Privacy Notice

Last updated: March 2024

  1.  

    PURPOSE

    This Privacy Policy (“Policy”) describes the “Personal Data” that we collect about you, how we use it, how we share it, your rights and choices, and how you can contact us about our privacy practices. This Policy also outlines your data subject rights, including the right to object to some uses of your Personal Data by us.

    Personal Data” is personally identifiable information that identifies you as an individual, such as your name, mailing address, email address, age range, and the like. Personal data is only obtained when you voluntarily provide the information to us. We use personal data to better understand your needs and interests and to provide you with better service.

    Instarem”, “we”, “our” or “us” means the Instarem entity responsible for the
    collection and use of Personal Data under this Privacy Policy. It differs depending on your jurisdiction. Please refer to a list of our entities under Section 2 (Scope).

    Individuals accessing the Platform or who are registering to use the services on the Platform and who voluntarily provide personal data to us (“you” or “your”) are covered by this Privacy Notice.

    In order to use the services provided on our Platform, you will have to share your personal data with us.

  2.  

    SCOPE

    This Privacy Notice explains how we handle personal data you share with Instarem. The Instarem entity responsible for the processing of your Personal Data depends on the jurisdiction in which you register to use the Platform, as follows:

    • In Australia: Nium Pty Limited (formerly known as Instarem Pty Limited)
    • In Canada: Nium Canada Corporation (formerly known as Instarem Canada Corporation)
    • In the European Economic Area: UAB “Nium EU” (formerly known as UAB “Instarem EU”)
    • In Hong Kong: Nium Limited (formerly known as Instarem Limited)
    • In India: Nium India Private Limited (formerly known as Instarem India Private Limited)
    • In Indonesia: PT Nium Mitra Indonesia (formerly known as PT Instarem Mitra Indonesia)
    • In Malaysia: Nium Sdn. Bhd. (formerly known as Instarem Malaysia Sdn. Bhd.)
    • In Singapore: Nium Pte. Ltd. (formerly known as Instarem Pte. Ltd.)
    • In the United Kingdom: Nium Fintech Limited (formerly known as Instarem Limited)
  3.  

    OUR PRIVACY PRINCIPLES

    Your privacy matters to us. Our business has been built on trust between our customers and ourselves. To preserve the confidentiality of all information you provide to us, we shall maintain the following privacy principles:

    1. we will ensure that all personal data processing is conducted in a lawful, fair, and transparent basis;
    2. we only collect personal data that we believe to be relevant and necessary, in order to help us conduct our business;
    3. we use your personal data to provide you with better customer services, to develop new products and services, and to improve existing products and services;
    4. Any data sharing with these third parties will include the necessary provisions to safeguard the personal data that is being transferred to them in accordance with the applicable laws;
    5. we may be required from time to time to disclose your personal information to governmental or judicial bodies or agencies or our regulators, if required to do so by law;
    6. we shall take reasonable measures to ensure that your personal data in our possession or control is accurate and up to date;
    7. we protect the personal data in our possession or under our control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, or disposal of such data.

    By maintaining our commitment to these principles, we will ensure that we respect the inherent trust that you place in us.

  4.  

    PURPOSES OF DATA COLLECTION

    We collect most personal information directly from you through the access and use of the Instarem website or mobile application. We may share the information with our affiliates to assist us in our business activities. We may also share the information if required by the governing law for the purpose of cooperation with government
    investigations. In addition, we may use or share your personal information in the following ways:

    1. to comply with any applicable legal and/or regulatory requirements;
    2. to notify you about changes in our Services;
    3. as part of our efforts to keep our Services safe and secure;
    4. to administer our services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    5. to provide you with information about other similar goods and services we offer;
    6. evaluating, developing and improving software, services or related products for your use;
    7. complying with the obligations, requirements or arrangements for disclosing and using data that apply to us;
    8. complying with any obligations, requirements, policies, procedures, measures or arrangements for sharing data and information within our intragroup companies, subsidiaries, or affiliates, and any other use of
      data and information in accordance with any group-wide programs for compliance with sanctions or prevention or detection of money laundering, terrorist financing or other unlawful activities;
    9. to provide you, or permit selected third parties to provide you, with information about goods provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you.

    Failure to supply such personal data may result in our inability to open or continue accounts or establish or continue facilities or provide services to you.

  5.  

    WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT AND RESERVE?

    The types of personal information that we collect, and share depend on the product or service you provide to us.
    It includes, but is not limited to:

    1. name, address, email address, mobile and home telephone number, age, date of birth, gender, citizenship, salary range, occupation and other relevant contact information;
    2. government identification numbers, such as National identification card information, driver’s license, state identification, passport, visa, tax identification, etc.;
    3. information involving your account information, bank account details including debit, credit and transaction history with Instarem;
    4. computer and mobile device information, such as the domain and host you use to access the Internet; your computer’s IP address; mobile device geolocation, number and other information from and about your device (such as device properties, settings, applications, stored information and usage) and carrier;
      the browser and operating system software you use; websites you have visited or later visit, social profile and network information; the date and time you access our website, the internet address used to link to our website when you visit us and cookie information.
    5. representatives of legal entities (members of the management bodies and other representatives (for example, employees) who are authorized to represent the client in relations with the controller or acting on their behalf, representing the client on behalf of the client, according to corporate documents): contact and personal information: title, your first name, surname, email address, mobile phone number, organization, country.
    6. face data as part of our Know Your Customer (KYC) process, and to generate profile images for accounts held by you and beneficiaries.

    Instarem is required to collect and hold certain personal information under the Anti-Money Laundering and Counter-Terrorism Financing rules and other subordinate instruments (AML/CTF Laws). You consent to our collection, transfer and storage of information by computers or other transfer or storage devices in Indonesia and elsewhere, whose laws on holding personal data may be less stringent.

  6.  

    SECURITY OF PERSONAL DATA COLLECTED

    To help protect your personal information from unauthorized access and use, we endeavor to use reasonable security measures. These measures can include physical, electronic and procedural safeguards such as computer safeguards and secured files and buildings.

    We also endeavor to limit access to personal information to only employees, agents and representatives that need to know.

    Despite our efforts, third parties may unlawfully intercept or access your personal information, transmissions to us, or may wrongly instruct you to disclose information to them by posing as Instarem or by misinforming you about our services.

    Always use caution and good judgment when sending money and when using internet and mobile technologies.

  7.  

    CLASSES OF PERSONS WE CAN TRANSFER PERSONAL DATA

    Instarem may provide such personal data for the purposes set out in Section 6 to the following third parties including, but not limited to:

    1. the subsidiaries of Instarem globally;
    2. any agent, contractor, or third-party service provider who provides administrative, telecommunications, computer, payment, debt collection or other services to it in connection with the operation of its business;
    3. any other person or entity under a duty of confidentiality within our group companies which has to be in line with their nature of function on a need to know basis;
    4. companies which help us run or improve the running of our business or which help us deliver products and services to you and to banks, card companies, reference agencies, etc.
    5. in order to comply with legal, regulatory, security and processing requirements, government (domestic and international) requirements, applicable to us or our affiliates or service providers, including but not limited to anti-money laundering laws; to organizations which help us process transactions, validate customer information, and prevent debt, fraud, theft or loss.
    6. we may disclose Information about current and former customers to perform marketing, business analysis and advertising services to companies with whom we have contractual or joint marketing arrangements upon notice that you have provided unambiguous consent (opt-in) for the use of Information for these purposes.
    7. we may share your face data with third-party service providers such as Onfido, Jumio and Idfy for digital verification, as well as for manual document uploads required for KYC verification. We do not use or disclose your face data for any purpose other than as described above, or for other purposes for which you have provided your consent.

    In all instances we shall ensure that our contracts with such third parties shall stipulate that the third parties shall act in accordance with the relevant regulation with respect to your personal data.

  8.  

    DATA SUBJECT RIGHTS

    Depending on your location and subject to applicable law, you may have the followings rights:

    1. to check whether we hold your personal data;
    2. to access and rectify your personal data;
    3. to limit, restrict or object to your personal data being processed;
    4. to withdraw consent (where it is relied upon for processing); and
    5. to request erasure/deletion (if no other legal requirements supersede this right).

    The above requests can be directed to our teams via the contact details in Section 13 (Contact Us).

    We may require you to verify your identity before we provide you access to your personal data. Some requests (such as deletion requests) will be assessed and handled in line with Instarem’s internal Global Data Retention and Purging Policy which encompasses Instarem’s obligation to maintaining, keeping, archiving, purging the data in accordance to the applicable Privacy Laws.

  9.  

    DATA TRANSFER

    Upon obtaining your consent and/or when we follow applicable law requirements, your personal data may be processed, kept, transferred or disclosed in and to any country by us and in accordance with the laws, rules, regulations, or governmental orders of that your jurisdiction (e.g. such as the use of legal mechanisms in EU
    transfers i.e. SCCs).

  10.  

    USE OF DATA IN DIRECT MARKETING

    Before we use your personal data in direct marketing, we will obtain your explicit consent (which includes an indication of no objection) to do so.

    We are allowed to offer you similar goods or services when you signed up to use our services.

    If you do not wish us to use or provide to other persons his personal data for use in direct marketing as described above, you may exercise your opt-out right by notifying us via the details in Section 13 (Contact Us).

  11.  

    RETENTION OF PERSONAL DATA

    We retain your personal data for the period necessary to carry out the purposes outlined in this Privacy Notice unless a longer period is required or permitted by law. As per Instarem policies, deletion may apply where information has been collected from and about the customer for the purpose of an Instarem service and where: a
    customer that has partially registered; has an approved Instarem account; or has an active Instarem account.

  12.  

    CONTACT US

    All queries should be directed to our customer support team via the Help Centre available on the Platform.

    If any privacy queries have not been fully resolved by the customer support, our Privacy team can also be contacted by writing to [email protected].

    Addresses and contact details (where present), and relevant privacy regulators are listed below for each entity:

    Australia: Nium Pty Limited

    Address: Level 4, 152 Elizabeth Street, Office 131, Melbourne, VIC 3000, Australia

    Regulator: Any Australian residents may wish to contact the Office of the Australian Information Commissioner if you are not satisfied by our responses under the Privacy Act.

    Canada: Nium Canada Corporation

    Address: 422 Richards Street #170 Vancouver, BC, CA, V6B2Z4

    Regulator: Any Canadian residents may wish to contact the Office of the Privacy Commissioner of Canada if you are not satisfied by our responses under PIPEDA.

    European Economic Area: UAB “Nium EU”

    Address: Konstitucijos pr. 21B, Vilnius, the Republic of Lithuania

    Regulator: Any EU residents may wish to contact within your country, or alternative contact the State Data Protection Inspectorate in Lithuania if you are not satisfied by our responses under the GDPR.

    Hong Kong: Nium Limited

    Address: Room 517 5F, Inno Centre, 72 Tat Chee Avenue, Kowloon Tong, Hong Kong

    Regulator: Any Hong Kong residents may wish to contact the Privacy if you are not satisfied by our responses under the PDPO.

    India: Nium India Private Limited

    Address: B3L5, Nirlon Knowledge Park, Pahadi Village, Off. The Western Express Highway, Cama Industrial Estate Goregaon East Mumbai, Mumbai City MH 400063 India

    Malaysia: Nium Sdn. Bhd.

    Address: Komune 2.0, Level 7-54 Vertical Corporate Tower, Lobby B, Avenue 10, Bangsar South, No. 8, Jalan Kerinchi, 59200 Kuala Lumpur

    Telephone: +603-2242 0315/0321/0162

    Regulator: Any Malaysian residents may wish to contact the Ministry of Communications and Multimedia if you are not satisfied by our responses under the PDPA.

    Singapore: Nium Pte. Ltd.

    Address: 168 Robinson Road, Capital Tower, #18-03, Singapore 068912
    Telephone: +65 6909 8841

    Regulator: Any Singapore residents may wish to contact the Personal Data Protection Commission if you are not satisfied by our responses under the PDPA.

    United Kingdom: Nium Fintech Limited

    Address: 1 Poultry, London EC2R 8EJ
    Regulator: Any UK residents may wish to contact the UK Information Commissioner’s Office if you are not satisfied by our responses under the UK DPA.

  13.  

    UPDATES AND NOTIFICATIONS

    Instarem may change this Privacy Notice from time to time to reflect changes in data processing, our privacy practices, the inclusion of or removal of services, or any changes in law.

    Any changes are effective the latter of when we post the revised Notice on the services.