Nuri  Privacy Policy

This section informs you how we process your personal data when you use our services via the Nuri Web App and Mobile App (“Nuri Apps”). 

Nuri Apps provide you the opportunity to create and manage a bank account as well as Bitcoin and Ethereum crypto vaults (“Crypto Vaults”) , allowing you to easily connect your digital assets to the Euro world. 

To perform these services, we need to process your personal data:

• Your Banking information (IBAN, BIC, transaction history)
• Your crypto assets information (public keys, transaction history)
• Your Trading information (order information, transaction history)
• Your Card payment data (transaction history and data)
• Your Account information (address, contact details, identification documents, tax information)

Core feature of our banking services is a blockchain interface that allows you to interact with your Vaults, Wallets and the respective Blockchain. While we have no control over the processing of personal data on the respective Blockchain, we are processing your data to create and manage the access to your wallet.

Legal basis for data processing

The legal basis for the processing of your data, which is collected and processed in the course of creating and managing a bank account or vault, is Art. 6 (1) lit. b GDPR. 

Purpose of the data processing

The purpose of data processing is the fulfilment of the banking service contract.

Duration of storage

We delete your personal data when they are no longer required to achieve the purpose of their processing. This is usually the case after the expiration of the statute of limitations, beginning with the end of the year in which the contractual relationship is terminated. After the statute of limitations has expired, your data will be blocked and deleted after expiry of the statutory retention obligations (see XI. Retention obligations).

Description and scope of data processing

Our platform provides you with an overview of every transaction sent or received from your Crypto Vaults, Crypto Wallets, Bitcoin revenue account and bank accounts as well as from your standing orders. To keep track of your digital asset transactions and offer you our services, we store a history of all incoming and outgoing transactions on your Crypto Vaults and Crypto Wallets.

Legal basis for data processing

The legal basis for the processing of your data to display the transaction history is Art. 6 para. 1 p. 1 lit. b GDPR.

Purpose of the data processing

The purpose of data processing is to fulfil the banking service contract.

Duration of storage

We delete your personal data when they are no longer required to achieve the purpose of their processing. This is usually the case after the expiration of the statute of limitations, beginning with the end of the year in which the contractual relationship was terminated. After the statute of limitations has expired, your data will be blocked and deleted after expiry of the statutory retention obligations (see IX. Retention obligations). 

Description and scope of data processing

When you access our platform through the Nuri Apps, we process the above technical data to establish communication between your terminal device and our apps.

Legal basis for data processing

The legal basis for the processing of your data when accessing our platform via the Nuri Apps is Art. 6 para. 1 p. 1 lit. b GDPR.

Purpose of the data processing

The purpose of data processing is the fulfilment of the service contract.

Duration of storage

We delete your personal data when they are no longer required to achieve the purpose of their processing. This is usually the case after the expiration of the statute of limitations, beginning with the end of the year in which the contractual relationship is terminated. After the statute of limitations has expired, your data will be blocked and deleted after expiry of the statutory retention obligations (see IX. Retention obligations).

Description and scope of data processing

When you access our Platform through the Nuri Mobile App, we collect certain App-specific data (your device model, device identifiers, timestamp, your IP address, browser type and version, mobile app version, operating system version and model on your phone) to provide our services and to optimise and market our product.

We process your device token to send you transaction push notifications with relevant transaction information that may be triggered by certain events on your account, Vault, Wallet, or mobile device. 

We perform the same processing for promotional and marketing notifications when you turn on marketing push notifications under the Control Centre of your Nuri Apps. 

Legal basis for data processing

The processing of your app-specific data for the transmission of the transaction push notifications as well as your device token is based on Art. 6 (1) lit. f of the GDPR.

The processing of your app-specific data for the transmission of advertising and marketing messages is based on your consent pursuant to Art. 6 para. 1 lit. a of the GDPR.

Purpose of the data processing

The aforementioned app-specific data is processed for the purpose of optimizing and better marketing our product. Your device token is processed to send transaction push notifications. This is also our legitimate interest.

This App-specific data App-specific data is also processed for the purpose of sending you marketing push notifications.

Duration of storage, possibility of objection and removal according to Art. 21 GDPR and possibility of revocation according to Art. 7 GDPR

We delete your personal data when they are no longer necessary to achieve the purpose of their processing. With regard to the processing of app-specific data for the optimization of our Nuri Mobile App as well as the device token for the transmission of transaction push notifications, this is the case if you object to the processing. You can send an email with appropriate content to dataprotection@nuri.com at any time to object to these data processing operations.

With regard to the data processing for sending the marketing push notifications, your app-specific data will no longer be processed and deleted even in the event of a revocation. You can revoke the data processing at any time by deactivating it in the notification area in the control panel of the Nuri Apps. This does not affect the lawfulness of the processing carried out until then on the basis of the consent.
 

Description and scope of data processing

To comply with our obligations under applicable counter-terrorist financing and anti-money laundering laws, we use the blockchain analytics platform of Coinfirm Ltd., Lansdowne H ouse, 5th Floor, 57 Berkeley Square, London, W1J 6ER, United Kingdom ("Coinfirm").

Coinfirm is subject to our instructions by virtue of a contract processing agreement that includes the European Commission's standard contractual clauses for controllers and processors.

In addition, the data flows between the European Economic Area and the UK continue and remain safe due to the EU-UK Trade and Cooperation Agreement. For more information please visit Coinfirm’s privacy policy.  

Legal basis for data processing

The legal basis for data processing is Art. 6 (1) lit. b of the GDPR, based on our contractual obligations arising from the tied agency relationship with the partner bank.

Purpose of the data processing

The purpose of data processing is the fulfilment of the service contract.

Duration of storage

We delete your personal data when they are no longer required to achieve the purpose of their processing. This is usually the case after the expiration of the statute of limitations, beginning with the end of the year in which the contractual relationship was terminated. After the statute of limitations has expired, your data will be blocked and deleted after expiry of the statutory retention obligations (see IX. Retention obligations).

Crypto Vaults

Description and scope of data processing

We offer a Bitcoin Vault and Ethereum Vault on demand, where you can store and trade your cryptocurrencies.

Your Bitcoin Vault is provided by BitGo, the Ethereum Vault is provided by us. The creation process requires you to generate a key pair that will be used to access your Vault.

The original generation of the keys takes place exclusively on your own end device. At no point will Nuri or BitGo have access to the funds in your Vaults.

All incoming or outgoing transactions are initiated on our platform and sent to the respective blockchain via your Crypto Vaults, which means that for each transaction, one of the addresses stored in your Crypto Vaults is published on the respective public blockchain and is publicly accessible in pseudonymized form over the Internet.

Although Crypto Vault addresses do not appear at first glance to be personally identifiable information because they are pseudonymized, they are considered personal data under the GDPR because it is possible for us to associate individual addresses with our users for the purposes of providing our services.

Since the Bitcoin Vault provider is located in the US, any of your interactions with the wallet, including your creation, will transfer information about digital assets to the US. To ensure a sufficient level of data protection, we have concluded so-called standard contractual clauses with Crypto-Vault. In addition, supplementary measures are regulated that have become necessary due to the decision Schrems II C-311/18 of the Court of Justice of the European Union. 

Legal basis for data processing

We process the Crypto Vault addresses of the sender and the recipient as well as the transaction data on the basis of Art. 6 (1) lit. b GDPR and the publication of pseudonymized transaction data on the Blockchain is based on Art. 49 (1) p. 1 lit. b GDPR.

Purpose of the data processing

The purpose of the data processing is the fulfilment of our contractual obligations to you for the provision of services.

Duration of storage

Due to the nature of the technology, we are not able to erase the data that takes place on the respective public Bitcoin and Ethereum blockchain.

Crypto Wallets

Description and scope of data processing

Your crypto wallets are provided by SDA, so your transaction data is shared with SDA.

Like your Crypto Vaults, all incoming or outgoing transactions initiated on our platform and sent via your Crypto Wallets are transmitted to the respective blockchain. This means that the respective wallet addresses to which you send currency and from which you receive currency are published on the respective public blockchain and are publicly accessible in pseudonymized form via the Internet.

However, when you send currency from your Nuri Crypto Wallets to another Nuri customer's Crypto Wallets and vice versa, the transaction does not take place on a public blockchain.

Legal basis for data processing

We process the crypto wallet addresses of the sender and the recipient as well as the transaction data off-chain on the basis of Art. 6 (1) lit. b GDPR.

Purpose of the data processing

The purpose of data processing is not to generate network fees and make transactions free for you.

Duration of storage

We delete your personal data when they are no longer required to achieve the purpose of their processing. This is usually the case after the expiration of the statute of limitations, beginning with the end of the year in which the contractual relationship is terminated. After the statute of limitations has run, your data will be blocked and deleted after the expiry of the statutory retention obligations (see IX. Retention obligations), insofar as this is possible in connection with the public blockchain.

Bitcoin Interest Account

Description and scope of data processing

Your Bitcoin earnings account is provided by Celsius. The following data will be sent to Celsius:

• Your full name
• Your date of birth
• Salutation
• Your nationality
• The transaction data generated with your Bitcoin revenue account.

With Celsius, we have standard contractual clauses from the European Commission to ensure a secure third country transfer. In addition, supplementary measures are regulated that have become necessary due to the Schrems II C-311/18 decision of the Court of Justice of the European Union. 

Legal basis for data processing

The transfer of the aforementioned data to Celsius is based on Art. 6 para. 1 p. 1 lit. b GDPR.

Purpose of the data processing

The purpose of data processing is to fulfill the Bitcoin revenue account service contract.

Duration of storage

We delete your personal data when they are no longer required to achieve the purpose of their processing. This is usually the case after the expiration of the statute of limitations, beginning with the end of the year in which the contractual relationship is terminated. After the statute of limitations has expired, your data will be blocked and deleted after expiry of the statutory retention obligations (see IX. Retention obligations).

When you visit our Website for informational purposes without signing up for the Platform, we will be the sole controller for any processing related to your visit.

Description and scope of data processing

We process your personal data to provide access to our website. 

This includes any information you provide manually as well as technical information that is required for the communication between your end-device and our applications.

The technical information we collect for our website www.nuri.com includes:

1. Email Address (if you sign up to our newsletter)
2. IP Address 
3. Your activity on our web page 
4. Referrer URL (i.e. the page you visited before)
5. Information about your browser.

With every access to our website or Nuri Apps, usage data is transmitted through the respective internet browser and stored in log files, the so-called server log files.

The log records stored in this case contain the following data: 

1. Date and time of retrieval,
2. Page name, 
3. IP address,  
4. Referrer URL (i.e. the page you have previously visited), 
5. The amount of data transferred,
6. Information about your browser.

Additionally you may provide us certain information by your own choice to use certain features of our website.

The web and mobile applications on which our Platform runs are hosted on servers provided by Amazon Web Services, EMEA SARL 38 Avenue John F. Kennedy, L-1855, Luxembourg, (“AWS”). The servers we use are located within the European Economic Area. For certain technical services, however, data may be processed outside the EEA, especially in the USA.

AWS is bound to our instructions by a data processing agreement, implementing Standard Contractual Clauses of the European Commission. Additionally, it added new supplementary addendum to comply with the Schrems II C-311/18 case of the Court of Justice of the European Union to its data processing agreement. 

Legal basis for data processing

The processing of the above data is based on Art. 6 (1) lit. f of the GDPR and Art. 6 (1) lit. f of the GDPR for the purpose of disaster recovery and IT audits.

Purpose of the data processing

We use the log data and log files only for statistical evaluations for the purpose of operation, security and optimization of our offer. If you are a customer, we keep your transaction data (fiat and digital assets), standing orders and your access activity within our logs for the purpose of disaster recovery and IT-audits.

Duration of storage

We delete your personal data when they are no longer necessary to achieve the purpose of their processing. This data is stored for 3 years. If you are a customer, we store your transaction data (fiat and crypto), standing orders and your access activities in our logs for the purpose of disaster recovery and IT audits.

Possibility of objection according to Art. 21 GDPR

There is no possibility to object to this data processing, as the processing of the data is mandatory for the provision of the website.

We use cookies and similar technologies that are necessary for the operation of the app and the website. The use of essential cookies ensures that you can use the website or app at all without further ado. Essential cookies are used on the basis of our legitimate interest, Art. 6 para. 1 p. 1 lit. f GDPR. 

In addition, we use non-essential cookies, which are placed by us or third-party providers. Such non-essential cookies are only used with your consent pursuant to Art. 6 (1) p. 1 lit a GDPR, as they are not absolutely necessary for the provision of the website. For example, non-essential cookies are used by us to access, analyse and store information such as the characteristics of your device as well as certain personal data (your IP address, navigation usage, geolocation data or unique identifiers). The use of non-essential cookies concerns in particular marketing and analytics cookies, which allow us to understand user behaviour in order to provide you with a relevant user experience or to personalise the content on our website. 

You can revoke your consent regarding data processing by non-essential cookies at any time by changing your preferences in the cookie settings and rejecting non-essential cookies. Please note that the revocation is only effective against us, so you may continue to be tracked by other websites that use the services listed below.

In the following, data processing in connection with the use of non-essential cookies is listed (Titles IV. 4. - 9.).  

Description and scope of data processing

Our website and our mobile application use Google Analytics and Tag Manager, a web analytics service provided by Google Ireland Limited , Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Both may process the categories of personal data below:

• Online identifiers, including cookie identifiers,
• Internet protocol addresses and device identifiers; 
• Client identifiers.

This data is only collected and stored in pseudonymous form. Google will process the information obtained through cookies in order to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage. As part of this, personal data may be transferred to the U.S. To ensure an appropriate level of data protection, we have concluded an order processing agreement with Google, which contains Standard Contractual Clauses. 

For more information, please visit Google’s Privacy Policy.

Legal basis for data processing

The legal basis for the data processing is your consent according to Art. 6 para. 1 p. 1 lit. a GDPR. 

Purpose of the data processing

We use Google Analytics with cross-device tracking enabled by a unique user ID. This allows us to link interaction data from different devices and from different sessions to a unique ID. This allows us to provide more accurate visitor analytics. For more information, see User ID feature - Google Analytics Help.

Duration of storage

The user and event data relevant for the evaluation of website usage will be deleted by us immediately when they are no longer required. In addition, you can independently uninstall the cookies installed by Google Analytics and thus delete the stored data. We explain how this deletion can be carried out via the browser settings in the following point.  

Possibility of revocation according to Art. 7 GDPR

You can revoke your consent to data processing at any time in accordance with Art. 7 GDPR. You are free to prevent the installation of cookies by setting your browser software accordingly.

For this purpose, Google offers a deactivation add-on for the most common browsers, which gives you more control over what data is collected by Google about the websites you visit. The add-on tells the JavaScript (ga.js) of Google Analytics that no information about the website visit should be transmitted to Google Analytics. However, the Google Analytics browser deactivation add-on does not prevent information from being transmitted to us or to other web analytics services we may use. For more information on how to install the respective browser add-on, please click on the following link: https://tools.google.com/dlpage/gaoptout?hl=de 

The lawfulness of the processing carried out until then on the basis of the consent is not affected by the revocation. In the event of revocation, your personal data will no longer be processed and will be deleted. 

Description and scope of data processing

Our website uses the services of the online advertising tool "Google Ads" and the conversion tracking within Google Ads, which is provided by Google Ltd. Ireland Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). When you access our website by clicking on an ad delivered by Google, a conversion tracking cookie is placed on your computer. Cookies are small text files that are stored in a visitor's browser and allow the visitor to be recognized through their browser. Cookies are not used to identify you personally.  

Legal basis for data processing

The legal basis for the use of Google Ads is Art. 6 para 1 p. 1 lit a GDPR.

Purpose of the data processing

If you visit certain pages on our website while the cookie has not yet expired, Google and we can see that you have clicked on the advertisement and been redirected to this page. Information obtained by using a conversion cookie is used to generate visitor statistics for our website. In this way, we get information on the total number of users, who have clicked on one of the advertisements placed by us and been redirected to a page utilizing a conversion tracking tag. However, we do not get any information that can be used for personally identifying you.

As we use these data for advertising purposes, our legitimate interest in processing said data lies in these purposes.

Duration of storage

The cookies used by Google Ads for analyzing website usage have a predefined storage period. Please be aware that we have no information and no influence on that storage period. You can uninstall the cookies placed on your device by Google Ads on your own and thereby erase the stored data. More details on how to delete cookies using your browser settings are provided below.

Possibility of revocation according to Art. 7 GDPR

You can revoke your consent to data processing at any time in accordance with Art. 7 GDPR. You can prevent the installation of conversion cookies via your browser settings. You can either generally prevent cookies from being automatically stored on your computer or block the cookies of a specific domain. You can find more information in the data use policy and the privacy policy of Google.

If you are using a Google Account, Google may associate your web and app browsing history with your Google Account and use information from your Google Account to personalize your advertisement, based on the settings stored in your Google Account. If you do not want this connection to your Google Account, you have to log out of your Google account, before visiting our website.

You can configure your browser in order to reject cookies and also disable the Personalized Advertising button in the Google Ads Settings. In this case, Google will only display general advertising that has not been selected based on the information collected about you. Alternatively you can use YourAdChoices to change your preferences regarding individual online advertisement.

The lawfulness of the processing carried out until then on the basis of the consent is not affected by the revocation. In the event of revocation, your personal data will no longer be processed and will be deleted.

Description and scope of data processing

Our website and mobile application use Google verification (in other words, Google Single Sign On - "SSO"), a login service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

During the onboarding process, we offer to connect your Google account to sign you in to us. In this context, we will receive your email address from Google. In this context, only your email address and the user login with the email address will be processed.

Legal basis for data processing

The legal basis for the data processing is your consent according to Art. 6 para. 1 p. 1 lit. a GDPR. 

Purpose of the data processing

We use Google SSO to give you a faster sign-in experience with less hassle. It allows you to automatically enter your email address, verify and enter your password without manual input.

Duration of storage

The collected data will be deleted by us immediately when it is no longer needed in accordance with Section VIII Retention Periods. You have the option to independently disconnect your Google account from the app and thus delete the stored data. We explain how this disconnection can be made via the browser settings in the following point.  

Possibility of revocation according to Art. 7 GDPR

You can revoke your consent to data processing at any time in accordance with Art. 7 GDPR. You are free to disconnect your Google account from our app by adjusting your data and privacy settings accordingly. 

For this purpose, you can revoke your consent by revoking access to our app. You can do this by going to your Google Account settings under "Data and Privacy" in "Data from apps" and changing your settings under Third-party apps with account access. 

The lawfulness of the processing carried out until then on the basis of consent is not affected by the revocation. In the event of revocation, your personal data will no longer be processed and will be deleted.

Description and scope of data processing

We use Facebook Pixel Codes on this website, an analytical tool from Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

The code used on this website can evaluate the behaviour of visitors who have arrived at this website from a Facebook advertisement. The use of the Facebook Pixel code also sets cookies. This can be used to improve Facebook ads. The data about visitor behaviour is collected and stored by Facebook. The collected data is not visible to us. 

We have entered into a shared responsibility agreement with Facebook.

To learn what Facebook Pixel collects, please see here. 

To learn how the Facebook Pixel is used for advertising campaigns, see here. For more information, see Facebook's privacy policy .

If you are logged in with your Facebook account while visiting our website, your visit to this website will be assigned to your Facebook user account.

Legal basis for data processing

The legal basis for the processing of your personal data is your consent according to Art. 6 para. 1 p. 1 lit. a of the GDPR.

Purpose of the data processing

We use the data for the placement of advertising. 

Duration of storage

We delete your personal data when they are no longer necessary to achieve the purpose of their processing. For the criteria according to which the data is deleted by Facebook, please refer to Facebook's privacy policy, which is linked above. 

Possibility of revocation according to Art. 7 GDPR

You can revoke your consent to data processing at any time in accordance with Art. 7 GDPR. You are free to prevent the installation of cookies by setting your browser software accordingly.

You can change your Facebook ad preferences here if you are logged in to Facebook, or read here for general information on how to opt out of Facebook cookies. At YourAdChoices, you can manage your preferences regarding usage-based online advertising.

The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this. In the event of revocation, your personal data will no longer be processed and will be deleted. 

Description and scope of data processing

We use a tool for asking single question micro-surveys to measure the customer experience (Net Promoter Score), with follow-up open-end responses, provided by Wootric Inc, 220 27th St San Francisco, CA 94131 United States (“Wootric”). 

Wootric works with a cookie which is opted-out by default on the cookie banner. You can accept or reject it or change your preferences at any time via the settings of the cookie banner. If you accept Wootric’s cookie, you will be presented with a survey. Your customer identification number, which is anonymized to Wootric, will be processed. Wootric cannot identify you. If you provide us feedback, Wootric will process it as well.

Since the collected data is stored on servers in the U.S.A., a third country transfer takes place. 

Legal basis for data processing

The legal basis for the processing of your personal data is your consent according to Art. 6 para. 1 p. 1 lit. a GDPR.

Purpose of the data processing

We use Wootric to improve the user experience of our offered services.

Duration of storage

We delete your personal data when they are no longer required to achieve the purpose of their processing. This is the case after complete evaluation of the survey. According to which criteria the data is deleted by Wootric, you can find it in the privacy policy of Wootric.

Possibility of revocation according to Art. 7 GDPR

You can revoke your consent to data processing at any time in accordance with Art. 7 GDPR. You are free to prevent the installation of cookies by setting your browser software accordingly.

You can refuse the setting of a cookie by Wootric at any time via the cookie settings by changing your preferences. This does not affect the lawfulness of the processing carried out until then on the basis of the consent. In the event of revocation, your personal data will no longer be processed and will be deleted. 

Description and scope of data processing

With our newsletter we inform you about important product news, special announcements and our offers, even if you are not our customer.

To subscribe to our newsletter, enter your email address in the field provided. This data will be stored and used for sending the newsletter. 

In addition, we collect your IP address and the date and time of registration to ensure that no third party has misused your email address and hereby signed you up to receive the newsletter without your knowledge.

Legal basis for data processing

The legal basis for the processing of your personal data is your consent according to Art. 6 para. 1 p. 1 lit. a GDPR. 

Purpose of the data processing

We use your email address to send the newsletter to keep you informed and to increase awareness of our products.

Duration of storage

After registration, you will receive an e-mail confirming your inclusion in the e-mail distribution list of the newsletter. If you do not confirm your subscription to the newsletter within 24 hours, we will delete your data required for subscription to the newsletter (your e-mail address, your IP address and the date and time of subscription) 24 hours after sending the confirmation e-mail, provided that there are no legal retention obligations to the contrary (see IX. Retention obligations). 

Possibility of revocation according to Art. 7 GDPR

You can unsubscribe from the newsletter at any time later and revoke your consent by clicking the link provided at the end of the letter. Alternatively, you can also send a message to our customer support e-mail with appropriate content to support@nuri.com. Upon unsubscribing from the newsletter, the personal data transmitted for the purpose of providing the newsletter will be blocked. This does not affect the lawfulness of the processing carried out until then on the basis of the consent. In the event of revocation, your personal data will no longer be processed and will be deleted.

Description and scope of data processing

We use UX research ("User Experience - Research") and conduct UX research from time to time. You can decide for yourself if you want to be part of the research process. We will collect and process the data in the following:

• Your full name
• Your email address 
• Your video and audio (if you are invited to the research)

Legal basis for data processing

We process your personal data on the basis of Art. 6 para. 1 p. 1 lit. a GDPR.

Purpose of the data processing

UX Research helps us determine how product features can be improved. We may conduct UX research from time to time to test our products and determine how a participant interacts with them as a (potential) customer.

Duration of storage

The storage period of your data is usually based on the duration of the research, unless the data has been deleted at your request. The typical storage period for our research purposes is 3 months. 

Possibility of revocation according to Art. 7 GDPR

You can revoke your consent to data processing at any time in accordance with Art. 7 GDPR. This does not affect the lawfulness of the processing carried out until then on the basis of the consent. In the event of revocation, your personal data will no longer be processed and deleted. 

This section informs you how we process your personal data when you reach out to our customer service via the website or the Nuri Apps.

We use the data processors below to provide you our customer service:

Description and scope of data processing

On our website, we are using Zendesk Inc. 1019 Market St., San Francisco, CA 94103, USA (“Zendesk”), a tool for customer support communication.

The types of data you give us depend on the content of the message you send us. Typically, we receive the types of data below from you:

• Full name
• Email address
• Your Tax ID
• Residential address
• Phone number
• Other personal data transmitted as part of the message.

Zendesk is contractually bound to our instructions under a Data Processing Agreement, incorporating Standard Contractual Clauses of the European Commission. It has also supplementary measures that are required by the Schrems II C-311/18 decision of the Court of Justice of the European Union. 

You can find further information about data protection in Zendesk’s privacy policy and about supplementary measures on their blog.

Legal basis for data processing

The legal basis for the processing of your data, which is transmitted in the course of sending the message, is Art. 6 para. 1 p. 1 lit. b of the GDPR, insofar as your contact is aimed at the conclusion of a contract with us or the communication concerns an already existing contractual relationship. 

If the contact is neither related to a contract nor aimed at the conclusion of a contract, the legal basis for the data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a of the GDPR.

Purpose of the data processing

The purpose of the data processing is the handling of your request with which you have contacted us. 

Duration of storage

Your personal data will be deleted after 6 years.

Possibility of revocation according to Art. 7 GDPR

You can revoke your consent to data processing at any time in accordance with Art. 7 GDPR by sending an e-mail with the corresponding content to support@nuri.com. This does not affect the lawfulness of the processing carried out until then on the basis of the consent. In the event of revocation, your personal data will no longer be processed and will be deleted, provided that there are no legal retention obligations to the contrary (see VIII. Retention obligations).

Description and scope of data processing

We use the chatbot tool which is provided by Solvemate GmbH, Tempelhofer Ufer 1, 10961 Berlin (“Solvemate”) to help your requests better and provide easy communication between you and customer service. 

The types of data you give us depend on the content of the message you send us. Typically, 

Your name,

email address and attachments that you provide us through the chatbot are collected and shared with Solvemate.

Solvemate is subject to our instructions by a data processing agreement.

For more information about Solvemate‘s data processing, please refer to Solvemate’s Privacy Policy. 

Legal basis for data processing

The legal basis for the processing of the data transmitted when sending communication with the chatbot is Art. 6 para. 1 p. 1 lit. a GDPR. 

If your contact is aimed at concluding a contract with us, the legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR. 

Purpose of the data processing

The purpose of the data processing is the handling of your contact. 

Duration of storage

Your personal data will be deleted after 6 years.

Possibility of revocation according to Art. 7 GDPR

You can revoke your consent to data processing at any time in accordance with Art. 7 GDPR. You can revoke the data processing by sending an e-mail with the corresponding content to support@nuri.com. This will not affect the lawfulness of the processing carried out until then on the basis of the consent. In the event of revocation, your personal data will no longer be processed and will be deleted, provided that there are no legal retention obligations to the contrary (see VIII. Retention obligations). 

Description and scope of data processing

We use the call centre software platform of Aircall SAS, 11-15, rue Saint Georges, 75009 Paris, France ("Aircall") to provide telephone customer service.

The data collected when you call us are in the following:

• Incoming and outgoing calls to the service numbers
• Date and time of the call
• Duration of the call

Aircall is subject to our instructions by a data processing agreement.

For more information on data processing by Aircall, please see Aircall's privacy policy.

Legal basis for data processing

The legal basis for the processing of the data transmitted during your call is Art. 6 para. 1 p. 1 lit. a GDPR. 

If your contact is aimed at concluding a contract with us, the legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.

 

Purpose of the data processing

The purpose of the data processing is the handling of your telephone request. 

Duration of storage

Your personal data will be deleted when they are no longer necessary to achieve the purpose of their processing. For personal data that was communicated to us in the context of your call, this is the case when the respective conversation with you has ended. The conversation is ended when the circumstances indicate that the matter in question has been clarified and there are no statutory retention obligations to the contrary (see VIII. Retention obligations).

Possibility of revocation according to Art. 7 GDPR

You can revoke your consent to data processing at any time in accordance with Art. 7 of the GDPR by sending an e-mail with the corresponding content to support@nuri.com. This does not affect the lawfulness of the processing carried out until then on the basis of the consent. In the event of revocation, your personal data will no longer be processed and will be deleted, provided that there are no legal retention obligations to the contrary (see VIII. Retention obligations).

Description and scope of data processing

In order to respond to your inquiries timely, we have partnered with a call center Communication Factory GmbH, Halberstädter Straße 40, D-39112 Magdeburg (“Communication Factory”). 

The data shared and processed by Communication Factory when you reach out to us are in the following:

• Name, 
• E-Mail Address,
• The content of your communication, 
• Banking information (IBAN, transaction history),
• Digital assets information (public keys, transaction history),
• Card payment data (status, transaction history),
• Account information (address, contact details, identification, tax information.

Communication Factory is bound to our instructions with a data processing agreement. 

For more information about Communication Factory’s data processing, please refer to Communication Factory’s privacy policy.

Legal basis for data processing

The legal basis for the processing of the data transmitted during your call is Art. 6 para. 1 p. 1 lit. a GDPR. 

If your contact is aimed at concluding a contract with us, the legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR. 

Purpose of the data processing

The purpose of the data processing is the handling of your telephone and written request. 

Duration of storage

Your personal data will be deleted when they are no longer necessary to achieve the purpose of their processing. For personal data that was communicated to us in the context of your call, this is the case when the respective conversation with you has ended. The conversation is ended when the circumstances indicate that the matter in question has been clarified and there are no statutory retention obligations to the contrary (see VIII. Retention obligations).

Possibility of revocation according to Art. 7 GDPR

You can revoke your consent to data processing at any time in accordance with Art. 7 GDPR by sending an email with the corresponding content to support@nuri.com. This does not affect the lawfulness of the processing carried out until then on the basis of the consent. In the event of revocation, your personal data will no longer be processed and will be deleted, provided that there are no legal retention obligations to the contrary (see VIII. Retention obligations).

This section informs you how we process your personal data for performance, marketing analytics and marketing.

Description and scope of data processing

We use a solution for our marketing campaigns of Adjust GmbH, Saarbrücker Str. 37A 10405 Berlin (“Adjust”), to acquire new users, analyze user behavior and optimize our marketing campaigns.

Adjust may process your advertising ID (IDFA and Android-ID) on our behalf and temporary device identification numbers, if not disabled by you in the system settings of your device.

The data processed in this way is only used to see the external website or app that leads the user to Nuri and to determine which campaign users were aware of our app, for example which campaign link or banner users clicked before they downloaded our app. It is not possible to identify you individually.

If you do not want us to process your advertising ID, you can always disable or change this on your device. Please see the guide for iOS devices and the guide for Android devices.

This service provider is bound to our instructions by a data processing agreement.

For more information about Adjust‘s data processing, please refer to the Adjust Privacy Policy. 

Legal basis for data processing

The legal basis for the processing of your advertising ID is Art. 6 para. 1 p. 1 lit. f GDPR, if you use an Android device.

The legal basis for the processing of your advertising ID is your consent according to Art. 6 para. 1 p. 1 lit. a GDPR, if you use an iOS device with iOS 14.5 or later version.

Purpose of the data processing

The purpose of data processing is to acquire new customers, analyze user behavior and optimize our marketing campaigns. 

Duration of storage

The aforementioned data is usually stored for a period of 3 months and then deleted. We will delete your data at an earlier point in time if you object to the data processing in accordance with Article 21 of the GDPR when using an Android device or revoke your consent in accordance with Article 7 of the GDPR when using an Apple device. How you can object to data processing or revoke your consent is explained in the following point.

Possibility of objection and removal according to Art. 21 GDPR or revocation according to Art. 7 GDPR

You have the option to object to the processing of your personal data at any time by deactivating the advertising ID in the system settings of your Android device.

You can revoke your consent to data processing via your iOS device at any time in accordance with Art. 7 GDPR by changing the corresponding setting on your iOS device. This does not affect the lawfulness of the processing carried out until then on the basis of the consent. In case of revocation, your personal data will no longer be processed and will be deleted.

Description and scope of data processing

On Nuri Apps we use a tool for user’s data collection and its integration with our data analytics tools, which is provided by Segment.io Inc., 100 California Street Suite 700 San Francisco, CA 94111 United States (“Segment”). We use Segment also for analysing the user’s behaviour across devices and partner applications. 

Segment processes the categories of your personal data below:

• Your activity with Nuri Apps
• Your IP address
• Your account status

Segment uses cookies and similar technologies to enable cross-device tracking through a unified user ID. We use this data to evaluate your use of our website and our App.

The information generated by the cookie about the use of this website is stored on a server in the USA.

Segment is subject to our instructions by a data processing agreement, incorporating Standard Contractual Clauses of the European Commission. It has also supplementary measures that are required by the Schrems II C-311/18 decision of the Court of Justice of the European Union. 

Further information about data privacy can be found in Segment’s Privacy Policy.

Legal basis for data processing

The data processing is based on your consent according to Art. 6 para. 1 p. 1 lit. a GDPR.

Purpose of the data processing

The purpose of data processing is the analysis of user behavior. 

Duration of storage

We delete your personal data when they are no longer necessary to achieve the purpose of their processing. This is usually the case if you have revoked your consent. We explain how you can revoke your consent in the following point.  

Possibility of revocation according to Art. 7 GDPR

You can revoke your consent to data processing at any time in accordance with Art. 7 GDPR. You are free to prevent the installation of cookies by setting your browser software accordingly.

You can refuse the setting of a cookie by Segment at any time via the cookie settings by changing your preferences. This does not affect the lawfulness of the processing carried out until then on the basis of the consent. In the event of revocation, your personal data will no longer be processed and will be deleted. 

Description and scope of data processing

We use the product analytics tool Indicative which is provided by Indicative, Inc. 154 West 14th Street, 2nd Floor (“Indicative”) to evaluate user access and activity. The data shared is pseudonymized.

Indicative uses cookies and similar technologies to enable cross-device tracking through a unified user ID. 

Indicative processes the categories of your personal data below:

1. Country
2. Language settings
3. Your activity within Nuri Apps
4. Your device model
5. Your account status

Indicative is subject to our instructions by a data processing agreement, incorporating Standard Contractual Clauses of the European Commission. It has also supplementary measures that are required by the Schrems II C-311/18 decision of the Court of Justice of the European Union. 

For more information about Indicative‘s data processing, please refer to Indicative’s privacy policy .

Legal basis for data processing

The data processing is based on Art. 6 para. 1 p. 1 lit. f GDPR.

Purpose of the data processing

The purpose of the data processing is the evaluation of user activities and accesses in relation to the website and Nuri Apps. This is also our legitimate interest.

Duration of storage

We delete your personal data when they are no longer necessary to achieve the purpose of their processing. This is particularly the case if you have revoked your consent. We explain how you can revoke your consent in the following point.  

Possibility of revocation according to Art. 7 GDPR

You have the possibility to object to the processing of your personal data at any time by sending an email with the corresponding content directly to support@nuri.com or dataprotection@nuri.com. With the revocation, the personal data processed for the purpose of evaluating user activities will be deleted within 30 days and will no longer be processed. 

Description and scope of data processing

We use the marketing tool for contextual e-mailing provided by Customer.io, Peaberry Software Inc. d / b / a Customer.io, 921 SW Washington Street, Suite 820, Portland, Ore., 97205, USA (“Customer.io”).

Customer.io processes the categories below:

• Your full name,
• Email address
• Address,
• Salutation
• Citizenship
• Language settings
• Your activity within Nuri Apps,
• Device model
• Your personal data provided upon the registration for the onboarding will be transmitted to a server of the company Peaberry Software Inc. in the USA and stored there.

Customer.io has renewed its data processing agreement with Schrems II C-311/18 decision of the Court of Justice of the European Union in mind. It is subject to its renewed data processing agreement, incorporating Standard Contractual Clauses . 

Please visit Customer.io’s Privacy Policy for further information and its Warrant Canary for further information on the requests from law enforcement they get regarding customer data.

Legal basis for data processing

The legal basis for the data processing is Art. 6 (1) lit. a of the GDPR, based on your consent to receive marketing-related communications.

Purpose of the data processing

The purpose of data processing is to send contextual and marketing emails.

Duration of storage

We delete your personal data when they are no longer necessary to achieve the purpose of their processing. This is usually the case if you have revoked your consent. We explain how you can revoke your consent in the following point.  

Possibility of revocation according to Art. 7 GDPR

You can unsubscribe from the emailing at any time later and revoke your consent by sending an email to support@nuri.com. When you unsubscribe from the e-mailing, the personal data that was transmitted for the purpose of providing the e-mailing will be blocked. This will not affect the lawfulness of the processing carried out until then on the basis of the consent. In the event of withdrawal, your personal data will no longer be processed and will be deleted.