Privacy Policy
Effective Date: January 10, 2025
- Purpose:
NKM Management N.V. prioritizes your privacy by complying with Curaçao's laws, GDPR, and other global privacy standards. Feedback and accessibility requests (e.g., large print) are welcome. - Scope:
Applies to all data collected through websites, apps, offline interactions, and third-party partners. Minors under 16 require parental consent. - What Data Is Collected:
- Personal Info: Name, contact details, payment info.
- Technical Info: IP address, browser, cookies.
- Sensitive Info: Only collected with explicit consent, which can be withdrawn anytime.
- How Data Is Used:
- To deliver and improve services.
- For security, fraud prevention, and legal compliance.
- AI helps with fraud detection and personalization, but major decisions involve human review.
- Legal Basis for Processing:
- Consent: For optional uses like marketing.
- Contractual: To fulfill your requests.
- Legal Obligations: For taxes, fraud, etc.
- Legitimate Interests: To enhance services securely.
- Data Sharing:
- With service providers (e.g., payment processors).
- To legal authorities when required.
- During business transfers (mergers, acquisitions).
- International Transfers:
Data is transferred with strict safeguards, like encryption and explicit consent where required. - Your Rights:
- Access, correct, delete, or object to processing your data.
- Withdraw consent anytime.
- Request data in a portable format.
- Security:
- Encryption (AES-256, TLS).
- Role-based access controls.
- Cookies:
- Essential Cookies: For core functions (temporary).
- Analytics Cookies: To analyze usage (90 days).
- Advertising Cookies: For personalized ads (up to 12 months).
- Data Retention:
- Transaction data: 5 years (tax purposes).
- Marketing data: 2 years (unless withdrawn).
- Administration documents 10 years (legal requirement)
- Accountability & Audits:
Employee training ensure compliance. - High-Risk Processing:
Data Protection Impact Assessments (DPIAs) are conducted for sensitive or large-scale data handling. - AI & Automation:
AI systems are reviewed for fairness and accuracy. Users can request human reviews of impactful automated decisions.
Effective Date: January 10, 2025
1. Introduction
At NKM Management N.V. (dba CorporateFinancialSolutions) protecting your privacy is our top priority. This Privacy Policy explains how we collect, use, share, and safeguard your personal data in compliance with local privacy regulations in Curaçao, and also the General Data Protection Regulation (GDPR) and other applicable laws.
We strive to make this policy accessible to everyone, including users with disabilities. To request alternative formats, such as audio or large print, please contact our Data Protection Officer (DPO). Requests will be acknowledged within five business days and processed promptly.
We value your feedback on this policy and use it to improve our privacy practices. Contact our DPO for suggestions, questions, or concerns.
This policy is reviewed annually or as needed to reflect changes in regulations, technologies, or business practices. We also monitor advancements in privacy-enhancing technologies, such as federated learning, homomorphic encryption, and advanced anonymization, to ensure compliance with global best practices.
2. Scope of This Policy
This policy applies to personal data collected through our websites, applications, services, offline interactions, and trusted third-party sources.
We comply with the local age threshold for children’s privacy (16 years), which is the same for the EU. If we inadvertently collect data from minors, we delete it promptly and notify parents or guardians when feasible.
We adhere to the following privacy laws:
- LANDSVERORDENING van de 4de september 2010 houdende regels inzake de bescherming van persoonsgegevens (Landsverordening bescherming persoonsgegevens)
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
3. Information We Collect
We collect and process the following types of data to provide services, maintain security, and comply with legal obligations:
- Personal Information: Data such as your name, email, phone number, payment details, and any information provided during interactions with us.
- Technical Information: Data such as IP addresses, browser types, device information, and usage patterns collected via cookies and similar technologies.
- Sensitive Information: When collecting sensitive data, such as biometric or health-related information, we provide a clear consent form outlining its purpose and allow you to revoke this consent at any time through your Privacy Dashboard or by contacting our DPO.
When collecting data from third parties, such as analytics providers or credit bureaus, we validate their compliance with privacy regulations and notify you about the purpose of the data collection.
4. How We Use Your Information
We use your data for the following purposes:
- Delivering, personalizing, and improving our services.
- Ensuring compliance with legal and regulatory requirements.
- Preventing fraudulent activity and improving security.
- Communicating updates, promotions, or relevant content.
AI Use and Oversight:
Our AI systems assist in fraud detection, recommending content, and optimizing service delivery. Decisions that significantly affect your rights are always reviewed by qualified personnel. AI systems are regularly audited for fairness, accuracy, and cultural sensitivity, with semi-annual reviews or as significant updates are introduced. For example, we’ve implemented adjustments to prevent geographic biases in content recommendations and partnered with external auditors to assess language-model accuracy for non-English-speaking regions.
If you believe an automated decision has significantly impacted your rights, you may request a review by contacting our DPO or through the Privacy Dashboard.
Legitimate Interests:
We rely on legitimate interests for activities such as improving security, analyzing website usage, or detecting fraud. These interests are carefully assessed to ensure they do not override your rights.
5. Legal Basis for Processing
We process personal data under one or more of the following legal bases:
- Your Consent: For optional activities such as marketing communications.
- Contractual Necessity: To fulfill a contract, such as providing requested services.
- Legal Obligations: To comply with tax, fraud prevention, or other regulatory requirements.
- Legitimate Interests: To improve services or enhance security, provided your rights are not overridden.
You can withdraw your consent at any time through your account settings, our Privacy Dashboard, or by contacting our DPO.
6. Sharing Your Information
We share your data only when necessary and under strict safeguards:
- Service Providers: For payment processing, IT support, analytics, and other essential services.
- Legal Authorities: To comply with legal obligations or regulatory requirements.
- Business Transfers: In the event of mergers, acquisitions, or sales, under strict confidentiality agreements.
You may request additional information about the third parties involved in data processing.
7. International Data Transfers
We transfer data internationally only with appropriate safeguards:
- Standard Contractual Clauses (SCCs): Agreements approved by international authorities to ensure your data stays protected. Learn more about SCCs from the European Commission.
- Technical Protections: Data is encrypted and pseudonymized during transfers.
- Consent Where Required: In jurisdictions requiring explicit consent for transfers, we notify you and seek your approval.
8. Your Rights
You have the right to:
- Access your data and request a copy.
- Correct inaccurate or incomplete information.
- Delete your data unless retention is legally required.
- Restrict or object to data processing.
- Request your data in a machine-readable format for portability.
- Withdraw consent for optional data processing.
You can access your Privacy Dashboard through your account settings. Requests are typically processed within 30 days, as required by law.
9. Security Measures
Your data is protected through:
- Encryption: AES-256 encryption for stored data and TLS for data in transit.
- Access Controls: Role-based access controls (RBAC) to ensure only authorized personnel can access data.
10. Cookies and Tracking Technologies
We use cookies to improve your experience. They are categorized as:
- Essential Cookies: Necessary for core functionality (expire when you close your browser).
- Analytics Cookies: Help us analyze usage patterns (persist up to 90 days).
- Advertising Cookies: Deliver personalized advertisements (may persist for up to 12 months).
Preferences set through the Cookie Management Tool are saved and can be updated at any time. For more details, see our Cookie Policy.
11. Retention of Data
We retain personal data only as long as necessary. Here is an overview:
Data Type Retention Period Purpose
Transaction Data 7 years Tax compliance
Marketing Data 2 years (unless withdrawn) Personalized communications
Legal Compliance Records 10 years as required by law Regulatory adherence
At the end of retention periods, data is securely deleted or anonymized.
12. Accountability Measures
We maintain detailed records of all data processing activities and conduct regular audits to ensure compliance. Internal privacy champions oversee adherence, and all employees undergo regular training on privacy practices. We also aim to maintain certifications such as ISO 27001 for information security management.
13. Data Protection Impact Assessments (DPIAs)
We conduct DPIAs for high-risk processing activities, such as handling sensitive personal data, deploying large-scale behavioral tracking systems, introducing third-party AI models, or expanding operations to high-risk jurisdictions.
14. Automated Decision-Making and AI Ethics
Our AI systems are tested regularly for fairness, accuracy, and cultural sensitivity. External experts may audit these systems to ensure compliance with our ethical standards.
This policy is reviewed annually or when legal or operational changes require updates. Significant changes will be communicated at least 30 days before implementation.
For questions, concerns, or feedback, contact our Data Protection Officer:
Email: info@cfs360digital.com