Finray Technologies Limited

Griva Digeni, 115 TRIDENT CENTER, 3101, Limassol, Cyprus

Version Date:

June 16, 2025

Policy Revision Schedule

Next Revision Date

June 01, 2026

1. Definitions

2. Purpose

3. Scope and Applicability

4. Collection of Personal Information

5. Information We Automatically Collect Online

6. Information You Provide to Us

7. Offline Information

8. Third-Party Sources

9. Categories of Personal Information Collected

10. Purposes for Which We Use Your Personal Information

11. Disclosure of Your Personal Information

12. Affiliates and Subsidiaries

13. Authorized Service Providers

14. Successors in Interest

15. Marketing Communications

16. Analytics and Business Operations

17. Government and Legal Authorities

18. Fraud or Unlawful Activity

19. Third-Party Privacy Practices

20. Anonymized or Aggregated Information

21. Storage and Protection of Your Personal Information

22. Additional Security Measures

23. How We Protect the Security of Your Personal Information

24. Key security practices include:

25. Retention of Personal Information

26. Retention periods include:

27. Cookies and Online Tracking Policy

28. Choices About How We Collect, Use and Disclose Your Personal Information

29. Your Rights Related to Your Personal Information

Finray Technologies Ltd (referred to as "we", "us", "our", or "the Company"), registered under company number HE 445903, acts as the data controller for any information we receive directly through our website https://finray.tech/, our social media channels, mobile and smartwatch applications, email, phone calls, or through other forms of communication from you, your clients, or other interested parties.

We value and respect your privacy and the privacy of your clients, and we are committed to safeguarding personal information in compliance with all applicable data protection and privacy laws.

Please review this policy carefully to understand how we collect, use, and protect your data. If you have any questions about our privacy practices, you’ll find contact information at the end of this document. This policy applies to data collected directly from you or indirectly through your clients and third parties, when necessary to provide our services, and where your consent has been obtained.

1. Definitions

"Company" refers to Finray Technologies Limited, legally incorporated in Cyprus, with registration number HE 445903, and registered office at 115 Griva Digeni, Trident Centre, Limassol, Cyprus, 3101.

"Personal Information" refers to any information relating to a living person that can be reasonably linked to that individual. This also includes "Sensitive Personal Information", as defined below.

"Sensitive Personal Information (Special Categories of Data)” includes information revealing racial or ethnic origin, political views, religious or philosophical beliefs, criminal history, biometric or genetic data used to identify someone uniquely, health data, or information about sexual life or orientation.

"MNPI" (Material Non-Personal Information) refers to non-personal data that is nonetheless confidential and should be restricted to authorized personnel only.

"Data Processor" means an individual or entity that processes personal data on behalf of a data controller.

"Data Controller" means the person or organization that determines the purpose and means of processing personal data. For the purposes of this policy, our Company is the data controller.

"EEA" stands for the European Economic Area, which includes all EU Member States along with Iceland, Liechtenstein, and Norway.

"Processing" includes any activity performed on personal data, such as collecting, storing, using, accessing, modifying, disclosing, erasing, or destroying data.

"Third Party" means any individual or organization other than the data subject, controller, processor, or those authorized to handle data under the direct authority of the controller or processor.

"Data Subject" is an individual who can be identified directly or indirectly through information such as a name, ID number, online identifier, or one or more unique personal characteristics.

"Consent" is the freely given, specific, informed, and unambiguous agreement by the data subject to the processing of their personal information.

"Clients" refers to individuals or entities that have a contractual relationship with our Company.

"Clients’ Clients" refers to individuals or entities who have a relationship with our clients or are involved with them in their usual business activities.

"Cookies" are small data files used on our website to enhance user experience, as further explained in our Cookie Policy.

"Cookie Policy" refers to the guidelines for the use of cookies on our website.

"Associates" includes our company directors, employees, contractors, and affiliated service providers.

"Principal" is any individual or organization that has appointed our Company as their representative or agent.

"DPO" (Data Protection Officer) is responsible for overseeing compliance with data protection laws and procedures.

"PIA" (Privacy Impact Assessment) refers to a required evaluation of how data processing may impact privacy, particularly when new or potentially risky activities are planned.

"Profiling" means automated processing of personal data used to analyze or predict aspects of an individual’s behavior or characteristics.

"Transfer Outside the EEA" refers to accessing or processing personal data in countries outside the European Economic Area. This is regulated under GDPR, even if the data is not physically moved.

2. Purpose

Finray Technologies Ltd operates as a software development and IT consultancy company within the digital and financial technology space. To fulfill this mission, we gather and utilize Personal Information to deliver a range of integrated services under one umbrella.

This privacy policy (the “Policy”) establishes the principles we follow to ensure adequate privacy protections for all Personal Information we handle, including that of our current, past, and prospective employees, clients, suppliers, partners, contractors, and other business associates.

Our Company is committed to upholding the privacy rights of individuals whose data we manage and strictly adheres to all relevant privacy and data protection regulations. This document outlines the principles we apply to protect personal data and how we ensure these principles are embedded in our daily operations.

3. Scope and Applicability

This Policy applies to all types of Personal and Sensitive Information that Finray Technologies Ltd collects, processes, shares, or uses.

It covers all parties engaged with our business operations, including but not limited to our:

• Associates

• Clients

• Clients’ Clients

• Third Parties

This Policy sets out the data handling standards adopted by Finray Technologies Ltd and must be followed by all individuals and entities associated with our operations.

4. Collection of Personal Information

We collect various types of data from individuals and entities we interact with—whether directly, through our clients, or indirectly in the course of our services. This includes information that can personally identify you, commonly referred to as “Personal Information.” Examples include names, email addresses, contact numbers, financial and demographic data, ID numbers, and other identifiers.

5. Information We Automatically Collect Online

When you visit our website or use our services, we automatically gather technical information such as:

• Your device’s IP address (via IP Locator)

• Browser type and version

• Time zone settings

• Operating system and platform

• Browser plug-in details

We also gather usage data via tools like Google Analytics and Facebook Ads to optimize our service offering.

6. Information You Provide to Us

We collect information through interactions such as:

• Website visits and platform usage at https://finray.tech/

• Use of our mobile or web applications

• Email exchanges

• Service updates and client support communications

• Subscription to newsletters, surveys, contests, or promotional campaigns

7. Offline Information

Offline data collection may occur when:

• You call our phone number or interact with our telephone services

• You visit one of our locations

• You engage with our staff for any assistance

8. Third-Party Sources

We may also obtain Personal Information through third-party sources, including but not limited to:

• Your clients

• Recruitment firms

• Credit reporting services

• Compliance verification agencies

• Sub-agents or business partners

9. Categories of Personal Information Collected

The categories of Personal Information we may collect—either online via https://finray.tech/ or offline—include:

• Information submitted through forms, especially during your initial contact with us

• Data you ask us to update or include in your online profile, such as call or message history and client details

• Information you or your clients provide for delivering services on your behalf

• Any personal or sensitive client information needed for operational purposes

• Correspondence records, including email addresses and message history

• Transactional data and order fulfilment records

• Personal data shared when you participate in contests, surveys, or marketing campaigns

• Information submitted when reporting issues via our support channels

10. Purposes for Which We Use Your Personal Information

We use the Personal Information we collect—either directly from you, your clients, or third parties—for the following purposes:

• Service Acquisition: To acquire services, products and information from you

• Service Delivery: To provide you with the services, products, and information you request from us.

• Client Relationship Management: To manage your account, offer customer support, notify you of changes or updates, and ensure smooth delivery of services.

• Marketing and Communication: With your explicit consent, we may contact you with offers, updates, or products that may interest you—either from us, our partners, or affiliates.

• Security and System Functionality: To detect and address fraud, unauthorized activity, and intellectual property violations, and to maintain the security and functionality of our systems.

• Legal Compliance: To fulfill our legal obligations and to enforce our contractual rights, including responding to regulatory or law enforcement requests.

• Other Uses: For any additional purpose clearly communicated to you at the time of data collection, or where you have given separate, informed consent.

11. Disclosure of Your Personal Information

We only share your Personal Information in accordance with this policy and the applicable legal framework. Below are the categories of third parties with whom we may share your data:

12. Affiliates and Subsidiaries

We may share Personal Information within our group of companies to facilitate service delivery, customer support, marketing (subject to your consent), and compliance efforts.

13. Authorized Service Providers

We work with carefully vetted third-party vendors and service providers who support us with specific business functions. These may include:

• Order fulfillment

• Payment processing

• Hosting and maintaining our website

• Risk and fraud analysis

• Customer service

• Marketing support

These providers are contractually required to use Personal Information only as necessary to deliver their services and to maintain robust data protection standards.

14. Successors in Interest

If Finray Technologies Ltd undergoes a merger, acquisition, restructuring, or asset sale, Personal Information may be part of the transferred assets. We will take reasonable steps to ensure the recipient maintains data protection consistent with this policy.

15. Marketing Communications

If you have given your consent, we may use your Personal Information to send you:

• Marketing materials

• Promotional content

• Satisfaction surveys

• Research or quality assurance questionnaires

We may also personalize your user experience and manage contests or promotions.

16. Analytics and Business Operations

Aggregated, non-identifiable data may be used for internal business analytics, security improvements, and service optimization.

17. Government and Legal Authorities

We may share Personal Information when legally required, including:

• In response to court orders, subpoenas, or regulatory inquiries

• To assert or defend legal claims

• To comply with applicable laws and law enforcement agencies

• When necessary to protect the rights, safety, or property of Finray Technologies Ltd, its users, or others

18. Fraud or Unlawful Activity

Where necessary, we may share Personal Information to investigate or take action regarding illegal conduct, suspected fraud, violations of our terms, or system integrity threats.

19. Third-Party Privacy Practices

Third parties we disclose information to may have their own privacy policies. We encourage you to review their policies for details on how they manage and protect your data.

20. Anonymized or Aggregated Information

We may freely share non-identifiable or aggregated data for purposes such as industry analysis or performance metrics, which do not directly identify any individual.

21. Storage and Protection of Your Personal Information

All collected Personal Information is stored securely, primarily in our cloud servers located in the EU.

In certain cases, we use Contabo, Google Business Cloud and Amazon Web Services (AWS) for data storage and processing. Key details include:

• All data is encrypted at rest using AES-256 encryption.

• Daily backups are encrypted via AWS S3 Server-Side Encryption.

• Backups are stored on the hardware located in Republic of Cyprus 

• Any changes to data location will be communicated 30 days in advance.

22. Additional Security Measures

• Versioning and MFA-delete are enabled on AWS S3 buckets for logs and backups.

• KMS (Key Management Service) is used to preserve data integrity.

• Access control is enforced through IP whitelisting, private subnets, and strict security groups.

• Encryption in transit is ensured via private, encrypted VPN links.

We implement industry-standard safeguards to protect your data from loss, misuse, or unauthorized access. These include physical, technical, and administrative security controls.

Third parties, such as our developers or subcontractors, are obligated by contract to:

1. Act only upon our instructions regarding data processing.

2. Follow security procedures consistent with our internal practices and regulatory requirements.

Despite our best efforts, no data transmission over the Internet is 100% secure. You are encouraged to use secure communication channels when sharing sensitive information with us.

23. How We Protect the Security of Your Personal Information

At Finray Technologies Ltd, we take data security seriously. We implement appropriate safeguards—physical, electronic, and procedural—to protect your Personal Information against unauthorized access, loss, misuse, alteration, or disclosure.

24. Key security practices include:

• Restricted Access: Only authorized employees and associates can access Personal Information, and solely for business-related purposes.

• Training: Our staff are regularly trained in data protection practices and handling protocols aligned with the General Data Protection Regulation (GDPR).

• Technical Measures: We apply up-to-date encryption methods, secure servers, and advanced access controls to protect stored and transmitted data.

• Policy Compliance: Our internal procedures are continually updated to align with evolving regulatory requirements and best practices.

Please note that while we implement robust safeguards, no system can guarantee absolute security. We strongly advise users to avoid transmitting sensitive data via unsecured methods such as unencrypted email.

If you believe your interaction with us is no longer secure, please report it immediately to our Data Protection Officer at: info@finray.tech

25. Retention of Personal Information

We retain your Personal Information only for as long as necessary to fulfill the purposes for which it was collected and to meet our legal, regulatory, or contractual obligations.

26. Retention periods include:

• Account and Service Information: Stored for the duration of your active account or client relationship with Finray Technologies Ltd.

• Inactive Client Data: Retained for up to 12 months following account deactivation for security and operational purposes.

• Financial and Transactional Records: Maintained for 6 years in accordance with tax and accounting laws.

• Marketing Data: Kept for 12 months, renewable with your explicit consent.

• Compliance and Legal Data: Retained as required to satisfy applicable laws or resolve legal claims. Specific durations may vary by jurisdiction and case.

For further information on retention periods specific to your data, please contact: info@finray.tech

27. Cookies and Online Tracking Policy

Cookies are small text files stored on your browser or device. They are used to:

• Customize and personalize your browsing experience.

• Track and analyze user behavior (e.g., most visited pages, time spent on site).

• Identify returning users and their preferences.

• Collect analytics and advertising performance metrics via platforms like Google Analytics and Facebook Ads.

Finray does not collect cookies or similar tracking technologies on our website.

Legal Bases for Collection, Use and Disclosure of Your Personal Information

We rely on several lawful bases under applicable data protection laws, particularly the General Data Protection Regulation (GDPR), to collect, process, and share your Personal Information:

• Consent: When you explicitly agree to the use of your Personal Information for specific purposes, such as receiving marketing communications or participating in surveys. You may withdraw this consent at any time.

• Performance of a Contract: When processing is required to deliver the services you request or to fulfil contractual obligations with you (e.g., account setup, customer support, or service management).

• Legal Obligations: When we must process your data to comply with laws, regulations, or legal requests (e.g., anti-money laundering or tax compliance).

• Legitimate Interests: When processing is necessary for our business interests, provided these do not override your privacy rights (e.g., fraud prevention, network security, business analysis).

28. Choices About How We Collect, Use and Disclose Your Personal Information

We are committed to providing you with control over your Personal Information and how it is used. You have the following choices:

• Providing Information: You can choose not to share certain Personal Information with us. However, doing so may limit your ability to access specific services or features.

• Marketing Communications: During registration or through your profile settings, you can choose whether to receive newsletters, promotional offers, or product updates from us. If you initially agree but later wish to unsubscribe, you can do so at any time by:

  • Clicking the “unsubscribe” link in marketing emails

  • Adjusting your communication preferences in your profile

  • Contacting us directly at info@finray.tech

Unsubscribing may take up to 7 days to process. Please note that transactional emails (e.g., service updates or legal notices) are not subject to opt-out.

• Relations Termination: If you choose to end your relationship with Finray Technologies Ltd, your Personal Information will be handled in accordance with our retention policy and then securely deleted.

29. Your Rights Related to Your Personal Information

As a data subject under the GDPR, you have the following rights regarding your Personal Information:

• Right to Access: You may request confirmation of whether we process your Personal Information and receive a copy of that information.

• Right to Rectification: You can ask us to correct any inaccurate or incomplete Personal Information we hold about you.

• Right to Erasure ("Right to Be Forgotten"): You may request the deletion of your Personal Information where it is no longer necessary, or if you withdraw your consent.

• Right to Data Portability: You have the right to receive the data you provided to us in a structured, machine-readable format and request that we transmit it to another data controller.

• Right to Object: You may object to processing based on legitimate interests or direct marketing.

• Right to Restrict Processing: You can request that we limit the processing of your data under specific conditions (e.g., when accuracy is contested or processing is unlawful).

• Right to Withdraw Consent: If we rely on your consent to process your Personal Information, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of the above rights, please contact us at info@finray.tech. We may ask for identity verification to ensure the security of your data.

If you are located within the European Economic Area (EEA), you also have the right to lodge a complaint with your local data protection authority.