Last Updated Date: August 29, 2024
Introduction
At Finanshels, we take data protection and privacy seriously. We are committed to complying with the General Data Protection Regulation (GDPR) and other relevant data protection laws. This policy outlines our approach to data privacy and details the processes we follow to protect the personal data of our clients and users who interact with the Finanshels Client Portal.
At Finanshels.com, we prioritize the privacy and security of your personal data. This GDPR Privacy Policy outlines our commitment to protecting your privacy rights in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). It describes how we collect, use, store, and protect your personal data, and explains your rights regarding your personal data.
Data Controller Information
The data controller responsible for the processing of personal data in relation to the Finanshels Softwares is:
Finanshels Accounting Technologies LLC-FZ
in5, Dubai, UAE
Email: legal@finanshels.com
Phone: +971-50 487 1229
Personal Data We collect
We collect and process the following categories of personal data:
- Contact Data: Email address, phone numbers (including WhatsApp), postal addresses.
- Business Data: Company name, trade license number, MOA/AOA documents, VAT certificate, ownership details, business activity information.
- Technical Data: IP addresses, browser types and versions, time zone settings, operating system details, and other technology used to access our portal.
- Usage Data: Information on how you use our portal, including page interactions, form submissions, and service usage.
- Personal Identification Information: Name, address, email, phone number, job title, Emirates ID, Passport details, Nationality, Date of birth, company name, tax identification numbers, and any other identification data provided during account creation or onboarding.
- Financial Data: Financial reports, transaction data, account balances, tax filings, invoices, sales data, and integration data from third-party accounting software (e.g., QuickBooks, Xero).
- Compliance Data: Details related to tax jurisdictions, compliance obligations, filing statuses, deadlines, and reminders.
- Communication Data: Records of interactions, support tickets, secure messages exchanged within the platform, and correspondence history.
- Behavioral Data: Usage patterns, login information, IP addresses, browser type, operating system, and user interaction data for enhancing user experience.
- Sensitive Data (if applicable): Financial advisors' recommendations, tax filings, and any other data classified as sensitive under GDPR.
Legal basis for processing
We process your personal data based on the following legal grounds:
- Legitimate Interests: Processing is required to pursue the legitimate interests of Finanshels, such as enhancing our services, improving user experience, ensuring the security of our portal, and handling legal claims.
- Compliance with Legal Obligations: Processing is necessary to comply with legal obligations, such as tax regulations, anti-money laundering laws, and other regulatory requirements.
- Performance of a Contract: To fulfill our contractual obligations to you as a client, including providing access to our platform, generating financial reports, and maintaining compliance calendars, including the provision of VAT and CT registration, VAT filing, and other tax-related services.
- Consent: For processing activities that require consent, such as marketing communications or sensitive data handling. Consent can be withdrawn at any time.
- Legal Obligation: To comply with applicable laws, tax regulations, and legal proceedings, including anti-money laundering (AML) and know-your-customer (KYC) requirements.
How we use the data
We use your personal data for the following specific purposes:
- Service Provision and Account Management: Creating and managing user accounts, facilitating integrations with third-party financial software, and providing financial health assessments and KPIs.
- Financial Analysis and Reporting: Automated and manual generation of financial reports (e.g., balance sheets, income statements, cash flow statements), customized reporting options, and predictive financial modeling.
- Tax and Compliance Management: Generating tax and compliance calendars, tracking jurisdiction-specific deadlines, sending reminders, and providing compliance guidance.
- Communication and Support: Enabling secure communication between clients and the Finanshels team, providing customer support, resolving issues, and maintaining service quality. To keep you informed about your account, updates to our services, and other relevant information via email, WhatsApp, and other communication channels.
- Marketing and User Engagement (with Consent): Sending newsletters, updates, and promotional materials, conducting surveys, and enhancing customer relationships through targeted communication strategies.
- Data Analytics and Product Development: Analyzing user behavior, preferences, and engagement to improve our platform's features, user experience, and security measures.
- Regulatory Compliance: To meet our legal and regulatory obligations, including financial reporting, tax compliance, and anti-money laundering requirements.
- Fraud Prevention: To detect, prevent, and respond to fraud, unauthorized activities, and other legal claims.
Data Sharing and Third-Party Access
We may share your personal data with the following categories of recipients:
- Service Providers and Data Processors: We engage trusted third-party service providers to assist us in providing services, such as cloud hosting, email communication, customer support, data analytics, and payment processing. These providers are contractually obligated to protect your data and only process it on our behalf and according to our instructions.
- Legal and Regulatory Authorities: We may disclose personal data to comply with applicable laws, regulations, legal processes, or government requests.
- Business Transfers: In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the acquiring entity, subject to standard data protection measures.
- Professional Advisers: We may share your data with our legal, financial, and business advisors to comply with our legal obligations and ensure business continuity.
- Data Transfers Outside the EEA: If your data is transferred outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or Privacy Shield certification, to protect your personal data.
International Data Transfer
We are committed to ensuring your personal data receives adequate protection when transferred outside the European Economic Area (EEA). Transfers are conducted under the following safeguards:
- Adequacy Decisions: Where the European Commission has recognized the third country as providing an adequate level of data protection.
- Standard Contractual Clauses (SCCs): Implementing EU-approved SCCs with recipients to ensure your personal data is protected by GDPR standards.
- Binding Corporate Rules (BCRs): For intra-group data transfers, we employ BCRs to maintain a consistent level of data protection.
Data Retention and Deletion Policy
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Retention periods vary depending on the type of data and the purpose of processing, but are generally defined as follows:
- User Account Data: Retained for the duration of your account’s active status and for a period of 10 years after account closure.
- Client Financial Data: Retained for 7 years following the termination of the client relationship or as required by applicable law.
- Tax and Financial Data: Retained for a minimum of 5 years to comply with tax and accounting regulations.
- Communications Data: Retained for 3 years after the last interaction unless required longer for legal or regulatory purposes.
- Marketing Data: Retained until the user withdraws consent or objects to data processing.
Data is securely deleted or anonymized when it is no longer required for these purposes.
Data security Measures
We implement a comprehensive range of technical, organizational, and administrative measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction, including:
- Encryption: All sensitive data is encrypted at rest and in transit using industry-standard encryption protocols.
- Access Controls: Strict access controls are in place to limit access to personal data to authorized personnel only. Multi-factor authentication is used to enhance the security of access.
- Regular Audits: We conduct regular security audits and vulnerability assessments to identify and address potential security risks.
- Data Minimization: We only collect and process data that is necessary for the purposes outlined in this policy.
- Incident Response: We have an incident response plan in place to promptly address any data breaches or security incidents.
Data Subject Rights Under GDPR
As a user, you have the following rights concerning your personal data:
- Right to Access: You can request access to your personal data held by us, along with information on how it is processed.
- Right to Rectification: You have the right to request corrections to any inaccurate or incomplete personal data.
- Right to Erasure ("Right to be Forgotten"): You can request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
- Right to Restrict Processing: You have the right to restrict the processing of your data under certain conditions, such as when you contest the accuracy of the data or object to its processing.
- Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format or have it transferred to another controller.
- Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes or on grounds related to your particular situation.
- Right to Withdraw Consent: If processing is based on consent, you can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to Lodge a Complaint: If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your country of residence.
To exercise these rights, please contact our Data Protection Officer at meet@finanshels.com. We will respond to all legitimate requests within one month.
Use of Cookies and Tracking Technologies
Our portal uses cookies and similar tracking technologies to enhance user experience and analyze usage patterns.
- Types of Cookies: We use session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted).
- Purpose of Cookies: Cookies help us understand how you interact with our portal, personalize your experience, and improve our services.
- Third-Party Cookies: We may allow third-party service providers to place cookies on your device for the purpose of providing analytics and other services.
- Managing Cookies: You can manage or disable cookies through your browser settings. Please note that disabling cookies may affect the functionality of our portal.
- Cookie Policy: For more information on how we use cookies, please refer to our detailed Cookie Policy.
Data Protection Impact Assessments (DPIAs)
In cases where data processing is likely to result in a high risk to the rights and freedoms of individuals, we conduct a Data Protection Impact Assessment (DPIA) to evaluate and mitigate those risks. DPIAs are conducted in accordance with GDPR guidelines and include:
- Identifying the Scope: Understanding the nature, scope, context, and purposes of the processing.
- Assessing Risks: Evaluating potential risks to data subjects, including the severity and likelihood of these risks.
- Mitigating Risks: Implementing measures to address identified risks and ensure compliance with GDPR requirements.
- Review and Monitoring: Regularly reviewing DPIAs and updating them as necessary, particularly when there are significant changes to processing activities.
Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the Supervisory Authority: We will notify the relevant data protection authority within 72 hours of becoming aware of the breach.
- Inform Data Subjects: If the breach is likely to result in a high risk to your rights and freedoms, we will promptly inform you, describing the nature of the breach, its consequences, and the measures taken to mitigate the impact.
- Contain and Remedy: We will take immediate steps to contain the breach, mitigate its effects, and prevent future occurrences.
Third Party Processors
We work with third-party processors who provide services that help us operate the client portal and deliver our services to you. We ensure that these processors:
- Are GDPR-Compliant: We only engage processors who comply with GDPR and have implemented appropriate security measures.
- Sign Data Processing Agreements: We have data processing agreements in place with all third-party processors, outlining their obligations and responsibilities in handling your data.
- Undergo Regular Audits: We conduct regular audits and assessments of third-party processors to ensure ongoing compliance with data protection standards.
Childrens' Data
Our services are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child’s personal data has been collected without parental consent, we will take steps to delete such information promptly.
Regulatory Audits and Reviews
We are committed to continuously improving our data protection practices. To this end, we:
- Conduct Regular Audits: We perform internal and external audits to assess our compliance with GDPR and identify areas for improvement.
- Review and Update Policies: Our GDPR policy is reviewed annually, or whenever there are significant changes to our data processing activities, legal requirements, or industry best practices.
- Employee Training: All employees undergo regular training on GDPR requirements, data protection principles, and secure data handling practices.
Finanshels may modify these Terms at any time. Any changes will be effective immediately upon posting of the revised Terms. Your continued use of the Services following the posting of any changes constitutes your acceptance of such changes.
Changes to this policy
This policy may be updated from time to time to reflect changes in our data processing practices, legal requirements, or industry standards. We will notify you of any significant changes via email and through our client portal. The updated policy will include the effective date, and continued use of our services after this date constitutes acceptance of the updated policy.
Contact Informations and Complaints
If you have any questions, concerns, or complaints about this policy or our data processing practices, please contact us at:
Data Protection Officer
Meet Patel
in5 Tech, Dubai, UAE
Email: meet@finanshels.com
Phone: +91 7874641414
If you are not satisfied with our response, you have the right to lodge a complaint with a data protection supervisory authority, such as the European Data Protection Board (EDPB) or your local data protection authority.