Services provided by Finalto are only available to professional clients and eligible counterparties.

Finalto logo

Group

Contact

FINALTO

Privacy Policy

Welcome to Finalto Financial Services Limited’s privacy policy. 

Finalto Financial Services Limited (“the Company”, “we”, “us”) is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

This privacy policy aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide through this website.

DATA CONTROLLER: For the purposes of Data Protection Legislation, Finalto Financial Services Limited with address: 11th Floor, Broadgate Tower, 20 Primrose Street London EC2A 2EW FRN: 481853 is acting as a Data Controller in respect of the personal data we collect about you.

The protection of privacy and the safeguarding of our clients’ data is of great importance to us. The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations. If you have any questions in relation to this policy or the processing of your personal data please contact us at privacy@finalto.com or by sending a letter to the above mentioned address of the Data Controller.

 

THE DATA WE COLLECT ABOUT YOU

References to “Personal data” or “personal information”, have the meaning provided in the Data Protection Legislation (UK GDPR and Data Protection Act 2018). Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us.

We may collect and process the following information as necessary to provide you with the required services:

  • Identity Data: first name, maiden name, last name, username or similar identifiers, marital status, title, date of birth and gender.
  • Contact Data: billing address, delivery address, email address and telephone numbers.
  • Financial Data: bank account details, bank account statements; source of funds, source of wealth; payment card details.
  • Transaction Data: details about payments to and from you and other details of products and transactions you have placed via our services and/or products.
  • Technical Data: cookie information, internet protocol (IP) address (for FIX connections and ClearVision tools), your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Profile Data: your username and password, transactions or orders made by you, your interests, preferences, feedback and responses to our marketing campaigns or surveys.
  • Usage Data: information about how you use our products and services.

We may process your telephone conversations and conversations made via other means such as Teams for monitoring and regulatory purposes.

We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data may derive from your personal data but is not considered “personal data” in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature/ product or service we provide.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

 

HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you including through:

  • Directly from you: You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you apply for our products or services or create an account with us;
  • Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources, as set out below:
  • Technical Data from the following parties:
    • analytics providers such as Google based outside the EU;
    • advertising networks
    • search information providers
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services
  • Identity and Contact Data from data brokers or aggregators
  • Identity and Contact Data from publicly availably sources, such as Companies House or equivalent
  • Online identity verification databases and similar service providers

 

HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where you provided your consent.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting the Compliance Department (please see Appendix 1 for contact details).

 

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at privacy@finalto.com if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below (please see Appendix 1 for contact details).

 

Purpose/ Activity Type of Data Lawful basis for processing including basis of legitimate interest
To register as a new client

–  Identity documentation

–  Contact details

–   Performance of a contract with you

–   Necessary to comply with regulatory obligations
To process and deliver your order including; managing payments, fees, charges and collect monies owed to us

–  Identity documentation

–  Contact details

–  Financial information

–  Transaction details

–   Performance of a contract with you

–   Necessary for our legitimate interests

To manage our relationship with you which will include:

Notifying you about changes to our terms

–  Identity documentation

–  Contact details

–   Performance of a contract with you

–  Necessary to comply with regulatory obligations

– Necessary for our legitimate interests
To administer and protect our business

–  Identity documentation

–  Contact details

–   Necessary to comply with regulatory obligations

–   Necessary for our legitimate interests
To use data analytics to improve our products/services, customer relationships and experiences

–  Technical Data

–  Usage Data

– Necessary for our legitimate interests

– Consent

 

 

 

PROMOTIONAL OFFERS FROM US

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You may receive marketing communications from us if you have requested information from us or opened an account with us and you have not opted out of receiving such communication.

 

THIRD-PARTY MARKETING

We will obtain your express consent before we share your personal data with any company outside the Finalto Financial Services Limited of companies for marketing purposes.

 

OPTING OUT

You can ask us to stop sending you marketing messages at any time by emailing the Onboarding Department at onboarding@finalto.com or privacy@finalto.com.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service, warranty registration, product/service experience or other transactions.

 

DISCLOSURES OF YOUR PERSONAL DATA

We may have to share your personal data with the parties set out below for the purposes set out in the table above.

  • Internal Third Parties as set out in the Glossary of this policy.
  • External Third Parties as set out in the Glossary of this policy.
  • Third parties to whom we may choose to transfer, or merge parts of our business or our assets.

If a change happens to our business, then the new owners shall use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data in accordance with our instructions for specified purposes and relevant data processing agreements.

 

INTERNATIONAL TRANSFERS

We may share your personal data with international service providers who assist in providing our services. In such cases this will involve transferring your data outside the UK and European Economic Area (“EEA”). We have in place all the necessary measures and agreements to ensure that your data remains secure and the third party providers only use the data in accordance with our instructions and for no other purpose (except as required by law) and are bound by terms that provide the same protection as provided under applicable data protection laws.

We also ensure your personal data is protected by requiring all our group companies to follow the same policies when processing your personal data as set out in this policy.

 

If the data protection standard in a country is not deemed to be adequate, we do ensure that data protection is guaranteed by other measures, for example implementation of the standard contractual clauses issued by the European Commission for the protection of personal data, certificates, or recognised codes of conduct. Please contact our Data Protection Officer at privacy@finalto.com if you would like to find out more information on this.

 

DATA SECURITY

We have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, in accordance with data processing agreements that place strict data protection obligations and are subject to a duty of confidentiality.

We have put in place procedures to identify and deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

DATA RETENTION

HOW LONG WILL YOU USE MY PERSONAL DATA FOR?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact details, Identity, Financial and Transaction Data) for seven years after they cease being customers. The seven years retention period has been decided taking into consideration all relevant laws and regulations such as MiFID II, MiFIR II, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 as well as relevant HM Revenue and Customs laws. We may in certain circumstances retain your personal data for longer periods of time where we have a legitimate interest in doing so (for instance where we need to retain your personal information to enable us to defend ourselves against a claim you may have).

In some circumstances you can ask us to delete your data: see Right to request erasure below for further information.

 

YOUR LEGAL RIGHTS

Under the Data Protection Legislation you have certain rights which are detailed below. Some of the rights stated below only apply under specific circumstances and are qualified in several respects by exemptions provided by the Data Protection Legislation.

  • Right of access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Right to rectification. You have the right to request rectification or correction of the personal data that we hold about you which is incorrect. We may need to verify the accuracy of the new data you provide to us.
  • Right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no compelling reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that the right to request erasure of your data is not an absolute right therefore and we may not always be able to comply with your request of erasure for specific legal reasons (for instance we may be required to retain your data as described in section “Data Retention”).
  • Right to object to processing of your personal data which is processed on the basis of our legitimate interests. However, we may continue to process your Personal Data, despite your objection, where there are compelling legitimate grounds to do so or we need to process your Personal Data in connection with any legal claims.
  • Right to request restriction of processing of your personal data in certain circumstances. Where we suspend our processing of your Personal Data we will still be permitted to store your Personal Data, but any other processing of this information will require your consent, subject to certain exemptions.

 

Right to data portability. This right allows you to obtain your Personal Data that you have provided to us with your consent or which was necessary for us to provide you with our products and services in a format which enables you to transfer that Personal Data to another organisation. You may have the right to have your Personal Data transferred by us directly to the other organisation, if this is technically feasible. Please note that this right only applies (a) to personal information you have provided to us, (b) where processing is based on your consent or the performance of a contract or (c) when processing is carried out by automated means.

  • Right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time of your request. To opt out from email marketing you can use the unsubscribe link provided in the marketing communication you receive from us. If you wish to unsubscribe from marketing communications you may contact us at privacy@finalto.com or contact the Onboarding team at onboarding@finalto.com.
  • Rights relating to automated decision making and profiling: You have the right not to be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or has some other significant effect on you. In such cases you have a right to request human intervention or contest the decision taken solely by automated means. We may use profiling and automation to assist with the identification of potential cases of financial crime, where this is necessary for entering into or performing a contract, to fulfill our legal and regulatory obligations, in cases where we have obtained your consent or where this is authorized by applicable law.
  • Right to lodge a complaint with the Data Protection Authority of your jurisdiction. The UK authority is the Information Commissioner’s Office – https://ico.org.uk/global/contact-us/

If you wish to exercise any of the rights set out above or have any questions, please contact the us at privacy@finalto.com or send a letter to 11th Floor, Broadgate Tower, 20 Primrose Street, London, EC2A 2EW, United Kingdom.

COOKIES

 

Our website uses cookies. Cookies help us provide you with a personalized, secure and efficient browsing experience when you visit or interact with our website by remembering your preferences, understanding how our website is used and help us improve the way we offer services. Cookies are small text files which collect information and are stored on your device. You can manage the use of cookies, you can refuse all or some browser cookies, or you can set an alert when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see https://www.finalto.com/cookiepolicy/ and https://www.finalto.com/  

 

NO FEE USUALLY REQUIRED

 

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances in accordance with the Data Protection Legislation.

 

WHAT WE MAY NEED FROM YOU

 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

 

TIME LIMIT TO RESPOND

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

RESTRICTION OF RESPONSIBILITY

The Company is not responsible for the privacy policies or the content of those sites to which it links. The Company has no control over the use or protection of information provided by a Client or collected by those sites.

 

GLOSSARY

 

LAWFUL BASIS

 

Legitimate Interest

means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

 
Performance of Contract

means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

 
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

 

 

THIRD PARTIES

 

INTERNAL THIRD PARTIES

Where we share your personal data within the Group, we may share it, and you consent to us sharing

it, with the following Group Companies:

  1. Lane Square Enterprises Limited, a company incorporated in the Isle of Man, a provider of IT technology services;
  2. Finalto Bulgaria EOOD, a company incorporated in Bulgaria, a provider of IT development and IT Security services;
  3. Finalto Trading Ltd, a company incorporated in the United Kingdom, our hedging counterparty;
  4. Finalto A/S, a company incorporated in Denmark, a provider of Research and Development and Security services.
  5. Dowie Investments (UK) Limited, a company incorporated in the United Kingdom providing Business Intelligence, finance and accounting services and IT and Risk related services;
  6. Alpha Capital Markets an entity incorporated in the United States of America, providing of Dealing Services during EU and UK night shifts.
  7. Finalto EU Limited, a company incorporated in Cyprus, providing services relating to Finance, Risk & Regulatory Reporting, Compliance support and Operations.

Each of the above entities is under 100% control of the Group.

 

EXTERNAL THIRD PARTIES

  • Insightful Technology Limited – a company providing compliance and risk management software;
  • Databricks UK Limited – a software used for data analytics and Business Intelligence;
  • Service providers [acting as processors] based within the EU, UK and Singapore who provide IT and system administration services and client services relations management.
  • Professional advisers [acting as processors or joint controllers] including lawyers, bankers, auditors and insurers based in the EU who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities [acting as processors or joint controllers] based in the United Kingdom, who require reporting of processing activities in certain circumstances.
  • Government agencies including law enforcement and other public and regulatory authorities which may include authorities outside your country of residence. Without limitation to the generality of the foregoing, we may disclose personal information, where we are required to comply with certain obligations such as obligations arising under: The Foreign Account Tax Compliance Act (FATCA), the OECD Common Reporting Standard (“CRS”) as well as any obligations arising under any laws or regulations of the United States Internal Revenue Service (“IRS”) to which we may be required to adhere to.

Furthermore, and for the purpose of fulfilling our regulatory requirements concerning transaction reporting, we are sharing your data with the following third parties:

  • Eflow Ltd a company incorporated in the United Kingdom with company number 05066228; and
  • LSEG Regulatory Reporting Limited (Unavista), a company registered in the United Kingdom with company number 08451384, an Approved Reporting Mechanism and Trade Repository in both the UK and EU.

 

APPENDIX 1 – Contact Details

Data Protection Officer

Polyana Tsartsali
Email: privacy@finalto.com
Address: 11th Floor, Broadgate Tower, 20 Primrose Street, London, EC2A 2EW

 

Compliance Department

Contact Number: 020 3455 8751
Email: compliance@finalto.com
Address: 11th Floor, Broadgate Tower, 20 Primrose Street, London, EC2A 2EW