Skip to content
Sign In Get Started
Back to Home

Privacy Policy

Last updated: January 2026

Data Controller TRUSTPAY SP ZOO
KRS Number 0000882514
NIP 5272948997
Address ul. HOŻA 86/210, 00-682 WARSZAWA
Email support@nuvolut.com
Phone +48 780 044 735

1. General Information

This Privacy Policy ("Policy") describes how TRUSTPAY SP ZOO, operating under the trade name NUVOLUT ("we", "us", "our", "Service Provider"), collects, uses, stores, and protects your personal data when you use our payment services and website at nuvolut.com.

TRUSTPAY SP ZOO is a Polish-registered company operating as a Small Payment Institution (Mała Instytucja Płatnicza) under the supervision of the Polish Financial Supervision Authority (Komisja Nadzoru Finansowego – KNF). We process personal data in compliance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – "GDPR")
  • Polish Personal Data Protection Act
  • Payment Services Directive (PSD2)
  • Anti-Money Laundering (AML) regulations

2. Personal Data We Collect

2.1 Information You Provide

  • Identity Data: Full name, date of birth, nationality, government-issued ID numbers, copies of identity documents
  • Contact Data: Email address, phone number, residential address
  • Financial Data: Bank account information (IBAN), transaction history
  • Verification Data: Proof of address, source of funds documentation (for AML compliance)

2.2 Information Collected Automatically

  • Technical Data: IP address, device type, browser information, operating system
  • Usage Data: Pages visited, features used, session duration, interaction patterns
  • Transaction Data: Payment amounts, recipients, timestamps, transaction status
  • Location Data: Geographic location derived from IP address

2.3 Information from Third Parties

  • Identity verification services
  • AML/KYC screening providers (sanctions lists, PEP databases)
  • Credit reference agencies (where applicable)
  • Partner financial institutions

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide our payment services and fulfill our contractual obligations
  • Legal Obligation: To comply with AML/KYC requirements, tax reporting, and regulatory obligations
  • Legitimate Interests: To prevent fraud, improve our services, and protect our legal rights
  • Consent: For marketing communications and optional features (where applicable)

4. How We Use Your Data

We use your personal data to:

  • Open, maintain, and manage your NUVOLUT account
  • Process payment transactions (SEPA transfers, card payments)
  • Verify your identity and comply with KYC requirements
  • Detect and prevent fraud, money laundering, and financial crime
  • Communicate with you about your account and services
  • Improve our platform and develop new features
  • Comply with legal and regulatory requirements
  • Respond to inquiries and provide customer support

5. Data Sharing

We may share your personal data with:

  • Payment Networks: Visa, Mastercard, SEPA network operators
  • Partner Banks: For transaction processing and account services
  • Verification Providers: Identity and AML screening services
  • Regulatory Authorities: KNF, tax authorities, law enforcement (when required by law)
  • Service Providers: Cloud hosting, customer support, analytics (under strict data processing agreements)

We do not sell your personal data to third parties for marketing purposes.

6. International Data Transfers

Your data may be transferred to countries outside the European Economic Area (EEA) when necessary for payment processing. Such transfers are protected by:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Appropriate technical and organizational safeguards

7. Data Security

We implement comprehensive security measures including:

  • 256-bit TLS encryption for all data transmission
  • AES-256 encryption for stored sensitive data
  • Multi-factor authentication (2FA)
  • Regular security audits and penetration testing
  • PCI DSS compliance for card data handling
  • Employee training on data protection
  • Access controls and audit logging

8. Data Retention

We retain your personal data for:

  • Active accounts: For the duration of our business relationship
  • After account closure: 5 years (as required by AML regulations)
  • Transaction records: 10 years (Polish accounting requirements)
  • Marketing data: Until you withdraw consent

9. Your Rights

Under GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal retention requirements)
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: At any time, without affecting prior processing

To exercise your rights, contact us at privacy@nuvolut.com. We will respond within 30 days.

10. Cookies

We use cookies and similar technologies to enhance your experience. For details, please see our Cookie Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or platform notification. The latest version is always available on our website.

12. Contact & Complaints

For privacy-related inquiries or complaints:

  • Email: privacy@nuvolut.com
  • Address: TRUSTPAY SP ZOO, ul. HOŻA 86/210, 00-682 WARSZAWA, Poland

You also have the right to lodge a complaint with the Polish Data Protection Authority (Prezes Urzędu Ochrony Danych Osobowych – PUODO) at uodo.gov.pl.

Related Documents

Terms & Conditions Cookie Policy