1. Scope of this Privacy Policy

This Privacy Policy explains how NomadRem processes personal data in connection with the use of our website www.nomadrem.com, platform, and related services (“Services”).

This Policy does not apply to third-party websites not owned or controlled by NomadRem.

NomadRem processes personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable regulations.

2. Data Controller

Depending on your jurisdiction and the nature of the Services, your personal data may be processed by:

• NomadRem UAB, Žalgirio g. 90-100, Vilnius, LT-09303, Lithuania;
• NomadRem LLC, 30 N Gould St # #49276 Sheridan, WY, 82801, USA;

The entity responsible for your data will depend on your location and will be communicated during onboarding or within your Account.

For general inquiries:
Email: [email protected]

3. Supervisory Authority

For users in the European Economic Area:

State Data Protection Inspectorate (VDAI)
L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania
www.vdai.lrv.lt

You may also contact your local data protection authority.

4. Legal Bases for Processing

Personal data is processed based on:

• contractual necessity (Art. 6(1)(b) GDPR)
• legal obligations (Art. 6(1)(c) GDPR)
• legitimate interests (Art. 6(1)(f) GDPR)
• consent where applicable (Art. 6(1)(a) GDPR)

5. Use of Services & Partners

NomadRem provides payment and remittance services through its Platform and operates within applicable regulatory frameworks.

To deliver these Services, NomadRem may work with regulated financial institutions, payment processors, compliance providers, and infrastructure partners.

Depending on the service and regulatory requirements:

• certain partners may act as independent data controllers; and
• others may act as data processors on behalf of NomadRem.

These partners may process personal data where necessary to:

• execute Transactions
• perform identity verification (KYC/KYB)
• comply with legal and regulatory obligations

6. Categories of Data Processed

We may process the following categories of personal data:

• Identification and contact data
• Transaction and usage data
• Compliance and verification data (KYC/AML)
• Technical data (e.g. IP address, device information)
• Communications with NomadRem

7. Data Retention

Personal data is retained only as long as necessary to provide the Services and comply with legal and regulatory obligations.

This may include retention for 5–10 years, particularly for AML and compliance purposes.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside your jurisdiction, including the European Economic Area and the United States.

Where required, NomadRem implements appropriate safeguards, including:

• Standard Contractual Clauses (SCCs)
• contractual and technical protections

9. Data Subject Rights

You have the right to:

• access your personal data
• correct inaccurate data
• request deletion of your data
• restrict or object to processing
• request data portability
• withdraw consent where applicable

Some rights may be limited where data must be retained for legal or regulatory purposes.

10. Security

NomadRem applies appropriate technical and organisational measures to protect personal data, including:

• encryption (e.g. TLS)
• access controls
• internal security policies

11. Children

The Services are intended for individuals aged 18 and above.

12. Changes

This Privacy Policy may be updated from time to time.

NomadRem | Terms & Conditions | v1.1 | 20 Apr 2026