At Handlarfinans we are firmly committed to the privacy of our customers and the data that is stored on our cloud platform.
What information do we collect?
We may collect, store, and use the following kinds of personal information:
Information about your computer and about your use of this website. This may include your IP address, your location, your browser type and version, your operating system, your referral source, your length of visit, your page views, and website navigation.
Information relating to any transactions carried out between you and us on or in relation to our website. This may include information related to any purchases you make of our goods or services. We may also ask for your contact information, including information such as your name, your company name, your address, your email address, and your telephone number. We will never ask you to share any sensitive information.
Information that you provide to us for the purpose of subscribing to our website services, email notifications, and/or newsletters
Information that you provide to us in the form of support to our platform
How we use your information
We use the information we collect from you in various ways, such as:
to provide, operate, and maintain our services
to improve, personalize, and expand our services
to understand and analyze how you use our services;
to develop new products, services, features, and functionalities
to communicate with you to provide you with updates and other information relating to our services
to communicate with you for marketing and promotional purposes, when we have your previous consent
to process your transactions
to keep our website secure and prevent fraud
to send you email notifications that you have specifically requested
for compliance purposes, including enforcing our Terms of Service, or other legal rights, or as it may be required by applicable laws and regulations, or requested by any judicial process or governmental agencies
We will not, without your express consent, share your personal information with any third parties for the purpose of direct marketing.
We retain the personal information we collect from you if we have an ongoing legitimate business need to do so. For example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements.
If and when we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it within 1 month after the legitimate business need has ended.
If this is not possible (e.g. because your personal information has been stored in our backup archives), then we securely store your personal information and isolate it from any further processing until deletion is possible.
About your customers
Any information that you add on your Handlarfinans platform about your customers will be deleted when there is no ongoing legitimate business need (e.g. if you cancel your account).
You can also request a clean-up/removal of order data placed before a certain period (e.g. more than two years old). If you do not need your data retained after a specific period of time, please send us your request at email@example.com.
If you choose to link our services to a third-party account, we will receive information about that account, such as your authentication token from the third-party account in order to authorize linking. If you wish to limit the information available to us, you should visit the privacy settings of your third-party accounts to learn about your options.
For example, if you link your Trading Solutions account to Handlarfinans, we may receive information from your Trading Solutions account. You can always unlink a service from a third-party account, or send us a request to do it for you at firstname.lastname@example.org.
How we share your information
We may share the information we collect from you in various ways, including:
Vendors and Service Providers. We may share information with third-party vendors and service providers that provide services on our behalf and to provide you with information relevant to you such as product announcements, software updates, special offers, or other information. An extensive list of what our main service providers do, follows in the next section.
Aggregated Information. Where legally permissible, we may use and share information about users with our partners in an aggregated or de-identified form that cannot reasonably be used to identify you.
Third-Party Partners. We also share information about our users with third-party partners in order to receive additional and publicly available information about you.
Business Transfers. Information may be disclosed and otherwise transferred to any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
As Required By Law and Similar Disclosures. We may also share information to:
(i) satisfy any applicable law, regulation, legal process, or governmental request;
(iii) detect, prevent, or otherwise address fraud, security, or technical issues;
(iv) respond to your requests; or
(v) protect our rights, property or safety, our users, and the public
This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.
With Your Consent. We may share information with your consent.
Vendors and service providers and sub-processors
All our vendors and service providers are GDPR compliant. While we do not disclose the full list of the vendors online, the sub-processors fall into the following categories:
Server hosting providers
Email marketing service
Email sending service
Customer support software
Online chat software
Application analytics software
Subscription management software
Webpage editing software
Invoicing software (if applicable)
Payment gateways (if applicable)
Unless there is a specific integration in place (e.g. accounting software or payment gateways), the only sub-processor/vendor with which we share your customers’ data is our email sending service and that solely for purposes instructed by you (e.g. an update on a customer’s order).
Should you require a full list of our sub-processors, please send us an email at email@example.com.
Legal basis for processing personal information
Our legal basis for collecting and using the personal information described above will depend on the personal information shared and the specific context in which we collect it.
However, we normally collect personal information from you only:
when we need the personal information to perform a contract with you
in case the processing is in our legitimate interests and not overridden by your rights or
when we have your consent to do so
when we have a legitimate interest in operating our services and communicating with you as necessary to provide these services. For example, when responding to your queries, when asking you how to improve our platform, or for the purposes of detecting or preventing illegal activities.
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need your personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences, if you do not provide your personal information).
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We use both “session” cookies and “persistent” cookies on the website. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted or until they reach a specified expiration date.
We use the session cookies to:
keep track of you while you navigate our website
prevent fraud and increase our website security
We do not use the persistent cookies to:
enable our website to recognise you when you visit it
keep track of your preferences in relation to your use of our website
keep track of the marketing performance of our services
In addition, we may disclose your personal information:
to the extent that we are required to do so by law
in connection with any ongoing or prospective legal proceedings
in order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling
to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information
International data transfers
The information that we collect from you is only stored in EEA.
All communications with Handlarfinans are transmitted over TLS (HTTPS) for all of our services (SSL grade A+).
The Handlarfinans platform software responds only to secure https requests. Plain http is disabled for both trial and paid accounts.
Data center colocation attestations and certifications
Handlarfinans’s data center is stored, audited, and/or certified by various internationally-recognised attestation and certification compliance standards.
Our data center complies to the following reports and certifications:
SOC 1 Type II
SOC 2 Type II
We take reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information. We store all the personal information you provide on our secure (password- and firewall-protected) servers.
Passwords are encrypted and we are not able to recover any password on our own. You can only reset your password, if you have forgotten it. Login attempts per
IP are restricted to a certain number.
We monitor the security advisories of the software we use on a regular basis and we perform a penetration test on our application each month.Should any breach of security occur, we are obliged to inform you within 72 hours for all the affected parties.
Backups and location of your data
All our data is stored in Europe (main location London, backup location in Ireland and Amsterdam). All our backups are transferred and store encrypted (AES-256).
The website contains links to other websites. We are not responsible for the privacy policies or practices of third-party websites.
Your data protection rights under the General Data Protection Regulation (GDPR)
Data processor and data controller definitions
When using Handlarfinans, you (the customer) are the “data controller” in the sense that you control the data that comes in and out of our platform.
Handlarfinans is the “data processor” in the sense that we process the data that you input to our service.
Right to be informed
We are obliged to inform you about how your information is processed by us, about our our sub-processors, and about your rights.
Right of access
You can request at any time any data that we hold for your company by sending us an email at firstname.lastname@example.org.
Your information will be delivered in a secure method and encoded in either XLS or JSON format. Your customers can also request the data that we hold for them. Since we do not directly communicate with your customers, you will need to delegate that request to us.
All Right of Access requests are executed within 7 days.
Right to rectification
You can request updates on the information you have on you on your account at any time.
Your customers can also make any changes to their account on their own. In case these changes are not possible by them (e.g. if editing is disabled for them), you (as the administrator) should be able to make any amendments on their behalf.
If you have any problems when editing specific information for a customer, please send us an email at email@example.com.
Right to erasure
You can cancel your account and request full removal of your information at any time. We will also delegate that request to our sub-processors, if that is required. For example, in order to remove you from our CRM.
Your customers can also request to be erased from our platform. Should that be the case, please send us an email at firstname.lastname@example.org.
In this email please make sure to mention:
your account details and your customer’s company name
“Customer removal request” as your email subject
We proceed to the full removal of your customer’s information within 7 days.
Please note that we are not responsible for removing customer information from payment providers, accounting systems, and in general systems that you as the “data controller” have direct access to.
Right to restrict processing
Handlarfinans processes information for analysing usage if its software (e.g. how many orders were placed). If you need to restrict Handlarfinans’s processing information activities, please send us email at email@example.com.
In this email, make sure you mention:
your account details, and
“Restrict usage” as your email subject
Right to data portability
You can export the following information directly from the platform in XLS format on your own:
Your customers can export the following information directly from the platform in XLS format on their own:
Should you require a more detailed export of your data, please send us a request at firstname.lastname@example.org.
In this email make sure you provide us with the following information:
your company’s name
the domain name you use
your position in the company
Right not to be subject to automated decision-making, including profiling
Currently, Handlarfinans does not automatically make any decisions.
Right to object
Should at any time you want to object how Handlarfinans processes data or even propose a better way, please send us an email at email@example.com stating your objection.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.