Privacy policy
This Privacy Policy (the “Policy”) explains how NEUROVISION GLOBAL INTELLIGENCE — FZCO, Registration Number 72252, Trade License Number 74254, registered office at IFZA Business Park, DDP, PO Box 342001, Dubai, United Arab Emirates (“Company”, “we”, “us” or “our”), collects, uses, stores, discloses, and otherwise processes Personal Data in connection with:
(a) the website located at https://nv.global/ and any associated webpages, landing pages, documentation pages, contact forms, trial pages, developer pages, portals, and related online resources (the “Website”); and
(b) our identity verification, face recognition, liveness, document verification, AML/KYC/KYB, analytics, API, SDK, developer, sandbox, and related products and services (collectively, the “Services”).
This Policy is intended to address both:
(i) Personal Data relating to visitors and users of the Website, business customers, and customer personnel; and
(ii) Personal Data relating to end users, end customers, representatives, beneficial owners, authorized signatories, or other individuals whose Personal Data is submitted to or processed through the Services by our business customers (“Business Customer End Users”).
By accessing or using the Website, or by otherwise interacting with us, you acknowledge this Policy. Where consent is required under applicable law, we will request such consent separately in the appropriate manner.
1. Role Allocation
1.1. When we act as Controller
We act as a controller (or equivalent concept under applicable law) in relation to Personal Data that we collect and process for our own purposes, including, without limitation:
(a) Website usage data;
(b) contact and inquiry data;
(c) marketing and communications data;
(d) account, trial, onboarding, and developer portal data relating to our customers and prospective customers;
(e) billing, contract administration, service management, and relationship management data;
(f) security, fraud prevention, abuse prevention, compliance, audit, and legal defense data; and
(g) any other Personal Data we process for our own legitimate business purposes in accordance with applicable law.
1.2. When we act as Processor
Where a business customer submits end-users` Personal Data to the Services for identity verification, onboarding, AML/KYC/KYB screening, face comparison, liveness detection, document verification, authentication, fraud prevention, or similar purposes, we generally act as a processor or similar intermediary acting on that business customer’s documented instructions, while the relevant business customer acts as the controller.
In those circumstances, the business customer is primarily responsible for:
(a) determining the purposes and legal basis for the processing;
(b) providing required privacy notices to Customer End Users;
(c) obtaining any required consents or authorizations;
(d) ensuring that the submitted Personal Data may lawfully be disclosed to us; and
(e) responding to data subject requests, except to the extent we are required to assist under applicable law or contract.
1.3. Limited Independent Processing
Even where we primarily process Customer End-User Personal Data on behalf of a customer, we may also process certain related data as a controller for limited purposes such as:
(a) maintaining the security, integrity, availability, and resilience of the Services;
(b) preventing fraud, misuse, abuse, and unlawful activity;
(c) maintaining audit trails, logs, and compliance records;
(d) establishing, exercising, or defending legal claims;
(e) complying with legal, regulatory, law enforcement, sanctions, or reporting obligations; and
(f) carrying out internal governance, risk management, and incident response activities.
2. Definitions
For the purposes of this Policy:
| “Personal Data” | means any information relating to an identified or identifiable natural person, or any equivalent concept under applicable law. |
| “Sensitive Personal Data” | means any category of Personal Data that is subject to enhanced protection under applicable law, including, where applicable, biometric data, identification document data, and data revealing protected characteristics. |
| “Business Customer” | means any legal entity, business user, partner, merchant, institution, or other organization that uses or seeks to use our Services. |
| “Processing” | means any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, use, consultation, disclosure, transfer, combination, restriction, deletion, or destruction. |
3. Categories of Personal Data We Process
The categories of Personal Data we process depend on the nature of the relationship, the specific Service configuration, the applicable workflow, and the applicable law.
3.1. Personal Data of Website Users and Customer Personnel
We may process the following categories of Personal Data:
(a) Identity and contact data, such as full name, company name, job title, business email address, telephone number, country, and other contact details;
(b) Inquiry and correspondence data, such as the contents of forms, emails, demo requests, support requests, meeting requests, call scheduling details, and other communications you send to us;
(c) Account and onboarding data, such as account credentials, workspace data, project identifiers, API key metadata, integration status, trial enrollment details, subscription information, and support history;
(d) Technical and usage data, such as IP address, browser type, device type, operating system, language, time zone, referral URLs, session logs, page views, clickstream data, timestamps, crash and diagnostics data, and similar telemetry;
(e) Cookie and similar technology data, such as cookie identifiers, device identifiers, session identifiers, and other data collected via cookies, SDKs, pixels, tags, or similar technologies;
(f) Marketing and preference data, such as consent preferences, newsletter subscription status, event participation, communication preferences, and response history;
(g) Payment, billing, and commercial data, to the extent relevant, such as billing contact details, invoicing data, transaction records, and commercial relationship information; and
(h) Any other data you voluntarily submit to us.
3.2. Personal Data of Business Customer End Users
Depending on the specific Service used and the Business Customer’s configuration, we may process some or all of the following categories of Personal Data on behalf of Business Customers:
(a) Identification data, such as full name, date of birth, nationality, citizenship, gender where applicable, and other identifying information;
(b) Government-issued document data, such as passport, ID card, residence permit, visa, driver’s license, or similar document details, including document number, issuing authority, date of issue, expiry date, document image, barcode data, and data extracted from such documents;
(c) Image and video data, such as selfies, portraits, photographs, live capture, video frames, and liveness interaction data;
(d) Biometric or face-comparison related data, where the relevant Service or workflow requires such processing and where permitted by applicable law, including facial comparison inputs, liveness signals, spoof-detection signals, and, where technically necessary, biometric features or derived comparison data;
(e) Verification and screening results, such as document authenticity checks, face match results, liveness results, sanctions/PEP/watchlist screening results, risk flags, fraud indicators, and confidence or similarity scores;
(f) Business verification / KYB data, including company registration data, corporate documents, beneficial ownership information, representative data, and authorized signatory details;
(g) Device, network, and risk data, such as IP address, device identifiers, technical environment, access timestamps, geolocation inferred from IP where permitted, and anti-fraud / anti-abuse signals;
(h) Transaction and case management data, where relevant to the configured Service, such as onboarding case IDs, workflow status, operator comments, review outcomes, audit logs, and decision support data; and
(i) Support and audit data, including records of issues reported, troubleshooting materials, support attachments, and administrative logs.
4. Sources of Personal Data
We may collect Personal Data:
(a) directly from you when you visit the Website, contact us, register for a trial, request a demo, create an account, subscribe to communications, or otherwise interact with us;
(b) automatically from your device or browser through cookies, logs, analytics, and similar technologies;
(c) from our Business Customers, where they submit Business Customer End User`s Personal Data to the Services;
(d) from service providers, business partners, resellers, integrators, and other third parties acting on your or the Business Customer’s instructions;
(e) from publicly available sources, sanction lists, watchlists, corporate registries, fraud databases, and similar sources, where relevant to the Services and permitted by law; and
(f) from internal corporate systems, affiliates, or group entities, where relevant to lawful business operations.
5. Purposes of Processing and Legal Bases
5.1. Our own Purposes
We may process Personal Data for the following purposes:
(a) to operate, administer, secure, and improve the Website;
(b) to respond to inquiries, provide demos, arrange meetings, and communicate with prospects, customers, partners, and other business contacts;
(c) to register and administer accounts, trials, sandbox access, developer access, API access, and customer onboarding;
(d) to provide support, maintain documentation, troubleshoot issues, and manage customer relationships;
(e) to send service-related notices, legal notices, administrative communications, and, where permitted, marketing communications;
(f) to analyze Website usage, improve user experience, measure engagement, develop new features, and enhance our Services;
(g) to detect, prevent, investigate, and address fraud, abuse, unauthorized access, security incidents, and other harmful or unlawful conduct;
(h) to comply with legal, regulatory, accounting, tax, sanctions, and reporting obligations; and
(i) to establish, exercise, or defend legal claims and protect our rights, systems, personnel, customers, and business.
Depending on the circumstances and applicable law, legal basis on which we process your data as sole controller may include:
(i) performance of a contract or steps taken at your request prior to entering into a contract;
(ii) our legitimate interests;
(iii) your consent;
(iv) compliance with legal obligations; and/or
(v) any other legal basis available under applicable law.
5.2. Customer End-User Data processed on behalf of Business Customers
Where we process Personal Data on behalf of Customers, the relevant Customer determines the applicable legal basis for such processing. The relevant legal basis may include, depending on the Customer’s workflow and applicable law:
(a) performance of a contract with the Customer End User;
(b) compliance with legal or regulatory obligations, including KYC/AML obligations;
(c) legitimate interests in fraud prevention, account security, and onboarding integrity;
(d) protection against identity theft, impersonation, and other abuse;
(e) explicit consent, where required; and/or
(f) any other lawful basis available under applicable law.
5.3. Our Limited Controller Purposes
Where we process related Service data for our own limited purposes, our legal bases may include:
(a) legitimate interests in maintaining Service security, stability, abuse prevention, records, and internal governance;
(b) compliance with legal obligations;
(c) establishment, exercise, or defense of legal claims; and
(d) any other legal basis permitted by applicable law.
6. Automated Processing and Service Outputs
Certain Services may use automated tools to analyze documents, facial images, liveness signals, watchlist matches, technical signals, or fraud indicators.
Where we process data on behalf of a Business Customer:
(a) such processing is typically carried out in accordance with the Business Customer’s configuration and instructions;
(b) the Business Customer is responsible for assessing whether any legally significant decision may be based on such outputs and for ensuring that any such use complies with applicable law; and
(c) we do not intend this Website Policy alone to replace any Business Customer-facing privacy notice that the Business Customer is separately required to provide to its own end users.
7. Cookies and Similar Technologies
We may use cookies, SDKs, tags, pixels, local storage, and similar technologies to:
(a) ensure the proper operation, reliability, and security of the Website;
(b) remember user preferences and settings;
(c) measure traffic, performance, and engagement;
(d) improve functionality and user experience; and
(e) where permitted, support analytics, communications, or marketing activities.
Where required by law, we will request your consent before placing non-essential cookies or similar technologies on your device. You may also manage cookies through your browser settings or any cookie preference tools we make available.
8. Disclosure of Personal Data
We may disclose Personal Data to the following categories of recipients, to the extent necessary and permitted by law:
(a) our affiliates and group entities;
(b) cloud hosting providers, infrastructure providers, analytics providers, CRM providers, customer support tools, communication providers, identity and fraud technology partners, screening data providers, and other service providers acting on our behalf;
(c) professional advisers, auditors, insurers, accountants, and legal counsel;
(d) Business Customers, where relevant to the provision of the Services to them, support, case handling, or the handling of Business Customer End-User requests;
(e) counterparties and advisors in connection with a merger, acquisition, reorganization, financing, sale of assets, or similar corporate transaction;
(f) competent courts, regulators, supervisory bodies, law enforcement authorities, sanctions authorities, tax authorities, or other public authorities, where required or permitted by law; and
(g) any other person with your consent or on your documented instruction.
We may also disclose aggregated, anonymized, or de-identified information that does not identify an individual, subject to applicable law.
9. International Transfers
We operate internationally and may process Personal Data in the United Arab Emirates and in other jurisdictions where we, our affiliates, our Business Customers, or our service providers operate.
Where Personal Data is transferred across borders, we will take steps designed to ensure an appropriate level of protection in accordance with applicable law. Such steps may include, where required:
(a) reliance on an adequacy determination;
(b) contractual safeguards;
(c) intra-group data transfer arrangements;
(d) technical and organizational security measures; and/or
(e) any other transfer mechanism recognized by applicable law.
10. Data Retention
We retain Personal Data only for as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.
Retention periods are determined by reference to factors such as:
(a) the nature and sensitivity of the data;
(b) the purpose for which the data was collected;
(c) whether the data is required for the performance of a contract or the provision of the Services;
(d) applicable statutory limitation periods;
(e) legal, regulatory, accounting, audit, and reporting requirements;
(f) security, fraud prevention, and abuse prevention needs;
(g) the Customer’s documented instructions and contractual arrangements, where we act as processor; and
(h) the need to establish, exercise, or defend legal claims.
Where we process Business Customer End-User Personal Data on behalf of a Business Customer, we generally retain and delete such data in accordance with the relevant contract, Business Customer instructions, system configuration, and applicable law.
11. Data Security
We implement reasonable and appropriate technical, organizational, contractual, and administrative measures designed to protect Personal Data against unauthorized or unlawful access, acquisition, disclosure, alteration, loss, misuse, or destruction.
Such measures may include, where appropriate:
(a) access controls and role-based permissions;
(b) encryption in transit and/or at rest where appropriate;
(c) logging and monitoring;
(d) environment segregation;
(e) secure development and testing practices;
(f) vulnerability management;
(g) incident response procedures;
(h) vendor due diligence; and
(i) staff confidentiality and security obligations.
No system, network, or method of transmission over the Internet is entirely secure. Accordingly, while we take appropriate measures, we cannot guarantee absolute security.
12. Your Rights
Subject to applicable law, you may have the right to:
(a) obtain information about the Personal Data we hold about you;
(b) request access to your Personal Data;
(c) request correction of inaccurate or incomplete Personal Data;
(d) request deletion or erasure of Personal Data;
(e) request restriction of processing;
(f) object to certain processing;
(g) withdraw consent, where processing is based on consent;
(h) request portability of Personal Data, where applicable;
(i) object to certain automated processing or profiling, where applicable; and
(j) lodge a complaint with a competent supervisory authority.
12.1. Website Users and Customer Personnel
If you interact with us directly and we process your Personal Data as controller, you may submit your request to us using the contact details set out below.
12.2. Business Customer End Users
If your Personal Data was submitted to the Services by or on behalf of one of our Business Customers, that Business Customer is usually the primary point of contact for your request, because it generally determines the purpose and means of the relevant processing.
If you contact us directly in relation to Business Customer End-User data:
(a) we may require information reasonably necessary to verify your identity;
(b) we may forward your request to the relevant Business Customer; and
(c) we may respond directly where required or permitted by applicable law, contract, or operational necessity.
13. Children`s Privacy
The Website and Services are intended for business and professional use and are not directed to children.
We do not knowingly collect Personal Data directly from children through the Website unless such processing is expressly supported by an appropriate legal basis, appropriate notices, and all required authorizations under applicable law.
If you believe that a child has provided Personal Data to us unlawfully, please contact us so that we may take appropriate steps.
14. Third-Party Links
The Website may contain links to third-party websites, tools, or services. This Policy does not apply to third-party websites, products, or services that we do not control. We encourage you to review the privacy notices of those third parties.
15. Changes to this Policy
We may amend or update this Policy from time to time to reflect changes in law, regulation, our business practices, our Services, or Website functionality.
The updated version will become effective when posted on the Website, unless a later date is specified. Where required by applicable law, we will provide additional notice or request renewed consent.
16. Contact Details
If you have questions, requests, or complaints regarding this Policy or our processing of Personal Data, please contact:
NEUROVISION GLOBAL INTELLIGENCE — FZCO
| Registration Number: | 72252 |
| Trade License Number: | 74254 |
| Registered office: | IFZA Business Park, DDP, PO Box 342001, Dubai, United Arab Emirates |
| Email: | top@nv.global |
