Privacy Policy

Last Revised: August 24, 2022

Below is our privacy policy, which outline how we collect, use and share information we collect about you when you use our websites, services and or products. The bottom line is it’s our aim to always take care of you and we understand and respect our users' need for privacy.

Who Are We

We are Finblu Ltd residing at 86-90 Paul Street EC2A 4NE London United Kingdom with company registration number 13285664.

We care about your privacy and every time we deal with your personal data we do so in accordance with the provisions of the general data protection regulation and the national law relating to the processing of personal data.

We are required under data protection legislation to make the information contained in this privacy policy accessible to you. This privacy policy sets out which measures are taken to protect your privacy when using our services or products, and what rights you have in this respect.

By using our services and/or products, you agree to the collection and processing of some of your personal data in accordance with the purpose described in our privacy policy. You are invited to read this privacy policy carefully and familiarise yourself with its content. Matthew Vanhoutte is our Privacy Coordinator and you can reach them at privacy@finblu.co.uk for any questions or to exercise your rights. Future amendments to this policy cannot be excluded. We therefore ask that you read the privacy policy from time to time.

Processing of Your Personal Data

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We try to collect as little personal information as possible in order to achieve our goals.

We comply with data protection laws which require that the personal information we process about you must be:

  • Collected only for valid purpose(s) that we have clearly explained to you.
  • Used lawfully, fairly and in a transparent way which means in a way that is relevant to the purpose(s) we informed you about, limited only to those purpose(s) and in no way incompatible with those purpose(s).
  • Accurate and kept up to date, kept only as long as necessary for the purpose(s) we have told you about and handled securely.

We may request certain information from you in order to enable you to use or purchase our services or products. If have processes in place to obtain your personal information in a different way, we will state this in this privacy policy. If you have any questions do contact our privacy coordinator.

More specifically we will collect any or all of the following data elements:

  • Birthday / Age
  • Company role
  • Company address
  • Consent
  • Correspondence content
  • Customer name
  • Date and Time
  • Documentation requiring compliance checks
  • Electronic identification data
  • Email address
  • Essential cookies
  • Involved party name
  • Know Your Customer (KYC) data
  • Nationality
  • Payment history
  • Payment balance data
  • Phone number
  • Profile preferences
  • Ultimate Beneficial Ownership (UBO) data
  • VAT number

We rely on you to provide us with correct data. If the data changes, we invite you to let us know, so we can keep the data up to date.

We process the data to allow us to deliver the services/products, and to continually improve the services/products available to you and adapt them to your needs. More specifically we perform the below processing:

  • Corporate Website
    Description: Corporate website for consultation by client or prospective client
    Purpose: To inform client or prospective client
    Legal basis: Legitimate interests
    Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
    Data items: Email address, Customer name, Correspondence content, Essential cookies, Electronic identification data
    Data is processed in the EU
  • Finblu U-Search Application
    Description: Search global consolidated sanctions data using an our online tool or API.
    Purpose: Offer sanction data services
    Legal basis: Contract
    Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
    Data items: Email address, Profile preferences, Customer name
    Data is processed in the EU
  • Finblu U-Comply Application
    Description: Automate the tedious task of document sanction compliance checks.
    Purpose: Offer sanction related services
    Legal basis: Contract
    Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
    Data items: Email address, Profile preferences, Customer name, Documentation requiring compliance checks
    Data is processed in the EU
  • Sanction list data collection
    Description: Processing of information related to publicly available regulatory sanctions lists and Ultimate Beneficial Owner (UBO) information. This will typically includes name, date of birth, nationality, ownership structure etc.
    Purpose: Gathering sanctions data for subscription services
    Legal basis: Legitimate interests
    Retention period: Maximum 7 years unless the legal period and/or period relevant for legal action exceeds
    Data items: Ultimate Beneficial Owner (UBO) data, Know Your Customer (KYC) data, Involved party name, Nationality, Birthday / Age
    Data is processed in the EU
  • Customer correspondence
    Description: communication with customers in electronic or paper form
    Purpose: To provide proper service to the client
    Legal basis: Contract
    Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
    Data items: Company address, Email address, Customer name, Correspondence content
    Data is processed in the EU
  • Customer invoicing & accounting
    Description: Calculating the fee owed, sending out invoices and ensuring payment
    Purpose: To ensure proper payment
    Legal basis: Contract
    Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
    Data items: Email address, Company address, VAT number, Payment History, Payment balance data, Customer name
    Data is processed in the EU
  • Customer appointments
    Description: Register customer appointments either on paper or on a computer
    Purpose: To manage availability and calendar
    Legal basis: Contract
    Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
    Data items: Email address, Phone number, Date & time, Customer name
    Data is processed in the EU
  • Newletter / promotion
    Description: Keeping your clients up to date about what your company has to offer
    Purpose: As long as the user remains subscribed to the newsletter
    Legal basis: Legitimate interests
    Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
    Data items: Email address, Consent, Customer name
    Data is processed in the EU
  • Customer prospecting
    Description: Gathering of prospective customer information
    Purpose: To communicate goods and services to prospective customers
    Legal basis: Legitimate interests
    Retention period: All prospects that have not converted to customers will be deleted after 2 years
    Data items: Email address, Company Role, Phone number, Customer name
    Data is processed in the EU

In the above processing we are the data controller.

Where you provided consent, you have the right to revoke it. You have the right to withdraw your consent at any time.

In case you object to the processing of your data, please contact us so we can evaluate together if a contractual relationship is possible and a continuation of the use of our services is possible.

We also handle supplier data. When we collect, process and store supplier data, we want to make sure we only collect, process and store data we really need and are entitled to handle in this way. In dealing with our suppliers we typically collect, process and store the name, work email and work phone of the person(s) interacting with us. We also collect, process and store the VAT number of our suppliers. If we provide parking space or access to our business area to suppliers' vehicles, we might collect, process and store the licence plate number and timing of the visit for purposes of organisation and security. Our security measures are functionally and technically in line with industry best practices. We retain the information during the legal period and/or period relevant for legal action.

Processing of Personal Data On Your Behalf

The specific nature of our relationship makes it unlikely that we will process other people's personal data on your behalf. In the exceptional case that this nevertheless occurs, we are the processor and you are the controller. We will then carry out your instructions for the processing, possible subcontracting, the fate of the data at the end of the agreement and the possible transfer of data. We will therefore take the necessary security measures and assist you in fulfilling your obligations under the GDPR.

Transfer of Personal Data

In order to provide certain services or products we might work with third parties such as IT partners, insurance partners, accounting partners, legal advisors. More specifically we reserve the right to transfer your personal data to our partners.

  • IT Support
    Purpose: To ensure proper running of the IT environment
    Legal basis: Legitimate interests
    Data items: Customer name, Electronic identification data, Email address
    Data is processed in the EU
  • Social media - Linkedin
    Purpose: To promote the company and its services
    Legal basis: Legitimate interests
    Retention period: As from termination of contract, retention during the legal period and/or period relevant for legal action
    Data items: Staff member name, Pictures / images, Electronic identification data, Electronic localisation data, Date and Time
    LinkedIn Ireland Unlimited Company receives the data
  • Social media - Twitter
    Purpose: To promote the firm
    Legal basis: Legitimate interests
    Data items: Electronic identification data, Electronic localisation data, Username, Date and Time
    Twitter International Company receives the data

If we receive personal data from a third party referring you to us, we assume this data is obtained directly from you or with your consent. If this is not the case, please advise us immediately.

These third parties will generally act as data processor. Please do note that social media platforms, commerce platforms and structural sales partners are often regarded as joint controllers.

If you participate in an online call, meeting, conference,... do note that any data you choose to share will be visible and/or audible to the other participants. Please consider this before sharing your personal details, video, audio or any other data.

In case you object to the transfer of your data, please contact us so we can evaluate together if a contractual relation is possible and a continuation of the use of our services is possible.

Please do note that we may be required by law to process certain data and, as the case may be, to transmit them to the relevant authorities. As this is a legal obligation you can not object this transfer.

Security and Confidentiality

We undertake to keep your personal data secure & confidential and have established security procedures to avoid any loss, abuse or alteration to this personal data in line with industry best practices.

Website and Cookies

Navigation on our website may result in cookies being saved to your computer. They simplify the visit and improve your experience. When visiting our website you will be informed of the cookies being used and we will ask you for your consent. Furthermore, each time you visit our website, the webserver automatically processes your IP address and/or your domain name.

We may publish links to websites owned and operated by third parties. If you click on such a link you will navigate to another website. Please make sure you read and understand the privacy policy of that website, as it may differ from our policy and is outside of our control. If you feel unsure or cannot agree with the policy, we suggest you leave that website.

Exercising Your Rights

In accordance with the general data protection regulation you have the right to:

  • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Withdraw your prior consent to processing at any time.
  • The right to object to a decision based solely on automated processing, including profiling.
  • The right to receive your personal data in a structured, commonly used and machine-readable format and have transmit those data to another controller (commonly known as a "data portability request").

We sometimes need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it

You can exercises your rights by contacting our Privacy Coordinator Matthew Vanhoutte via privacy@finblu.co.uk or at the below company address:

Finblu Ltd
c/o Matthew Vanhoutte
86-90 Paul Street
EC2A 4NE London United Kingdom

Data Protection Authority

You can direct any complaints and comments to the competent data protection authority at the below address:

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow Cheshire SK9 5A
https://ico.org.uk

Have a question?

We’d be happy to chat with you and clear things up for you. Anytime!

Email us

privacy@finblu.co.uk