Welcome to the Noosa Innovation Privacy Notice. This information has been produced to help you understand how Noosa Innovation collects, uses, and shares personal data, what your legal rights are, and how to exercise them. We take our responsibility for protecting your data seriously, and we encourage you to familiarize yourself with our practices. If you have any questions, please feel free to contact us.

Noosa Innovation Ltd and all subsidiaries  (“us”, or “we”) are the “data controller” in respect of your personal information. This privacy notice sets out the basis on which we will process your personal information that we collect in the provision of our products and services (“Services), through our website or which you otherwise provide to us. Please read the following carefully to understand our practices regarding your personal information and how it will be treated.

Please note your personal data will also be handled by us where we provide our services to our customers’ (known as the “Merchants”). In these cases, where we handle personal data as part of our Services to Merchants (such as online retailers), the Merchant (and not us) will be the ‘data controller’ (as we will be acting as a “processor”). That means that the Merchant’s, and not our, privacy notice will apply to the processing of your personal data. If you have any questions about how the Merchant handles your personal information you should direct those questions to the Merchant.

How and when we collect personal information about you

We collect your personal information from various sources. You may be a website visitor, a user of our Services, or an end-customer of a Merchant (see above). We will collect and process personal information when you:

• visit our website (including filling in forms on our site, such as when you sign up for an account or a newsletter);

• contact our customer service team or request information from us in any other way;

• participate in our customer satisfaction surveys or other market research; and/or

• communicate with us, including via email or social media.

We may also collect information about you from third party sources, for example from our related third parties such as our service providers, and the third party providers (such as payment services providers) with whom our service integrates.

What personal information do we collect about you

We may collect various types of personal data depending on your relationship with Noosa Innovation:

• Your contact details – such as your first and last name, date of birth, address, e-mail address and telephone number.

• financial information; where we have your consent to do so

• account information, such as your password and other authentication information;

• any other information we might collect over the course of our business relationship with you such as your transaction history or details of any correspondence between us;

• responses to any surveys or market research; and

• your marketing preferences.

• your CV

When you visit our website, we and our related third parties may also collect information from you automatically, for example using cookies and other similar technologies. A cookie is a small file of letters and numbers that we may set on your device. You can find more information about the types of cookies we use and the purposes for which we use them below:

This type of data may include the following:

• information about your device, operating system and IP address;

• your login information;

• browser type and version;

• information about your visit, including URL, clickstream (i.e. your journey to, through and from our site), length of visits to certain pages, and page interaction information.

Purposes for processing your personal information

We may process your personal information for the following purposes:

• to provide you with the information and Services you have requested;

• to authenticate your access to our website and Services;

• to provide customer support and ensure we provide a good level of customer service;

• to notify you of any changes to our Services;

• for system administration purposes and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

• to distinguish you from other users (for example to remember your log-in details);

• to monitor your use of our website and Services to improve the user experience;

• to send you marketing and advertising materials where we have the authority to do so;

• to tailor any marketing or advertising so that it is more relevant to you;

• to conduct marketing analysis to allow us to assess trends and the effectiveness of our advertising and marketing campaigns;

• for security and fraud prevention;

• to ensure that our website and Services are safe and secure; and

• to comply with applicable laws and regulations.

Legal basis for processing your personal information

Where we are acting as a “data controller,” we will only process your personal information where we have a legal basis to do so. Where we are acting as a “processor” and we are processing the personal information on the Merchant’s behalf as part of the provision of our Services, the Merchant is responsible for determining and ensuring there is an appropriate lawful basis. Our legal basis for processing your personal information, where we are acting as a controller, will depend on the purposes for which we have collected and used your personal information. In almost every case, the legal basis will be one of the following:

• Compliance with legal obligations: We process personal data to fulfill contractual obligations, comply with regulatory requirements and self-regulatory schemes, perform necessary business operations and due diligence, and cooperate with relevant authorities for reporting criminal activity, fraud prevention, or other legal obligations.

• Consent: For example, where you have provided your consent for us to review your personal credit score data.

• Our legitimate business interests: Where it is necessary for us to understand our customers and deliver our services to the Merchant,, and operate our business effectively, provided in each case that this is done in a legitimate way that does not unduly affect your privacy and other rights. For example, we will rely on this legal basis when we conduct creditworthiness assessment checks to understand our customers in sufficient detail so we can improve the approval rate for credit requests.

• Performance of a contract with you (or in order to take steps prior to entering into a contract with you): For example, where you have created an account for our Services, we will need to use your contact details to provide the Services to you.

Where we store your personal information

Noosa Innovation will not transfer your personal data to any country other than those that have been granted an
adequacy decision under the General Data Protection Regulation.
We may however share your personal data with third-party organizations who then transfer the data. We shall take
all reasonable measures to ensure those third parties are also compliant with data protection law.

How we keep your personal information

We take steps to ensure that the personal information you provide is retained only for as long as it is necessary for the purposes for which it was collected. After this period, it will be deleted or, in some cases, anonymized. For example, if you have created an account with us, we will keep a record of it for the period necessary to meet any finance and tax obligations.

We may also keep a record of correspondence with you (for example, if you have made a complaint) for as long as necessary to protect us from legal claims.

The following criteria determine how long we will retain your personal data:

• Until we are no longer required to do so to comply with regulatory requirements or financial obligations.

• Until we are no longer required to do so by any applicable law.

• Until all purposes for which the data was originally collected have become irrelevant or obsolete.

• Until the services we have provided are no longer in active use.

• Until you request that we no longer process your data and it is erased, provided that no other legal requirements necessitate its retention.

Children

Our Services and website are not intended for, and should not be used by, children under the age of 18. We do not knowingly collect personal data from children under 18.

Security and Passwords

You must keep your password and any other authentication information for our website and Services confidential. If you know or suspect that anyone other than you knows your password or any other authentication information, you must promptly notify us using the contact details below.

Disclosing your information

We may share your personal information with any of our group companies from time to time (e.g. subsidiaries or ultimate holding company and its subsidiaries). We may also share your personal information with our suppliers, business partners and service providers, where they are helping us to enhance our ability to deliver our Services to you. In addition to the above, we may disclose your personal information to other third parties in the following cases:

• for the purposes of research, evaluation, and analysis;

• in the event that we sell any business or assets, in which case we may disclose your personal information to the prospective buyer of such business or assets

• if we or substantially all of our assets are acquired by a third party, in which case personal information held by us about our customers and visitors to our websites will be one of the transferred assets;

• if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation or request; or

• to protect the rights, property or safety of us or our users, or others, and in order to enforce or apply our terms and conditions (this includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).

Your rights

You have certain rights in relation to your personal information. We take these rights seriously and will make every effort to honor them in accordance with applicable laws. These rights include:

• The Right to Access: You have the right to request confirmation of whether your personal data is being processed and to obtain access to your personal data. This includes details of the processing activities, the categories of data involved, and the purposes of the processing. If you would like access to the personal data we hold about you, please contact us using the details provided below.

• The Right to Rectification: If you believe that any of the data we hold about you is incorrect or incomplete, you have the right to request the correction or completion of that data. We will respond to such requests promptly and make the necessary changes where applicable.

• The Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data. This right is not absolute, and we may need to retain certain information if required by law or for legitimate business purposes. Where retention is necessary, we will ensure that your data is only used for those essential purposes.

• The Right to Object: You have the right to object to the processing of your personal data, particularly where we are relying on legitimate interests as the legal basis for processing. If you object, we will review your request and, unless we have compelling legitimate grounds to continue processing, we will cease processing your data for the relevant purposes.

• The Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain circumstances, such as if you contest the accuracy of the data or if you have objected to our processing. When processing is restricted, we will store your data but will not process it further without your consent, except for legal reasons.

• The Right to Data Portability: Where technically feasible, you have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format and to request that we transfer it to another data controller. This right applies where the processing is based on consent or the performance of a contract and the data is processed by automated means.

• The Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawing your consent will not affect the lawfulness of any processing carried out before your withdrawal.

• The Right to Complain: If you believe that we have processed your personal data in a manner that is unlawful or breaches your rights, you have the right to lodge a complaint with your local data protection authority. However, we encourage you to contact us first, so we can address your concerns directly.

If you wish to exercise any of these rights, please contact us using the contact details provided below. We will handle your request in accordance with applicable law and any relevant legal exemptions.

Third party Links and services

Our website and Services may, from time to time, contain links to and from third-party websites and services, including those of our business and integration partners. If you choose to follow a link to any of these websites or services, please be aware that these third parties have their own privacy policies. We do not accept any responsibility or liability for their practices, policies, or how they manage your personal data.

We strongly encourage you to review the privacy notices of any third-party websites or services before providing them with your personal information. This ensures that you understand how your data may be used and protected by these third parties.

Changes to Privacy Notice

We may change this privacy notice at any time. The new privacy notice will be displayed on our website. The date this privacy notice was last updated appears at the bottom.

Contact Us

Questions and comments regarding this privacy notice should be sent to: corporate@noosa.io

Our registered offices are located at 

Noosa Innovation Ltd Registered address of Parent company: 27 Hamatzbeim St Tel Aviv, 6993516 ISRAEL
Noosa Innovation BV Registered address of Dutch subsidiary: John M. Keynesplein 1, 1066 EP Amsterdam, Netherlands
Noosa Innovation UK Ltd Registered address of UK subsidiary: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom

EU Data Protection Representative:

Ametros Ltd
Unit 3D
North Point House
North Point Business Park
New Mallow Road
Cork
Ireland
gdpr@ametrosgroup.com
www.ametrosgroup.com

UK Data Protection Representative:

Ametros Group Ltd
Lakeside Offices, Thorn Business Park
Rotherwas Industrial Estate
Hereford
Herefordshire
England
HR2 6JT

gdpr@ametrosgroup.com
www.ametrosgroup.com

This Privacy Notice was last updated: 01.07.2024