Part 2

Privacy Statement for financial services industry participants trialling, supplying or commercially using the Risk Profiling System to complete the Test.

What information does FinaMetrica hold?

If you have been registered to use the Website so as to be able to register other persons to complete the Test, our records hold the information mentioned in PART 1: Privacy Statement for those registered to complete the Test for each of the persons that you register, and for you:

  1. Personal information about you as required to effect the relationship you have with us. This information may include your name, current and previous addresses, telephone/mobile numbers, current and previous email addresses, and your organisation details.
  2. Your IP address used to connect your device to the Internet when you access the Website and/or the Test.
  3. Communication history with you. This information may include file notes, emails, support request through our ticketing system JIRA, LiveChat Support and the outcomes of telephone calls.
  4. Usage and other information as required to effect a commercial relationship.

 

When do we collect this information about you?

FinaMetrica collects this information:

  1. Directly from you, including when you provide information by phone, e-mail, support request through our ticketing system JIRA, LiveChat Support or fax;
  2. From our own records of your use of the Website and the Test;
  3. From publicly available sources of information (we do not collect personal data on EU data subjects from public sources); and
  4. From an associated website or other third party that registered your access to the Website.

 

How may this information be used?

This information is used to:

  1. Provide the services you require;
  2. Administer and manage your account and services, including your billing and subscription;
  3. Inform you of information relating to your use of the Website and the Test, including our e-newsletter; and
  4. Research and develop the Website, the Test and supporting services.

 

Your IP address is used to assist us to establish where the Test was completed in the event of a legal dispute.
This information will also be used to send you the communications identified below.

FinaMetrica's Mailing List

Our mailing list contains your name, email address, country, phone and organisation.

Our mailing list is used to send out our eNews (news about risk, risk tolerance, risk profiling and suitability). From time to time you may receive special offers/promotions from third parties where we have your consent to send these to you. You may unsubscribe from our mailing list at any time.

To Unsubscribe from Our Communications

You may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our emails; if you receive the FinaMetrica eNews, you can opt out by changing the email preferences link found at the footer of the eNews; or by sending us an email at dpo@finametrica.com. Customers cannot opt out of receiving transactional emails related to their account with us or the Subscription Service.

EU Processor Obligations

Depending on the context of the relationship, we may process Personal Data as a processor, controller or joint controller for the purposes of providing our services.

We also process certain Personal Data as a data controller. Such Personal Data includes, invoicing details and other Personal Data of our customer’s contact persons, in order to maintain our relationship and to provide support using the tools provided by our third party providers/processors as outlined in this Privacy Policy.

If you are from the EEA and you are trialling, supplying or commercially using the Risk Profiling System so as to be able to register other persons to complete the Test, we:

  1. will process the Personal Data only in accordance with instructions within the scope of our Subscription Service from you. If we believe that an instruction from you infringes applicable data protection law, we shall inform you without delay. If we cannot process Personal Data in accordance with the instructions due to a legal requirement, we will (i) promptly notify you of that legal requirement before the relevant processing to the extent permitted by applicable data protection law; and (ii) cease all processing (other than merely storing and maintaining the security of the affected Personal Data) until such time as you issue new instructions with which we are able to comply. If this provision is invoked, we will not be liable to you for any failure to perform the applicable services until such time as you issue new instructions in regard to the processing.
  2. will assist you reasonably, taking into account the nature of the processing:
    i) by appropriate technical and organisational measures and where possible, in fulfilling your obligations to respond to requests from data subjects exercising their rights;
    ii) in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the EU General Data Protection Regulation, taking into account the information available to us; and
    iii) by making available to you all information reasonably requested by you for the purpose of demonstrating that your obligations relating to the appointment of processors as set out in Article 28 of the EU General Data Protection Regulation have been met;
  3. shall be entitled to engage third party service providers/ sub-processors  to fulfil our obligations with your written consent. For these purposes, you consent to our appointment of the third party service providers/ sub-processors listed at www.riskprofiling.com/gdpr/serviceprovider for the purposes and at the location stipulated. For the avoidance of doubt, the above authorization constitutes your prior written consent to the sub-processing by our third party service providers/ sub-processors. We will notify you of any changes to the list of approved third party service providers/ sub-processors, by email (to your most recently provided email address) and/or post any revisions to www.riskprofiling.com/gdpr/serviceprovider. We will provide you with the opportunity to object to the engagement of the new sub-processors within 7 calendar days after being notified. The objection must be based on reasonable grounds (e.g. if you prove that significant risks for the protection of your Personal Data exist at the sub-processor). If we are unable to resolve such objection, either party may terminate the Subscription Service by providing written notice to the other party;
  4. will enter into a contract with a sub-processor where we engage a sub-processor, imposing on the sub-processor, the same data protection obligations that apply to us. Where the sub-processor fails to fulfil its data protection obligations, we will remain liable to you for the performance of such sub-processor’s obligations;
  5. will upon expiration, termination of your Subscription Service, whereby no further processing is required, upon your written request, at our discretion, either delete, destroy or return Personal Data to you, unless we require the retention of such Personal Data to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our services;
  6. will notify you without undue delay after we become aware of any Personal Data breach affecting you or the persons that you registered to complete the Test. At your request, we will promptly provide you with all reasonable assistance necessary to enable you to notify relevant Personal Data breaches to the relevant authorities and/or affected data subjects, if you are required to do so under relevant data protection law; and
  7. will make available to you all information necessary to demonstrate compliance with our data processor’s obligations and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by the you.