Last Updated and Effective Date: September 20, 2023
I. INTRODUCTION
This privacy notice (“Privacy Notice”) describes how Finops.Company Inc. (“Finops” or “we”) will collect, use and share personal information and other information collected from, about or relating to its clients and prospective clients in connection with the services Finops provides, including information that is collected online and offline (e.g., information provided to an Finops advisor electronically, over the phone or in person) or from other parties.
For purposes of this Privacy Notice, “Personal Information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household, which is typically provided on a voluntary basis by you or another party. Personal Information may include “personally identifiable information” under the Gramm-Leach-Bliley Act and its implementing regulations, personal data that is subject to the EU General Data Protection Regulation (“GDPR”), personal information under the California Privacy Rights Act (“CPRA”) and other like terms under applicable data protection laws. Personal Information does not include aggregated or combined information, which includes data that is related to you but studied as a group and is anonymized so that it does not identify you specifically.
II. INFORMATION COLLECTED BY FINOPS
In order to provide you with services under our contracts with you or another party (e.g., your employer, spouse, or a family office), Finops collects certain information from you or another party. Unless a separate consent is required under applicable law, by providing Personal Information to Finops, you agree to Finops’s collection, use and sharing of the data as described in this Privacy Notice. Under applicable data protection laws that recognize the concept of a controller of Personal Information, Finops is the controller responsible for the processing of Personal Information that we collect as described in this Section.
- How We Collect Information
- You may provide certain Personal Information to Finops directly, such as when you provide information to Finops over the phone, electronically, secure portals for US tax clients, this website or in person.
- We may collect information about you from other sources such as your employer, lawyers, banks, financial institutions and advisors, tax authorities, background check providers, family offices, family members, and other parties.
- We may collect publicly available information about you in public and private databases, such as through Lexis-Nexis or other search engines.
- What Personal Information is Collected
Personal Information may include the following information regarding you and your family members and/or employees, service providers and others, as applicable:- Identifying information, such as name, address, birthdate, contact information, and identification numbers.
- Financial information, such as your banking and securities accounts and transactions, income and expenses, assets and liabilities.
- Tax return information and employment information.
- Special categories or sensitive Personal Information in connection with our performance of tax and other services, such as your racial or ethnic origin, your religion, or your sex life or sexual orientation. In addition, the following Personal Information that we may collect is also considered sensitive under the CPRA: your social security, driver’s license, state identification card, and passport number; and account login and financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
- Criminal convictions and offenses information that includes personal data.
- What Business Information is Collected
Business Information may include the following information regarding business owned by you or you representing your business vendors and financial information:- Your business information like name, date of the registration, jurisdiction of the registration.
- Your business information, like name, registration date, and registration jurisdiction.
- Financial information, including your banking and securities accounts and transactions, income and expenses, assets, and liabilities.
- Tax return information.
- Your business information, including revenue, costs, workforce, and other financial metrics.
III. USE AND SHARING OF COLLECTED INFORMATION; PURPOSES FOR COLLECTION
Outlined below are various rights you may have in connection with your Personal Information, depending on where you reside. You may exercise these rights by contacting us using the information in the “Contact Us” section below. We may ask you to verify your identity and to provide other details before we respond to your request.
- Right to Review, Correct, Update and Delete Personal Information.
You may review, correct and update certain of your Personal Information that we have about you. For example, where your Personal Information is inaccurate or incomplete, you may ask for your Personal Information to be rectified or completed. In addition, in certain circumstances, you may request deletion of certain of your Personal Information. Your right to delete information is subject to our record retention policy, including any retention requirements under applicable laws, and to exceptions to this right under applicable laws. - Right to Disclosure and Access
Depending on your applicable jurisdiction, including if you live in California or if your Personal Information is subject to the GDPR, you may have additional rights with respect to your Personal Information.- You may have the right to request that we disclose to you the categories of Personal Information we have collected about you, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of parties to whom we disclose Personal Information, and the specific pieces of Personal Information we have collected about you.
- In some jurisdictions, you may request that this information be provided in a structured, commonly used and machine-readable format so that you may share it with others.
If you have these rights, we will not discriminate against you for exercising these rights. This includes us not: (a) denying you goods or services; (b) charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; (c) providing you a different level or quality of goods or services; (d) suggesting to you that you will receive a different price or rate for goods or services or a different level or quality of goods or services; and (e) retaliating against you for exercising your privacy rights.
A general list of the categories of Personal Information that we have collected, the categories of sources from which the Personal Information was collected, the business or commercial purposes for collecting the Personal Information, and the categories of third parties with whom we share Personal Information is described in this Privacy Notice. To obtain a list of this information that is specific to you, or to obtain the specific pieces of Personal Information that we have collected about you (which may be limited to certain information that we collected in a specific timeframe, depending on your jurisdiction), please contact us using the information in the “Contact Us” section below. We may ask you to verify your identity and to provide other details before we provide such information to you.
- Other Rights
Depending on your applicable jurisdiction, including if your Personal Information is subject to the GDPR, you may have the rights listed below:- The right to request the transfer of your Personal Information to another party
- The right to object to us processing your Personal Information by asking for the processing of that Personal Information to be restricted or stopped
- The right to ask us to restrict the processing of your Personal Information
- The right to withdraw your consent to us processing your Personal Information where you have previously provided consent.
You may exercise these rights by contacting us using the information in the “Contact Us” section below.
- Authorized Agents
Depending on your applicable jurisdiction, you may exercise your privacy rights through an authorized agent. If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf. If you are an authorized agent seeking to make a request, please contact us in the “Contact Us” section below. - Right to Make a Complaint
Depending on your applicable jurisdiction, you may make a complaint to your applicable data protection authority (or the equivalent regulator in your jurisdiction) about the manner in which Finops is processing your Personal Information. For more information, or if you believe that Finops has not complied with this Privacy Notice or the applicable law, please contact us using the information in the “Contact Us” section below. If you are not satisfied with the outcome of Finops’s assessment of your complaint, you may be able to refer your complaint to the relevant regulator under applicable law. - No Sale or Sharing of Personal Information
Finops does not sell your Personal Information with third parties. Finops also does not knowingly sell, share, use for cross-context behavioral advertising or disclose the Personal Information of children under the age of 16.
IV. YOUR RIGHTS TO YOUR PERSONAL INFORMATION
You may receive email communications from Finops, including communications regarding our services, marketing or promotions, and/or other topics. To contact you, Finops may use the information you provide to us, including email, address, fax or phone. You may, at any time, inform us that you do not want Finops to contact you for marketing purposes by sending your request to us using the contact information in the “Contact Us” section below. You may also opt-out of promotional email communications by clicking on a link provided in the promotional email message. After opting-out, you will no longer receive marketing or promotional communications but will continue to receive other non-marketing-related messages, such as emails relating to our provision of professional services to you or your account.
V. OPTING-OUT
Finops is committed to maintaining the security of the Personal Information you provide us. To protect your Personal Information from unauthorized access and use, we use security measures that comply with applicable law. These measures include administrative, technical, and physical safeguards. If your Personal Information is subject to the GDPR, then we will protect such information in accordance with Article 32 of the GDPR. However, please note that there is always some risk in transmitting information over the Internet. For this reason, Finops cannot guarantee the security and privacy of transmissions via the Internet, and we will not be liable for any lack of security relating to the use of electronic communications by you. You agree that you will not hold Finops liable for any damages resulting from any loss of privacy or security occurring in connection with any communications over such networks.
VI. SAFEGUARDING YOUR PERSONAL INFORMATION
Finops is committed to maintaining the security of the Personal Information you provide us. To protect your Personal Information from unauthorized access and use, we use security measures that comply with applicable law. These measures include administrative, technical, and physical safeguards. If your Personal Information is subject to the GDPR, then we will protect such information in accordance with Article 32 of the GDPR. However, please note that there is always some risk in transmitting information over the Internet. For this reason, Finops cannot guarantee the security and privacy of transmissions via the Internet, and we will not be liable for any lack of security relating to the use of electronic communications by you. You agree that you will not hold Finops liable for any damages resulting from any loss of privacy or security occurring in connection with any communications over such networks.
VII. RECORDS OF PERSONAL INFORMATION
Finops has in place a policy regarding the storage of your Personal Information and will only store the Personal Information as long as Finops considers it necessary or beneficial for the purposes set out in this Privacy Notice or for legal, regulatory, audit or record-keeping purposes.
The following paragraph applies if your Personal Information is subject to the GDPR or the CPRA. We will keep a record of the Personal Information that we receive from you in order to answer your inquiry or request. We will keep a copy of your Personal Information held for the specific purpose for which it was provided (such as to provide professional services to you), until such purpose has come to an end and we no longer need to comply with a legal obligation that requires us to retain your Personal Information. We will delete our copy of your Personal Information in accordance with Finops’s document retention policy, although we may retain a record of certain Personal Information to the extent that and for so long as we are required to do so by applicable law. For example, if you have contacted us to ask for the processing of your Personal Information to be erased, we will retain a record of your request in order to ensure that we comply with your wishes. More information on our retention policy can be obtained by contacting us using the contact information in the “Contact Us” section below.
VIII. STORAGE AND TRANSFER OF PERSONAL INFORMATION
- EEA, THE UK AND/OR SWITZERLAND RESIDENTS
If you are a resident of these jurisdictions and provide data or information to Finops, it may be transferred to, processed in, stored at or accessible from a destination outside the EEA, the UK and/or Switzerland, such as the United States. By providing your Personal Information, you agree to this transfer, processing and storing. We will take steps reasonably necessary to ensure your data is treated securely and in accordance with this Privacy Notice.
Where we pass your Personal Information from a location inside the EEA, UK or Switzerland to parties located outside the EEA, UK or Switzerland that do not offer adequate protection as determined by the European Commission, the UK and/or Swiss authorities, if such parties are not subscribed to an approved data protection framework, such as the EU-U.S. Privacy Shield, that permits us to transfer the Personal Information to them from a location inside the EEA, UK or Switzerland, we will enter into agreements which enable us to transfer the Personal Information to them and that enable you to exercise your rights in accordance with the GDPR. A copy of the applicable terms of these agreements can be obtained by contacting us using the information in the “Contact Us” section below.
Please do not provide your Personal Information to Finops if you do not want this information to be transferred to the United States or to other countries, or if the laws in your country restrict these types of transfers. Your provision of Personal Information to Finops means that you agree to the terms of this Privacy Notice.
- CALIFORNIA RESIDENTS
As of January 1, 2020, the California Consumer Privacy Act gives you or your Proxy the right to make certain requests of Finops regarding information that we collect about you. We will not discriminate against you because you have exercised any of your rights under the California Consumer Privacy Act.- Your Rights under the California Consumer Privacy Act
- Request what categories of information we collect (which may also be referenced above in Categories of Information We Collect)
- Request that a copy of your information be provided to you
- Request that your information be deleted
- Request what categories of Service Providers and 3rd Parties we share your information with
- Finops’s Verification Process
Before we can begin to process your request, we must first verify your identity. We will use the following points of information for our verification process.- A unique ID assigned to you by Finops (e.g. Client ID, Vendor ID)
- Finops Line of Business(es) you are associated with
- Email Address
- Full Name
- Phone Number
- Mailing Address
- Employer, Service Provider, 3rd Party Vendor or Organization’s Name you are associated with
- Your Rights under the California Consumer Privacy Act
Requests made for categories of information about you require that we verify your identity using at least two of the points of information listed above.
Requests made for specific information require that we use at least three points of information listed above. Additionally you will be required to provide a document signed under penalty of perjury affirming that you are the consumer who you are making the information request about.
For requests made for the deletion of information Finops will require two or three of the points of information above, depending on the sensitivity of the information requested to be deleted.
Proxy Requests. Requests made by a California resident’s proxy will follow the same Verification Process as above. Additionally a proxy is required to provide to Finops a notarized attestation that they are the California resident’s authorized legal representative.
How To Make A Request. You or your Proxy may make a request by Contacting your primary contact at Finops or calling our main telephone number and asking to speak with the Finops IT Director.
IX.WHEN WE SHARE INFORMATION
- We share information with government and regulatory authorities. We share information with government and regulatory authorities in the course of providing services to you, such as preparation of tax returns.
- We share information if we must in order to comply with law or to protect our legal interests. We may share information we collect about you to respond to a court order or subpoena. We may share information in response to a government agency or investigatory body request. This may include sharing information with the US or Canadian government. We may share information if necessary to prevent physical harm or financial loss. We may share information we collect when we are investigating potential fraud or other illegal activity.
Federal law has extended the attorney-client privilege to some, but not all, communications between a client and the agent. The privilege applies only to non-criminal tax matters that are before the IRS or brought by or against the U.S. government in a federal court. The communications must be made in connection with tax advice. Communications solely concerning the preparation of a tax return will not be privileged. In addition, your confidentiality privilege can be inadvertently waived if you discuss the contents of any privileged communication with a third party, such as a lending institution, a friend, or a business associate. Finops recommends that you contact Finops before releasing any privileged information to a third party. If Finops is asked to disclose any privileged communication, unless Finops is required to disclose the communication by law, Finops will not provide such disclosure until you have had an opportunity to argue that the communication is privileged. You agree to pay any and all reasonable expenses that Finops incurs, including legal fees, that are a result of attempts to protect any communication as privileged. - We share information with any successor to all or part of our business. If all or part of our business is sold, we will share information as a part of that transaction. If there is a merger or acquisition, we will also share your information. We will also share information as part of a financing or bankruptcy.
We share information as permitted by law and for other reasons we may describe to you.
X. EXCLUSIONS
As a professional services provider, Finops does not seek to, nor do we knowingly collect, information directly from children under the age of 16. If a child has directly provided us with Personal Information, a parent or guardian of that child may contact us to have the information deleted from our records. To do so, contact Finops through the information provided below in the “Contact Us” section.
XI. CONTACT US
For questions or comments regarding this Privacy Notice, including to exercise your rights pursuant to the “Your Rights to Personal Information” section above, please contact us at
By Postal Mail:
Finops.Company Inc.
5542 Monterey Rd #150
San Jose, CA 95138 Attn: Privacy Team
By E-mail:
info@finops.company Subject: Privacy Policy
XII. UPDATES TO PRIVACY NOTICE
From time to time, we may update this Privacy Notice which can be found on finops.copany. If we do, we will note near the top of this notice the date that any changes are made and/or when they become effective. If the changes being made are material or if required by law, we may alert you to the changes in a more prominent way. Your inaction or continued use of our services or provision of Personal Information after any such notices, will tell us that you agree to these changes.