Privacy

Privacy Policy

Data Controller

Nomosa is the data controller for personal data collected via the nomosa.org platform. To contact us, please use the contact form.

Data Collected

We collect the following data depending on the forms used:

  • Full name, email address
  • Organization / firm / company (depending on profile)
  • Profile (company, investor, expert)
  • Message and subject of inquiry
  • Technical data (connection logs, browser information) for security purposes

As part of the KYC (identity verification) process, additional official documents may be required.

Processing Purposes

  • Processing your contact request or registration
  • Identity and eligibility verification (KYC/AML)
  • Execution of contracts you are party to
  • Compliance with legal and regulatory obligations
  • Security and fraud prevention
  • Platform-related communications

Legal Basis

Processing is based on: your consent (contact forms), contract execution (platform access), legitimate interest (security, fraud prevention), or legal obligation (KYC/AML, record keeping).

Data Retention

Data is retained for as long as necessary to fulfill its purpose, with a maximum of 5 years after the end of the contractual relationship for accounting and regulatory data, and 3 years after the last contact for prospecting data.

Data Sharing

Your data is not sold to third parties. It may be shared with technical processors (hosting, transactional email) and identity verification providers, all bound by confidentiality contractual obligations. Some processors may be located outside the EU; in such cases, appropriate safeguards (standard contractual clauses) are in place.

Your Rights

In accordance with the GDPR, you have the following rights:

  • Access to your personal data
  • Correction of inaccurate data
  • Deletion as provided by law
  • Restriction of processing
  • Data portability
  • Objection to processing
  • Withdrawal of consent at any time

To exercise your rights, please use the contact form. You may also file a complaint with your local data protection authority.

Cookies

The site uses only cookies strictly necessary for operation (session, security). No advertising or third-party tracking cookies are deployed without your explicit consent.

Security

We implement appropriate technical and organizational measures to protect your data: encryption in transit (TLS), encryption at rest, access controls, and audit logs. In case of an incident affecting your data, you will be notified in accordance with legal obligations.

Contact & DPO

For any questions about data protection, please use the contact form.

Last updated: April 2026