🔐 Privacy Policy - Nani Fintech Plus

Privacy Overview

Our commitment to protecting your personal information

Nani Fintech Plus ("we", "us", "our") is committed to protecting your personal information and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our digital financial services, including Ayuto, Halal Ways, and Sukuk platforms.

Our Privacy Principles

Transparency

Clear information about data collection and use

Control

You decide how your data is used

Security

Bank-level protection for your information

Compliance

Full adherence to UK GDPR and DPA 2018

Data Controller Information

Nani Fintech Plus Limited
Registered in England and Wales
Company Number: [Insert Company Number]
Registered Office: [Insert UK Registered Address]

We are the data controller responsible for your personal information collected through our services.

Information We Collect

Types of personal data we process

Personal Data

Information that identifies you personally, collected for account creation and KYC compliance:

Full name and title
Date of birth
Nationality and country of residence
Government-issued ID documents

Passport or driving license
Proof of address documents
Biometric data (facial recognition)
Employment and income information

Contact Information

Information needed to communicate with you and provide our services:

Email address
Mobile phone number
Home address

Postal code
Emergency contact details
Communication preferences

Financial Data

Financial information necessary for providing our digital banking and investment services:

Bank account details
Payment card information
Transaction history
Wallet balances and movements

Investment records and portfolios
Credit history and scores
Income and expenditure patterns
Risk assessment profiles

Technical Data

Technical information collected automatically when you use our services:

IP address and location data
Device information and identifiers
Browser type and version
Operating system details

Usage logs and analytics
Cookies and tracking technologies
App performance data
Security event logs

How We Use Your Information

Purposes for processing your personal data

Service Provision

• Creating and managing your account
• Processing payments and transactions
• Providing digital banking services
• Managing investment portfolios
• Facilitating community banking groups

Compliance & Security

• Identity verification (KYC)
• Anti-money laundering (AML) checks
• Fraud prevention and detection
• Regulatory reporting
• Legal obligation compliance

Service Improvement

• Analyzing usage patterns
• Personalizing user experience
• Developing new features
• Performance optimization
• Market research and insights

Communication

• Service updates and notifications
• Customer support
• Marketing communications (with consent)
• Important account information
• Educational content delivery

Legal Basis for Processing

Why we're allowed to process your data under UK GDPR

Contractual Necessity

We process your data to perform our contract with you and provide the services you've requested:

• Account creation and management
• Payment processing
• Investment services
• Customer support

Legal Obligations

We're required by law to process certain data for regulatory compliance:

• KYC and identity verification
• AML monitoring and reporting
• Tax reporting obligations
• Regulatory record keeping

Legitimate Interests

We process data for legitimate business purposes, balanced against your rights:

• Fraud prevention and security
• Service improvement and analytics
• Business development
• Risk management

Consent

For certain activities, we ask for your explicit consent:

• Marketing communications
• Optional data collection
• Third-party integrations
• Biometric data processing

Sharing Your Data

When and with whom we share your information

We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Your data is only shared when necessary for service provision or legal compliance.

Financial Partners

Licensed institutions that help us provide services:

• Electronic Money Institution (EMI) partners
• Payment processors and card networks
• Banking partners for account services
• Investment platform providers

Regulatory Bodies

Authorities that require data for compliance:

• Financial Conduct Authority (FCA)
• HM Revenue & Customs (HMRC)
• National Crime Agency (NCA)
• Law enforcement agencies

Technology Providers

Trusted partners supporting our platform:

• Cloud infrastructure providers
• Identity verification services
• Analytics and monitoring tools
• Customer support platforms

Professional Services

Advisors and service providers:

• Legal advisors and solicitors
• Auditors and accountants
• Compliance consultants
• Risk management specialists

Data Retention

How long we keep your information

We only keep your personal data for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and protect our legitimate interests.

Active Account Period

While your account is active, we retain all necessary data to provide our services and maintain account security.

Account Closure + 6 Years

After account closure, we retain financial records for 6 years as required by UK financial regulations and tax law.

KYC Data + 5 Years

Identity verification documents are kept for 5 years after the business relationship ends, as required by AML regulations.

Marketing Data + 2 Years

Marketing preferences and communication data are retained for 2 years after last interaction or consent withdrawal.

Technical Logs + 1 Year

System logs and technical data are typically retained for 1 year for security and troubleshooting purposes.

Secure Deletion

When retention periods expire, we securely delete your data using industry-standard methods to ensure it cannot be recovered or reconstructed.

Your Privacy Rights

Control how your personal data is used

Under UK GDPR and Data Protection Act 2018, you have several rights regarding your personal data. We're committed to helping you exercise these rights.

Right of Access

Request a copy of the personal data we hold about you, including how it's used and who it's shared with.

Right to Rectification

Correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data where there's no compelling reason to continue processing.

Right to Restrict

Limit how we process your data in certain circumstances while maintaining your account.

Right to Portability

Receive your data in a structured format to transfer to another service provider.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

How to Exercise Your Rights

1. Submit Request

Use the buttons above or contact our privacy team directly.

2. Identity Verification

We may need to verify your identity for security purposes.

3. Response Timeline

We'll respond within 30 days (or 60 days for complex requests).

Security Measures

How we protect your personal information

We implement comprehensive security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Technical Safeguards

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication (MFA)
• Biometric authentication options
• Advanced firewall protection
• Intrusion detection systems
• Regular security vulnerability scans
• Automated threat monitoring

Organizational Measures

• Staff security training and awareness
• Background checks for all employees
• Role-based access controls
• Regular access reviews and audits
• Incident response procedures
• Data breach notification protocols
• Third-party security assessments
• Compliance monitoring programs

Information Security Management System certification

PCI DSS

Payment Card Industry Data Security Standard compliance

SOC 2

Service Organization Control 2 Type II certification

International Data Transfers

How we protect your data when transferred abroad

When we transfer your personal data outside the UK or European Economic Area (EEA), we ensure it receives the same level of protection through appropriate safeguards.

Adequacy Decisions

We transfer data to countries with adequacy decisions from the UK government:

• European Union member states
• Switzerland and Norway
• Canada (commercial organizations)
• Japan and South Korea

Standard Contractual Clauses

For other countries, we use approved contractual safeguards:

• UK International Data Transfer Agreement
• EU Standard Contractual Clauses
• Binding Corporate Rules
• Certification schemes

Transfer Impact Assessment

Before any international transfer, we conduct a Transfer Impact Assessment to ensure your data will be adequately protected in the destination country, considering local laws and practices.

Privacy Support & Contact

Questions about your privacy rights or how we handle your data?

Data Protection Officer

Email: dpo@nanifintechplus.com

Phone: 075 8781 2000

Post: Data Protection Officer
Nani Fintech Plus Limited
39 The Curve,London, W12 0RJ,United Kingdom

Response Time: Within 30 days

Privacy Support Team

Email: info@nanifintechplus.com

Phone:075 8781 2000

Languages: English, Arabic, Somali, Swahili

Secure Portal: Available in your account

Quick Privacy Actions

Regulatory Complaints

If you're not satisfied with our response to your privacy concerns, you have the right to complain to the UK's data protection regulator:

Information Commissioner's Office (ICO)

Website: ico.org.uk
Post: Information Commissioner's Office,39 The Curve,London, W12 0RJ,United Kingdom

Your Privacy Matters

Quick Navigation