This privacy notice sets out how Fin Center Limited (hereinafter “Fin Center”, “we”, “us”, or “our”) is collecting, storing, processing, and protecting your information. It further explains what rights and obligations are imposed upon both you and us. Please read carefully through this notice as it is a legally binding document when you use our products/services or interact with the website.
From time to time, we may update this privacy notice and new version will be published on our website. The new privacy notice will be effective as from the publishing date. In cases of material amendments or other substantial changes you will be given a reasonable notice prior to the anticipated changes. However, it is advisable for you to occasionally visit this page and check whether there were any updates.
Who we are?
Fin Center Limited is a private limited liability company established under the laws of United Kingdom with the registration number 11915870, with the business address located at 30 Moorgate, London, England, EC2R 6PJ. We are an Authorised Payment Institution regulated by the Financial Conduct Authority under Payment Service Regulations 2017. We are registered with the Information Commissioner’s Office (hereinafter “ICO”).
In scope of our relationship while processing your data, we are classified as a Data Controller. Meaning that we decide on the data which we need to collect, the way in which we process it, and we are responsible for the implementation of suitable technical, organisational and operational safeguards.
Our Data Protection Officer
We have appointed a Data Protection Officer (hereinafter “DPO”). Our DPO has a number of important responsibilities and is a focal point for communication on data related issues. The contact details of the DPO are following: email@example.com
The core responsibilities of our DPO are to ensure:
· Compliance with the legal obligations imposed upon us by data protection laws;
· Raising awareness of data protection issues, training our staff;
· Cooperating with supervisory authorities.
In case of any questions regarding how we process or use your data please contact our DPO.
If you have any complains about our data practices you can file a complaint with the ICO by calling +44 303 123 1113 or filing a report over the internet https://ico.org.uk/concerns/.
What information we collect about you?
While collecting your information we adhere to the principle of data minimisation. Meaning that we strive to collect the minimum amount of data, which is required in order to make rendering our services possible and comply with our legal and regulatory obligations. In the scope of our relationship we may collect the following information about you:
· Identification information- this includes information gathered when you register to use our website or app, apply for our services, open an account, search for a product or service, place an order on our site, enter a promotion or a survey, and when you report a problem with our website. The information you give us may include but is not limited to: your name; address; e-mail address and phone number; financial and credit card information; government-issued identification documents; other personal information, that you need to provide in order to register and use our services.
· Technical information- we automatically collect this information when you are visiting our website or use our app. This information is including, but not limited to: the Internet Protocol (IP) address used to connect your computer to the Internet; unique device identifier; location; login information; browser type and version; time zone setting; browser plug-in types and versions; operating system and platform.
· Information about your visit- we automatically collect this information when you are visiting our website or use our app. This information is including, but not limited to: the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); referrer URL; products and services you viewed or searched for; page response times; download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs); and methods used to browse away from the page; and any phone number used to call our customer service number.
· Transaction information- we automatically collect this information when you are visiting our website or use our app. This information includes, but is not limited to: date; time; amount; currencies used; exchange rate; beneficiary details; details and location of the merchant or ATMs associated with the transaction; IP address of sender and receiver; sender’s and receiver’s name and registration information; country of residence of payer and beneficiary; details of beneficiary payment institution; messages sent or received with the payment; device information used to facilitate the payment and the payment instrument used.
· Information we receive from third parties- we work closely with various third parties and may receive certain information in order to enter into a contractual relationship with you or to carry out any obligations which we have towards you. Such third parties are including, but not limited to: business partners; sub-contractors in information technology; other payment service providers; search engines; analytics providers; data aggregators; credit reference agencies; fraud prevention agencies.
· Any other information that you provide- information that you voluntarily provide to us, including, but not limited to: your survey responses; participation in contests, promotions; suggestions for improvements; referrals; or any other actions performed while using our services.
We do not offer our services to minors under the age of 18. Therefore, we do not process any information of those under the age of majority, if we will obtain any actual knowledge that we were supplied any information about those under the age of 18, we will promptly delete such information. In case you have knowledge that someone under age of 18 is using our services please inform us by writing to the following email address: firstname.lastname@example.org
How we use the information
We are relying on two legitimate bases whenever we are processing your information. First is contractual performance or undertaking of activity required for entering into contractual relationship. Second is our legitimate interests to prevent financial crime and provide high quality services. More precisely we are using the supplied information in the following ways:
· To enter into contractual relationship with you or to carry out our obligations relating to performance under the contract which you have entered into with us;
· To provide you with support and answer any questions which you may have;
· To comply with any legal or regulatory requirements which are applicable to us;
· To perform customer identification and obtain knowledge about you, as to prevent financial crimes from occurring and to confirm your eligibility to use our products and services;
· To inform you regarding any changes or updates to our services or terms and conditions;
· To enhance and keep our services on the highest level;
· To keep internal records;
· To administer our services for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
· To provide you with information regarding any services which are similar to those that you have already requested or revealed interest in.
We are not relying on consent as a legitimate basis for processing of your information. However, in certain instances you may sign up for promotions or marketing, in such cases you will have possibility to withdraw your consent to marketing related use at any time.
Disclosure of your information
We may share information which we hold about you with certain third parties. Whenever such dissemination occurs we are making sure that we adhere to data security and confidentiality and share it under strict contractual safeguards in accordance with data protection laws. More precisely, we may share data with the following parties:
· Any entity helping us to render our services;
· Any entity offering complementary services on top of those which we provide;
· Data aggregators and fraud prevention agencies;
· Competent authorities which prevent and deal with financial crimes, for example, money laundering and terrorism financing, or when we need to follow with any legal obligations, or in order to enforce or apply contractual agreements in which we have entered with you;
· In instances where you provide us explicit consent to share it with certain specific entities.
Storage and security of information
We hold privacy of our clients of utmost importance and have established suitable physical, electronic and managerial procedures to safeguard and secure the information. We store your information on our secure servers located within the European Economic Area (EEA). Whenever information is transferred it is encrypted with the help of Secured Sockets Layer (SSL) technology.
You have to be aware that the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we cannot fully guarantee the security of your information transmitted to us; any transmission is at your own risk only. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
You have responsibility of keeping all your personal credentials (such as login details, passwords, OTP/MAC token generator) confidential. We ask you not to share your personal credentials with anyone.
International transfers of information
Some of third parties with whom we share information are located outside of EEA and transfer of your data will involve international transfers. Whenever we are making any transfers of data outside of EEA we ensure that you are not deprived of protection and your information is afforded at least adequate level of protection as would be in case of transfers solely within EEA.
Whenever such transfers are taking place we make sure that combination or at least one of the following is applicable:
1. The country to which data is being transferred was recognised by European Commission as providing adequate level of protection of personal data;
2. We have employed suitable contractual arrangements with counterparties in third countries, such as signature of Model Contractual Clauses adopted by the European Commission.
For how long we retain information
We adhere to the principle of data minimisation and retain collected information for no longer than is necessary. Generally, it means that we keep your information for all the term of our business relationship or until execution of last transaction (whichever occurs last) plus additional five years, as to comply to our legal obligations under the legislation on prevention of money laundering and countering of terrorism financing.
A cookie is a piece of data stored on your hard drive which helps us to improve your experience while interacting with our site. Usage of cookies is in no way linked to any personally identifiable information on our site.
You can choose to accept or decline cookies by interacting with the pop-u p which notifies you that our website is using them. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. This may prevent you from taking full advantage of the website. For more information about cookies which are used on our site please visit our cookies policy.
What are your rights under applicable legislation
General Data Protection Regulation and certain national data protection laws are offering you the following rights with regard to the personal data which we hold about you:
Right of access- you have a right to be informed whether we are processing and have access to the personal information which we hold about you.
Right to request correction of data- in certain instances you may wish to correct your personal information. This right confers a possibility for any inaccurate data to be replaced. Although, note that you will need to provide us with the proof confirming the truthfulness of the information in question.
Right to request erasure of your personal data- you may request us to delete certain data which you deem that we do not have any legitimate grounds of retaining or processing. However, please not that we won’t be always able to comply with the request for erasure as there are certain regulatory/legislative obligations to which we must adhere.
Right to object- you can object any of our action or inaction in relation to handling of your personal information. Mostly it will happen in instances when we are relying on legitimate interests and you believe that we do not confirm with the legal bases and impact your fundamental rights and freedoms. However, please note that in certain instances we may have compelling reasons to continue with the processing even in cases of your objection.
Right to restrict the processing- you can request to restrict the processing of personal data in instances when:
1. you contest the accuracy your personal information;
2. where our use of your personal information is unlawful and instead of erasing it, you wish to simply restrict processing;
3. we no longer need the information, but you may require it in order to establish, exercise or defend a legal claim;
4. you have objected to our legitimate grounds of processing and there is a consideration whether our legitimate grounds override yours.
Please note that in case of request to restrict the processing we may not have possibility to provide our services and will need to end our relationship with you.
Right to request transfer of your information- you can request us to transfer certain personal information to a third party. In such case, we will provide to you with your personal information in a structured, commonly used, machine-readable format, which you can then transfer to an applicable third party.
Right to withdraw consent- at any time of our relationship you may withdraw your consent for processing and stop us from processing your information. Please note, that such withdrawal will be applicable only to that type of processing where we rely on your consent.
How to exercise your rights- in order to exercise one or more of the rights which are outlined above, please contact us through our Payments Portal or by writing to the following email: email@example.com
Please bear in mind that in order to exercise your rights you may be requested to supply us with certain verification details and additional information, depending on the right in question. All your rights do not require any additional payments. However, for example, if your requests will be repetitive or manifestly unfounded we may charge an additional fee.
We will try to respond to all your request within one month. However, it may take longer when requests will be numerous, complex or extensive. In such instances, we will notify you regarding the progress and estimated timeframe for resolution.
In certain instances, our website or app may contain third-party links which will redirect you from our site. Please note that in such instance our processing practices shall not be applicable as those sites will not fall under the scope of this notice. We strongly advise you at whichever time of accessing website of any third party to check their privacy notice in order to familiarise with their processing practices.