Privacy Policy

Privacy Policy

Last updated: January 10, 2020

 

FINOS Privacy Policy

The Fintech Open Source Foundation (FINOS) is an independent nonprofit organization that promotes open innovation for its members and users (“Clients”) in the financial services industry. FINOS coordinates over 100 projects and working groups, which enable open collaboration through a variety of programs. The FINOS website (https://www.finos.org/) (“website”), our associated platforms including https://finos.github.io/ ("platforms"), and the events we organize (“events”), are the primary tools through which we connect our Clients to the services (“services”) we provide. To help our Clients better understand what information FINOS collects, how we use that information, and how we protect it, we are providing this Privacy Policy. 

This Privacy Policy sets out how FINOS treats personal data, including the data collected or processed through our website. We need to collect and process personal data in order to run our organization and offer our services to Clients. FINOS does not share Client or user information with third parties except for the limited purposes described below. 

By using our services, Clients understand that we will collect and use their information as described in this Privacy Policy. We recommend to our Clients that they read this Privacy Policy in full to ensure they are fully informed and we have done our best to make it straightforward and easy to understand.

If you have any questions about this Privacy Policy or how we handle personal data, please contact us at legal@finos.org or use the contact information set out at bottom.

 

What Personal Data Does FINOS Collect, and Why?

The information that FINOS gathers from Clients allows us to provide our services. For example, it allows us to set up a Client account, communicate with Clients, provide support, enable payments, and to organize and register Clients for our events. 

 

A. Information Our Clients Provide

i) Account Creation

We receive and store the information our Clients supply to us when they create an account and when they communicate with us by email, web form, telephone, or social media. This information includes name, company, email address, postal address, and telephone number. We also enable Clients to create a username and password, which allows us to ensure that they can securely use our services.

ii) Accepting Payments

FINOS requests membership fees via check or ACH. We may also process payments for events via third-party platforms such as Eventbrite and Meetup, and in the case of payment for events, Eventbrite and Meetup. FINOS does not store credit card information on its own systems.

iii) Event Registration

FINOS collects information that Clients provide to us when they register for one of our events, such as conferences, trainings, or meetups, and when they choose to participate in an event as an attendee, speaker, or sponsor. This information includes personal data such as your name, company, and contact information.

iv) Accessing Resources and Programs

Clients can register to receive access to various resources provided by FINOS, such as open source development and collaboration platforms. Similarly, we may collect information relating to your participation in technical, governance, or other such meetings. To administer these programs, and to enable access to collaboration tools such as wikis and our Open Developer Platform, we may need to collect personal data such as an email address and contact information. We also enable Clients to receive updates and sign up to mailing lists where they choose to do so. 

v) Voluntary Questionnaires or Surveys

From time to time we may provide questionnaires or surveys to our Clients for such purposes as collecting demographic information or assessing Client interests and needs, to help us to improve our services. Any such questionnaires or surveys will be entirely voluntary. The purpose and intended use of the information being collected will be explained in the survey itself.

vI) Client Participation in Projects

When Clients contribute source code, documentation, or other materials to one of our Programs (whether on your own behalf or on behalf of your employer), we store the information and content that you contribute. This can include the contributed materials, information required to confirm the provenance of the contribution, and any associated intellectual property. We ask Clients not to upload personal data to our Programs.

 

Information Automatically Collected from Clients

We also collect certain information automatically. Like many websites, the FINOS website uses “cookies” and we obtain certain types of information when your web browser accesses our site. Cookies are used most commonly to do things like tracking page views, identifying repeat users and utilizing login tokens for a session.

Type of Cookie Who Serves How to Control These
Strictly Necessary cookies: These cookies are strictly necessary to provide you with services available through our Websites and to use some of its features, such as access to secure areas.

FINOS


Hubspot

Because these cookies are strictly necessary to deliver the Website to you, you cannot refuse them. You can block or delete them by changing your browser settings.
Performance and Targeting cookies: These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customise our website for you. Such cookies may record site and display-related activity for a session so that a client does not see displays that are irrelevant or have already been dismissed. e.g. Google, Mixpanel, Privy, and Hubspot cookies.

See the Privy and Hubspot cookie disclosures for more information. 


You can refuse Google Analytics cookies universally by using the relevant opt-out link below:


Google Analytics: https://tools.google.com/dlpage/gaoptout

     
You can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our website may be restricted.   As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information.

 

In order to provide you with services that are optimized for your particular location, we may collect information about your location and your mobile device, including a unique identifier for the device. Other information we collect and analyze includes the Internet Protocol (IP) address used to connect your computer to the Internet, computer and connection information such as browser type, version, language, and time zone setting, browser plug-in type and version, screen resolution, and operating system and platform. This information is stored in log files and is collected automatically. We collect this technical information to better understand user needs and provide Clients with an optimal online experience.

We also collect aggregate usage data for our website, which may include browsing patterns and broad demographic information, to enable us to understand how our website is being used and to develop and refine it to better serve our Clients.

At times we may use software tools to provide better user interfaces, response times, progress bars, and other graphics, and to support the users of these interfaces through tools such as live chat. We may use JavaScript to understand the usage of our sites or interfaces in order to improve user experience. This can include measuring and collecting session information, including page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from a page. We may also collect technical information to help us identify your device for fraud prevention and diagnostic purposes.

 

Our Legal Bases for Processing Personal Information

For personal data under FINOS’s control, we rely on three bases to lawfully obtain and process personal information. First, where Clients have given us valid consent to use their data in certain ways, we rely on that consent. 

Second, in some instances we process personal information in accordance with our Terms of Service, Membership Agreement, or another contract between Clients and ourselves. 

Third, as described in more detail below, in certain cases we may process information where this is necessary to meet legal obligations, such as compliance with law enforcement subpoenas or warrants, and/or to further our legitimate interests, so long as any such legitimate interests are not overridden by your rights or interests.

 

How and When Do We Share Information?

FINOS is not in the business of selling your information. As set out below, we only share information on a limited basis in order to enable us to offer our services. We do not otherwise make Client data available to third parties.  

Service Providers: We employ other organizations and service providers to perform certain functions on our behalf. These third parties have only limited access to your information, may use your information only to perform these tasks on our behalf, and are obligated to FINOS not to disclose or use your information for other purposes. 

Our use of third party service providers includes:

  • Hubspot: for CRM, sales & marketing, and website hosting. 
  • Google Groups: to maintain mailing lists for projects, working groups, and community governance.
  • Google Drive: to store documents. 
  • GitHub and GitLab: for project hosting. 
  • Eventbrite: for event publication, registration and payment. 
  • Meetup: for event publication, registration and payment. 
  • Atlassian Confluence & Jira: for wiki and issue tracking. 
  • Privy: for website visitor conversion.
  • Cisco WebEx: to enable online meetings. 
  • Bitergia: for analytics on project and working group participation

If you have any questions about the specific service providers we currently use, please contact us at legal@finos.org or by using the contact information set out at bottom.

Legal Compliance / Protection of the Public and Our Business / Legitimate Interests 

We will release personal and account information in response to lawful requests by public authorities, including to meet legitimate national security or law enforcement requirements; to protect, establish, or exercise our legal rights or defend against legal claims, including to collect a debt; to comply with a subpoena, court order, legal process, or other legal requirement; or when we believe in good faith that such disclosure is necessary to comply with the law, prevent imminent physical harm or financial loss, or investigate, prevent, or take action regarding illegal activities, suspected fraud, threats to our property, or violations of our Terms of Service.

In limited circumstances, we may also exchange certain information with other companies and organizations for the specific purpose of fraud protection. However, this does not include selling, renting, sharing, or otherwise disclosing personally identifiable information from Clients for commercial purposes in violation of the commitments set forth here.

We may also share your information during an organizational transaction like a merger or sale of our assets. If such a transaction occurs, we will provide notification of any changes to control of your information, as well as choices you may have.

 

Children’s Privacy

Our services are not designed for, and are not marketed to, people under the age of 18 (“minors”). We do not knowingly collect or ask for information from minors and we do not knowingly allow minors to use our services. By using our services or accessing our website, Clients represent that they are at least the age of majority in their country, state and/or province of residence.

 

Data Transfers

FINOS is based in the United States, processes and stores data in the United States, and makes its services available around the world. The United States, Member States of the European Economic Area (“EEA”), and other countries are governed by different laws. When your data is moved from its home country to another country, the laws and rules that protect your personal information in the country to which your information is transferred may be different from those in the country where you reside. For example, the legal requirements for law enforcement to gain access to personal information may vary between countries. If your personal data is in the United States, it may be accessed by government authorities in accordance with United States law.

FINOS provides a voluntary service and Clients can choose whether or not they wish to use it. In order to make our website and services work as they do, and to enable basic functionality, we ask Clients to agree to our Terms of Service, which sets out the contract between FINOS and our Clients. Because we offer our services to people in different countries and use technical infrastructure based in the United States, we may need to transfer your personal information across borders in order to deliver our services.

 

How Secure Is Your Information?

We maintain administrative, technical and physical safeguards designed to protect the privacy and security of the information we maintain about you. When you provide us with personal information, the connection between your computer and our server is encrypted using Secure Sockets Layer (SSL) software that encrypts that information. We use a Digital Certificate and secure pages will be identified by a padlock sign and “https://” in the address bar. We store our data in protected databases on secured servers with restricted access. We also use hardware and software firewalls, screen for viruses and malware, and utilize live 24/7 monitoring services to mitigate threats. However, no method of transmission or storage is 100% secure. 

All accounts used to access FINOS-related resources are maintained by the vendors providing those resources; FINOS does not store any passwords on behalf of our Clients. It is very important for Clients to protect against the theft or unauthorized access of their account credentials for these services. 

 

What Are Your Rights?

Upon request, FINOS will provide Clients with information about whether we hold any of their personal information. In certain cases, subject to relevant legal rights, Clients have the right to object to the processing of their personal information, to request changes, corrections, or the deletion of their personal information, and to obtain a copy of their personal information in an easily accessible format. In order to do this, Clients can contact us using the contact information set out at the bottom of this Privacy Policy. We will respond to every request within a reasonable timeframe and may need to take reasonable steps to confirm identity before proceeding.

You can also withdraw your consent to our processing of your information and the use of our services, and/or delete your Client account at any time, by using the contact information below to request that your personal information be deleted. 

If you withdraw your consent to the use or sharing of your personal information for the purposes set out in this policy, we may not be able to provide you with our services. Please note that in certain cases we may continue to process your information after you have withdrawn consent and requested that we delete your information if we have a legal basis/need to do so. 

We offer our Clients the opportunity to receive information about our company and products that we think may be of interest to them. If Clients no longer wish to receive such information then we will stop sending it. Any emails that we send contain an obvious means of unsubscribing from further messages, with a link appearing at the bottom of the email. 

 

Data Retention

For personal data under its control, FINOS will retain such data only for as long as is necessary for the purposes set out in this policy, for as long as the Client account remains open (i.e. for the lifetime of the account), or as needed to provide Clients with our services. 

If a Client no longer wishes to use our services then it may close its account and request deletion of its data at any time. 

Notwithstanding the above, FINOS will retain and use Client information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, and enforce our agreements. We may also retain log files for the purpose of internal analysis, for site safety, security and fraud prevention, to improve site functionality, or where we are legally required to retain them for longer time periods.

 

Contact Us

If you have any questions, comments or suggestions about how we handle personal information you can contact FINOS at legal@finos.org. You can also write to us at the following address:

Fintech Open Source Foundation

330 Primrose Road #400

Burlingame, CA 94410