flinco is the trading name of the company Flinco Capital S.L. . flinco is registered with the Spanish companies register (registration number B16998676), and with a registered address at Plaza del Gas, 1, 08003 Barcelona, Spain. flinco’s approach is represented by security, confidentiality and continuous protection of personal data (the “Data”) of the users of its services, in accordance with European regulations. For the purposes of data protection law, we are a data controller in respect of the personal data we receive from you, or otherwise collect about you, and we are responsible for ensuring that we use your personal data in compliance with applicable data protection laws in the EU, European Economic Area (EEA).The purpose of this policy is to inform you of the rules that we apply with regard to Data protection. More specifically, what information flinco collects about you and how flinco uses your personal data when you open an account with us, use the flinco platform, our cards, or our website and how you can exercise your rights regarding this data.
• We apply a strict policy to ensure the protection of your Data.
• We do not sell your Data to third parties.
• We ensure that your Data is always safe and secure.
• When we use the term personal data, we refer to any information which can be used to personally identify you (for example, a combination of your name and postal address).
• If you give us personal data about other people (like Directors, owners, or employees), you confirm that you’ve been authorised by them to disclose this information, and that they understand how we’ll use their personal data.
This policy complements the payment services master agreement. It covers the use of: our flin.co website and the services accessible from this siteour iOS and Android mobile applications as soon as you download them to your mobile device This policy also covers contacts through social networks by flinco’s Customers or prospects, as well as prospects contacted by flinco (or its subcontracting partners), by email and/or telephone.
Data are collected based on a legal basis provided by the GDPR, namely your consent to the processing of your Data, when the processing of your Data is necessary for the performance of the contract by flinco or in order to take steps at your request prior to entering into a contract, based on a legal obligation or a legitimate interest of flinco (specifically for the purposes of risk management or the improvement of our offers and services according to the preferences of the Customers).In short: flinco will collect and use specific types of information about you at different times. We will collect personal data when you interact with us, for example through our website or the flinco platform if you have an account with us, when you apply for a job, or use a service that integrates with flinco. In some cases, we will also collect information about you from third parties.If you want more detail, here is the information we may collect about you:
3.1 When you apply for a flinco account
• Personal details, such as the full name and date of birth of the applicant (authorised representative of the company), the Director(s), and any ultimate beneficial owners of the relevant company
• Contact details, such as the address of the applicant, Director(s), any ultimate beneficial owners, and the applicant’s email
•Information about your identity, such as a copy of your passport or relevant identification verification document.
3.2 Information we collect or generate about you when you use the flinco platform and card
• Information about your flinco cards, including the card number, expiry date, and CVC
• Details about transactions made with your flinco card and on integrated accounts, including the date, time, amount, currencies, exchange rate, beneficiary details, details of the merchant or ATMs associated with the transaction (including merchants’ and ATMs’ locations), IP address of sender and receiver, sender's and receiver's name and registration information, messages sent or received with the payment, details of device used to arrange the payment, and the payment method used.
3.3 Information we collect or generate when you get in touch with us
• Your email when you contact us via the flinco chat
• Your email address and the contents of your communication
• Public details from your social media profile (e.g. Facebook) if you reach out to us via these platforms, and the contents of your messages or posts to us.
3.4 Information we collect from your device
• IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our site, and other technical information.
This information is primarily collected for security and operational purposes, or analytics.
3.5 Information we collect from third partiesWhen you register with us, we also run checks on your records at:
• fraud prevention agencies, KYC (Know-Your-Customer) and anti-money laundering service providers to meet our regulatory obligations, and credit reference agencies to help us verify your identity, determine whether we can offer you our services, and calculate your risk profile.
The information includes financial transactions, balances, identity and investments. Bear in mind that this is a “soft search”and will have no impact on your credit score.
For enhanced due diligence checks, KYC purposes, or market research, flinco may also collect personal data from publicly available sources, such as official public records and information published in the press or on social media.
In short: flinco uses your personal data to carry out its operations smoothly and offer you our services, to make sure that we meet all our contractual obligations, to keep both our customers and flinco safe and secure, and comply with all applicable regulations.We only process your Data for specific, explicit and legitimate purposes. The purposes pursued are as follows:
• For the purposes of the service, specifically for the performance of the payment services master agreement that you sign with us when you open a flinco payment account. For example, this enables us to enable you to make withdrawals, transfers, and to obtain and use your flinco payment card.
• For the management of the payment account and the payment instruments made available to you.
• To prevent, investigate and detect fraud, money laundering and/or financing of terrorism, specifically to verify the identity of the Customer or the person opening the account and to secure your payments and access to your account.
• To deal with your complaints, according to the procedure we implement.
• To improve the service we offer you and to provide you with new features.
• We also collect and process Data for other purposes:To comply with legal and regulatory obligations, specifically in the context of the fight against money laundering and the financing of terrorism, requiring us to identify you and verify your identity when you open a flinco payment account.
• To keep you informed about the changes in the service we offer, including new features in the flinco account or new partnerships.
• To facilitate your interactions with our services, specifically with our customer support, and to be able to help you in the best conditions.
• To improve your navigation on our website or the use of our applications and to ensure that the content we display is tailored to your needs.
• To allow you to give us your opinion on the services we offer you in order to constantly improve them.
• To provide you with offers of products or services that are similar or that may be of interest to you, offered by us or our partners.
• To ensure the security of your Data and operations.Subject to your prior consent, to allow you to automatise certain tasks by connecting your flinco account to third party applications.
• To improve our quality of service, we may also record your telephone communications with our customer support.
• Sometimes flinco will share your personal data with companies that we do business with, with credit reference, fraud prevention and law enforcement agencies, and with our regulators.
4.1 Companies that provide services to flinco
In order to be able to offer our services and deliver a smooth and tailored experience to you, we have business relationships with a number of companies with whom we share your personal data. flinco will only share as little information as possible with the third parties mentioned below:KYC service providers that help us with verifying your identity and carry out fraud checks (TruNarrative)Cloud computing power and storage providers (Amazon Web Services)Cyber security service providers (Auth0)Website hosting providers (Amazon Web Services)Analytics providers and search information providers (Google Analytics)Communications services providers that help us stay in touch with you and providecustomer service (HubSpot, Chili Piper)Companies that help us with marketing and advertising (Facebook Audience Network,Facebook Advertising, Google AdSense, Snapchat, Google Ads Remarketing andFacebook Remarketing)Companies that allow you to connect your financial data (Token.io, Plaid)Companies that help us with functionality and infrastructure optimisation (Kickofflabs,Zapier, GetResponse)Card producers and networks (allpay cards)Banking-as-a-Service provider (Railsbank)
4.2 Fraud prevention agencies
flinco will share your personal data with fraud-prevention agencies to verify your identity when you apply for an account with us. While you are our customer, we might need to share your information with them to assist in preventing fraud and money laundering when it is in our legitimate interest. Bear in mind that if fraud is detected, other organisations might also use this information to refuse their services, finance, or employment.
4.3 Law enforcement and other external parties flinco may share your personal data with the following:
• Police, courts, alternative dispute resolution bodies, and any other third party (for example, our regulators) to meet our legal obligations.
• Other financial institutions, such as banks or e-money institutions, to assist their investigation of tracing your funds in case you have been a victim of fraud or there is an ongoing dispute claim about a payment.
• Competent authorities that carry out financial crime, money laundering, terrorism and tax evasion investigations, if we are required to do so.
All personal data is stored on our secure servers in accordance with the General Data Protection Regulation within the EEA. In limited situations, personal data may temporarily be stored outside the EEA
flinco has adopted a series of robust technical and organisational security measures designed to protect your personal data from any unauthorised access, use or disclosure of it. flinco employees receive data protection and information security training in accordance with data protection legislation.
Although we take all reasonable steps to ensure that your personal data is secure and treated with the highest level of care, we cannot guarantee that it will be secure during transmission by you to the flinco platform, website, or other services.
You need to keep your login information to the flinco platform confidential and not share it with anyone.
When you interact with our social network accounts, such as our Facebook Community page, remember that any personal data you share in this space will become publicly available, and thus could be seen, collected, or used by other customers
We store your Data only as long as necessary for the purposes for which they were collected. In accordance with our obligations in the fight against money laundering and the financing of terrorism, your transaction data will be stored for a period of five years following the closure of your account and the end of our contractual relationship.
With regard to the telephone communications that we record, these will be stored for a maximum period of 60 days as from the recording.
8.1 Your Rights
In accordance with the applicable regulations, you have rights when your Data is processed:
• Right of access: you have the right to obtain confirmation from us as to whether or not Data concerning you are being processed and to receive a copy of all the Data that we hold on you under the conditions provided for in Article 15 of the GDPR.
• Right to portability: when the processing is based on your consent or on a contract and is carried out using automated processes, you may, under the conditions provided for in Article 20 of the GDPR, receive from us Data concerning you in a structured, commonly used and machine-readable format, in particular for the purposes of transmit Data to a third party. Where technically possible, you also have the right to have your Data transmitted directly to this third party.
• Right to rectification: in accordance with article 16 of the GDPR, you have the right to request the rectification of the Data we hold on you if the latter are incomplete or inaccurate. In this case, we may ask you to verify the new Data provided.
• Right to be forgotten: if one of the reasons provided for in Article 17 of the GDPR allows it, you can ask us to erase your Data. The applicable regulations provide for exceptions to the exercise of this right, specifically when processing is necessary to comply with a legal obligation that requires the processing of your Data, such as the fight against money laundering and the financing of terrorism.Right to restriction: in the cases provided for in article 18 of the GDPR, you can obtain from us the restriction of the processing of your Data.
• Right to object: in accordance with Article 21 of the GDPR, you may object at any time for reasons relating to your particular situation to the processing of your Data based on our legitimate interest, including for profiling purposes, except for legitimate and compelling reasons that would prevail or for the establishment, exercise or defence of rights in court. When your Data is processed for marketing purposes, you have the right to object at any time to such processing, including profiling related to such marketing.
• Right to withdraw your consent: where it constitutes the legal basis for the processing of your Data, you have the right to withdraw your consent to the processing of your Data at any time, which shall not render unlawful any prior processing based on such consent.
• Right related to automated decision-making and profiling: you have the right not to be subject to a decision based exclusively on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way. This right is subject to exceptions as provided for in Article 22 of the GDPR, in particular where automated decision making or profiling is necessary for entering into, or performance of, a contract. In this case, the data subject retains the right to obtain human intervention by the data controller, to express his or her views and to challenge the decision.
• Right to lodge a complaint: you can lodge a complaint with the supervisory authority located in the Member State where you are, in France this is the CNIL (Commission Nationale de l’Informatique et des Libertés).
• Right to issue advance directives: you have the right to issue directives concerning the storage, erasure and communication of your Data after your death. These directives are either general or specific.