Privacy & Cookies Policy

Last modified 25th October 2018


INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to articles 13 and 14 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data

Finantix Holding S.à rl, a company incorporated under the laws of Luxembourg (RCS: B. 197407), with registered office at 11, Place Saint Pierre-et-Paul, L-2334, Luxembourg AT No. LU28135627, as well as the other member companies of the Finantix Group indicated at the following link (hereinafter, the “Companies“), as data controllers, provide below, pursuant to articles 13 and 14 of the Regulation (EU) 2016/679 concerning the protection of personal data (hereinafter “GDPR“), the information relating to the processing of personal data of subjects who purchased, requested or provided services and/or products to Companies, both personally as natural persons and as a natural person in charge of a legal entity (hereinafter, “Data Subject“).


1. Type of data processed
2. Purpose of the processing
3. Legal basis of the processing
4. Methods of processing
5. Data retention
6. Communication, dissemination and transfer of data
7. Transfer of data abroad
8. Rights of the Data Subject
9. Data of navigation and use of cookies
10. Changes and updates


1. Type of data processed

The personal data processed by the Companies include, by way of example and not exhaustively, the following categories of data relating to the Data Subject:

(i) identification data, contact and access data, such as name, surname, e-mail address, telephone number and credentials for access to services and/or products provided by the Companies;

(ii) surfing data, such as IP addresses, log data or domain names and other parameters relating to the computers, operating system and computer environment used;

(iii) product data, such as the data relating to the products and/or services provided by or to the Companies, which the Subject Data has requested, to which he/she has access or makes use, or which the Company has requested and which the Subject Data provides;

(iv) data required by the management of the employment relationship, as required by local legislation and the orderly management of the business, including the assessment of individual performance;

(v) payment and bank details, such as bank account number or IBAN code;

(vi) data acquired from public sources, such as data of representatives and procurators that are collected via, for example, Chambers of Commerce or commercial information services;

(vii) data required by the locally applicable civil and tax legislation;

(viii) data provided by the Data Subject following spontaneous application;

(hereinafter jointly defined, “Data“).


2. Purpose of the processing

Data processing is effectuated by the Companies in carrying out their economic and commercial activities for the following purposes:

a) to allow the Data Subject to request, obtain, access and use the services and/or products provided by the Companies, or to allow Companies to request, obtain, access and use the services, also of employment, and/or products supplied by the Data Subject;

b) comply with the obligations arising from applicable laws and regulations (e.g. tax and accounting obligations, or of personnel management);

(the purposes referred to in subparagraphs a) and b) are jointly defined as “Contractual Purposes“)

c) to assert and defend their rights, including in the context of debt collection and credit assignment procedures, including through third parties;

d) for the analysis and reporting of the services offered and received and the improvement of services and/or products offered/received;

e) to complete corporate transactions by transferring the Data to the third party (s) involved, as well as for the best organized management of the group business activities, transferring the data to another Group company;

f) to provide the Subject Data with marketing communications by e-mail about services and/or products similar to those already provided by the Companies, provided that, at any time, he/she will have the possibility to oppose the sending of such communications;

(the purposes under letter c) to f) are jointly defined the “Legitimate interests of business“)


3. Legal basis of the processing

Data processing is necessary with reference to the Contractual Purposes as such Data are necessary in order to:

  • provide or receive the services and/or products requested in relation to the cases referred to in Section 2, letter a);
  • comply with the provisions of applicable law as required by Section 2, letter b).

Should the interested party decide not to provide the Data necessary for the Contractual Purposes, the Companies will be unable to provide the requested services.

The processing of Data for the purposes of Legitimate Interests of business is made pursuant to article 6, letter f) of the GDPR for the pursuit of the legitimate interests of the Companies that is fairly balanced with the interests, rights and freedoms of the Data Subject as the processing of the Data is limited to what is strictly necessary for the execution of the operations indicated therein. The processing for the purposes of Legitimate interests of business is not mandatory and the Data Subject may object to such processing using the methods set out in this notice, but should he/she decide to oppose such processing, his/her data may not be used for the purpose of Legitimate Interests of business, without prejudice to the case where the Companies demonstrate the presence of prevailing binding legitimate reasons or exercise or defence of a right pursuant to Article 21 of the GDPR.

In the event that the Data Subject wishes to obtain more information about the balancing of interests, rights and freedoms, he/she may contact the Companies at any time according to the methods indicated in this notice.


4. Methods of processing

The Data will be processed by the Companies with electronic and manual systems according to the principles of correctness, loyalty and transparency provided by the applicable legislation on personal data protection and protecting the confidentiality of the Data Subject through technical and organizational security measures to ensure a level of security adequate.


5. Data retention

The Data will be retained for the period of time necessary for the pursuit of the purposes for which such Data were collected, as stated in this notice. In any case, for the Contractual Purposes and the Legitimate Interests of Business the Data are retained for a period equal to the duration of the supply of the services and / or products requested or supplied by the Data Subject and for the 10 years following the termination of such supply, without prejudice to any renewals and the cases in which the conservation for a subsequent period is required for any disputes, requests of the competent authorities or pursuant to the applicable legislation.


6. Communication, dissemination and transfer of data

The Data may be transferred to the following third parties who perform functional activities to those of supplying services and/or requested/offered products located inside and outside the European Union:

(a) third-party providers of assistance and consultancy services for the Companies with reference to the activities of the following sectors (merely by way of example): technological, accounting, administrative, legal, insurance;

(b) group companies;

(c) in cases where the provision of the requested services and/or products involves the intervention of commercial partners, the Companies may share some Data with the distributors, resellers and partners in the chain of distribution of the products and services of the Companies, with possible communication of some production data and contact to customers;

(d) subjects and authorities whose right of access to the Data is expressly recognized by law, regulations or provisions issued by the competent authorities.

These recipients, as the case may be, process the Data of the Data Subject as data controllers, data processors or subject in charge of the processing. The complete and updated list of the parties processing the Data as data processors is available on request at each of the Companies according to the methods indicated in this notice.


7. Transfer of data abroad

The Data may be freely transferred outside the national territory to countries located in the European Union, Singapore and Hong Kong, and on cloud servers located in the United States.

With reference to transfers outside the territory of the European Union to countries not considered appropriate by the European Commission, the Companies shall adopt appropriate security measures to protect the Data. Consequently, any data transfer to countries located outside the European Union will, in any case, comply with appropriate safeguards for the purpose of the transfer, such as the standard data protection clauses, in accordance with applicable legislation and in particular Articles 45 and 46 of the GDPR.

In the event that the Data Subject wishes to obtain further information regarding the existing guarantees and request a copy thereof, he/she may contact the Companies at any time in the manner indicated in this notice.


8. Rights of the Data Subject

In relation to the processing of the Data described in this notice, the Data Subject may exercise at any time the rights established by the GDPR (articles 15-21), including:

  • to receive confirmation of the existence of the Data and access their contents (access right);
  • to update, modify and/or correct the Data (right of rectification);
  • to request the deletion or limitation of the processing of data processed in violation of the law including those that do not need to be retained for the purposes for which the Data were collected or otherwise processed (right to be forgotten and the right to limitation);
  • to oppose the processing (right of opposition);
  • to revoke the consent, where provided, without prejudice to the lawfulness of the processing based on the consent given prior to the revocation;
  • to propose a complaint to the Supervisory Authority in the event of violation of the regulations regarding the protection of personal data;
  • to receive an electronic copy of the data concerning him/her, to transfer them to himself/herself or to a different service provider, in the event that the Companies process the Data on the basis of the consent or on the basis that the processing it is necessary for the provision of the requested services and/or products and the Data are processed using automated tools (right to data portability).

To exercise these rights (and for further information regarding the Data processing), the Data Subject can send an e-mail to the following address:


9. Data of navigation and use of cookies

The website uses technical cookies.

Cookies are small text files stored on users’ terminals by the server of the website they are visiting. They contain information related to user navigation that can be read by the server that sent them in subsequent browsing sessions.

Cookies are divided into two macro-categories: “technical” cookies and “profiling” cookies.
Technical cookies are those used for the sole purpose of transmitting a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the user to provide this service. They are not used for other purposes and are normally installed directly by the owner or operator of the website. They can be divided into navigation or session cookies, which guarantee the normal navigation and use of the website (allowing, for example, to authenticate to access restricted areas); analytics cookies, similar to technical cookies when used directly by the website operator to collect information, in aggregate form, on the number of users and how they visit the website; functionality cookies, which allow the user to navigate according to a set of selected criteria (for example, the language) in order to improve the service rendered to the same.

Profiling cookies are designed to create profiles related to the user and are used in order to send advertising messages in line with the preferences expressed by the same in the context of surfing the net. The use of these cookies requires the express and informed consent of the user. The website does not use those cookies.

The use of permanent technical cookies or session cookies (i.e. that are not permanently stored on the user’s computer and disappear when the browser is closed) by the website is strictly limited to the technical provision of the service requested by the user and the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the website and its applications.

No other use is made of cookies to transmit information of a personal nature, nor are other persistent cookies of any kind used, or systems for tracking users.

It is however possible for the user to set the browser software for the internet (e.g. Firefox, Internet Explorer, Safari, Chrome) in a way that does not accept cookies, including technical ones, activating the so-called anonymous browsing, and in this case, no data will be processed through these systems.
Data relating to voluntary requests for contact sent via the forms on the website are processed by various company functions, always for the purpose requested by the user. In no case will they be communicated to third parties, meaning third parties not in charge, responsible, or belonging to the data controller’s group.


10. Changes and updates

This information may be subject to changes also as a result of any regulatory changes and/or additions. The changes will be notified in advance and the text of the constantly updated information will be available on this website.