EEA / UK / Switzerland Privacy Notice

FINASTRA EEA/UK/Switzerland PRIVACY NOTICE

Updated: December 7, 2022

INTRODUCTION

This document gives notice how Finastra, (”we”, “our”, “us”, “Finastra”) handles the personal data as defined by applicable Data Protection Laws (“Personal Information”) of our customers, suppliers, website users and other third parties where:

  1. we are a data controller, which means we are responsible for deciding how we hold and use Personal Information; and
  2. we are processing the Personal Information in the EEA, the UK or Switzerland or we are processing data of EEA, UK or Swiss residents irrespective of whether the processing takes place inside or outside of the EEA, the UK or Switzerland respectively (otherwise please refer to the notices section in the Finastra Privacy Policy).

This Notice describes the practices we have adopted with respect to processing Personal Information as a controller including the collection, use, storage or disclosure of Personal Information: (i) when you interact with us as a customer, vendor, partner or sub-contractor; (ii) on our websites that link to this Notice (collectively the "Sites"); (ii) when you interact with our support centre or other online forums; or (iii) when you participate in our webinars, events, trade shows and demonstrations of our products and services. It also explains how we collect information through the use of cookies and related technologies.

It also describes your data protection rights under the EU GDPR, the UK GDPR and the Swiss Federal Act on Data Protection (the applicable “Data Protection Laws”), including a right to object to some of the processing which we carry out or where we rely on consent, how to withdraw that consent. More information about your rights, and how to exercise them, is set out in the "What rights do you have?" section below.

UPDATES TO THIS NOTICE

We may amend this Notice from time to time, should it become necessary or advisable to do so to comply with regulatory requirements or best practices. The most recent modification date of this Notice will appear at the top of this page. If we materially change our practices in processing Personal Information, we will notify you as appropriate.

WHAT PERSONAL INFORMATION DO WE COLLECT?

We collect and process Personal Information about you when you interact with us or our Sites. This includes:

  • Customer or Prospect Information: Customer or potential customer’s name, email address, business address, purchase history and transaction data, company-related information and website registration details such as user name/password details.
  • Event Attendee and/or Sponsor Information: Name, email address, business address, company-related information, travel arrangements and meal preferences.
  • Usage Information: information collected from our Sites, including pages visited and documents viewed, sales and customer support call recording and chat transcripts, IP address and information that may be derived from it, and information about the browser, device or application you used to access the site, demographic data when it is attached to data used to identify you. Some of this information is collected using cookies and related technologies. To learn more, please see below.

HOW DO WE USE YOUR PERSONAL INFORMATION, AND WHAT IS THE LAWFUL BASIS FOR THIS USE?

Purpose Lawful Basis

Engaging in transactions with customers, suppliers and business partners;

Processing purchases and downloads of our products and services;

Provision of customer support;

Sending service related communications.

Fulfil a contract or take steps linked to a contract

Administering our offices and Sites, conduct identity verification and other fraud detection activities;

Monitoring, maintaining and improving the performance of our Sites, communications, services and products, and analyzing trends and usage;

Improving and personalizing your experience with us and our Sites and to tailor and send content, communications, advertisements and offers to you (where consent is not required);

Sending you information you have requested;

Ensuring the security of our offices, products and Sites;

For our own internal functions, management, accounting and corporate reporting, relationship management, internal research and analytics and to improve business efficacies;

To enforce compliance with our terms of use and other policies or otherwise in connection with legal claims, compliance, regulatory and investigatory purposes as necessary (including disclosure of such information in connection with legal process or litigation);

To create aggregate and statistical data (which cannot be used to identify you). We reserve the right to transfer and/or sell aggregate or group data about a Site’s users for lawful purposes.

As required to conduct our business and pursue our legitimate interests.

You can obtain information on any of our balancing tests by contacting us using the details below.

For sales and marketing activities (where applicable legislation requires consent);

Where you provide consent to place cookies or similar technologies on your device;

On other occasions where we explain the purpose at the time.

Consent
Responding to requests from government or law enforcement authorities conducting an investigation Required by Law

In order to purchase our products and services, the provision of certain Personal Information is mandatory: if relevant Personal Information is not provided, then we will not be able to provide you with our products and services. All other provision of your Personal Information is optional. If you provide Personal Information to us for a certain reason, we will use the Personal Information in connection with the reason for which it was provided. We may process Personal Information for longer or for other purposes than described herein, when required by law.

WITHDRAWING CONSENT OR OTHERWISE OBJECTING TO DIRECT MARKETING

Wherever we rely on your consent, you will always be able to withdraw that consent, and we will stop the processing unless we have another legal ground for processing your Personal Information. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests (and where other laws do not require consent). You have an absolute right to opt-out of direct marketing (including profiling) we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by visiting our Preference Centre. Even if you opt out of marketing communications from us, please note that you may still be contacted with service related communications (such as software upgrades or release availability).

WHO WILL WE SHARE THIS PERSONAL INFORMATION WITH?

We share Personal Information amongst our group companies for the purposes of delivering our products and services, managing your accounts, hosting, IT, security, support, billing, marketing, and communications.

We use third party service providers, who will process Personal Information on our behalf. We use third parties for customer relationship management, website and systems hosting, maintenance, software upgrades and marketing.

We may transfer Personal Information in connection with a contemplated reorganization, sale, bankruptcy or transfer of all or a portion of our business or assets. Following such a sale or transfer, the entity to which we transferred Personal Information will be the data controller and point of contact for any inquiries concerning the processing of that Personal Information.

We will comply with requests to disclose Personal Information where required by local law or government authorities to comply with a legal obligation, and where permissible, we will provide advance notice of such disclosure to the individuals concerned.

WHERE IS YOUR PERSONAL INFORMATION STORED AND PROCESSED?

Finastra is a global business. To provide our products and services, we transfer Personal Information to other countries, including countries outside of the EEA, the UK and Switzerland which may have different data protection standards to those which apply to your country of residence. Where information is transferred outside the EEA, the UK and Switzerland, and where this is to a group company or vendor in a country that is not subject to an adequacy decision by the EU Commission, or considered adequate as determined by applicable Data Protection Laws, we will take steps to ensure your Personal Information is adequately protected by safeguards such as the Standard Contractual Clauses (“SCCs”) approved by the EU Commission, or the UK International Transfer Addendum to the SCCs and the specific requirements under the Swiss Federal Act on Data Protection, Swiss standard contractual clauses or a vendor's Processor Binding Corporate Rules, as applicable. You can obtain more information about the relevant mechanism by contacting us on the contact details set out below.

WHAT RIGHTS DO YOU HAVE?

We honour data subjects’ rights under applicable law to access, correct, update, erase, disable and block their Personal Information when lawfully requested to do so.

In some circumstances, you have the right to ask us for a copy of your Personal Information; to correct, delete or restrict (stop any active) processing of your Personal Information; and to obtain the Personal Information you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this Personal Information to another controller. In addition, you can object to the processing of your Personal Information or where we rely on your consent, withdraw your consent (see Withdrawing consent or otherwise objecting to direct marketing section above for more information).

These rights may be limited, for example if fulfilling your request would reveal Personal Information about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the EU GDPR, UK GDPR and in local Data Protection Laws. We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, you can get in touch with us by emailing privacy@finastra.com. If you have unresolved concerns, you may have the right to complain to the relevant data protection authority in your country of residence or place of the alleged infringement.

HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION?

Your Personal Information will be retained for as long as necessary to fulfil the purposes outlined in this Notice or to comply with applicable legal requirements.

For more information, please contact us using the details set out below.

HOW TO CONTACT US

For further information on our privacy policies and practices relating to the handling of Personal Information, contact our Privacy Department by postal mail to Four Kingdom Street, Paddington, W2 6BD, United Kingdom or by email to privacy@finastra.com.

*Turaz Global S.à r.l and its group companies