Last modified 16th January 2019
INFORMATION ON THE PROCESSING OF PERSONAL DATA pursuant to articles 13 and 14 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
Finantix Holding S.à rl, a company incorporated under the laws of Luxembourg (RCS: B. 197407), with registered office at 11, Place Saint Pierre-et-Paul, L-2334, Luxembourg AT No. LU28135627, as well as the other member companies of the Finantix Group indicated on the following link www.finantix.com/offices (hereinafter, the “Companies“), as data controllers, provide below, pursuant to articles 13 and 14 of the Regulation (EU) 2016/679 concerning the protection of personal data (General Data Protection Regulation) (hereinafter “GDPR“), the information relating to the processing of personal data of subjects who purchased, requested or provided services and/or products to Companies, both personally as natural persons and as a natural person in charge of a legal entity (hereinafter, “Data Subject“).
1. Type of Data Processed
2. Purpose of the Processing
3. Legal Basis of the Processing
4. Methods of Processing
5. Data Retention
6. Communication, Dissemination and Transfer of Data
7. Transfer of Data Abroad
8. Rights of the Data Subject
10. Changes and Updates
The personal data processed by the Companies through the website www.finantix.com and the online platform currently available at platone.finantix.com/web/webdirect.nsf (where clients representatives can connect to get support) include, by way of example and not exhaustively, the following categories of data relating to the Data Subject:
(i) identification data, contact and access data, such as name, surname, e-mail address, telephone number and credentials for access to services and/or products provided by the Companies;
(ii) data of navigation, such as IP addresses, log data or domain names and other parameters relating to the computers, operating system and computer environment used;
(iii) product data, such as the data relating to the products and/or services provided by or to the Companies, which the Subject Data has requested, to which he/she has access or makes use, or which the Company has requested and which the Subject Data provides;
(iv) data required by the management of the employment relationship, as required by local legislation and the orderly management of the business, including the assessment of individual performance;
(v) payment and bank details, such as bank account number or IBAN code;
(vi) data acquired from public sources, such as data of representatives and procurators that are collected via, for example, Chambers of Commerce or commercial information services;
(vii) data required by the locally applicable civil and tax legislation;
(viii) data provided by the Data Subject following spontaneous application;
(hereinafter jointly defined, “Data“).
Data processing is effectuated by the Companies in carrying out their economic and commercial activities for the following purposes:
a) to allow the Data Subject to request, obtain, access and use the services and/or products provided by the Companies, or to allow Companies to request, obtain, access and use the services, also of placement and employment and/or products supplied by the Data Subject;
b) comply with the obligations arising from applicable laws and regulations (e.g. tax and accounting obligations, or of personnel management);
(the purposes referred to in subparagraphs a) and b) are jointly defined as “Contractual Purposes“)
c) to assert and defend their rights, including in the context of debt collection and credit assignment procedures, including through third parties;
d) for the analysis and reporting of the services offered and received and the improvement of services and/or products offered/received;
e) to complete corporate transactions by transferring the Data to the third party (s) involved, as well as for the best organized management of the group business activities, transferring the data to another Group company;
f) to provide the Subject Data with marketing communications by e-mail about services and/or products similar to those already provided by the Companies, provided that, at any time, the Data Subject will have the possibility to oppose the sending of such communications;
(the purposes under letter c) to f) are jointly defined the “Legitimate interests of business“).
Data processing is necessary with reference to the Contractual Purposes as such Data are necessary in order to:
Should the Data Subject decide not to provide the Data necessary for the Contractual Purposes, the Companies will be unable to provide the requested services.
The processing for purposes under Section 2 letters a) and b) does not require the consent of the Data Subject pursuant to art. 6 paragraph 1 lett. b) and c) of the GDPR.
The processing of Data for the purposes of Legitimate Interests of business is made pursuant to article 6, letter f) of the GDPR for the pursuit of the legitimate interests of the Companies that is fairly balanced with the interests, rights and freedoms of the Data Subject as the processing of the Data is limited to what is strictly necessary for the execution of the operations indicated therein. The processing for the purposes of Legitimate interests of business is not mandatory and the Data Subject may object to such processing using the methods set out in this notice, but should he/she decide to oppose such processing, his/her data may not be used for the purpose of Legitimate Interests of business, without prejudice to the case where the Companies demonstrate the presence of prevailing binding legitimate reasons or exercise or defence of a right pursuant to Article 21 of the GDPR.
In the event that the Data Subject wishes to obtain more information about the balancing of interests, rights and freedoms, he/she may contact the Companies at any time according to the methods indicated in this notice.
The Data will be processed by the Companies with electronic and manual systems according to the principles of correctness, loyalty and transparency provided by the applicable legislation on personal data protection and protecting the confidentiality of the Data Subject through technical and organizational security measures to ensure an adequate level of security.
The Data will be retained for the period of time necessary for the pursuit of the purposes for which such Data were collected, as stated in this notice. In any case, for the Contractual Purposes and the Legitimate Interests of Business the Data are retained for a period equal to the duration of the supply of the services and / or products requested or supplied by the Data Subject and for the 10 years following the termination of such supply, without prejudice to any renewals and the cases in which the conservation for a subsequent period is required for any disputes, requests of the competent authorities or pursuant to the applicable legislation.
The Data may be transferred to the following third parties who perform functional activities to those of supplying services and/or requested/offered products located inside and outside the European Union:
(a) third-party providers of assistance and consultancy services for the Companies with reference to the activities of the following sectors (merely by way of example): technological, accounting, administrative, legal, insurance;
(b) group companies;
(c) in cases where the provision of the requested services and/or products involves the intervention of commercial partners, the Companies may share some Data with the distributors, resellers and partners in the chain of distribution of the products and services of the Companies, with possible communication of some production data and contact to customers;
(d) subjects and authorities whose right of access to the Data is expressly recognized by law, regulations or provisions issued by the competent authorities.
These recipients, as the case may be, process the Data of the Data Subject as data controllers, data processors or subject in charge of the processing. The complete and updated list of the parties processing the Data as data processors is available on request at each of the Companies according to the methods indicated in this notice.
The Data may be transferred outside the national territory to countries located in the European Union, Canada, Singapore, Japan and Hong Kong, and on cloud servers located in the United States.
With reference to transfers outside the territory of the European Union to countries not considered appropriate by the European Commission, the Companies shall adopt appropriate security measures to protect the Data. Consequently, any data transfer to countries located outside the European Union will, in any case, comply with appropriate safeguards for the purpose of the transfer, such as the standard data protection clauses, in accordance with applicable legislation and in particular Articles 45 and 46 of the GDPR.
In the event that the Data Subject wishes to obtain further information regarding the existing guarantees and request a copy thereof, he/she may contact the Companies at any time in the manner indicated in this notice.
In relation to the processing of the Data described in this notice, the Data Subject may exercise at any time the rights established by the GDPR (articles 15-21), including:
To exercise these rights (and for further information regarding the Data processing), the Data Subject can send an e-mail to the following address: firstname.lastname@example.org.
According to the GDPR, cookies constitute personal data when they can be associated with a device and, therefore, to an identifiable person.
Cookies are small text files stored on users’ terminals by the server of the website they are visiting. They contain information related to user navigation that can be read by the server that sent them in subsequent browsing sessions.
Cookies are divided into two macro-categories: “technical” cookies and “profiling” cookies.
Technical cookies are those used for the sole purpose of transmitting a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the user to provide this service. They are not used for other purposes and are normally installed directly by the owner or operator of the website. They can be divided into:
Depending on the subject installing cookies on the user’s terminal, cookies are divided into “first-party” cookies or “third-party” cookies. First-party cookies are installed directly by the site’s own manager. The cookies of “third parties”, on the other hand, are cookies managed by a site different from that on which the user is browsing but connected to it, for the management of particular types of content. These are usually images, sounds, links or other elements that reside outside the visited site.
Profiling cookies are designed to create profiles related to the user and are used in order to send advertising messages in line with the preferences expressed by the same in the context of surfing the net. The use of these cookies requires the express and informed consent of the user.
The website www.finantix.com does not use profiling cookies, but only technical and analytic cookies.
The use of permanent technical cookies or session cookies (i.e. that are not permanently stored on the user’s computer and disappear when the browser is closed) by the website www.finantix.com is strictly limited to the technical provision of the service requested by the user and the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow the safe and efficient exploration of the website and its applications.
The website www.finantix.com uses the following cookies:
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses Personal Data collected for the purpose of tracking and examining the use of the website, compiling reports and sharing them with other services developed by Google.
Google may use the Personal Data to contextualize and personalize the advertisements of its advertising network
The integration of Google Analytics used makes the user’s IP address anonymous. Anonymisation works by shortening the IP address of the Users within the borders of the member states of the European Union or in other countries participating in the agreement on the European Economic Area. Only in exceptional cases, the IP address will be sent to Google’s servers and shortened within the United States.
The usage data collected is processed in the United States.
If you do not want your data to be used by Google Analytics, you can install the browser add-on in the manner described by Google at the following links:
Further information about the Google Analytics service and the procedures to be followed to disable cookies can be found at the following links:
It is possible for the user to set the browser software for the internet (eg. Firefox, Internet Explorer, Safari, Chrome) in a way that does not accept cookies, including technical ones, activating the so-called anonymous browsing, and in this case, no data will be processed through these systems.
The handbook of the browser used to browse contains all the information to enable or block cookies, we hereinafter indicate some quick links to obtain them:
Internet Explorer: support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: support.google.com/accounts/answer/61416
Mozilla Firefox: support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Apple Safari: support.apple.com/en-gb/HT201265
If you decide to disable cookies it is good to take into account their characteristics, to avoid incurring any changes not welcome to navigation on the site. In particular, the deactivation of technical cookies could prevent the use of some features of the site.
The social buttons are the “buttons” on the site that depict the icons of social networks (eg. Facebook and LinkedIn) and that allow you to interact with a “click” directly with social platforms. The social buttons on this site are links that refer to Finanitx accounts on social networks depicted. Through the use of these buttons are therefore not installed on the site third-party cookies.
This information may be subject to changes also as a result of any regulatory changes and/or additions. The changes will be notified in advance and the text of the constantly updated information will be available on this website.
Enabling Digital Financial Services
Finantix targets Japanese and South Korean markets as it establishes Tokyo-based team