Privacy Policy
Last update: August 02, 2024
Nabla Finance Interface Privacy Policy
At Nabla Finance, (hereafter “Nabla Finance”, "we", "us", "our"), one of our main priorities is the privacy of participants of the Nabla Finance visiting our website accessible at https://nabla.fi/ (the “Website”) and using Nabla Finance dApp accessible at https://app.nabla.fi/ (the “dApp”) (collectively with the Website, referred to as the “Interface”). That’s the reason why we try our best to collect as little of your personal data as possible. However, since we still need to collect and process some personal data, we have put in place policies and practices to ensure it all goes smoothly and everything is secured.
This privacy policy is intended to inform you about the processing of your personal data we carry out when you access and/or use our Interface (the “Privacy Policy”, the “Policy”). Therefore, it applies to all your interactions with us via our Interface, and your interactions with us in connection therewith. We advise you to carefully read this Policy to understand how we collect and process the data and for which purpose.
This Privacy Policy is however not applicable to any processing of data collected via channels other than the Interface (including any other services or applications provided by third parties). For those, we advise you to consult the corresponding privacy policies.
1. Identity of the Data Controller
We, the Nabla Finance, act as the data controller of the processing of your personal data. It means that we decide “why” and “how” your personal data is processed in connection with the Interface. To contact us, please refer to Section 10 (Contact us) of this Policy.
2. Categories of Data We Process
When you use the Interface, the categories of data that we collect are the following:
Data you voluntarily provide to us when using the Interface:
any identification and contact data such as your email address, your name, and any other personal data you provide to us when communicating with us (in limited circumstances, e.g. when reaching out to our support service or applying to become a contributor);
any data related to your use of the Interface (e.g., wallet addresses (public blockchain addresses), transaction, and balance information (blockchain data) that is accessible when interacting with the Interface);
any personal data required to comply with anti-money laundering (AML), know-your-client (KYC), and know-your-business (KYB) verification requirements (in limited circumstances, e.g. when registering and completing the Resolver Verification Process).
In some cases, the provision of your personal data is necessary in order to provide you with access to certain products available via our Interface and/or the information you request. In any case, we will inform you when the communication of your personal data is necessary.
We have no access to and will never ask for your private keys or wallet seed. Never trust anyone or any application that asks you to enter your private keys or wallet seed.
Data automatically collected when you use the Interface:
We may automatically collect certain data, either directly or through third-party service providers, when you visit and/or use the Interface. Such data does not reveal your specific identity (such as your name or contact information), but may include the following:
Data collected by log files, including internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks.
Analytics and data related to your use of the dApp (e.g., IP address, MAC address, log files, domain server, data related to usage, performance, website security, traffic patterns, and location information).
Behavioral data related to your use of the Interface (including, in particular, and depending on the case, data related to how you interact with our Interface, content viewed, features accessed, your status on our Interface, such as Website/dApp launches, taps, clicks, scrolling data, etc.).
Third-Party Services
We may integrate services and technologies from third parties into some functionality of the Interface. For example, we employ Cloudflare’s performance and security infrastructure as a proxy between you and the dApp. As a result, when you initiate a swap request through the dApp, Cloudflare may collect your IP address. Please be aware that based on this data collection, Cloudflare may block access to the Services. For more information on the eligibility requirements for using the Interface please refer to the Nabla Finance Terms of Use.
Additionally, we use the services of several Remote Procedure Call (RPC) providers, such as QuickNode, Fastnode, Aurora Mainnet RPC, and Arbitrum Mainnet, to facilitate swap operations. The selection of the RPC provider is pre-set based on the blockchain network. When you initiate the swap request through our dApp, the RPC provider usually does not collect your IP address. For more information on how the third parties may independently collect and process information, we recommend reviewing
their privacy policies and associated terms. Please note that we are not responsible for the data protection practices of any third party.
We also use cookies and similar tracking technologies to automatically collect data from and store information on your device when you use, access, or otherwise interact with our Interface.
We may use Google Analytics to analyze user behavior on the Interface. For more information on how Google Analytics processes your personal data, please refer to the Google Analytics Privacy&Terms.
Additionally, we may use Cookie3 or Mixpanel to help us understand your interactions and preferences on the Interface. To know more about how Cookie3 or Mixpanel processes your personal information, please review the their Privacy Program.
Should you wish to opt out of automatic data collection, you have the option to disable cookies. For more information on cookies and other tracking technologies, as well as instructions on how to disable them, please refer to Section 7 of this Policy (Cookies and Other Tracking Technologies).
Blockchain Data
Please note that we are not responsible for (i) your use of Ethereum or any other blockchain and (ii) the use of your personal data as processed in these decentralized and permissionless blockchain networks. Your private key which you utilize to access your Ethereum or other blockchain funds and initiate transactions is stored only on your own device.
You should also be aware that due to the inherent transparency of the blockchain networks, transactions that you approve when using the Interface may be publicly accessible. This includes, but is not limited to, your public sending address, the public address of the receiver, the amount sent or received, and any other data a user has chosen to include in a given transaction.
Transactions and addresses available on blockchain may reveal personal data about the user’s identity, and personal data can potentially be correlated now or in the future by any party who chooses to do so, including law enforcement.
We encourage you to review how privacy and transparency on the blockchain network work.
3. How and Why We Use Your Personal Data
In the table below, you will find the various purposes for which we may process your personal data and the corresponding legal basis. Depending on the circumstances, we use different legal bases to process the same personal data for different purposes.
You also have specific rights depending on the legal basis applied. You always have the right to request access to, rectification of, or deletion of your personal data. These are detailed in Section 8 of this Policy (Your rights).
We process your personal data for the following purposes and on the following legal bases:
To provide the Interface as well as to assess, analyze and improve the performance of the Website and dApp, related services and features; to perform maintenance work. | The processing of your personal data is based on our legitimate interest to optimize our tools and solutions and ensure the satisfaction of users of the Interface. |
|
To manage our contractual relationship with you and fulfill our contractual obligations when you use our Interface (e.g., to provide users’ access to the dApp features). | The processing of your personal data is based on the necessity of contract performance or necessity to enter into a contract with you (where your personal data is required for us to perform our undertakings and obligations in accordance with the contract we are entering into with you when you use the Interface). |
|
To communicate with you and answer your queries, to provide support to the users of the dApp (e.g., answering your queries about the Interface, providing information and advice regarding the use of the dApp features, etc.). | The processing of your personal data is based on our legitimate interest to ensure proper communication with the users of the Interface. |
|
To maintain a secured trusted environment (e.g., prevention and fight against computer fraud (spamming, hacking)); to | The processing of your personal data is based on our legitimate interest to ensure compliance with applicable laws, |
|
ensure security; to identify irregular website behavior; to prevent fraudulent activity, and to improve security at all possible levels. | compliance with our Terms of Use, prevent fraud, improve the security and ensure the proper performance of the Interface. |
|
To manage any potential or actual disputes with you or third parties. | The processing of your personal data is based on our legitimate interest to defend our interests, including through legal proceedings. |
|
To comply with legal and regulatory obligations that may apply to us. | The processing of your personal data is necessary for compliance with our legal obligations (e.g., to verify your identity, determine your legal eligibility, answer requests from the competent administrative or judicial authorities (including where necessary in response to subpoenas, search warrants, or court orders) or data subjects’ requests or claims). |
|
Please note that we will not process your personal data for any purpose that is incompatible with the purposes listed above.
4. Sharing Your Personal Data
In the context of processing your personal data in accordance with this Policy, we may communicate your personal data to the following recipients, if necessary:
our subsidiaries or affiliates (if any) only if necessary for operational purposes;
Softfork Labs, as a key contributor to the Nabla Finance, only if necessary for contributing to the development and enhancement of the Interface's products and features as well as the
Nabla Finance as such;
other third-party service providers, external suppliers, contractors, and agents to the extent that they assist us in carrying out the purposes set out in this Policy (e.g., analytics and storage service providers to assist us in the improvement and optimization of the Interface; product engineering providers and technical maintenance vendors to ensure proper functioning of the Interface; marketing and communication providers to promote the use of the Interface; AML compliance and screening service providers to comply with AML laws and regulations and ensure safe environment within the Interface);
competent courts, public authorities, government agencies, and law enforcement agencies to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to in response to subpoenas, search warrants, or court orders;
third parties in connection with a merger, division, restructuring, change of control, bankruptcy or other organizational change;
third parties which may collect your personal data on our Interface via cookies, web beacons, and similar tracking technologies, subject to your prior consent;
third-party business partners to assist such partners’ investigations including into known cybersecurity breaches or cyber-hacks, or in case of a serious crime that is likely to affect users of our Interface. In this case, we disclose information only to our trusted business partners based on the duration and quality of our business relationship, the reputation and regulatory status of the partner, and the requirements of the applicable data protection legal framework. We will only communicate your personal data if we have sufficient legitimate interest to do so.
We will only communicate your personal data to any recipient on a need-to-know basis and only when the processing by the recipient is strictly limited to the purposes identified in this Policy. We do not sell your personal data.
5. Transfer of Personal Data
As we operate globally, we may process your personal data around the world where our facilities or providers are located. Therefore, for the purpose of processing your personal data as described in this Policy, we may have to transfer your personal data outside the European Economic Area (“EEA”). In these cases, we implement appropriate transfer mechanisms and safeguards to ensure that the personal data transferred benefit from the same level of protection within the EEA. In practice, this means that each of the envisaged transfers is based on at least one of the following mechanisms:
the existence of an adequacy decision issued by the European Commission for the country to which your personal data is transferred; or, failing that;
the conclusion of standard contractual clauses as adopted by the European Commission; or, failing that;
the existence of an exemption linked to one of the specific situations exhaustively provided for by the General Data Protection Regulation n°2016/679 ("GDPR"). For example, where you
have explicitly given your consent to the proposed transfer after having been informed of the absence of safeguards; where the transfer is necessary for the performance of a contract between you and us; where the transfer is necessary for the conclusion or performance of a contract concluded, in your interest, between us and a third party; or where the transfer is necessary for the establishment, exercise or defence of our legal claims, etc.
Information on the transfer mechanisms and safeguards may be requested by contacting us: please see Section 10 of this Policy (Contact us).
6. Data Retention Period
We retain your personal data only for as long as necessary for the purposes for which it has been collected, as specified in this Policy, and in accordance with the applicable laws.
This means that the retention periods we apply may vary depending on the purpose for which we process your personal data. When determining the appropriate retention period, we take into account the category and amount of personal data, potential risks and harm that may arise from unauthorized access or disclosure, the specific purposes for which the data is processed, the availability of alternative mean to achieve those purposes, and the applicable legal requirements.
We also retain personal data in order to comply with legal and regulatory obligations that may apply to us. Sometimes business and legal requirements oblige us to retain certain data, for specific purposes, for an extended period of time (e.g., to comply with AML compliance requirements, or record-keeping obligations imposed by applicable accounting, financial, or regulatory laws).
In some situations, we may anonymize personal information about you so that it can no longer be used to identify you. In such cases, we can use this information indefinitely without further notice to you.
7. Cookies and Other Tracking Technologies
Cookies and similar tracking technologies, such as "Flash" cookies, "local storage", etc., (the "cookies") are text files that can be stored on your devices when you visit an online service such as an application or a website. Cookies are used to store information on the user's device so that it can be accessed later.
As you navigate through and interact with the Interface, different types of cookies may be placed on your device and we may ask your consent to use those cookies. These cookies may be placed directly by us or by third parties. The data we collect automatically includes statistical and performance information arising from your use of the Interface. This type of data will only be used by us in an aggregated or anonymized manner.
Except for cookies that are necessary for the proper functioning of the Interface, you are free to refuse the deposit of cookies on your device at any time. If you do not want cookies to be placed or read on your device and choose this option when presented to you, a refusal cookie will be stored on your device so that we can keep track of your choice. If you delete this cookie, we will no longer be able to know that you have refused the use of cookies. Similarly, when you consent to accept cookies, a consent cookie is placed on your device.
You can choose to disable cookies through your individual browser options. The settings for each browser are different. They are described in the help menu of your browser, which will enable you to know how to change your cookies preferences. For example:
in Microsoft Edge please refer here.
in Safari please refer here.
in Chrome please refer here.
in Firefox please refer here.
in Opera please refer here. In addition, to disable Google Analytics cookies, you can use the following hyperlink and download the
Google Analytics Opt-Out Browser Add-on.
Alternatively, www.allaboutcookies.org provides further information on how to manage your cookies preferences.
8. Your Rights
In accordance with the applicable personal data protection regulation, including the GDPR, you have the following rights: access, rectification, deletion, objection, restriction of processing, and data portability of your personal data.
Please note that some of these rights are subject to specific conditions set out in the applicable personal data protection regulation. Therefore, if your particular situation does not meet these conditions, we will unfortunately not be able to respond to your request. In this case, we will inform you of the reasons for our refusal.
● Right of access – You may request access to your personal data at any time. If you exercise your right of access, we will provide you with a copy of the personal data we hold about you as well as information relating to its processing.
● Right of rectification – You have the right to ask us to rectify or complete any personal data in our possession that you consider to be inaccurate or incomplete.
● Right to erasure / to be forgotten – You can ask us to delete your personal data if, for example, it is no longer necessary for the processing we carry out. We will use our best efforts to comply
with your request. Please note, however, that we may have to retain some or all of your personal data if we are required to do so by applicable law or if the personal data is necessary for the establishment, exercise, or defence of our rights.
Right to restriction of processing – You may also request that we restrict the processing of your Personal Data on grounds relating to your particular situation. For example, if you dispute the accuracy of your personal data or object to the processing of your personal data, you may also request that we do not process your personal data for the time necessary to verify and investigate your claims.
In such cases, we will temporarily refrain from processing your personal data until necessary verifications have been made or until we comply with your requests.
Right to data portability – You may request portability of the personal data you have provided us with. At your request, we will provide you with your personal data in a readable and structured format, so you can easily re-use it.
The portability of your personal data applies only to personal data that you have provided to us or that result from your activity on the Interface, under the condition that the disclosure of your personal data does not infringe the rights of third parties. If we are unable to comply with our request, we will inform you of the reasons for our refusal.
Right to object - You may object at any time, on grounds relating to your particular situation, if we use your personal data. We will then stop processing of your personal data unless there are overriding legitimate grounds for continuing to process your personal data (for example, if your personal data is necessary for the establishment, exercise, or defence of our rights or the rights of third parties in court proceedings). If we are unable to comply with your request to object, we will inform you of the reasons for our refusal. You can also object at any time to our processing of your personal data for marketing purposes.
Right to withdraw consent – You have the right to withdraw consent at any time for processing of your personal data based on consent. Withdrawing your consent prevents us from processing your personal data but does not affect the lawfulness of the processing carried out before the withdrawal.
Country Specific Rights: You may also be granted specific rights as regards our processing of your personal data depending on the law applicable in the country you are residing in. You may contact us should you have any questions in that regard.
Also, keep in mind that many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of personal data, in particular when blockchain data is combined with other data. Because blockchains are decentralized or third-party networks that are not controlled or operated by us, we are not able to erase, modify, or alter your personal data from such networks.
9. How to Exercise Your Rights
If you wish to exercise your rights, you may contact us by using the contact information provided in Section 10 of this Policy (Contact Us). To be able to process your request efficiently, we may ask you to provide additional information to confirm your identity and/or to help us retrieve the personal data related to your request.
Please note that you can lodge a complaint with a data protection regulator in one or more of the European Union member states. You can find a list of data protection authorities in Europe here.
10. Contact Us
If you have any questions regarding the processing of your personal data under this Policy, including the exercise of your rights as detailed above, you can contact us by email at support@nabla.fi.
11. Changes to this Privacy Policy
We periodically review this Policy to ensure it is compliant and up to date with applicable data protection regulations. We will post updates on this page accordingly. When the changes are made, we will update the “Last updated” date at the top of this Policy.
Therefore, we encourage you to review this Policy regularly. Any modifications will take effect when posted or on the date specified as the effective date (if any). Your continued access to and use of the Interface indicates your acknowledgment and acceptance of the updated Privacy Policy.
Last updated