Last modified: 29.01.2024
This Privacy Policy (“Privacy Policy“) describes and summarizes the policies and procedures of ITBS Finance SMPC (“ITBS Finance“, “we“, “our“, “us“) with respect to the collection, use, storing, processing, disclosure, sharing and protection of personal data provided or acquired through use of (I) our website located at www.finker.co and all related subdomains, including the ITBS Finance blog and bulletin board (collectively, the “Website“), and (II) the functionality enabling access to financial account for the purpose of retrieving financial account data and receiving related data enrichment services or initiating payment transactions through the Developer Application (as defined below), delivered via application programming interfaces (including without limitation the finker PSD2 API HUB), software development kits, and any other services, content, tools and features as made available by ITBS Finance from time to time (collectively, the “Aggregation Services“), whether the Website or Aggregation Services are accessed via a computer, mobile device, or other technology or means.
ITBS Finance takes the privacy of individuals very seriously. We are committed to maintaining the security, confidentiality and integrity of the personal data in our custody or control, and protecting such data in accordance with the applicable legislation. ITBS Finance regularly reevaluates its privacy and security practices and adapts them as necessary to deal with new regulatory requirements, changes in legislation and/or security standards.
1. Definitions
For the purposes of this Privacy Policy, in addition to the capitalized terms defined elsewhere in this Privacy Policy, the following terms shall have the meanings ascribed to them as follows:
“Consent” of User means any freely given, specific, informed and unambiguous indication of the User’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.
“Controller“, “Processing“, “Processor“, “Supervisory Authority” as used in this Privacy Policy shall have the meanings given to such terms in the GDPR.
“Data Protection Laws” means, as applicable, the GDPR or any similar or equivalent law, regulation, statute, legislation, directive or ruling, of any government, legislature, parliament, regulatory authority, agency or commission having or purporting to have jurisdiction on behalf of any nation, or province or state or other subdivision thereof, in force from time to time in User’s jurisdiction with respect to the privacy, protection, processing, collection, use or disclosure of Personal Data.
“Developer Application” means web, desktop and/or mobile application made available by or on behalf of Developer that is used or intended to be used by Indirect User for the purpose of interacting with the Aggregation Services.
“Developer” means the third-party owner or provider of the Developer Application.
“Financial Account” means a financial account that can be accessed online held in User’s name by a Financial Institution.
“Financial Institution” means a legal entity dealing with financial transactions, including without limitation banks, building societies, credit institutions, payment system providers, loan companies, mortgage companies, investment companies, utilities/bills providers and other financial service providers located worldwide.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data.
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data includes without limitation Registration Information, Financial Account Data and Financial Account Credentials, but excludes publicly available business information.
“Special Categories of Personal Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.
2. Applications
ITBS Finance recommends that Users read this Privacy Policy carefully and entirely to ensure that Users are aware of all the practices and policies of ITBS Finance in respect of Personal Data collection, use, disclosure, processing and protection. This Privacy Policy applies to:
1) Visitors to our Website (“Visitors‘);
2) Subscribers to ITBS Finance bulletin board, white papers or similar types of information or materials (“Subscribers“);
3) Users (individuals acting in their own capacity or on behalf of a legal entity) who sign up for an account on the Website in order to test the functionality of the Aggregation Services (“Account Users“);
4) End users who use the Aggregation Services through a Developer Application (“Indirect Users“);
1 to 4 collectively referred to as “Users”
3. Acknowledgement
By accessing and using the Website and/or Aggregation Services (together, “Services“) User hereby: (I) acknowledges and confirms that User is at least eighteen (18) years old, or of the legal age of majority in the jurisdiction in which User resides; and (II) consents to the collection, use, and processing of his/her Personal Data as described in this Privacy Policy. Except as set forth in this Privacy Policy, ITBS Finance will not use User’s Personal Data for any other purpose without User’s Consent. ITBS Finance will only disclose User’s Personal Data to third parties strictly for the purposes described in this Privacy Policy. ITBS Finance does not, and will not, sell, lease, license or rent User’s Personal Data to any third party, nor does ITBS Finance use the collected Personal Data for advertising or marketing purposes.
4. Collection of personal data
When User uses the Services ITBS Finance will collect information, including Personal Data, for the purpose of providing, maintaining and improving the Services, as well as complying with applicable laws or regulations. ITBS Finance collects Personal Data primarily in four (4) ways:
Information User voluntarily provides to ITBS Finance:
1) When User contacts ITBS Finance’s support team (by email, phone or contact form on the Website) with respect to the Website or Aggregation Services related issues or communicates with ITBS Finance in any way, User voluntarily gives ITBS Finance information that ITBS Finance collects and processes as described in the General Terms of Services and this Privacy Policy. The provided information may include Personal Data such as: name, email address, phone number, and physical address. When User voluntarily submits Personal Data with their inquiry or request pertaining to the Services, ITBS Finance will process any such Personal Data in accordance with this Privacy Policy. In some cases, ITBS Finance may require additional information, including Personal Data, in order to identify User while processing their inquiry or request. ITBS Finance may also maintain a record of such communications with Users, including any follow-ups and subsequent feedback, for internal purposes.
2) Some of the Services require registration. When creating an account with ITBS Finance, Account Users will have to provide Personal Data, including name, email address and password (together, “Registration Information“), in order to be able to use the respective Services.
3) In order to be able to use the Aggregation Services, ITBS Finance may require Indirect Users and, if applicable, Account Users to provide the personalized features provided by the respective Financial Institution to User for the purposes of authentication when logging in to their Financial Account online, including without limitation Financial Institution’s API access tokens, username, password, access number, security questions and answers, token/SMS codes, and multifactor information (collectively, “Financial Account Credentials“). Financial Account Credentials are always stored encrypted.
4) Subscribers will have to provide their email address for the purpose of receiving the communications to which they have subscribed.
Information ITBS Finance collects from Financial Institutions:
1) When an Indirect User or, if applicable, an Account User uses the Aggregation Services to access their Financial Account(s) with Financial Institution(s), ITBS Finance will access such Financial Account in read-only mode on User’s behalf based on the consent to access given, as applicable, directly to ITBS Finance or Developer, in order to retrieve, process and, in the case of Indirect Users, transmit to the Developer Application, the information in User’s Financial Account (“Financial Account Data“) for the purpose of providing the Aggregation Services to such User. Financial Account Data includes, but is not limited to, the following information:
2) Financial Account details (including by way of example and without limitation account number, type, currency, balance);
3) Transactions details (including by way of example and without limitation transaction amount, date, description, currency); and
4) Financial Account holder details (including by way of example and without limitation name, address, email, phone number) to the extent that such information is made available, in whole or in part, by the respective Financial Institution.
Information ITBS Finance collects from Developer:
Developer may contact ITBS Finance to report errors or submit inquiries, issues or requests in connection with the Aggregation Services provided to Indirect Users. In such cases ITBS Finance may require additional information, including Personal Data, from Developer in order to identify the Indirect User while processing Developer’s inquiry or request and for troubleshooting purposes.
1) When an Indirect User uses the Aggregation Services for the purpose of initiating a payment transaction via the Developer Application, Developer will provide to ITBS Finance the payment order data associated with the initiated payment transaction (“Payment Order Data“). Such Payment Order Data includes but is not limited to date, amount, currency, description and payee details. ITBS Finance will transmit the Payment Order Data to User’s Financial Institution in order for the latter to execute the payment transaction and return execution status.
2) Depending on the method of integration of the Developer Application with the Aggregation Services, Developer may also transmit to ITBS Finance the Financial Account Credentials for the purpose of provision of Aggregation Services to Indirect Users.
Information ITBS Finance collects through User’s use of the Services:
1) Information ITBS Finance collects automatically. Each time Users use the Services, ITBS Finance collects information relating but not limited to: (i) which Services are used; (ii) all the areas within the Services that User visits; (iii) the time of day when User accesses and uses the Services; (iv) actions taken by User when using and interacting with the Services; (v) which Services or parts thereof generate error messages; and (vi) User’s browser, operating system and internet protocol (“IP“) address. ITBS Finance collects this information automatically as part of its technical log files or other metadata, as well as through the use of cookies, web beacons and other similar tracking technologies. All personally identifiable information collected through User’s use of the Services is treated as Personal Data in accordance with the terms of this Privacy Policy. ITBS Finance may also use the collected information in an anonymized and/or aggregate way (i.e., it is not personally identifiable in this state) for a variety of purposes, including but not limited to improving user experience, enhancing the Services and developing new services (see further “Use of Non-Personal Data”).
2) Cookies or similar technologies may be used for many purposes, including without limitation remembering the User and User’s preferences and tracking User’s visits to the Website or access to the Services. Cookies work by assigning a number to User that has no meaning outside of the assigning website or application. ITBS Finance uses cookies for various purposes, including without limitation tracking User’s movements within the Website, analyzing trends, gathering statistical data and improving user experience and the overall quality of the Services. ITBS Finance encodes and encrypts the cookies so that only ITBS Finance can interpret the information stored in them. Cookies can be disabled or controlled by setting a preference within User’s web browser or on User’s device. Thus, if User does not want information to be collected through the use of cookies, User can restrict or limit the use of cookies at the individual browser or device level. However, if User chooses to disable cookies some features of the Services may not function properly or ITBS Finance may not be able to customize the delivery of information to User. For detailed guidance on how to control, manage and delete cookies, Users are advised to visit https://www.aboutcookies.org.
2.1) First-Party Cookies: ITBS Finance uses session cookies and persistent cookies when User uses the Services. These are essential to the operation of the Website and the provision of Services. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from User’s computer. They store information in the form of a session identification that does not personally identify the User. The persistent cookies are set with expiration date and are stored on User’s hard drive until they expire or User deletes them. ITBS Finance does not collect any Personal Data in the session and persistent cookies. ITBS Finance uses session and persistent cookies for technical purposes, including but not limited to verifying the origin of requests, distributing requests among multiple servers, authenticating Users and determining what functionality of the Services such Users are allowed to access.
2.2) Third-Party Cookies: ITBS Finance may also use third-party cookies. These third-party service providers with whom ITBS Finance may have contracted help analyze certain online activities and provide analytics services. These cookies may include browser and version, operating system, device information and IP address, which may be considered Personal Data under the applicable Data Protection Laws. User can prevent the collection of information through cookies by making relevant adjustments in browser settings or installing an opt-out add-on.
5. Use of information
1) Use of Personal Data: ITBS Finance may use the collected Personal Data for the following purposes:
– to provide, maintain, administer, support, protect and improve the Services;
– to transmit Financial Account Data to Developer through the Services and, if applicable, to transmit Payment Order Data from Developer to the respective Financial Institution;
– to meet the regulatory compliance requirements set forth in the applicable laws;
– to provide customer support;
– to handle and process inquiries submitted by Visitors;
– to send system alert messages to Account Users;
– to enforce compliance with the General Terms of Service including, if applicable, the End User License Agreement;
– to investigate any fraud, illegal activity or wrongdoing in connection with the Services;
– to protect the rights, property and safety of Users, ITBS Finance and third parties;
– to store the Personal Data in order to be able to provide the Services on ITBS Finance’s servers or servers provided by third parties that are committed to complying with ITBS Finance’s obligations contained in this Privacy Policy and with whom ITBS Finance has contracted;
– to troubleshoot, investigate and fix service related errors. In such cases, Users’ Personal Data may be visible to and/or accessed by technicians, IT staff and/or system administrators authorized by ITBS Finance;
– to combine Personal Data with information obtained through the use of cookies or similar technologies to improve the Services and user experience;
– to comply with legal obligations to which ITBS Finance is subject;
– to establish compliance with the Data Protection Laws during an audit or inspection conducted by an appropriate data protection authority, Developer or an external auditor mandated by Developer, provided that in all cases the Personal Data will remain subject to the provisions of this Privacy Policy;
– to send Subscribers informational content they subscribed to;
– to generate Anonymized Data and Anonymized Aggregate Data; and
– to respond (or, in the case of Indirect Users, to assist Developer in responding) to User’s requests for exercising User’s rights under the applicable Data Protection Laws.
2) Use of Non-Personal Data: ITBS Finance may generate anonymous data derived from or based on Personal Data collected from User so that the results are no longer personally identifiable with respect to that User (“Anonymized Data“), and combine or incorporate such Anonymized Data with or into other similar data or information collected from other Users or derived from other Users’ use of the Services (“Anonymized Aggregate Data“). ITBS Finance may use such Anonymized Data and Anonymized Aggregate Data for various business purposes, including but not limited to:
– providing, maintaining, supporting and improving the Services;
– conducting analytical research, compiling statistical reports and performance tracking;
– developing and/or improving other ITBS Finance’s services and products; and
– sharing such Anonymized Data and Anonymized Aggregate Data with ITBS Finance’s affiliates, agents or other third parties with whom ITBS Finance has a business relationship.
6. Children’s privacy
Protecting the privacy of young children is especially important to ITBS Finance. The Services are not directed to children under the age of eighteen (18) years and ITBS Finance does not knowingly solicit, collect or process Personal Data from persons under eighteen (18) years of age. If ITBS Finance becomes aware of the fact that Personal Data of persons less than eighteen (18) years of age has been collected via the Services, ITBS Finance will take the appropriate steps to delete such information without undue delay.
7. Disclosures and transfers
By using the Services and submitting any Personal Data to ITBS Finance, User acknowledges and agrees that their Personal Data may be processed in and transferred to jurisdiction(s) other than User’s country of residence which may have different Data Protection Laws than those in User’s country. The Personal Data of any User residing in the EU/EEA will only be stored in EU and will only be transferred outside EU as set forth in the GDPR. ITBS Finance will take all steps reasonably necessary to ensure that Personal Data is at all times treated securely and in accordance with this Privacy Policy.
ITBS Finance will only transfer and/or disclose Personal Data as specified in this Privacy Policy unless User gives Consent to the disclosure and/or transfer to any other third party.
1) Disclosure and/or Transfer to Third-Party Providers: ITBS Finance has put in place contractual (including data protection, confidentiality and security provisions) and other organizational safeguards with third-party service providers engaged by ITBS Finance in connection with the provision, operation, hosting, security or maintenance of the Services, including cloud-based email service, data hosting and storage providers (“Third-Party Providers”). Such safeguards aim to ensure an adequate level of protection of Personal Data. ITBS Finance may disclose or transfer Personal Data to such Third-Party Providers solely for the identified purposes and solely in connection with the Services. ITBS Finance will restrict access to Personal Data to what is strictly necessary for the performance of such Third-Party Provider’s contractual obligations. Such Third-Party Providers may process, store and/or have access to Personal Data. Any transfer of Personal Data of EU/EEA Users to a Third-Party Provider located in a third country will be subject to articles 45 and 46 of the GDPR and will take place either (i) on the basis of an adequacy decision issued by the European Commission, or (ii) subject to the application of appropriate safeguards for the fundamental rights and interests of data subjects, including by entering into the standard data protection clauses adopted by the Commission. At the date of this Privacy Policy ITBS Finance uses the following Third-Party Providers:
– Hetzner Online AG in Germany;
– Hetzner Finland Oy in Finland;
– Amazon Web Services Ireland Limited in Ireland;
2) Disclosure to Financial Institution and Developer: ITBS Finance will disclose Personal Data (particularly, Financial Account Credentials and, as applicable, Payment Order Data) of Indirect Users and Account Users to their respective Financial Institution when providing Aggregation Services to such Users. In the case of Indirect Users, ITBS Finance will disclose and transfer their Personal Data (particularly, Financial Account Data) to Developer through the Services so that Developer can carry out its contractual obligations towards such Indirect Users or otherwise accomplish the purposes for which the Indirect Users consented to the processing of their Personal Data.
3) Disclosure for Legal Reasons: ITBS Finance may disclose Personal Data without User’s Consent when ITBS Finance believes in good faith that the disclosure of such information is reasonably necessary or appropriate:
– to comply with the Data Protection Laws, any subpoena, enforceable request from the competent authorities, or other legal process;
– to enforce ITBS Finance’s rights against User or in connection with a breach by User of the General Terms of Service or, as applicable, the End User License Agreement including investigation of potential violations;
– to help detect, curb or investigate fraud or other prohibited or illegal activities that affect or hurt the interests of ITBS Finance or third parties;
– to identify, contact or bring legal action against someone who may be causing injury to, or interference with (either intentionally or unintentionally), ITBS Finance’s rights or property, other Users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities; and
– to help ITBS Finance comply with a legal obligation to which ITBS Finance is subject, or accounting or security requirements, in which case ITBS Finance may disclose such information to its auditors, professional consultants, accountants and/or legal advisors.
In all the foregoing cases, ITBS Finance will disclose Personal Data only to the extent required or permitted by the applicable Data Protection Laws.
3) Transfer of Ownership: User’s Personal Data may be disclosed and/or transferred upon change of control as a result of a sale of all or a substantial portion of ITBS Finance’s assets or stock, merger, acquisition or reorganization, including any due diligence process carried out in relation to the same, provided that the Personal Data disclosed continues to be used solely for the purposes permitted by, and subject to the provisions in, this Privacy Policy by the entity acquiring access to such information. If the entire or substantial ownership of ITBS Finance or Services were to change, User’s Personal Data may be transferred to the new owner to ensure continuity of the Services. In any such transfer of ownership User’s Personal Data will remain subject to the promises of the then and current Privacy Policy. ITBS Finance will provide reasonable advance notice to User via the Website of any such change in ownership or control of User’s Personal Data or in case such Personal Data becomes subject to a different privacy policy.
8. Controller and processor
In providing the Services to Visitors, Subscribers, and Account Users, ITBS Finance acts as Controller of Personal Data collected from such Users. In the case of Indirect Users, ITBS Finance acts as a Processor and the respective Developer acts as Controller of collected Personal Data. In performing its obligations as Processor ITBS Finance will at all times act on Controller’s behalf and according to Controller’s lawful instructions.
Furthermore, ITBS Finance adheres to the following general principles with respect to Personal Data processing:
– not to collect more Personal Data than is necessary for the purpose of providing the Services;
– not to use Personal Data for any other purposes than those specified in this Privacy Policy;
– ensure that all personnel authorized by ITBS Finance to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; and
– not to knowingly solicit, access, collect and/or process any Special Categories of Personal Data.
9. Legal basis for processing (GDPR)
Where ITBS Finance processes Personal Data in its capacity as Controller and GDPR applies, depending on the type of Personal Data and the circumstances under which it is collected, ITBS Finance has determined the following legal bases for such processing:
-the processing is necessary for the performance of a contract to which the User is a party, particularly for the provision of the Services under the General Terms of Service;
-the processing is necessary for compliance with a legal obligation to which ITBS Finance is subject; and/or
-the processing is necessary for the purposes of the legitimate interests pursued by ITBS Finance as the Controller of Personal Data or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of User which require the protection of Personal Data
If there is another legal basis for ITBS Finance to collect and process Personal Data in its capacity as Controller, ITBS Finance will provide the required notification to User at or before the time the Personal Data is collected.
If User voluntarily provides Personal Data to ITBS Finance when contacting ITBS Finance with respect to the Services, such User will be deemed to have given Consent to the collection, use and processing of Personal Data by ITBS Finance as reasonably necessary to carry out the specific purpose(s) for which User has provided the Personal Data. ITBS Finance will rely on such implied Consent as if it were given to ITBS Finance under normal circumstances.
10. Special categories of personal data
ITBS Finance does not require to process Special Categories of Personal Data in order to provide the Services and does not deliberately solicit, access, collect or process any such data. Special Categories of Personal Data may be occasionally and incidentally contained in the Financial Account Data that ITBS Finance retrieves from Financial Accounts or in the Payment Order Data provided by the Developer. Insofar as this may happen, ITBS Finance hereby declares that it does not analyze, filter, map, or perform any other processing to identify or single out Special Categories of Personal Data. Users are requested at all times to refrain from voluntarily providing any Special Categories of Personal Data to ITBS Finance.
11. Anti-spam legislation
ITBS Finance is committed to controlling unsolicited commercial e-mail, or “spam”. In this respect, ITBS Finance SMPC ludes an “unsubscribe” or “opt-out” link in any informational emails sent to Users. Users wishing to opt-out of receiving such informational emails may do so at any time by following the instructions included in such emails. ITBS Finance will not sell, lease or rent its e-mail Subscribers lists to any third party, nor will ITBS Finance use the collected email addresses for purposes other than that for which they were initially collected. User can’t opt-out of receiving emails that ITBS Finance is required by law to provide to User in connection with the Services, such as system notification emails, notification on changes or updates to this Privacy Policy or the , or other important mandatory notifications relating to User’s access to and use of the Services.
12. Third-party websites
The Services may include links to, or otherwise direct User’s attention towards, websites operated by third parties and not by ITBS Finance. Such links are provided solely for User’s convenience and informational purposes. The inclusion of any link does not imply an association, support, endorsement, consent, examination, or approval by ITBS Finance of such third party and third-party website (including without limitation any content on such website). ITBS Finance shall not be liable for the information and content contained in any third-party website or for User’s use of or incapacity to use such website. Access to any third-party website is at User’s own risk, and User must be aware of the fact that linked websites have terms and privacy policies different from those of ITBS Finance and ITBS Finance does not control them. If User elects to use any third-party website and/or provide any Personal Data when using such website, User is solely responsible for evaluating the terms and privacy policy that apply. ITBS Finance will have no liability for any loss or damage that User may incur through providing any Personal Data on such third-party websites.
13. User’s rights under GDPR
Insofar as GDPR applies to ITBS Finance’s processing of Personal Data and taking into account the nature of the processing, Users are entitled to exercise in respect of ITBS Finance in its capacity as Controller the following rights:
– the right of access: User has the right to obtain: (i) confirmation that their Personal Data is being processed by ITBS Finance; (ii) fair information about the processing of their Personal Data by ITBS Finance, including without limitation the recipients or categories of recipients to whom the Personal Data has been or will be disclosed, in particular transfers to recipients in third countries or international organizations, and the appropriate safeguards relating to such transfers, and (iii) access to such Personal Data processed by ITBS Finance.
– the right to rectification: User is entitled to have Personal Data rectified if it is inaccurate or incomplete. While User can amend or change the Registration Information and Financial Account Credentials, ITBS Finance cannot, however, rectify any Payment Order Data or Financial Account Data as this information is received from Developer or Financial Institution, respectively.
– the right to erasure (right to be forgotten): User has the right to request the deletion of their Personal Data when there is no compelling reason for its continued processing or User withdraws Consent to such processing.
– the right to restrict processing: User has the right to block processing of their Personal Data on the grounds specified in the GDPR.
– the right to data portability: User may request to receive free of charge a copy of Personal Data stored in ITBS Finance’s systems in a structured, commonly used and machine-readable format or have ITBS Finance transmit the data directly to another Controller if this is technically feasible. ITBS Finance will respond to any data portability requests as set forth in the GDPR.
– the right to object: User has the right to object to: (i) processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); (ii) direct marketing (including profiling); and (iii) processing for purposes of scientific/historical research and statistics. ITBS Finance does not process User’s Personal Data for direct marketing or for purposes of scientific/historical research and statistics.
– rights in relation to automated decision-making and profiling: User has the right to object to processing of Personal Data for the purposes of automated individual decision-making (making a decision solely by automated means without any human involvement) and profiling (automated processing of Personal Data to evaluate certain things about an individual). ITBS Finance does not process User’s Personal Data for the purposes of automated individual decision-making or profiling.
– the right to lodge a complaint with a Supervisory Authority: User has the right to lodge a complaint about ITBS Finance’s data protection or privacy practices, or the exercise of any of User’s rights with respect to Personal Data as detailed in this Privacy Policy, with User’s local Supervisory Authority.
– the right to withdraw Consent: Provided that the Consent is the legal basis for processing, User may withdraw Consent to ITBS Finance’s processing of Personal Data at any time by contacting ITBS Finance.
User may exercise any of the foregoing rights at any time by contacting ITBS Finance at General Terms of service privacy@finker.co. Where Users’ requests for exercising their rights under GDPR are manifestly unfounded or excessive, in particular because of their repetitive character, or further copies of the Personal Data undergoing processing are requested, ITBS Finance may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested.
14. Data deletion and retention
ITBS Finance will retain Personal Data for no longer than strictly necessary for the purposes for which such Personal Data is collected and processed. The retention period depends on the requirements of the applicable laws or regulations ITBS Finance must comply with, the purposes of the collection and processing of Personal Data, and the legitimate interests of ITBS Finance to establish, exercise or defend its legal rights. When ITBS Finance acts as a Processor of Personal Data, ITBS Finance may apply a different retention period if so required by the Controller on whose behalf the Personal Data is being processed by ITBS Finance.
ITBS Finance will delete User’s Personal Data from its production servers when:
– User exercises the right to be forgotten or, if applicable, withdraws Consent;
– Account User deletes their account on the Website, or such account is automatically deleted by ITBS Finance as described in the General Terms of service;
– Subscriber terminates their newsletter subscription;
– Developer deletes Indirect User’s Personal Data processed by ITBS Finance in connection with the Aggregation Services.
As a result, User’s Personal Data will be deleted and excised permanently from ITBS Finance’s production servers, subject to ITBS Finance’s right to generate Anonymized Data and Anonymized Aggregate Data prior to such deletion. Further use of the corresponding Services will be impossible. Notwithstanding anything to the contrary in this Privacy Policy, ITBS Finance will retain User’s Personal Data or portions thereof:
– in backup files on its backup servers for a period of up to one (1) month from the date of deletion from the production servers in order to ensure compliance with internal business continuity and disaster recovery procedures; and
– in log files in order to: (i) comply with the requirements of the applicable laws or regulations; (ii) exercise or defend (ongoing) legal claims; and (iii) meet audit or statutory requirements. The retention period for Personal Data retained in log files shall be a minimum of five (5) years from the date of deletion from the production servers, or such longer period as required by the applicable laws, unless subject to statutory or regulatory change.
Backups and log files containing Personal Data are stored separately from the production servers. All Personal Data retained in backup files and log files will be treated in accordance with the terms of this Privacy Policy for as long as it is retained before being automatically deleted after the retention period has elapsed.
Backup files are stored using strong asymmetric encryption and ITBS Finance’s authorized personnel does not access such files in the ordinary course of business operations, nor will ITBS Finance actively process any Personal Data retained in backup files anymore.
15. Personal data security
1) Online Confidentiality:
– User must keep the set of credentials provided as part of the Registration Information for creating an account with ITBS Finance(“Credentials”) secure and never disclose them to any third party. User is solely responsible for maintaining the confidentiality of such Credentials. If User suspects that the Credentials have been stolen or been made known to others, User must change them immediately and contact ITBS Finance promptly at privacy@finker.co. ITBS Finance shall not be responsible for any loss or damage resulting from access to User’s account through Registration Information or Credentials obtained from User or through violation of this Privacy Policy or the General Terms of Service.
– Although ITBS Finance will take reasonable steps to ensure that User’s Personal Data is treated and stored securely, unfortunately, the sending of information via the Internet is not totally secure and on occasion such information may be intercepted. Therefore, ITBS Finance can’t guarantee the security of Personal Data that User chooses voluntarily to send to ITBS Finance ITBS Finance expressly disclaims all liability for any interception or interruption of any Internet transmissions sent by User or any losses of or changes to data, including Personal Data, resulting from such interception or interruption.
2) Personal Data Safeguards: ITBS Finance is committed to maintaining the confidentiality, integrity and security of the Personal Data of Users. ITBS Finance employs advanced security techniques to safeguard Personal Data against unauthorized access, use and/or disclosure. ITBS Finance strictly restricts access to Personal Data in accordance with specific internal procedures governing access to such information. ITBS Finance carefully selects the individuals privileged with access to Personal Data in accordance with internal security policies and practices, and each such individual is bound by confidentiality obligations. The Services ensure secure communications with TLS encryption. To maintain the security of online sessions and protect ITBS Finance’s systems from unauthorized access, ITBS Finance uses a combination of firewall barriers, encryption techniques and authentication procedures, among others. Access to ITBS Finance’s systems requires multiple levels of authentication, including biometric recognition procedures. Security personnel monitor the systems 24/7. ITBS Finance databases are both physically and logically protected from general employee access. ITBS Finance enforces physical controls on its premises. ITBS Finance is routinely verified for its use of encryption technologies and audited for its privacy practices. ITBS Finance tests its systems, the Website and Services infrastructure for any failure points that might allow hacking.
Data Pseudonymization: In addition to the technical and organizational security measures employed by ITBS Finance to ensure security, confidentiality and integrity of Personal Data, ITBS Finance also uses data pseudonymization technique when processing and storing Personal Data in its systems. Pseudonymization consists of replacing the data fields which are the most identifying in a data record with pseudonyms. Personal Data which has undergone pseudonymization can no longer be attributed to a specific User without the use of additional information, and such additional information is kept by ITBS Finance separately and is subject to appropriate technical and organizational security measures to ensure that such pseudonymized Personal Data is not attributed to an identified or identifiable natural person.
16. Notification of personal data breach
If a security breach causes an unauthorized intrusion into ITBS Finance’s systems, software or networks that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed by ITBS Finance (“Personal Data Breach“), ITBS Finance will notify the appropriate data protection authority unless the Personal Data Breach is unlikely to result in a risk to the rights and freedoms of affected Users. ITBS Finance will report the Personal Data Breach to the appropriate data protection authority without undue delay after having become aware of it and in any case within the timeframes as provided for in the applicable Data Protection Laws, by including all the pertinent information relating to such Personal Data Breach as required by the applicable Data Protection Laws. When the Personal Data Breach is likely to result in a high risk to the rights and freedoms of affected Users, or if required by the appropriate data protection authority, ITBS Finance will also communicate the Personal Data Breach to the affected Users without undue delay.
When ITBS Finance acts as Processor for Developer, ITBS Finance will notify the Developer of a Personal Data Breach as described above, who in turn will fulfil its Personal Data Breach reporting obligations (towards the relevant data protection authority and Indirect Users) as set forth in the applicable Data Protection Laws.
17. Privacy policy update
ITBS Finance reserves the right to change this Privacy Policy at any time and from time to time in order to reflect changes in the Services or the applicable laws. If ITBS Finance decides to change this Privacy Policy in the future, ITBS Finance will post an appropriate notice at the top of this Privacy Policy page and/or give reasonable advance notice to Users through the Services or Website. Any non-material change (such as clarifications) to this Privacy Policy will become effective on the date the change is posted and any material changes will become effective thirty (30) days from their posting on the Website. Unless stated otherwise, this Privacy Policy applies to all Personal Data collected and processed by ITBS Finance in connection with the Services. The date this Privacy Policy was last revised appears at the top of this document. User is advised to print a copy of this Privacy Policy for reference and revisit this Privacy Policy from time to time to ensure that User is aware of any changes. User’s continued use of the Services after the changes to this Privacy Policy become effective signifies User’s acceptance of any such changes.
18. Data protection officer
ITBS Finance’s data protection officer can be reached at any time by email at dpo@finker.co in case of any questions with respect to ITBS Finance’s collection, use, disclosure or processing of Personal Data.
19. Contact
Any questions, comments or feedback regarding this Privacy Policy or any other privacy or security concern may be sent by email to privacy@finker.co.
ITBS Finance SMPC.
28 Panagoulis Ave., Athens, 16345, Greece
