Privacy Statement
At Figy B.V. (Figy), we deeply respect your privacy. To provide you with a valuable product, we require some personal information from you. When we mention 'personal data,' we're referring to information that can identify you, either directly or indirectly, as an individual. This definition aligns with the General Data Protection Regulation (GDPR).
This statement outlines the personal data we collect and the reasons behind it (our privacy statement). It also explains how we store, protect, and process this personal data.
Our Privacy Statement is relevant to our website, https://www.figy.app , and our mobile apps for iOS and Android, known as Figy. We handle your personal data in full compliance with the GDPR and other pertinent data protection laws and regulations, including the Telecommunications Act, which relates to the use of cookies (relevant legislation).
1. How we use your personal information?
To enable you to use our website and apps, we need to process your personal information. In some cases this processing is necessary, such as when we provide you access to our apps or when we must fulfill an agreement we have with you. In fact, we cannot provide you access to our apps without utilizing your personal information.
2. Who is responsible for handling your personal information?
We are responsible for handling your personal information. As such, we act as the data controller in accordance with applicable laws. You can find our contact details and those of our data protection officer at the bottom of this privacy statement.
3. What personal data do we process, on what basis and for what purpose(s) do we use it?
If you use our website and apps, we may require your personal data for these services. We process your personal data in compliance with applicable laws. We use your personal data for the following purposes:
- To fulfill our agreement with you.
- To meet legal obligations.
- For our legitimate interests, considering your interests.
- If you have given your consent.
We ensure that the processing of your personal data is adequate, relevant and limited to what we need for the purposes for which the personal data are processed.
In the table below, we provide an (1) overview of the personal data we process, (2) the purposes for which we process it, and (3) the legal grounds on which we rely.
| Personal data | Reasons | Basis |
|---|---|---|
| Contact and profile data: first name, email address. | We use this data to: contact you, correspond with you, send you a newsletter (optional). | We process this data based on: fulfillment of the agreement and consent. |
| Content data related to the app: information about private assets, information about private obligations, financial banking transactions via PSD2 links, information about income and expenses, information about pension, date of birth and nickname per family member, economic assumptions, your investment strategy, correspondence or chat conversations with you. | We use this data to: meet the obligations outlined in our agreement with you, provide you with an optimal service, help you with product questions. | We process this data based on: fulfillment of the agreement and consent. |
| Device and demographic information: IP address, location, operating system and browser (via Google analytics). | We use this data to: better understand the demographics of website visitors (Google Analytics). | We process this data on the basis of: legitimate interest. |
4. Legitimate interest
Based on legitimate interest, we balance the interests of Figy on the one hand against your interests, fundamental rights and freedoms on the other. We assess whether Figy's interest outweighs your privacy interest. We process the relevant personal data to keep track of who visits the website and where these visits come from. Figy uses Google Analytics cookies to monitor the demographics of our visitors and analyze website traffic. This information is used for the purpose of product improvement and refining the marketing strategy. Figy has taken measures for this in line with the GDPR. The actions taken are in accordance with the regulations of the Dutch Data Protection Authority (for this, see link).
Figy has:
- Entered a processor agreement with Google.
- Masked the last octet of the IP address.
- Disabled data sharing option within Google Analytics.
- No link with other Google services (e.g. AdWords). No other services are used in conjunction with the Google Analytics cookies.
The processing of personal data based on our legitimate interest therefore has no or only a limited impact on your privacy. Since your interests do not outweigh those of Figy, we believe that Figy has a legitimate interest in the processing of the personal data. However, this assessment is subjective. If you do not agree with the processing of your personal data based on our legitimate interest, you can always object to us. We will then reassess the processing of your personal data and possibly stop processing your personal data.
5. How do we obtain your personal data?
We receive personal data directly from you when you:
- Visit our website.
- Sign up using one of our apps.
- You wish to use additional functionality within the app that depends on your personal data. For example, think of your date of birth for pension-related calculations or financial transactions via PSD2 links.
- When you contact us via the contact form or subscribe to our mailing list.
6. Automated Decision Making
We do not use automated decision-making.
7. How do we protect your personal data?
We are committed to protecting your personal information from loss, destruction, use, alteration or disclosure of your personal information by unauthorized persons. As a result, those who have nothing to do with your personal information cannot access it. We do this by means of, among other things, the following measures:
- Securing network connections with Secure Socket Layer (SSL), or a similar technology (encryption in transit).
- Encryption (encryption) of digital files and/or data containing personal data (encryption at rest).
- Access to the personal data within the organization is strictly limited to the persons/systems that need this personal data (least privilege principle).
- Using a certified authentication service provider.
8. How long do we keep your personal data?
We will not retain your personal data longer than we need for the purposes described above. If your account is deactivated, you can restore this account within 1 year. After that, we will delete the account. Other personal data will be deleted as soon as they are are no longer necessary for the purposes for which we process them.
9. Who do we share your personal data with?
Processors
We may share your personal data with other parties who process personal data for us. These are processors within the meaning of relevant legislation. The processors will only use your personal data in accordance with our instructions and not for their own purposes. We agree with the processors in a processing agreement that they handle your personal data carefully and that they only receive the personal data that are necessary to provide their services to us.This is an overview of the (categories of) processors and what they do for us:
| Categories of processors | Function |
|---|---|
| Cloud and Hosting Services (AWS) | Hosting and storage of website and servers. |
| PSD2 partner (Tink) | Storage and processing of financial transactions. |
| Authentication Service Provider (Auth0) | Storage of authentication (login) data. |
| Support (Customer Service) | Helpdesk software, reporting and tracking bugs in the app. |
| Communication (Mailchimp) | Email, notification services and communications. |
| Marketing Analytics (Google Analytics, Metapixel) | Monitoring the effectiveness of marketing campaigns. |
In addition, we share your personal data if we are legally obliged to do so. This is the case, for example, if the police asks us for your personal data.
10. Transfer
We will only process your personal data within the European Union. Outside the European Union, we will only process your personal data if that country offers an adequate level of protection for your personal data. We will never transfer your personal data to other countries or to parties other than those listed above.
11. Links
Our website and our apps may contain links to other websites. We are not responsible for the content or privacy protection of these websites. We therefore always advise you to read the privacy statement of the relevant website.
12. Cookies
A cookie is a small (text) file that we, Figy, receive from our servers from https://www.figy.app
(website) to your browser. Your browser then stores the file on your device. For more information about how we use cookies, please refer to our cookie statement: link.
13. Privacy Statement Changes
We may change the privacy statement. If we make significant changes to the privacy statement, we will post a notice on our website and apps along with the new privacy statement. We will notify users registered with us.
14. Your Rights
You have the following rights:
- You can ask us to access your personal information.
- You can ask us to correct, restrict or delete your personal data. In the event of fraud, non-payment or other wrongful acts, we may keep relevant personal data about you in a register or on a blacklist.
- You can ask us for a copy of your personal data. We can at your request also pass this copy on to other parties, so that you no longer have to do this yourself.
- You can object to the processing of your personal data.
- You can submit a complaint to the Dutch Data Protection Authority if you believe that we are processing your personal data unlawfully.
- You can withdraw your consent to process your personal data at any time. Once you withdraw your consent, we are no longer allowed to process your personal data.
15. Contact
For any other questions or comments about the privacy statement, please contact us using the details below:
Figy BVCapucijnenstraat 21 C-15
6211RN Maastricht
KVK: 86254413
info@figy.app
16. Data Protection Officer
Florentijn Hogerwerff.hogerwerf@figy.app
