Welcome to Finoo, the platform designed to help you fund your exchange program in an easy, practical, and intuitive way. Our platform offers a digital account specifically for exchange-related use, allowing you, the User, to have a multi-currency account and make international transfers quickly, simply, and securely. With it, you can start saving money in Brazilian reais, convert it to other currencies whenever you wish, and pay your educational institution through a transfer as easy as making a Pix to any bank account associated with universities, language schools, colleges, community colleges, among other institutions.

Platform Privacy Notice Finoo

Version 1.0 | Updated on July 25, 2023

If you've come this far through our website, available at https://finoo.io/ , or through our app, available on both the Apple Store and Google Play (all together, 'Our Environments'), it's because you care about the protection of your Personal Data – and the purpose of this Privacy Notice (or 'Notice') is to make it clear to you, our User or not, and to the general public, how we also care about your privacy.

ATTENTION! Our Environments are intended for use by adults with full legal capacity. If you are under 18 years old or do not have full legal capacity, we kindly ask you not to register or use any features of Our Environments. We reserve the right to delete any registration or interaction that violates these conditions. Note to legal guardians: while we prohibit the registration and use of Our Environments by those not fully capable under the law, parents and/or legal guardians (as applicable) should supervise the online activities of their charges.


Before accessing and using the exclusive functionalities of Our Environments, we recommend that you read this Notice thoroughly and carefully. In it, we explain which of your Personal Data we collect, why we use them, with whom we share them, the security measures we adopt to protect them, and explain what your rights are regarding the activities we perform on them.

Having read and understood the terms of this Notice, you must express your awareness of its provisions, which can be done by ticking the checkbox in 'I have read and understood the Privacy Notice of the Finoo Platform'. Without your expression of awareness, the use of our Platform will not be possible.

For ease, we will use defined terms (which you will recognize as words beginning with capital letters, such as 'Privacy Notice') throughout the document. If you have any questions about them, you can consult their definitions at the end of this Notice, in our Glossary.

We understand that any and all interactions by Users result from their complete understanding and awareness of the terms of this Notice, and the use of Our Environments is a free and express manifestation of their agreement with the provisions here (including the collection of the Personal Data mentioned here and their use for the specified purposes below).

If you do not agree with the provisions of this Notice, you must discontinue access to or use of Our Environments.

1. Who We Are

The Finoo Platform is developed and maintained by us, Finoo Brazil Ltda., a private legal entity under Brazilian law, registered under CNPJ/ME No. 48.364.557/0001-38, with headquarters at Avenida Engenheiro Luiz Carlos Berrini, 1748 – suite 1710, in the Cidade Monções district of São Paulo/SP, ZIP code 04571-000.

2. How we collect your Personal Data

As a rule, it is you who submits your Personal Data to us, such as when you register on our Platform, sign up for our newsletter to receive Finoo updates and other relevant information, or use the contact form on our website; however, in some cases, we may collect some information (which may include Personal Data) in an automated manner when you use Our Environments.

3. Which Personal Data We Collect and How We Use Them

We collect the following Personal Data, which are used for the purposes also indicated here:

Collected data
For what porpuse we use
Registration data
Full Name
(i) To identify and authenticate you;
(ii) To comply with our obligations to you arising from the use of our services;
((iii) To expand our relationship, informing you about news, features, content, news, and other events we consider relevant to you;
(iv) To enrich your experience with us;
(v) To promote our products and services.
Email
Nationality
Date of Birth
CPF (Brazilian Individual Taxpayer Registry Number)
Phone
Complete Address
Profession
PEP (Politically Exposed Person)
HIO (Head of International Organization)
Student ID
Digital Identification Data
IP Address and Port
Origin Logic
DIGITAL IDENTIFICATION DATA
IP Address and Logical Source Port
(i) To identify and authenticate you;
(ii) To comply with our obligations to you, arising from the use of our services;
(iii) To improve our Platform;
(iv) To enhance our relationship and enrich your experience with us, by better understanding your interest in features and content of our Platform.
Device (operating system version)
Geolocation
Date and time records of each action you perform
Which screens you accessed
Session ID
Cookies
PAYMENT DATA
Credit card number and security code
(i) To comply with our obligations to you, arising from the use of our services;
(ii) To fulfill our contract by sharing the Data with the third-party company responsible for processing the payment.
Bank account details
SURVEY DATA
Responses to optional questionnaires and surveys
(i) To enhance our relationship and enrich your experience with us, by better understanding your interest in the content of our Platform.


3.1. Essential Data. In addition to the Personal Data necessary for fulfilling legal and regulatory obligations, some of the Personal Data required on our Platform – especially Registration Data and Payment Data – are essential for the use of the Platform, such that the utilization of the Platform may be compromised if you choose not to provide some of these data.

3.1.1. We employ cookies in the functionalities of Our Environments, both for performance (collecting anonymous information about how Users use Our Environments – for example, Google Analytics) and for advertising (collecting information on browsing habits, aiming to make advertising more relevant to the User) and functionality (which allow the execution of certain features). If you wish, you can configure your internet browser to block cookies; however, if you do, some functionalities of the Platform may be compromised.

3.2. KYC (Know Your Customer). All processing of financial transactions requires a process of verification and validation of user information and identity, known as Know Your Customer (or “KYC”), in compliance with financial sector laws and anti-money laundering and terrorist financing prevention. This process is conducted by a partner contracted by Finoo, and except when based on the User's registration information, the information obtained for the KYC process is not stored on our servers; it is only processed in real-time for operation validation by our partner, with the results of the analysis stored on our partner's servers.

3.2.1. For the KYC process, a proof of life procedure will be conducted, through which our partner will request, in addition to the Personal Data listed above, (i) an identification document, which can be an identity card, passport, among other official documents, and (ii) a real-time interaction with facial biometrics analysis, whose results will be treated by hash (encrypted) and not stored.

3.3. Updating and Accuracy. You, as the User, are solely responsible for the accuracy of the Personal Data entered on our Platform. Thus, if you find that any information is incorrect or outdated, please update it or, if not possible, contact us so we can assist in making the correction.

3.3.1. Should there be a well-founded suspicion on our part that the processing of any Personal Data entered by the User may lead to a violation of the Law or, furthermore, that our Platform is being used for illicit purposes, we reserve the right to suspend the account in question until the suspicion is resolved.

3.4. In addition to the Personal Data mentioned in item 3 above, we keep a record (logs) of all activities carried out by Users in Our Environments, which are linked to the User who performed such interaction (“Records”).
3.5. Necessary Processing. In addition to what is mentioned here, any and all Personal Data or Records under the control of Finoo may be used, as necessary, for (i) the exercise of Finoo's rights, whether judicial or administrative; (ii) preventing fraud and preserving our security and that of our Users; and/or (iii) fulfilling legal and regulatory obligations.

4. How Long We Store Personal Data

4.1. The Personal Data we collect and the records made as a result of using the Platform will be stored for a period of 6 (six) years after the deletion of the User's account, a period we have set based on the legal duties we must fulfill and also for our legal protection.
4.2. If, at the end of the aforementioned period, we are undergoing an audit process, or there is a legal order for the retention of said data or an ongoing judicial process that requires their preservation, we may store them for a longer period – only and until the additional retention duty ceases.

5. Sharing and Transfer of Personal Data

5.1. As part of our activities, we share your Personal Data (i) with our partners responsible for carrying out the financial transaction, so that payment can be made, and (ii) with the educational institution(s) to which the User makes payments through the Platform, solely and exclusively after payment, to facilitate the verification of information and the respective compensation.

5.1.1. These institutions, in accordance with the LGPD (General Data Protection Law), are independent Controllers of the Personal Data, and may integrate them into their own database, i.e., they may use your Personal Data in other ways or for different purposes than those provided here.
5.1.2. Finoo is not responsible for the Processing of your Personal Data that such institutions may carry out, which must be provided in their respective Notices (or Policies) of Privacy.

5.2. Furthermore, we may share your Personal Data with judicial, administrative, or governmental authorities competent in the case of a legal determination or court order.
5.3. There may also be a change of Controller (as indicated in item 1 of this Notice) of your Personal Data if we go through a corporate process – such as merger, acquisition, incorporation, or split – in which our database is transferred to another entity.

6. Protection of Your Personal Data

We protect them...
6.1. In the scope of Finoo's operation, we seek to ensure that your Personal Data is processed in a secure environment, considering the state of the available technology.
6.2. The Personal Data processed by Finoo is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity, and relevance to the objectives of our business, in addition to the commitment to confidentiality and preservation of your privacy under the terms of this Notice.
6.3. The data processed during all navigation and interactions in Our Environments, including (but not limited to) payment transactions, with or without a credit card, are subject to HTTPS/TLS security protocols, ensuring that all your data, especially credit card and order history, are not illicitly accessed, transmitted, or disclosed, including by third parties.
6.4. Our Operators. If third-party companies perform any Personal Data Processing activity by our delegation, they will respect the conditions stipulated here, including regarding information security, mandatorily.
6.5. The Institutions. The educational institutions that receive payments made through the Platform will have access to your Personal Data when we share them due to payment or because provided by You, being the responsibility of these institutions the processing of your Personal Data they perform, which will be subject to their own practices of Personal Data collection and use.
... but you must too!
6.6. You are also responsible for protecting your information and the secrecy of your Personal Data. Therefore, it's very important that you:

6.6.1. Protect your terminal (computer or mobile phone) against unauthorized access, and make sure to always click 'logout' at the end of your navigation on a shared terminal.
6.6.2. Be aware that we will never send electronic messages asking for data confirmation or with attachments that can be executed (extensions: .exe, .com, among others) or even links for possible downloads.
6.6.3. Understand that sharing passwords and access data violates the Platform's usage guidelines and can compromise the security of your Personal Data and Our Environments.
6.6.4. When accessing platforms or environments of third parties (including, but not only, when redirected from Our Environments), read the Privacy Policy of such platforms or environments, being your responsibility to accept or reject it – remember that we are not responsible for the content of any websites, contents, or services linked to environments other than ours.

7. Your Rights as a Data Subject

As a Data Subject, anyone whose Personal Data has been processed by us (especially, but not limited to, through interaction in Our Environments) can request from our Data Protection Officer (indicated below):

DATA SUBJECT’S RIGHT
DEFINITION
Confirmation of the Existence of Processing
Request confirmation and clear information about the origin of the Data Subject’s Personal Data processed by Finoo, the criteria used, the purpose of the processing, and information regarding the (non-)existence of the record.
Access
Access the Data Subject’s Personal Data that are in the database or being processed by Finoo.
Rectification
Request the correction of incorrect or incomplete Personal Data of the Data Subject in Finoo’s database.
Deletion
Request the deletion of the Data Subject’s Personal Data in Finoo’s database, or if not possible (due to the mandatory retention discussed in item 4), keep them for the period provided in an inactive database.
Portability
Transmission of the Data Subject’s Personal Data for the use of third-party services.
Review of Automated Decisions
Request a review of decisions made solely through automated processes.


7.1. For the purposes of exercising the rights of the data subject, as provided in the LGPD and in this item 7, the Data Subject should contact our Data Protection Officer, Carlos Ronchetti, via email at dpo@finoo.io, or by written communication sent to the address Avenida Engenheiro Luiz Carlos Berrini, 1748 – suite 1710, in the Cidade Monções neighborhood of São Paulo/SP, ZIP code 04571-000.
7.2. To exercise the rights of a Data Subject, additional information and/or documents proving your identity and/or legitimizing the requested action may be required.

8. Customer Service Channels

With the exception of the exercise of rights by personal data subjects (which are handled by the Data Protection Officer, as informed in the Platform's Privacy Notice), Finoo offers the following customer service channels for general inquiries:

8.1. E-mail: hello@finoo.io;
8.2. "Help" channel on the Platform.

9. General Information

9.1. Database. The database formed through the collection of Personal Data is our property and responsibility. Its use, access, and sharing, when necessary, will only be done by individuals who need and are authorized to perform such activities, within the limits and purposes of the business described in this Notice.
9.2. Cloud. Our operation is structured in an environment using resources and servers in the cloud (cloud computing) located in the Netherlands (European Union), which requires the transfer and/or processing of your Personal Data outside Brazil - to a country whose legislation provides the same degree of protection as Brazilian legislation.
9.3. Automated decision-making. In our operations, we do not adopt any procedure based on automated decision-making that could affect your interests, whether personal, consumer, or credit.
9.4. Electronic communication. To optimize and improve our communication, we will prioritize contact via email – and it's important for you to pay attention: all our emails will always be sent from the @finoo.io domain. However, for convenience or speed, we may contact you through other means of communication (such as SMS, instant messaging apps, or even phone calls), which are also valid, effective, and sufficient for the disclosure of any matter related to our services, as well as the conditions of their provision or any other related issue.
9.5. Survivability. If any part of this Notice is considered unenforceable by a competent authority (such as the ANPD or a judicial body), the remaining conditions will remain in full force and effect.
9.6. Amendment and update. From time to time, we will review the content of this Notice, and may update it or not. You acknowledge our right to change the content of this Notice at any time, as necessary (including to accommodate new operational flows or activities), as well as for legal adequacy and compliance with laws or regulations that have equivalent legal force or, furthermore, guidance from the ANPD on the matter. But don't worry: if we do, we will maintain a version history available for consultation and will inform you via email about the update.
9.7. Applicable law and jurisdiction. This Notice has been written and should be interpreted according to Brazilian law, with the jurisdiction of your domicile being elected to settle any dispute involving this document, except for specific jurisdictional competencies personal, territorial, or functional by applicable legislation.

10. Glossary

10.1. In this Notice, the following defined terms have the meanings below:

10.1.1 ANPD: stands for the National Data Protection Authority, a special nature autarchy of the Federal Government linked to the Ministry of Justice and Public Security, responsible for overseeing the protection of Personal Data and for guiding, regulating, and supervising compliance with legislation on the subject;
10.1.2 Notice (or Privacy Notice): this document, which provides transparency to our Users and the general public about which Personal Data we collect, why we use them, with whom we share them, the security measures we adopt to protect them, and explains the rights of such Data Subjects regarding the activities we perform on them;
10.1.3 Controller: is the natural or legal person, of public or private law, to whom decisions regarding the processing of Personal Data belong – in the case of the Finoo.io Platform, us, Finoo;
10.1.4 Personal Data: any information related to an identified or identifiable natural person, as defined in article 5, II of the LGPD;
10.1.5 Data Protection Officer: also known as Data Protection Officer, or DPO, is the person (natural or legal) appointed by us to act as a communication channel between us, the Data Subjects, and the ANPD, as per article 5, VIII of the LGPD;
10.1.6 HTTPS: is a secure version of the Hypertext Transfer Protocol (HTTP), a format for interoperability of internet communications, used to give the data traffic greater security and inviolability;
10.1.7 Session ID: is the record of the User's connection with our Platform;
10.1.8 LGPD: refers to Federal Law No. 13.709, of August 14, 2018, also known (and referred to as) General Data Protection Law, in its consolidated version (including all amendments);
10.1.9 Our Environments: means, jointly and indistinctly, our website, available at http://bestpass.travel, and our Platform, in its web and app versions;
10.1.10 Operator: is the natural or legal person, of public or private law, who processes Personal Data on behalf of and by order of the Controller, as per article 5, VII of the LGPD – in this case, hired by us to assist Finoo in its activities;
10.1.11 Platform: means the Finoo platform, in its web versions (accessible through our site, http://finoo.io ) and app version, available in app stores (Apple and Google), through which duly registered Users can use a specific digital account for everything about their exchange program;
10.1.12 Records: means the operational records (logs) we maintain regarding User interactions on our Platform;
110.1.13 TCP/IP: stands for Transmission Control Protocol and Internet Protocol, which has become the standard set of communication rules on the internet to allow information interoperability. IP can also refer to the IP address, which is the numerical sequence of 32 bits (IPv4) or 128 bits in hexadecimal (IPv6) used to identify a terminal in its internet connection – i.e., your online 'address';
10.1.14 TLS: stands for Transport Layer Security, a type of digital security that seeks to ensure secure communication between the Users' browsers and our website (which replaced SSL);
10.1.15 Data Subject: is the natural person to whom the Personal Data being processed refer, as per article 5, V of the LGPD;
10.1.16 Processing: is any operation performed with Personal Data, such as those referring to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or information control, modification, communication, transfer, dissemination, or extraction, as per article 5, X of the LGPD;
10.1.17 User: is you, who registered at Finoo to facilitate your exchange program!