Privacy & Data Protection Policy

Privacy & Data Protection Policy

Effective date: 1 October 2025
Version: 1.2
Owner: Fintrac Limited

1. Purpose and scope

Fintrac Limited (“Fintrac”, “we”, “our”, “us”) is committed to protecting the privacy and security of personal information.
This policy explains how we collect, use, store, and protect personal data relating to:

  • visitors to our website,

  • clients and partners who interact with us, and

  • individuals whose data we may process as part of our services.

We comply with the UK GDPR, the Data Protection Act 2018, and other relevant data-protection legislation.

2. Who we are

Fintrac Limited is registered in England and Wales under company number 15818965.
Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.
We are registered with the UK Information Commissioner’s Office (ICO) under registration number ZB718988.

3. What personal data we collect

We may collect and process the following types of information:

  • Contact details – name, email address, phone number, organisation.

  • Professional information – role, company affiliation, area of interest.

  • Website analytics – usage data such as IP address, browser type, and pages visited (through essential and optional cookies).

  • Client relationship data – information necessary to provide services, manage accounts, or support licensed users of TRAC software.

4. How we use your information

We use personal data only when we have a lawful basis to do so, including:

  • To respond to enquiries and provide requested information.

  • To manage client and partner relationships.

  • To improve our products and website.

  • To meet legal, regulatory, or contractual obligations.

We do not sell personal data and do not use it for unrelated marketing without consent.

5. Lawful bases for processing

Our processing activities rely on one or more of the following lawful bases:

  • Consent (for example, where you opt in to receive communications).

  • Contractual necessity (when data is needed to deliver or support our services).

  • Legal obligation (where we must retain information for compliance purposes).

  • Legitimate interests (such as maintaining site security and service improvement).

6. Data retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected and to meet any legal or regulatory requirements. Retention periods are reviewed regularly in line with Fintrac’s internal data-retention schedule.

7. Data sharing and transfers

We may share limited personal data with trusted third-party service providers who support our operations (e.g. cloud hosting, analytics, or communications). All suppliers are contractually required to handle data securely and in compliance with UK GDPR. Data is normally processed within the UK or EEA. If data is transferred outside this area, appropriate safeguards (such as UK International Data Transfer Agreements) are applied.

8. Your rights

Under UK GDPR, you have the following rights:

  • Access your personal data.

  • Rectify inaccuracies.

  • Request erasure (“right to be forgotten”).

  • Restrict or object to processing.

  • Data portability.

To exercise any of these rights, please contact privacy@fintrac.co.uk. We aim to respond within one month.

9. Data security

We maintain technical and organisational measures to protect personal data against loss, misuse, or unauthorised access.
These controls form part of our broader Information Security Management System (ISMS), aligned with ISO 27001 principles.

10. Cookies and analytics

We use essential cookies for core website functionality and optional cookies to understand usage trends. You can manage cookie preferences through your browser settings.

11. Internal data-protection framework

Fintrac maintains a comprehensive Data Protection (GDPR) Policy (v1.2, effective 1 October 2025) that governs all personal-data handling across our operations. That internal policy includes detailed procedures for data retention, incident management, and staff training and is available to clients or regulators on request.

12. Contact and complaints

Fintrac Limited does not have a designated Data Protection Officer. For all data protection or privacy enquiries, please contact:

Privacy Contact

Fintrac Limited
Email: privacy@fintrac.co.uk
Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

13. Policy updates

We review and update this policy periodically to reflect legal, technical, or operational changes. The latest version will always be available at fintrac.co.uk/legal.