At Fini Technologies, Inc. ("us", "we", or "our"), a Delaware corporation, we are committed to protecting the privacy of personal data and complying with applicable data protection laws.
This Data Protection Policy describes the principles, safeguards, and rights that govern Fini's processing of personal data through our products, APIs, and Services. It applies in two distinct contexts:
(a) Where Fini acts as a Data Controller, for personal data of website visitors, prospects, and individuals who administer customer accounts.
(b) Where Fini acts as a Data Processor, for Customer Data that our business customers process through the Services. Our handling of Customer Data is governed by our Data Processing Addendum (DPA), which takes precedence over this Policy for that data.
This Policy supplements our Privacy Policy and forms part of our agreement with you, alongside our Terms of Service.
Scope
This Policy applies to both personal and non-personal data processed by Fini.
"Personal Data" means any information relating to an identified or identifiable individual. This includes, without limitation, name, email address, phone number, identification numbers, account information, customer identifiers, IP addresses, device identifiers, and any other information that can be directly or indirectly linked to a person.
"Customer Data" means personal data that our business customers, or their end-users, provide or generate through the Services and that Fini processes on the customer's behalf as a Data Processor.
"Non-Personal Data" means data that does not identify an individual and cannot reasonably be used to determine an individual's identity, including aggregated and de-identified data.
This Policy governs all such data, whether obtained directly or indirectly, in connection with Fini's website, products, APIs, or Services.
Principles for Processing Personal Data
Fini incorporates the following principles in how we collect, process, and store personal and non-personal data:
processed lawfully, fairly, and in a transparent manner;
collected for specific, explicit, legitimate, and limited purposes;
adequate, relevant, and limited to what is necessary;
accurate and, where necessary, kept up to date;
kept in an identifiable form for no longer than is necessary;
processed in a manner that ensures appropriate security and confidentiality;
not used to train or improve foundational or shared AI models. Customer Data is processed solely to provide and support the Services. Per-instance learning is permitted only within a Customer's dedicated environment and only with the Customer's explicit written authorization.
Security of Data
Fini implements technical and organizational measures designed to protect personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures include:
encryption of data at rest and in transit;
role-based access controls and least-privilege access;
dedicated processing environments per customer, with masking of PII before processing;
logging, monitoring, vulnerability scanning, and incident response procedures;
regular employee training on data protection and security;
written contracts with subprocessors binding them to equivalent standards.
Our security posture is detailed at security.usefini.com.
Data subject rights
To adequately protect the personal data collected and processed by Fini, you must understand the rights that data subjects are entitled to.
Listed below are the data subject rights that we adhere to:
1) Right to be informed The right to know how personal data is used in clear and transparent language.
2) Right of access The right to know and have access to the personal data held about an individual.
3) Right to data portability The right to receive and transfer data in a common and machine-readable electronic format.
4) Right to be forgotten The right to have personal data erased.
5) Right to rectification The right to have data corrected where it is inaccurate or incomplete.
6)Right to object The right to complain and to object to processing.
7) Right to restriction of processing The right to limit the extent of the processing of personal data according to an individual’s wishes.
8) Rights related to automated decision-making and profiling The right not to be subject to decisions without human involvement.
9) Right to non discrimination The right to not be discriminated against for an individual exercising his/her rights
Where you are an end-user of one of Fini's business customers, your rights are exercised through that business as the Data Controller. Fini will assist the Customer in responding to your requests, as set out in our DPA. For data where Fini is the Data Controller (e.g., website visitors, account administrators), you can exercise your rights directly by emailing legal@usefini.com.
Staff Training
Fini ensures that its employees receive and attend the required data protection training, including thecontent and handling of this Policy, if they have constant or frequent access to personal data, areinvolved in the collection of data, or in the development of tools used to process personal data. Therequirements of Data Protection and Data Compliance must be observed. All Fini staff are required to acknowledge on an annual basis that they have attended the Data-Protection training and understand the Data Protection Policy.
Non-Compliance
Customers and individuals interacting with the Fini depend on us to protect the personal data they share with us. To uphold their trust in us, it is important to have appropriate penalties for any violations of our Data Protection Policy. Fini management will determine how serious an employee’s offense is and decide the appropriate penalty. Penalties may include a warning (oral/written) or suspension or termination for more serious offenses.
Your Data Protection Rights Under General Data Protection Regulation (GDPR)
If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at https://eur-lex.europa.eu/eli/reg/2016/679/oj
We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please email us at legal@usefini.com.
In certain circumstances, you have the following data protection rights:
a) the right to access, update or to delete the information we have on you;
b) the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;
c) the right to object. You have the right to object to our processing of your Personal Data;
d) the right of restriction. You have the right to request that we restrict the processing of your personal information;
e) the right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format;
f) the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information;
Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide Service without some necessary data.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
Your Data Protection Rights Under California Privacy Protection Act (CalOPPA)
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivable the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3/
According to CalOPPA we agree to the following:
a) users can visit our site anonymously;
b) our Privacy Policy link includes the word “Privacy”, and can easily be found on the page specified above on the home page of our website;
c) users will be notified of any privacy policy changes on our Privacy Policy Page;
d) users are able to change their personal information by emailing us at legal@usefini.com.
Our Policy on “Do Not Track” Signals: We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Your Data Protection Rights under the California Consumer Privacy Act (CCPA)
If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:
(a) What personal information we have about you.
If you make this request, we will return to you:
i) The categories of personal information we have collected about you.
ii) The categories of sources from which we collect your personal information.
iii) The business or commercial purpose for collecting or selling your personal information.
iv) The categories of third parties with whom we share personal information.
v) The specific pieces of personal information we have collected about you.
vi) A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your personal information, we will inform you of that fact.
vii) A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.
Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.
(b) To delete your personal information.
If you make this request, we will delete the personal information we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain functions that require your personal information to operate.
(c) To stop selling your personal information.
We don't sell or rent your personal information to any third parties for any purpose. You are the only owner of your Personal Data and can request disclosure or deletion at any time. Please note, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require the usage of your personal information to function. But in no circumstances, we will discriminate against you for exercising your rights. To exercise your California data protection rights described above, please send your request(s) by one of the following means: By email: legal@usefini.com
Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020.
Questions
If you have any questions regarding this policy, please reach out to legal@usefini.com
Changes to This Data Protection Policy
We may update our Data Protection Policy from time to time. We will notify you of any changes by posting the new Data Protection Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update “effective date” at the top of this Policy. You are advised to review this Data Protection Policy periodically for any changes. Changes to this Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, please contact us by email: legal@usefini.com.