PRIVACY POLICY
In compliance with Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter, “GDPR”), Nexi Payments S.p.A. (hereinafter also “Nexi”), as the Data Controller, intends to provide certain information regarding the processing of your personal data (“Personal Data”) related to the installation and use of the Nexi Ready service.
Nexi Payments S.p.A., with its registered office at Corso Sempione 55 20149 Milan (Italy), VAT No. 10542790968, is the card-issuing company, responsible for the technical and operational activities as well as for the actual processing of personal data related to the use of the app and the card service.
For the purposes of this privacy notice, Nexi Payments S.p.A. is identified as the Data Controller (the entity that determines the purposes and means of the processing).
Nexi Ready Card is the Credit Card (“Card”) issued by Nexi that allows the Cardholder to make payment transactions through the International Network whose brand name appears on the Card.
The App Nexi Ready and the website are owned by Nexi Payments S.p.A., which is also the issuer and operator of the service.
Below is certain summary information on the processing of Personal Data related to the use of the App and the registration also on the website required to apply for the Card. In addition to this privacy policy and for detailed information on the processing of Personal Data relating to the issue and use of the Card, please refer to the specific privacy policy annexed to the contract, available at the following link: https://www.nexi.de/NRC/nexi/login PortalPaas.
1. TYPE AND SOURCE OF PERSONAL DATA PROCESSED
Nexi may collect Personal Data from you during the online Card application process and Personal Data acquired as a result of using the Card and through the use of the Nexi Ready App.
The App, which is available free of charge, can be installed without registering and involves the acquisition by Nexi, for security reasons, of the following information:
App tracking (“tracker”) /operation data, information relating to the mobile device on which the App is installed and certain parameters relating to the Android or iOS operating system (e.g. log files, which may contain, for example, date and time of access, browser used), the transmission of which is necessary for the normal operation of the App.
In particular, with regard to the authorisations required during the installation phase of the App, please note that, by way of example:
With reference to the iOS system, the required authorisations concern: device location, device camera to speed up the registration process, credential retrieval and profile photo editing, device photo to personalise the profile, fingerprint access and biometric access (FACE ID or a biometric recognition system to recognise your face).
With reference to the Android system, the required authorisations concern: device location, fingerprint and biometrics access, bluetooth, account, wi-fi status, audio record, internet, save, vibrate, read image data (pdf, images, etc.), information relating to the off-line and active status of the App.
Information about running applications to allow the App to collect and analyse information about other applications running on your device in order to identify any code that could potentially intercept and interfere with your information and operations.
Wi-Fi connection information to allow the App to use information such as the name of the Wi-Fi network.
In addition, with regard to the onboarding process, Nexi will send you an invitation code to access our App. Each invitation code is unique to each customer.
When you access the App and complete the identification process, the correspondence between the utilizer of the code and the customer will be verified, and through your unique code we’ll retrieve some of your personal data from our bank partner.
The retrieval of your personal data allows us to partially pre-fill the card application, making the process easier for you.
The App can send you push notifications related to the service if you have activated the sending of push notifications via your device’s operating system (Android or iOS).
Tracking data not necessary for the operation of the service will be collected by means of certain trackers, which can only be activated with your explicit, specific and prior consent.
The App only tracks location data (the position of the device) with your explicit, specific and prior consent.
If you decide to proceed with registration, Nexi will also process Personal Data provided by you, such as identification data, contact data, multimedia data (photos and videos, in relation to the identification phase), location data (in relation to the use of certain functions) and also acquired by third parties.
When verifying your identity, and more generally where required to comply with legal obligations, Nexi may process special categories of data, such as biometric data, as well as personal data relating to criminal convictions, offences and other security measures.
2. PURPOSE AND LEGAL BASIS OF THE PROCESSING
The Personal Data acquired will be processed by Nexi for registration, compliance with legal obligations and fraud prevention.
3. PROCESSING OF BIOMETRIC DATA
The processing of your biometric data is carried out pursuant to Articles 6(1)(c) and 9(2)(g) of the GDPR and is necessary to comply with anti-money laundering legislation.
Biometric data will only be stored for as long as necessary and then definitively erased.
4. PARTIES WHO MAY HAVE ACCESS TO THE DATA
Your personal data may be processed by authorised Nexi employees and external Data Processors pursuant to Article 28 GDPR.
5. TRANSFER OF DATA ABROAD
Personal data may be transferred outside the European Economic Area in compliance with GDPR Chapter V.
6. DATA RETENTION
Personal Data will be retained in accordance with legal obligations and then permanently erased.
7. RIGHTS OF THE DATA SUBJECT
You may exercise your rights at any time by contacting the Data Protection Officer at dpo@nexigroup.com.
You also have the right to lodge a complaint with the Italian Data Protection Authority.
8. DATA CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is Nexi Payments S.p.A., Corso Sempione 55, 20149 Milan.
The Data Protection Officer can be contacted at dpo@nexigroup.com.
For further information, please consult the complete privacy policy available in the Cardholders Portal at the following link: https://www.nexi.de/NRC/nexi/login .
Last document update: 09/02/2026