Upholding
Excellence and Integrity

Last updated: February 2026.

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains personal data is collected, used, disclosed, and protected across all interactions with us, including through our websites, platforms, products, services, communications, events, recruitment processes or other business activities. It also outlines your rights in relation to personal data and explains how the law protects you. This Privacy Policy should be read together with our Cookie Policy, Website Terms of Use and Platform Terms of Service (as applicable).

Who we are and how to contact us:
Nomia Group Limited (company number 09989553) with its registered office at 125 Wood Street, London, England, EC2V 7AW and its affiliates (together "Nomia Group"/"we"/"us"/"our") are responsible for your personal data. Nomia Group’s VAT number is GB 297 8663 27. Nomia Group operates:

• Nomia.com (“Website”)

• Platform.nomia.com (“Platform”)

• And other Nomia Group services, products and business operations (“Group Services”)
  (collectively, the Website, Platform and Group Services are referred to as the “Business Activities”)

If you have any questions, concerns, or complaints about this Privacy Policy or our data protection practices, you can contact us at:
legal@nomia.com

1. Glossary

   1.1 "Personal Data" means any information relating to an identified or identifiable natural person provided to Nomia Group. This definition incorporates, where applicable, the definitions provided in the Data Protection Laws.

   1.2 "Data Protection Laws" means any applicable law relating to the processing of personal data, including but not limited to GDPR, UK GDPR and any national implementing and supplementary laws, regulations and secondary legislation.

   1.3 "Data Controller" is a person, company or other body that determines the purpose and means on Personal Data processing.

   1.4 "User" or "you" means any third party that accesses our Business Activities and is not either (i) employed by Nomia Group and acting in their course of employment or (ii) engaged as a consultant providing services to Nomia Group and accessing Business Activities in connection with the provision of such services.

   
   

2. Scope of this Privacy Policy

   2.1 This policy applies to all personal data processed by Nomia Group, including (but not limited to):

   • Visitors to our websites or digital platforms (it does not extend to any other website including, but not limited to, any links we provide to any other website.)

   • Users of our products, applications, and online services

   • Individuals who communicate or correspond with us by email, phone, or otherwise

   • Our business clients, suppliers, and partners

   • Attendees at Nomia events, webinars, or meetings

   • Individuals whose personal data we process for marketing or promotional purposes

   • Job applicants, employees, contractors, and consultants

   • Any other individual whose personal data is processed by Nomia Group during its legitimate business operations

   2.2 For the purpose of the applicable Data Protection Laws, Nomia Group is, in most cases an independent Data Controller of the personal data processed in connection with operating our business and providing our services, this means that Nomia Group determines the purposes for which, and the manner in which, your Personal Data is processed. We only act as a processor in limited circumstances and only where we have expressly agreed in writing with a particular customer to process specific categories of personal data on their instructions. Where this occurs those specific processing activities are governed by the relevant customer agreement and Data Processing Agreement. Unless we have explicitly agreed to act as processor for a particular activity all other processing of personal data is undertaken as a Data Controller and is governed by this privacy policy.

   2.3 Our Business Activities are intended for use by businesses and their authorised representatives only. They are not designed for, or directed at, children under the age of 18. We do not knowingly collect or process personal data relating to children. If we become aware that personal data relating to a child has been collected, we will take appropriate steps to delete such data as soon as reasonably practicable.

   
   

3. Personal Data Collected

   3.1 We may collect, use, store and transfer different kinds of Personal Data which we have grouped together as follows:

   • Identity Data – e.g. first name, last name, username, or similar identifier.

   • Contact Data - e.g. company billing address, company delivery address, company email address and company telephone numbers.

   • Transaction Data – e.g. details about payments to and from you and other details of Business Activities your company has purchased from us.

   • Technical Data – e.g. internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Business Activities.

   • Profile Data – e.g. your username and password, purchases or orders made by you, feedback and survey responses. This may also include account settings, organisation/workspace details, roles, permissions, and activity logs specific to your Platform account.

   • Usage Data – e,g. information about how you use our Business Activities. This includes analytics on feature usage, interactions within the Business Activities, and user-generated content within the service.

   • Marketing and Communications Data – e.g. your preferences in receiving marketing from us and our third parties and your communication preferences.

   • Location Data – e.g. region, country, state, and coarse and precise geolocation data.

   • We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your Personal Data. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature.

   
   

4. How we collect Personal Data

   4.1 We may collect Personal Data in the following ways:

   • Direct Interactions: You provide your personal information when you interact with us, such as when you register for services, fill in forms or communicate with us. For the Platform specifically, this includes when you register for an account, log in, create or share content, or administer your organisation’s account.

   • User Contributions: We collect your personal information when you or others upload, share, send, or input that information through our Business Activities, or when you or they communicate with us.

   • Automatically: We automatically collect personal information about you when you interact with us, such as when use our Website, Platform, services, visit our offices or events, open emails or view advertisements from us, or communicate with us. We may collect some of this personal information by using cookies (which are text files containing small amounts of information that are downloaded on your device or related technologies, such as web beacons, local shared objects, and tracking pixels, to collect and/or store information) and other similar technologies, and we recommend you read our Cookie Policy for more information including how to opt-out.

   • We use cookies and similar technologies on our Website and Platform. Some cookies are strictly necessary for the operation of our services, while others are used for analytics, functionality, or marketing purposes where permitted by law. Where required, we obtain your consent before placing non‑essential cookies on your device. For more information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

   • Third Party or Publicly Available Sources: We may receive your personal information from third parties, such as our third party business partners (which may include data brokers and advertising partners), your organisations, governmental agencies who publish public records, and other publicly or generally available sources (including online websites).

     
     

5. How we use your Personal Data and our lawful bases

   5.1 We rely on the following lawful bases, depending on the purpose for which your Personal Data is used:

   Performance of a contract

   • We process your Personal Data where it is necessary to perform a contract with you, or to take steps at your request before entering a contract, including to:

     • Register and administer your account

     • Provide access to and operate our Website and Platform

     • Authenticate users and manage permissions and collaboration features

     • Communicate with you about our services and process related transactions

     • Provide customer support and service-related communications

     • Manage billing and payments

   Legitimate interests

   • We process your Personal Data where it is necessary for our legitimate interests (or those of a third party), provided those interests are not overridden by your rights and freedoms. Our legitimate interests include operating and growing our business, maintaining security, and improving our services. This includes processing Personal Data to:

     • Operate, maintain, and improve our services, platforms, and infrastructure

     • Monitor, analyse, and audit usage of our services

     • Develop new products, features, and offerings

     • Ensure the security of our systems, prevent fraud, and detect misuse

     • Manage our internal business operations and administration

     • Send business-to-business marketing communications where permitted by law

     • Exercise or defend legal claims

     • Support corporate transactions such as mergers, acquisitions, or restructurings

     • Use of strictly necessary/essential cookies - those requires to provide a service the user requested

   Consent

   • We process your Personal Data where you have given your consent, including to:

     • Send optional marketing communications where consent is required

     • Use non-essential cookies and similar tracking technologies

     • Carry out certain personalised advertising or analytics activities

   • You may withdraw your consent at any time. Withdrawal will not affect the lawfulness of processing carried out before consent was withdrawn.

   Legal obligation

   • We process your Personal Data where necessary to comply with our legal or regulatory obligations, including record-keeping, tax, accounting, and compliance requirements.

   Vital interests

   • In very limited circumstances, we may process Personal Data where it is necessary to protect your vital interests or those of another person, for example in an emergency.

     
     

6. Disclosure of Personal Data

   6.1 We may share your Personal Data with third parties to fulfil the purposes as set out in section 5. We may share personal data with:

   • Nomia Group affiliates, subsidiaries and branches

   • Service providers acting as processors (e.g. hosting, IT, payment, HR systems)

   • Professional advisers (lawyers, auditors, insurers)

   • Business partners, clients, or suppliers (where necessary for a contract)

   • Regulators, authorities, or law enforcement (where required by law)

   • Prospective buyers or investors (in connection with mergers or acquisitions)

   6.2 Where we do share Data with such third parties we will require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

   
   

7. How we keep your Personal Data secure

   7.1 We will use technical and organisational measures to safeguard your Personal Data for example:
   a. Access to your account is controlled by a password and username that is unique to you. For Platform accounts, we also use encryption, role-based access controls, and monitoring to secure user data within the platform.
   b. We store your Personal Data on secure servers.
   7.2 Technical and organisational measures include measures to deal with any suspected data breach. If you suspect misuse or unauthorised access to your Personal Data, please let us know immediately by contacting us at:
   Address: Nomia Group Limited, Attn: Data Protection, 125 Wood Street, London, England, EC2V 7AW
   Email: legal@nomia.com

   
   

8. International Transfers

   8.1 As a global company, we have international locations and users all over the world. If it is necessary for us to transfer your Personal Data internationally, to a country that has not been recognised as providing an adequate level of data protection, we will ensure a similar degree of protection is afforded by putting in place appropriate safeguards such as:

   • the European Commission’s Standard Contractual Clauses;

   • The UK International Data Transfer Addendum or International Data Transfer Agreement;

   • Equivalent contractual clauses or safeguards required under other applicable data protection laws; and

   • Additional technical and organisational measures, where needed to ensure your information remains secure.
     Before we rely on these safeguards, we also conduct transfer risk assessments to ensure an adequate level of protection for personal data transferred internationally.

     
     

9. Data Retention

   9.1 Unless a longer retention period is required or permitted by law, we will only retain your personal information for as long as is reasonably necessary to fulfil the purposes for which it was collected and processed, to meet statutory or compliance obligations, or to perform a contract with you, as outlined in our data retention policy and information handling standards.
   9.2 Where technical limitations prevent the deletion or anonymization of personal information, we will safeguard it and restrict its active use by applying appropriate organizational, technical, and security measures.

   
   

10. Your rights

    10.1 Your local privacy laws may grant you rights regarding your personal information, and we will not knowingly discriminate against you because you have exercised any of your privacy rights. These rights differ based on the local laws that apply to you, but could include one or more of the following:

    • Right to access. The right to request (i) copies of the information we hold about you at any time, or (ii) that we modify, update or delete such information.

    • Right to correct. The right to have your Personal Data corrected if it is inaccurate or incomplete.

    • Right to erase. The right to request that we delete or remove your Personal Data from our systems. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

    • Right to restrict our use of your Personal Data. The right to limit the ways in which we use your Personal Data.

    • Right to Personal Data portability. The right that we move, copy or transfer your Personal Data. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

    • Right to object. The right to object to our use of your Personal Data where we are relying on a legitimate interest as the legal basis for that particular use of your data. In some cases we may demonstrate that we have a compelling legitimate grounds to process your information which override your right to object.

    10.2 To make enquiries or to exercise any of your rights set out above please contact us using the details below. We may need to request additional information from you to verify your identity before responding to your request. We will respond to valid requests within one month, unless a longer period is permitted by law. Where we process personal data on behalf of a customer as a Data Processor, requests relating to such data should be directed to the relevant customer, who acts as the Data Controller.
    Address: Nomia Group Limited, Attn: Data Protection, 125 Wood Street, London, England, EC2V 7AW
    Email: legal@nomia.com

    10.3 If you are not satisfied with the way your request in relation to your Personal Data has been handled you have the right to make a complaint to us in accordance with Section 11. If you remain dissatisfied following our response, you have the right to lodge a complaint with the relevant data protection authority. For the UK, this is the Information Commissioner (contact details can be found at https://ico.org.uk/).

    10.4 If you are located in the European Union, you also have the right to lodge a complaint with your local supervisory authority in the EU Member State of your residence, place of work or the place of the alleged infringement.

    
    

11. Complaints

    11.1 We take data protection matters seriously. If you believe that we have not complied with applicable Data Protection Laws in the way we have handled your Personal Data, you have the right to make a complaint to us.

    11.2 Complaints should be submitted using the contact details set out below:
    Address: Nomia Group Limited, Attn: Data Protection, 125 Wood Street, London, England, EC2V 7AW
    Email: legal@nomia.com

    11.3 Complaints must include contact details, a description of the issue, and any supporting evidence.

    11.4 We will acknowledge receipt of your complaint within 30 days of receiving it.

    11.5 We will investigate your complaint and provide you with a response without undue delay, informing you of the outcome and any steps we propose to take.

    11.5 If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority (see section 10.3 and 10.4)

    
    

12. Links to other websites

    12.1 This Website may provide links to other websites. We have no control over third party websites and we are not responsible for the content of these websites. This Privacy Policy does not extend to the use of any other websites, and you are advised to read the Privacy Policy or statement of those websites before using them.

    
    

13. General

    13.1 We may need to change this Privacy Policy from time to time. When we make changes, we will indicate this by updating the "Last Updated" date and posting the updated Privacy Policy on this page. We may send you e-mail notifications where there are changes to our Privacy Policy, but you should check frequently to see the current Privacy Policy and any changes made to it.