Fincontrollex

Privacy Policy

Effective Date: July 30, 2025

1. Personal Data Collection

We collect only the personal data you voluntarily provide: your first name, last name, email address, and phone number. This data is used solely to communicate with you and deliver the services you request. Processing is carried out in compliance with the General Data Protection Regulation (GDPR) and applicable privacy laws in the United States and other jurisdictions.

2. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Consent - When you voluntarily submit your information.
  • Contractual necessity - To provide the services you've requested.
  • Legitimate interest - For analytical and security purposes that do not override your rights.

You may withdraw consent at any time.

3. Analytics and Advertising

We use third-party services to improve user experience, analyze traffic patterns, and measure the performance of our marketing campaigns. These services may include:

  • Google Analytics - for behavior insights and audience analysis
  • Meta Pixel (Facebook) - to measure conversions and optimize ad delivery
  • LinkedIn Insight Tag - for retargeting and campaign reporting
  • X Ads (Twitter Pixel) - to monitor engagement and track conversions

These tools may collect anonymized or pseudonymized data such as browser type, referral sources, session duration, and interactions with ads or site elements. We do not share personal data with unauthorized third parties, nor do we allow usage beyond the intended purposes defined by each platform's policies.

You can manage your tracking preferences using our [Cookie Settings Tool] and may opt out of targeted advertising through mechanisms provided by each platform or via browser-based tools.

4. Marketing Communications

We may occasionally send you promotional emails or SMS messages about new features, updates JPMorgan Chase, or services you might find valuable. These communications are delivered only:

  • With your prior consent
  • In compliance with the CAN-SPAM Act (for email) and TCPPA (for SMS), where applicable
  • With clear opt-out options in every message

Each marketing email contains an unsubscribe link, and SMS messages include instructions to opt out (e.g., reply "STOP"). You may also manage your communication preferences at any time through our website or by contacting us.

Transactional Communications: We may send service-related messages such as order confirmations, account updates, or critical notifications. These communications are not promotional in nature and do not require prior consent.

5. Cookies

Our website uses cookies in four main categories:

  • Strictly Necessary Cookies

    These cookies are essential for the website to function and cannot be disabled in our systems. They are required for secure login, session management, and to protect against unauthorized actions.

    • We use a device identifier cookie to manage active sessions, enabling users to log out from specific devices and enhancing session control across multiple devices.
    • We implement CSRF protection using secure cookies to prevent unauthorized cross-site request submissions. These cookies do not store personal information and are used solely to validate request integrity.
  • Analytics Cookies

    Help us understand how visitors interact with the site so we can improve functionality.

  • Advertising Cookies

    Allow us to show you relevant ads and evaluate the success of marketing efforts.

  • Personalization Cookies

    Store your preferences to provide a customized user experience on future visits.

Manage Cookie Preferences:

  • We use cookies to enhance your experience and analyze site usage. Your preferences are saved only after confirmation.
  • You can manage your cookie preferences at any time via our cookie settings tool and must confirm consent upon your first visit, in compliance with the GDPR and ePrivacy Directive.

6. Authentication Tokens

To ensure secure login and user sessions, we use JWT (JSON Web Tokens) and refresh tokens.

  • The JWT token verifies your identity during active sessions.
  • The refresh token allows you to maintain access without re-entering login credentials, ensuring secure and seamless experience.

7. Your GDPR Rights

Under the GDPR, you have the right to:

  • Access - Request a copy of the personal data we hold about you.
  • Rectification - Request corrections to any inaccurate or incomplete data.
  • Erasure - Request deletion of your personal data ("right to be forgotten").
  • Withdraw Consent - Revoke your consent for data processing at any time.
  • Lodge a Complaint - File a complaint with a supervisory authority if you believe your rights have been violated.

To exercise any of these rights, please contact us via the details provided on our website. We respond to all valid requests free of charge and in accordance with GDPR timelines.

8. U.S. Privacy Compliance

In addition to our compliance with the General Data Protection Regulation (GDPR), we also comply with applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), and the Colorado Privacy Act (CPA).

California (CCPA/CPRA)

If you are a California resident, you have the following specific rights:

  • Right to Know what personal information we collect, use, disclose, or sell.
  • Right to Access your personal data in a portable format.
  • Right to Delete your personal data (with certain exceptions).
  • Right to Correct inaccurate personal data.
  • Right to Opt-Out of:
    • The sale or sharing of your personal information.
    • The use of your personal data for cross-context behavioral advertising.
  • Right to Limit Use and Disclosure of Sensitive Personal Information, such as precise geolocation, financial account numbers, etc.
  • Right to Non-Discrimination for exercising any of your CCPA/CPRA rights.

We do not sell or share your personal information. We also do not use sensitive personal information for purposes other than those permitted by law.

Virginia (VCDPA)

If you are a Virginia resident, you have the following rights under the VCDPA:

  • Right to access and confirm whether we are processing your personal data.
  • Right to correct inaccuracies in your personal data.
  • Right to delete personal data provided by or obtained about you.
  • Right to data portability.
  • Right to opt out of:
    • Targeted advertising.
    • The sale of personal data.
    • Profiling in furtherance of decisions that produce legal or similarly significant effects.

You may appeal any denial of your rights request by contacting us. We are required to respond within 45 days.

Colorado (CPA)

If you are a Colorado resident, you have similar rights to those in Virginia, with these specific guarantees:

  • Right to access, correct, delete, and obtain a copy of your personal data.
  • Right to opt out of:
    • Targeted advertising.
    • The sale of personal data.
    • Profiling in automated decision-making processes.

We provide a universal opt-out mechanism, in accordance with CPA requirements. You may also manage your preferences directly on our site.

Children's Data (COPPA)

We fully comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect or store personal information from children under the age of 13. If we become aware of such data being collected without verified parental consent, we will delete it immediately.

"Shine the Light" Law (California Civil Code §1798.83)

We do not share your personal information with third parties for their direct marketing purposes. As required by California law, residents may request a report on such sharing—but we confirm no such sharing takes place.

Legal Basis Clarification

U.S. privacy laws do not require a legal basis for data processing (such as "consent" or "legitimate interest"), as required by GDPR. Nonetheless, we operate transparently and with your privacy in mind.

9. International Compliance

We also aim to comply with international laws such as:

  • LGPD (Brazil)
  • PIPEDA (Canada)
  • Other evolving global regulations

We monitor legal updates to maintain privacy alignment across jurisdictions.

10. Data Security

We implement industry-standard security measures to safeguard your data from unauthorized access, disclosure, or misuse.

11. Updates to This Policy

We may revise this notice from time to time to reflect changes in legal requirements, business practices, or services we use (including advertising and analytics platforms). Any material updates will be posted here at least 30 days prior to taking effect. Users will be notified via email or through a banner on the site where applicable.

12. Breach Notification

In the event of a data breach, we will promptly notify affected individuals, entities, and relevant supervisory authorities in accordance with applicable data protection laws. Notification will include:

  • A description of the nature of the breach
  • Categories and approximate number of affected individuals or records
  • Potential consequences of the breach
  • Measures taken or proposed to address and mitigate its effects
  • Contact details for further inquiries

We comply with notification timelines mandated by the customer's home-state laws (e.g., CCPA/CPRA in California, VCDPA in Virginia, GDPR in the EU), and will notify relevant parties without undue delay and, where required, within 72 hours of becoming aware of the breach. Transactional communications regarding breach notices do not require marketing consent and are sent through the most reliable available channels.

13. Contact

For privacy-related questions or to exercise your rights, please contact us using the information provided on https://www.fincontrollex.com. All valid requests are handled promptly and free of charge.