We are committed to protecting your privacy and this statement summarizes what personal details we may collect from you before, during or after you use our Site and what we will do with them. Any changes to our privacy policy will be posted on this page.
When you e-mail us or use a contact form within this site: We will use your email address for the purposes of administering your query and responding to you. Fin-eX does not give access to its data to any third party for marketing purposes. We will not publish your email address on our Site. Unless you give your explicit permission we will not use your name and email address to send you, nor allow any associated companies to send you, any unwanted marketing information.
If you wish to remove us from any marketing mail received by you us – Send us an email at opt@finexoutsourcing.com
Data Protection Policy
This is a statement of the data protection policy adopted by the Fin-eX.
We may occasionally be required, either by law or to carry out our responsibilities as a regulator and a professional body, to collect, use and share certain types of personal information to comply with the requirements of government departments, agencies and regulators.
Under the Data Protection Legislation, all organizations which handle personal information must comply with a number of important principles regarding the privacy and disclosure of this information.
Data Protection Legislation
In the United Kingdom and the European Economic Area (EEA), “Data Protection Legislation” means all applicable data protection and privacy legislation or regulations including The Privacy and Electronic Communications (EC Directive) Regulations 2003 (also known as PECR) and any guidance or codes of practice issued by the European Data Protection Board or the Information Commissioner, together with:
- prior to 25 May 2018, the UK Data Protection Act 1998; and
- from 25 May 2018 onwards Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”), as amended by the UK Data Protection Bill.
Outside of the EEA, “Data Protection Legislation” means local, territorial data protection and privacy legislation that governs the processing of Personal Data.
Therefore we fully endorse and adhere to the principles of data protection set out in the Data Protection legislation and will:
- fully observe the conditions regarding the fair collection and use of personal information
- meet our legal obligations to specify the purposes for which we use personal information
- only collect and process the personal information needed to carry out our business or to comply with any legal requirements
- ensure that the personal information we use is as accurate as possible
- ensure that we don’t hold personal information any longer than is necessary
- take appropriate technical and organizational security measures to safeguard personal information; and
We are ISO 27001 Certified which means that we adhere to international standards for managing the security of assets such as financial information, intellectual property, employee details or information entrusted to us by third parties. Yearly audits are conducted at our processing facility in Lahore, Pakistan. (this covers a large portion of GDPR requirements).
As part of GDPR Compliance, we have shared on our website a GDPR Audit Checklist to help clients summaries the basic requirements along with giving them a helpful guideline on what needs to be implemented. We are bringing additional assurance process in our security apparatus to further adhere to the GDPR requirements:
- Activities guided by a certified GDPR Practitioner
- Appointment of an internal Data Protection Officer (DPO)
- Setting up an official breach response plan that adheres with GDPR
- Setting up all the controls required for international data transfers
- Internal audit program to ensure compliance with GDPR and ISO 27K
- Updating our existing and new Outsourcing agreements with our clients as set by the GDPR guidelines.
- Apart from this, Fin-eX is also adherent to local data protection laws such as:
- Electronic Data Protection Act of 2005
- Electronic Transmission Ordinance 2002
- Prevention of electronic crimes Act 2016