§ Legal · Privacy

Privacy policy.

Laatst bijgewerkt 1 mei 2026

Our commitments to you about the personal data you entrust to us, written without ornament.

Our commitment

Nexilon Varentis operates in full compliance with the General Data Protection Regulation (Regulation EU 2016/679) and applicable national data-protection legislation. Personal data is encrypted with AES-256 at rest and used solely for service delivery and statutory record-keeping. We hold an EU-only data-residency policy for subscriber personal data and a designated Data Protection Officer reachable at [email protected].

Data we collect

We collect only what we require to deliver the service and meet our statutory obligations:

Identification details. Full name, date of birth, residential address, government-issued identification documents.
Contact information. Email address, telephone number.
Financial information. Source of funds, transaction history, account balance, related-party disclosures where applicable.
Platform usage data. Activity logs necessary to provide the service, debug issues, and meet our security obligations.

This information is never shared with unauthorised third parties. It is transmitted only to regulated brokers for the purpose of opening segregated accounts on the subscriber's behalf, and to our independent auditors during the annual SOC 2 and ISO 27001 audit cycles, in both cases under written confidentiality undertakings.

How we store it

Subscriber personal data is held on encrypted storage within the European Union. We do not transfer subscriber personal data outside the EU/EEA without an appropriate transfer mechanism (Standard Contractual Clauses, adequacy decision, or equivalent). Sensitive fields — such as government-issued identification documents and source-of-funds documentation — are encrypted at the field level with keys held in a separate key-management service.

Your rights

Subscribers retain the right to access, correct, port, restrict the processing of, or delete their data under GDPR. Requests should be addressed to [email protected] and are answered within thirty days. You also have the right to lodge a complaint with your national data-protection supervisory authority, the details of which we will provide on request.

Retention

We retain subscriber personal data for as long as the subscription is active, plus the minimum retention period required by applicable financial-services legislation (typically five to seven years following account closure, depending on jurisdiction). After that period elapses, personal data is irreversibly deleted from production and backup systems, with the deletion logged for our own audit purposes.

← Terug naar het omslag