FINASTRA EEA EXTERNAL PRIVACY NOTICE
Updated: 01 December 2020
This document gives notice how Finastra*, (”we”, “our”, “us”, “Finastra”) handle the personal data as defined by European data protection laws (“Personal Information”) of our customers, suppliers, website users and other third parties where:
- we are a data controller, which means we are responsible for deciding how we hold and use personal information; and
It also describes your data protection rights, including a right to object to some of the processing which we carry out or where we rely on consent, how to withdraw that consent. More information about your rights, and how to exercise them, is set out in the "What rights do you have?" section below.
UPDATES TO THIS NOTICE
We may amend this Notice from time to time, should it become necessary or advisable to do so to comply with regulatory requirements or best practices. The most recent modification date of this Notice will appear at the top of this page. If we materially change our practices in processing Personal Information, we will notify you as appropriate.
WHAT PERSONAL INFORMATION DO WE COLLECT?
We collect and process Personal Information about you when you interact with us or our Sites. This includes:
- Customer or Prospect Information: Customer or potential customer’s name, email address, business address, company-related information and website registration details such as user name/password details.
- Event Attendee and/or Sponsor Information: Name, email address, business address, company-related information, travel arrangements and meal preferences.
- Usage Information: information collected from our Sites, including pages visited and documents viewed and information about the browser, device or application you used to access the site. Some of this information is collected using cookies and related technologies. To learn more, please see below.
HOW DO WE USE YOUR PERSONAL INFORMATION, AND WHAT IS THE LEGAL BASIS FOR THIS USE?
We process Personal Information for the following purposes:
- To fulfil a contract or to take steps linked to a contract. This includes:
- providing products and services, including customer support; and
- sending you information related to our products and services.
- As required by Finastra to conduct our business and pursue our legitimate interests as listed below, and where our interests are not overridden by your data protection rights, in particular to:
- administer our Sites, conduct identity verification and other fraud detection activities;
- monitor, maintain and improve the performance of our Sites, analyse trends, usage and activities in connection with our products and services, validate users and ensure their technological compatibility with users, and optimize our marketing efforts and measure the effectiveness of our advertising campaigns;
- improve and personalize your experience with us and our Sites and to tailor and send content, advertisements and offers to you (where consent is not required by applicable laws);
- manage our own internal functions such as keeping our Sites secure, management and corporate reporting, internal research and analytics and to improve business efficacies;
- create aggregate and statistical data (which cannot be used to identify you). For example, aggregate data may include data that describes the general demographics, usage or other characteristics of a Site's users. We reserve the right to transfer and/or sell aggregate or group data about a Site's users for lawful purposes
- respond to any comments or complaints you may send us;
- Where you give us your consent:
- where you ask us to send marketing information via a medium where we need your consent (for example email marketing in certain countries). For more information about how to modify your preferences about marketing communications, please see below;
- where you give us consent to place cookies or similar technologies; and
- on other occasions where we ask for your consent, for the purpose we explain at the time.
- For purposes which are required by law, such as responding to requests by government or law enforcement authorities conducting an investigation.
In order to purchase our products and services, the provision of certain Personal Information is mandatory: if relevant Personal Information is not provided, then we will not be able to provide you with our products and services. All other provision of your Personal Information is optional. If you provide Personal Information to us for a certain reason, we will use the Personal Information in connection with the reason for which it was provided.
WITHDRAWING CONSENT OR OTHERWISE OBJECTING TO DIRECT MARKETING
Wherever we rely on your consent, you will always be able to withdraw that consent, and we will stop the processing unless we have another legal ground for processing your Personal Information. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests (and where other laws do not require consent). You have an absolute right to opt-out of direct marketing (including profiling) we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by visiting our Preference Centre. Even if you opt out of marketing communications from us, please note that you may still be contacted with service related communications (such as software upgrades or release availability).
WHO WILL WE SHARE THIS PERSONAL INFORMATION WITH?
We share Personal Information amongst our group companies for the purposes of delivering our products and services, managing your accounts, hosting, IT, security, support, billing, marketing, and communications.
We use third party service providers, who will process Personal Information on our behalf. We use third parties for customer relationship management, website and systems hosting, maintenance, software upgrades and marketing.
We may transfer Personal Information in connection with a contemplated reorganization, sale, bankruptcy or transfer of all or a portion of our business or assets. Following such a sale or transfer, the entity to which we transferred Personal Information will be the data controller and point of contact for any inquiries concerning the processing of that Personal Information.
We will comply with requests to disclose Personal Information where required by local law or government authorities to comply with a legal obligation, and where permissible, we will provide advance notice of such disclosure to the individuals concerned.
WHERE IS YOUR PERSONAL INFORMATION STORED AND PROCESSED?
Finastra is a global business. To provide our products and services, we transfer Personal Information to other countries, including countries outside of the European Economic Area and Switzerland which may have different data protection standards to those which apply to your country of residence. Where information is transferred outside the EEA and Switzerland, and where this is to a group company or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses or Swiss standard contractual clauses or a vendor's Processor Binding Corporate Rules. You can obtain more information about the relevant mechanism by contacting us on the contact details set out below.
WHAT RIGHTS DO YOU HAVE?
We honour data subjects’ rights under applicable law to access, correct, update, erase, disable and block their Personal Information when lawfully requested to do so.
In some circumstances, you have the right to ask us for a copy of your Personal Information; to correct, delete or restrict (stop any active) processing of your Personal Information; and to obtain the Personal Information you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this Personal Information to another controller. In addition, you can object to the processing of your Personal Information or where we rely on your consent, withdraw your consent (see Withdrawing consent or otherwise objecting to direct marketing section above for more information).
These rights may be limited, for example if fulfilling your request would reveal Personal Information about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, you can get in touch with us by emailing email@example.com. If you have unresolved concerns, you may have the right to complain to the relevant data protection authority in your country of residence or place of the alleged infringement.
HOW LONG WILL WE KEEP YOUR PERSONAL INFORMATION?
Your Personal Information will be retained for as long as necessary to fulfil the purposes outlined in this Notice or to comply with applicable legal requirements. For more information, please contact us using the details set out below.
HOW TO CONTACT US
For further information on our privacy policies and practices relating to the handling of Personal Information, contact our Privacy Department by postal mail to Four Kingdom Street, Paddington, W2 6BD, United Kingdom or by email to firstname.lastname@example.org.