Website Privacy Policy

1. Preamble
The protection of your Personal Data is paramount to Io FinNet Group, Inc.

This Privacy Policy for Io FinNet Group, Inc., a Delaware corporation having its principal place of business at 4208 Six Forks Rd., 10th Floor, Raleigh, NC, 27609, United States of America (“Io.Finnet”, “Company”, “we”, “us” or “our”, otherwise commercially named “io.finnet"), describes how and why we might collect, store, use and/or share (“Process”) Visitors Personal Data when they use our corporate website edited by the Company and accessible at the following link https://www.iofinnet.com/ (the “Corporate Website”).

The Corporate Website (i) provides Visitors with information about the Io.finnet software products and services (the “Software Products”), (ii) provides our customers (the “Customers”) with a direct access to the Software Products which are governed by their own privacy policy and (iii) offers some services to Visitors, notably registration to events, webinars, courses, a news section. You can find details of the Corporate Website’s services in the Corporate Website Terms of Use accessible through this link (the “Corporate Website Terms of Use”).

Io.finnet undertakes to comply with European regulations on the protection of Personal Data, in particular the General Data Protection Regulation (EU) of April 27, 2016 (“GDPR”) as well as any local data privacy law applicable to the Processing.

Io.finnet has a team dedicated to the protection of Personal Data, including a Data Protection Officer, a security team and a legal team.

As a Visitor of the Corporate Website, please take the time to read and understand this Privacy Policy, it will help you understand your privacy rights and choices. If you, as a Visitor, do not agree with our policies and practices, please do not use our Corporate Website. If you, as a Visitor, still have questions or want to make use of your privacy rights, please contact us at privacy@iofinnet.com.

2. Definitions

Capitalized terms set out below, including those in the preamble of the Privacy Policy, shall have the following meaning:

“Controller”, “Processing” and “Supervisory Authority” shall have the meaning assigned to them in Article 4 of the GDPR.

“Corporate Website”: means the corporate website edited by the Company and accessible here.

“Corporate Website Terms of Use” means the terms of use of the Corporate Website accessible here.
‍
Data Protection Law(s): means (i) the EU General Data Protection Regulation 2016/679 (“GDPR”), (ii) the e-Privacy Directive 2002/58/EC (“e-Privacy Directive”), and any further applicable legislation replacing the e-Privacy Directive and/or the GDPR; (iii) any data protection law, statute or regulation of a European Union (“EU”) Member State, which may apply to one of the Parties pursuant to its data Processing activities or its establishment within the EU and (iv) any guidelines or opinion adopted by the European Data Protection Board (“EDPB”) as to interpret the application of GDPR and the e-Privacy Directive (v) the decisions of the Supervisory Authority or the judicial or administrative courts of an EU Member State which are binding on one of the Parties by way of its data Processing activities or its establishment within the EU; and (vi) the decisions rulings adopted by the Court of Justice of the European Union (CJEU) or the European Court of Human Rights (ECHR) regarding Personal Data and privacy protection and freedom of speech or freedom of information; and (vii) any applicable local data protection regulation to the processing.

Personal Data: shall have the meaning assigned to them in Article 4 of GDPR.

Privacy Policy: refers to the hereby privacy policy to inform Visitors of the commitments taken by Io.finnet to protect Visitor Personal Data when they access the Corporate Website.

Purpose(s): refers to the main purpose(s) for the use of Personal Data.

“Social Media”: refers to the social media of Io.finnet, accessible from the Corporate Website:

Software Product: refers to one of the software products and attached services provided by Io.finnet .

“Visitor”: refers to the visitor of the Corporate Website, also referred to as “you” or “your”.

3. What is personal data?

Personal Data is any information relating to an identified or identifiable natural person (“Data Subject”). To qualify as a Data Subject, one has to be identifiable, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.‍

4. Purpose of this Privacy Policy

This Privacy Policy explains:

• how Io.finnet collects, uses and shares your Personal Data when you visit the Corporate Website;
• how Io.finnet protects and ensures the security, integrity and confidentiality of your Personal Data;
• what information Io.finnet receives from third parties and what information Io.finnet shares with third-parties;
• what your privacy rights are, and how you can exercise them.

The following guiding principles are applied by Io.finnet so as to protect your Personal Data:

• Io.finnet does not collect any more Personal Data than is necessary;
• Io.finnet only uses your Personal Data for the purposes specified in this Privacy Policy, unless you agree otherwise;
• Io.finnet does not keep your Personal Data if it is no longer needed; and
• Other than as we specify in this Privacy Policy, Io.finnet does not share your Personal Data with third parties.
• Io.finnet does not rent or sell your Personal Data to third parties.

5. Who collects Personal Data

Io.finnet is a Controller for the Processing described in Section 7 of this Privacy Policy, except where it is a joint-controller (processing 7 and 8, with respectively the HR management provider Bamboo and the Social Media).

6. What Personal Data is collected

Io.finnet collects the following Personal Data from Visitors:
‍
Name, First name;
Email address;
Name of your company if you are looking to seek access to Software Products or services on behalf of a company;
Your mobile phone;
Your country of nationality;
Your country of residence;
Your state (if applicable);
Your navigation history;

Io.finnet also collects Personal Data related to connection information like IP address, username, passwords, credentials and cookies.

7. Why we process your personal data

Io.finnet processes Personal Data for multiple purposes. Depending on the purposes, Processing can be based on (i) the legitimate interests pursued by Io.finnet, (ii) on contractual obligations, or (iii) because you gave your consent.

Io.finnet processes Personal Data for the following Purposes:

PROCESSING N°1: Process and respond to your information requests;
PROCESSING N°2: Process and respond to your request for a Software Product demo;
PROCESSING N°3: Register for events, webinars, events organized by Io.finnet or in which Io.finnet participates;
PROCESSING N°4: Provide you with customized information or offers and satisfaction surveys which may be of interest to you;
PROCESSING N°5: For statistical purposes;
PROCESSING N°6: In order to improve the services of the Corporate Website;
PROCESSING N°7: For you to apply for a job at Io.finnet;
PROCESSING N°8: Management of Io.finnet Social Media;

Your Personal Data is only used where it is necessary to carry out the Purposes.

The legal basis for the above Purposes is either the legitimate interest of Io.finnet to provide a better service, the performance of a contractual obligation (or here the steps prior to entering into a contract), or because you gave your consent.

8. How we share your personal data
‍
Internal Use: Personal Data of Visitors may be processed by the employees of Io.finnet (within the limits of their respective attributions) and its subsidiaries and group companies, exclusively in order to achieve the purposes of this Privacy Policy.

This includes (this is not a limitative list):

• HR, managers, customer office and IT for support purposes, Marketing department for communications and social media;

External Use: Io.finnet may share Personal Data (only if appropriate and to the extent permitted by the applicable laws) with the following categories of third parties:

Technical Suppliers

• Cloud services and storage suppliers (including without limitation AWS and webflow)
• Networking and telecommunication suppliers
• Maintenance suppliers
• Security services suppliers
• Usage Data Analysis suppliers

Marketing suppliers
‍
• Customer relationship management software (including without limitation Zendesk, Formstack)

Authorities
• Legal, judicial and administrative authorities

Where these third-parties are located abroad or may host your Personal Data abroad, Io.finnet will set up specific data privacy contractual clauses to ensure that these third parties apply protective measures to your Personal Data that respect the terms of this Privacy Policy.

The Corporate Website is hosted in Amazon Web Service Inc (AWS) cloud services. AWS’ servers are ISO 27001 compliant.

9. Storage duration of your Personal Data

Io.finnet processes and stores your Personal Data for the duration required by the purposes for which it is collected and in compliance with applicable laws and regulations.

At the end of these periods, the Personal data may be subject to a new Processing for statistical and research purposes. However this Processing shall only be performed subject to the anonymity of the data which will not give rise to new exploitation of the Personal Data and will be archived in a secure, anonymous manner according to applicable law.

10. Your Data Privacy Rights

Amongst Data Protection Laws, GDPR gives rights to European citizens with regards to their Personal Data. GDPR being globally considered as the standard in terms of Personal Data protection, Io.finnet’s goal is to, wherever applicable and not constrained by local laws and regulations, allow you to benefit from these rights.

These rights are:

A right to access

You can obtain from the Controller, information as to whether or not your Personal Data is being processed, and, where that is the case, can demand access to said Personal Data, including: Purpose(s) of the Processing, categories of Personal Data being processed, the recipients or categories of recipient to whom Personal Data have been or will be disclosed and whether these recipients are in third countries or are international organizations, etc.;

A Right to rectification
‍
You can request the rectification, without undue delay, of your Personal Data where it is inaccurate, incomplete or outdated;

A Right to object
‍
You can, at any time, object to any Processing or Transfer of your Personal Data by the Controller, it being specified that this objection may be in relation to all of your Personal Data or only certain information and may in relation to all Processing and Transfers or only certain Processing and Transfer. You must understand however that where you object to Processing or Transfer, Io.finnet’s ability to provide access to the Corporate Website might be hindered.

Right to be Forgotten
‍
You can obtain from the Controller the erasure of your Personal Data, without undue delay where:

• The Personal Data is no longer necessary in relation to the Purposes;
• You object to the Processing pursuant to Article 21(1) and Io.finnet does not justify that there are overriding legitimate grounds for the processing;
• Personal Data has been unlawfully processed;
• Personal Data has to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
• Personal Data has been collected in relation to the offer of information society services referred to in Article 8(1).

Right to withdraw consent
‍
Where Io.finnet is relying on your Consent to process your Personal Data, whether express or implied, you have the right to withdraw your consent at any time by either updating your preferences or contacting us as indicated below, it being specified that this withdrawal of consent may be accompanied with a request for erasure of your Personal Data;

Right to Opt-out marketing and promotional communications

Where you have given consent to be provided with our marketing and promotional communications, you are able to unsubscribe at any time from those either by updating your preferences or by clicking on the unsubscribe prompt in the e-mail communications that are sent by Io.finnet. You can also apply this right by contacting us as indicated below;

Right to Personal Data portability

Where your Personal Data is being Processed by automated means and has been obtained on the basis of consent or a contract, you may request to receive the Personal Data you have Provided to a Controller in a structured, commonly used and machine-readable format in order to be able to transmit this Personal Data to another Controller without hindrance from the Controller to which the Personal Data has been provided initially;

Right to object and automated individual decision-making.

You have a right to object to automated individual decision-making (decision which has legal implications for them and made solely by automated means without any human involvement) and profiling (automated processing of Personal Data to evaluate certain elements about an individual), except where these are necessary for the entry into or performance of a contract or authorized by domestic law applicable to the Controller or based on your explicit consent.

Right to lodge a complaint before the Supervisory Authority

If you consider that the Processing of your Personal Data is a violation of your data privacy rights, then you may submit a complaint to the national supervisory authority responsible for the protection of privacy rights in your country (the “Supervisory Authority”).

11. How you can exercise your rights

To exercise any of rights, you can send a request:

• By email at the following address: privacy@iofinnet.com;
• By letter at the following postal address: Data Protection Officer – Io FinNet Group, Inc.: 4208 Six Forks Rd., 10th Floor, Raleigh, 27609, USA.

Where you exercise your right electronically, answers and Personal Data will be provided, where appropriate, electronically, except if you make the specific request that they are not.

Io.finnet may request additional information from you, in order to verify your identity, before moving forward with the request.

Please be aware that Io.finnet must also comply with regulations and applicable laws which might mandate that it keeps certain Personal Data elements for a set duration. Where this is the case, Io.finnet will notify you that it cannot erase said Personal Data, and where it is possible to stop Processing, will archive it so that it is no longer being Processed and becomes only available to the institutions and authorities that can/must have access to it according to applicable law and regulations.

12. How your Personal Data is protected and secured

Io.finnet is taking steps so that you can be assured your Personal Data is safe when using the Corporate Website and more generally when your Personal Data is processed by Io.finnet.

We follow data minimization principles and set up the following measures:

• Pseudonymization and anonymization techniques whenever they are technically feasible;
• Restricting Personal Data access to the sole employees who need to access Personal Data to perform the services described in the Service description, ensured by a regular review of access rights performed by the IT and legal departments.

Technical, organizational and structural security measures are in place to protect your Personal Data against accidental, unauthorized or unlawful access, disclosure, alteration, loss, or destruction and, therefore, ensure the security, integrity and confidentiality of your Personal Data.

Notwithstanding the above, we will take all legally required measures to remedy such an event, which may include notifying you of a breach in the likelihood of a higher risk to your rights and freedom.

In case of security breach, Io.finnet will provide you with a notification determining:

• the nature of the security breach;
• if possible, the categories and the approximate number of persons affected by the security breach;
• the categories and the approximate number of records of Personal Data concerned;
• the likely consequences of the security breach;
• the steps taken or plan to take to prevent the incident from recurring or to mitigate any negative consequences. If the security breach represents a risk, we shall notify the security breach to the competent Supervisory Authority within the shortest possible delay.

13. Social Media and your Personal Data

The Corporate Website includes our Social Media features, which may collect your IP address, your navigation history and may require a cookie feature. Please be aware that the Privacy Policy doesn’t apply to these Social Media as the privacy policy of the respective social media are effective over your access to them.

14. Cookies

A cookie is a small piece of data (text file) that a website – when visited – asks your browser to store on your device or computer in order to remember information about you, such as your language preference or login information. These cookies are set by us and are called first-party cookies. We also use third-party cookies - which are cookies from a domain different from the domain of the website you are visiting – for our advertising and marketing efforts. More specifically we use cookies and other tracking technologies.

Cookies are separated into 4 categories:

• Essential Cookies: these cookies are necessary for the functioning of the Corporate Website and enable you to navigate and use its features. They do not collect personal information and are usually set in response to your actions, such as setting your privacy preferences or logging into your account;
• Analytical and Performance Cookies: These Cookies help us understand how visitors interact with the Corporate Website, allowing us to analyze and improve its performance. They collect anonymous data on your usage patterns, including the pages you visit, time spent on each page, errors encountered. They allow us to provide a better website experience for you as they allow for audience tracking and crash tracking;
• Functionality Cookies: These cookies enhance the functionality and user experience of the Corporate Website. They remember your preferences and settings such as language and region. They help provide a more personalized experience.
• Advertising and Marketing Cookies: These cookies are used to deliver relevant advertisements to you based on your interests and online activities. They may also help us measure the effectiveness of our marketing campaigns.

For cookies which are not strictly necessary for the provision of a service expressly requested by you or for cookies which do not have as their sole purpose the allowance or facilitation of transmissions by electronic means, a banner is displayed on your first connection to the Corporate Website.

The banner (i) informs you about the implementation of cookies and their purposes and (ii) allows you to consent broadly or specifically, purpose by purpose, by ticking boxes, clicking “accept all” or “refuse all”.

You have the right to withdraw your consent at any time through your internet browser, which also allows you to view / manage / delete / block Cookies from a website.

If you decide to refuse necessary Cookies for our Corporate Website, it will continue to be accessible but you might not be able to fully use the Corporate Website.

15. How you can contact us in relation to this notice and data privacy

If you have questions or comments about this notice, you may contact our Data Protection Officer

(DPO) by e-mail at privacy@iofinnet.com.

16. Updates to the Privacy Policy

Io.finnet may update this Privacy Policy from time to time. The updated version will be made evident by the date it bears, which coincides with its publication and is the moment where it becomes effective. If this Privacy Policy is modified in a material way, we might notify you by either posting visible notice of such changes or by sending you a notification (either in app or via e-mail). As we encourage you to read this Privacy Policy at the onset of your access to the Corporate Website, we also encourage them to regularly check on it to be best informed on how we are processing and protecting your Personal Data.