UK - Privacy Statement
Version 20-12-2022
This privacy statement sets out how Finqle UK Ltd. and Finqle BV and Finqle Connect BV (hereafter: Finqle) processes your personal data. It also informs you of the rights that you have as a data subject. This privacy statement was last updated on 20 December 2022.
Finqle creates and maintains software and APIs to provide all kinds of organizations with supply-chain invoicing and invoice factoring services. Finqle has designated a Data Protection & Privacy Officer that can be contacted at privacy.officer@finqle.com.
1. Personal data we collect
In connection with the provision of our services we collect and process certain personal data. We only collect your personal data on the grounds permitted by regulations and laws.
The personal data we may collect includes the categories of personal data detailed below.
If you visit our website:
Cookies and website technology:
For more details, see our Cookie Statement.
If you contact us:
Contact information:
Phone number
Email address
Postal address
If you visit our office:
Personal details:
Name(s)
Email address
If you use our services (whether or not through our third-party supplier or our client):
Categories
Dates
Personal details:
Name(s)
nationality
Place and date of birth
Gender
IP address
identification details:
Passport or ID card or driver’s license
National identification number or social security number
Username & password for our systems
Tax details:
Tax ID number and/or VAT number
Bank details:
Bank account number or IBAN
Bank transfer information
credit history
Contact information:
Phone number
Email address
Postal address
Product and services data:
Transaction and financial data
Records of contact:
Phone calls
Video calls or conferences
Chat and similar communication channels
Regulatory details:
Anti money laundering checks
transaction information
Cookies and website technology:
For more details, see our Cookie Statement.
2. How do we collect your personal data?
The personal data we collect and process is directly provided by you or obtained from direct third-party sources. We may also use personal data collected from indirect third party sources.
Provided by you, when:
You fill in a contact form
Send us information through one of our communications channels
Log into the Finqle platform and provide us with (financial) data
Provided by direct third parties, when:
You work through a vendor that uses Finqle services
You work for a debtor that uses Finqle services
From indirect third parties:
Regulatory authorities
Public sources, such as the internet
data files from other parties that have collected personal data about you, such as intermediaries and Trade Registers and businesses who contact us regarding products or services who may provide us with information that relates to you
3. Why do we process your personal data and on what legal basis?
Finqle only processes your personal data where permitted by law. We process your personal data:
3.1. To perform a contract
We need certain personal data to enter into contracts and to provide our services. The type of personal data we need will depend on the type of service we offer and our relationship to you. For example, you may be a new or existing user of our services or a contact person, shareholder, authorized signatory, or beneficial owner of a company that uses our services. We process personal data for assessing and accepting clients, carrying out risk assessments, risk management, reporting, carrying out our services and for execution, clearing and settlement. If you are unable to provide us with the personal data that is needed, we may not be able to enter into these contracts or provide our services.
3.2. For the purpose of the legitimate interests of Finqle or others
We may also process your personal data where necessary for our legitimate interests or those of a third party. We only do this where our interest in using your personal data outweighs your rights to data protection. We must balance all interests. Here are a few examples of when this might happen:
to undertake financial risk assessments to protect your and our financial position
to protect property and personal data belonging to you, to us and to others
to collect proof of transactions
for your interests and the interests of other clients (for example, in the event of an insolvency)
to record telephone calls for the purpose of improving our services or because of a legal obligation and for the prevention and detection of crime
to send you information on new products, service changes, market developments, technical issues, and other relevant news for your business by means of direct marketing
for improvement of the products and services we offer you
for reasons of efficiency. For example, we may centralize our customer and business management systems, make use of other service providers, conduct statistical and scientific research, study possible trends, problems, root causes of errors and risks
As above, due to the nature of our services we may process your personal data for the legitimate interests of third parties, including debtors (for example, for a third party debtor’s legitimate business interests and/or to assist such a debtor with meeting its regulatory obligations).
3.3. Other purposes
We may use your personal data for other purposes than for which you or your business supplied the personal data to us. In that case, the new purpose must be in accordance with the law and in line with the purpose for which you or your business initially provided your personal data to us.
4. How long do we keep personal data?
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We retain your personal data for a maximum period of 7 years after our contract with you ends, however we may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
5. Who do we share personal data with?
There are situations in which we are required to provide your personal data to other parties. Privacy law specifies how and when we are can transfer your personal data. We may share your personal data with: Service providers and network parties. As part of our business, we may disclose your personal data to various service providers and network parties that help us in our day-to-day operations and that help us to provide services to our clients. This includes companies that provide outsourced services to us; network parties such as Payment Service Providers and banks; and professional advisors such as lawyers, accountants, and auditors.
Competent public authorities
In certain cases, we are required to provide your personal data to competent public authorities. For example, these include law enforcement agencies, government entities, tax authorities and regulatory bodies.
6. Personal data transfers to other parties outside the United Kingdom and European Economic Area
We may share personal data with other companies or organizations outside the United Kingdom or the European Economic Area, for instance, with network parties for tax reclaim purposes or in the context of an outsourcing agreement. Where the level of data protection in those countries has not been deemed as adequate by the United Kingdom, we ensure that we implement appropriate safeguards, such as the International Data Transfer Agreement in order to transfer personal data to such countries.
7. How do we protect your personal data
Internal systems (front)
Limited access (including individual password management)
Obligatory 2FA and VPN
ISO 27001 certification
Internal systems (back)
Exclusively hosted in the European Union
All traffic encrypted in transit (SSL)
firewalls
8. Profiling
We make use of profiling through the use of algorithms and machine learning for the following purposes.
Fraud prevention and unusual transactions
We have a great deal of knowledge and experience in fraud prevention. Unfortunately, we are faced with increasingly sophisticated forms of fraud. To the extent possible, we may take measures to prevent fraud, which may include profiling. We also pay particular attention to unusual transactions and to transactions by using algorithms to flag deviations in invoicing flows. We may use any such flagged deviations to create and maintain a risk profile of clients and of individuals who operate on behalf of the client or provide guarantees or other securities in support of the client.
9. Marketing
Finqle conducts business to business marketing through the use of cookies (as further set out below) and through electronic communications via platforms such as LinkedIn.
10. Cookies
11. What rights do you have and how can you exercise them?
If you want to exercise the rights as listed below, please submit a request to us by contacting us at privacy.officer@finqle.com .
Right to access your data
You have the right to request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Right to rectification
If the personal data we hold of you is incorrect, you have the right to request rectification. You also have the right to have incomplete personal data that we hold of you completed.
Right to erasure
You have the right to obtain from Finqle the erasure of your personal data. However, we may not be able to do so in certain situations, such as if you or your company is still a client of Finqle or you continue using our services, or if we are required by law to keep your personal data.
Right to object to processing
For direct marketing purposes If you no longer want to receive marketing from Finqle, you can unsubscribe at any time. All marketing messages include this possibility and you can exercise this right easily.
Right to object to profiling
It may be the case that you do not want us to use your personal data for profiling. Sometimes, however, we are allowed to do this, for instance to prevent fraud, manage risks or investigate unusual transactions, even if you object to the processing of your data. In such situations, we will of course comply with the law.
Right to data portability
Individuals with a contract with Finqle have the right to receive their personal data in structured, commonly used and machine-readable format and to have that transmitted to another controller. However, this right only applies when your personal data is used to carry out a contract where you and not the business you represent is party to that contract, or when processing is based on your consent.
Right to restriction
You have the right to request that Finqle restricts the processing of your personal data if the following applies:
You have claimed that the personal data we hold of you is incorrect
The processing of your personal data is unlawful. Instead of the erasure of your personal data, you can request Finqle to restrict the use of it
Finqle no longer needs to process your personal data but still requires it for defense or legal purposes
In case you object to the processing of your data by Finqle based on legitimate grounds
Right to withdraw consent
You may withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Right to complain
Please contact us in case you consider that the processing of your personal data by Finqle infringes data protection laws as set out in this privacy statement. You also have the right to lodge a complaint with the Information Commissioner’s Office.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
12. Updates to the Privacy Statement
Changes to the law or our services and products may affect the way in which we use your personal data. For this reason, we may need to amend this privacy statement. Finqle shall publish any changes made to this privacy statement on their website.