We are Finleyai.com/Finleyai.co.uk we are owned and operated by Finley AI Services Limited. We’re a company registered in England and Wales with company number 12369322, whose registered address is at The South Quay Building, 189 Marsh Wall, London, United Kingdom. E14 9SH. In this privacy notice, we will refer to ourselves as ‘we’, ‘us’ or ‘our’.
You can get hold of us in any of the following ways:
- by emailing us at [email protected]; or
- by writing to us at Finley AI Services Limited The South Quay Building, 189 Marsh Wall, London, United Kingdom. E14 9SH .
We take the privacy, including the security, of personal information we hold about you seriously. This privacy notice is designed to inform you about how we collect personal information about you and how we use that personal information. You should read this privacy notice carefully so that you know and can understand why and how we use the personal information we collect and hold about you.
We may issue you with other privacy notices from time to time, including when we collect personal information from you. This privacy notice is intended to supplement these and does not override them.
We may update this privacy notice from time to time. This version was last updated on 19th December 2019.
1. Key definitions
1.1. The key terms that we use throughout this privacy notice are defined below, for ease:
1.2. Data Controller: under UK data protection law, this is the organisation or person responsible for deciding how personal information is collected and stored and how it is used.
1.3. Data Processor: a Data Controller may appoint another organisation or person to carry out certain tasks in relation to the personal information on behalf of, and on the written instructions of, the Data Controller. (This might be the hosting of a site containing personal data, for example, or providing an email-marketing service that facilitates mass distribution of marketing material to a Data Controller’s customer base.)
1.4. Personal Information: in this privacy notice, we refer to your personal data as ‘personal information’. ‘Personal information’ means any information from which a living individual can be identified. It does not apply to information that has been anonymised.
1.5. Special Information – certain very sensitive personal information requires extra protection under data protection law. Sensitive data includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sex life and sexual orientation and also includes genetic information and biometric information.
2. Details of personal information that we collect and hold about you
2.1. If you choose to connect with a financial adviser or professional on our website, or by interacting with our chatbots online or via Google Actions, Amazon Alexa, and/or Facebook Messenger, sending an enquiry directly to a professional or using our AI voice or chatbot for anyy purpose, you acknowledge and agree to chose to provide us with personal information. When you visit the Service, we and our third – party service providers receive and record information from your browser on our server logs, including your IP address, cookies and similar technology. Cookies are small text files that are placed in the browsers of visitors to store their preferences. You can block and delete cookies in most browsers. However, the Service may not function correctly if you do that. By use of the Service, you authorise us to collect, analyze or retain information about the Service. Set out below are the general categories and in each case the types of personal information that we collect, use and hold about you:
|General Category||Types of Personal Data in that category||Retention Periods|
|Identity information||This is information relating to your identity such as your name (including any previous names and any titles that you use), gender, marital status and date of birth,IP address.For professionals we may ask for business information, including,occupation ,photo, qualifications, regulatory status and all details you provide are deemed necessary to provide our service to you.||Generally be a minimum of 6 years from the conclusion of our services.If you delete your account, your identity data will be removed too. Please keep in mind that data you share with a Professionals and other Users before or during a meeting or email or communication may be stored for longer.|
|Contact information||This is information relating to your contact details such as email address, addresses, telephone numbers||Generally be a minimum of 6 years from the conclusion of our services.If you delete your account, your contact data will be removed too. Please keep in mind that data you share with a Professionals and other Users before or during a meeting or email or communication may be stored for longer.|
|Account information||This is information relating to your account with us (including username and password)||Generally be a minimum of 6 years from the conclusion of our services.If you delete your account, your identity data will be removed too. Your password will always be encrypted and stored securely.|
|Payment information||This is information relating to the methods by which you provide payment to us such as [bank account details, credit or debit card details] and details of any payments (including amounts and dates) that are made between us.are made between us. We do not collect any credit card or other payment information from consumers.||Generally be a minimum of 7 years from the conclusion of our services.|
|Transaction information||This is information relating to transactions between us such as details of the goods, services and/or digital content provided to you and any returns details||Generally be a minimum of 7 years from the conclusion of our services.|
|Survey information||This is information that we have collected from you or that you have provided to us in respect of surveys and feedback||We typically store survey information for up to 2 years from the last date of communication. You may contact us to request manual deletion of this data sooner, if you choose.|
|Marketing information||This is information relating to your marketing and communications preferences||We typically store marketing information for up to 2 years from the last date of communication. You may contact us to request manual deletion of this data sooner, if you choose.|
|Usage Data||This is information relating to your timezone, broad location (town or district), web browser, operating system and the device you use, referral sources, email engagement data, data on how you use Finley Ai (including last login date and frequency), account signup date.||This data will be deleted or anonymised when you cancel your account.|
|Other information||We may collect data from third parties (including the Financial Conduct Authority (FCA) or other regulatory bodies.||We’ll store this data until you delete your account. If you delete your account, your this information will be removed too. Unless it is required to be held due to any legal matter or by the authorities|
|Chatbot communication||We may also collect other basic information, such as employment, age, income, bank information, mortgage preference depending on the service requested.We may collect information when you ask us for advice on cards, bank accounts, insurance, or mortgages, tell us what you’re looking for in consumer financial products.||We typically store chat conversations for up to 2 years from the last date of communication. You may contact us to request manual deletion of this data sooner, if you choose.|
2.2. The types of personal data we collect about you may differ from person to person, depending on who you are and the relationship between us.
3. Details of special information that we collect and hold about you
3.1. Special information is explained in section 1 above.
We do not collect or hold any special information about you.
3.2. We do not collect information from you relating to criminal convictions or offences.
4. Details of how and why we use personal information
4.1. We are only able to use your personal information for certain legal reasons set out in data protection law. There are legal reasons under data protection law other than those listed below; but, in most cases, we will use your personal information for the following legal reasons:
- Contract Reason: this is in order to perform our obligations to you under a contract we have entered into with you;
- Legitimate Interests Reason: this is where the use of your personal information is necessary for our (or a third party’s) legitimate interests, so long as that legitimate interest does not override your fundamental rights, freedoms or interests;
- Legal Obligation Reason: this is where we have to use your personal information in order to perform a legal obligation by which we are bound; and
- Consent Reason: this is where you have given us your consent to use your personal information for a specific reason or specific reasons.
4.2. As explained in section 3 above, there are more sensitive types of personal data, which require higher levels of protection. Where we process such sensitive types of personal data, we will usually do this in the following circumstances:
- We have your explicit consent;
- Where it is necessary in relation to legal claims;
- Where you have made the personal data public.
4.3. So that we are able to provide you with services , we will need your personal information. If you do not provide us with the required personal information, we may be prevented from supplying the services to you.
4.4. It is important that you keep your personal information up to date. If any of your personal information changes, please contact us as soon as possible to let us know. If you do not do this, then we may be prevented from supplying the services to you .
4.5. Where we rely on consent for a specific purpose as the legal reason for processing your personal information, you have the right under data protection law to withdraw your consent at any time. If you do wish to withdraw your consent, please contact us using the details set out at the beginning of this notice. If we receive a request from you withdrawing your consent to a specific purpose, we will stop processing your personal information for that purpose, unless we have another legal reason for processing your personal information – in which case, we will confirm that reason to you.
4.6. We have explained below the different purposes for which we use your personal information and, in each case, the legal reason(s) allowing us to use your personal information. Please also note the following:
- if we use the Legitimate Interests Reason as the legal reason for which we can use your personal information, we have also explained what that legitimate interest is; and
- for some of the purposes, we may have listed more than one legal reason on which we can use your personal information, because the legal reason may be different in different circumstances. If you need confirmation of the specific legal reason that we are relying on to use your personal data for that purpose, please contact us using the contact details set out at the start of this privacy notice.
|Purpose||Legal Reason(s) for using the personal information|
|To allow use of our service and/or find advice||Legitimate Interests Reason (In order for customers to search, check, contact or provide feedback on a professional)|
|In order that professionals can subscribe and use Finley Ai services||Contract ReasonIn order to run our main business functions, allowing professionals the ability to create and maintain a Finley Ai account|
|To process your enquiry, which for a professional includes taking payment from you, advising you of any updates in relation to your enquiry or for a professional any enforcement action against you to recover payment||Legitimate Interests Reason (In order to provide you with updates regarding your enquiry and for professionals in order to [recover money that you owe us)|
|To manage our contract with you and to notify you of any changes||Legal Obligation Reason|
|To comply with audit and accounting matters||Legal Obligation Reason|
|For record keeping, [including in relation to any guarantees or warranties provided as part of the sale of goods, services and/or digital content||Contract ReasonLegal Obligation Reason|
|To improve the goods, services, and/or digital content that we supply||Legitimate Interests Reason (in order to improve the goods, services, and/or digital content for future customers and to grow our business)|
|To recommend and send communications to you about goods, services, and/or digital content that you may be interested in. More details about marketing are set out in section 11 below||Legitimate Interests Reason (in order to grow our business|
|To ensure the smooth running and correct operation of our website||Legitimate Interests Reason (to ensure our website runs correctly)|
|To understand how customers and visitors to our website use the website and interact with it via data analysis||Legitimate Interests Reason (to improve and grow our business, including our website, and to understand our customer’s needs, desires and requirements)|
|To improve the services that we supply||Legitimate Interests Reason (in order to improve the services for future customers)|
|To understand how customers and visitors to our website use the website and interact with it via data analysis||Legitimate Interests Reason (to improve and develop new products for our business, including our website, and to understand our customer’s needs, desires and requirements)|
|For fraudulent detection and management||Legitimate Interests Reason (to detect and manage fraudulent activity)|
|To personalise our Service to your needs and to improve our Product.||Legitimate Interests Reason (to improve our service and product for users)|
|For monitoring our service provision||Legitimate Interests Reason (to monitor the provision of our services)|
|For training and improving our chatbots||Legitimate Interests Reason (to help train our chatbots to improve our service, accuracy and responsiveness of our chatbots)|
4.7. Sometimes we may anonymise personal information so that you can no longer be identified from it and use this for our own purposes. In addition, sometimes we may use some of your personal information together with other people’s personal information to give us statistical information for our own purposes. Because this is grouped together with other personal information and you are not identifiable from that combined data we are able to use this.
4.8. Under data protection laws, we can only use your personal information for the purposes we have told you about, unless we consider that the new purpose is compatible with the purpose(s) we told you about. If we want to use your personal information for a different purpose that we do not think is compatible with the purpose(s) we told you about, then we will contact you to explain this and what legal reason is in place to allow us to do this.
5. Details of how we collect personal information and special information
5.1. We usually collect Identity Information, Contact Information, Payment Information, Transaction Information, Survey Information, Marketing Information, Usage data directly from you when you fill out a form, survey or questionnaire, purchase services, interact with our chatbots, contact us by email, telephone, in writing or otherwise. This includes the personal information that you provide to us when you subscribe to our mailing list enter a competition or survey.
5.2. We may receive some of your personal information from third parties or publicly available sources. This includes:
- Contact Information and Payment Information from our selected third-party suppliers, such as Stripe and Paypal ;
- Identity Information and Contact Information from publicly available sources such as Companies House HMRC, Financial Conduct Authority (FCA);
- Website, Device and Technical Information from third parties such as analytics providers (like Google);
- Our Chatbots via Google Actions, Amazon Skills Alexa and Facebook Messenger;
6. Security of Personal Information
6.1. We use a number of third-party services, including Google Cloud, Dialogflow to help maintain the security and performance of our website.To deliver this service several of our suppliers automatically collect your IP address. This is a common practice for security, fraud prevention and performance purposes. In some situations we may also convert your IP address into a rough geolocation to help us improve and personalise our Service (for example, to display time data in your local time).
6.2. Your IP address is required in order to use Finley AI chatbots and virtual assistants. Each of the suppliers mentioned here retain your IP address for different lengths of time, depending on their own published privacy policies. If you delete your account, Finley AI will not store your IP address in our own database, unless it is related to necessary Legal & Billing Data.
6.3. There are always risks associated with providing personal data, whether in person, by phone or via the internet or other technologies, and no system or technology is completely safe or “tamper”/”hacker” proof. Finley Ai takes appropriate precautions to prevent unauthorised access to and improper use of your personal data. For example, Finley AI uses encryption technology when collecting personal data. Finley AI Chatbots that support online transactions will use industry standard security measures to protect the confidentiality and security of these transactions. We use industry standard security measures, such as SSL authentication, to ensure that your credit card information, as well as other personal data submitted as part of the subscription process, is appropriately safe from third party interception.
6.4. Although we do our best to protect your personal data, while we are transferring them to or from our website, we do not guarantee the security of your data.
6.5. Finley AI keeps personal data using appropriate protection to maintain the confidentiality and security of the information.
6.6. We do not store credit card numbers and payment card details are encrypted before an order has been processed as an additional security measure for professionals shopping on our website.
6.7. In order to ensure that your personal information is kept secure and processed fairly and legally, we comply with all UK data protection legislation’s standards, procedures and requirements.
7. Details about who personal Information may be shared with
7.1. We may need to share your personal information with other organisations or people. These organisations include:
- Other companies in our group (who may might act as joint data controllers or as data processors on our behalf) and who fulfill elements of our service.
- Third parties who may include:
- Suppliers: such as IT support services, payment providers, administration providers, marketing agencies ;
- Government bodies and regulatory bodies: such as HMRC, fraud prevention agencies, ASA, FCA ;
- Credit Reference Agencies ;
- Email platforms ;
- any organisations that propose to purchase our business and assets, in which case we may disclose your personal information to the potential purchaser.
7.2. Depending on the circumstances, the organisations or people who we share your personal information with will be acting as either Data Processors or Data Controllers. Where we share your personal information with a Data Processor, we will ensure that we have in place contracts that set out the responsibilities and obligations of us and them, including in respect of security of personal information.
7.3. We do not share, sell or trade any of the personal information that you have provided to us not directly associated with its proper use within the website, our chatbots or as described above. Unless you give us explicit permission and we give you a chance to choose not to share your personal data.
8. Details about transfers to countries outside of the EEA
8.1. If any transfer of personal information by us will mean that your personal information is transferred outside of the EEA, then we will ensure that safeguards are in place to ensure that a similar degree of protection is given to your personal information as is given to it within the EEA and that the transfer is made in compliance with data protection laws (including, where relevant, any exceptions to the general rules on transferring personal information outside of the EEA that are available to us – these are known as ‘derogations’ under data protection laws).
8.2. We transfer specific User Provided and Automatically Collected data outside of the European Union/European Economic Area for the purposes of improving and optimising our Product, communicating with you and marketing the Product more effectively.
8.3. By using the Product, you consent that such data may be processed in a country outside the European Union. At present, some Data is transferred to the following online service companies and third party processors outside the EU and subject to the privacy policies listed here:
8.4. The safeguards set out in data protection laws for transferring personal information outside of the EEA include:
- where the transfer is to a country or territory that the EU Commission has approved as ensuring an adequate level of protection;
- where personal information is transferred to another organisation within our group, under an agreement covering this situation, which is known as ‘binding corporate rules’;
- having in place a standard set of clauses that have been approved by the EU Commission;
- compliance with an approved code of conduct by a relevant data protection supervisory authority (in the UK, this is the Information Commissioner’s Office (ICO);
- certification with an approved certification mechanism;
- where the EU Commission has approved specific arrangements in respect of certain countries, such as the US Privacy Shield, in relation to organisations that have signed up to it in the USA.]
9. Details about how long we will hold your personal information
9.1. We will only hold your personal data for as long as is necessary. How long is necessary will depend upon the purposes for which we collected the personal information (see section 4 above) and whether we are under any legal obligation to keep the personal information (such as in relation to accounting or auditing records or for tax reasons which will generally be a minimum of 6 years from the conclusion of our services). We may also need to keep personal information in case of any legal claims .
10. Automated decision making
10.1. ‘Automated decision making’ is where a decision is automatically made without any human involvement. Under data protection laws, this includes profiling. ‘Profiling’ is the automated processing of personal data to evaluate or analyse certain personal aspects of a person (such as their behaviour, characteristics, interests and preferences).
10.2. Data protection laws place restrictions upon us if we carry out any automated decision making (including profiling) that produces a legal effect or similarly significant effect on you.
10.3. We do not carry out any automated decision making (including profiling) that produces a legal effect or similarly significant effect on you. If we do decide to do this then we will notify you and we will inform you of the legal reason we are able to do this.
11. Your rights under data protection law
11.1. Under data protection laws, you have certain rights in relation to your personal information, as follows:
- Right to request access: (this is often called ‘subject access’). This is the right to obtain from us a copy of the personal information that we hold about you. We must also provide you with certain other information in response to these requests to help you understand how your personal information is being used.
- Right to correction: this is the right to request that any incorrect personal data is corrected and that any incomplete personal data is completed.
- Right to erasure: (this is often called the ‘right to be forgotten’).This right only applies in certain circumstances. Where it does apply, you have the right to request us to erase all of your personal information.
- Right to restrict processing: this right only applies in certain circumstances. Where it does apply, you have the right to request us to restrict the processing of your personal information.
- Right to data portability: this right allows you to request us to transfer your personal information to someone else.
- Right to object: you have the right to object to us processing your personal information for direct marketing purposes. You also have the right to object to us processing personal information where our legal reason for doing so is the Legitimate Interests Reason (see section 4 above) and there is something about your particular situation that means that you want to object to us processing your personal information. In certain circumstances, you have the right to object to processing where such processing consists of profiling (including profiling for direct marketing).
11.2. In addition to the rights set out in section 10.1, where we rely on consent as the legal reason for using your personal information, you have the right to withdraw your consent. Further details about this are set out in section 4.5.
11.3. If you want to exercise any of the above rights in relation to your personal information, please contact us using the details set out at the beginning of this notice. If you do make a request, then please note:
- we may need certain information from you so that we can verify your identity;
- we do not charge a fee for exercising your rights unless your request is unfounded or excessive; and
- if your request is unfounded or excessive, then we may refuse to deal with your request.
12.1. You may receive marketing from us about similar goods and services, where either you have consented to this, or we have another legal reason by which we can contact you for marketing purposes.
12.2. However, we will give you the opportunity to manage how or if we market to you. In any email that we send to you, we provide a link to either unsubscribe or opt out, or to change your marketing preferences. To change your marketing preferences, and/or to request that we stop processing your personal information for marketing purposes, you can always contact us on the details set out at the beginning of this notice.
12.3. If you do request that we stop marketing to you, this will not prevent us from sending communications to you that are not to do with marketing (for example in relation to services that you have purchased from us).
12.4. We do not pass your personal information on to any third parties for marketing purposes.
13.1. If you are unhappy about the way that we have handled or used your personal information, you have the right to complain to the UK supervisory authority for data protection, which is the Information Commissioner’s Office (ICO). Please do contact us in the first instance if you wish to raise any queries or make a complaint in respect of our handling or use of your personal information, so that we have the opportunity to discuss this with you and to take steps to resolve the position. You can contact us using the details set out at the beginning of this privacy notice.
14. Third-party websites
Our website may contain links to third-party websites. If you click and follow those links, then these will take you to the third-party website. Those third-party websites may collect personal information from you and you will need to check their privacy notices to understand how your personal information is collected and used by them.