Effective Date: November 3, 2025
Nolly (US Tax Recovery Inc.) (“we,” “us,” “our,” or “Company”) is committed to protecting your privacy and ensuring you have a positive experience on our website and when using our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://nolly.com/ and use our services, including but not limited to ITIN applications, EIN registration, FIRPTA refund assistance, incorporation filings, and tax return preparation services.
Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our services. By accessing and using Nolly’s website and services, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.
A. Information You Provide Directly
We collect information that you provide directly when you interact with our website and services, including:
Contact Information: Full name, email address, phone number, and mailing address
Identification Documents: Government-issued ID, passport number, birth date, Social Security Number (or alternative tax identification), and other identity verification documents required for ITIN/EIN applications
Financial Information: Bank account details, income information, tax filing history, and payment information for service fees
Tax and Business Information: Employment status, business structure, income sources, business type, and U.S. property details for FIRPTA services
Communication Information: Messages, inquiries, and correspondence you send us through contact forms, email, WhatsApp, phone calls, or other communication channels
Service Request Information: Details about which services you’re requesting (ITIN, EIN, tax returns, incorporation, FIRPTA) and your specific needs
Payment Information: Credit card numbers, bank account information, and billing address (processed securely through third-party payment processors)
B. Information Collected Automatically
When you visit our website, certain information is collected automatically, including:
Log Data: IP address, browser type, operating system, referring URL, pages visited, and time spent on our website
Device Information: Device type, mobile device identifiers, and hardware model
Location Information: General geographic location based on IP address (not precise GPS location)
Behavioral Data: Website navigation patterns, features accessed, searches performed, and user interaction data
Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies (see Section 8)
C. Information From Third Parties
We may receive information about you from third parties, including:
Payment Processors: Transaction information and verification details
Government Databases: Limited verification through IRS-authorized channels for ITIN/EIN applications
Referral Sources: Information provided by friends, family, or referral partners who refer you to our services
Analytics Providers: Website usage and behavior data from Google Analytics and similar services
Social Media: Public profile information if you interact with us on social platforms
Important Note: We only collect Sensitive Personally Identifiable Information (SPII) such as Social Security Numbers, passport information, and financial data when absolutely necessary for providing our services. This information is treated with the highest level of security and confidentiality.
Nolly uses the collected information for various purposes:
A. Primary Service Purposes
Service Delivery: To prepare, submit, and manage your ITIN, EIN, FIRPTA, incorporation, and tax return applications with the IRS and relevant government agencies
Application Processing: To verify your identity, validate documents, and ensure compliance with IRS requirements
Customer Support: To respond to your inquiries, provide technical support, and assist with service-related questions
Document Preparation: To prepare accurate tax returns, applications, and supporting documentation for submission to government agencies
Status Updates: To keep you informed about the progress of your application or service request
B. Communication Purposes
Sending service-related notifications and updates
Responding to your inquiries and customer service requests
Sending administrative information and policy updates
Notifying you about changes to our services or fees
Requesting feedback about your experience with our services
C. Business and Legal Purposes
Payment Processing: To process your payments and manage billing for our services
Legal Compliance: To comply with applicable laws, regulations, and legal obligations
Fraud Prevention: To detect, investigate, and prevent fraudulent transactions and unauthorized access
Record Keeping: To maintain accurate records required for tax and accounting purposes
Dispute Resolution: To resolve disputes and enforce our agreements
D. Marketing and Improvement Purposes
Service Improvement: To enhance our website functionality and service quality based on user feedback and behavior
Analytics: To analyze website usage patterns and optimize user experience
Marketing Communications: To send you promotional emails, newsletters, and service updates (only if you have opted in)
Testimonials and Reviews: To display customer reviews and case studies with your consent
Marketing Opt-Out: You may opt out of receiving marketing communications at any time by clicking the “unsubscribe” link in any marketing email or by contacting us directly at Info@nolly.com.
We process your personal information based on the following legal foundations:
Legal Basis
Description
When Applied
Contractual Necessity
Processing is necessary to perform our services agreement with you
Service delivery, application preparation, payment processing
Legal Obligation
Processing is required by law or government regulations
Tax compliance, reporting to IRS, anti-money laundering regulations
Legitimate Interest
Processing serves our legitimate business interests and does not override your rights
Fraud prevention, website improvement, customer support
Consent
You have explicitly consented to the processing
Marketing communications, optional analytics, testimonial usage
A. With Whom We Share Your Information
We only share your personal information with third parties in the following circumstances:
B. Government Agencies and Required Disclosures
IRS (Internal Revenue Service): We submit your information as required when filing ITIN applications, EIN registrations, FIRPTA claims, and tax returns. This is a legal requirement of our service.
Government Compliance: We disclose information as required by law, court order, or government request
Regulatory Authorities: Information may be shared with tax authorities and regulatory agencies as legally required
C. Service Providers and Contractors
We may share information with third-party service providers who assist us in providing our services, including:
Payment Processors: Credit card processors and payment gateways (PCI-DSS compliant)
Document Management Systems: Secure cloud storage providers for document management
Communication Providers: Email service providers and messaging platforms
Legal and Accounting Advisors: Professionals assisting with compliance and legal matters
Cloud Infrastructure Providers: Secure hosting and data storage providers
All service providers are contractually required to maintain the confidentiality and security of your information and may only use it to provide the services we have engaged them to perform.
D. Business Transfers
If Nolly is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
E. With Your Consent
We may share your information with other third parties with your explicit consent, such as:
Sharing your testimonial or case study publicly
Referral to other trusted service providers you request
Any other purpose for which you provide specific authorization
F. What We Do NOT Do
We do NOT sell your personal information to third parties for their marketing purposes
We do NOT share your information with data brokers or list services
We do NOT rent your email address or contact information
We do NOT disclose sensitive information (SSN, passport, financial data) except as legally required
Data Processing Agreements: All service providers who handle your personal information have executed Data Processing Agreements ensuring GDPR, CCPA, and other regulatory compliance.
5. Data Security and Protection
A. Security Measures
Nolly implements comprehensive technical, administrative, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. Our security measures include:
B. Technical Security
Encryption: All sensitive data is encrypted both in transit (SSL/TLS 256-bit encryption) and at rest using AES-256 encryption
Secure Servers: Data is stored on secure, protected servers with restricted access
Firewalls: Advanced firewalls and intrusion detection systems protect our network infrastructure
Regular Security Audits: We conduct regular security assessments and penetration testing
Software Updates: All systems are kept up-to-date with the latest security patches
C. Administrative Security
Access Controls: Strict access controls limit who can view and handle your information
Employee Training: All staff members receive privacy and security training
Non-Disclosure Agreements: All employees and contractors sign confidentiality agreements
Need-to-Know Basis: Information is shared only with employees who need it to perform their jobs
Audit Trails: We maintain detailed logs of all access to personal information
D. Physical Security
Secure offices with access controls and surveillance
Locked storage for physical documents
Secured document disposal procedures
E. Limitations
While we implement strong security measures, no internet transmission or electronic storage system is completely secure. We cannot guarantee absolute security, but we are committed to protecting your information to the greatest extent possible under applicable law.
Security Incident Response: In the unlikely event of a data breach, we will notify affected individuals without unreasonable delay as required by applicable law and regulations.
6. Data Retention
A. Retention Periods
We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Specific retention periods are as follows:
Information Type
Retention Period
Reason
Application and Service Records
7 years minimum
IRS requirements and tax law compliance
Financial and Payment Records
7 years
Accounting, tax, and regulatory requirements
Tax Documents and Returns
7+ years
IRS record-keeping requirements
Identification Documents
7 years
Legal compliance and verification requirements
Customer Support Records
3 years
Service improvement and dispute resolution
Marketing Communications
Until unsubscribe
User preferences and opt-out management
Website Analytics
2 years
Website optimization and performance analysis
B. Deletion Procedures
When information is no longer needed, we securely delete or anonymize it. Deletion is performed through secure methods that prevent recovery, such as:
Encrypted deletion of electronic files
Physical destruction of paper documents
Data anonymization making information impossible to identify you
C. Legal Holds
If we receive a legal hold or court order, we may retain information for longer than normal retention periods to comply with legal obligations.
7. Your Rights and Choices
A. Your Privacy Rights
Depending on your location, you may have the following rights concerning your personal information:
B. Right to Access
You have the right to request access to the personal information we hold about you and receive a copy in a portable format.
C. Right to Correct
You have the right to request correction of inaccurate or incomplete personal information.
D. Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions such as:
Information required by law to be retained
Information necessary to complete services you’ve requested
Information needed to establish, exercise, or defend legal claims
E. Right to Data Portability
You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller.
F. Right to Object
You have the right to object to the processing of your information for certain purposes, including:
Marketing communications
Profiling or automated decision-making
Processing based on legitimate interests
G. Right to Withdraw Consent
If processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
H. Right to Restrict Processing
You have the right to restrict how we process your information in certain circumstances.
I. How to Exercise Your Rights
To exercise any of these rights, please contact us using the information provided in Section 14. We will respond to your request within 30 days (or as required by applicable law). We may require verification of your identity before processing your request.
Limitation Note: Some requests may be subject to limitations if the information is necessary for legal compliance, service completion, or other legal requirements. We will explain any limitations when we respond to your request.
8. Cookies and Tracking Technologies
A. What Are Cookies?
Cookies are small text files stored on your device (computer, smartphone, or tablet) that help us recognize you, remember your preferences, and understand how you use our website. We use both session-based and persistent cookies.
B. Types of Cookies We Use
Cookie Type
Purpose
Duration
Essential Cookies
Enable core website functionality, form submission, and security
Session
Analytics Cookies
Track website usage, user behavior, and optimize performance
2 years
Preference Cookies
Remember your choices and settings
1 year
Marketing Cookies
Display relevant ads and track campaign effectiveness
Varies
C. Google Analytics
We use Google Analytics to understand how visitors interact with our website. Google Analytics uses cookies to collect information about your visits, including pages viewed, traffic sources, and user actions. This information helps us improve our website and services. Google Analytics does not identify you personally but creates a unique identifier for your visit.
You can opt out of Google Analytics by installing the Google Analytics opt-out browser extension
Learn more about Google’s privacy practices at Google Privacy Policy
D. Other Tracking Technologies
We may also use other tracking technologies including:
Web Beacons (Pixels): Small graphic files that track page visits and email opens
Log Files: Server logs that record page requests and user activity
Device Fingerprinting: Technology that identifies devices for security and analytics purposes
E. Cookie Control and Management
You can control cookies through your browser settings:
Most browsers allow you to refuse cookies or alert you when they’re being sent
You can delete cookies that have been stored on your device
However, disabling cookies may limit your ability to use some website features
F. Do Not Track Signals
Some browsers include a “Do Not Track” feature. While we respect such signals, our website currently does not respond differently to Do Not Track requests because there is no industry standard for recognizing such signals.
Cookie Consent: When you first visit our website, we obtain your consent before placing non-essential cookies on your device. You can manage your preferences through our cookie consent banner.
9. Third-Party Services and Links
A. Third-Party Websites
Our website may contain links to third-party websites, including social media platforms, payment processors, and other services. This Privacy Policy does not apply to third-party websites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites before providing your information.
B. Third-Party Integrations
We may integrate third-party services that collect or access your information:
Google Analytics: Website usage tracking and analysis
Payment Processors: Secure payment processing and transaction management
Email Marketing Platforms: Newsletter and marketing communication delivery
Social Media Platforms: Integration with Facebook, Instagram, and WhatsApp for communications
Customer Support Tools: Helpdesk and support ticket management systems
C. Your Responsibility
When you access third-party services, you are subject to their privacy policies and terms of service. We recommend reviewing their policies before providing information.
D. No Endorsement
Links to third-party sites do not constitute an endorsement or approval of such sites or their content, privacy policies, or practices.
10. Children’s Privacy
A. Age Restriction
Our website and services are intended for users who are 18 years of age or older. We do not knowingly collect personal information from children under the age of 13. If we become aware that we have collected information from a child under 13, we will promptly delete such information.
B. Parental Consent
If a parent or guardian believes their child has provided information to us, they should contact us immediately at Info@nolly.com.
C. COPPA Compliance
Our practices comply with the Children’s Online Privacy Protection Act (COPPA) and similar regulations in other jurisdictions.
Note: Nolly’s services (ITIN, EIN, tax filings) are intended for adults managing their own tax affairs. Our website and services are not designed for use by minors.
11. International Data Transfers
A. Global Operations
Nolly operates internationally and transfers personal information across borders to provide our services. Our company is based in Canada (Toronto, Ontario), but we serve clients worldwide and may transfer information to various jurisdictions.
B. Transfer Mechanisms
When we transfer personal information internationally, we implement appropriate safeguards:
Standard Contractual Clauses: We use EU Standard Contractual Clauses (SCCs) for transfers to jurisdictions outside the EU/EEA
Data Processing Agreements: All transfer recipients have signed Data Processing Agreements ensuring adequate protection
Encryption: Information is encrypted during transmission and storage
Privacy by Design: We implement privacy-protecting technologies for international transfers
C. Your Consent
By using our services, you consent to the transfer of your information to Canada and other jurisdictions where we operate, as necessary to provide our services and comply with legal obligations.
D. GDPR and International Regulations
For users in the European Union and other jurisdictions with data protection regulations, we comply with all applicable requirements including GDPR.
12. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
A. Right to Know
You have the right to know what personal information is collected, used, shared, or sold.
B. Right to Delete
You have the right to request deletion of personal information collected, with certain exceptions.
C. Right to Correct
You have the right to correct inaccurate personal information.
D. Right to Opt-Out
You have the right to opt out of “sales” of personal information or sharing for targeted advertising.
E. Right to Limit Use
You have the right to limit our use of sensitive personal information.
F. Right to Non-Discrimination
We will not deny services, charge different prices, or provide different service quality based on your exercise of privacy rights.
G. How to Submit Requests
To submit a CCPA/CPRA request, contact us at Info@nolly.com with “California Privacy Request” in the subject line. We will verify your identity and respond within 45 days.
H. Authorized Agent
You may designate an authorized agent to make requests on your behalf.
13. Changes to This Privacy Policy
A. Updates and Modifications
Nolly may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will update the “Last Updated” date at the top of this policy when we make material changes.
B. Notification of Changes
If we make material changes that adversely affect your privacy rights, we will notify you by:
Sending an email to your registered email address
Posting a prominent notice on our website
Requiring your consent to the new terms before continued use of our services
C. Continued Use
Your continued use of our website and services following the posting of changes constitutes your acceptance of the updated Privacy Policy.
D. Previous Versions
Previous versions of this Privacy Policy will be available upon request. Please contact us if you wish to review previous versions.
14. Contact Information and Data Privacy Officer
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Nolly – Contact Information
Company Name: Nolly (US Tax Recovery Inc.)
Mailing Address:
265 Rimrock Road, Suite 201
Toronto, Ontario M3J 3C6
Canada
Email: Info@nolly.com
WhatsApp/Phone: +1 (416) 732-3342
Website: https://nolly.com/
Response Time: We will respond to privacy inquiries within 30 days of receipt.
A. Your Rights
You have the right to:
Request access to your personal information
Request correction of inaccurate information
Request deletion of your information
Submit complaints about our privacy practices
Request a copy of this policy in an alternative format
B. Supervisory Authorities
If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your applicable supervisory authority or privacy commissioner. For Canadian residents, this includes the Office of the Privacy Commissioner of Canada.
C. Legal Representation
You may contact us through a legal representative or authorized agent. We may require proof of authorization.
15. Additional Important Information
A. Verification of Identity
To protect your privacy and security, we may require you to verify your identity when submitting privacy requests. Verification methods may include:
Providing information matching our records
Answering security questions
Providing government-issued identification
B. Service Provider Accountability
All our service providers are contractually obligated to maintain strict confidentiality and use your information only as necessary to provide their services. We regularly audit their compliance with this Privacy Policy.
C. Regulatory Compliance
This Privacy Policy complies with:
General Data Protection Regulation (GDPR) – European Union
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada
Other applicable international privacy laws and regulations
D. Accuracy and Completeness
We strive to maintain accurate, complete, and up-to-date personal information. Please notify us immediately if any information in your account is inaccurate or requires updating.
E. Non-Discrimination
We will not discriminate against you for exercising your privacy rights. We will not deny you services, charge you different prices, provide different service quality, or penalize you in any way for making privacy requests or exercising your legal rights.
Privacy Policy Summary
This Privacy Policy establishes that Nolly (US Tax Recovery Inc.) is committed to:
Protecting your personal and sensitive information with industry-leading security measures
Using your information only for legitimate, clearly-stated purposes
Respecting your privacy rights and providing mechanisms to exercise them
Being transparent about our data practices and compliance with applicable laws
Providing responsive customer support for all privacy concerns
This Privacy Policy was last updated on April 16, 2025, and is effective immediately.
