nCino KYC
Privacy Statement

Last Updated: June 3, 2025

nCino Inc. (“nCino”) is a leading provider of software empowering a new era in financial services. Institutions around the world rely on nCino every day to succeed and grow. Our customers trust us with Personal Data and expect us to protect that Personal Data with the same level of care as we do our own.

This Privacy Statement describes how we collect, use, disclose, and otherwise process Personal Data, as well as the rights and choices individuals have regarding such Personal Data. This Privacy Statement applies to the extent we process Personal Data on our own behalf, as a controller or business.

“Personal Data” means any information relating directly or indirectly to an identified or identifiable person and includes other similarly defined terms, such as “personal information,” as used in applicable privacy and data protection laws.

You can click the links below to go directly to a particular section in our Privacy Statement.

1. Scope
2. Collection of Personal Data
3. Use of Personal Data
4. Disclosure of Personal Data
5. Cookies and Other Tracking Technologies
6. Privacy Choices and Rights
7. External Websites
8. Third-Party Integrations and Social Features
9. International Data Transfers
10. Children
11. Security 
12. Personal Data Retention
13. Updates to this Privacy Statement
14. Contact Us
15. California Residents
16. South African Residents

1. Scope

Unless otherwise noted, this Privacy Statement applies to our collection, use, disclosure, and other processing of Personal Data, as a controller or business, related to:

• Our Websites (each, a “Website”) that display or link to this Privacy Statement;
• Marketing activities including any communication about nCino events, products, and services which may be aimed at former, current, and prospective clients and customers; and
• Individuals who interact or communicate with us related to our services or our business.

(Collectively, the “Services”).

Customer Personal Data. We process Personal Data on behalf of our customers, as a processor or service provider, and this Privacy Statement does not apply to such processing except as set forth in Section 16. South African Residents related to website users, customers, and suppliers in South Africa. Our customers are the controller (or “business”) for the Personal Data that we process on their behalf and may have different data processing practices.

Additional privacy notices. In some cases, different or additional notices about our data collection and processing practices may be provided and apply to our processing of certain Personal Data. To the extent there is a conflict with this Privacy Statement, the additional notice will control with respect to the Personal Data subject to that notice. 

2. Collection of Personal Data

Generally, we collect your Personal Data on a voluntary basis. However, if you decline to provide certain Personal Data that is marked mandatory, you may not be able to access certain Services or we may be unable to fully respond to your request or inquiry.

We may collect the following categories of Personal Data from various sources, including directly from you, automatically related to the use of the Services, and in some cases, from third parties (such as social networks, platform providers, payment processors, data providers, and operators of certain third-party services that we use). In some cases (such as where required by law), we ask for your consent or give you certain choices prior to collecting or using certain Personal Data. The Personal Data we collect about you may vary depending upon the circumstances and may not include all the examples listed below.

• Contact Information and Other Identifiers, including name, contact details, unique personal identifier, online identifier, IP address, login credentials, and age and/or date of birth.
• Content of Communications, including Personal Data that you provide to us during the course of your communications with us; when you register for a nCino demonstration, request a whitepaper, sign up to attend our events, or submit other requests; when you fill out a ‘Contact Us’ form, signup for our mailing lists, or otherwise request information from us; and when you post in chat sessions, forums, in other areas of the Services, or on our social media channels.
• Payment Details, including Personal Data that you submit when you make a purchase or payment, such as your credit card number and shipping and billing information.
• Internet or Other Electronic Network Activity Information, including internet or other similar activity, browsing history, search history, information about Website interactions, device data, or social media account information and engagement with our social media accounts.
• Location Data, including your physical location based on information you provide directly or inferred from your IP address or mobile device.
• Professional or Employment-Related Information, including title, company, region, and job responsibilities.
• Audio, Electronic, Visual, or Similar Information, including electronic or visual information, such as your photograph or electronic signature, call recordings, and webinar and other event recordings.

In some cases, we may combine your Personal Data with other data we obtain from other sources, such as public databases and other third parties. Your Personal Data may be converted into deidentified, anonymised, or aggregated data, such that it is no longer reasonably associated with you, not considered Personal Data under applicable law, and not subject to this Privacy Statement.

3.  Use of Personal Data

We may use or otherwise process the Personal Data described above for the following purposes:

• Providing Services, including to communicate with you related to our Services or business; to provide products and services you request (and send related information); to operate our Services; to communicate with you about your access to and use of our Services; to respond to your inquiries; and to provide troubleshooting, fulfill your requests and provide technical
  • Analysing and Improving Our Services,including to better understand how users access and use our Services, to evaluate and improve our Services and business operations, and to develop new features, offerings, and services; to conduct surveys, and other evaluations, such as customer satisfaction surveys; and for other research and analytical purposes.
• Operating Our Services, including to maintain, operate, optimise, and provide access to our Services; to identify visitors to our Services; to monitor and analyse usage and trends; to evaluate how our Services perform; to provide or recommend features, content, social connections, and referrals; to tailor content we send or display on our Services; to offer location customisation and personalised help and instructions; and to otherwise personalise your experiences.
• Promoting Our Business, including to reach you with more relevant ads; to evaluate, measure, and improve the effectiveness of our ad campaigns; to send you newsletters, offers, or other information we think may interest you; to contact you about our Services or information we think may interest you; and to administer promotions and contests.
• Managing Security and Integrity,including to protect and secure our business operations, assets, services, network and information, and technology resources; and to investigate, prevent, detect, and take action regarding fraud, unauthorised access, situations involving potential threats to the rights or safety of any person or third party, or other unauthorised activities or misconduct.
• Complying with Legal and Compliance, including to comply with the law, our legal obligations, and legal processes, such as warrants, subpoenas, court orders, and regulatory or law enforcement requests; to manage and respond to actual and potential legal disputes and claims; and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties.
• Planning and Facilitating Business Transactions, related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy, or restructuring of all or part of our business.
• Operating Our Business,including to carry out financial, tax and accounting audits; to perform audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; and to operate our general business, accounting, recordkeeping, and legal functions.

We process Personal Data pursuant to the following legal bases, as permitted by applicable law, including:

• Performance of a Contract or Steps to Enter into a Contract, such as when we carry out a transaction or respond to your requests related to our products and services.
• Compliance with a Legal Obligation, such as when we use Personal Data for recordkeeping, respond to regulatory inquiries, or are involved with judicial or administrative proceedings.
• With Your Consent, such as for direct marketing or targeted advertising when consent is required by applicable law.
• As Necessary for Legitimate Interests, such as for business operations, commercial interests, Website operations, maintaining security and integrity, fraud prevention, and compliance with our contractual obligations.

4. Disclosure of Personal Data 

We may disclose the Personal Data described above to the following categories of recipients:

• Vendors and Service Providers that perform functions on our behalf in order to carry out the purposes identified above. These may include, for example, IT and hosting providers, help desk contractors, payment processors, marketing and analytics providers, consultants, and professional advisers. We may disclose Personal Data with providers of online tracking technologies, as described in Section 5. Cookies and Other Tracking Technologies.
• Professional Advisors, including for the performance of audit functions and the provision of legal and other advice.
• Subsidiaries and Affiliates within the nCino group of companies, who will use and disclose this Personal Data in accordance with the principles of this Privacy Statement, including to share relevant news, information, and offers with you.
• Parties to Corporate Transactions, including as part of any actual or contemplated merger, sale, or transfer of our assets; acquisition, financing, or restructuring of all or part of our business; or bankruptcy or similar event; and prior to the completion of such a transfer, where necessary for due diligence or to plan for the transfer, such as to lenders, auditors, and third-party advisors, such attorneys and consultants, where permitted by law.
• Parties in Relation to Legal Disclosures, Obligations, and Rights, including if  required or authorised to do so by law or legal process; to comply with any subpoena, court order, governmental agency request, or other legal process; to exercise or defend legal claims; to enforce our Terms and Conditions, this Privacy Statement, other policies, or our contractual agreements; to protect the legal rights, property, or safety of us, our clients, customers, or others; to investigate, prevent, or take action regarding actual or suspected illegal activities or fraud; and to prevent crime.

5. Cookies and Other Tracking Technologies

We and our vendors may use cookies, pixels, tags, web beacons, trackers, and similar online tracking technologies (“Tracking Technologies”) to operate our Services, including to provide access to the Services; to store your preferences and settings; to gather information about your usage patterns when you navigate the Services; to enhance and personalise your experience; for security purposes; to facilitate navigation; to improve, analyse, and optimise our Services and their functionality; to personalise and improve your experience while using the Services; to improve and measure our advertising campaigns; to better reach users with relevant advertising both on our Services and on third party websites; and to help us track email response rates, identify when our emails are viewed, track whether our emails are forwarded, and conduct analytics. Tracking Technologies may collect certain information about you, including your device identifier; your IP address (and associated location information); the type of your internet browser; your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, and language; and information about your Website usage, such as time spent on the websites, pages visited, language preferences, and other traffic data.

In certain circumstances, we may combine information from Tracking Technologies with other Personal Data about you. We or our vendors may collect Personal Data about your online activities over time and across different online services when you use our Services.

When permitted, we may engage web analytics service providers, such as Google Analytics, to help us understand and analyse how visitors interact with our Services. We use such data to administer and improve the quality of our Services. We also use this information to implement Google advertising features such as dynamic remarketing, interest-based advertising, and display advertising. You can learn about Google’s practices at support.google.com/analytics/answer/6004245 and opt-out of Google Analytics cookies at myadcenter.google.com/ and tools.google.com/dlpage/gaoptout.

Third-Party Ad Companies: We also work with third-party vendors, such as ad networks, channel partners, mobile ad networks, analytics and measurement services, and others (“Third-Party Ad Companies”) to provide you more relevant ads and content on third-party sites and apps, and to evaluate the success of such ads and content. We may share certain information with these Third-Party Ad Companies, and we and them may use Tracking Technologies to collect usage and browsing information, IP address, location information, and other identifiers within our Services, as well as on third-party sites, apps and services.

Cookie Settings and Privacy Preference Center. You can review or change your preferences for Tracking Technologies by visiting the Privacy Preference Center or clicking on the Cookie Settings link in the footer of the Website. These settings are browser and device specific, which means that you need to set the preference for each browser and device you use to access our Services; in addition, if you delete or block cookies, you may need to reapply these preferences.

Browser Settings. If you wish to prevent cookies from tracking your activity on one of our Websites or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The Help portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our Websites who disable all cookies will be able to browse the Websites, but some features may not function.

Browser Signals. Our Websites recognise the Global Privacy Control (“GPC”) signals. Your browser may have settings that allow you to transmit a “Do Not Track” signal when you visit various websites or use online services.

Your Ad Choices: You may also opt out of certain tracking technologies by visiting advertising alliance opt-out services. Visit the U.S. Digital Advertising Alliance at www.aboutads.info/ and opt out using Ad Choices (U.S.) at optout.aboutads.info/ or visit the Network Advertising Initiative at www.networkadvertising.org/choices/ and opt out using their tool at optout.networkadvertising.org/. Visit the Canadian Digital Advertising Alliance at youradchoices.ca/ and opt out using Your Ad Choices (Canada) at youradchoices.ca/choices/. Visit the European Digital Advertising Alliance  at www.edaa.eu/European-principles/ and opt out using Your Online Choices (EU) at www.youronlinechoices.com/. Opting out through these services does not mean you will no longer receive advertising from us, or when you use the internet.

6. Privacy Choices and Rights

If you no longer wish to receive our marketing communications or remain on our mailing list(s), you can opt out of such communications at any time. To unsubscribe, please follow the unsubscribe link in the relevant communication.

Subject to applicable privacy and data protection laws, you may have rights related to your Personal Data, including the rights to:

• Ask us to confirm whether we process your Personal Data.
• Request access to or information about your Personal Data that we collect, use, and/or disclose.
• Request that your Personal Data be corrected, updated, and/or completed if you become aware that any Personal Data we hold about you is incorrect, out of date, or incomplete.
• Ask for a copy of your Personal Data, including in an electronic format, and transmit such Personal Data to another entity under circumstances required by applicable law.
• Object to or restrict collection, use, disclosure, or other processing of your Personal Data under certain circumstances.
• Withdraw your consent to process your Personal Data in circumstances where our collection, use, disclosure, or other processing is based on your consent; or request details about consequences for not consenting to a processing activity.

Request that we delete, destroy, anonymise, or block the processing of Personal Data that we have collected, used, disclosed, or otherwise processed about you.We do not profile or use automated decision-making in a way that produces legal effects concerning you or otherwise significantly affects you.You may manage your privacy choices and exercise your privacy rights via nCino’s Privacy Request Center. If you have any complaints about the processing of your Personal Data or our response to any rights request, we ask that you contact us; however, you also have the right to lodge a complaint with the relevant supervisory or other regulatory authority. We may request specific information from you to help us confirm your identify prior to processing your request. Your rights are limited to the rights provided under the applicable law, which may be based on your jurisdiction of residence. Your rights can be restricted by exemptions permitted under relevant laws. If we deny your request, in whole or in part, which we are permitted to do under various applicable laws, we will explain why.

7. External Websites

The Services may contain links to other websites administered by unaffiliated third parties. This Privacy Statement does not apply to such third-party websites. When you click on those links, you will be subject to that website’s privacy practices. We encourage you to read that policy statement. We are not responsible for the privacy practices of other services, and we expressly disclaim any liability for their actions, including actions related to the use and disclosure of Personal Data by those third parties.

8. Third-Party Integrations and Social Features

We may engage vendors to provide certain interactive features on our Services. Your use of these interactive features is voluntary, and we may retain the information that you submit though the features. For example, we may offer an interactive chat feature on our Services to answer questions and for other customer service purposes. When you participate in the interactive chat, either with a virtual or live agent, the contents of the chat may be captured and kept as a transcript. By using these features, you understand that our vendors may process the information obtained through the feature to provide the service on our behalf. By using an interactive chat feature, you may be interacting with a generative AI platform and not a live person. Unless otherwise provided for as a part of the Services, do not provide confidential or proprietary information when using an interactive chat feature. Information, decisions, or advice provided by an interactive chat feature, or any materials retrieved therefrom, including those to any third party, may not have been reviewed for content or accuracy. 

Note that certain functionalities on our Services permit interactions that you initiate between the Services and external services, such as social networks (“Social Features”). Examples of Social Features include features enabling you to “like” or “share” our content and features that otherwise connect the Services to a third-party service (e.g., to pull or push information to or from the Services). If you use Social Features, information you post or provide access to may be publicly displayed by the third-party service you use and both nCino and the third party may have access to certain information about you and your use of the Services and the third-party service.

9. International Data Transfers

nCino is headquartered in the United States. We and our vendors have operations in multiple jurisdictions, and our business processes and technical systems may operate across borders. Your Personal Data may be transferred to and processed in the United States and elsewhere, where our affiliates and vendors are located, and it may be subject to the laws and request from law enforcement authorities in these jurisdictions.

The United States and other countries may not have equivalent data protection laws as the country from which you provided the Personal Data. We will take steps to ensure that your Personal Data receives an adequate level of protection in the jurisdictions in which we transfer or process it.  Where the GDPR, UK GDPR, Swiss or UK data protection laws apply, this generally includes entering into the EU standard contractual clauses and/or the UK International Data Transfer Agreement for data transfers where required by applicable laws. 

EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework. nCino Inc. and nCino Opco, Inc. (“US nCino Entities”) comply with EU-U.S. Data Privacy Framework, the UK extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Privacy Framework as set forth by the U.S. Department of Commerce. The US nCino Entities have certified to the U.S. Department of Commerce that they comply with the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF (“UK Extension to the EU-U.S. DPF Principles).  The US nCino Entities have certified to the U.S. Department of Commerce that they adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF Principles, and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. The US nCino Entities are committed to subjecting all Personal Data received from the European Economic Area, the United Kingdom, and Switzerland in reliance on the EU-U.S. DPF, the UK Extension to the EU U.S. DPF, or the Swiss-U.S. DPF to the Principles.

US nCino Entities are responsible for the processing of Personal Data they receive under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, and subsequently transfers to a third party acting, such as a service provider or an agent acting on our behalf. US nCino Entities maintain contracts with those parties that restrict their access, use, and disclosure of Personal Data and that require them to provide at least the same level of protection as is required by the DPF Principles. US nCino Entities are responsible for those parties’ compliance with those obligations and may be liable under the Principles if those parties process such Personal Data in a manner inconsistent with the Principles, unless the US nCino Entities prove that they are not responsible for the event giving rise to any damages.

In compliance with the DPF, US nCino Entities commit to resolve DPF Principles-related complaints about our collection or use of your Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact the US nCino Entities using the information in the “Contact Us” section, below.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, the US nCino Entities commit to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe Dispute Resolution, an alternative dispute resolution provider based in the United States. If you do not receive a timely acknowledgement of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of TRUSTe Dispute Resolution are provided at no cost to you. Under certain conditions, more fully described in Annex I of the Principles website (please see Annex I of the Principles: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2) you may be entitled to invoke binding arbitration when other dispute resolution procedures have not resolved your complaints regarding the DPF Principles.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, nCino commits to cooperate and compy respectively with the advice of the panel established by the EU data proection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in the contect of the employment relationship.

The Federal Trade Commission has jurisdiction over the US nCino Entities’ compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

10. Children

The Services are not intended for, nor directed at, children under 18 and we do not knowingly collect or store Personal Data from anyone under the age of 18 through the Services. If we become aware that we have received Personal Data from a person under the age of 18, we will delete it in accordance with applicable law.

11. Security

We have implemented safeguards intended to protect the Personal Data we collect from loss, misuse, and unauthorised access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security. There are also certain steps you can take to better protect against unauthorised access to your Personal Data. For example, you should not reuse passwords across multiple sites and services or share your password with others.

12. Personal Data Retention

nCino will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Statement and in accordance with nCino’s current retention and disposal policies. We may retain Personal Data for longer where required by our legal and regulatory obligations, professional indemnity obligations, or where we believe it is necessary to establish, defend, or protect our legal rights and interests or those of others. When Personal Data is used for more than one purpose, we will retain it until the purpose with the latest period expires. With respect to the data and files we handle as a processor, we retain this Personal Data in accordance with our clients’ instructions.

13. Updates to this Privacy Statement

We may update this Privacy Statement to reflect changes in our privacy practices at any time and without prior notice to you. When we do so, we will update the last updated date above. We encourage you to periodically review this Privacy Statement for the latest information on our privacy practices.

14. Contact Us

Any questions, inquiries, complaints, and requests related to this Privacy Statement can be directed to us via nCino’s Privacy Request Center.

nCino is the data controller and responsible for the processing of Personal Data we obtain.  nCino is located at 6770 Parker Farm Drive, Wilmington, North Carolina, 28405, United States.

15. California Residents

This section is provided pursuant to the California Consumer Privacy Act (“CCPA”) and supplements this Privacy Statement for Personal Data we collect from California residents. This section does not address or apply to our handling of Personal Data that is exempt under the CCPA.

Unless otherwise noted, the disclosures in this California Privacy Notice apply to our current practices, as well as our activities in the 12 months preceding the effective date.

Categories of Personal Data that We Collect, Use, and Disclose. We collect, use, and disclose Personal Data as set out in the “Collection of Personal Data,” “Use of Personal Data,” and “Disclosure of Personal Data” sections above. Additionally, we collect:

• Personal Information Described in Cal. Civ. Code § 1798.80(e), including Contact Information and Other Identifiers and Payment Details, as described in the “Collection of Personal Data” section; signature; employment information; and financial information.
• Inferences used to create a profile reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Sales and Sharing. The CCPA defines a “sale” as disclosing or making available Personal Data to a third-party in exchange for monetary or other valuable consideration, and “sharing” broadly includes disclosing or making available Personal Data to a third party for purposes of cross-context behavioral advertising. While we do not disclose Personal Data to third parties in exchange for monetary compensation, we may “sell” or “share” (as defined by the CCPA): (i) identifiers, usage data, customer records, commercial information and profiles with our affiliates and subsidiary companies (e.g., so that they may improve or enhance their own records and for other purposes); and (ii) identifiers, usage data and commercial information to ad networks, social media platforms, and data analytics providers (e.g., in order to improve and measure our ad and marketing campaigns).  We do not sell or share Personal Data about individuals who we know are under sixteen (16) years old.

We do not collect sensitive Personal Data from California residents.

California Privacy Rights.

If you are a California resident, you have the following rights related to your Personal Data:

• Know what Personal Data we have collected about you, including:
  • The categories of Personal Data we have collected about you;
  • The categories of sources from which the Personal Data is collected;
  • The business purpose for collecting Personal Data;
  • The categories of recipients to whom we disclose Personal Data; and
  • The specific pieces of Personal Data we have collected about you.
• Request that we delete Personal Data we collected from you.
• Request that we correct Personal Data we maintain about you that you believe is inaccurate.
• Opt out of the sale of your personal information and the sharing of your Personal Data for cross-context behavioral advertising.

You may exercise your privacy rights via nCino’s Privacy Request Center or by calling (888) 920-2692. We will not discriminate against you for choosing to exercise any of your California privacy rights.

Please note that when submitting a request, you may be asked to provide information so we can verify your identity before action is taken. You may designate an authorised agent to make the request on your behalf. An authorised agent must submit proof to us that he or she has been authorised by you to act on your behalf, and you may still need to verify your identity directly with us before we can process the request. If we deny your request, in whole or in part, which we are permitted to do under the law, we will explain why.

16. South African Residents

These additional provisions apply to website users, customers and suppliers in South Africa and shall be read together with the provisions of the Privacy Statement above.

Responsible Party. The responsible party is nCino South Africa (Pty) Ltd with the following postal address: 04-121 WeWork The Link, 173 Oxford Road, Rosebank, Gauteng 2196. For any questions about this privacy notice, please contact the Information Officer at privacy@ncino.com.

Personal Data of juristic persons. In addition to the Personal Data of natural persons set out above, we also collect and process Personal Data relating to customers and suppliers that are juristic persons, which information includes, for example:

• the customer’s and/or supplier’s name and registration number;
• the customer’s and/or supplier’s telephone number, email address, physical address and postal address;
• the customer’s and/or supplier’s VAT number, and other tax-related information, if applicable;
• all relevant Know-Your-Client Information as prescribed by applicable legislation;
• the customer’s and/or supplier’s shareholders and applicable information regarding them;
• correspondence between us and the customer and/or supplier;
• the customer’s and/or supplier’s contact persons, and their Personal Data (including, where applicable their race, gender, email address, telephone number, etc)
• the customer’s and/or supplier’s authorised signatories;
• invoices, fees and payment structures relating to the customer and/or supplier; and
• reference letters and procurement information.

Purposes for processing. The purposes of the processing of Personal Data of juristic persons include, inter alia, the following:

• to carry out the necessary actions for the conclusion or performance of any contract between us;
• to provide services or products to you upon your request or to obtain services and products from you;
• to comply with all applicable statutory obligations;
• to respond to queries received;
• to carry out and manage our business operations;
• for historical and statistical purposes, such as to analyse trends and make projections;
• for corporate security, disaster recovery and legal reporting obligations;
• for direct marketing purposes, where applicable;
• to conduct statistical analysis, research or surveys;
• for procurement purposes and for the Company to respond to tenders for work;
• to meet client obligations and for security purposes;
• in the event of a proposed transaction, merger or sale relating to nCino; and
• any other legitimate business purposes.

Legislation. Legislation in terms of which Personal Data may be required to be processed includes:

• the Financial Intelligence Centre Act
• the Income Tax Act
• the Value-Added Tax Act

International Data Transfers. Personal Data may in appropriate circumstances be transferred outside of South Africa. In circumstances where the recipient entity is not subject to a law that requires the processing and protection of Personal Data in a manner similar to what is contained in POPIA, we will ensure that the recipient is subject to binding corporate rules or a binding transfer agreement that ensures adequate protection.

Your rights. You shall have the following rights:

• the right to establish whether we hold Personal Data;
• the right to request access to your Personal Data (subject to the provisions of the Promotion of Access to Information Act);
• the right to request the correction, destruction or deletion of Personal Data;
• the right to object, in appropriate circumstances, to the processing of information;
• the right to submit a complaint to the Information Regulator regarding alleged interference with the protection of your Personal Data; and
• the right to institute civil proceedings regarding the alleged interference with the protection of your Personal Data.

Should you wish to exercise your right to request access to, or the correction, destruction or deletion of, your Personal Data, or to object to the processing of your information, you are required to submit your request in writing to the Information Officer. Depending on your request, we may require you to complete the relevant form prescribed by the POPIA Regulations.