Privacy Policy

1. Introduction

FinCloud Marketing (“FinCloud Marketing OÜ”, “we”, “us”, or “our”) is committed to protecting your privacy and ensuring that your personal data is handled in a transparent and secure manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or interact with us in connection with our marketing services.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws. Please read this Privacy Policy carefully. If you do not agree with any part of this Privacy Policy, you should refrain from using our website and services.

2. Data Controller and Contact Details

The data controller responsible for the processing of your personal data is:

FinCloud Marketing OÜ
Jakobsoni tn 7/1-22
10128 Tallinn
Estonia

Email: privacy@fincloud.com
Phone: +372 123 4567

For any questions or requests concerning this Privacy Policy or our processing of your personal data, you can contact us using the details above.

3. Scope and Sources of Personal Data

This Privacy Policy applies to the processing of personal data of visitors to our website, prospects and clients, and any individuals who contact us or interact with our marketing activities.

We collect personal data from the following sources:

• Directly from you when you contact us, request information, or use our services.
• Automatically when you visit our website (e.g. via cookies and server logs).
• From publicly available business sources (such as professional websites or business directories) for B2B lead generation, where permitted by law.

4. Categories of Personal Data We Process

4.1 Data You Provide to Us

• Identification data (e.g. name, job title).
• Contact data (e.g. email address, phone number, company name).
• Message content and other information you provide when you contact us or request a service.
• Marketing preferences (e.g. whether you wish to receive our updates).

4.2 Automatically Collected Technical Data

When you access our website, certain technical information is automatically collected and stored in server log files:

• IP address;
• Date and time of access;
• Visited pages and files;
• Referrer URL (the previous page you visited);
• Browser type and version, device type, operating system;
• Other diagnostic data necessary for security and performance monitoring.

4.3 Cookies and Similar Technologies

We use cookies and similar technologies to provide basic functions of our website and, where you consent, to analyse usage and improve our services. Full details are set out in Section 6 below.

We do not intentionally collect special categories of data (such as health, religious beliefs, etc.) via this website.

5. Purposes and Legal Bases for Processing

We process your personal data only where we have a valid legal basis under Article 6 GDPR. Depending on the context, we may process data for the following purposes and on the following legal bases:

5.1 Providing Our Services and Responding to Enquiries

We process your identification and contact data to:

• Respond to your enquiries and requests;
• Provide our marketing-related services and maintain client relationships;
• Prepare and perform contracts with you or your company.

Legal basis: performance of a contract or steps prior to entering into a contract (Art. 6(1)(b) GDPR) and, in some cases, our legitimate interest in responding to B2B enquiries (Art. 6(1)(f) GDPR).

5.2 Website Operation, Security and Fraud Prevention

We process technical and usage data (including IP addresses and log files) to:

• Ensure the secure and stable operation of our website;
• Prevent misuse, detect and defend against cyber attacks;
• Monitor performance and troubleshoot technical issues.

Legal basis: our legitimate interest in ensuring IT security and the proper functioning of our website (Art. 6(1)(f) GDPR; Recital 49 GDPR).

5.3 Analytics and Performance Measurement

With your consent, we may use analytics tools to understand how visitors interact with our website (e.g. page views, time spent, navigation paths) in order to improve our content and services.

Legal basis: your consent (Art. 6(1)(a) GDPR) obtained through our cookie/banner settings. You can withdraw this consent at any time (see Section 6).

5.4 Direct Marketing and Newsletters

We may use your contact details to send you marketing communications, updates about our services, or invitations to events, where permitted by law.

Legal basis: your consent (Art. 6(1)(a) GDPR) or our legitimate interest in conducting B2B direct marketing (Art. 6(1)(f) GDPR), provided that you always have the right to opt out (see Section 10.4).

5.5 Compliance with Legal Obligations

We may process your personal data where necessary to comply with legal obligations, such as record-keeping, tax and accounting requirements.

Legal basis: compliance with legal obligations (Art. 6(1)(c) GDPR).

6. Cookies and Similar Technologies

Cookies are small text files stored on your device when you visit a website. We use the following categories of cookies:

• Strictly necessary cookies: required for the basic operation of the website (e.g. security, session management). These do not require your consent.
• Functional cookies: help us remember your preferences (e.g. language settings).
• Analytics / performance cookies: help us understand how visitors use our website.
• Marketing cookies: may be used to measure the effectiveness of campaigns or show relevant content (if used).

When you first visit our website, we display a cookie banner that allows you to accept or reject non-essential cookies (such as analytics and marketing cookies). You may change your cookie preferences at any time via your browser settings or, where provided, via our cookie settings link.

If you disable or refuse cookies, some parts of the website may not function properly.

7. Recipients and Data Processors

We do not sell your personal data. We may share your personal data with the following categories of recipients, only where necessary and subject to appropriate safeguards:

• Hosting provider: our website and related infrastructure are hosted by DreamHost, who processes personal data (including server logs and technical data) on our behalf.
• IT and technical service providers who support the operation, maintenance, and security of our systems.
• Email and communication service providers.
• Analytics and marketing service providers (where consent has been given).
• Professional advisers (e.g. legal, accounting) where necessary.
• Public authorities or courts where required by law.

These service providers act as “processors” under Art. 28 GDPR and are bound by contracts that require them to process personal data only on our documented instructions and to implement appropriate security measures. In particular, DreamHost acts as a processor for hosting and server log storage.

8. International Data Transfers

Our main data processing operations take place in Estonia and the European Economic Area (EEA). However, some of our service providers may be located in countries outside the EEA or may access data from such countries. This includes our hosting provider DreamHost, which operates infrastructure in the United States.

Where personal data is transferred to a country without an adequacy decision from the European Commission (such as the United States), we ensure that appropriate safeguards are in place, for example by concluding Standard Contractual Clauses (SCCs) under Art. 46 GDPR and, where necessary, implementing additional technical and organisational measures.

You can request further information on such safeguards or obtain a copy of the SCCs by contacting us at privacy@fincloud.com.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy and in accordance with legal requirements.

In general, we apply the following retention periods:

• Contact and enquiry data: up to 12 months after the last interaction, unless a longer period is required for contractual or legal reasons.
• Client and contract data: up to 7 years after the end of the contractual relationship, to comply with legal obligations (e.g. tax and accounting).
• Marketing contact data: until you withdraw your consent or object to receiving marketing communications.
• Server log files (including those stored by DreamHost): up to 60 days, unless a security incident requires longer retention.

We may retain data for longer periods if required by law or necessary for the establishment, exercise, or defence of legal claims.

10. Your Rights under GDPR

As a data subject in the European Economic Area, you have the following rights under the GDPR, subject to the conditions and exemptions set out in the law:

• Right of access – to obtain confirmation whether we process your personal data and, if so, to receive a copy.
• Right to rectification – to request correction of inaccurate or incomplete data.
• Right to erasure – to request deletion of your personal data, for example when it is no longer necessary for the purposes for which it was collected.
• Right to restriction of processing – to request that we limit the processing of your data in certain circumstances.
• Right to data portability – to receive personal data you provided to us in a structured, commonly used and machine-readable format, and to transmit it to another controller where technically feasible.
• Right to object – to object at any time to processing based on our legitimate interests, including direct marketing.
• Right to withdraw consent – where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

10.1 Right to Object to Direct Marketing

You have the right to object at any time to the processing of your personal data for direct marketing purposes. If you do so, we will stop processing your data for such purposes.

10.2 How to Exercise Your Rights

To exercise any of the above rights, please contact us at privacy@fincloud.com. We may need to verify your identity before responding to your request. We aim to respond within one month, but this period may be extended in complex cases.

10.3 Right to Lodge a Complaint

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a data protection authority, in particular in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.

In Estonia, the supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

12. Children’s Privacy

Our website and services are intended primarily for business and professional users and are not directed to children. We do not knowingly collect personal data from individuals under the age of 18.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us so that we can delete such data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our practices or legal requirements. The latest version is always available on this page.

We will indicate the date of the latest update at the top of this Privacy Policy. Significant changes may be communicated to you by email or via a notice on our website, where appropriate.

14. Contact Us

If you have any questions about this Privacy Policy or the way we process your personal data, please contact us: