At Finary, the protection of your personal data is our priority.
Finary's primary goal is, and always has been, to put technology at the service of your assets, to allow you to reclaim your banking and investment data, to understand and control them, in order to optimize your strategy. investment, and give you access to ever more relevant assets.
Finary is required to collect some of your personal data in order to use it for a specific purpose to carry out this mission, and to provide you with the best of services.
And because we do care about the protection of your personal data, and master current personal data security issues, we comply with the latest expectations in terms of respect and protection of personal data, and do not sell, nor will we sell your personal data to third parties.
Your personal data belong to you, Finary adds value to it, but does not take away from it.
When you use the finary.com site (hereinafter the “Site”) and/or the Finary application (hereinafter the “Application”), we collect personal data about you.
Finary acts here as a data controller. Finary is a simplified joint-stock company, registered with the Bobigny RCS under number 892 357 724 and whose registered office is located at 95 avenue du Président Wilson 93100 Montreuil (hereinafter “We”).
We collect and protect the personal data of our customers in accordance with Regulation (EU) 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (ci -after the “GDPR”) applicable in France since May 25, 2018.
The purpose of this policy is to inform you of why we collect and protect your personal data, and how we protect it.
- What type of information do we collect and hold ?
We only collect and use the personal data necessary for our business operations and the purposes listed below, which allows us in particular to provide you with personalized services according to your profile in the simplest possible and most appropriate way.
To do this, we collect the following personal data:
- Identification data (including your surname, first name, email address, telephone number, your mobile identifier (AAID or IDFA));
- Data relating to your assets (including your investments in shares, digital assets, real estate, and any other assets);
- Connection data (including your IP address, logs, encrypted passwords);
- **Economic and financial data **(including your account balances, your investment balances, your transaction details, your banking details, your bank card data);
- Data for the purpose of verifying your identity (including a valid copy of an identity document, a selfie and any other related document as per current laws);
- Data relating to your professional life (in particular your professional situation, socio-professional category, your salary, your financial investment litteracy).
Mandatory data is indicated when you provide us with your data. They are marked with an asterisk (*) and are necessary to provide you with our services.
- How do we get the information and why do we have it ?
|Purpose of the processing||Lawful basis||Retention period|
|Provide you with our services (monitoring of your assets, financial independence simulation (predict), and optimisations)||Performance of a contract||Your data is kept for the lifetime of your account. In case of an inactive account for 2 years, your personal data will be deleted.
In addition, your data may be archived for evidentiary purposes for a period of 5 years.
|Execute your order, carry out operations relating to customer management concerning contracts, orders, invoices, sponsorship programs and monitoring of the relationship with customers||Performance of a contract||Personal data is kept for the duration of the contractual relationship.
In addition, your data is archived for evidentiary purposes for a period of 5 years.
Regarding the data relating to your bank card, they are kept by our payment service providers until the termination of your subscription.
The data relating to your bank cards may be kept, for the purpose of proof in the event of any dispute over the transaction, in intermediate archives for a period of thirteen (13) months following the date of debit. This period may be extended to fifteen (15) months in order to take into account the possibility of using deferred debit payment cards.
|Create a register of customers and prospects||Our legitimate interest in developing our business activity||For customers: the data is kept for the duration of the commercial relationship.
For prospects: the data is kept for a period of 3 years from your last contact.
|Send newsletters, solicitations and promotional messages||For customers: our legitimate interest in retaining and informing our customers of our latest news.
For prospects: your consent
|The data is kept for 3 years from your last contact.|
|Develop internal statistics on how our users are using our services||Our legitimate interest in improving our services||Personal data are kept for 2 years since their collection|
|Deliver statistics on financial investment current trends, based on our user’s profiles. \ These trends are shared among our users, but no name nor identity are shared across our users.||Our legitimate interest in providing you relevant statistics||Personal data are kept for 2 years since their collection|
|Deliver personalized advertising||Your consent||The retention period varies depending on the advertising platform used, contact us at [email protected] for more details.|
|Respond to your requests for information and complaints (via our chat, or by email, or on social networks)||Our legitimate interest in replying to your requests||The data is kept for the time necessary to process your request for information and deleted once the request for information has been processed.|
|Fight against money laundering and terrorist financing, against fraud (in particular verifying your identity as part of our KYC obligations, taking into account international economic and financial sanctions, fiat transaction monitoring) as part of the investment service||Compliance with a legal obligation||For data relating to identity verification and assessment of an alert generated (full name, date of birth, address, proof of identity, source of funds, IBAN details, biometrical data (selfie) and any other relevant documents or information as stated by law…) The data are kept for 5 years from the closing of the investment account.
Retention of the alert qualified as relevant: the data is kept for 5 years from the closing of the reviewed file.
|Crypto withdrawal to your own wallet||Compliance with a legal obligation||Your wallet address, any additional details that might be asked to confirmed your ownership of said wallet, as well as the legitimacy of said wallet, and the assessment of any potential alert linked to the wallet of the user behavior.
The data are kept for 5 years from the closing of the investment account.
|Manage requests to exercise GDPR rights||Compliance with a legal obligation||Should we ask you for a proof of identity: we keep it only for the time necessary to verify your identity. Once verified, the ID is deleted.
If you exercise your right to oppose prospecting: we keep this information for 3 years.
- Who has access to your personal data ?
Will have access to your personal data:
In the context of sponsorship, sponsors are informed that their first and last names will be disclosed to the sponsored person in order to inform him of the identity of his sponsor. Sponsored persons are informed that their email addresses will be disclosed to the associated sponsor in a partially concealed manner, for the purpose of informing the sponsor of whether or not the sponsorship has been completed.
- Do we share your personal data outside the European Union ?
Your data is kept and stored for the duration of the processing on the servers of HEROKU and Digital Ocean, both located in the Netherlands.
As part of the tools we use (see article on recipients concerning our subcontractors), your data may be transferred outside the European Union. The transfer of your data in this context is secured using the following tools:
- either this data is transferred to a country that has been deemed to offer an adequate level of protection by a decision of the European Commission;
- either we have entered into a specific contract with our subcontractors governing the transfer of your data outside the European Union, on the basis of standard contractual clauses approved by the European Commission;
- or we have recourse to the appropriate guarantees provided for by the applicable regulations.
- Quels sont vos droits sur vos données ?
You have the following rights with regard to your personal data:
- Right to information: this is precisely why we have written this policy. This right is provided for in Articles 13 and 14 of the GDPR.
- Right of access: you have the right to access all of your personal data at any time, under Article 15 of the GDPR.
- Right of rectification: you have the right to rectify at any time your inaccurate, incomplete or obsolete personal data in accordance with Article 16 of the GDPR
- Right to restriction of processing: you have the right to obtain the limitation of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
- Right to erasure: you have the right to demand that your personal data be erased, and to prohibit any future collection for the reasons set out in Article 17 of the GDPR
- Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of the applicable texts. (Article 77 GDPR)
- Right to define directives relating to the storage, erasure and communication of your personal data after your death, in accordance with Article 40-1 of the French Data Protection Act.
- Right to withdraw your consent at any time: For purposes based on consent, Article 7 of the GDPR provides that you can withdraw your consent at any time. This withdrawal will not call into question the legality of the processing carried out before the withdrawal.
- Right to portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data that you have provided to us in a standard machine-readable format and to require their transfer to the recipient of your choice.
- Right to object: under Article 21 of the GDPR, you have the right to object to the processing of your personal data. Note, however, that we may continue to process them despite this opposition, for legitimate reasons or the defense of legal claims.
You can exercise these rights by writing to us at the contact details below. We may ask you on this occasion to provide us with additional information or documents to prove your identity.
We have a maximum response time of one month from the date of receipt of the request. If the request made cannot be satisfied immediately, a dated acknowledgment of receipt will be given to you.
If the request is incomplete (absence of identity document for example), we are entitled to request additional information: the period is then suspended and runs again once these elements have been provided.
Access to these rights is free. In some cases, reasonable costs related to the processing of your file may be requested, for example in the event of a request for an additional copy, or in the event of a particularly complex request.
In accordance with the applicable regulations, you are entitled to lodge a complaint with the CNIL (National Commission for Computing and Liberties) in the event of an unsatisfactory resolution of your exercise of rights in France. You can access the complaint form by clicking here.
- Personal data requests point of contact
Contact email of our Data Protection Officer: [email protected]
Contact address: Finary SAS, 95 avenue du President Wilson, 93100 Montreuil
Entry into force: 03/10/2023