Privacy Policy

Introduction

This privacy policy is designed as a tool for the planning, monitoring, and development of data protection. It fulfills the reporting obligations under the EU General Data Protection Regulation (GDPR) and also serves as a guide and support for Finqu’s staff, as well as a reference material for our customers.

Finqu operates as a data processor in its role as an online store platform provider. The service has been developed over several years in Europe and is entirely owned by the key personnel working at the company.

This privacy policy describes the data flows related to Finqu's software services and provides information on the state of monitoring and supervision of data processing.

1. Data Flows

Below is a list of the various data flows through which information is stored in our systems:

Data Flows

• Registrations:
  User's name, email address, and contact information.
• Mailing Lists:
  Email address.
• Orders:
  User's name, email address, contact information, IP address, order content, delivery method, and payment method.
• Cart Monitoring:
  Country of origin, city, cart contents, store page history.

Information Systems

• Commerce System:
  E-commerce software and its backend management.
• Cart Monitoring (Analytics):
  Analytics for cart monitoring.
• General Analytics:
  Anonymous statistics on users visiting the store.

Data Repositories

• Customer Registry
• Email Registry
• Order Registry

2. Instructions

Our employees are instructed and trained to understand the new requirements for data processing set by the regulation. Without a specific request from our customer, we do not process personal data. We always aim to guide the customer in handling the personal data they have collected.

3. Processes Handling Personal Data

We manually process customer registry data, including personal and order information, only upon specific individual requests from the customer. Automated processing is used for customer account creation, automatic emails, order processing, and other similar processes that enable e-commerce operations.

In our service, we use analytics that stores customer profiles (cart monitoring), provided that the merchant has allowed it. Detailed statistics are deleted or anonymized three months after the data is generated. After that, only anonymous general analytics without identifying information is available.

4. Data Protection

All personal data is stored in secure systems with no direct access from the internet. All maintenance operations use at least two-factor authentication and strongly encrypted connections. All passwords stored in databases are heavily encrypted. The checkout, login, and other pages containing passwords or personal data are protected with strong, bank-level TLS encryption.

5. Geographical Location of Data

All systems that process personal data are located either in the EU or North America, depending on the merchant’s choice. Data is not transferred between these regions.

6. Data Disclosure

We disclose data to authorities when required by law. We inform the customer of any data disclosure, if legally permissible.

We disclose personal data to partners, such as payment and logistics services, to enable the functioning of our online store, for example, to the bank for processing payments and to the postal service for enabling deliveries.

Last updated on August 14, 2024.