The processing of personal data at Fintact is governed by the provisions of the Regulation (EU) 2016/679 Of The European Parliament And Of The Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).
The protection of your privacy and the personal information that you share with us is one of the most important business and ethical concerns for Fintact. First, we would like to let you know who is taking care of your personal data:
We are Fintact GmbH, a company registered with the District Court of Leipzig (commercial register number: HRB36412. We are located at the Rosa-Luxemburg-Straße 27 04103 in Leipzig, Germany. Our managing director is Mr. David Korherr.
Next, we would like to give you the information about how we process your personal data, meaning: how we collect, use, transfer, share, save and delete the personal information that we obtain directly from you and that we crawl in the web to provide you with the due diligence tools that Fintact offers to you.
We would like to let you know the following:
1. Who our data subjects are and how we get personal data from them:
- Customers, their legal representatives, program contact and invoicing contact: in the context of contractual negotiation and drafting
- System users: who can access the system according to the contract, after registering in our system users and via cookies designed to collect the user’s IDs
- Employees: who have an employment relationship with us in the context of their employment contracts
- Shareholders: in the context of their role and ownership in the company
- Applicants to the job positions: within the context of their job application. We keep their personal information for longer than legally allowed only after obtaining consent
- Service providers: in the context of the provision of services contract
- Sales prospects: if we obtain consent to contact them with sales offers
- Newsletter subscribers: if we obtain consent to send them our Newsletter via subscription
- Website visitors: personal data gathered over this website, for informational reasons and according to our cookies policy and your browser settings.
2. Personal data that we process
- Names and email addresses
- Postal addresses
- IP addresses
- Phone numbers
- Invoicing information
- Job applications
- Personal data found in the web during crawling: according to the purpose of processing of our product VCU.
3. Reasons for the processing of your personal data
We may process your personal data of our clients or other data subjects based the following legitimate basis of processing:
- Contractual basis: in the case of service contracts with our clients, employment contracts with our employees, service contracts with our service providers, non-disclosure agreements, and other type of contracts
- Compliance with legal obligations: we process the data found in the web using a crawling system in order to provide our customer a service that allows them to fulfill with the current anti-money laundering and terrorist financing legislation
- Consent: we process personal data related with marketing and sales based on freely given, specific, informed, and unambiguous authorization provided by the data subjects.
At Fintact we neither sell nor lease any personal data. Furthermore, we DO NOT perform any type of automated decision-making based on your personal data.
4. Reasons and circumstances under which we share your personal data
We might share your personal data with third parties in the context of the reasons explained above.
- We may share your personal data with some of our service providers under strict contractual clauses established in data protection agreements and after a diligent screening
- We might also share your personal information if required by a competent authority
- We might also share the personal data we collect after receiving your explicit consent.
5. Countries to which we transfer personal data
Given that our servers are in Germany, we would only transfer personal data abroad exceptionally. If we do, we will make sure that we do it in the context of the contractual relationship and according to the following standards:
- We would transfer your personal data to third countries because of contractual relationships between Fintact and our service providers
- We make sure to establish contractual relationships with only service providers that offer a degree or protection of personal data approved by the EU. In this sense, we potentially transfer your personal data to other EU countries, to countries recognized by the EU as having a high degree of personal data protection, and to US companies covered by Privacy Shield
- If your personal is transferred to the United States of America, we make sure that the receiver of your personal data complies with the appropriate level of protection ("Privacy Shield")
- We would ONLY consider transferring your personal data to countries that do not fall within the previous categories if they provide guarantees and appropriate safeguards for the lawful processing of your personal data, such as adhering to standard clause of protection of personal data, or by signing a data protection agreement with us.
6. Our cookies:
- The main purpose of cookies is to make it quicker for users to access the selected services. In addition, cookies make it possible to tailor the services offered by the website, allowing information of interest or potentially of interest to be provided to users depending on their use of the services. A cookie is any kind of file or device that is downloaded to a user’s system for the purpose of storing data that may be updated or retrieved by the company responsible for its installation.
- We process your personal data by using a cookie that stores your Login credentials. This is a session cookie that is automatically deleted after your visit. We need this cookie to collect your User ID only for user validation. Without fulfilling this validation process is impossible for us, because of legal, contractual and security reasons, to grant you access to our system.
7. How we delete your personal data from our filing systems
At Fintact we know you have the right to be forgotten. At the same time, we are aware of other legal responsibilities that derive from different types of contractual relationships. That is why we have designed an erasure concept that balances your data protection rights with legal obligations inline with tax, civil and commercial, regulatory, corporate, employment and criminal law. We erase your personal information at the end of the retention period allowed or required by those laws, if we are controllers of the personal data. If we are processors of the personal data e.g. if your are user of the Fintact system and the controller of your personal data is your employer, it is the responsibility of your company to request the deletion of your personal information according to their retention policy.
The personal data erasure concept designed by Fintact is the following:
- Personal data of shareholders (ID Data): deleted after 10 years, unless financial year tax evaluation has not yet been completed
- Personal data of employees: deleted 10 years after the conclusion of the employment contract, unless financial year tax evaluation has not yet been completed
- Personal data of job applicants: deleted after one year upon recruitment process termination. If we require to keep your personal data longer, we will request for your consent
- Personal data of system users (ID Data): upon platform termination, unless there is a compelling reason to keep it
- Personal data in the Fintact system archives: anonymized after 10 years
- Personal data of Newsletter receivers and sales prospects: after 5 years or as soon as they withdraw consent
- Personal data found during crawling: anonymized after 10 years.
8. Measures to keep your personal data safe:
To ensure the safety of personal data, we have implemented, among others, the following organizational and IT measures:
- Training: to make sure that everybody at Fintact understands their data protection responsibilities
- Contract management: to ensure contracts with service providers offer accurate protection of personal data
- On-Premises security measures: to make sure that no malicious entity can have access to the data you entrust with us
- Restricted access to documentation: to strictly ensure that the individuals who do not need to have access to your personal data do not have access to it
- Confidentiality clauses: to ensure that our employees and subcontractors keep your personal information confidential
- Virus scans and firewalls: to review and identify technological threats that could affect our information
- Data backup and data restoration: to prevent that your personal data gets lost
- Tests and audits: to verify security measures
- Automated security tests: to ensure that each software release is subject to constant adjustments to new hazards. Each year, the Company performs a comprehensive penetration test for this purpose.
9. How we enforce your rights
Under GDPR, you are entitled to exercise of the following rights:
- Right to request from controller access to personal data – you may require (i) information whether your personal data is retained and (ii) access to your personal data retained, including the purposes of the processing, the categories of personal data concerned, and the data recipients as well as potential retention periods
- Right to rectification, erasure or restriction of personal data – you may request rectification, removal or restriction of your personal data, e.g. because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn
- Right to withdrawal your consent – you may refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time
- Right to object – you may object, out grounds relating to your particular situation,that your personal data shall be subject to a processing. In this case, please provide us with information about your particular situation. After the assessment of the facts presented by you we will either stop processing your personal data or present you our compelling legitimate grounds for an ongoing processing
- Right to data portability – you may require (i) to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and (ii) to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller
- Right to lodge a complaint with a supervisory authority – you may take legal actions in relation to any potential breach of your rights regarding the processing of your personal data, as well as to lodge complaints before the competent data protection regulators.
If you want to exercise any of your data protection rights or have more information about our privacy policies and measure, you can send an email to: firstname.lastname@example.org. We are ready to process your request and keep you informed in a timely manner.