Privacy Policy

1. Introduction

NEBI ("NEBI," "we," "us," or "our") is committed to protecting the privacy and security of the personal data we process. This Data Privacy Policy outlines how we collect, use, disclose, and safeguard personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable laws.

2. Data Controller and Data Processor Roles

Under GDPR, NEBI operates as a Data Processor when processing personal data on behalf of our clients (the Data Controllers) who engage us for identity verification and other services. We adhere to documented instructions from our clients regarding the handling of personal data.

3. Personal Data We Collect and Process

NEBI processes the following categories of personal data as required to provide identity verification and other services:

  • Contact details, such as your name, email address, postal address, social media handle, and phone number
  • Account login credentials, such as usernames and passwords, password hints, and similar security information
  • Other account registration and profile information, such as job title, educational and professional background and qualifications, and photo
  • Payment information, such as a credit or debit card number
  • Comments, feedback, and other information you provide to us, including search query data and questions or information you send to customer support
  • Interests and communication preferences, including preferred language

4. Purpose and Legal Basis of Processing

Depending on how you interact with us and the Service, we use your personal information to:

  • Provide, activate, and manage your access to and use of the Service
  • Process and fulfill your request, order, or other transaction
  • Provide technical, product, and other support and help keep the Service working
  • Improve the Service and our other products, events, and services and develop new products and services
  • Respond to your requests, inquiries, comments, and concerns
  • Notify you about changes, updates, and other announcements related to the Service and our other products and services
  • Deliver targeted advertisements, promotional messages, notices, and other information related to the Service and your interests
  • Invite you to participate in user testing and surveys
  • Develop data analysis, including for research, audit, reporting, and other business operations
  • Comply with our legal obligations, resolve disputes, and enforce our agreements

5. Security of Personal Data

We implement industry-standard technical and organizational measures to ensure the security and confidentiality of personal data, including:

  • Data encryption during transmission
  • Access controls limited to authorized personnel with strict authentication
  • Anonymization or pseudonymization where feasible and applicable
  • Regular audits and assessments of security measures

6. Data Sharing and Transfers

NEBI does not share personal data with third parties except:

  • As required by law or to protect our legal rights
  • For the performance of our services, with authorized sub-processors such as partners and contractors

7. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements.

8. Data Subject Rights

NEBI supports data subjects' rights under GDPR, including:

  • Access and rectification of personal data
  • Erasure (Right to be Forgotten) in accordance with GDPR
  • Restriction of processing and the right to object under certain conditions
  • Data portability in a commonly used format

Requests may be submitted to NEBI’s Data Protection Officer (DPO).

9. Sub-Processing and Onward Transfers

NEBI uses select sub-processors for cloud storage and system operations. We ensure these providers meet GDPR standards, including for data transfers outside the EEA.

10. Incident Notification

In the event of a personal data breach, NEBI will notify affected clients and, as required, the relevant supervisory authorities without undue delay.

11. Updates to this Privacy Policy

NEBI may update this policy to reflect operational, legal, or regulatory changes. Updates will be communicated to clients, and the latest version will always be available on NEBI’s website.

12. Contact Information

For privacy-related inquiries, requests, or concerns, please contact our Data Protection Officer (DPO).