GDPR Compliance

Your Data Rights

We are fully compliant with the General Data Protection Regulation (GDPR). Learn about your rights and how we protect your personal data.

Effective Date: May 25, 2018 • Last Updated: January 2025

Your GDPR Rights

Right to Access

Request a copy of your personal data we hold

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data

Right to Portability

Receive your data in a portable format

Right to Restrict

Limit how we process your personal data

Right to Object

Object to certain processing activities

Exercise Your Rights

You can exercise your GDPR rights at any time. We typically respond to requests within 30 days.

Legal Bases for Processing

Legitimate Interest

Processing necessary for our legitimate business interests

Examples:
  • Service improvement
  • Security monitoring
  • Fraud prevention

Contract Performance

Processing necessary to provide our services to you

Examples:
  • Account management
  • Email delivery
  • Billing

Legal Obligation

Processing required by law or regulation

Examples:
  • Tax records
  • Audit requirements
  • Law enforcement requests

Consent

Processing based on your explicit consent

Examples:
  • Marketing communications
  • Optional features
  • Third-party integrations

Data Categories & Retention

Identity Data

Examples:
  • Name
  • Email address
  • Phone number
  • Company information
Purpose:
Account management and communication
Retention:
Account lifetime + 30 days
GDPR Compliant

Technical Data

Examples:
  • IP address
  • Browser type
  • Device information
  • Usage patterns
Purpose:
Service delivery and improvement
Retention:
90 days for logs, 2 years for analytics
GDPR Compliant

Email Content

Examples:
  • Email headers
  • Delivery status
  • Engagement metrics
Purpose:
Service delivery and compliance
Retention:
90 days operational, 7 years compliance
GDPR Compliant

Financial Data

Examples:
  • Billing address
  • Payment method
  • Transaction history
Purpose:
Billing and regulatory compliance
Retention:
7 years for tax compliance
GDPR Compliant

International Data Transfers

Standard Contractual Clauses (SCCs)

When we transfer your data outside the European Economic Area (EEA), we use Standard Contractual Clauses approved by the European Commission to ensure adequate protection.

  • EU Commission approved SCCs in place with all data processors
  • Regular assessment of data protection laws in third countries
  • Additional safeguards implemented where necessary

Data Processing Locations

Primary Processing (EEA)

  • • Germany (Frankfurt) - Primary infrastructure
  • • Ireland (Dublin) - Backup and redundancy
  • • Netherlands (Amsterdam) - Edge locations

Third Country Processing

  • • United States - Cloud infrastructure (SCCs)
  • • Singapore - Asia-Pacific operations (SCCs)
  • • Canada - North American redundancy (Adequacy)

Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our GDPR compliance and serve as your primary contact for all data protection matters.

Contact Information

Email: dpo@finketech.com

Subject Line: GDPR - [Your Request Type]

Response Time: Within 72 hours

Resolution Time: Within 30 days

What Our DPO Can Help With

  • • Exercise your GDPR rights
  • • File complaints about data processing
  • • Request information about our practices
  • • Provide guidance on data protection

Right to Lodge a Complaint

If you're not satisfied with how we handle your personal data or respond to your rights requests, you have the right to lodge a complaint with your local supervisory authority.

For EU residents: Contact your national data protection authority
Lead Supervisory Authority: Data Protection Commission (Ireland)