PRIVACY POLICY

Fincluded B.V. makes every effort to protect your privacy. The effective management of all personal data, including its security and confidentiality, forms the basis for the provision of PINCARD customer service. We collect, use, and are responsible for certain personal information about you. When we do this, we are subject to applicable data protection laws, and as the "controller" of that personal data, we are responsible for complying with the law.

This Privacy Policy describes how we use your personal data when you interact with us via the Fincluded and/or the PINCARD websites, the PINCARD mobile app, and the PINCARD customer service.

This Privacy Policy also explains your rights regarding your personal data and how you can contact us, or the supervisory authorities, in case you have a question or complaint.

Your personal data is collected by FINCLUDED B.V. ("Fincluded" / "PINCARD" / "we" / "us" / "our"), a legal entity registered in the Netherlands with the Chamber of Commerce (KvK) no: 85572551, registered address: Goeman Borgesiuslaan 77, 3515ET Utrecht, the Netherlands.

Contact details of the responsible data protection department:
For questions about the processing of your personal data, you can contact the responsible data protection department by e-mail: privacy@fincluded.eu, or by regular post: 

Fincluded B.V., Goeman Borgesiuslaan 77, 3515 ET Utrecht, The Netherlands.

Whose personal data does this Privacy Policy apply to?

This Privacy Policy describes our method of using the personal data of:
- Persons who register to open a PINCARD payment account (“PINCARD account holders”); and
- Persons who visit our websites, use our App or otherwise interact with Fincluded B.V.

Keeping your personal information safe:
We have taken appropriate security measures to prevent personal data from being accidentally lost, used, or illegally obtained. We also have procedures in place to deal with any data breaches.

Data collection and use:
We will collect, store and use your personal information for the purposes set out in more detail in this section. Your information may be shared with some third parties as set out in more detail below.

Information we collect about PINCARD account holders:
We collect most personal data directly from PINCARD account holders, by telephone, by post or email, and/or via our websites, and/or via the PINCARD mobile app. The categories of personal data we collect may be as follows (the actual scope of personal data we collect always depends on the situation):

Identification data:
First name, last name, personal identification number, date of birth, and information stated in the identification document (passport or ID card).

Contact details:
Address, telephone number, and e-mail address.

Financial data:
IBAN account number, incoming and outgoing payments, and the information and transaction history contained therein; PINCARD Mastercard Debit card transactions and the information and transaction history contained therein.

Data on professional activity:
Occupation and other related information.

Data obtained and/or created in the performance of an obligation arising from the law:
Data that Fincluded B.V. may need to report to authorities, such as tax authorities (e.g., country of birth, residence, taxpayer number, nationality, tax residency), courts, and law enforcement, including income data.

Data obtained and/or created in order to fulfill an obligation arising from the laws on the prevention of money laundering and the financing of terrorism:
Origin of funds, bank accounts, payment documents, expenses, and income, the purpose of the account, current/former employment, economic and commercial activities, and other sources of income, PEP status; information received during in-depth customer research (information on business partners and business activities, cash flow, reliable information publicly available on the Internet, information obtained from sanctions list screenings, etc.

Data related to contractual obligations and services:
Information contained in the Swan SAS concluded agreement (conditions, rates, conditions, description of services, etc.).

Data used for direct marketing:
Email address, phone number, and push notifications on the PINCARD mobile app installed on a device.

Data obtained through communication with PINCARD customer service:
Information obtained from letters, e-mails, telephone conversations, etc. during communication with PINCARD customer service.

Data related to the use of the PINCARD Mobile App and/or the Fincluded and PINCARD websites:
Cookies and data are received while using the app or browsing the website, such as location, device, IP address, and browser type.

Audiovisual data:
Video and/or audio recordings when you call PINCARD customer service or video chat via PINCARD Mobile App.

Information obtained to comply with legal requirements:
Data obtained from investigations by notaries, bailiffs, law enforcement agencies, etc.

How do we use the personal data collected about PINCARD account holders?
The personal details of PINCARD account holders are used for:
- The opening of your PINCARD payment account with Swan SAS and, for Swan SAS, to perform payment services on your behalf, issue payment cards, mobile application services, etc.
For this purpose, Swan SAS will process identification data, contact details, and data related to your contractual obligations with Swan SAS
- To carry out obligations arising from anti-money laundering and terrorist financing laws, automatic exchange of tax residency information (CRS, FATCA), anti-tax evasion (DAC6), and others:
For this purpose, the following data is processed: identification data, contact details, data obtained and/or created in order to fulfill an obligation arising from the laws for the prevention of money laundering and terrorist financing, data on education and professional activity, data obtained and/or created during the to perform an obligation arising from the law (CRS/FATCA/DAC6).
- To assess and prevent risks associated with your PINCARD Account (fraud prevention, prevention of money laundering, and terrorist financing):
For this purpose, the following data is processed: identification data, contact details, data obtained and/or created to comply with a legal obligation, financial data, and data obtained and/or created to comply with an obligation arising from the laws to prevent money laundering and terrorist financing.
- To provide you with direct marketing materials:
For this purpose, we process identification data (name only), contact details (email address only, and data to send you push notifications on your device).
- To perform internal analysis and research that helps improve the PINCARD Account (e.g. statistical data):
For this purpose, we process data and information that does not contain personal data.

Why do we use the personal details of PINCARD Account holders?
This personal data is used because:
- It is necessary to enter into contact with PINCARD Account holders (for example, to perform services from the PINCARD Customer Service);
- It is necessary to comply with legal or regulatory requirements (including screening for financial or other sanctions and checks to identify and verify your identity);
- It is necessary for the legitimate interest of us or a third party. A legitimate interest only applies if we consider that it overrides the interests or rights of PINCARD Account holders who require the protection of their personal data.

We have the following legitimate interests in using this information:
- To understand how PINCARD Account holders handle their PINCARD Account;
- To provide and improve PINCARD customer service, including understanding and responding to feedback; and
- Ensuring the security of our organization, our Website/App, and/or the PINCARD customer service.

When we process sensitive personal data, we will only do so on the basis of your explicit consent to carry out such processing, or if we are legally permitted and required to process such data.

We generally do not rely on "consent" as the legal basis to process your personal data, except in relation to sending you marketing communications (for example via online banners, emails, or text messages) and in relation to sensitive personal data.

How do we obtain your personal data?
We obtain your personal data from the following sources:
- Yourself:
When applying for your PINCARD Account; when you approach us by post, email, telephone, etc.; when you approach PINCARD customer service; while using the PINCARD Mobile App, or when visiting our websites.
- From third parties:
From parties that provide us with information about you; entities that manage public records; state institutions and law enforcement agencies; employees of Swan SAS.

Consent to marketing:
We only process your personal data with your consent for direct marketing purposes. We will only send you marketing communications if you are actively opt-in to receive them, either by agreeing to push notifications in the PINCARD Mobile App and/or consenting to marketing through non-app-based channels (during the application process or at any time thereafter). Non-app-based channels include email, phone, post, and direct messages online (e.g. through social media).

You may withdraw your consent to receive such marketing communications at any time by changing your push notification app settings. This link allows you to opt out of all marketing through non-app channels, or select specific channels to opt out of while retaining consent for direct marketing through your preferred channels. A reminder of the link will be provided in all non-app marketing communications.

Push Notifications:
We may provide you with information via PINCARD Mobile App push notifications. Push notifications are messages that you receive on your smartphone or other devices without a specific request and regardless of whether the PINCARD Mobile App is open or not. We will only send you marketing push notifications if you expressly agree to this when you open your PINCARD account. After you have opened your PINCARD Account, you can also give your consent to receive marketing push notifications in the app settings. You can withdraw your consent to receive push notifications for marketing purposes at any time. The revocation can be done in the settings of the PINCARD Mobile App.

Profiling:
If we were to use the option of a fully automated person-related decision-making system, and if required by law, we will notify you in advance. You have the right to see the result of this automated decision-making system. We partially process your personal data automatically to assess certain personal aspects (profiling).

Recipients of contact details of PINCARD account holders:
Personal data of PINCARD account holders can be disclosed to third parties as follows:
- To banks, tax authorities, courts, regulators, and security or police authorities, if required or required by law, or where we deem it necessary (e.g. you have agreed to do this, or where we suspect that there are funds on your account that originates from a financial crime);
- If we are defending a legal claim, account holder information may be processed as required in connection with a claim;
- If we agree to the sale or transfer of part or all of the sale or transfer of Fincluded B.V. – the information may be transferred to potential buyers under appropriate conditions of confidentiality; and
- If Fincluded B.V. is reorganized or sold, information may be transferred to the purchaser in order to continue its activities.

We only allow third parties to use your personal data if we are sure that they take or have taken appropriate measures to protect your personal data.

Your personal data may also be disclosed to a law enforcement or regulatory authority, or to an authority to defend a legal claim, where necessary. We will not delete personal data if it is relevant to an investigation or dispute. These will remain stored until the investigation or dispute is fully resolved.

How long do we store your data?
We will retain your information for as long as reasonably necessary to fulfill the purposes for which we collected it, including as necessary to comply with any legal, regulatory, accounting, or reporting requirements.

To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and, whether we can achieve those purposes through other means, as well as the applicable legal and regulatory requirements, for example:
- We process the data collected and store the data for another 10 years after the cancellation of your PINCARD payment account;
- Data of consent for marketing purposes - 3 years from the date of consent;
- Recorded telephone conversations, video chats, and text chats are kept for 10 years after the recording date;

We will regularly update this information to ensure we keep it up to date. When it is no longer necessary to store your personal data, we will delete or anonymize it.

Where your information is kept:
We ensure that your personal data is stored in the territory of the European Union ("EU") and the European Economic Area ("EEA"). Given the global nature of financial services and technological solutions and in order to process your personal data for the purposes specified in this Privacy Policy, your personal data may be transferred outside the EU and EEA for the provision of individual services. When we transfer your data outside the EU and EEA, we will ensure that there are adequate safeguards in place, such as standard contractual clauses approved by the European Commission.

Your rights:
To the extent provided by applicable law, you have the following rights in relation to your information, which you can exercise free of charge. Some of these rights only apply in certain circumstances.

Revoke consent:
Where we have obtained your consent - for example, to use cookies when you visit our websites.

Access:
When we process your data, you have the right to request access to your personal data. For this, you can receive a copy of the personal data we hold about you and certain other information about it.

Correction:
You have the right to request that any incomplete or inaccurate personal data we hold about you be corrected.

To clear:
You have the right to ask us to delete personal data under certain circumstances. There are certain exceptions where we may refuse a request for deletion, such as where the personal data is required for compliance with the law or in connection with legal claims.

Limit:
You have the right to ask us to suspend the processing of some of your personal data about you, for example, if you want us to establish its accuracy or the reason for processing it.

Transfer:
You can request the transfer of certain of your personal data to another party.

Not to be included in an automated decision-making system:
You can ask not to be included in an automated decision-making system (including profiling) that has legal consequences against you or similarly significantly affects you.

Right of objection:
In addition to the above rights, you also have the right to object to the processing of your data by us in certain circumstances. When we process your personal data based on legitimate interests, you can contest this. However, we may be entitled to continue processing your information based on compelling legitimate grounds for us or where relevant for legal claims. You also have the right to object to the processing of your data to send you direct marketing.

For more information about each of these rights, including the circumstances in which they apply, please contact us or refer to the information provided by the data protection regulator.

If you wish to exercise any of these rights, please contact us in writing and provide us with sufficient information to identify you (for example, your full name, address, and account number), proof of your identity and address (a copy of your driver's license or passport, a recent utility bill or a bank statement), and the details of the objection you have.

How can you exercise your rights?
We make every effort to support you in exercising your rights and to answer any questions you may have about the information in this Privacy Policy.

You can submit a request regarding the exercise of the rights mentioned above, as well as any complaint, notification, or request by e-mail: privacy@fincluded.eu or, by regular mail:
Fincluded B.V., Goeman Borgesiuslaan 77, 3515ET Utrecht, The Netherlands.

If it is necessary to provide confidential information or information that constitutes banking secrecy for the preparation of an answer, we may ask you to confirm your identity.

We will respond within 30 calendar days of the date of receipt of your request. In exceptional circumstances requiring additional time, upon notice to you, we have the right to extend the deadline for submitting the requested data or other requirements specified in your application to 60 calendar days from the date of your request.

Our data protection department will answer any questions you have regarding our use of your information, if necessary. solve problems for you.

However, you also have the right to lodge a complaint with the supervisory authority (Data Protection Authority) in the country of the EEA where you are resident or where we are located, or where an alleged breach of data protection law has occurred. occurred.

Links to Third Party Website:
The Fincluded and PINCARD websites and the PINCARD Mobile App may from time to time contain links to third-party websites.
The personal information you provide through these websites is not subject to this Privacy Policy, and the handling of your personal information by such websites is not our responsibility. If you follow a link to any of these websites, please note that these websites have their own Privacy Policies that set out how your information is collected and processed when you visit those sites.

Underage children:
The Fincluded and PINCARD websites and the PINCARD Mobile App are not intended for children under the age of 18. If you are under the age of 18, you should not provide us with any personal information through our websites or our PINCARD Mobile App.

Changes to the Privacy Policy:
This Privacy Policy may be amended from time to time. When we change something material about this Privacy Policy (about the information we collect, how we use it, or why we use it), before the change(s) become effective, we will mark those changes as a notice and, post a prominent link to the change(s) for a reasonable time.