Privacy Policy

Last updated: March 2026. This policy explains how Novum collects, uses, and protects your personal data.

Your Privacy Matters

Novum is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We process your data lawfully, fairly, and transparently, and only for the purposes described in this policy.

1. Information We Collect

We collect the following categories of personal data:

Category	Examples	Purpose
Identity Data	Full name, date of birth, national insurance number	Account creation, KYC verification
Contact Data	Email address, phone number, postal address	Communications, account security
Financial Data	Investment history, risk profile, portfolio data	Service provision, suitability assessment
Technical Data	IP address, browser type, device information	Security, platform optimisation
Usage Data	Pages visited, features used, interaction patterns	Service improvement, analytics

2. How We Use Your Data

We process your personal data on the following legal bases under UK GDPR:

Contract Performance: To provide you with the Doris platform services, process your investment orders through broker partners, and manage your account.
Legal Obligation: To comply with anti-money laundering (AML) regulations, KYC requirements, and other regulatory obligations.
Legitimate Interest: To improve our platform, analyse usage patterns, prevent fraud, and ensure platform security.
Consent: For marketing communications and optional analytics. You may withdraw consent at any time.

3. Data Sharing

We may share your personal data with the following categories of recipients:

Broker Partners: To execute your investment orders. Brokers receive only the data necessary for trade execution and regulatory compliance.
Identity Verification Providers: To perform KYC checks as required by regulation.
Market Data Providers: Aggregated, anonymised usage data may be shared with data providers under our licensing agreements.
Regulatory Authorities: When required by law or regulation, including the FCA, HMRC, and law enforcement agencies.
Service Providers: Cloud hosting, analytics, and communication services that process data on our behalf under strict data processing agreements.

We do not sell your personal data to third parties. We do not share your data with third parties for their own marketing purposes without your explicit consent.

4. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit (TLS 1.3) and at rest (AES-256)
Multi-factor authentication for account access
Regular security assessments and penetration testing
Access controls limiting data access to authorised personnel
Secure data centres located within the United Kingdom and European Economic Area
Incident response procedures and breach notification protocols

5. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure

Request deletion of your data (subject to legal obligations)

Right to Restrict Processing

Request limitation of how we process your data

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests

To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within one month.

6. Cookies and Tracking

We use essential cookies to maintain your session and provide core platform functionality. We also use analytics cookies to understand how the platform is used and to improve our services. You can manage your cookie preferences through your browser settings.

Cookie Type	Purpose	Duration
Essential	Authentication, security, session management	Session / 30 days
Functional	Preferences, tour completion, theme settings	1 year
Analytics	Usage patterns, performance monitoring	2 years

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. Specific retention periods include:

Account data: retained for the duration of your account plus 5 years after closure
Transaction records: retained for 7 years as required by financial regulations
KYC documentation: retained for 5 years after the end of the business relationship
Analytics data: anonymised after 2 years

8. Contact and Complaints

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact:

Data Protection Officer

Novum Technologies Ltd

Email: [email protected]

Address: London, United Kingdom

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been infringed. The ICO can be contacted at ico.org.uk.

Risk Warnings Terms of Service How It Works Back to Home