Security and Privacy Policy for Finastra Ltd.
Security and Privacy Policy for Finastra Ltd.
Security and Privacy Policy for Finastra Ltd.
1. Introduction
1. Introduction
At Finastra Ltd. ("we," "us," or "our"), we are committed to protecting the security, privacy, and confidentiality of the information that we handle in the course of providing our fintech consulting, software development, and digital transformation services. This Security and Privacy Policy outlines the steps we take to protect your data, maintain your privacy, and ensure the security of our systems and operations.
By using our services, you acknowledge that you have read, understood, and agree to the practices outlined in this policy.
At Finastra Ltd. ("we," "us," or "our"), we are committed to protecting the security, privacy, and confidentiality of the information that we handle in the course of providing our fintech consulting, software development, and digital transformation services. This Security and Privacy Policy outlines the steps we take to protect your data, maintain your privacy, and ensure the security of our systems and operations.
By using our services, you acknowledge that you have read, understood, and agree to the practices outlined in this policy.
2. Privacy Commitment
2. Privacy Commitment
We understand the importance of protecting your personal and financial information. Finastra Ltd. complies with all applicable privacy laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), the Data Protection Act, and any other applicable regional data privacy laws.
We are committed to processing personal data in a lawful, fair, and transparent manner, and we only collect, use, or share personal data when it is necessary to provide our services or as required by law.
Types of Data We Collect:
Personal Data: This may include your name, contact details, billing information, and other personally identifiable information that you provide to us.
Business Data: This includes any business-related information necessary to deliver our consulting and software development services.
Usage Data: We may collect information about how our services are used, such as IP addresses, device details, and browsing history for operational and security purposes.
How We Use Your Data:
To Provide Services: We use your data to provide and improve the services we offer, including consulting, software development, and ongoing support.
Communication: We may use your contact details to communicate with you about our services, updates, and support.
Legal Compliance: We process your data to comply with applicable legal obligations or contractual requirements.
Data Retention:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law or contractual obligations.
Data Sharing:
We do not sell or share personal data with third parties except in the following cases:
Service Providers: We may share data with third-party service providers who assist us in delivering our services (e.g., payment processors, cloud hosting providers, or customer support platforms). These service providers are contractually obligated to keep the data confidential and secure.
Legal Requirements: We may disclose your data to comply with legal or regulatory requirements, court orders, or to protect the rights, property, or safety of Finastra Ltd., our clients, or the public.
Your Privacy Rights:
Depending on your location and applicable law, you may have rights to:
Access, correct, or delete your personal data
Object to or restrict the processing of your personal data
Request data portability
Withdraw consent at any time where consent is the basis for processing your data
If you wish to exercise any of these rights, please contact us at Contact@finastraglobal.com
We understand the importance of protecting your personal and financial information. Finastra Ltd. complies with all applicable privacy laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), the Data Protection Act, and any other applicable regional data privacy laws.
We are committed to processing personal data in a lawful, fair, and transparent manner, and we only collect, use, or share personal data when it is necessary to provide our services or as required by law.
Types of Data We Collect:
Personal Data: This may include your name, contact details, billing information, and other personally identifiable information that you provide to us.
Business Data: This includes any business-related information necessary to deliver our consulting and software development services.
Usage Data: We may collect information about how our services are used, such as IP addresses, device details, and browsing history for operational and security purposes.
How We Use Your Data:
To Provide Services: We use your data to provide and improve the services we offer, including consulting, software development, and ongoing support.
Communication: We may use your contact details to communicate with you about our services, updates, and support.
Legal Compliance: We process your data to comply with applicable legal obligations or contractual requirements.
Data Retention:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law or contractual obligations.
Data Sharing:
We do not sell or share personal data with third parties except in the following cases:
Service Providers: We may share data with third-party service providers who assist us in delivering our services (e.g., payment processors, cloud hosting providers, or customer support platforms). These service providers are contractually obligated to keep the data confidential and secure.
Legal Requirements: We may disclose your data to comply with legal or regulatory requirements, court orders, or to protect the rights, property, or safety of Finastra Ltd., our clients, or the public.
Your Privacy Rights:
Depending on your location and applicable law, you may have rights to:
Access, correct, or delete your personal data
Object to or restrict the processing of your personal data
Request data portability
Withdraw consent at any time where consent is the basis for processing your data
If you wish to exercise any of these rights, please contact us at Contact@finastraglobal.com
3. Security Measures
3. Security Measures
Finastra takes the security of your data seriously and employs robust security measures to protect it from unauthorized access, disclosure, alteration, and destruction. We use a combination of physical, technical, and organizational measures to ensure the integrity and confidentiality of the data we handle.
Technical and Organizational Measures:
Encryption: We use encryption technologies such as SSL/TLS to protect sensitive data during transmission and AES-256 encryption to protect data at rest.
Access Control: Access to sensitive data is restricted to authorized personnel only. We implement role-based access control (RBAC) and least-privilege access policies to limit exposure.
Network Security: Our infrastructure is protected by firewalls, intrusion detection and prevention systems (IDPS), and regular vulnerability assessments to safeguard against unauthorized access.
Secure Software Development: We follow secure coding best practices during software development to prevent common vulnerabilities like SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
Regular Audits and Monitoring: We perform regular security audits, penetration tests, and continuous monitoring to identify and address potential vulnerabilities.
Incident Response and Breach Notification:
In the unlikely event of a data breach, we have a formal incident response plan in place to swiftly address and mitigate any potential impact. We will notify affected parties and regulatory authorities in accordance with applicable laws, including the GDPR’s 72-hour breach notification requirement.
Finastra takes the security of your data seriously and employs robust security measures to protect it from unauthorized access, disclosure, alteration, and destruction. We use a combination of physical, technical, and organizational measures to ensure the integrity and confidentiality of the data we handle.
Technical and Organizational Measures:
Encryption: We use encryption technologies such as SSL/TLS to protect sensitive data during transmission and AES-256 encryption to protect data at rest.
Access Control: Access to sensitive data is restricted to authorized personnel only. We implement role-based access control (RBAC) and least-privilege access policies to limit exposure.
Network Security: Our infrastructure is protected by firewalls, intrusion detection and prevention systems (IDPS), and regular vulnerability assessments to safeguard against unauthorized access.
Secure Software Development: We follow secure coding best practices during software development to prevent common vulnerabilities like SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
Regular Audits and Monitoring: We perform regular security audits, penetration tests, and continuous monitoring to identify and address potential vulnerabilities.
Incident Response and Breach Notification:
In the unlikely event of a data breach, we have a formal incident response plan in place to swiftly address and mitigate any potential impact. We will notify affected parties and regulatory authorities in accordance with applicable laws, including the GDPR’s 72-hour breach notification requirement.
4. Employee Training and Awareness
4. Employee Training and Awareness
All employees at Finastra undergo regular security and privacy awareness training. This training includes educating our team on best practices for handling sensitive data, recognizing phishing attempts, securing devices, and adhering to our internal security policies.
All employees at Finastra undergo regular security and privacy awareness training. This training includes educating our team on best practices for handling sensitive data, recognizing phishing attempts, securing devices, and adhering to our internal security policies.
5. Third-Party Vendors and Data Processors
5. Third-Party Vendors and Data Processors
Finastra works with trusted third-party vendors who may have access to personal data in order to provide services such as cloud hosting, payment processing, or customer support. We ensure that these vendors comply with strict security and privacy standards, and we enter into contractual agreements to ensure they protect your data in accordance with this policy.
All third-party vendors must meet the following requirements:
Provide appropriate security measures to protect personal data.
Limit the use of personal data to the purposes specified in the agreement.
Allow us to audit their data handling practices to ensure compliance.
Finastra works with trusted third-party vendors who may have access to personal data in order to provide services such as cloud hosting, payment processing, or customer support. We ensure that these vendors comply with strict security and privacy standards, and we enter into contractual agreements to ensure they protect your data in accordance with this policy.
All third-party vendors must meet the following requirements:
Provide appropriate security measures to protect personal data.
Limit the use of personal data to the purposes specified in the agreement.
Allow us to audit their data handling practices to ensure compliance.
6. Compliance with Laws and Regulations
6. Compliance with Laws and Regulations
Finastra Ltd. complies with all applicable laws and regulations related to data protection and privacy, including:
General Data Protection Regulation (GDPR) (EU)
Privacy and Electronic Communications Regulations (PECR)
PCI-DSS (Payment Card Industry Data Security Standard)
We also comply with relevant industry standards and best practices to ensure the protection of your data.
Finastra Ltd. complies with all applicable laws and regulations related to data protection and privacy, including:
General Data Protection Regulation (GDPR) (EU)
Privacy and Electronic Communications Regulations (PECR)
PCI-DSS (Payment Card Industry Data Security Standard)
We also comply with relevant industry standards and best practices to ensure the protection of your data.
7. Contact Information
7. Contact Information
If you have any questions, concerns, or requests regarding our Security and Privacy Policy or how we handle your data, please contact us at:
Finastra Ltd.
Email: Contact@finastra.com
If you have any questions, concerns, or requests regarding our Security and Privacy Policy or how we handle your data, please contact us at:
Finastra Ltd.
Email: Contact@finastra.com
8. Termination
8. Termination
Either party may terminate the agreement with prior written notice if the other party breaches any material term of the agreement or fails to perform their obligations under the contract. Termination will be without prejudice to any rights or remedies that may have accrued prior to termination.
Either party may terminate the agreement with prior written notice if the other party breaches any material term of the agreement or fails to perform their obligations under the contract. Termination will be without prejudice to any rights or remedies that may have accrued prior to termination.
This Security and Privacy Policy outlines Finastra Ltd.’s commitment to securing your data and respecting your privacy rights. We strive to be transparent about our practices and to ensure that your data is handled with the highest level of security and care. If you have any questions or need further clarification, please feel free to contact us.
This Security and Privacy Policy outlines Finastra Ltd.’s commitment to securing your data and respecting your privacy rights. We strive to be transparent about our practices and to ensure that your data is handled with the highest level of security and care. If you have any questions or need further clarification, please feel free to contact us.