Privacy Policy

calendarEffective from: 21 June 2024

This document (“Privacy Policy”) explains the privacy rules applicable to personal data and other information relating to an identified or identifiable natural person (“personal data” or “personal information”) collected or submitted when you access, install, or use Nord services, which include relevant software and any services that Nord provides to Customer through its business-related software, applications or otherwise (all of which are collectively referred to as the “Services”) and websites (“Website”) regardless of the device (computer, mobile phone, tablet, etc.) you use.

Personal data provided in this Privacy Policy is processed by Nord Security Inc. (“Nord”, “we”, “us”, or “our”) as a data controller when the data is collected by us (e.g., when you access our Website, contact our customer support) or as a data processor when the data is provided by our Customers and processed according to the instructions issued by them.

The capitalized words used in this Privacy Policy as definitions are defined here or in our Terms.

Please acknowledge this Privacy Policy before using our Services, accessing or interacting with our Website.

Additional information on your personal data may also be indicated in contractual terms, supplemental privacy statements, or notices.

1. NOTICE TO CUSTOMER'S END USERS AND AUTHORIZED USERS

Our Services are intended for use by organizations (businesses) and are provided on the basis of the Terms. In addition, we receive information (including some personal data of data subjects) from Customers’ while operating the Services. This section outlines how we process the personal data of two distinct categories: end users of our Customers' services and authorized users who administer Nord services on behalf of our Customers. If you use the services of our Customer and you are provided with an account or other access to the Nord’s Services because of Customer’s subscription to our Services, you are identified as our Customer’s end user (“End User”). Whereas, if your organization (e.g., employer or other entity that entered into the agreement with us) provides you with access to our Services (e.g., create an account or connect to the Services by other means), you are identified as an authorized user (“Authorized User”). Please note that in such a case your service provider (our Customer, in case you are an End User) or the organization (our Customer, in case you are the Authorized User) is the data controller of your personal data.

Nord acts only as a data processor and processes your personal data according to the instructions issued by the Customer. Nord is not and cannot be responsible for the privacy or security practices of its Customers, which may differ from those set forth in this Privacy Policy.

Processing of End Users' Data. When Customers implement Nord solutions by using Services, we process specific personal data of End Users utilizing the integrated Services. This includes End User’s email addresses, timestamps, user IDs, login attempts, and registration attempts. The primary purpose of processing this data is to deliver and enhance our Services, focusing on aspects such as user identification and authentication, security measures, and general provision of Services.

Processing of Authorized Users' Data. For Authorized Users entrusted with administering Nord Services on behalf of our Customers, we process basic organization contact information and email addresses. This information is processed to facilitate seamless communication, effective account management, and responsive support related to the Services.

The Customer, as a data controller, bears the responsibility of ensuring that the rights of the End Users and Authorized Users are well ensured: both End Users and Authorized Users are well-informed about the processing of their personal data, the Customer has all necessary consents and permissions to process such personal data, as well as ensuring adherence to relevant data protection regulations, and addressing any inquiries or requests related to personal data from their End Users and Authorized Users.

If you as an End User and Authorized User have questions about the processing of your personal data by Nord in connection with providing Services to Nord’s Customer, please contact your service provider or organization (the Customer). If you have questions about other business operations mentioned in this Privacy Policy when Nord acts as a data controller, please contact us as provided below (Section “Contact Us”).

PROCESSING OF PERSONAL DATA – NORD AS DATA CONTROLLER

We collect (directly from you, third parties or your interactions, use, and experiences with our Services/Website) and use the information for the following purposes:

Information related to the conclusion and performance of the Agreement

Payment related information

Online activities

Communication data

Marketing

3. GROUNDS FOR PROCESSING OF PERSONAL DATA

Nord processes personal data to a limited scope and based on the following legal grounds:

4. SHARING YOUR PERSONAL DATA

Only where permitted by applicable laws and for the purposes listed in this Privacy Policy we share, to the extent necessary, the information with:

Service providers. We use third-party service providers to help us with various operations, such as IT, servers, marketing, customer support, data storage, website customization, website analytics, accounting, legal, agency, and others. As a result, some of these service providers may process your personal data.

Partners. Sometimes our partners, for example, distributors, resellers, managed service providers, and app store partners might also process your personal data. In such cases, the procedures established by them (e.g., terms of service and privacy policies) will apply to such relationships.

We also partner with third parties to display advertising on our Website or to manage our advertising on other sites. These partners help us deliver more relevant ads and promotional messages to you, which may include behavioral, contextual, and generic advertising. We and our advertising partners may process certain personal data to help us understand your preferences so that we can deliver advertisements that are more relevant to you.

Your personal data may be processed in any country in which we engage service providers and partners. When you use our Services and Website, you understand and acknowledge that your personal data may be transferred outside of the country where you reside.

Other group companies. We share your personal data with other group companies to carry out our daily business operations and to enable us to maintain and provide our Services to you. In accordance with applicable law, we may also share your contact information with group companies for the marketing of their products’ purposes (you have a right to object to such transfer at any time).

Protection of our rights. We may disclose your data to establish or exercise our legal rights or defend against any legal claims or other complaints. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, and violations of our Terms.

Business transfers. We may share your personal data in those cases where we sell or negotiate to sell our business or go through a corporate merger, acquisition, consolidation, asset sale, reorganization, or similar event. In these situations, Nord will continue to ensure the confidentiality of your personal data.

Requests from law enforcement institutions. Any request for data should follow an appropriate official legal process recognized by the laws of incorporation (e.g., mutual legal assistance treaty, letters rogatory). We carefully review each request to make sure it satisfies laws applicable to our company, laws of requesting country, international norms, and our internal policies.

Cross-border transfers of personal data. To facilitate our Services and Website, we may store, access, and transfer personal data from around the world, including in countries where Nord has operations. These locations may not guarantee the same level of protection of personal data as the one in which you reside. We assess the circumstances involving all cross-border data transfers and have suitable safeguards in place to require that your personal data will remain protected in accordance with this Privacy Policy. For example, in case personal data is transferred to countries outside the EEA, we make sure there is an adequacy decision from the European Commission with regards to the recipient country or we use standard contractual clauses approved by the European Commission for such transfer of your personal data.

5. CHOICES RELATED TO YOUR PERSONAL DATA

Please note that there are various data protection laws across different jurisdictions that provide privacy rights to you as a data subject. If you are interacting with the Services or Website in a territory governed by those data protection laws under which consent is required to process personal data, your acceptance of Terms or visit of our Website will be deemed as your consent to the processing of personal data for purposes provided in this Privacy Policy. Subject to applicable data protection laws, among others, you may have the following rights:

Rectification. If you’d like to edit your information (e.g., change your email address), please contact our support team at info@authopia.io.

Access/Deletion. If you wish to delete your personal data that we process or request to provide you with a copy of your personal data, please contact us at info@authopia.io.

Opt-out. If you wish to unsubscribe from our marketing communication, you can opt-out at any time by clicking the “unsubscribe” link at the bottom of each email or contacting us at info@authopia.io.

You can control the use of cookies at the individual browser level on your device. To disable cookies, follow your browser’s instructions on how to block or clear cookies.

If you do not agree with the processing of your personal data by Nord, please do not use our Services and Website. You can request us to discontinue processing your personal data, in which case your data will be processed only as much as it is necessary to affect the discontinuation of your use of the Services (e.g., final settlement or deleting all personal data), or finalizing other our legal relationship with you (e.g., record keeping, accounting, processing refunds). Please note that we or our third-party service providers may be obliged to retain your certain personal data as required by law.

If you are using Nord Services as an End User or Authorized User and you want your personal data to be no longer processed by us, you should contact the Customer that granted you access to our Services.

To raise any other questions, concerns, or complaints about our privacy practices or about our processing of your personal data, please contact us as provided below (Section “Contact Us”).

6. DATA SECURITY

We maintain tight controls over the personal data we collect. Our dedicated IT security team has implemented appropriate physical, technical, and organizational measures to protect information about you against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access and against all other unlawful forms of processing:

We maintain tight controls to protect information about you against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. However, no company can guarantee the absolute security of internet communications as no technology is completely bulletproof. By using the Services and Website, you expressly acknowledge that we cannot guarantee the 100% security of personal data provided to or received by us through the Services and that any information received from you through Websites or our Services is provided at your own responsibility. If you have any reason to believe that your interaction with us is no longer secure, please notify us at info@authopia.io.

7. DATA RETENTION

Nord will retain End Users’ and Authorized Users data in accordance with the Customer’s instructions.

In cases when Nord acts as a data controller, it stores personal data only for as long as it is necessary for the original purpose of collection or legal requirements. We determine the appropriate retention period for personal data on the basis of the amount, nature, and sensitivity of the personal data being processed, the potential risk of harm from unauthorized use or disclosure of the personal data, if we can achieve the purposes of the processing through other means, and if the information is necessary for the execution of our legal rights, obligations and fulfillment of our other duties (for example, record and bookkeeping). When we no longer have a legal ground to keep your personal data, it will either be securely disposed of, or de-identified through appropriate anonymization means.

For more information about specific retention periods, please reach out to us at info@authopia.io.

8. COUNTRY-SPECIFIC PROVISIONS

For users in European Economic Area (“EEA”)

If you are a resident of EEA countries, you can exercise your rights as provided in the European Union's General Data Protection Regulation (“GDPR”) by contacting us at info@authopia.io. To comply with the GDPR, we have also implemented appropriate contracts for international transfers, on the basis of the standard contractual clauses approved by the European Commission and other international models as required by local law.

For users in California

If you are a California resident, you can exercise your rights as provided in the California Consumer Privacy Act (“CCPA”) by contacting us at info@authopia.io. As per definitions in the CCPA, please note that Nord does not sell, share, lease, or rent your personal information.

9. MINORS’ DATA

Nord does not knowingly collect or solicit personal data from anyone under the age of 18. If you are under 18, please do not attempt to send any personal data about yourself to us. If we acknowledge that we have collected and processed personal data from a minor under the age of 18, we will delete that data as quickly as possible.

10. CONTACT US

If you have questions, requests, concerns, or complaints about how your data is being processed or personal data processing practices, please contact us via info@authopia.io, or by writing to us at the following address:

On matters related to the processing of personal data, you may also contact our representative VeraSafe in the European Economic Area using the following details:

If you are located within the United Kingdom, you may also contact our representative VeraSafe in the United Kingdom:

11. OTHER TERMS

Limitation of Liability. To ensure the security of personal data, we apply various technical, physical, and organizational security measures; however, it is your responsibility to exercise caution and reasonableness when using the Services and Website. You will be personally liable if your use of the Services or Website violates any third-party privacy, any other rights or any applicable laws. Under no circumstances is Nord liable for the consequences of your unlawful, willful, and negligent activities, and any circumstances that may not have been reasonably controlled or foreseen (please read the Terms for more information).

Links to other websites. Our Website may include links to other websites (e.g., social media websites) whose privacy practices may be different from ours. If you access any of those websites via such links and/or submit your personal data to any of those websites, your personal data is processed by the procedures established by those third parties and governed by their privacy policies. We encourage you to carefully read the privacy policy (or other respective privacy notices) of any website you visit.

Updates to the Privacy Policy. We develop our Services and Website by introducing new features or modifying current ones constantly. Therefore, we may need to amend this Privacy Policy from time to time. If the amendments to the Privacy Policy materially affect the activities of our processing of your personal data, we will notify you in advance of such changes by reasonable means (e.g., notification through the respective applications, our Website, or via email), and we will always indicate the date of the last update. Unless it is stated by us otherwise, each update of the Privacy Policy comes into force as of the moment the amended Privacy Policy is published on this Website. You are expected to check this Privacy Policy regularly so that you are familiar with the most current wording of the Privacy Policy. Your continued use of the Services and Website will be deemed acceptance thereof.