NOAH Privacy Notice
- Introduction
This privacy notice (“Notice”) describes how Noah Savings UAB and other companies in Noah’s group (together referred to as "Noah", "we" or "us") will make use of your data, including what data we collect from you, what we will use it for and whom we share that data with.
It applies to the processing activities in which Noah acts as a data controller. This means we decide how to process your data and have certain responsibilities in relation to your data.
It also describes your data protection rights, including the right to object to some of the processing which Noah carries out. These rights vary according to the laws in different jurisdictions. More information about your rights, and how to exercise them, is set out in the local jurisdiction addendums.
Please note that some privacy rights and obligations may differ in certain locations based on applicable local data protection laws. We have included supplemental information for certain jurisdictions as addendums to this Notice.
- Personal data we process about you
We collect and process personal data about you when you interact with us, our websites, mobile apps, emails or social media pages, and when you access or use our products and services. This includes:
| Category | Details |
|---|---|
| Identification Information | Your name, username and password (or other login credentials), gender, age/date of birth, facial biometrics (based on your ID and provided selfie and/or video), passport or driving licence, tax identification number, or details from any other identity documents you provide to us. |
| Contact Information | Your title, name, home address (and address history), email address and phone number. |
| Marketing Information | Your marketing preferences, including any consents you have given us. |
| Device and Web Information | Online identifiers (including IP address), information related to the browser or device you use to access our websites and/or mobile applications, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page. This also includes information obtained via cookies and similar technologies – see our [Cookie Policy] for further information. |
| Financial Information | Banks account details, card details, wallet address details and transaction details. |
| Account Activity Information | Information about your relationship with us, including the products and services you use, and your ways of interacting with us. |
| Due Diligence and Compliance Information | Information from investigations we conduct such as due diligence checks, sanctions and anti-money laundering checks and information collected and used for our other regulatory and compliance checks. |
| Support and Complaints Information | Details about your query or complaint, and the progress and outcome of your query or complaint. |
Sometimes, we receive information about you from third parties and public sources. In particular:
- Third Party Partners:
- Where you access our services via one of our third-party financial institution or technology partners, that third party partner will provide us with data about you, such as your name, contact details, and information about transaction you are looking to initiate via that third party partner.
- Our Group of Companies:
- We receive information about you, such as customer information (e.g. your name, address and contact details), transaction information, identity and fraud prevention data, and product usage Information, from our group of companies.
- Identity Verification and Fraud Prevention Providers:
- We request personal data from third parties, whom we use to check your identity and risk profile. In particular, we use fraud prevention agencies and providers of identity verification checks.
- Public Sourced and Databases:
- We search public sources, such as news reports that may link you to fraud, money laundering or crime, and United Nations Sanctions Lists. We also search public sources to identify politically exposed people using our services.
- Regulators and Law Enforcement Agencies:
- We receive personal data from regulators and law enforcement agencies about you. This could happen when you make a transaction via our services and/or set up an account with us.
- Information on the Blockchain:
- We may analyse public blockchain data, such as transaction or event timestamps, transaction IDs, digital signatures, transaction amounts, and wallet addresses (“Blockchain Data”).
- Marketing and Analytics Providers
- We receive information from marketing partners and providers to analyse your website usage and interactions.
- How do we use this information
We will process your personal data for the purposes set out below:
- To register and create an account on our website and/or app.
- To provide you with our products and services, such as allowing you to purchase or sell certain digital currencies, digital assets or other digital commodities to or from Noah.
- To verify your identity and carry out Know-Your-Client (KYC) checks anti-money laundering, sanctions and anti-terrorism law and other compliance checks.
- To verify your accounts, your device, phone number and email address to make sure they belong to you and aren’t being used for fraud, terrorism, money laundering or crime.
- To monitor accounts to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law.
- To manage our relationship with you, including to provide you with assistance and support.
- To send you direct marketing in relation to our relevant products and services, or other products and services provided by us, our affiliates and carefully selected partners with your consent.
- In connection with protecting and enforcing the rights, property, security or safety of us, our business, our customers or others, including investigating and helping to prevent unlawful activities.
- Meeting requests from any regulatory, prosecuting, law enforcement, tax or governmental authorities, courts or tribunals.
- Information security purposes (including detecting, investigating, monitoring, remediating and/or preventing security or cyber incidents) and detecting and preventing fraud.
- In connection with establishing, exercising or defending legal claims, including enforcing and carrying out contracts and agreements.
- For audit and investigative purposes.
- In order to manage and operate our website, including to keep it updated and relevant, to develop our business and to inform our marketing strategy.
- For the purposes set out in our [Cookie Policy] in relation to the use of cookies and similar technologies.
- Privacy in relation to blockchains
Please note that we will record certain transactions on a public blockchain. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. If you interact with our products and services (including via third party partners) to initiate a transaction, Blockchain Data will be recorded on the blockchain. While this information does not contain your name, it is stored on the blockchain where all transactions are transparent and viewable by anyone in principle for as long as the blockchain exists. This transparency is a core feature of most blockchains, ensuring trust and security.
By itself, your public key address doesn’t directly identify you. However, if it’s linked to other information - like if you share your address publicly and link it to you - this may lead to your identification and the revelation of personal data.
We also want to note that because blockchains are decentralized or third-party networks which are not controlled or operated by Noah, we are not able to erase, modify, or alter personal data on such networks.
However, it also means you should be mindful of how and where you use your public address if you want to protect your privacy.
- How we share your personal data
We share your data with the following categories of recipients:
| Recipient | Why? |
|---|---|
| Noah Group of Companies | To operate, improve, and develop our services, respond to your requests, process. |
| Banking Partners and Third-Party Service Providers | To provide services to you, including to execute transactions and fulfil our contractual obligations to you. We also employ other companies and individuals to perform functions on our behalf. Examples include website hosting and maintenance, customer service operations, identity checking, sending communications and providing customer service. |
| Third-Party Partners | Where you access our services via a third party, we will share personal data with that party to enable the provision of the products/services. |
| Credit reference agencies, law enforcement and fraud prevention agencies | To prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law. |
| Prospective buyer/seller and advisers | In the event that the business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business. |
| Analytics and Marketing Vendors | To analyse how you use our services, website and our mobile app, and interact with our emails. |
We use only those service providers who have installed/committed to install appropriate technical and organisational security measures and we ensure that such service providers comply with the appropriate personal data protection, security and confidentiality obligations.
- Updates to this Notice
We reserve the right to update this Notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
- Contact us
If you have questions about this notice or wish to contact us for any reason in relation to our personal data processing, please contact us at support@noah.com or you can write to us using the relevant postal address:
- Noah Savings (UK) Limited
- Contact Address: 4th Floor, Sleek Technologies Limited, 205 Regent Street, London, England, W1B 4HB
- Noah Savings UAB
- Contact Address: Laisvės pr. 60, Vilnius, LT-05120, Lithuania
- Noah Savings Inc. (United States)
- Contact Address: 7104, 78 SW 7th St, Miami, FL 33130, USA
- Noah Savings Inc. (Canada)
- Contact Address: 6th Floor – 905 West Pender St., Vancouver, BC V6C 1L
ADDENDUM 1: EEA/UK
Where EEA or UK data protection law applies, the additional information in this Addendum applies.
- What is our legal basis for our processing of personal data?
In relation to the purposes set out above, our legal bases are set out in the table below.
The relevant legal bases we refer to are as follows:
- Contractual necessity – it is necessary for us to process your personal data in order to perform our contract with you, or to take steps at your request prior to entering into a contract with you. To fulfil these obligations or to take these steps, we have to use your personal data.
- Consent – in certain limited cases, we ask for your consent to use your data. Whenever we ask with your consent we will explain the situations where we use your data and for what purposes.
- Legitimate interests – we can process your personal data when this is necessary for us to achieve a business purpose, or where this is necessary for someone else to achieve their purpose. We explain below what interests we, or others, are trying to achieve when we process your personal data. Where we process personal data on the basis of a legitimate interest, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals and to determine whether individuals’ interests outweigh our interests in the processing taking place. You can obtain more information about this balancing test by using the contact details at the end of the notice.
- Legal obligation – as an organisation we have obligations to comply with legal, regulatory and other requirements under EU or Member State/UK laws, as applicable. In certain cases, we will have to use your data to meet these obligations.
- Public interest – it is necessary for us to process your personal data for the performance of a task carried out in the public interest.
| Purpose | Legal basis | Examples of Personal Data |
|---|---|---|
| To register and create an account on our website and/or mobile app. | Contractual necessity | Identification Information Contact Information Due Diligence and Compliance Information |
| To provide you with products and services, such as allowing you to purchase or sell certain digital currencies, digital assets or other digital commodities to or from Noah. | Contractual necessity | Financial Information |
| To verify your identity and carry out Know-Your-Client (KYC) checks anti-money laundering, sanctions and anti-terrorism law and other compliance checks. | Where legally required under EU or EU Member State law/UK law (as applicable), legal obligation or public interest. | Identification Information Contact Information Due Diligence and Compliance Information |
| To verify your accounts, your device, phone number and email address to make sure they belong to you and aren’t being used for fraud, terrorism, money laundering or crime. | Where legally required under EU or EU Member State law/UK law (as applicable), legal obligation. Otherwise, legitimate interests. | Identification Information Contact Information Device and Web Information Due Diligence and Compliance Information |
| To monitor accounts to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law. | Where legally required under EU or EU Member State law/UK law (as applicable), legal obligation. Otherwise, legitimate interests. | Identification Information Device and Web Information Due Diligence and Compliance Information |
| To manage our relationship with you, including to provide you with assistance and support. | Contractual necessity and/or where legally required under EU or EU Member State law/UK law (as applicable), legal obligation or public interest. | Support and Complaints Information |
| To send you direct marketing in relation to our relevant products and services, or other products and services provided by us, our affiliates and carefully selected partners. | Your consent where required by EU or EU Member State law/UK law (as applicable). | Marketing Information Account Activity Information |
| In connection with protecting and enforcing the rights, property, security or safety of us, our business, our customers or others, including investigating and helping to prevent unlawful activities. | Legitimate interests. | Device and Web Information Account Activity Information |
| Meeting requests from any regulatory, prosecuting, law enforcement, tax or governmental authorities, courts or tribunals. | Where legally required under EU/UK law (as applicable), legal obligation. | Due Diligence and Compliance Information |
| Information security purposes (including detecting, investigating, monitoring, remediating and/or preventing security or cyber incidents) and detecting and preventing fraud. | Where legally required under EU/UK law (as applicable), legal obligation. Otherwise, legitimate interests. | Device and Web Information Account Activity Information |
| In connection with establishing, exercising or defending legal claims, including enforcing and carrying out contracts and agreements. | Legitimate interests. | Account Activity Information |
| For audit and investigative purposes. | Legitimate interests. | Account Activity Information Due Diligence and Compliance Information |
| In order to manage and operate our website, including to keep it updated and relevant, to develop our business and to inform our marketing strategy. | Your consent where required by EU or EU Member State law/UK law (as applicable). Otherwise, legitimate interests. | Device and Web Information |
| For the purposes set out in our [Cookie Policy] in relation to the use of cookies and similar technologies. | Your consent where required by EU or EU Member State law/UK law (as applicable). Otherwise, legitimate interests. | Device and Web Information |
There are instances where we have a legitimate interest to use your data. Our legitimate interest will vary depending on what we are using your data for, and we explain above what the interest is and how it relates to the processing operations that we are carrying out. Where we process personal data on the basis of a legitimate interest, then – as required by data protection law – we have carried out a balancing test to document our interests, to consider what the impact of the processing will be on individuals and to determine whether individuals’ interests outweigh our interests in the processing taking place. You can obtain more information about this balancing test by using the contact details at the end of the notice.
- Where we transfer your personal data
Personal data that we process may be transferred to and stored at a destination outside the United Kingdom (UK) or European Economic Area (EEA), including the United States and Canada.
Where there is a European Commission or UK adequacy decision for a country, we rely on that adequacy decision. Where these locations do not provide an adequate level of data protection, we ensure appropriate safeguards are in place to protect the transfer of your personal data to these countries. We transfer your personal data pursuant to an agreement incorporating the current UK Addendum to the EU Standard Contractual Clauses adopted by the UK or the International Data Transfer Agreement where UK data protection law applies and the EU standard contractual clauses adopted by the European Commission where EEA data protection law applies. Where applicable, we rely on EEA/UK Processor Binding Corporate Rules or the EU-US Data Privacy Framework where UK data protection law applies / UK extension to the EU-US Data Privacy Framework where UK data protection law applies.
A copy of the relevant mechanism can be obtained for your review on request by using the contact details provided in this Notice.
- Your choices and rights
You have the following rights:
| Right | Summary |
|---|---|
| The right of access | Enables you to receive a copy of your personal data |
| The right to rectification | Enables you to correct any inaccurate or incomplete personal data we hold about you |
| The right to erasure | Enables you to ask us to delete your personal data in certain circumstances |
| The right to restrict processing | Enables you to ask us to halt the processing of your personal data in certain circumstances |
| The right to object | Enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party), including processing for direct marketing purposes or profiling for purposes of direct marketing, or where we are performing a task in the public interest - your objection will be upheld, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for the exercise or defence of legal claims that may be brought by or against us. |
| The right to data portability | Enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible |
| For France only, the right to instruct us regarding the use of your personal data after your death | Enables you to instruct us on the processing (retention, deletion, and disclosure) of your personal data after your death. You can change or revoke such instructions at any time. |
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. Your rights may also be limited to ensure the prevention, investigation, detection or prosecution of criminal offenses or the enforcement of criminal sanctions, including the protection against threats to public safety and their prevention, public safety, and in the cases of restriction of rights specified in the Article 23 of GDPR.
If you wish to exercise any of these rights, please contact us using the contact details in this Notice.
Wherever we rely on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
If you are our client, we may use your contact details for the purpose of direct marketing or marketing of similar services (e.g. by sending short messages, newsletters) by providing you with a clear, free and easy-to-implement option to disagree to or opt out of such use of contact details for the above purposes, and if you have not initially disagreed to such use of data. In all other cases, we may use your contact details for direct marketing purposes only with your prior consent. Please note that sending e-mails (including the provision of informative messages in your account), calls, the content of which is related to the execution of concluded contracts between us and you, are not considered direct marketing activities.
You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out in this Notice.
Sometimes, we use your data (including information we gather from third parties) to make automated decisions about you. For example, when you apply for an account or as part of our ongoing relationship, we use technology to automatically process data about you (such as your name, addresses, phone numbers, email, devices, or bank accounts) to:
- Detect and prevent fraud: Our automated systems help us identify and stop any fraudulent activity by spotting risks and patterns of suspicious behaviour, ensuring your account and our services are protected.
- Evaluate whether to offer you products or services: We assess if your data or behaviour presents risks related to fraud, money laundering, or financial crimes. This includes checking for inconsistencies in the information you've shared or any indications of hiding your true identity, as well as comparing your details with known fraudulent activities. By using automated systems, we can make fair and consistent decisions, helping us offer better service while safeguarding your account and maintaining the integrity of our products.
In some cases, automated decisions may result in your account application or a transaction being declined. If this happens, you have the right to challenge the decision. For more information on this, please contact us using the details in this Notice.
If you have unresolved concerns, for the EEA, you have the right to complain to a data protection authority in the country that you reside in or, the country of your place of work or the country where the alleged infringement took place. For the UK, you have the right to complain to the UK Information Commissioner.
Where we collect personal data to administer our contract with you or to comply with our legal obligations, this is mandatory, and we will not be able to provide our products and services without this information. In other cases, provision of the requested personal data is optional (such as when you provide it to us as described above), but this may affect your ability to procure or access certain functionalities, products or services where the information is needed for those purposes.
- How long we retain your personal data
Noah will retain your data for different periods based on the nature and status of your relationship with us. When deciding how long to keep your data, we consider our legal and regulatory obligations, as well as our legitimate interests, such as preventing fraud, responding to regulatory or supervisory inquiries, handling complaints, and managing legal claims or disputes.
If you have a Noah account, we will keep your information for as long as the account is open and for a further 5 years after its closure (and in some cases for longer, but only if we have a lawful basis to do so, including if requested by a supervisory authority).
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.
- Personal identification tools used by us
We use the services provided by Sumsub to identify you and confirm your identity. More information about Sumsub can be found in the Privacy Policy of this company.
The Sumsub solution is used to compare live photos or video of your face with your provided ID to comply with legal obligations (for instance, to implement the requirements of prevention of money laundering and terrorist financing or other requirements to prevent fraud and crimes) and risk management obligations.
The result of the face similarity (match or non-match) will be stored for as long as it is necessary to carry out the verification and for the period established by the legislation on the prevention of money laundering and terrorist financing.
The verification of your face similarity is a one-time user authorization made by comparing a person’s photos with the data obtained during the verification. Your face template is not created, saved or stored. The original data cannot be recovered from the stored information.
When using the Sumsub solution, the personal data is used to determine your identity, as Sumsub compares the image of the person in the identity document and the person captured in the photo. This process allows us to identify you more accurately and the process itself is faster and easier to carry out. If you are not satisfied with this method of identification, you can contact us by email address support@noah.com regarding another identification method.
- Third-party websites, cookies used in our website
In our website, we may provide links to or from the websites of partners, information sources, and related parties. Please note that third-party websites that you access by following links on our website have their own privacy policies and we are not responsible for these privacy policies. Before submitting any personal data to another website, familiarize yourself with that the rules of the website, privacy policy and other information provided on that website.
We use cookies. More information on how to manage cookies, browser settings or how to delete cookies can be found in our [Cookie Policy].
ADDENDUM 2: CANADA
Where Canadian privacy law applies, the additional information in this Addendum applies as further set out in section 1 below.
1. Application of this Addendum
Under applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (Canada) and the Personal Information Protection and Electronic Documents Act (Canada) your consent is required for the collection, use, and disclosure of your Personal Information, except in certain limited situations permitted by law. Applicable Canadian privacy legislation defines “Personal Information” as information about an identifiable individual. Our Notice and this addendum apply solely to Personal Information and does not apply to public information of a general nature that is not also Personal Information. The terms of this Addendum apply solely to Personal Information collected from individuals located within Canada at the time of collection or otherwise subject to applicable Canadian privacy legislation.
2. Consent and Use of Personal Information
We collect Personal Information from you when you voluntarily provide it through our platform or by using our products and services, as set out in section 2 of our Notice and use that information as set out in sections 3 to 5 of our Notice. By using our products and services you consent to the collection and use of your Personal Information on this basis.
3. Storage of Personal Information
We will retain your Personal Information for the period reasonably necessary to fulfil the purposes for which it was collected or as necessary to comply with our legal obligations. Different pieces of Personal Information may be retained for different time periods based on these requirements. Some or all the information we collect may be stored or processed in jurisdictions outside of Canada. As a result, this information may be subject to access requests from governments, courts, or law enforcement in those jurisdictions according to laws in those jurisdictions.
4. Withdrawal of Consent
You may withdraw your consent to our collection, use, and disclosure of your Personal Information at any time, subject to legal and/or contractual restrictions and reasonable notice. Your withdrawal of consent to our collection, use and disclosure of your Personal Information may impact your ability to use our products of services. To withdraw consent, please contact our Privacy Officer by using the contact information provided below.
5. Access and Rectification
You have a right to challenge the accuracy and completeness of your Personal Information and to have it amended or deleted, as appropriate. You also have a right to request access to your Personal Information and receive an accounting of how that information has been used and disclosed, subject to certain exceptions prescribed by law. For example, if the requested information would reveal Personal Information about another individual, your request for access may be limited or denied. To request access or to amend your Personal Information, please write to our Privacy Officer at by using the contact information provided below.
6. Privacy Officer
If you have any questions or concerns about this Notice or the handling of your Personal Information, if you wish to withdraw your consent to our use or disclosure of your Personal Information, or to request access to or update any of your Personal Information we have on file, please contact our Privacy Officer at: support@noah.com.