PRIVACY POLICY

PRIVACY POLICY
Effective as of July 16, 2018

1. PURPOSE, SCOPE, AND USERS

1.1. At FINTIBI we have adopted this Privacy Policy and will do our best to make sure it is kept up to date and followed. We make every effort to comply with applicable laws and regulations related to personal data protection in countries where we operate. This Privacy Policy sets forth the basic principles by which we process your personal data, and indicates the responsibilities while processing personal data.

1.2. We do not knowingly attempt to solicit or receive information from children. The legal age of a child is defined differently in many countries, so any case involving a minor will be reviewed independently.

1.3. We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Policy describes the policies and practices regarding the collection and use of your personal data, and sets forth your privacy rights. We recognize that privacy is an on-going responsibility, and so we will follow and, from time to time, improve this Privacy Policy as we undertake new personal data practices or adopt new privacy and security rules.

1.4. All countries have different privacy laws and we will follow them when they apply to a particular case. We follow Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”) in cases when (1) it applies to you and (2) our Privacy Policy does not cover something. Nevertheless, this Privacy Policy was constructed according to the GDPR and its principles.

1.5. With regards to the GDPR and you are a data controller and we are a data processor, please contact us and we will take all necessary steps to become compliant.

2. TERMS WE USE AS LEGAL GUIDELINES OF THE PROCESSING

2.1. There are some legal bases for the processing of your personal data and we rely on them to process your data. We use the main three bases to process your personal data: consent, contract, and legitimate interest.

2.2. Consent means your clear agreement to the processing of your personal data for a specific purpose.

2.3. Contract is a ground why the processing is necessary based on a contract you have with us, its performance, or because we have asked you to take specific steps before entering into that contract.

2.4. Legitimate Interests means why the processing of your data is necessary and based on our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests.

2.5. Articles 6(1) and 9(2) of the GDPR also indicate other legal grounds for the processing, and when applicable, we will refer to these grounds.

3. CONSENT RULE AND INTERRELATION WITH OTHER LEGAL GROUNDS

3.1. If you have given consent to the processing of your data, you can freely withdraw such consent at any time by either contacting us via email or the contact form provided.

3.2. If you withdraw your consent, and if we do not have another legal basis for the processing of your data, we will stop the processing of it.

3.3. If we have another legal basis for the processing of your data, we may continue to do so subject to your legal interests and rights.

4. OUR RESPONSIBILITIES

4.1. If you are a registered user or a visitor to the website who is a data subject, we may act both as a “data controller” and a “data processor” of the personal data. This means we may determine how and why your’s or someone else’s data has been processed or we may process some personal data on your or a third party’s behalf.

4.2. In some cases, we may not be involved in the processing activity with your personal data. This may happen when you use third parties to process your personal data.

5.YOUR RESPONSIBILITIES

5.1. Read this Privacy Policy carefully;

5.2. Make sure you understand all your rights;

5.3. If you provide us with personal data about other individuals, we will only employ that data for the special reason for which it was provided to us. By sending the data, you confirm that you have the right to use and process the data on your behalf in accordance with this Privacy Policy.

5.4. Treat your personal data securely;

5.5. In the case that you submit a third party’s personal data, be sure that you have a legal basis for the processing of such data.

6. COLLECTED DATA

6.1. We collect data when you interact with our website, especially when:

6.1.1.you browse or use any page of the website;

6.1.2.you use the website;

6.1.3.you purchase something from the website;

6.1.4.you receive emails from us;

6.1.5.we measure website traffic;

6.1.6.in cases we have a legal basis to collect some part of personal data (see articles 6 and 9 of the GDPR).

6.2. We collect the following types of data:

6.2.1.contact details such as your title, first name, last name, email address, and mobile number (optional);

6.2.2.payment information when you purchase something and this information is required on our website;

6.2.3.purchasing history;

6.2.4.data that identifies you such as your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, and your operating system and version;

6.2.5.data on how you use the website such as your URL clickstreams (the pathway you take through the website), the goods/services viewed, page response times, download errors, how long you stay on webpages, what you do on those pages, and how often you visit, plus other actions.

6.3. The recipients of the collected data are the director of the company, company manager, and any other third-party service providers mentioned below.

7. PURPOSES AND LEGAL BASIS FOR THE PROCESSING

7.1. We process the data for:

7.1.1.Providing services:

7.1.1.1. Details: we need to provide services accessible via the website.

7.1.1.2. Legal basis: Consent; Legitimate Interests.

7.1.2.Keeping the website running:

7.1.2.1. Details: managing your requests, login and authentication, remembering your settings, processing payments, hosting, and back-end infrastructure.

7.1.2.2. Legal basis: legitimate Interests.

7.1.3.Preventing fraud, illegal activity, or any violation of the Terms or Privacy Policy:

7.1.3.1. Details: we may disable access to the website in cases prohibited by the applicable law or inappropriate behavior.

7.1.3.2. Legal basis: Legitimate Interests.

7.1.4.Improving the website:

7.1.4.1. Details: testing features, interacting with feedback platforms, managing landing pages, heat mapping the website, traffic optimization and data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third parties to do this.

7.1.4.2. Legal basis: Contract; Legitimate Interests.

7.1.5.Customer support:

7.1.5.1. Details: notifying you of any changes to the service, solving issues, and any bug fixing.

7.1.5.2. Legal basis: Contract; Legitimate Interests.

8. DATA SUBJECT’S RIGHTS

8.1. You may choose not to provide us with your personal data. If you choose not to, you can continue to visit the website and browse its pages with restrictions, but we will not be able to provide you the full range of services without having some access to your personal data.

8.2. You may turn off cookies in your browser via the settings. You can block cookies on your browser by refusing cookies. You may delete cookies. If you turn off cookies, you can continue to use the website and browse its pages, but the website and certain services will not work properly.

8.3. You may ask us to refrain from using your data for marketing purposes (when applicable). You can opt out from marketing by contacting us by email or the contact form provided.

8.4. You can exercise the following rights by sending us an email or contacting via the contact form.

8.4.1.You have the right to access information about you, especially:

8.4.1.1. the categories of data;

8.4.1.2. the purposes of data processing;

8.4.1.3. third parties to which the data is disclosed to;

8.4.1.4. how long the data will be retained and the criteria used to determine that period.

8.4.1.5. Other rights regarding the use of your data:

8.4.2.You have the right to make us correct any inaccurate personal data about you.

8.4.3.You may object to using your personal data for profiling you or making automated decisions about you. We may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails to you based on your behavior).

8.4.4.You have the right to the data portability of your personal data to another service or website. We will give you a copy of your data in a readable format so that you can provide it to another service. If you ask us and it is technically feasible, we will directly transfer the data to the other service on your behalf.

8.4.5.You have the right to be “forgotten”. You may ask us to erase any personal data about you if it is no longer necessary for us to store the data for purposes of your use of the website.

8.4.6.You have the right to lodge a complaint regarding the use of your data by us. You can address any complaint to your national regulator (see the list at: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm).

8.5. In the context of the right to access information we shall provide you with the information within one month of your request unless there is a justified requirement to provide such information faster or later.

9. SECURITY

9.1. We have security and organizational measures and procedures to secure the data collected and stored.

9.2. Connections to the website are encrypted using 256-bit SSL with integrity assured by the SHA2 RSA algorithm.

9.3. We use servers that comply with strict international data security standards, including ISO 27001.

9.4. You acknowledge that no data transmission is guaranteed to be 100% secure and there may be risks.

9.5. You are responsible for your login information and password. You shall keep them confidential.

9.6. In case of your privacy being breached, please contact us immediately.

10. LOCATION OF THE PROCESSING OF PERSONAL DATA AND THIRD PARTY SERVICE PROVIDERS

The personal data collected by us is processed in our headquarters.

11. RETENTION PERIOD

We store personal data as long as we need it and the retention practice depends on the type of data we collect, regulatory burden, and how we use the personal data. The retention period is based on criteria that includes legally mandated retention periods, pending or potential litigation, intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving.

12. COOKIE POLICY

12.1. We collect certain types of information when you access or use the website, including cookies and similar tracking technologies.

12.2. Cookies are small data files that are placed on your computer or mobile device when you visit this website. Cookies are used by the website in order to make the website work, or to work more efficiently, as well as providing reporting information.

12.3. You may always turn off some of the cookies through your browser or device. If you turn off the cookies, this may influence the functionality of the website.

12.4. The list of cookies we use is listed in your browser or device.

13. TRANSFER OF YOUR PERSONAL DATA

13.1. Personal data we collect from you will be processed in our headquarters.

13.2. FINTIBI has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. We rely on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, We collect and transfer personal data only with your consent to perform a contract with you, or to fulfil a compelling legitimate interest in a manner that does not outweigh your rights and freedom. We endeavor to apply suitable safeguards to protect the privacy and security of your personal data and use it only consistently throughout your relationship with us and in accordance to the practices described in this Privacy Policy. We also enter into data processing agreements and model clauses with our vendors whenever appropriate.