Finex Outsourcing

We are committed to protecting your privacy and this statement summarizes what personal details we may collect from you before, during or after you use our Site and what we will do with them. Any changes to our privacy policy will be posted on this page.

When you e-mail us or use a contact form within this site: We will use your email address for the purposes of administering your query and responding to you. Fin-eX does not give access to its data to any third party for marketing purposes. We will not publish your email address on our Site. Unless you give your explicit permission we will not use your name and email address to send you, nor allow any associated companies to send you, any unwanted marketing information.

If you wish to remove us from any marketing mail received by you us – Send us an email at

Data Protection Policy

This is a statement of the data protection policy adopted by the Fin-eX.

We may occasionally be required, either by law or to carry out our responsibilities as a regulator and a professional body, to collect, use and share certain types of personal information to comply with the requirements of government departments, agencies and regulators.

Under the Data Protection Legislation, all organizations which handle personal information must comply with a number of important principles regarding the privacy and disclosure of this information.

Data Protection Legislation

In the United Kingdom and the European Economic Area (EEA), “Data Protection Legislation” means all applicable data protection and privacy legislation or regulations including The Privacy and Electronic Communications (EC Directive) Regulations 2003 (also known as PECR) and any guidance or codes of practice issued by the European Data Protection Board or the Information Commissioner, together with:

Outside of the EEA, “Data Protection Legislation” means local, territorial data protection and privacy legislation that governs the processing of Personal Data.

Therefore we fully endorse and adhere to the principles of data protection set out in the Data Protection legislation and will:

We are ISO 27001 Certified which means that we adhere to international standards for managing the security of assets such as financial information, intellectual property, employee details or information entrusted to us by third parties. Yearly audits are conducted at our processing facility in Lahore, Pakistan. (this covers a large portion of GDPR requirements).

As part of GDPR Compliance, we have shared on our website a GDPR Audit Checklist to help clients summaries the basic requirements along with giving them a helpful guideline on what needs to be implemented. We are bringing additional assurance process in our security apparatus to further adhere to the GDPR requirements:

  1. Activities guided by a certified GDPR Practitioner
  2. Appointment of an internal Data Protection Officer (DPO)
  3. Setting up an official breach response plan that adheres with GDPR
  4. Setting up all the controls required for international data transfers
  5. Internal audit program to ensure compliance with GDPR and ISO 27K
  6. Updating our existing and new Outsourcing agreements with our clients as set by the GDPR guidelines.
  7. Apart from this, Fin-eX is also adherent to local data protection laws such as:
    • Electronic Data Protection Act of 2005
    • Electronic Transmission Ordinance 2002
    • Prevention of electronic crimes Act 2016