Last Updated: 19 Oktober 2024

1. Introduction

This Privacy Policy applies to your Personal Information when you visit this Site or use the Services. This Privacy Policy explains how we may collect, retain, process, share and transfer your Personal Information when you visit this Site or use the Services. 

This Privacy Policy is designed to help you obtain information about our privacy practices and to help you understand your privacy choices when you use this Site and the services. 

This Privacy Policy is incorporated by reference into any terms of service made available on the Site or in the Services. By using the Services, you agree to the terms of this Privacy Policy. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, you should immediately stop using the Services.

Upon your acceptance of this Privacy Policy, your Personal Information collected by us prior to the time of acceptance shall also be subject to this Privacy Policy.

2. Definitions

1. “Site” means this website www.neuralarb.com, official social media platforms, or other online properties through which we offer the Services..
2. “User” means those users who has successfully registered with this Site.
3. “Account” means a User’s account with this Site.
4. “Personal Information” means personal information that can be associated with an identified or identifiable person.  “Personal Information” can include name, postal address, telephone number, email address, financial account information, account number, date of birth, and government-issued credentials (e.g., driver’s license number, national ID, passport, and Taxpayer ID).  Personal Information does not include information that does not identify a specific User.
5. “Services”: any website owned or operated by us, any API Tools (as defined below), or mobile applications (the “App(s)”) and all services, features, functionality, and content provided through the Site, API Tools, or App, including: (i) any digital asset platforms and tools that allow trading of supported digital assets; and (ii) any hosted digital wallets for storage of digital assets. 
6. “AML” means anti-money laundering. 

3. Categories and sources of personal data

Personal data is any information that can be used to directly or indirectly uniquely identify you as a private individual. Anonymous data is not personal data, as it cannot be linked back to you. We may obtain and process the following categories of your personal data:

4. How do we process personal information? 

We may process your information for the following purposes: 

• To operate the Site and provide the Services, including to:
  
  • generally manage individual information and accounts;
  • authenticate your access to your Account; 
  • communicate with you about your Account and your transactions; 
  • provide a personalized experience and implement the preferences you request;
  • keep your Account information up to date and process transactions.
• To manage our business needs, such as monitoring, analyzing, and improving the Services and the Sites’ performance and functionality; ensuring quality control and staff training; develop new products and Services; and enforcing our agreements with third-parties;
• To manage risk and verify your identity. We may use Personal Information to enhance security, monitor and verify service access, combat spam or other malware or security risks; prevent potentially prohibited or illegal activities; and enforce our Terms of Service. 
• To market to you about the Services and the products and the Services of unaffiliated businesses. We may also Process your Personal Information to uniquely tailor the marketing content, advertisements, and offers, and certain Services or Site experiences to better match your interests on the Site.
• To provide personalized Services.  We may use your Personal Information and other information collected in accordance with this Privacy Policy to provide a targeted display, feature, or deliver targeted offers based on your communication preferences.
• To comply with our obligations and to enforce our terms of services, including to comply with all applicable laws and regulations.
• To provide customer support, for example to respond to your requests, resolve disputes, and troubleshoot problems.
• Other uses. We may use personal information for any other purpose disclosed to you at the time you provide such information or otherwise with your consent.

5. Do we share personal information? 

We may share your Personal Information or other information about you with others in accordance with the Privacy Policy. We may share your Personal Information or other information for the following reasons:

With other members of our corporate family: We may share your Personal Information with other members of our family of entities for various purposes, including but not limited to, to provide the Services you have requested or authorized; to manage risk; to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies and agreements; and to help us manage the availability and connectivity of the Services, and communications.

With third parties that provide services to us: We may share Personal Information with third-party service providers that perform the Services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with the Services, verify your identity, assist in processing transactions, send you advertisements for the Services, or provide customer support. By using the Services, you have acknowledged and approved that third-party service providers have the right to collect, process and store your Personal Information.

With other third parties to protect us or others We may share information about you with other parties for our business purposes, including:

• to protect the vital interests of a person; 
• to protect our property, the Services and legal rights;
• to help assess and manage risk and prevent fraud against us, our Users and fraud involving the Site or use of the Services, including fraud that occurs at or involves our business partners, strategic ventures, or other individuals;
• to companies that we plan to merge with or be acquired by;
• to support our audit, compliance, and corporate governance functions. 

With other parties as permitted or required by law and regulations: We may share information about you with other parties if we need to do so to comply with a law, legal process or regulations; or as required by law enforcement, regulators, government officials, or other third parties in relation to a subpoena, court order, or other legal process or requirement under applicable law or regulation; or when we believe, in our sole discretion, that the disclosure of Personal Information is necessary or appropriate to prevent physical harm or financial loss; or to report suspected illegal activity or to investigate violations of a user agreement; or to satisfy regulatory requirements as applicable to provide our Services. 

With your consent: We also will share your Personal Information and other information with your consent or direction, including if you authorize an account connection with a third-party account or platform.

6. How do we protect your personal information?

We maintain appropriate technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Information against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls. However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your data will not occur. While we are dedicated to securing our systems and the Services, you are responsible for securing and maintaining the privacy of your password(s) and Account registration information, for example, to choose a password of sufficient length and complexity and not reveal account credentials to any third-parties, and verifying that the Personal Information we maintain about you is accurate and current.  We are not responsible for protecting any Personal Information that you transmit to us or receive from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us.

7. Data retention

We will retain your personal data only for so long as it is required for the purposes for which it was collected. This period may extend beyond the end of your relationship with us, but only for so long as is reasonably necessary for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations (e.g. taxation purposes), resolve disputes and enforce our agreements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

When your personal data is no longer required, we will destroy, delete or convert it into an anonymous form.

8. Your rights

Under certain circumstances, you have following rights under data protection laws in relation to your personal data:

1. right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
2. right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;
3. right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
4. right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
5. right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
6. right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform an agreement with you; and
7. right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain Services to you. We will advise you if this is the case at the time you withdraw your consent.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

9. For UK & EEA clients: Transfers of personal  data outside of the European Economic Area (EEA) and the United Kingdom (UK)

We may transfer your personal data outside the EEA and UK to other NAB group companies, service providers and business partners. Transfers outside of the EEA or the UK (as appropriate) shall be in accordance with lawful transfer mechanisms. If personal data is transferred to a country which has been found by the European Commission to have an essentially equivalent standard of data protection to the EEA, then NAB may rely on an ‘adequacy decision’ to transfer that personal data. See here for a list of countries with adequacy decisions. If personal data is transferred from the EEA or UK to the US, we may rely on standard contractual clauses. 

10. Privacy when using digital assets and blockchains

Your use of digital assets may be recorded on a public blockchain. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis which can lead to re-identification of transacting individuals and the revelation of personal data, especially when blockchain data is combined with other data.

As blockchains are decentralized or third-party networks which are not controlled or operated by NAB, we are not able to erase, modify, or alter personal data on such networks.

11. Cookies

When you use our products and services or visit our websites, we may place tiny data files called cookies, flash cookies, pixel tags, or other tracking tools (herein, “Cookies”) on your computer or other devices used when engaging with us. We use cookies to help us recognize you as a customer, collect information about your use of our products and services, to better customize our services and content for you, and to collect information about your computer or other access devices to ensure our compliance with our U.S. Bank Secrecy Act, fraud, security, sanctions and AML obligations.

12. Changes to this privacy policy

Our privacy policy is reviewed regularly in light of new regulations, technologies, and any changes to our business operations. Any personal data we process will be governed by our most recent privacy policy. We will update the “Last updated” date accordingly at the beginning of this privacy policy. Please review this privacy policy from time to time. We will announce any material changes to this privacy policy on our website.

13. Our products and services are not available to children

Our products and services are not directed to persons under the age of 18 (herein, “Children”, “Child”) and we do not knowingly collect personal data from children. If we learn that we have inadvertently processed personal data from a child, we will take legally permissible measures to remove that data from our records. NAB will require the child user to close his or her account and will not allow the use of our products and services. If you are a parent or guardian of a child, and you become aware that a child has provided personal data to us, please contact us at support@neuralarb.com.

14. Contact information

Any questions, complaints, comments and requests regarding this privacy policy are welcome and should be addressed to support@neuralarb.com. You can also contact our Data Protection Officer at support@neuralarb.com. 

Effective Date: August 25, 2022