Data Protection Policy

Effective Date: 1 January 2026
Last Updated: 1 January 2026

Purpose and Commitment

Nurusalem is committed to protecting personal data through appropriate technical, administrative, and organizational measures. This Data Protection Policy explains how personal data is safeguarded, stored, processed, and protected throughout its lifecycle.

Principles of Data Protection

Nurusalem processes personal data in accordance with internationally recognized principles, including:

• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimization
• Accuracy and data quality
• Storage limitation
• Integrity and confidentiality
• Accountability

Categories of Data Processed

Personal data processed by Nurusalem may include:

• Identification and verification data
• Professional and credential information
• Application and declaration records
• Transaction and payment references
• Technical data such as IP addresses, device information, access logs, and timestamps

IP Address and Technical Data

IP addresses and related technical data are collected automatically for purposes including:

• Platform security and access control
• Fraud prevention and abuse detection
• System diagnostics, performance monitoring, and stability
• Legal, audit, and compliance requirements

IP addresses are not used for intrusive profiling and are handled proportionately and securely.

Legal Basis for Processing

Personal data is processed based on appropriate legal grounds, which may include:

• User consent
• Contractual necessity
• Legal or regulatory obligations
• Legitimate operational and security interests

Data Storage and Retention

Personal data is stored in secure environments and retained only for as long as necessary to meet operational, legal, regulatory, or contractual obligations. When data is no longer required, it is securely deleted, anonymized, or archived.

Cross Border Data Processing

Nurusalem operates globally and may process personal data in multiple jurisdictions. Appropriate safeguards are implemented to ensure that personal data remains protected during cross border transfers and processing.

Data Security Measures

Nurusalem implements reasonable safeguards to protect personal data, which may include:

• Access controls and authorization restrictions
• Encryption and secure transmission methods
• Secure hosting and infrastructure
• Monitoring and logging systems
• Staff training and confidentiality obligations
• Periodic reviews of security practices

While strong safeguards are used, no system can guarantee absolute security.

Access Control and Confidentiality

Access to personal data is restricted to authorized personnel who require it for legitimate purposes. Confidentiality obligations apply to all individuals with access to personal data.

Data Subject Rights

Subject to applicable laws, individuals may have the right to:

• Access personal data held about them
• Request correction of inaccurate data
• Request deletion, subject to retention requirements
• Restrict or object to certain processing activities
• Withdraw consent where applicable

Requests may require identity verification and are handled within reasonable timeframes.

Incident Management

In the event of a data security incident, Nurusalem will take appropriate steps to contain, investigate, and mitigate the impact, and will comply with applicable notification obligations where required.

Policy Updates

This Data Protection Policy may be updated periodically to reflect operational, legal, or regulatory changes. Updated versions will be published on the Nurusalem website.

Contact

Questions or requests related to data protection practices may be submitted through the official contact channels listed on the Nurusalem website.