www.finabee.com
Effective date: 1st May 2024
- Introduction
- This Privacy Policy (“Policy”) outlines how Finabee Ltd. (“Finabee,” “we,” “us”) collects, uses, shares, and protects your Personal Data when you use our mobile application (“App”), our website located at www.finabee.com (“Website”), and related services (collectively the “Service”).
- We are committed to respecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
- By using the Service, you consent to the collection, use, and sharing of your Personal Data as described in this Policy.
- Definitions
- “Personal Data” means any information that identifies or could reasonably be used to identify you as an individual. This includes, but is not limited to, your name, email address, date of birth, IP address, and device information.
- “Processing” refers to any action performed on Personal Data, including collecting, storing, using, disclosing, transferring, or deleting.
- “Controller” means the entity responsible for determining the purposes and means of Processing Personal Data. Finabee is the Controller of your Personal Data.
- “Data Subject” means the individual whose Personal Data is being Processed. You are the Data Subject in this context.
- Data We Collect
We may collect the following types of Personal Data:
- Identifiers: Name, email address, date of birth.
- App Usage Data: Activities completed within the App, quiz scores, forum interactions, progress tracking.
- Device and Technical Information: IP address, browser type, operating system, device ID.
- Location Data: If specifically enabled by you, approximate location data may be collected to tailor specific learning content or features.
- Payment Information: If subscriptions or in-app purchases are implemented, we will work with secure payment processors. Finabee will not directly store full credit/debit card details.
- Other Data: Any additional information you choose to provide, such as feedback, survey responses, or communication with our customer support team.
- How We Collect Data
- Directly from You: We collect Personal Data you provide when you register for an account, update your profile, participate in surveys, contact customer support, or interact with specific features of the Service.
- Automatically: We collect certain data automatically as you use the Service, such as App usage data and device information. This may be collected through cookies and similar tracking technologies (see our Cookie Policy for more information).
- Third-Party Sources: In limited circumstances, we may receive Personal Data from third-party partners (such as analytics providers or, in the future, voucher partners). We will only obtain data from reputable sources that have appropriate safeguards in place.
- Purposes for Processing User Data
We Process your Personal Data for the following purposes:
- Service Provision and Improvement: To operate, maintain, personalize, and improve the Service and its features.
- Account Management: To create and manage your user account and verify your identity.
- Customer Support: To provide support, troubleshoot issues, and respond to your inquiries.
- Security and Fraud Prevention: To protect the security of the Service and your Personal Data, and to detect and prevent fraudulent activity.
- Analytics: To understand how users interact with the Service, identify trends, and make data-driven improvements. (We will provide clear opt-out mechanisms for analytics tracking).
- Marketing Communications: To send you promotional information, offers, and updates about Finabee, but only with your explicit consent.
- Legal Compliance: To comply with legal obligations, court orders, or other lawful requests.
- Legal Basis for Processing
We rely on the following legal bases under the GDPR to Process your Personal Data:
- Consent: For certain purposes, like marketing communications, we will rely on your freely given and specific consent. You can withdraw consent at any time.
- Contractual Necessity: Processing may be necessary to fulfill a contract with you (e.g., providing core Service features).
- Legitimate Interests: In some cases, we may Process your data where it is necessary for our legitimate interests, and these interests do not override your privacy rights. Our legitimate interests include improving the Service, security, and analytics.
- Legal Obligations: We may Process data when necessary to comply with legal or regulatory requirements.
- Data Sharing with Third Parties
- Partner Companies: If and when Finabee partners with companies for voucher redemption or similar rewards, we may share limited Personal Data with them to facilitate these rewards, but only with your explicit and separate consent for each instance.
- Legal Compliance: In exceptional circumstances, we may disclose Personal Data to comply with legal obligations, including requests from law enforcement or regulatory agencies.
- Business Transfers: In the event of a merger, acquisition, or similar transaction, we may transfer Personal Data to the successor organization, subject to appropriate safeguards.
- Data Security
- We implement technical and organizational measures to protect your Personal Data from unauthorized access, use, disclosure, alteration, or destruction. These measures may include:
- Encryption of data in transit and at rest
- Access controls and restrictions
- Regular security assessments and updates
- Incident response plans in case of a breach
- While we take reasonable precautions, please understand that no security system is perfect. It’s important for you to protect your account credentials and be cautious about sharing Personal Data over public networks.
- User Rights Under GDPR
- You have the following rights under the GDPR regarding your Personal Data:
- Right to Access: You have the right to obtain confirmation of whether we hold your Personal Data and access a copy of it.
- Right to Rectification: You can request corrections to any inaccurate or incomplete Personal Data we hold about you.
- Right to Erasure (“Right to be Forgotten”): Under certain circumstances, you can request that we delete your Personal Data.
- Right to Restrict Processing: You may request that we limit the Processing of your Personal Data under specific circumstances.
- Right to Data Portability: You have the right to receive your Personal Data in a structured, machine-readable format and transmit it to another Controller.
- Right to Object: You have the right to object to the Processing of your Personal Data, including objection to direct marketing or profiling.
- Rights related to Automated Decision Making: If Finabee employs automated decision-making (e.g., sophisticated algorithms for personalized learning), you will have rights to understand the logic involved and the potential impact of such decisions.
- Data Retention
- We retain Personal Data for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. Retention periods may vary based on the type of data and its purpose.
- In general, we will retain account information while your account is active. App usage data may be retained for longer periods for analytics and service improvement, often in anonymized form.
- Upon request, we will assess whether earlier deletion of your data is feasible, taking into account legal obligations and our technical capabilities.
- Children’s Privacy
- Finabee recognizes the importance of protecting children’s online privacy. Our Service is designed for use in a parent-supervised environment, and we tailor our data collection practices based on the child’s age.
- Age of Digital Consent: We adhere to the age of digital consent in the UK, as defined in the Data Protection Act 2018. If our Service includes features for children under this age, we will implement appropriate mechanisms to obtain verifiable parental consent before collecting, using, or sharing their Personal Data.
- Data Collection Limits: We limit Personal Data collection from children to the minimum necessary to provide the Service.
- Parental Rights: Parents have the right to access, rectify, or request deletion of their child’s Personal Data, and to withdraw consent at any time. We will provide clear instructions on how to exercise these rights.
- International Data Transfers
- Personal Data may be transferred to, stored, and processed outside of the UK or the European Economic Area (EEA) where our service providers or partners are located.
- We ensure data transfers only occur to countries deemed to have adequate levels of data protection, or with appropriate safeguards in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Privacy Shield certification (if applicable for transfers to the US)
- Binding Corporate Rules for intra-company transfers
- Data Protection Officer (DPO)
- Our Data Protection Officer (DPO) can be reached at:
- Name: Joshua Mears
- Email: [email protected]
- Cookies & Tracking Technologies
- Explanation: We use cookies and similar technologies (pixels, web beacons) to improve the Service, understand usage, and personalize features. Cookies are small text files stored on your device.
- Your Control:
- Our Cookie Policy details how to manage cookies through browser settings.
- We will offer granular cookie consent mechanisms where feasible.
- Marketing Communications
- Opt-In Principle: We will only send marketing communications (email, in-app notifications) with your explicit consent. You’ll have clear opt-in choices during account setup or later in your settings.
- Unsubscribe: Every marketing communication will include a simple way to unsubscribe or adjust your preferences.
- Breach Notification
- In the event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay.
- We will also inform the Information Commissioner’s Office (ICO) as required by law, within the stipulated timeframe.
- Complaints & Supervisory Authority
- If you have privacy concerns, please first contact us at: [email protected] We will do our best to resolve the issue.
- You have the right to lodge a complaint with the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO):
- Website: https://ico.org.uk/concerns/
- Phone: 0303 123 1113
- Privacy Policy Updates
- We may update this Policy from time to time to reflect changes in our practices or legal requirements.
- If significant changes occur, we’ll notify you via email, in-app notifications, or a prominent notice on our Website. We encourage you to review this Policy periodically.
- Contact Us
- For questions or concerns regarding this Privacy Policy or our data practices, please contact us at:
- Email: [email protected]