We are Demerzel Solutions Limited (t/a Nethermind). We are a company incorporated and registered in England and Wales. Our company number is 10908862. Our registered office address is at 30 Churchill Place, London, England, E14 5EU. Any formal notices should be directed to the following email address: legalnotices@nethermind.io.
All data protection queries should be directed to: pvs-data@nethermind.io.
This privacy policy explains how we collect, use, store and protect your personal data when you participated in our Palm Vein Scanner demonstration at the Edinburgh Fringe festival and consented to allow your biometric data to be used for algorithm improvement purposes.
When we refer to "Nethermind" or "we", "us" or "our" in this policy, we are referring to Demerzel Solutions Limited. We are the 'controller' in relation to your personal data, which means we determine the purposes and the way in which your personal data is processed.
The Palm Vein Scanner (PVS) project is an ongoing research and engineering effort to develop a privacy-preserving biometric authentication system based on palm vein and palm print recognition. As part of this project, we are collecting palm scan data to train and refine a convolutional neural network (CNN) that will eventually generate a unique, non-reversible biometric code from each user’s palm.
This biometric code will not be a raw image or fingerprint, but rather a compressed mathematical representation designed to enable secure matching without revealing any personal or anatomical information. Once the CNN is developed and deployed, these codes will be encrypted and matched through Multi-Party Computation (MPC)—a method that ensures no single party ever has access to both the biometric data and its result.
In the final system, users will be able to authenticate payments and prove wallet ownership using only their palm, without revealing their identity. Transaction receipts will be shared exclusively between the user and the vendor, and a zero-knowledge proof (ZKP) will be published on-chain to confirm that a valid transaction occurred—without exposing any details about the user, vendor, or payment.
By contributing your palm scan, you are supporting the training and evaluation of the CNN model that will power this secure and privacy-preserving system. All data collected for this purpose will be handled in strict GDPR compliance, as set tout in this policy.
We collect the following personal data from participants who consented to algorithm training:
- Biometric Data: Palm vein patterns captured through infrared scanning technology, which qualifies as special category data under UK GDPR.
- Unique Identifiers: Randomly-generated unique IDs assigned to each scan for data management purposes.
- Timestamps: Date and time of data collection for retention management.
- We do not collect: Names, email addresses, phone numbers, addresses, or any other personally identifiable information.
Your data was collected directly from you at the Edinburgh Fringe festival (1st - 25th August 2025) through our palm vein scanning devices located at:
- Summerhall Courtyard
- Nethermind Laboratory
Data was only collected after you provided explicit consent through our three-stage digital consent process, including age verification.
We use your biometric data exclusively for:
- Algorithm improvement: Enhancing the accuracy and functionality of our palm vein scanning technology
- Research purposes: Developing more secure and reliable biometric authentication systems
- Data quality assurance: Validating and improving our scanning processes
We process your biometric data based on:
- Explicit consent under Article 6(1)(a) and Article 9(2)(a) of UK GDPR
- You voluntarily consented to the collection and use of your biometric data specifically for algorithm improvement purposes
We protect your data through:
- AES-256 encryption for data at rest and in transit;
- Restricted access limited to Hardware Team members only with logged access controls;
- Single secure database within Nethermind's UK-based infrastructure;
- Regular security audits and vulnerability assessments;
- No data sharing outside of Nethermind.
Your data will be stored until July 31, 2026, after which it will be automatically deleted.
Early deletion: You can request deletion of your data at any time before this date using your unique ID.
No recovery: Once deleted, there is no technical method to recreate your scan data.
Under UK GDPR, you have the following rights:
- Access: Request a copy of the personal data we hold
- Rectification: Ask us to correct inaccurate data (limited applicability for biometric data)
- Erasure: Request deletion of your data at any time
- Restriction: Ask us to limit processing in certain circumstances
- Objection: Object to our processing and request immediate deletion
- Portability: Limited applicability for biometric algorithm training data
Important: Since we don't collect personal identifiers, you must provide both your unique ID and a photo of your palm to exercise these rights. If you lost your ID, you may rely solely on our beta visual matching service, though success cannot be guaranteed.
To exercise your rights, please use the following form: Palm Vein Scanner - Data Subject Requests.
Your data is processed and stored exclusively within the UK. No international transfers occur.
If you have any questions about this privacy policy or how we handle your personal data from the Edinburgh Fringe Palm Vein Scanner project, please contact us at:
- Email: pvs-data@nethermind.io
- Subject line: Palm Vein Scanner - Edinburgh Fringe Data Query
You have the right to make a complaint to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.
We may update this privacy policy from time to time. Any changes will be posted at this location. This version was last updated on 28 July 2025.