FINTRAIL’s Privacy Policy
The basics
We are FINTRAIL Ltd (we, our, us) and we are the data controller of any personal data you share with us.
-
We are committed to protecting the privacy of your personal data. We have written this Privacy Policy (policy) to ensure you have all the information you need about how we collect and process your personal data, and how we make sure it is kept safe.
-
This policy applies to anyone who shares their personal data with us when you:
use our website,
sign up to our newsletter,
fill out a form on our website to access content,
join our community project of financial crime professionals in fintech, FinTech FinCrime Exchange (FFE),
purchase a product or service from us, or
apply to work with us.
It is important you read this policy together with any other privacy notice or fair processing notice we may provide you with so that you are fully aware of how and why we are using your personal data. This policy supplements the other notices and is not intended to override them.
-
We have appointed a data protection officer (DPO) who can assist with any questions you have about this policy. So, if you have any questions about this policy, including any requests to exercise your legal rights then please contact the DPO at contact@fintrail.com or you can write to us at FINTRAIL Ltd, 5 Beauchamp Court, Victors Way, Barnet, London, England, EN5 5TZ.
We have also registered with the Information Commissioner’s Office (ICO) with the registration number ZA177597.
If you are a member of the FFE community you can also contact us at ffe_admin@fintrail.com.
-
You can complain to us at any time using the details above. You also have the right to make a complaint to the ICO, or any supervisory authority in the EU Member State where you live. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first.
How we are collecting and using your data, and why
-
We use a few different methods to collect your personal data. Sometimes you provide us with this data and other times it will be collected automatically when you visit and/or use our website.
Direct interactions – when you: (1) use our website or services, (2) correspond with us by post, phone, email, etc, (3) apply for our products or services, (4) subscribe to our service or newsletters, (6) request marketing communications, and (7) give us feedback.
Automated technologies or interactions – when we automatically collect personal data about your equipment, browsing behaviour and patterns when you use our website. We might use cookies and similar technologies to do this, and you can see our Cookie Policy for more details.
Third parties or publicly available sources – we collect personal data from various third parties and public sources to improve our services, market to you and to complete onboarding checks if we offer you employment or if you are a customer.
-
We collect personal data for a number of reasons, including to meet our legal obligations, manage our operations, improve our organisation and deliver our services to you. Under data protection law we can only use your personal data where we have a legal basis to do so (e.g., legal duty, contract, legitimate interest, consent, etc). For examples of how and why we use your data click here.
FFE Surveys: We sometimes ask our members to complete surveys for market research purposes. However, these surveys are anonymous and optional. As such, there is no processing of personal data.
-
Aggregated data is statistical or demographic data that does not directly or indirectly reveal your identity (i.e., an aggregation of usage data to show the percentage of users accessing a specific website feature). However, if we combine this with your personal data so that it directly or indirectly identifies you, we will treat this as personal data and use it in compliance with this policy.
We will not collect any special category data or information about criminal convictions from you. Special category data means details about things like your race or ethnicity, sex life, political opinions, information about your health etc. If you do give us this type of data, we will let you know and explain your rights.
-
We won't keep your personal data for any longer than we need it unless any applicable law requires a longer retention period.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
-
When using our website, you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please take a look at our Cookies Policy.
-
You will receive marketing communications from us only if you have requested information from us, purchased goods or services from us or if you provided your details when you registered an interest with us. We will always get your express opt-in consent before we share your personal data with any company outside our company for marketing purposes.
You can ask us or third parties to stop sending you marketing communications at any time by following the opt-out links on any communication we send you or by contacting us. If you opt out of receiving these marketing communications, this will not apply to personal data provided shared when purchasing or expressing an interest in a product/service.
-
Where we need to collect personal data by law, or under the terms of a contract with you and you fail to provide personal data, we may not be able to perform the contract or provide you with goods or services. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Third parties
We may disclose your personal data to a select group of third parties. We treat the security and method of processing your personal data very seriously, as such we make sure all third parties keep your personal data safe and only use it in ways they are allowed, and we will never sell your personal data.
We have outlined who those third parties are here.
-
Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy standards. When you leave our website, please remember that this policy no longer applies, and we encourage you to read the privacy policy of any website you visit.
-
The personal data that we hold about you will be held in the UK and the European Economic Area (EEA), but it might be necessary to transfer or store it outside the UK or EEA, including Singapore (where FINTRAIL has offices or employees).
When we transfer your data to third parties outside the UK or EEA, we make sure your data is safe. We do this by putting one of the following safeguards in place:
only transferring it to a country the European Commission has decided has a suitable level of protection, or
by putting in place contracts (known as the Standard Contractual Clauses, and the International Data Transfer Agreement/Addendum) that make sure the third party promises to protect your personal data. We also make sure any other necessary security measures are put in place.
If you are in the EEA, you can contact us at any time and we will let you know exactly what safeguards we have put in place for the transfer of your personal data outside the EEA.
Your rights
Under GDPR, you are entitled to these rights.
We might ask you to give us information to verify your identity (especially when you ask to access personal data). This is to make sure we keep your and others’ personal data safe. We may also contact you for further information about your request to speed up our response.
We try to respond to all legitimate requests within 1 month. Occasionally it may take us longer if your request is complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You will not have to pay a fee to exercise any of your rights. However, if your request is clearly unfounded, repetitive or excessive we may charge a reasonable fee, or refuse to comply with your request. If you want to exercise any of these rights, please get in touch with us using the details provided above.
SECURITY
We have in place appropriate security measures to prevent your personal data from being accidentally lost, altered, used or accessed in an unauthorised way. We also limit access to your personal data to those who need to know and who are subject to confidentiality obligations.
We have procedures for any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.
Changes
-
It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us.
-
We will only use your personal data for the purpose we collected it for, unless we reasonably think that we need to use it for another reason that matches the original purpose. If you want to find out more about these purposes, please get in touch with us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.