Privacy Policy

Last updated on 19th of December, 2022

Thank you for choosing to avail our Services! We respect your privacy, and we are committed to protecting your personal information.

This privacy policy (“Policy”) applies to the processing of Personal Data by FinFlx Workplace Solutions Ltd (“FWS”) and FinFlx Investment Management Ltd (“FIML”) (Collectively referred to as “FinFlx”, “we”, “us”, “our”) in connection with visits or use of our website https://finflx.com/ (“Site”) maintained by FWS and:

  1. use of any of our products, services or applications, in relation to our admin platform (includes Employee record management and automated gratuity calculation services), provided by FinFlx Workplace Solutions Ltd (“FWS Services”);
  2. use of any of our products, services or applications, in relation to our gratuity savings scheme, provided by FinFlx Investment Management Ltd (“FIML Services”).

(Collectively referred to as “Services”)

This Policy is to be read and interpreted together with our Terms and Conditions, available at https://finflx.com/terms-of-use which collectively govern your access to and use of our Site and Services (“Platform”). By using the Platform, you agree to be bound by these policies, which supplement and are incorporated into our Terms and Conditions and Client Agreement. This Policy does not intend to override any clauses present in our Terms and Conditions and Client Agreement.

Any terms not defined in this Policy shall be deemed to have meanings given to them in the Terms and Conditions and/or the Client Agreement, as the case may be.

If you have any questions about this Policy please contact us by email at dpo@finflx.com.

1. PURPOSE

  1. This Policy aims to give you information on why and how we collect and process your personal information. Personal information includes any information which may, by itself, or in conjunction with other information be able to identify you. Further, this Policy informs you about your privacy rights and how the data protection principles set out in the Data Protection Law of Dubai International Financial Centre (“DIFC”) and Data Protection Regulations of Abu Dhabi Global Market (“ADGM”) protect you. The specific personal information and data points which we collect from you are explained below in this Policy.

2. CHANGES TO THIS PRIVACY POLICY

From time to time, we may revise, amend or supplement this Policy to reflect necessary changes in law, our personal information collection and usage practices, our Platform, or certain advances in technology. If any material changes are made to this Policy, the changes may be prominently posted on the Site. However, this is not obligatory for us; the onus is on you to occasionally familiarize yourself with the contents of this Policy, for your own information; and particularly to do so every time you access our Platform.

Changes to this Policy are effective when they are published.

3.  WHO’S DATA DOES FINFLX PROCESS

FinFlx processes the personal information of the following categories of individuals:

  1. Site Visitors: Individuals that visit our Site.
  2. Prospects”: Representatives of our potential customers who submit personal information through any of the forms on our Site or otherwise contact us through our customer support.
  3. Account Admins: Individuals, who use our Platform on behalf of our business customers.
  4. Employees: Individuals that are employees of our business customers, and whose personal information is submitted to the Platform by our business customers.
  5. KYC-ed Individuals: Beneficial owners and other individuals within the scope of our Know-Your-Customer (“KYC”) Policy (which, under certain circumstances, may include specific individuals that act as Account Admins as well), whose personal information is collected in order to ensure compliance with Anti-Money Laundering/Combating the Financing of Terrorism (“AML/CFT”) laws and regulations.

(Collectively referred to as “Data Subject”, “you” and “your”)

4. OUR RELATIONSHIP WITH YOU

Controller

The controller of your personal information is the legal entity that determines the “means” and the “purposes” of any processing activities that is carried out in regards to your personal information. Our Services are being provided by two distinct legal entities, i.e., FWS and FIML. Hence, for your convenience, you may find in the table below, the respective details relevant to your personal information when it comes to the exact entity which is the controller of the personal information collected in connection with the use of FWS Services and FIML Services.

https://finflx.com/privacy-policy/ Categorization of data subjects on FF privacy Policy

FWS and FIML may share your personal information with each other and use it in accordance with this Policy.

Contact details

The contact details and address of FIML and FWS have been provided below:

  1. FIML: Suite 515, 15th Floor, Al Sarab Tower, Abu Dhabi Global Market Square, Al Maryah Island, Abu Dhabi, UAE. You can contact us at- support@finflx.com.
  2. FWS: Unit 2, Level 7, Gate Village building 10, DIFC. You can contact us at- support@finflx.com.

Data Protection Officer

We have appointed a Data Protection Officer (“DPO”), who is responsible for overseeing any personal information-related matters, to address any questions in relation to personal information and this Policy. If you have any questions in relation to your personal information and/or this Policy, including requests to exercise your rights related to personal information, please contact us via email on dpo@finflx.com.

5. DATA PROCESSING PRINCIPLES FOLLOWED

Your personal information is collected and processed in accordance with the global best data processing principles, including: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality (security); and accountability; with all relevant laws and regulations considered; and however applicable.

6. TYPES OF PERSONAL INFORMATION, PURPOSES OF PROCESSING AND LAWFUL BASIS FOR PROCESSING

We collect, use, disclose, transfer, and otherwise process personal information about you, including legal representatives in accordance with this Policy. We do not collect any personal information revealing or concerning (directly or indirectly) racial or ethnic origin, communal origin, political affiliations or opinions, religious or philosophical beliefs, criminal record, trade-union membership and health or sex life, including genetic data and biometric data where it is used for the purpose of uniquely identifying a natural person. The personal information we collect and process includes:

  1. Technical information: Includes information related to your browser and operating system, browser plug-in types and versions, internet protocol address (the Internet address of your computer), unique device identifiers, time-zone settings, and other information such as your device type.
  2. Site usage: Includes information about how you use our Site, including location information about where you use the Site, the pages or features of our Site you browsed and how much time you spend on our Site.
  3. Identification and contact information: Includes full name, date of birth, nationality, signature, photographs, phone number, home address, email ID, and/or any other personal identifiers such as usernames.
  4. Employment-related information: Includes information pertaining to an individual’s occupation, including, name of organisation, job title, department, salary and duration of employment.
  5. Formal identification documents and information: Includes government issued identity document such as Emirates ID and passports, details present on such government issued identity documents, and/or any other information deemed necessary to comply with our legal obligations under financial or AML/CFT laws and regulations.
  6. Audio, visual, electronic or other similar information: Includes information collected when you communicate with us on phone or otherwise.

Such personal information is either collected automatically, provided by you directly to us, shared between FWS and FIML, or collected from our affiliates or third-party sources, as required or permitted by applicable law. Such personal information is processed for a variety of purposes including the provision of our Services to you and enhancement of your overall customer experience and marketing. We have provided in Paragraphs 6.5, 6.7, 6.9, 6.11 and 6.13 the categories of your personal information that we process and the sources of collection of such personal information.

As required under the DIFC’s Data Protection Law and ADGM’s Data Protection Regulations, we must have a legal basis for processing your personal information. Such legal bases will depend on the personal information at issue, the specific context in the which the personal information is collected and the purposes for which it is used. We generally only process your data where we are legally required to, where processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), where processing is in our legitimate interests to operate our business and not overridden by your data protection interests or fundamental rights and freedoms, or where we have obtained your consent to do so. We have provided in Paragraphs 6.6, 6.8, 6.10, 6.12 and 6.14 our purposes and legal bases for processing your personal information.

In respect to the personal information that you give us, you should inform us as soon as practicable if there are any errors in the personal information or if there have been any changes to the personal information. Any errors or incomplete personal information may prevent us providing access to the Platform to you or providing Services to our business customers (i.e., the employers of Account Admins and Employees and organisations in which KYC-ed Individuals have beneficial ownership or are authorised representatives and/or signatories).

Site Visitors

The personal information that we collect or may collect from Site Visitors include:

Controller
Source of collection
Categories of Personal Information
FWS
Information obtained automatically (Typically collected by cookies and pixels- Please refer to our Cookie Policy)
Technical Information Site Usage
None
Controller

Provided below is a list of how we use the personal information of Site Visitors (purpose of processing) and the corresponding legal bases of such processing:

Purpose
Legal Basis
To improve your experience by keeping track of language preference, country, and previously viewed pagesTo analyse trends; operate, administer and maintain the Site; and track your movements and activity around and within the Site. (Please refer to our Cookies Policy for more information on how we use your personal information)
Consent: Such consent will be sought from you by a pop-up whenever you visit this Site. Our Cookie Policy will be accessible on the pop-up.
To enable access to our Site. To make sure that your device can show the content in the best way possible
Legitimate interest

Prospects

Personal information we collect or may collect from Prospects include:

Controller
Source of collection
Categories of Personal Information
FWS
Information obtained automatically (Typically collected by cookies and pixels- Please refer to our Cookie Policy)
Technical information  Site usage
Information you give us (This includes information voluntarily provided by you through the forms on our Site or otherwise by contacting us)
Identification and contact information Audio, visual, electronic or other similar information
Information obtained from third-parties
Identification and contact information Employment-related information   (Limited to information available on publicly accessible resources such as business profiles and business/networking event registries if not provided by Prospects themselves)
FIML
None

Provided below is a list of how we use the personal information of Prospects (purpose of processing) and the corresponding legal bases of such processing:

Purpose
Legal Basis
The purposes outlined under Paragraph 6.6To send you information about our Services or information we feel may interest you (including promotional offers)
Consent
The purposes outlined under Paragraph 6.6To detect and prevent fraud and spamsTo provide you with the support requested and handle your enquiries in our communications in order to provide a positive experienceTo seek your feedback so that we can improve our Services and understand how to market them
Legitimate interest

Account Admins

The personal information that we collect or may collect from Account Admins include:

Controller
Source of collection
Categories of Personal Information
FWS
Information obtained automatically (Typically collected by cookies and pixels- Please refer to our Cookie Policy)
Technical information  Site usage
Information you give us (This includes information voluntarily provided by you through the forms on our Site or otherwise by contacting us)
Identification and contact information Audio, visual, electronic or other similar information. Employment-related information
Information obtained from third-parties
Identification and contact information Employment-related information (Limited to business profile related information)
FIML
Information obtained from FWS
Identification and contact information  

Provided below is a list of how we use the personal information of Account Admins (purpose of processing) and the corresponding legal bases of such processing:

Purpose
Legal Basis
The purposes outlined under Paragraph 6.8To provide our Services to our business customer, i.e., your employerFacilitating the account creation and management of accounts, such as the communication of a one-time password (OTP) to verify the ownership of the e-mail address or the mobile number provided when your account is created. Sending administrative information/ provide administrative support related to  activityInvestigate and resolve complaints and other issuesFulfilling requests submitted by you on our PlatformRectifying any errors that you face when trying to access our servicesImproving the quality of your user experience when you interact with the services  
Consent: Your acknowledgment of this Policy and assent to the same will be sought at the time of account creation through a checkbox.
The purposes outlined under Paragraph 6.8To inform you about new products and Services we are offering (including promotional offers)To inform you about any changes or modifications in our ServicesTo maintain security and operation of the Platform  
Legitimate interest

Employees

The personal information that we collect or may collect from Employees include:

Controller
Source of collection
Categories of Personal Information
FWS
Information obtained from your employer (This information is submitted to our Platform by our business customer, i.e., your employer, through Account Admins)
Identification and contact information. Employment-related information    
FIML
Information obtained from FWS
Identification and contact informationEmployment-related information  

Provided below is a list of how we use the personal information of Employees (purpose of processing) and the corresponding legal bases of such processing:

Purpose
Legal Basis
To provide our Services to our business customer, i.e., your employer, which includes calculation of their gratuity liability (for FWS Services)To comply with legal duties related to AML/CFT (detecting suspicious transactions and legitimacy of amounts in relation to gratuity for FIML Services)
Consent: Your employer shall be responsible for providing you a copy of this Policy and recording your assent to the same. We legally obligate our business customers to ensure that they have sought your informed consent before submitting your personal information to the Platform.

KYC-ed Individuals

The personal information that we collect or may collect from KYC-ed Individuals include:

Controller
Source of collection
Categories of Personal Information
FWS
Information provided by you
Identification and contact informationFormal identification documents and information   (Only to the extent required for FIML Services and for the purpose of sharing with FIML)
FIML
FIML
Information obtained from FWS
Information obtained from third-parties
FIML will conduct screening of KYC-ed individuals against sanction and Politically Exposed Persons (“PEPs”) lists by utilizing the services of third-party service providers. On conducting such screening, FIML may collect the results of such screenings. The results may contain the following information: Identification and contact informationEmployment-related informationEducation historyProfessional and personal affiliations (for example, organisations (including sanctioned vessels and aircraft) and individuals that you may be associated with in your professional or personal capacity)Financial information relevant to understanding your income or wealth (for example, bankruptcy or insolvency filings)Your inclusion (if any) on sanctions lists or on public lists of disqualified directors or other positions of responsibilityPublic domain information about actual or alleged money laundering or terrorist financing crime, or crimes that are a pre-cursor to money laundering or terrorist financingYour postings on website, blogs or social media applications    

Provided below is a list of how we use the personal information of KYC-ed Individuals (purpose of processing) and the corresponding legal bases of such processing:

Purpose
Legal Basis
To comply with legal duties related to AML/CFT and any request from any relevant governmental or regulatory authority; and counter-terrorism financing;Detecting, preventing and prosecuting fraud Monitoring and reporting compliance issues
Necessary for compliance with a legal obligation to which we are subject

7.  MARKETING COMMUNICATIONS AND OPTING OUT

We provide you with choices regarding the personal information we use, particularly concerning any market research and/ or subsequent marketing, advertising and promotion. We may contact you through emails to send you information about our Services or information we feel may interest you and/or to inform you about new products and services we are offering (including promotional offers) (“Marketing Communications”).

You may at any time, object to receive Marketing Communication from us. If you wish to do so, please click on the “Unsubscribe” option available on all Marketing Communications that you may receive from us or by contacting us at cs@finflx.com.

8.  WE PROCESS AND USE AGGREGATED, ANONYMISED AND DE-IDENTIFIED INFORMATION

We may also create, process, collect, use and share aggregated, anonymised or de-identified data such as statistical or demographic data for any purpose. Such information will then no longer identify you as an individual person, despite being derived from your personal information. We may also use this information to comply with legal or regulatory obligations.

We may share your personal information with members of our group, service providers and our key partners. Some of these third-parties may be in a jurisdiction outside the laws stated in this Policy, in which case we will take all necessary steps to ensure that your personal information is treated securely and that such transfers are permitted under the applicable data protection laws.

We may also use any or all of the personal information above to administer and manage our business in general, to detect and prevent misuse of our Services (including fraud), and to enforce our Terms and Conditions, Client Agreement or any other contract to which we may be a party to.  

9.  YOUR REFUSAL, FAILURE, INABILITY TO PROVIDE US WITH NECESSARY PERSONAL INFORMATION

As an Account Admin or Onboarded Individual, if you fail, neglect and/ or refuse to, or are unable to provide us any personal information which we necessarily need to provide our Services or which we need to collect by law, we may not be able to perform the Services. In this case, we have the right to discontinue your use of the Platform and/ or may or disapprove your Service requests. In such a situation, we will notify you of our inability to provide you the Service at the earliest.

10.  WE DO NOT COLLECT PERSONAL INFORMATION OF INDIVIDUALS BELOW THE AGE OF CONSENT

  1. We do not knowingly collect personal information from children below the legal age as established under their relevant domestic laws. If we learn that personal information from Data Subjects who are less than such age has been collected, we will take reasonable measures to promptly delete such personal information from our records.

11. WE MAY PROCESS SOME OF YOUR PERSONAL INFORMATION WITHOUT YOUR CONSENT

We may collect and process some of your personal information without your knowledge or consent and only where this is required or permitted by law. We may be compelled to surrender your personal information to legal authorities without your express consent, if presented with a court order or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state or other applicable jurisdiction. Please refer to Paragraph 7 for our purposes of processing and the corresponding legal basis.

12. WE MAY SHARE YOUR PERSONAL INFORMATION WITH THIRD-PARTIES

  1. Sharing between FWS and FIML: FWS may share the personal information of Account Admins, Employees and KYC-ed Individuals with FIML to enable FIML to provide its services to our business customers (i.e., the employers of Account Admins and Employees and organisations in which KYC-ed Individuals have beneficial ownership or are authorized representatives and/or signatories).
  2. Applicable law, government requests, etc.: Where we are legally required to do so, we may disclose your personal information to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements), or where we find it is necessary to investigate, prevent or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities. We may disclose your personal information as evidence in any litigation in which we are involved. Additionally, we may disclose your personal information to enforce our Terms and Conditions and/or Client Agreement, or to protect the rights, safety, and security of FIML, FWS, our users, other persons or the public.
  3. Merger, acquisition etc.: We may disclose your personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition of all or a portion of our business to another company, any dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, your personal information may also be transferred as a business asset forming part of our good will. If another company acquires us, our business or assets, that company will possess the personal information collected by us and will assume the rights and obligations held by us regarding your personal information, as described in this Policy.
  4. Advertisements: We may disclose your personal information where we use third-party advertising companies to serve ads when you visit or use the Platform. These companies may use information about your visits to our Platform and other websites that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you, provided you have consented to the same.
  5. Affiliates (apart from FIML and FWS): We may share your personal information with our affiliates, in which case we will require those affiliates to honour this Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us. We may share your information with our business partners to offer you certain products, services or promotions.
  6. With select third-party vendors: In connection with the performance of our Services, we may share your personal information with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples of such third-parties include payment processing, customer relationship management, data analysis, email delivery, hosting services, customer service, quality assurance testing, technical support, operational support and maintenance services and marketing efforts.

13. LINKS TO THIRD-PARTY WEBSITES

Our Services, Site or communications may contain links to other third-party websites which are not owned or operated by us and are regulated by their own privacy policies. If you click on a third-party link, you will be directed to that third-party’s site. We strongly advise you to review the privacy policy of every site you visit. We are not responsible for the privacy policies of these third-party websites, regardless of whether they were accessed using the links from our Platform. We have no control over and assume no liability for the content, privacy policies or practices of any third-party sites or services.

We specifically recommend that you, as the Data Subject (under this Policy) visit, familiarize, understand the below entity policies, as they are our partners in providing services under the facilities to you. While not a closed, comprehensive, or exhaustive list these are our third-party vendors:

  • For communication with users:
  • HubSpot CRM system;Twillio Sendgrid, for transactional, confirmations and verification emails
  • Maqsam Telecommunication services, for telephonic communication and call recording;
  • Etisalat SMS Gatweay, for SMS and OTP services;
  • Data backup and security:
  • Amazon Web Services;
  • Website hosting:
  • Amazon Web Services, utilizing UAE data centers for data storage.

14. YOU HAVE RIGHTS AS TO YOUR PERSONAL INFORMATION

Under the Data Protection Law of DIFC and Data Protection Regulations of ADGM, the Commissioners of Data Protection of the DIFC and ADGM are responsible for administering the respective law and regulations. You (in so far as these laws have application and subject to pertinent exemptions and restrictions stipulated therein) broadly have these rights under the Data Protection Law:

  1. Right to access: This means that you may ask us to provide you information on several aspects (depending on the applicable law/ regulations) pertaining to the processing activities undertaken by us, including, what personal information concerning you is being processed by us, the purposes of such processing, and who else the personal information may be passed/ transferred to or shared with.
  2. Right to withdraw consent: If you wish for us to stop processing your personal information, it is your right to withdraw consent, preventing us from further processing the personal information.
  3. Right to rectification: If you have provided your personal information to us, you have the right to request that we correct, or rectify your personal information if the same is incorrect or outdated.
  4. Right to erasure: This is your right, under certain circumstances, whereby you can ask for your personal information to be deleted. This would apply if the personal information is no longer required for the purposes it was collected for, or your consent for the processing of that personal information has been expressly withdrawn, or where personal information has been unlawfully processed. Some exceptions may apply to your exercise of this right.
  5. Right to object to processing: This is your right to object to the further processing of your personal information which is inconsistent with the primary purpose for which it was collected, which includes processing for profiling, automation and direct marketing.
  6. Right to restrict processing: This is your right to ask for a temporary halt or pause in processing of personal information, such as in the case where a dispute or legal case must be concluded, or the information is being corrected.
  7. Right to data portability: This is your right to ask for the personal information which you have provided to us, for which you have provided your consent for us to process, and which we have processed using automated means, to be provided to you in a structured, commonly used, and machine-readable or electronic format.
  8. Rights in relation to automated decision making and profiling: This is your right not to be subject to a decision based solely on automated processing.
  9. Right not to be discriminated against: This is your right not to be discriminated against by us. This right ensures that your personal information will not influence or affect us and you are not denied any of our Services, charged a different rate for the Services, provided with a different quality of Service simply because of your personal information.

If you wish to exercise any of the rights set out above or any other laws concerning personal information (in so far as same is applicable), please contact us at dpo@finflx.com. We may need to request specific information from you to help us confirm your identity. This security measure is to ensure that your personal information is not disclosed to any person who has no right to receive it.

We aim to respond to all legitimate requests without undue delay and within one (1) calendar month of receipt of any request from you. Occasionally it may take us longer than one (1) calendar month, if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).

15. HOW TO UPDATE YOUR INFORMATION

Whenever possible, you can update your personal information, subject to verification by us. If you wish for us to update your personal information, please contact us at dpo@finflx.com to make the required changes. We will retain your personal information for as long as your accounts have not been closed or as may be needed to provide you access to your accounts and/ or our Services, and in compliance with the law.

16.  DATA RETENTION AND RECORDS

We retain personal information mentioned under Paragraph 7, including session data linked to your Service usage or account, and all access or use of the Services.

We adhere to all applicable legislative provisions and data protection laws of each jurisdiction we operate in. Should any further information be required, please contact us at dpo@finflx.com.

Your personal information will be stored, retained, and processed for no period longer than as required by us for the purposes it was collected for, for the purposes of availing the Services, and for meeting any legal, accounting, reporting, government, regulatory or law enforcement requirements. Specifically for Account Admins and KYC-ed Individuals, we may retain your personal information for a period mandated by AML/CFT laws and regulations applicable to us. Unless required for any of the purposes specified above, we will delete personal information related to closed accounts every twelve (12) calendar months.

To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we have no ongoing legitimate business needed to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

17.  DATA STORAGE AND DATA TRANSFERS

Your personal information is stored and transferred in compliance with the applicable legislation or regulations of DIFC AND ADGM.

We store and process your personal information in data centers within the United Arab Emirates (“UAE”) (Amazon Web Services), wherever we have our premises, wherefrom we provide Services or where our third-party service providers are located.

We may transfer some of your personal information outside DIFC, ADGM and the UAE. Some of the international organisations and countries to which your personal information will benefit from an appropriate data protection regulatory framework as evidenced by an adequacy decision by the appropriate regulatory authority (Adequacy decisions for DIFC and ADGM can be accessed from link 1 and link 2 respectively). However, this may not always be possible. For such international organisations and countries, we shall transfer your personal information, only upon ensuring that a suitable degree of protection is afforded to it through the implementation of the necessary safeguards, such as adequate binding corporate rules or through the inclusion of standard contractual clauses in our agreements with such organisations and countries. If sought by you, we shall notify you of the specific safeguards we adopt to transfer your personal information to such an international organisation and/or country. Further, in all cases we shall take your explicit consent before we transfer your personal information outside of the country.

18. USE OF COOKIES AND RELATED TECHNOLOGIES

Our Site uses cookies. A cookie is a small text file placed on your computer, system or mobile device when you visit a web site or use an app. Cookies collect information about users and their visit to a website or about their use of the application, such as the Site. Cookies collect information such as the user’s internet protocol (IP) address, how they arrive at the Site (for example, through a search engine or a link from another website or platform) and how they navigate within the Site. As highlighted under Paragraph 7.6, we follow the “consent” and “legitimate” basis for processing cookies. For more information, regarding how we use cookies, please refer to our Cookie Policy.

19. LEGAL RECOURSE TO RELEVANT AUTHORITIES AND RIGHT TO LODGE COMPLAINTS

You have the right to make a complaint at any time to the Commissioners appointed under the DIFC Data Protection Law and ADGM Data Protection Regulations, depending on the controller. However, we would appreciate the opportunity to address your concerns before you approach any such authority. Please contact us in the first instance so that we may try to resolve your complaint swiftly and satisfactorily. Please contact us via email on dpo@finflx.com.

20. HOW TO CLOSE YOUR USER ACCOUNT

As an Account Admin, if you wish to close your accounts, please contact us at support@finflx.com. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our Terms and Conditions and/or Client Agreement available at support@finflx.com.

21. SECURITY PRECAUTIONS AND MEASURES EXERCISED BY US FOR PROTECTION OF YOUR PERSONAL INFORMATION DATA

We use industry-standard technical mechanisms and ensure that our affiliates or vendor entities use data encryption technology while implementing restrictions related to the storage of and the ability to access your personal information.

Our facilities are scanned on a regular basis for security holes and known vulnerabilities, to best ensure its security.

Your personal information is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the information confidential.

Please note that no transmission over the Internet or any method of electronic storage can be guaranteed to be absolutely 100% secure, however, our best endeavours will be made to secure data and the ability to access your personal information.

Without prejudice to our efforts on protection of your personal information, nothing contained in this Policy constitutes a warranty of security of the facilities, and you agree to transmit data at your own risk.

Please note, that we do not guarantee that your personal information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

Please, always check that any website on which you are asked for financial or payment information in relation to our Services is in fact legitimately owned or operated by us. The risk of impersonating hackers exists and should be taken into account when using our Platform.

If you do receive any suspicious communication of any kind or request, do not provide your information and report it us by contacting our offices immediately at dpo@finflx.com. Also, as an Account Admin, please also immediately notify us at dpo@finflx.com if you become aware of any unauthorised access to or use of your account.

Since we cannot guarantee against any loss, misuse, unauthorised acquisition, or alteration of personal information, please accept that, as an Account Admin, you play a vital role in protecting the personal information relating to yourself as well as Employees and KYC-ed Individuals, including the adoption of sufficient safety measures such as your choosing of an appropriate password of sufficient length and complexity and to not reveal this password to any third-parties.

Furthermore, we cannot ensure and do not warrant the security or confidentiality of data transmitted to us, or sent and received from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your personal information is no longer secure, please contact us.

Lastly, please note that should your personal information be breached, and the security of your rights be at high risk, we shall promptly and immediately communicate to you the nature of the breach which has taken place, the likely consequences of such a breach and shall describe thoroughly the measures we have implemented to address the breach and to mitigate any and all adverse effects to you and your rights. In the unlikely event of a breach occurring, please reach out to us at dpo@finflx.com for further information and for further advise on how to mitigate the potential adverse effects of such a breach.

We also aim to conduct all applicable security risk assessments to ensure the availability of risk mitigation controls, to better safeguard the integrity of Data Subject information.

22.  GENERAL

In the case of abuse or breach of security, we are not responsible for any breach of security or for any actions of any third-parties which receive the information illegally.

We will not distribute personal information to be used in mailing lists, surveys, or any other purpose other than what is required to perform our Services in accordance to this Policy.

23.  CONTACTING US

If you have any questions about our Policy as outlined above, or if you have any complaints, please contact us dpo@finflx.com.

If you have any queries or issues pertaining to your information or our Policy or personal information, then please do write to us at any time by emailing us via dpo@finflx.com.

This policy was last updated on 19th December, 2022