🌍 Non-EU Users
🇪🇺 EU Users

Privacy Policy

Introduction

This Privacy Policy is designed to inform you ( “User”) about the Personal Data we collect, how we collect this data, the uses of the data and your rights relating to the Personal Data when you use the Haven Platform and any of its Products and Services.

Nestcoin Holdings Limited, (the “Company”, “We”, “Us”, “Our”) a private limited liability company incorporated in the British Virgin Islands, with Registration Number 2074697, is the data controller for personal information collected in connection with provision of Haven Services. We are committed to protecting the privacy of the personal information that is provided to or collected by us while you use the Haven Platform. We acknowledge and comply with our legal obligations in relation to applicable data protection laws.

This privacy policy explains:

  • How we may collect, use, manage, and disclose information about clients, other business, and firm contacts
  • How we may collect, manage, and use personal information obtained from you
  • The rights you may have in respect of your own personal information.

By continuing to use the Haven platform, you acknowledge that you have reviewed the Privacy Policy and agree to its terms. This also means that you have consented to the use of your Personal Data and have accepted the applicable disclosures.

Definitions

Personal Data - any personal information collected for You in relation with your use of this service which is capable of identifying You.

Service - the platform, “Haven” including all pages, sub pages, forums, all blogs, and other connected internet content whatsoever.

Services - the services offered on the Haven platform as defined in the Terms and Conditions including the exchange of information and concluding Transactions, as well as other actions of Haven, enabling the operation and use of the Website.

Third Party Service Provider - a party or parties who are contracted by the owner/data controller for the purposes of processing the personal data of the User.

User Content means any audio, video, text, images or other material Users choose to display on this Application.

You, Yours - the User of the Haven platform.

THE DATA THAT WE MAY COLLECT:

The scope of information we may collect from Users include:

  • All personal data obtained from persons using the service.
  • Data provided to us while making an enquiry on the use of the service.
  • Data provided to us while reporting a problem or making a complaint about the service.

THE TYPE OF DATA WE MAY COLLECT

The specific types of personal data that we may collect, use and store are as follows:

  • “Identity Data”: This includes your first name, middle names, maiden name, last name, title, date of birth, photographic identification, and gender.
  • “Contact Data”: This includes your home address, email address and telephone number.
  • “Account Information”: This includes information such as usernames and passwords, authentication methods and roles, and similar data.
  • “Financial Data”: This includes information such as payment card details, bank information and payment information.
  • “Transaction Data”: This includes details about payments to and from you and other details of services you have purchased from us, or we have purchased from you.
  • “Technical Data”: This includes information collected when you access the Haven platform, your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using.
  • Marketing and Communication Data: This includes data relating to your preferences in receiving newsletters with respect to our products and services from us as well as your communication preferences.
  • Professional Data: This includes your company name, job title, email address, phone number and addresses.

WHY WE COLLECT DATA

We collect data to enable us to -

  • Process requests or applications which you make, or which are made on your behalf with your consent; to provide you with our services.
  • Communicate with you, to provide further information on our Services, and to assist you.
  • Respond to questions or requests which you submit as well as anticipate and resolve problems with any services we offer to you.
  • Process identity information and Sensitive Personal Data (as detailed in section 1) to comply with our Know Your Customer (“KYC”) obligations under applicable laws and regulations, and Anti-Money Laundering laws and regulations;
  • Prevent and detect fraud and abuse in order to protect the security of our Users, Haven Services and others.
  • Provide functionality, analyse performance, fix errors, and improve the usability and effectiveness of the Haven application, website and its Services.

HOW WE COLLECT YOUR PERSONAL DATA

We use different methods to collect data from and about you including through:

  • Direct collection: You may give us your data by signing up on the Haven platform; creating your profile; by correspondence and conversations (including via email and telephone); or through contracts we may enter with you.
  • Automated technologies: As you interact with our website, we will automatically collect data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We collect such data to be able to properly provide you with our services. Please see our cookie policy for further details.
  • Third parties or publicly available sources: We may also receive your personal data from third parties to whom you have legally provided such data to. We also share Your Personal Data with third parties in order to protect the rights, properties or safety of us, the Users or as otherwise required by law. To the extent that such data is disclosed by third parties, different rules may apply to their use or disclosure of your information. We do not control how they use or share your data and we cannot make any representations or warranties as to these. We however have control over data that you have voluntarily shared to us directly or through your usage of our website. With your consent, we use your information to fulfil requests to receive information or materials from us, to carry out services for your benefit and to process applications and requests from you. We do not use your data for any other purpose than for the purposes listed out in this policy and we do not sell, lend or rent any personal data about you to any third parties.

STORAGE OF PERSONAL DATA

We take the security of the Personal Data we collect very seriously and we take reasonable measures to reduce the risk of accidental destruction, loss or unauthorised access to such information. However, please note that no system involving the transmission of information via electronic storage systems or the internet is completely secure.

The Personal Data and any other information we have about you may be stored for such a period as we may determine until you terminate your account with us or you withdraw your consent.

PURPOSE OF PROCESSING PERSONAL DATA

We will use your personal data only to the extent permitted by law. We process your personal data under any of the following lawful basis in both the Nigeria Data Protection Regulation 2019 (NDPR), and the EU General Data Protection Regulation (GDPR).

We collect and use the Personal Data that we collect for the following reasons:

  • Where you consent to our use of your personal data
  • Communicate with you, to provide further information on our Services, and to assist you.
  • Where your personal information is necessary for the performance of the contract to use our services
  • Where we need to comply with a legal obligation.
  • Where we need to protect your vital interest or the vital interest of another individual
  • Where it is in the interest of the general public to process your data

DATA SECURITY

We will take reasonable steps to protect personal data disclosed to us from loss, modification, misuse, unauthorised access and/or disclosure. The Haven platform is built with strong security features that continuously protects your Personal Data. Our security features help us detect and block security threats. If we detect any security risk, we may inform you and guide you through steps to stay protected.

While we do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet as transmission over the internet is not completely secure; therefore, note that any such transmission is at your own risk. However, we will use strict procedures and security features to try to prevent unauthorised access once we have collected your information. We are bound by international standards and best practices on information and cyber security as may be issued from time to time

DATA RETENTION

We retain your data for such a period as is necessary for the purpose for which it was collected. Storage of your data is also determined by legal, regulatory, administrative, or operational requirements. We only retain information that allows us to comply with legal and regulatory requests for certain data, meet business and audit requirements, respond to complaints and queries, or address disputes or claims that may arise. When data is no longer required for the purposes for which it was collected, we securely destroy it.

DISCLOSURE OF YOUR INFORMATION

Your personal data may be disclosed in the following ways:

  • By you: On the Haven platform, you can share information with other Users. However, you have control over how you share this information. When you upload any content on our application, or website, your content becomes accessible to other Users.
  • By Us:
  • We may disclose your personal information to any of our affiliates.
  • We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use and other agreements; or to protect our rights, property, or safety or those of other Users our clients or others.
  • We may disclose your personal data if we are legally required to do so.
  • We may disclose your personal data to meet any applicable law, regulation, legal process or any legal request such as subpoenas, court orders, requests for administrative or government bodies;
  • to enforce our applicable Terms and Conditions;
  • to detect, prevent or address any fraud, security or technical issues;
  • to prosecute or bring any legal action against any User who has violated any law or our Terms and Conditions.

USER CONTENT

We may allow Users to post their content or information on this. These contents include audio, video, updates, articles, images or other materials Users choose to display on the. Please note that any material which You may post is made accessible to the entire public and will not be regulated by this Privacy Policy.

THIRD PARTY SITES

Our website, and services may contain links to third-party websites, products, and services. Our products and services may also use or offer products or services from third parties. Information collected by third parties, which may include such things as location data or contact details are governed by their privacy practices and we will not be liable for any breach of confidentiality or privacy of your information on such third-party websites. We encourage you to learn about the privacy practices of those third parties or contact them directly for information on their privacy policy, security, data collection and distribution policies.

PRIVACY POLICY CHANGE

We may modify this Privacy Policy from time to time without prior notice by publishing a new version of the Privacy Policy on the Haven website. Any changes to the Privacy Policy will be reflected on the website and will become effective immediately upon publication. We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting the personally identifiable information we collect. If changes to the Privacy Policy are material, we will do our best to notify you via email or through a notification on our website.

YOUR LEGAL RIGHTS

In addition to being able to control the data your directly provide to us, you may exercise any of the below rights with respect to your data:

  1. Request information about any of your personal data which we are processing, and request access to your personal information which we process.
  2. Request correction of personal information that we hold about you to make them more accurate or to reflect change in circumstances.
  3. Request us to refrain from doing certain things with your data or restrict the extent of our collection or processing of your data.
  4. Request partial or complete erasure of your personal information.
  5. Object to our processing of your personal information where we are processing your personal information for direct marketing purposes.
  6. Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
  7. Request the transfer of your personal information to another party. If you wish to exercise any of the rights set out above, please contact us using the contact details provided below.

YOUR LEGAL RIGHTS

If you have any questions about this privacy policy or our privacy practices, please contact us using the details provided below:

Full name of legal entity: Nestcoin Holdings Limited

Email address: support@havenclub.com

Privacy Policy

I. Information about the controller of personal data of users of the NESTCOIN EUROPE online cryptocurrency service operated under the domain www.havenclub.com and App “Haven Club”

The controller of the personal data of users (hereinafter referred to as "Users", and individually as "User") of the NESTCOIN EUROPE online cryptocurrency service operated in the domain www.havenclub.com (hereinafter referred to as "Service" or “Website” or “App”), i.e. the entity deciding on the purposes and means of processing their personal data is NESTCOIN EUROPE Sp. z o.o. with its registered office in Warsaw, ul. Bartycka 22B/21A, 00 - 716 Warsaw, KRS no: 0001137184, e-mail address: compliance@nestcoin.com, telephone number: +33785317717 (hereinafter referred to as the "Controller"). 

A User is understood to be any natural person using the Service.

II. Data Protection Officer (DPO)

The Controller has appointed a data protection officer with whom Users may contact regarding the protection of their personal data by e-mail to: compliance@nestcoin.com

III. Purposes and legal basis of personal data processing

The personal data controller processes the Users' personal data for the following purposes:

  1. in order for the User to set up and for the Controller to maintain a Customer Account (hereinafter referred to as "Account") in the Service. The basis for the processing of User data in this case is Article 6 (1) (b) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as "GDPR"), i.e. the necessity of the processing for the conclusion and performance of the agreement for maintaining the Account;
  2. in order for the Controller to provide the following services to the User via the Service:some text
    1. Virtual Currency Exchange, which enables the Service Users to:
  • sell Virtual Currencies on behalf of the Controller in exchange for other Virtual Currencies;
  • sell to the Virtual Currency Controller in exchange for cash (FIAT);
  • purchase from the Virtual Currency Controller in exchange for other Virtual Currencies;
  • buying from the Virtual Currency Controller in exchange for cash (FIAT);
  1. Virtual Currency Stock Exchange, which enables Service Users to:
  • sell to the Controller Virtual Currencies in exchange for other Virtual Currencies;
  • sell to the Virtual Currency Controller in exchange for cash (FIAT);
  • purchase from the Virtual Currency Controller in exchange for other Virtual Currencies;
  • purchase from the Virtual Currency Controller in exchange for cash (FIAT);
  1. Cryptocurrency Wallet, which is used to store Virtual Currencies by Users.

The basis for the processing of the User's data in such a case is Article 6(1)(b) of the GDPR, i.e. the necessity of the processing to provide the aforementioned services to the User;

  1. for the purpose of the Controller's customer identification in performance of its obligation under Article 34(1)(2) of the Polish Anti-Money Laundry Act of 1 March 2018. (hereinafter referred to as "AMLA"). The basis for the processing of the User's data in this case is Article 6(1)(c) of the GDPR, i.e. the necessity of the processing for the fulfilment of a legal obligation incumbent on the Controller;
  2. for the purpose of keeping statistics on the use of individual functionalities available on the Service, facilitating the use of the Service and ensuring IT security of the Service. Personal data concerning the User's activity in the Service and the amount of time spent on each subpage in the Service, User's search history, location, IP address, device ID, data concerning the Internet browser and User's operating system are then processed. The basis of the processing of the User's data in such a case is Article 6(1)(f) GDPR, i.e. the Controller's legitimate legal interest in processing the User's personal data;        
  3. for the purposes of marketing the Controller 's services. The User's personal data provided while creating and updating the Account, data concerning the User's activity in the Service, which are recorded and stored by means of cookies, are then processed. The basis for the processing of the User's personal data in this case is Article 6(1)(a) and (f) of the GDPR, i.e. the User's consent to receive marketing content from the Controller and the Controller's legitimate legal interest in conducting direct marketing of its services;                                                                                                                                                  
  4. in order to determine, assert and enforce possible claims of the Controller and to defend against possible claims of the User in court and out-of-court proceedings. The User's personal data provided when creating the Account as well as other data necessary to prove the existence of the claim or resulting from generally applicable legal regulations may be processed in this case. The basis for the processing of the User's personal data in such a case is Article 6(1)(f) GDPR, i.e. the Controller 's legitimate legal interest in processing the User's data. 

If the basis for the processing of the User's personal data is his consent to the processing of his data, i.e. Article 6(1)(a) GDPR, the User has the possibility to withdraw his consent at any time, which, however, does not affect the legality of the processing of his data which was carried out on the basis of consent before its withdrawal.

IV. Recipients of personal data

Personal data may be disclosed by the Controller to the General Inspector for Financial Information as required by the APSI. Personal data may also be entrusted by the Controller to other third parties providing ongoing services to the Controller, e.g. in the field of legal or accounting services, as well as in situations in which such an obligation clearly results from a demand of an authorized public authority or from the applicable provisions of generally applicable law. Personal data may also be transferred to the extent necessary to companies of the NESTCOIN EUROPE. Personal data may be transferred to countries outside the European Economic Area, but only to such countries for which the European Commission has issued a decision declaring an adequate level of personal data protection within the meaning of Article 45 GDPR.

The Controller shall each time ensure that the entities to which the Users' personal data will be entrusted are entities which guarantee a high level of protection of such data, and that appropriate contracts for entrusting the processing of the Users' personal data are signed with the entities with which this is required.

V. Storage period of User data

The User's personal data processed for the purpose of setting up and maintaining the Account shall be stored by the Controller for the period of maintaining the Account, i.e. until it is deleted by the User.

The User's personal data processed in order to provide the services mentioned in point III item 2 of this Privacy Policy shall be stored for a period of 5 years, counting from the date of termination of the business relationship with the Controller or from the date of execution of an occasional transaction in accordance with Article 49 of the AMLA. 

Personal data from cookies stored on the User's terminal device will be stored for a period corresponding to the life cycle of cookies stored on the User's terminal device or until they are deleted from the device by the User.

User personal data processed for the purpose of sending marketing content by the Controller, including the newsletter, will be stored by the Controller until the User withdraws his/her consent to receive it.

If the storage of the User's personal data proves necessary to assert or defend a claim to which the Controller is entitled or against the Controller, the User's personal data may be stored until the court proceeding pertaining to the claim is finally ended and the decision made in the proceeding is enforced.

VI. Users' rights related to the processing of their personal data

A. Right to withdraw consent

The User has the right to withdraw consent at any time if the processing of their personal data is based on that consent. Consent for data processing may be withdrawn by sending the Controller a declaration indicating such a wish, e.g. in the form of an e-mail message. The withdrawal of the consent shall be effective from the moment the Controller receives the aforementioned statement. Withdrawal of consent does not affect the lawfulness of the processing of the User's personal data carried out by the Controller before its withdrawal.

Legal basis: Article 7(3) of the GDPR

B. Right to demand access to data

The User has the right to obtain confirmation from the Controller as to whether his/her personal data are being processed and, if this is the case, has the right to:

(a) obtain access to his/her personal data;

(b) obtain information on: the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients of that data, the intended period of storage of the User's data or the criteria for determining that period, the User's rights under the GDPR and the right to lodge a complaint with the supervisory authority, the source of that data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of that data outside the European Economic Area;

(c) obtain a copy of your personal data.

Legal basis: Article 15 GDPR

C. Right to rectification

The User has the right to rectify and complete the personal data they have provided. The User may do so by submitting a request to rectify such data (if incorrect) or to complete it (if incomplete).

Legal basis: Article 16 GDPR

D. Right to erasure ("right to be forgotten")

You have the right to request the erasure of all or some of the data concerning you.

The User may request the erasure of their personal data if:

(a) the User's personal data are no longer necessary for the purposes for which they were collected or for which they were processed;

b) the User's personal data are processed unlawfully;

c) to object to the processing, if its basis is the legitimate legal interest of the Controller;

d) the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the Controller is subject;

(e) the personal data were collected in connection with the offering of information society services.

Despite the request for erasure of personal data in connection with the filing of an objection, the Controller may continue to process the User's personal data to the extent necessary for the establishment, assertion or defence of claims, and to the extent necessary to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the Controller is subject.

Legal basis: Article 17 GDPR

E. Right to restrict processing

You have the right to request the Controller to restrict the processing of your personal data, i.e. not to undertake any processing activities in relation to them beyond the mere storage thereof, in the following cases:

(a) where he/she questions the correctness of his/her personal data - for a period allowing him/her to verify the correctness of the data;

b) when the processing of the data is unlawful, but the User opposes its erasure by requesting instead the restriction of the processing;

c) when the User's personal data are no longer necessary for the purposes for which they were collected or used, but they are necessary for the establishment, assertion or defence of claims;

d) where the User has objected to the use of his/her data, in which case the restriction shall take place for the time necessary to consider whether the protection of the interests, rights and freedoms of the User outweighs the interests pursued by the Controller in processing his/her personal data.

Legal basis: Article 18 GDPR

F. Right to data portability to another controller

Where the User's personal data are processed by the Controller on the basis of the consent given by the User or for the purpose of entering into a contract with the User (Article 6(1)(a) and (b) of the GDPR), the User has the right to receive in a structured, commonly used readable format the personal data that the User has provided to the Controller, and has the right to transfer this personal data to another controller without hindrance from the Controller, provided that this is technically possible. 

Legal basis: article 20 GDPR

G. Right to object to processing

The User has the right to object at any time to the processing of his/her personal data where the processing is based on the legitimate legal interest of the Controller (Article 6(1)(f) GDPR). If the User's objection proves to be justified, and the Controller has no other legitimate legal basis for processing the User's personal data, as well as a basis for determining, asserting or defending his/her claims, the Controller shall delete the User's personal data to the use of which the User has raised an objection.

Legal basis: Article 21 GDPR

If, in the exercise of the above-mentioned rights described in items A-G), the User submits a request to the Controller, the request shall be met or refused immediately, but no later than within one month of its receipt. However, if, due to the complexity of the request or the number of requests, the User is unable to comply with the User's request within one month, it will be complied with within a further two months after informing the User of the need to extend this period.

H. Right to lodge a complaint with a supervisory authority

If the User considers that the right to data protection or other rights granted to the User under the GDPR have been violated, the User has the right to lodge a complaint with the supervisory authority - the President of the Office for Personal Data Protection. 

Legal basis: Article 77 GDPR

VII. Voluntariness of providing personal data

Providing personal data by the User is always voluntary, but it is necessary in order to contact the Controller through the contact form and in order to conclude and perform the contract between the User and the Controller and to serve the User as the Controller 's customer. If the User does not provide the data, it will not be possible to contact the Controller to conclude and perform the contract between the User and the Controller or to serve the User as the Controller 's customer.

VIII. Possibility of profiling the Users' personal data by the Controller

The Users' personal data concerning their preferences, behaviour and choice of marketing content may be used as the basis for making automated decisions in order to determine the sales opportunities of the Service. Therefore, pursuant to Article 21(2) of the GDPR, all Users have the right to object to the processing of their data by the Controller for this purpose.

IX. Data Collected Automatically (Cookies and Similar Technologies)

When you use our Website or App, we collect data automatically through cookies and similar tracking technologies to enhance your experience and ensure the proper functionality of our services.

On the Website: Cookies

Cookies are small text files stored on your device through your web browser. They help us:

  • Maintain session performance and ensure technical continuity.
  • Optimize your experience by adjusting how the Website is displayed on your device.
  • Ensure security of your session and usage.
  • Gather statistics to improve website structure and content.
  • Display personalized content based on your preferences.

There are two types of cookies we use:

  • Session Cookies: Temporary files that are deleted once you log out or close your browser.
  • Persistent Cookies: These remain on your device until they expire or are manually deleted. These cookies are only installed with your consent.

On the App: Similar Technologies

In our App, we use technologies that work similarly to cookies but are adapted for mobile environments. These include:

  • Device Identifiers: Such as IDFA (Identifier for Advertisers on iOS) and GAID (Google Advertising ID on Android), used for personalized analytics.
  • Local Storage: Stored data in your device to save preferences and session information.
  • In-App Analytics Tools: These tools collect data about how you interact with the App to help us improve the user experience.

These technologies enable us to personalize your experience, improve functionality, and ensure the security of our App.

Your Choices

  • On the Website: You can manage cookie preferences through your web browser settings. You can choose to block cookies or be notified when cookies are being set. Please note that restricting cookies may affect the functionality of the Website.
  • On the App: You can manage tracking technologies through your device settings:some text
    • Adjust app permissions for tracking and personalized ads.
    • Reset your advertising ID (IDFA or GAID).
    • Opt-out of personalized analytics through your device privacy settings.

Only the Controller has access to cookies processed by the Website's server.

Data Usage and Privacy

The data collected via cookies and similar technologies may be linked to personal information you provide when using the Website or App, such as when registering an account. This data helps us deliver tailored experiences, optimize performance, and improve our services while ensuring your privacy.

X. Changes to the Privacy Policy

If it is necessary to update the information contained in this Privacy Policy or if it is necessary to ensure its compliance with the applicable laws or technological conditions of the functioning of the Website, this Privacy Policy may be amended. Users will be informed of any changes to the Privacy Policy through a notice displayed on the Website.

XI. Contact with the Controller

Contact with the Controller is possible via e-mail at the address: compliance@nestcoin.com or by phone at: +33785317717