Privacy Policy

We respect your privacy and are committed to protecting it through our compliance with this privacy policy (“Policy”). In the this Privacy Policy, Fipto Holding SAS and its subsidiaries Fipto France SAS and Fipto PI SAS (hereinafter: “Fipto”, “we”, “our”, “the Company”)) shall inform you about the collection, use and processing of personal data when using our website (hereinafter: “Website”) and our web application (hereinafter: “Web App”). 

This Policy is a legally binding agreement between you (“User”, “you” or “your”) and Fipto. If you are entering into this Policy on behalf of a business or other legal entity, you represent that you have the authority to bind such entity to this Policy, in which case the terms “User”, “you” or “your” shall refer to such entity. If you do not have such authority, or if you do not agree with the terms of this Policy, you must not accept this Policy and may not access and use the Website and Services. By accessing and using the Website and Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy.

For information related to the usage of cookies or similar technologies on our Websites or Apps, please refer to the respective website cookies policy on our websites.

WHO WE ARE

Fipto is the data controller and is responsible for your personal data. We have appointed a DPO (Data Protection Officer), who is accessible via mail at privacy@fipto.com.

CONTACT DETAILS

Our full details are:

  • Email address: privacy@fipto.com
  • Postal address: 65 Rue De La Croix 92000 Nanterre (France). 

You have the right to make a complaint at any time to the data protection supervisory authority in any appropriate member state of the EU for data protection issues.

This version was last updated on March 20, 2025. It may change and if it does, these changes will be posted on this page and, where appropriate, notified to you. 

THIRD PARTY LINKS

Our Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as Contact and Location Data. 

Please check these policies before you submit any personal data to these websites or use these services.

THE DATA WE COLLECT ABOUT YOU

We may collect, use, store and transfer different kinds of personal data about you as follows:

  • Identity Data.
  • Contact Data.
  • Financial Data.
  • Transaction Data.
  • Device Data.
  • Content Data.
  • Profile Data.
  • Usage Data.
  • Marketing and Communications Data.
  • Location Data.
  • Voice / Call recordings. 

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

Data collected in the framework of phone call recordings

When you discuss contractual matters with us (such as account information or your transactions), the call will be recorded for security and evidential purposes. The recording of calls is justified with regard to our legitimate interest in being able to establish proof of requests for contractual information as well as to prevent and detect fraudulent behavior. 

The recording of calls will be kept for the time necessary for security purposes and the production of evidence. If we are required to do so, we will communicate the recordings to the competent authorities, in accordance with applicable law.

HOW IS YOUR PERSONAL DATA COLLECTED?

We will collect and process the following data about you: 

Information you give us. This is information (including Identity, Contact, Financial, Marketing, Communications Data and voice recording) you consent to giving us about you by filling in forms on the Website, and the Web App, or by corresponding with us (for example, by email or phone). It includes information you provide when you register to use the Services, subscribe to any of our Services, search for the Service, or survey, and when you report a problem with our Services, or any of Our Sites. If you contact us, we will keep a record of that correspondence.

Information we collect about you and your device. Each time you visit one of Our Sites we will automatically collect personal data including Device, Content and Usage Data. We collect this data using cookies and other similar technologies. Please see our cookie policy for further details.

Location Data. We also use your IP address which may determine your geolocation for the purposes of fraud monitoring, prevention, detection, and compliance activities.

Information we receive from other sources including third parties and publicly available sources. We will receive personal data about you from various third parties and public sources. 

HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the GDPR and the applicable law to which we are subject, allows us to do so. Most commonly we will use your personal data in the following circumstances:

  • Where we need to comply with a legal or regulatory obligation.
  • Where we need to perform a contract we are about to enter or have entered with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where you have consented before the processing.

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

Processing activity Data Categories Processing circumstances
Product Updates - Customers Identity Data, Contact Data, Location Data, Content Data, Profile Data, Usage Data, Marketing and Communications Data. Necessary for our legitimate interests
Marketing - Newsletter Only Identity Data, Contact Data. Consent
To open and use a FIPTO account Identity Data, Contact Data, Financial Data. Comply with a legal or regulatory obligation
To manage our relationship with you Identity Data, Contact Data, Financial Data. Need to perform a contract
To ensure compliance with applicable regulatory and legal requirements Identity Data, Contact Data, Financial Data, Transaction Data, Device Data, Profile Data, Usage Data, Location Data, Voice / Call recordings. Comply with a legal or regulatory obligation
Phone conversation to manage the contract or a Transaction Identity Data, Contact Data, Financial Data, Transaction Data, Voice / Call recordings. Need to perform a contract

DISCLOSURES OF YOUR PERSONAL DATA

Where processing of personal data is carried out on behalf of the Company, by an external processor, we conclude a separate contract with the processor with respect to such processing. This contract is a commitment to compliance with GDPR and provides sufficient contractual guarantees for the implementation of appropriate technical and organizational measures, which ensure the protection of your rights.

In terms of the transmission of personal data to recipients outside of our group of companies, we only transmit data to third parties when this is required by law or necessary for the performance of the contract or where you have consented to the transmission. Under these conditions such third party recipients of personal data may be:

  • Public authorities and institutions.  
  • Other Credit and Financial Services Institutes or similar institutions, to which we transmit personal data that are necessary for the performance and processing of the business relationship. 
  • Other companies within our group for risk controlling due to legal or official obligations. 
  • Service providers who are processing personal data on behalf of our company. This may include service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing services. These service providers may need to access personal data to perform their services.

Service Providers are not authorized to use or disclose your information except as necessary to perform services on our behalf or comply with legal requirements. Service Providers are given the information they need only in order to perform their designated functions, and we do not authorize them to use or disclose any of the provided information for their own marketing or other purposes.

INTERNATIONAL TRANSFERS

Some of our external third parties may be based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring a safeguard is implemented. Please contact us if you want further information on the mechanism used by us when transferring your personal data out of the EEA.

DATA SECURITY

We recognize the importance of protecting and managing your personal data. Any personal data we process will be treated with the utmost care and security. This section sets out some of the security measures we have in place.

  • We use a variety of physical and technical measures to keep your personal data safe and prevent unauthorized access to or use or disclosure of it:
  • Electronic data and databases are stored on secure computer systems with control over access to information using both physical and electronic means,
  • Our staff receive data protection and information security training,
  • We have detailed security and data protection policies which staff are required to follow when they handle your personal data.

As the security of Personal Information depends in part on the security of the device you use to communicate with us and the security you use to protect your credentials, please take appropriate measures to protect this information.

DATA RETENTION

We must retain personal data only for the minimum period necessary for the purposes set out in this Policy. Then, the data shall be canceled. By way of exception, the data may be stored to manage the ongoing claims and litigations, the execution of legal and/or regulatory obligations and/or answer to legally empowered authority requests. 

YOUR LEGAL RIGHTS

Under certain circumstances you have the following rights under data protection laws in relation to your personal data:

  • (i) You have the right to withdraw consent where you have previously given your consent to the processing of your Personal Information. To the extent that the legal basis for our processing of your Personal Information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
  • (ii) You have the right to learn if your Personal Information is being processed by us, obtain disclosure regarding certain aspects of the processing, and obtain a copy of your Personal Information undergoing processing.
  • (iii) You have the right to verify the accuracy of your information and ask for it to be updated or corrected. You also have the right to request us to complete the Personal Information you believe is incomplete.
  • (iv) You have the right to object to the processing of your information if the processing is carried out on a legal basis other than consent. Where Personal Information is processed for the public interest, in the exercise of an official authority vested in us, or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection.
  • (v) You have the right, under certain circumstances, to restrict the processing of your Personal Information. These circumstances include: the accuracy of your Personal Information is contested by you and we must verify its accuracy; the processing is unlawful, but you oppose the erasure of your Personal Information and request the restriction of its use instead; we no longer need your Personal Information for the purposes of processing, but you require it to establish, exercise or defend your legal claims; you have objected to processing pending the verification of whether our legitimate grounds override your legitimate grounds. Where processing has been restricted, such Personal Information will be marked accordingly and, with the exception of storage, will be processed only with your consent or for the establishment, to exercise or defense of legal claims, for the protection of the rights of another natural, or legal person or for reasons of important public interest.
  • (vi) You have the right, under certain circumstances, to obtain the erasure of your Personal Information from us. These circumstances include: the Personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law;; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure such as where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, to exercise or defense of legal claims.
  • (vii) You have the right to receive your Personal Information that you have provided to us in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance from us, provided that such transmission does not adversely affect the rights and freedoms of others.

In any case, you have the right to complain to a data protection authority about our collection and use of your Personal Information. If you are not satisfied with the outcome of your complaint directly with us, you have the right to lodge a complaint with your local data protection authority. 

For more information, please contact your local data protection authority in the EEA. 

For information, our DPO is registered with the CNIL in France. To contact the CNIL, for example, you can do so via the following link: https://www.cnil.fr/en/contact-us 

For any request, please contact us by: 

  • Email address: privacy@fipto.com
  • Postal address: 65 Rue De La Croix 92000 Nanterre (France). 

PRIVACY OF CHILDREN

We do not knowingly collect any Personal Information from children under the age of 18. If you are under the age of 18, please do not submit any Personal Information through the Website and Services. If you have reason to believe that a child under the age of 18 has provided Personal Information to us through the Website and Services, please contact us to request that we delete that child’s Personal Information from our Services.

CALIFORNIA PRIVACY RIGHTS

Consumers residing in California are afforded certain additional rights with respect to their Personal Information under the California Consumer Privacy Act (“CCPA”). If you are a California resident, this section applies to you.

As described in this Policy in the information collection section above, we have collected the categories of Personal Information listed below in the past twelve (12) months:

  • Personal identifiers (such as email address, phone number, etc)

Furthermore, California residents have the right to request deletion of their Personal Information or opt-out of the sale of their Personal Information which may include selling, disclosing, or transferring Personal Information to another business or a third party for monetary or other valuable consideration. To do so, simply contact us. We will not discriminate against you if you exercise your rights under the CCPA.

EMAIL MARKETING

We offer electronic newsletters to which you may voluntarily subscribe at any time. By doing so, you give us your consent to send you the requested newsletter, on the email address of your choice. We are committed to keeping your e-mail address confidential and will not disclose your email address to any third parties except as allowed in the information use and processing section or for the purposes of utilizing a third-party provider to send such emails. We will maintain the information sent via email in accordance with applicable laws and regulations.

In compliance with the CAN-SPAM Act, all e-mails sent from us will clearly state who the email is from and provide clear information on how to contact the sender. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting us. However, you will continue to receive essential transactional emails.

You acknowledge that you have read this Policy and agree to all its terms and conditions. By accessing and using the Website and Services and submitting your information you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to access or use the Website and Services.

We reserve the right to modify this Policy or its terms related to the Website and Services at any time at our discretion. When we do, we will revise the updated date at the top of this page. We may also provide notice to you in other ways at our discretion, such as through the contact information you have provided.