FinCrime Dynamics Privacy Policy

Last updated on 23/01/2024

At FinCrime Dynamics, our vision is to make the global financial system Safer. FinCrime Dynamics is a UK registered company based in Cambridge.

📮 Our contact details

Email: dpo@FinCrimeDynamics.com

Address: FinCrime Dynamics Ltd, St John's Innovation Centre, Cowley Road, Cambridge CB4 0WS

What is this notice all about?

We want to be completely transparent about how we collect and use your personal data and this privacy notice exists to tell you exactly how we do this.

This notice applies when we decide why and how we process personal data (and therefore act as a Data Controller under data protection law). For most of its customer data, FinCrime is a Data Processor and we have also set out here the processing activities that we conduct for our customers.

Our privacy notice tells you the journey of your personal data from the moment it enters our systems up until it's time for us to say "goodbye”, as well as the various stops it makes along the way.

The different ways we process personal data

• When a company starts working with us

• What personal data do we collect, why do we collect it, and what legal basis do we rely on?
  Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

  
  When a company starts working with us, we'll collect information about the key contact at the company, such as their name, job title, email address and phone number in order to manage our business relationship and deliver our services to the company. We might also have NDAs in place with the client which may contain names and signatures of our key contact or directors. We rely on Article 6(1)(b) of the GDPR - Contractual Obligation for this processing.
  
  During the course of our business relationship, the company will provide FinCrime with transactional data in order for us to deliver our services. The data is pseudonymised, but it will include date of birth of applicants and the two area letter code of the applicant’s postcode. We rely on Article 6(1)(b) of the GDPR - Contractual Obligation for this processing.
  

• Where do we store it?
  Our platform is hosted on AWS servers based in UK. To find out more about AWS, you can visit their privacy notice here.
  
  We will transfer transactional data from our client’s Snowflake into our own. Snowflake is a cloud computing system. To find out more about how Snowflake processes personal data, please visit their privacy notice here.
  
  Our product also uses product analytics tools such as Confluence, Jira and Bitbucket which are part of Atlassian, or Hotjar which is a user analytics tool.
  
  The account management and contact data is stored on Hubspot, which is our CRM and you can find out more about them here.
  
  Our NDAs are created and submitted via SeedLegals; you can find out more about them here. These are also stored on G-Drive.
  
  We use Notion for user guides and customer documentation and you can find out more about them here.
  
  Files may also be sent to us via SendSafely and ultimately stored on G-Drive.
  

• How long do we keep it for?
  We keep the account management personal data mentioned for the duration of the company’s account with us and for 12 months after they left us, in line with our business needs.
  
  We will retain all transactional data that we collect as a processor for the duration of our contract with the controller and will remove it in line with the controller’s requirements.
  

• When you visit our website
  
  This website collects personal data to power our site analytics, including:

• Information about your browser, network, and device

• Web pages you visited prior to coming to this website

• Your IP address

• This information may also include details about your use of this website, including:

• Clicks

• Internal links

• Pages visited

• Scrolling

• Searches

• Timestamps

• We share this information with Squarespace, our website hosting platform, to securely serve this website, analytics provider, to learn about site traffic and activity.
  

• What cookies do we collect, why do we collect them, and what legal basis do we rely on?
  Cookies are text files placed on your hard drive by a web page server when you visit a website and are saved in your browser's history. They allow the website to recognise your device and store some information about your preferences or past actions. Cookies cannot be used to run programs or deliver viruses to your computer; they are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie.
  
  When you use our website, the cookies can be stored on your device are either first party cookies, which are placed and read by us directly while you are using our website by third party cookies, which are set by other third parties we have partnered with.
  
  Below is a list of the cookies we use and the purposes for which they are used:
  

• Essential cookies
  These are essential to the operation of our website and are integral to the functioning of our Website, therefore they cannot be removed.
  

• Non-essential cookies
  These cookies are additional to the performance of our Website and help us improve the service we provide to you.
  

• Analytical cookies
  These are third party cookies that enable us to monitor and analyse how visitors use our website and generate statistics based on them.
  
  For information about viewing the cookies dropped on your device, visit The cookies Squarespace uses.

• These functional and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you.

• These analytics and performance cookies are used on this website, as described below, only when you acknowledge our cookie banner. This website uses analytics and performance cookies to view site traffic, activity, and other data.

• These cookies can be set by Google Analytics. Google Analytics is a web analysis service provided by Google Inc. (“Google”) which uses the Data collected to track and examine the use of our Website, prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualise and personalise the ads of its own advertising network.
  
  Personal Data processed: Cookies and Usage Data.
  
  Place of processing: United States – Privacy Policy.
  
  These cookies can also be set by Hotjar. Hotjar is a technology service that helps us better understand our users’ experience and this enables us to build, maintain and optimise our service with user feedback. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
  
  Personal Data processed: Cookies and Usage Data.
  
  Place of processing: Ireland – Privacy FAQs.
  

• You can choose not to store Non-essential cookies on your computer when you visit our website, or you can adjust your browser settings to prevent cookies from being saved on your computer. You can find information about how to manage Cookies in the most commonly used browsers at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Internet Explorer, Microsoft Edge, Brave, Opera.
  
  

• When you apply for a job with us

  • 🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?
    Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.
    
    When you apply for a job with us, we ask you for some information about yourself to manage your recruitment process, such as your CV, cover letter, case study and interview notes. The legal basis we rely on for this is Article 6(1)(f) of the GDPR - Legitimate Interests.
    

  • 🗺️ Where do we store it?
    All the information we collect during recruitment is stored on a recruitment platform which is hosted in the US.
    
    Where data is transferred to a third country such as the US, then we make use of Standard Contractual Clauses, along with the UK Addendum where necessary, to secure the transfer of the data.
    

  • ⏲️ How long do we keep it for?
    If you're offered a job with us, we'll retain your data during your employment and remove it in line with our obligations under UK law. Otherwise we will keep your data during your the interview process and remove it after 12 months.

What are your rights?

Your personal data is yours and you have rights in relation to it granted by the UK GDPR, which include:

• The right to be informed
  You have the right to be informed about the collection and use of your personal data, the purposes for processing, retention periods for that personal data and who it will be shared with. We have set this information out in this privacy notice.
  

• The right of access
  You have the right to ask us for copies of the data we hold about you. If you ask us, we’ll confirm whether we’re processing your personal information and, if so, provide you with a copy of that personal information (along with certain other details).
  

• The right to object
  You have the right to ask us to stop processing your personal information in some circumstances, such as when we are relying on our own (or someone else’s) legitimate interests to process your personal information, when we are processing your personal information for direct marketing or when we are processing your personal information for research.
  

• The right to rectification
  You have the right to ask us to rectify the personal information you think is inaccurate or to complete information you think is incomplete. When you ask us to rectify your information, if we’ve shared your personal information with others, we’ll let them know about the rectification where possible.
  

• The right to erasure
  You have the right to ask us to erase your personal information, in some circumstances, such as where we no longer need it or you withdraw your consent (where applicable).
  

• The right to restrict processing
  You have the right to ask us to restrict the processing of your personal information for a period of time in some circumstances, such as where you contest the accuracy of that personal information or object to us processing it. This right is separate from the right to object and will only stop us from using your personal information further, not from processing it. If we’ve shared your personal information with others, we’ll let them know about the restriction where possible.
  

• The right to data portability
  You have the right to ask that we transfer the personal information you gave us to another organisation, or to someone else, in some circumstances.

You don't have to pay anything in order to exercise your rights. Please contact us by sending an email to dpo@FinCrimeDynamics.com if you wish to make a request under your rights; we have a calendar month to get back to you with a response.

💔 How you can complain

If you have any concerns about our use of your personal information, please let us know by:

Emailing us at dpo@@FinCrimeDynamics.com, or writing to us at FinCrime Dynamics Ltd St John's Innovation Centre Cowley Road Cambridge CB4 0WS.

If you are not satisfied with our response or you are unhappy with how we have used your data, you can complain to the Information Commissioner's Office (ICO). You can find the ICO contact details below:

ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Helpline number: 0303 123 1113.ICO Website: https://www.ico.org.uk