Welcome to Finoo, the platform designed to help you fund your exchange program in an easy, practical, and intuitive way. Our platform offers a digital account specifically for exchange-related use, allowing you, the User, to have a multi-currency account and make international transfers quickly, simply, and securely. With it, you can start saving money in Brazilian reais, convert it to other currencies whenever you wish, and pay your educational institution through a transfer as easy as making a Pix to any bank account associated with universities, language schools, colleges, community colleges, among other institutions.
Platform Privacy Notice Finoo
Version 1.0 | Updated on July 25, 2023
If you've come this far through our website, available at https://finoo.io/, or through our app, available on both the Apple Store and Google Play (all together, 'Our Environments'), it's because you care about the protection of your Personal Data – and the purpose of this Privacy Notice (or 'Notice') is to make it clear to you, our User or not, and to the general public, how we also care about your privacy.
ATTENTION! Our Environments are intended for use by adults with full legal capacity. If you are under 18 years old or lack full legal capacity, please do not register or use any features of Our Environments. We reserve the right to delete any registration or interaction that violates these conditions. Legal guardians are advised to supervise the online activities of their charges.
Before accessing and using the exclusive functionalities of Our Environments, we recommend that you read this Notice thoroughly and carefully. In it, we explain which of your Personal Data we collect, why we use them, with whom we share them, the security measures we adopt to protect them, and explain what your rights are regarding the activities we perform on them.
Having read and understood the terms of this Notice, you must express your awareness of its provisions, which can be done by ticking the checkbox in 'I have read and understood the Privacy Notice of the Finoo Platform'. Without your expression of awareness, the use of our Platform will not be possible.
For ease, we will use defined terms (which you will recognize as words beginning with capital letters, such as 'Privacy Notice') throughout the document. If you have any questions about them, you can consult their definitions at the end of this Notice, in our Glossary.
We understand that any and all interactions by Users result from their complete understanding and awareness of the terms of this Notice, and the use of Our Environments is a free and express manifestation of their agreement with the provisions here (including the collection of the Personal Data mentioned here and their use for the specified purposes below).
If you do not agree with the provisions of this Notice, you must discontinue access to or use of Our Environments.
1. Who We Are
The Finoo Platform is developed and maintained by Finoo Brazil Ltda., a private legal entity under Brazilian law, registered under CNPJ/ME No. 48.364.557/0001-38, with headquarters at Avenida Engenheiro Luiz Carlos Berrini, 1748 – suite 1710, in the Cidade Monções district of São Paulo/SP, ZIP code 04571-000.
2. How we collect your Personal Data
As a rule, it is you who submits your Personal Data to us, such as when you register on our Platform, sign up for our newsletter to receive Finoo updates and other relevant information, or use the contact form on our website; however, in some cases, we may collect some information (which may include Personal Data) in an automated manner when you use Our Environments.
3. Which Personal Data We Collect and How We Use Them
We collect the following Personal Data, which are used for the purposes also indicated here:
| Collected data | For what purpose we use |
|---|---|
| Registration data | |
| Full Name | (i) To identify and authenticate you; (ii) To comply with our obligations to you arising from the use of our services; (iii) To expand our relationship, informing you about news, features, content, news, and other events we consider relevant to you; (iv) To enrich your experience with us; (v) To promote our products and services. |
| Nationality | |
| Date of Birth | |
| CPF (Brazilian Individual Taxpayer Registry Number) | |
| Phone | |
| Digital Identification Data | |
| IP Address and Logical Source Port | (i) To identify and authenticate you; (ii) To comply with our obligations to you, arising from the use of our services; (iii) To improve our Platform; (iv) To enhance our relationship and enrich your experience with us, by better understanding your interest in features and content of our Platform. |
| Device (operating system version) | |
| Geolocation | |
| Date and time records of each action you perform | |
| Which screens you accessed | |
| Payment Data | |
| Credit card number and security code | (i) To comply with our obligations to you, arising from the use of our services; (ii) To fulfill our contract by sharing the Data with the third-party company responsible for processing the payment. |
| Bank account details | |
| Survey Data | |
| Responses to optional questionnaires and surveys | (i) To enhance our relationship and enrich your experience with us, by better understanding your interest in the content of our Platform. |
3.1. Essential Data. In addition to the Personal Data necessary for fulfilling legal and regulatory obligations, some of the Personal Data required on our Platform – especially Registration Data and Payment Data – are essential for the use of the Platform, such that the utilization of the Platform may be compromised if you choose not to provide some of these data.
3.1.1. We employ cookies in the functionalities of Our Environments, both for performance (collecting anonymous information about how Users use Our Environments – for example, Google Analytics) and for advertising (collecting information on browsing habits, aiming to make advertising more relevant to the User) and functionality (which allow the execution of certain features). If you wish, you can configure your internet browser to block cookies; however, if you do, some functionalities of the Platform may be compromised.
3.2. KYC (Know Your Customer). All processing of financial transactions requires a process of verification and validation of user information and identity, known as Know Your Customer (or “KYC”), in compliance with financial sector laws and anti-money laundering and terrorist financing prevention. This process is conducted by a partner contracted by Finoo, and except when based on the User's registration information, the information obtained for the KYC process is not stored on our servers; it is only processed in real-time for operation validation by our partner, with the results of the analysis stored on our partner's servers.
3.2.1 For the KYC process, a proof of life procedure will be conducted, through which our partner will request, in addition to the Personal Data listed above, (i) an identification document, which can be an identity card, passport, among other official documents, and (ii) a real-time interaction with facial biometrics analysis, whose results will be treated by hash (encrypted) and not stored.
3.3. Updating and Accuracy. You, as the User, are solely responsible for the accuracy of the Personal Data entered on our Platform. Thus, if you find that any information is incorrect or outdated, please update it or, if not possible, contact us so we can assist in making the correction.
3.3.1. Should there be a well-founded suspicion on our part that the processing of any Personal Data entered by the User may lead to a violation of the Law or, furthermore, that our Platform is being used for illicit purposes, we reserve the right to suspend the account in question until the suspicion is resolved.
3.4. In addition to the Personal Data mentioned in item 3 above, we keep a record (logs) of all activities carried out by Users in Our Environments, which are linked to the User who performed such interaction (“Records”).
3.5. Necessary Processing. In addition to what is mentioned here, any and all Personal Data or Records under the control of Finoo may be used, as necessary, for (i) the exercise of Finoo's rights, whether judicial or administrative; (ii) preventing fraud and preserving our security and that of our Users; and/or (iii) fulfilling legal and regulatory obligations.
4. How Long We Store Personal Data
4.1. The Personal Data we collect and the records made as a result of using the Platform will be stored for a period of 6 (six) years after the deletion of the User's account, a period we have set based on the legal duties we must fulfill and also for our legal protection.
4.2. If, at the end of the aforementioned period, we are undergoing an audit process, or there is a legal order for the retention of said data or an ongoing judicial process that requires their preservation, we may store them for a longer period – only and until the additional retention duty ceases.
5. Sharing and Transfer of Personal Data
5.1. As part of our activities, we share your Personal Data (i) with our partners responsible for carrying out the financial transaction, so that payment can be made, and (ii) with the educational institution(s) to which the User makes payments through the Platform, solely and exclusively after payment, to facilitate the verification of information and the respective compensation.
5.1.1. These institutions, in accordance with the LGPD (General Data Protection Law), are independent Controllers of the Personal Data, and may integrate them into their own database, i.e., they may use your Personal Data in other ways or for different purposes than those provided here.
5.1.2. Finoo is not responsible for the Processing of your Personal Data that such institutions may carry out, which must be provided in their respective Notices (or Policies) of Privacy.
5.2. Furthermore, we may share your Personal Data with judicial, administrative, or governmental authorities competent in the case of a legal determination or court order.
5.3. There may also be a change of Controller (as indicated in item 1 of this Notice) of your Personal Data if we go through a corporate process – such as merger, acquisition, incorporation, or split – in which our database is transferred to another entity.
6. Protection of Your Personal Data
We protect them...
6.1. In the scope of Finoo's operation, we seek to ensure that your Personal Data is processed in a secure environment, considering the state of the available technology.
6.2. The Personal Data processed by Finoo is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity, and relevance to the objectives of our business, in addition to the commitment to confidentiality and preservation of your privacy under the terms of this Notice.
6.3. The data processed during all navigation and interactions in Our Environments, including (but not limited to) payment transactions, with or without a credit card, are subject to HTTPS/TLS security protocols, ensuring that all your data, especially credit card and order history, are not illicitly accessed, transmitted, or disclosed, including by third parties.
6.4. Our Operators. If third-party companies perform any Personal Data Processing activity by our delegation, they will respect the conditions stipulated here, including regarding information security, mandatorily.
6.5. The Institutions. The educational institutions that receive payments made through the Platform will have access to your Personal Data when we share them due to payment or because provided by you, and the processing of your Personal Data by these institutions will be subject to their own data collection and use practices.
... but you must too!
6.6. You are also responsible for protecting your information and the secrecy of your Personal Data. Therefore, it's very important that you:
6.6.1. Protect your terminal (computer or mobile phone) against unauthorized access, and make sure to always click 'logout' at the end of your navigation on a shared terminal;
6.6.2. Be aware that we will never send electronic messages asking for data confirmation or with attachments that can be executed (extensions: .exe, .com, among others) or even links for possible downloads;
6.6.3. Understand that sharing passwords and access data violates the Platform's usage guidelines and can compromise the security of your Personal Data and Our Environments;
6.6.4. When accessing platforms or environments of third parties (including, but not only, when redirected from Our Environments), read the Privacy Policy of such platforms or environments, and it is your responsibility to accept or reject it – remember that we are not responsible for the content of any websites, contents, or services linked to environments other than ours.
7. Your Rights as a Data Subject
As a Data Subject, anyone whose Personal Data has been processed by us (especially, but not limited to, through interaction in Our Environments) can request from our Data Protection Officer (indicated below):
| DATA SUBJECT’S RIGHT | DEFINITION |
|---|---|
| Confirmation of the Existence of Processing. | Request confirmation and clear information about the origin of the Data Subject’s Personal Data processed by Finoo, the criteria used, purpose of the processing, and information regarding the (non-)existence of the record. |
| Access | Access the Data Subject’s Personal Data that are in the database or being processed by Finoo. |
| Rectification | Request the correction of incorrect or incomplete Personal Data of the Data Subject in Finoo’s database. |
| Deletion | Request the deletion of the Data Subject’s Personal Data in Finoo’s database, or if not possible (due to the mandatory retention discussed in item 4), keep them for the period provided in an inactive database. |
| Portability | Transmission of the Data Subject’s Personal Data for the use of third-party services. |
| Review of Automated Decisions | Request a review of decisions made solely through automated processes. |
7.1. For the purposes of exercising the rights of the data subject, as provided in the LGPD and in this item 7, the Data Subject should contact our Data Protection Officer, Carlos Ronchetti, via email at dpo@finoo.io, or by written communication sent to the address Avenida Engenheiro Luiz Carlos Berrini, 1748 – suite 1710, in the Cidade Monções neighborhood of São Paulo/SP, ZIP code 04571-000.
7.2. To exercise the rights of a Data Subject, additional information and/or documents proving your identity and/or legitimizing the requested action may be required.
8. Customer Service Channels
Except for the exercise of rights by data subjects (handled by the Data Protection Officer as detailed in the Privacy Notice), Finoo provides the following channels for general inquiries:
8.1. E-mail: hello@finoo.io;.
8.2. "Help" channel on the Platform.
9. Informações Gerais
9.1. Base de dados. A base de dados formada por meio da coleta de Dados Pessoais é de nossa propriedade e está sob nossa responsabilidade, and its use, access, and sharing, when necessary, will only be done by individuals who need and are authorized to perform such activities, within the limits and purposes of the business described in this Notice.
9.2. Cloud. Nossa operação é estruturada em ambiente de uso de recursos e servidores na nuvem (cloud computing) localizado na Holanda (União Europeia), o que exige uma transferência e/ou processamento de seus Dados Pessoais fora do Brasil - a um país cuja legislação submete os titulares ao mesmo grau de proteção que a legislação brasileira.
9.3. Decisão automatizada. In our operations, we do not adopt any procedure based on automated decision-making that could affect your interests, whether personal, consumer, or credit.
9.4. Comunicação eletrônica. To optimize and improve our communication, we will prioritize contact via e-mail – and it is important that you pay attention: all our emails will always be sent from the domain @finoo.io. However, for convenience or speed, we may contact you through other means of communication (such as SMS, instant messaging apps, or even phone calls), which are also valid, effective, and sufficient for the disclosure of any matter related to our services, as well as the conditions of their provision or any other related issue.
9.5. Subsistência. Should any part of this Notice be considered unenforceable by a competent authority (such as the ANPD or a judicial body), the remaining conditions will remain in full force and effect.
9.6. Amendment and update. From time to time, we will review the content of this Notice, and may update it or not. You acknowledge our right to change the content of this Notice at any time, as necessary (including to accommodate new operational flows or activities), as well as for legal adequacy and compliance with laws or regulations that have equivalent legal force or, furthermore, guidance from the ANPD on the matter. But do not worry: if we do, we will maintain a version history available for consultation and will inform you via e-mail about the update.
9.7. Applicable law and jurisdiction. This Notice has been written and should be interpreted according to Brazilian law, with the jurisdiction of your domicile being elected to settle any dispute involving this document, except for specific jurisdictional competencies as provided by applicable law.
10. Glossário
10.1. Neste Aviso, os seguintes termos definidos têm os seguintes significados:
10.1.1 ANPD: significa a Autoridade Nacional de Proteção de Dados, autarquia especial do Governo Federal vinculada ao Ministério da Justiça e Segurança Pública, responsável por zelar pela proteção dos Dados Pessoais e por orientar, regulamentar e fiscalizar o cumprimento da legislação;
10.1.2 Aviso (ou Aviso de Privacidade): este documento que esclarece quais Dados Pessoais coletamos, para que os utilizamos, com quem os compartilhamos e as medidas de segurança adotadas, além dos direitos dos Titulares;
10.1.3 Controlador: é a pessoa natural ou jurídica a quem compete decidir sobre o tratamento dos Dados Pessoais – no caso da Plataforma Finoo.io, nós, a Finoo;
10.1.4 Dado Pessoal (ou Dados Pessoais): toda informação relacionada a pessoa natural identificada ou identificável, conforme definido no art. 5º, II da LGPD;
10.1.5 Encarregado: também conhecido como DPO, é a pessoa indicada para atuar como canal de comunicação entre nós, os Titulares e a ANPD, conforme art. 5º, VIII da LGPD;
10.1.6 HTTPS: é a versão segura do Hypertext Transfer Protocol, utilizada para dar segurança aos dados trafegados;
10.1.7 ID de Sessão: é o registro da conexão do Usuário com a Plataforma;
10.1.8 LGPD: refere-se à Lei Geral de Proteção de Dados, Lei Federal nº 13.709/2018;
10.1.9 Nossos Ambientes: significa, em conjunto, nosso site (http://bestpass.travel) e nossa Plataforma em web e app;
10.1.10 Operador: é a pessoa que realiza o tratamento de Dados Pessoais em nome do Controlador, conforme art. 5º, VII da LGPD;
10.1.11 Plataforma: significa a plataforma Finoo, em suas versões web e app, disponível nas lojas de aplicativos;
10.1.12 Registros: são os logs de interações dos Usuários na Plataforma;
10.1.13 TCP/IP: é o conjunto de protocolos para comunicação na internet, e também refere-se ao endereço IP;
10.1.14 TLS: significa Transport Layer Security, o sucessor do SSL para comunicação segura;
10.1.15 Titular: é a pessoa a quem se referem os Dados Pessoais processados, conforme art. 5º, V da LGPD;
10.1.16 Tratamento: é qualquer operação realizada com Dados Pessoais, conforme art. 5º, X da LGPD;
10.1.17 Usuário: é você, que se cadastrou na Finoo para facilitar seu intercâmbio.