California Privacy Notice

Finastra California External Privacy Notice

Updated: December 1, 2020

INTRODUCTION

This document gives notice how Finastra* (”we”, “our”, “us”, “Finastra”) handles Personal Information that is subject to the California Consumer Privacy Act of 2018 and corresponding regulations (the “CCPA”).

This Notice describes the practices we have adopted with respect to processing Personal Information as a “business” under the CCPA including the collection, use, storage or disclosure of Personal Information, without limitation, (i) on our websites that link to this Notice (collectively the "Sites"); or (ii) when you participate in our webinars, events, trade shows and demonstrations of our Services.

This Notice does not apply to information governed under regimes other than the CCPA such as information subject to the Gramm-Leach-Bliley Act or certain information subject to the Fair Credit Reporting Act.

This Notice describes California residents’ data protection rights under the CCPA and describes how California residents may exercise those rights.  The CCPA currently exempts Personal Information reflecting a written or verbal business-to-business communication (“B2B Personal Information”) from certain of the law’s requirements, and also currently exempts Personal Information collected and used about a natural person acting as our employee or contractor (“Personnel Information”). The rights described in this Notice may not apply to B2B Personal Information or Personnel Information.

For more general disclosures about our information collection and use, please see our Privacy Policy. All terms not otherwise defined herein shall take the applicable meaning assigned in the Privacy Policy.

CCPA RIGHTS

If you are a California resident, you may request certain information from or certain action by us, such as exercising the access and deletion rights described below, or you may authorize an agent to make such a request on your behalf.  We will seek to verify your identity and your agent’s authority when we receive an individual rights request from you or on your behalf to ensure the security of your personal information, and may need to collect additional Personal Information to do so.

Please direct any such rights requests (as further described below) or additional questions that you may have regarding this Notice to privacy@finastra.com or by post to Four Kingdom Street, Paddington, W2 6BD, United Kingdom.

Deletion

California residents have the right to request the deletion of Personal Information, but we may not delete some or all Personal Information, as required or permitted by applicable law, such as if the requested information is necessary to fix our Services in the case of a bug; comply with a legal obligation; or make other internal and lawful uses of the information that are compatible with the context in which you provided it.

Access

If you are a California resident, you may also request to receive details about how we collect, use, and share your Personal Information.  You may also request to receive the specific pieces of Personal Information that we have collected about you.

Opt-out of Sale

If a business sells Personal Information, you have a right to opt-out of that sale. We do not, and do not intend to, sell the Personal Information of California residents and, furthermore, do not have actual knowledge that we sell the Personal Information of consumers under 16 years old.

Nondiscrimination

Businesses may not, and we do not, discriminate against you for exercising any CCPA rights, such as the access and deletion rights described above.  

SERVICE PROVIDER DESIGNATION

When offering Services to our customers, we may act as a “service provider” under the CCPA and our receipt and collection of any consumer Personal Information is completed on behalf of our customers in order for us to provide our Services. This Notice does not apply to the information, if any, that we collect pursuant to our role as a service provider.

ADDITIONAL CCPA DISCLOSURES

Categories of Personal Information Collected and Disclosed

In the past 12 months, we have collected, and disclosed to third parties for our business purposes, the following categories of Personal Information relating to California residents:

  • Identifiers, such as name and email address;
  • Commercial information, such as transaction information and purchase history;
  • Internet or network activity information, such as browsing history and interactions with the Sites;
  • Geolocation data, such as device location and Internet Protocol (IP) location; and
  • Professional or employment-related information, such as work history and employer.

Categories of Sources

The categories of sources from which we collected this Personal Information are:

  • Directly from you or your agent, such as when you attend an event or webinar that we host or fill out a form that we provide;
  • Passively through tracking technologies regarding your use of the Sites; and
  • Our service providers and other third parties that provide online tracking and advertising services.

Categories of Recipients

The categories of third parties to whom we disclosed all of the categories of Personal Information that we disclose for our business purposes are:

  • Vendors and service providers who provide services such as website hosting, data analysis, payment processing, information technology and related infrastructure, customer service, email delivery, auditing, marketing and marketing research activities; and
  • Partners and third parties who provide services such as legal expertise, tax expertise, and auditors.

Purposes for Collection and Disclosure

We have collected and disclosed Personal Information for the following purposes:

  • To market our Services and provide other information about Finastra;
  • Performing Services and making available other products or information related to our business, processing or fulfilling orders and transactions;
  • Advertising or marketing Services and performing analytics;
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity;
  • Undertaking activities to verify or maintain the quality or safety of our business and Services; and
  • Complying with laws and other legal process and law enforcement requirements.