Privacy Policy for End Users

Effective Date: January, 2021

This Privacy Policy (the “Policy”) explains how AANDB Tech, Inc. (“Finconecta”, “we”, “our”, and “us”) collects, uses, and shares information about you and the entity you represent in connection with your access to or use of Finconecta’s websites, platforms and/or our other products and services (collectively, the “Finconecta Offerings”), and in connection with any other information we collect when you interact with us.

This Policy applies to all of the information we may collect, generate or otherwise received as a result of your interactions with us through any of the Finconecta Offerings. The “Finconecta Offerings” include 4wrd, OpenBanking Live, OpenBanking Lab, OpenBanking Pro, Finconecta’ s Developer Portal and FinGateway.

This Policy does not apply to any third party applications or software that integrate to any of the Finconecta Offerings (“Third Party Services”), or any other third party products, services or businesses.

Background

At Finconecta we have developed a series of digital platforms built on the foundation of the most modern and reliable technological infrastructure of APIs and ESB, creating agnostic, modular, flexible, and scalable structures capable of delivering simple, fast, and efficient integration capabilities. Our products seamlessly integrate any IT stack, enabling access to third party solutions provided across the world. We have applied this technology to develop the Finconecta Offerings.

This Policy provides a roadmap of the information Finconecta collects from and about its end users (“End User Information”), from how the End User Information is collected to how it may be used and shared. This Policy describes how we treat your End User Information.

Please note that this Policy only covers the information that we collect, use and share. It does not explain what digital solutions or other third parties may do with any End User Information you or we provide to them. This Policy does not cover any websites, products, or services provided by such digital solutions or other third parties.

Data Practices

End User Information and its Sources

Finconecta collectes identifiers, electronic network activity information, inferences and other types of End User Information.

Information you provide. When an end user connects to any of our products or services, we collect identifiers and login information, such as your username and password, or a security token. 
We may also collect your phone number, email address, security questions and answers, and one-time password (OTP) to help verify your identity before granting you access to your account. You may also provide us with identifiers and other information, including your name, email address, and phone number, when you contact us or enter any such information on our websites.

Information we receive from your devices. When you use your device to connect to our services, we receive identifiers and electronic network activity information about that device, including IP address, hardware model, operating system, which features within our services you access, and other technical information about the device. We also use cookies or similar tracking technologies to collect usage statistics and to help us provide and improve our services. You can find more information about how we use cookies and your related choices in our Cookie Policy.

Information we receive about you from other sources. We also receive identifiers and other information about you directly from the digital solutions that provide services to you through the Finconecta Offerings, including our service providers and identity verification services. For example, digital solutions may provide information such your transactions using their services.

Inferences we derive from the data we collect. We may use the information we collect about you to derive inferences.

How We Use Your Information

We use your End User Information mainly to operate, improve, and protect the Finconecta Offerings, and to develop new services. More specifically, we use your End User Information:
– To operate, provide, and maintain our services;
– To improve, enhance, modify, add to, and further develop our services;
– To protect you, digital solutions, our partners, Finconecta, and others from fraud, malicious activity, and other privacy and security-related concerns;
– To develop new services;
– To provide customer support to you or to the digital solutions, including to help respond to your inquiries related to our service or the digital solutions’ applications;
– To investigate any misuse of our service or the digital solutions’ applications, including violations of our Terms of Use, this Policy or other unauthorized access to our services; and
– For other notified purposes with your consent.

Legal Bases for Processing End User Information (EEA and UK End Users Only)

For individuals in the European Economic Area (“EEA”) or the United Kingdom (“UK”), our legal basis for processing your End User Information will depend on the type of information and the context in which we collected or processed it. Generally, however, we will normally only collect and process End User Information:
1. we need to fulfill our responsibilities and obligations in any contract or agreement with you (for example, to comply with our Terms of Use or Platform as a Service Agreement);
2. to comply with our legal obligations under applicable law;
3. when the processing is necessary for our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (for example, to safeguard our services; to communicate with you; or to provide or update our services); and
4. when you have given your consent to do so.

To the extent we rely on consent to collect and process End User Information, you have the right to withdraw your consent at any time per the instructions provided in this Policy.

Sharing of End User Information
We share your End User Information for a number of business purposes:
– With the digital solutions you are using through the Finconecta Offerings and as directed by such digital solutions (such as with another third party if directed by you);
– To enforce any contract with you;
– With our data processors and other service providers, partners, or contractors in connection with the services they perform for us or for the digital solutions you use through any of our Finconecta Offerings;
– If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena);
– In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
– As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, the digital solutions, our partners, Finconecta, and others; or
– For any other notified purpose with your consent.

We may collect, use, and share End User Information in an aggregated, de-identified, or anonymized manner (that does not identify you or the entity you represent personally) for any purpose permitted under applicable law. This includes creating or using aggregated, de-identified, or anonymized data based on the collected information to develop new services and to facilitate research.

We do not sell or rent personal information that we collect.

Retention of End User Information

We retain End User Information for no longer than necessary to fulfill the purposes for which it was collected and used, as described in this Policy, unless a longer retention period is required or permitted under applicable law. As permitted under applicable law, even after you stop using the services of a digital solution through any of the Finconecta Offerings or terminate your account with one or more digital solutions, we may still retain your information (for example, if you still have an account with another digital solution). However, your information will only be processed as required by law or in accordance with this Policy.

Please refer to the “Your Data Protection Rights” section for options that may be available to you, including the right to request deletion of End User Information. You can also contact us about our data retention practices using the contact information below.

International Data Transfers
We operate internationally, and as a result, will transfer the information we collect about you across international borders, including from the EEA or UK to the United States, for processing and storage. To the extent that the information we collect about you is transferred from the EEA to territories/countries for which the EU Commission has not made a finding that the legal framework in that territory/country provides adequate protection for individuals’ rights and freedoms for their personal data, we will transfer such data consistent with applicable data protection laws, including through the use of the EU Commission-approved standard contractual clauses. You can ask for a copy of these standard contractual clauses by contacting as set out below.

Data Protection Rights
Under applicable law, and subject to limitations and exceptions provided by law, if you are located in the EEA or UK, and in certain other jurisdictions, you may have certain rights in relation to the End User Information collected about you and how it is used, including the right to:

– Access End User Information collected about you;
– Request that we rectify or update your End User Information that is inaccurate or incomplete;
– Request, under certain circumstances, that we restrict the processing of or erase your End User Information;
– Object to our processing of your End User Information under certain conditions provided by law;
– Where processing of your End User Information is based on consent, withdraw that consent;
– Request that we provide End User Information collected about you in a structured, commonly used and machine-readable format so that you can transfer it to another company, where technically feasible; and
– File a complaint regarding our data protection practices with a supervisory authority (if you are in the EEA or UK, please refer to the following link for contact details: https://edpb.europa.eu/about-edpb/board/members_en).

Under the California Consumer Privacy Act (“CCPA”), and subject to certain limitations and exceptions, if you are a California resident, you may have the following rights with respect to End User Information we have collected about you that constitutes personal information under the CCPA:
– To request access to more details about the categories and specific pieces of personal information we may have collected about you in the last 12 months (including personal information disclosed for business purposes);
– To request deletion of your personal information;
– To opt-out of any “sales” of your personal information, if a business is selling your information; and
– To not be discriminated against for exercising these rights.

To exercise your data protection rights, where applicable, you can contact us as described in the “Contacting Finconecta” section below. You may be required to provide additional information necessary to confirm your identity before we can respond to your request.

We will provide our response within a reasonable period of time (and within any time period required by applicable law). Please note, however, that certain information may be exempt from such requests, for example if we need to keep the information to comply with our own legal obligations or to establish, exercise, or defend legal claims.

Changes To This Policy

We may update or change this Policy from time to time. If we make any updates or changes, we will post the new policy on our website at https://finconecta.com/privacy-policy/ and update the effective date at the top of this Policy.

Contacting Finconecta

If you have any questions or complaints about this Policy, or about our privacy practices generally, you can contact us at contact@finconecta.com or by mail at:
727 Crandon Boulevard,
Suite #401, Key Biscayne,
FL 33149.