This Policy applies to Niivesh Capital (referred to as “Niivesh Capital”, “we”, “our”, “us”) with its registered address at Lupos Suites, Orleans Street, Port-Louis, Mauritius, operating under the supervisory reference of the Union of Comoros Offshore Finance Authority, and extends to and covers all operations and functions of Niivesh Capital.
All third parties (including clients, suppliers, sub-contractors, or agents) that have access to or use personal information collected and held by Niivesh Capital must abide by this Privacy Policy. Niivesh Capital makes this Policy available free of charge.
This Policy is in line with Article 24 of the General Data Protection Regulation (EU 2016/679) and applicable international anti-money-laundering and data-protection standards. Taking into account the nature, scope, context, and purposes of processing—as well as the risks to the rights and freedoms of natural persons—Niivesh Capital has implemented appropriate technical and organisational measures to ensure compliance with the GDPR and other relevant regulations.
Where the GDPR applies to your personal information, Niivesh Capital will be the responsible data controller for any personal information you provide to us in connection with your relationship with us.
We may collect and hold the following kinds of personal information:
We generally collect personal information directly from you—for example, when you submit an application, visit our website, use our platform, contact us, or otherwise interact with us. We may also collect personal information from third parties (e.g., service providers, verification partners, credit reporting bodies where permitted). Where we receive information from a third party, we take reasonable steps to ensure you are or have been made aware of the matters set out in this Policy.
We do not collect sensitive information unless you have consented or an exemption under applicable law applies (e.g., where required by law, fraud prevention, or to take action regarding suspected unlawful activity).
If the information we request is not provided, we may be unable to provide services or meet your needs appropriately. For regulatory reasons, we generally cannot deal with individuals anonymously or under a pseudonym when providing client services requiring identity verification.
Where GDPR applies, we will also inform you when collection is required under a contract or law, whether we rely on consent and your right to withdraw it, your data subject rights (see “Access to Personal Information”), your right to complain to a supervisory authority, and if we use automated decision-making (including profiling) that produces legal or similar significant effects.
If we receive unsolicited personal information, our staff must notify the Privacy Officer. We will destroy or de-identify unsolicited personal information unless it is relevant to our purposes for collection.
We may collect information about:
If necessary, we may also collect information about trustees, partners, company directors/officeholders, nominated agents, and other one-off third parties dealing with us.
We use and disclose personal information for the primary purposes above, reasonably related secondary purposes, and as otherwise permitted or required by applicable laws and regulations, including anti-money laundering and counter-terrorist financing (AML/CTF) requirements.
We may process personal information to:
With your consent (where required) or where otherwise legally permitted, we may also communicate via approved channels to keep you informed about products, services, events, and offers. Sensitive information is used or disclosed only for the purpose for which it was provided or a directly related purpose, unless you agree otherwise or the law permits.
We may engage third parties to perform services on our behalf. They are restricted from using personal information except for the specific purpose for which we supply it and may not use it for their own direct marketing.
We take reasonable steps to destroy or de-identify personal information that is no longer required.
Legal bases under GDPR may include contract necessity, legitimate interests, vital interests, legal obligations, the establishment/defence of legal claims, or your consent.
We may disclose personal information to overseas recipients, including introducing brokers selected by you and cloud or infrastructure providers whose servers may be located in multiple jurisdictions (e.g., EU/EEA, UK, US, APAC). We take reasonable steps to ensure recipients provide an adequate level of protection consistent with this Policy and applicable law, or we obtain your consent where required.
We apply administrative, technical, and physical safeguards designed to protect personal information against interference, misuse, loss, and unauthorised access, modification, or disclosure, including:
We retain personal information as necessary to provide requested products/services and to administer our relationship with you. We also keep certain records to comply with legal and regulatory obligations (e.g., AML/CTF record-keeping). When retention ends, we will delete or de-identify data unless a longer period is required by law or you have consented to extended retention.
We may use third-party service providers to help promote our products and services. We will not use personal information for direct marketing where prohibited. Where required, we obtain your consent, and in all cases provide a simple way to opt out. For sensitive information, we only use it for direct marketing with your explicit consent.
Where GDPR applies, we send marketing communications only if you have opted in (you may opt out at any time).
We do not use government-issued identifiers (e.g., tax or social security numbers) as our internal identifiers. We endeavour to avoid data matching except where permitted or required by law.
We aim to ensure the personal information we collect, hold, use, and disclose is relevant, accurate, complete, and up-to-date. Please contact us to correct your information. Where we are satisfied information is inaccurate, we will take reasonable steps to correct it within 30 days (or as otherwise required). We do not charge for corrections and may notify third parties to whom the data was previously disclosed, where appropriate.
You may request access to personal information we hold about you by contacting our Privacy Officer (see “Complaints handling”). We will respond within 30 days. If we refuse access, we will provide reasons unless legally restricted. We will require identity verification and a description of the information sought. A reasonable administrative fee may apply for copies.
If GDPR applies to you, in addition to the rights outlined above, you may: (i) update or rectify your personal data; (ii) withdraw consent where processing is based on consent (without affecting prior processing); (iii) request deletion to the extent permitted by law; (iv) request a copy of your data in a portable format; and (v) lodge a complaint with your local supervisory authority (e.g., the ICO in the UK at ico.org.uk).
We may review and update this Policy from time to time to reflect changes in law, technology, or our operations. The “Last updated” date at the top indicates the most recent revision.
Management is responsible for informing employees and relevant third parties about this Policy and any changes. All employees and relevant parties must understand and comply with this Policy.
New employees receive timely access to this Policy. We provide periodic privacy training covering Niivesh’s obligations and staff responsibilities.
Privacy incidents must be reported to management. Ignorance of this Policy is not an excuse for non-compliance. Employees or relevant third parties who violate this Policy may face disciplinary action and/or contractual remedies.
Contracts with third parties must address privacy and security, including: (i) regulating collection, use, and disclosure; (ii) de-identifying personal data where possible; (iii) securing personal data with access limited to authorised personnel; and (iv) restricting onward disclosures to approved organisations under appropriate safeguards.
We may be required by applicable AML/CTF laws to verify your identity before providing financial services. Electronic verification allows us to confirm your identity using electronic tools and external data sources.
We will ask for your details (e.g., name, address, date of birth) and identification document details and pass these to external organisations to match against their databases. These organisations will advise us whether the information you provided matches their records. Sources may include:
Providing false or misleading identity information may constitute an offence under applicable AML/CTF laws.
By agreeing to our terms, you affirm that:
If you wish to make a privacy complaint, please gather relevant documents, outline the questions you want answered, and contact your account manager or our Privacy Officer. If unresolved, your complaint will be escalated to Compliance for review.
Contact (Privacy & Compliance): support@niivesh.com
We aim to resolve most matters within 21 days; complex cases may take longer. We will keep you informed of our progress.
Where applicable, we comply with data breach notification requirements (including GDPR where it applies). Staff who become aware of a possible breach must immediately report it to the Compliance Manager. We will investigate and, if required, notify affected individuals and/or authorities in accordance with applicable law.
