Privacy Policy

Effective Date: 12 June, 2025

Welcome to Finrsch Ltd! We are deeply committed to protecting your privacy and handling your personal data with transparency, integrity, and in compliance with global data protection laws, including the General Data Protection Regulation (GDPR) in the European Union and the UK GDPR, as well as similar comprehensive privacy laws like the California Consumer Privacy Act (CCPA/CPRA).

This Privacy Policy explains how Finrsch Ltd ("we," "us," or "our") collects, uses, stores, and protects your personal information when you register for, access, and use our web-based platform, which offers company reports through both free and paid services.

1. Who We Are (Data Controller)

Finrsch Ltd is the data controller responsible for processing your personal data on this Platform.

Our Contact Details:

• Finrsch Ltd
• Email: support@finrsch.com
• Website: www.finrsch.com

2. What Personal Data We Collect & Why We Collect It (Purpose & Lawful Basis)

We collect and process personal data only as strictly necessary to provide our services, maintain the functionality of our website, and ensure security. Below is a detailed breakdown:

a. Information You Provide Directly (Necessary for Account Creation & Service Provision):

• Registration Data:

  • Types of Data: Email address, Password (stored securely in hashed/encrypted form), name, username, country of residence
  • Purpose: To create and manage your user account, enable secure login, process password resets, and identify you as a unique user. This is essential for you to access the Platform's services.
  • Lawful Basis (GDPR): Performance of a Contract. This data is indispensable for us to fulfill our contractual obligation to provide you with an account and access to our services.

• Payment Information (for Paid Services):

  • Types of Data: Depending on the payment method, this may include billing address, credit card type, last four digits of card number, expiry date, and transaction history.
  • Purpose: To process payments for your subscription to paid services and manage your billing through a secure third-party payment processor. We do not directly store your full credit card details or other sensitive financial information on our servers.
  • Lawful Basis (GDPR): Performance of a Contract. This data is required to process your subscription payments and deliver the paid services you have contracted for.

• Communication Data:

  • Types of Data: Name (if provided), email address, content of your messages, and any other information you provide when contacting our support channels (e.g., via email, contact forms).
  • Purpose: To respond to your inquiries, provide customer support, resolve issues, and improve our service based on user feedback.
  • Lawful Basis (GDPR): Performance of a Contract (to provide customer service as part of our agreement with you) and/or Legitimate Interests (to improve our services and support efficiency).

b. Information We Collect Automatically (Necessary for Website Functionality, Security & Improvement):

• Usage and Log Data:

  • Types of Data: IP address, browser type and version, operating system, device type, referring URL, pages viewed, time spent on pages, access dates and times, and clickstream data.
  • Purpose: To diagnose technical issues, ensure the website's proper functioning, enhance security (e.g., detect unusual activity or potential fraud), analyze website traffic patterns, and understand how users interact with our services for performance optimization.
  • Lawful Basis (GDPR): Legitimate Interests. Our legitimate interests are to operate and maintain a secure, functional, and efficient website, prevent fraud, and continuously improve our service offerings.

• Cookies and Similar Technologies:

  • Types of Data: Session IDs, user preferences, and anonymous usage statistics.
  • Purpose:
    • Strictly Necessary Cookies: Essential for the website's basic functionality (e.g., keeping you logged in, remembering your preferences, enabling navigation, managing content display). Without these, the site may not function correctly.
    • Analytics/Performance Cookies: To collect aggregate, anonymized data about how users interact with our website, such as popular pages, referral sources, and platform usage trends, to understand and improve our services.
  • Lawful Basis (GDPR):
    • Strictly Necessary Cookies: Legitimate Interests (to provide the requested service and operate the website).
    • Analytics/Performance Cookies: Consent. We will obtain your explicit consent for these cookies via a cookie banner or preference center. You have the right to withdraw this consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

3. How We Use Your Information

We use your personal data strictly for the purposes outlined above:

• To Provide and Maintain Our Services: Managing your account, granting access to company reports, processing subscriptions, and delivering core functionalities.
• To Ensure Security and Prevent Fraud: Protecting our systems and users from unauthorized access, malicious activities, and ensuring the integrity of our platform.
• To Improve Our Website and Services: Analyzing user behavior and technical data to identify areas for enhancement, troubleshoot issues, and optimize user experience.
• To Communicate with You: Sending essential service-related announcements, security alerts, and customer support messages. We will only send you marketing communications if you have explicitly opted-in for them, subject to separate consent where required.
• To Comply with Legal Obligations: Fulfilling legal requirements, regulations, and legitimate requests from public authorities (e.g., court orders, government inquiries).

4. How We Share Your Personal Data

We value your privacy and do not sell, rent, or trade your personal data to third parties for their marketing purposes. We only share your data in limited circumstances, and only to the extent necessary:

• With Service Providers (Data Processors): We engage trusted third-party companies and individuals to perform functions critical to our service operations (e.g., web hosting, payment processing, analytics, customer support, email delivery). These "data processors" act on our behalf and are contractually obligated to process your data only for specified purposes, maintain its confidentiality and security, and comply with data protection laws. We implement Data Processing Agreements (DPAs) where required.
  Examples: Cloud hosting providers (e.g., AWS, Google Cloud), payment gateways (e.g., Stripe, PayPal), analytics providers (e.g., Google Analytics - with IP anonymization and appropriate data sharing settings).
• For Legal Reasons and Protection: We may disclose your personal data if we believe it's necessary to:
  • Comply with a legal obligation (e.g., subpoena, court order).
  • Protect and defend the rights or property of Finrsch Ltd.
  • Prevent or investigate possible wrongdoing in connection with the Service.
  • Protect the personal safety of users of the Service or the public.
  • Protect against legal liability.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Platform of any such change in ownership or control of your personal data.

5. Data Security

We implement robust technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: Data encryption both in transit (TLS/SSL) and at rest.
• Access Controls: Restricting access to personal data to authorized personnel on a "need-to-know" basis.
• Secure Server Environments: Hosting data in secure data centers with physical and environmental controls.
• Regular Security Audits: Conducting periodic security assessments and vulnerability scanning.
• Employee Training: Ensuring our staff are aware of data protection best practices.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, and to comply with our legal, accounting, or reporting obligations.

• When you close your account, we will generally initiate the deletion or anonymization of your personal data within a reasonable timeframe, unless specific legal requirements necessitate longer retention (e.g., financial transaction records for tax purposes).
• Usage data and analytics data may be retained for longer periods when anonymized or aggregated, as it does not directly identify you.

7. Your Data Protection Rights (GDPR & Similar Laws)

Under GDPR and similar laws, you have specific rights regarding your personal data. We are committed to respecting and facilitating these rights:

• Right to Access (Art. 15 GDPR): You have the right to request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16 GDPR): You have the right to request that any inaccurate or incomplete personal data about you be corrected or completed without undue delay.
• Right to Erasure ("Right to be Forgotten," Art. 17 GDPR): You have the right to request the deletion of your personal data under certain conditions (e.g., data is no longer necessary for the purposes for which it was collected, you withdraw consent, or processing is unlawful). Please note, this right is not absolute and may be subject to legal exceptions (e.g., retaining data for legal compliance).
• Right to Restriction of Processing (Art. 18 GDPR): You have the right to request that we limit the way we use your personal data in certain circumstances (e.g., if you contest the accuracy of the data, or the processing is unlawful but you oppose erasure).
• Right to Data Portability (Art. 20 GDPR): You have the right to request that we transfer the data that we have collected to another organization, or directly to you, in a structured, commonly used, machine-readable format, where technically feasible and processing is based on consent or contract.
• Right to Object to Processing (Art. 21 GDPR): You have the right to object to our processing of your personal data where we rely on legitimate interests as the lawful basis for processing (e.g., for analytics), or for direct marketing purposes.
• Right to Withdraw Consent (Art. 7(3) GDPR): Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (data protection authority) in your country of residence or the place of the alleged infringement if you believe your rights under GDPR (or similar laws) have been violated. For GDPR, you can find a list of EU supervisory authorities here: https://edpb.europa.eu/about-edpb/about-edpb/members_en
  For UK residents, the supervisory authority is the Information Commissioner's Office (ICO).
  For California residents, you can direct complaints to the California Privacy Protection Agency (CPPA).

How to Exercise Your Rights:

To exercise any of these rights, please contact us using the "Contact Us" details provided in Section 1. We may ask you to verify your identity before responding to your request to ensure the security of your personal data. We will respond to your request within the legally required timeframe (e.g., one month under GDPR).

8. International Data Transfers

As we operate globally and utilize service providers worldwide, your personal data may be transferred to, stored in, and processed in countries outside the European Economic Area (EEA), the UK, or the United States, where data protection laws may differ.

When transferring your data outside the EEA or UK, we ensure that appropriate safeguards are in place to protect your data, such as:

• Standard Contractual Clauses (SCCs): Implementing the European Commission's or UK's Standard Contractual Clauses with our data processors, which offer contractual commitments to protect your data.
• Adequacy Decisions: Relying on countries that the European Commission or UK has deemed to provide an adequate level of data protection.

By using our Platform, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this Privacy Policy.

9. Children's Privacy

Our services are not directed to individuals under the age of [e.g., 16 for GDPR, or 13 for COPPA in the US]. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take immediate steps to remove that information from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new technologies. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data. Your continued use of the Platform after the updated Privacy Policy becomes effective constitutes your acceptance of the revised policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us at:

Finrsch Ltd
Email: support@finrsch.com

We are here to help and ensure your privacy is respected.