What is Personally Identifiable Information (PII)?
If you can identify an individual from stored data, then the data is “Personally Identifiable Information”. (“Personal Data”) and falls within the remit of GDPR
- GDPR Art.4(1) defines Personal Data as: “Any information relating to an identified or identifiable natural person (“data subject”), an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.“ (NOT an exhaustive list)
Sensitive Data or “Special Categories”
Sensitive Data is PII that may be particularly sensitive to the person concerned. The GDPR gives examples of ‘Special Categories’ of personal data in Article 9. Special categories of data have additional rules and processing restrictions. We at fintechr never collect sensitive data of our customers.
- Racial or Ethnic origin
- Political opinion/affiliation
- Religious or political beliefs
- Trade Union membership
- Genetic/biometric data (for the purpose of uniquely identifying a natural person)
- Health related
- Sex-life/sexual orientation
What information do we collect, why do we collect it, and how is it used?
We only collect and use personal information we need to deliver a service or meet a requirement e.g. fulfillment of contractual obligations.
We don’t sell your personal information to anyone else.
|Global (entire site)||IP address||Google Analytics tag||To anonymously monitor your behaviour on our website to enable us to optimise your user experience|
|Get in touch||Name, Email address, Subject, Message||Webform|
Your rights & Subject Access Requests (SARs)
GDPR extends you, as Data Subjects, certain rights. If you would like to exercise any of the below rights, please email us at firstname.lastname@example.org. We will respond to all requests within 30 days. However please bear in mind that we do not necessarily have to comply with all Subject Access Requests (SARs). For instance, we may not have to comply in-part, or in-full, to a SAR if we have legal grounds to refuse your request under GDPR Lawful processing.
Data Subject rights under GDPR
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
GDPR Lawful processing
- Consent of the Data Subject
- Processing is required for the performance of a contract with the Data Subject or to move towards entering into a contract
- Processing is required for compliance with a legal obligation
- Processing is required to safeguard the vital interests of a Data Subject
- Processing is required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller
- Necessary for the purposes of legitimate interests pursued by the Controller or a third party, except where such interests are outweighed by the interests, rights, or freedoms of the Data Subject
- it is important to note that this condition is not available to processing carried out by public authorities in the performance of their tasks
- We only use what we need.
Who do we share your information with?
We use a range of organisations, “Data Processors”, to either store personal information or help deliver our services to you. Where we have these arrangements, there is always an agreement in place to make sure that the organisation complies with data protection law.
We’ll often complete a Data Privacy Impact Assessment (DPIA) before we share personal information to make sure we protect your privacy and comply with GDPR legislation.
Sometimes we have a legal duty to provide personal information to other organisations. For instance
- if instructed to do so by the courts
- to identify and stop crime and fraud; or
- if there are serious risks to the public, our staff or to other professionals;
- to protect a child
- Google analytics: We use Google Analytics to anonymously monitor your behaviour on our website. We use this data to optimise your user experience through on-going site updates. You can learn more about our use of Google Analytics in the Google Analytics section below
Protecting your Personal Information
- Controlling access to data
- Regular staff training and system testing
- TLS for email: We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
- Encryption: We encrypt stored-data and data-in-transit using varying cipher technologies. This means that your PII cannot be read computationally or read by a human without specific decipher knowledge
- Pseudonymisation: Means replacing any potentially identifiable information, concerning an individual’s characteristics, with a pseudonym, e.g. using codes or numbers to ensure that the data subject cannot be identified
Public forums, refer a contact, and customer testimonials
We may provide bulletin boards, blogs, QA sessions or chat rooms on the Company’s Web sites or at company events. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums.
We post a list of Customers and testimonials on the Company’s Web sites that contain information such as Customer names and titles. We obtain the consent of each Customer prior to posting any information on such a list or posting testimonials.
International transfer of information collected
We primarily store Data about our Customers and course Attendees in the United Kingdom. To facilitate global operations, we may transfer and access such information from around the world, including from other countries in which the Company has operations. Any transfers of such data are protected under GDPR compliant Binding Corporate Rules. This Privacy Statement shall apply even if we transfer Data about our Customers or Data about our Attendees to other countries.
How long do we keep your personal information?
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
What are Cookies?
A cookie is a piece of data stored on the user’s computer tied to information about the user. fintechr may use both session ID cookies and persistent cookies.
- Session ID cookies: Once you close your browser or log out, the cookie terminates and is erased. A persistent cookie is a small text file stored on your computer’s hard drive for an extended period of time. Your browser’s help file contains information and instructions for removing persistent cookies. Session ID cookies may be used by fintechr to track user preferences while the user is visiting the website. They also help to minimise load times and save on server processing.
- Persistent cookies: May be used by fintechr to store, for example, whether or not you want your password remembered, or other such information.
Cookies used on the thefintechr.com Website do not contain personally identifiable information.
We use Google Analytics on our website. How Google uses the data when you use our website may be found here. You may disable the Google Analytics function by means of a browser add-on to ensure the prevention of the sending of any analytical information to Google.
Like most standard Websites, fintechr.com uses log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyse trends, administer the site, track user’s movement in the aggregate, and gather broad demographic information for aggregate use. However, none of the information stored within fintechr log files, including but not limited to IP addresses, is linked to personally identifiable information.
Changes to this Privacy Statement
We reserve the right to change this Privacy Statement. We will provide notification of the material changes to this Privacy Statement through the Company’s Web prior to the change taking effect.
Have a question?
If you have any worries or questions about how your personal information is handled please contact us at email@example.com.
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:
Information Commissioner’s Office
Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Alternatively, visit ico.org.uk or email firstname.lastname@example.org.