withdraw your consent allowing us to use your personal data, at any time, by changing your privacy settings in the NOAH app or sending an email to hello@noah.com;
If we make an automated decision about you that significantly affects you, you can ask us to carry out a manual review of this decision.
Your ability to exercise these rights will depend on a number of factors. Sometimes, we will not be able to agree to your request (for example, if we have a legitimate reason for not doing so or the right does not apply to the particular information we hold about you).
9. How do I exercise my rights?
To exercise any of your rights set out in the previous section, you can contact us through the NOAH app or send us an email at hello@noah.com. For security reasons, we can't deal with your request if we are not sure of your identity, so we may ask you for proof of your ID.
NOAH will usually not charge you a fee when you exercise your rights. However, we are allowed by law to charge a reasonable fee or refuse to act on your request if it is manifestly unfounded or excessive.
If you are unhappy with how we have handled your personal data you can complain to your local data protection authority. In the United Kingdom, this is the ICO (ico.org.uk). In the EU, there are national and regional data protection authorities (https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-lt).
However, we would appreciate the chance to deal with your concerns and welcome you contacting us first.
10. Do you share my personal data with anyone else?
NOAH GROUP ENTITIES
We share your personal data within the NOAH group entities in order to provide you with the best service.
TRUSTED VENDORS
Vendors who provide us with IT, payment and delivery services to help us provide our services to you;
Our banking and financial-services partners and payments networks, including Visa and Mastercard;
Analytics providers and search information providers;
Customer-service providers, survey providers, and developers
Communications services providers;
SERVICE PROVIDERS
We may share personal information with service providers retained to perform services on our behalf (such as payment processing and cloud storage providers). These service providers are contractually required to safeguard the information provided to them and are restricted from using or disclosing such information except as necessary to perform services on our behalf or to comply with legal requirements.
WHERE YOU ASK US TO SHARE YOUR PERSONAL DATA
Where you direct us to share your personal data with a third party, we may do so. For example, you may authorize third parties to act on your behalf (such as a lawyer or an accountant).
11. Will my information go outside of the United Kingdom or European Economic Area (EEA)?
As we provide an international service, we may need to transfer your personal data outside the United Kingdom or European Economic Area (EEA) in order for us to provide our services. For example, we might send your personal data outside of the United Kingdom or EEA to keep to global legal and regulatory requirements, and to provide ongoing support services.
We will only transfer Personal Data outside the UK or EEA where such transfer is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your Personal Data. For example, we may transfer your Personal Data pursuant to an agreement incorporating the current standard contractual clauses adopted by the UK in relation to Personal Data relating to UK Data Subjects and the European standard contractual clauses adopted by the European Commission in relation to Personal Data relating to EEA Data Subjects.
To ensure that your Personal Data receives an adequate level of protection, we have put in place appropriate safeguards and procedures with the third parties with whom we share your Personal Data. This ensures your Personal Data is treated by those third parties in a way that is consistent with the Data Protection Laws.
12. How do you protect my personal data?
We use a variety of physical and technical measures to keep your personal data safe and prevent unauthorized access to, or use or disclosure of it. Electronic data and databases are stored on secure computer systems with control over access to information using both physical and electronic means. Our staff receives data protection and information security training. We have detailed security and data protection policies which staff are required to follow when they handle your personal data.
While we take all reasonable steps to ensure that your personal data will be kept secure from unauthorized access, we cannot guarantee it will be secure during transmission by you to our app, a website or other services. We use HTTPS (HTTP Secure), where the communication protocol is encrypted through Transport Layer Security for secure communication over networks, for all our app, web and payment-processing services.
13. How long will you keep my personal data for?
Unless a longer retention period is required or permitted by law, we will only hold your Personal Data on our systems for the period necessary to fulfil the purposes outlined in this privacy policy or until you request that the Personal Data be deleted. Usually that means that we will retain it for up to eight years after your last contact with us.
14. Changes to this Privacy Policy
If we change the way we use your personal data, we will update this policy and will let you know by email, through the NOAH app or through our website.
15. Do you use cookies on your website?
We use cookies to analyze how you use our website. Please read the Cookies Policy for more information.
Your Responsibilities
You confirm that you have provided correct data about yourself in every required form and that afterwards, when changing or adding any data, you will enter only correct data. We will not tolerate invalid, false or otherwise incorrect data and will pursue actions in accordance with its legal obligations. You shall bear any losses that occur with regard to the submission of invalid, false or otherwise incorrect data.
You are responsible for maintaining adequate security and control of every identification number, password, and/or any other code that you use to access the NOAH App. If you have not complied with this obligation and/or could, but have not prevented it and/or performed it on purpose or due to own negligence, you assume the losses and undertake to reimburse the losses of other persons incurred as a result of your (in)action.