Privacy Statement

Flinks’ mission is to put consumers at the center of finance. This is not just some marketing pitch; this vision is formally enshrined in internal company documents of the utmost importance, like our Constitution.

In the furtherance of this mission, security and privacy are top priorities for us. We try to make everything we build as seamless as possible, and our privacy program is no exception. Depending on your interaction with Flinks, different privacy statements will apply. Please read the descriptions below carefully in order to understand which privacy statement applies, and how we collect, use, and share your information:

Flinks General Privacy Statement – This privacy statement addresses Flinks’ practices with respect to personal information Flinks collects associated with:

Your use of Flinks’ website and social media pages that link to the General Privacy Statement,
Your interactions with Flinks at Flinks-sponsored events or in-person meetings at Flinks’ offices, during the course of any sales or marketing activities with Flinks’ representatives, and
Where Flinks receives professional services from its vendors.

Flinks Services Privacy Statement – The Flinks Services Privacy Statement describes Flinks’ privacy practices relating to how and where you have connected your bank account with one of our clients’ services (e.g., a mobile or web application or financial service provider), and the information Flinks receives as a result of your use of those client services.

Flinks U.S. State Laws Privacy Notice – In the United States, some states have enacted privacy legislation that require specific disclosures to be made to the residents of those states. If you are a resident of California, Utah, Virginia, Colorado, or Connecticut, this privacy notice will describe how Flinks provides its services to businesses in those states, and identify the categories of personal information Flinks collects, uses, and discloses in the course of providing its services as required under the California Consumer Privacy Act (“CCPA”) and other applicable state laws.

Flinks Applicant Privacy Statement – If you are applying for a job at Flinks, the Applicant Privacy Statement addresses Flinks’ practices with respect to personal information you submit as part of the application process.

Flinks Cookie Policy – To learn more about Flinks’ use of cookies and other marking technologies on our website, please refer to this policy.

Table of contents:

General Privacy Statement
Services Privacy Statement
Flinks Cookie Policy
U.S. State Privacy
Flinks Applicant and Candidate Privacy Statement

General Privacy Statement

Table of Contents

About this Privacy Statement
Scope
Types of Personal Information We Process
How We Use Your Personal Information
Consent
Our Use of Marketing Technologies and Disclosure of Personal Information
Who We Share Your Information With
U.S. State Privacy Notice
Your Rights
Make a Request or Contact Flinks’ Privacy Officer
Updates To This Policy

About this Privacy Statement

This Privacy Statement provides information as to Flinks and its affiliates’ (“Flinks”, “we”, or “us”) practices related to the collection, use, storage, protection, disclosure, and disposal (collectively referred to as “processing”) of personal information in connection with (i) your use of Flinks’ website and social media pages that link to this Privacy Statement, (ii) your attendance at Flinks’ offices, events, or other sales and marketing activities whether they be initiated online, over the phone, or in-person, and (iii) information relating to employees of service providers who provide business or professional services to Flinks.

This Privacy Statement has been divided into the following sections:

Scope
Types of Personal Information We Process
How We Use Your Personal Information
Consent
Our Use of Marketing Technology and Disclosure of Personal Information
Your Rights
Contacting Flinks’ Privacy Officer
Changes to This Privacy Statement

The aim of this Privacy Statement is to provide clear and concise explanations of what information Flinks collects about you, how Flinks uses it, and with whom Flinks shares such information. As in everything we do, we tried to make this Privacy Statement seamless and user-friendly; however, should you have any questions about it, please let us know at [email protected].

Scope

This Privacy Statement applies to the processing of personal information by Flinks related to:

visitors to Flinks’ website (flinks.com)
visitors to Flinks’ social media pages that refer to this Privacy Statement (e.g., LinkedIn)
clients, prospective clients, and their representatives inquiries about Flinks’ services made to a Flinks representative or made through Flinks’ “Get a Demo” page;
visitors to Flinks’ offices;
individuals who submit a request under the “Your Rights” section of this Privacy Statement;
attendees at Flinks-sponsored events; and
individuals who provide business or other professional services to Flinks.

This Privacy Statement does not apply to the following activities:

Personal information processed by Flinks to provide its Services. In order to provide our services to our clients, we may process your personal information on behalf of our clients as their service provider. If you believe you may be a customer of one of our clients, please refer to Flinks’ Services Privacy Statement for more information.
Personal Information collected about you by our clients. Our clients are responsible for implementing relevant procedures and determining how they process your personal information in order to provide their services to you, including when they use Flinks as part of their services to you. Should you wish to find out more about how one of our clients processes your personal information, we encourage you to visit their website’s privacy policy or statement, or contact their data protection officer.
Personal information you provide to websites not controlled by Flinks. Flinks may provide you with links to our clients’ or partners’ website(s) and/or social media page(s) through our website or social media content. Flinks does not have any control over these websites, or the marketing or other technologies they may deploy on those sites. To the extent such personal information collected through a third party site could be displayed on Flinks’ website, this Privacy Statement will apply to that personal information (e.g., citing a quote made on another website). Should you have any questions related to these websites, please contact Flinks’ Privacy Officer for how Flinks may use such information, or refer to those websites’ respective privacy policies or statements for further information as to how they process your Personal Information.

Types of Personal Information We Process

For the activities listed within the Scope of this Privacy Statement, Flinks processes the following types of Personal Information:

Information from prospective clients, partners, or event attendees. When you submit a form using our ‘Get a Demo’ page, contact one of our sales representatives directly, leave a review, or attend one of our Flinks-sponsored events, we may require from you certain personal information, namely: your first and last names, e-mail address, telephone number, job title and the type of industry you work in.

Flinks may also use a service to record calls or virtual meetings with current and prospective clients and partners for training and note-taking purposes, in which case your voice and/or images may be captured. Such information will not be collected by Flinks without first obtaining each participants’ consent and providing an opportunity to withdraw their consent where applicable laws require such notice.

Information from service providers. In the case of service providers who are providing services to Flinks, Flinks may collect certain information about an employee or employees of the service provider who are engaged in providing the contracted services to Flinks or who are responsible for managing the service provider’s relationship with Flinks. This information includes: the employee’s first and last name, their role, e-mail address, and telephone number.

Information website visitors provide from their devices. When you use one of your devices (e.g., laptop, mobile phone, desktop computer) to browse our website, we receive certain information about your device, including its hardware model, operating system, browser version, IP addresses, and geographic information derived from IP addresses (e.g., country, province or state, city, postal code, longitude and latitude) and other technical information about the device (e.g., device fingerprint) to help us improve our website experience. We also use cookies, or similar tracking technologies to collect usage statistics when interacting with our site (e.g., content areas visited, time spent on page, date and time of the activity), or improve your experience when interacting with our website. For more information related to Flinks’ use of technologies to collect device information, please visit out Cookie Policy for more information.

Information individuals provide when attending Flinks’ offices. If attending Flinks’ Toronto or Montreal offices, Flinks may capture images of you by video recording devices in order to maintain the physical security of Flinks’ offices. Flinks has no control over cameras that may be placed in the common areas of the buildings its offices are located in.

Accuracy of Personal Information

Flinks will do its best to collect personal information directly from you to ensure the accuracy of the personal information we are collecting. Where personal information is held by a third party, we will obtain your consent before seeking such information except for where you have already consented to the sharing of such information with Flinks or your actions have implied that such information may be shared with Flinks. Flinks will take reasonable steps to ensure the accuracy of information received from third parties, and take reasonable steps to ensure that the third party has represented to us that they have the right to disclose your personal information to us.

How We Use Your Personal Information

We may use the personal information we collect for the following purposes:

To operate and maintain our website;
To improve, enhance, modify, add to, and further develop our website and services;
To manage the security of our website and offices, including the investigation of criminal activity or other unauthorized access to our website or offices;
To communicate with, and, where necessary, confirm information provided by prospective and current clients, which includes responding to inquiries, and providing a demo of our services;
To maintain our list of prospective and actual clients, partners, service providers, and their respective representatives’ contact information;
Where phone calls, meetings or e-mails are being recorded, for quality assurance training and record keeping purposes
To respond to data subject requests made pursuant to this Privacy Statement, including verifying the identity of the requestor; and
To enable us to comply with applicable laws and regulations in the jurisdictions Flinks operates in.

Should you require further clarification related to any of the purposes for which Flinks uses personal information it collects, please contact Flinks’ Privacy Officer at [email protected] and upon receiving such a request, our Privacy Officer will reach out to you directly to clarify any of the stated purposes for which personal information is being used.

Consent

While Flinks will make its best efforts to obtain your express consent to collect or otherwise process your personal information. Flinks does not consider personal information collected pursuant to this Privacy Statement to be “sensitive personal information” or any similar wording as defined under applicable privacy legislation that may apply to Flinks. As such, in some cases, your consent may be implied by the actions you take (e.g., reaching out directly to a sales representative requesting a demo). In providing your personal information to us, by any means and whether consent is given explicitly or indirectly, you agree that we may collect, use, disclose or otherwise process your personal information in accordance with this Privacy Statement.

In some circumstances, including but not limited to requests from law enforcement or to protect a Flinks employee or other individual(s) personal safety, Flinks may be required to disclose Personal Information without your consent. In those circumstances, if Flinks believes it is necessary and appropriate in the circumstances to disclose your personal information without consent, Flinks will limit the disclosure only to that information which is necessary to fulfill the request.

Collection of Personal Information from Children

Flinks does not market or target its services towards children (individuals under the age of 16), or any individual for that matter. Flinks is a business-to-business service provider, and as such, Flinks will not knowingly collect or ask for personal information belonging to children. Should a child visit Flinks website or submit a request under ‘Get a Demo’, Flinks will receive certain personal information that may also be shared with our Cookie and Marketing Technology Providers described below. In the event this happens, a parent or guardian may contact Flinks’ privacy officer to have this information removed.

Our Use of Marketing Technologies and Disclosure of Personal Information

We may use and share Information website visitors provide from their devices as defined above, to maintain and improve our website, or to give you a more personalized browsing experience on our website. We do this through the use of cookies and other marketing technologiesprovided to us through third parties. Unless you have adjusted your browser settings, cookies may be issued when you visit our site. Please review our Cookie Policy for more information related to our use of Cookies and Other Marketing Technologies.

If you choose to share our digital content through social networks, such as Facebook, Twitter or LinkedIn, watch one of our videos posted to a third-party media site, or leave a review of Flinks a review website, you may be sent cookies from these third-party websites. We do not control the settings of these marketing technologies and cannot verify the content of the data transmitted to the social networks Flinks uses, or how each of them uses such data. Please consult those websites’ privacy policies to learn how you may modify your account settings to manage their cookies and similar technologies.

Flinks does not share any other personal information covered by this Privacy Statement unless otherwise directed by you in the provision of our services.

Our Use of Marketing Technologies and Disclosure of Personal Information

Who We Share Your Information With

Under this Privacy Statement, Flinks will share certain types of personal information with the following types service providers:

Types of Personal Information	Category of Service Provider
Information covered by Flinks’ Cookie Policy	Cookies and Other Marketing Technologies
Voice and / or Video Recordings with current clients or prospects	Meeting Recording
E-mails which may contain personal information other than business contact information	Customer or Service Ticket Management Platforms

Flinks does not sell or obtain any monetary consideration in exchange for the personal information it shares under this Privacy Statement.

U.S. State Privacy Notice

Flinks is continuously working to improve its practices to comply with its obligations under applicable state laws, and will update our practices and notices as new laws are introduced, current laws are amended, or regulations are released.

If you are a resident of the United States, we will process your personal information in accordance with the state laws applicable to you. To learn more about your rights under applicable state laws, as well as the categories of personal information we collect, use, and share that we are required to identify under the California Consumer Privacy Act (“CCPA”) and other applicable state laws, as well, please see our U.S. State Privacy Notice

Your Rights

Depending on where you reside, you may be entitled to exercise certain rights with respect to your personal information under this Privacy Statement. At Flinks, we want everyone who interacts with Flinks’ website and employees to have equal privacy rights, and that’s why no matter where you reside, we will use our best efforts to afford you the same rights as others, even where we aren’t required to.

If you have, or believe you have provided Flinks with Personal information subject to this Privacy Statement, you have certain rights that you are entitled to:

Access Your Personal Information. Where Flinks has collected Personal Information pursuant to this Privacy Statement, you have the right to access the records Flinks holds containing your Personal Information. When making a request to access records containing your Personal Information, please indicate either the specific records you are requesting access to, or if not known, the general type(s) of records your Personal Information may be contained in. Once your request has been received, Flinks will provide those records in a standard format that is readable on most devices (e.g., .pdf, .docx, .csv).
Should you request physical copies or transcription of any records, Flinks reserves the right to charge a reasonable fee to cover the costs associated with printing or transcribing the records, and any shipping fees associated with the delivery of those records. Flinks will indicate the cost of such fees, and obtain your approval prior to the processing of any such request.

Correct Your Personal Information. If you believe Flinks holds inaccurate or out-of-date Personal Information related to you and you would like Flinks to update its records, then you have the right to request correction of those records. When making a request for Flinks to correct your Personal Information, please indicate the information you are requesting correction of, and the correct information that will be updated.

Withdrawing Your Consent (i.e. “opting out”). Should you choose to withdraw your consent that permits Flinks to process your Personal Information, please indicate for which purpose(s) you wish Flinks to stop Processing your Personal Information (e.g., for a particular purpose, or for all purposes). Prior to fulfilling your request, we may inform you of any consequences that withdrawing your consent may have in relation to receiving services pursuant to this Privacy Statement.
Please note that withdrawing your consent is not the same as requesting that Flinks delete any Personal Information, and Flinks may continue to hold your Personal Information pursuant to any business (e.g., retention) or legal requirements where deletion has not also been requested.

Delete Your Personal Information. While not required by law everywhere, Flinks lets individuals, regardless of where they reside, have the option to request that Flinks delete their Personal Information permanently. If you no longer want Flinks to hold Personal Information related to you that is subject to this Privacy Statement, please indicate the specific records, or the types of records containing your personal information you would like Flinks to delete and Flinks will destroy those records subject to any legal or regulatory obligations that might prevent such destruction.

Make a Complaint. In the event you believe Flinks has collected, used, disclosed, or taken any other action(s) in regard to your Personal Information that you believe may not comply with this Privacy Statement or with applicable privacy legislation, then you are entitled to make a complaint to a regulatory authority (e.g., Office of the Privacy Commissioner of Canada, Commission d’Accès à l’Information du Quebec). If you choose to, you may first contact Flinks’ Privacy Officer with the details of your complaint to inform Flinks of such activities in an effort to resolve the issue. Flinks’ Privacy Officer may contact you with a proposed resolution, and if you are not satisfied with the proposed resolution, then you are still entitled to file a formal complaint with the relevant regulatory body. When a request is received, Flinks’ Privacy Officer may request certain information from you (e.g. name, e-mail address or other information Flinks would already have on file related to you), as well as proof of identification (e.g., drivers’ license or other government issued identification card) in order to verify your identity before processing your request. In the event Flinks receives a request from a parent or guardian on behalf of an individual, Flinks may also ask for further information to prove the relationship before processing the request. For any request received, Flinks’ Privacy Officer will respond to your e-mail within 30 days of your request being received, and if an extension is required to respond to or facilitate your request, Flinks’ Privacy Officer will inform you of such an extension and the reasons for it nevertheless within the first 30 days. Flinks reserves the right to refuse to address requests, questions, or complaints if, in the opinion of Flinks’ Privacy Officer, such request, question, or complaint is vexatious, unfounded, or repetitive in nature.

Make a Request or Contact Flinks’ Privacy Officer

For any of Your Rights listed above, or any other inquiries related to this Privacy Statement or other privacy-related inquiries related to Flinks or its services, please direct all inquiries to Flinks’ Privacy Officer at [email protected].

If you wish to exercise “Your Rights” associated with you having linked your bank account with one of our clients’ services, please refer to our Services Privacy Statement before contacting Flinks’ Privacy Officer.

Updates To This Policy

This General Privacy Statement was last updated on September 22, 2022. From time to time, Flinks may update this General Privacy Statement to reflect changes to Flinks’ services or purposes for which Flinks processes personal information, or to comply with new legal requirements.

Whenever Flinks makes an update to this Privacy Statement, Flinks will update its website to provide notice that changes have occurred, and direct individuals to the updated version.

Services Privacy Statement

Table of Contents

About this Privacy Statement
Scope
Types of Personal Information We Process
Consent
How We Use Your Personal Information
Who We Share Your Personal Information With
Our Use of Service Providers
Your Rights and Making a Data Subject Request
Contact Flinks’ Privacy Officer
Updates To This Policy

About this Privacy Statement

Flinks allows you to share your bank account details and transaction history, among other financial information, in order to receive financial or other related goods and services from our clients. This Privacy Statement provides information as to Flinks and its affiliates’ (“Flinks”, “we”, or “us”) practices as it relates to the collection, use, disclosure, storage, or destruction (collectively referred to as “process” or “processing”) of personal information (i.e., identifiable information about you) Flinks receives in connection with your use of any of our clients’ services that use Flinks.

This Privacy Statement has been divided into the following sections to explain:

Scope
Types of Personal Information We Process
Consent
How We Use Your Personal Information
Who We Share Your Personal Information With
Our Use of Service Providers
Your Rights and Making a Data Subject Request
Contacting Flinks’ Privacy Officer
Changes to This Privacy Statement

Scope

This Privacy Statement applies to the processing of personal information by Flinks when you connect your bank or other financial account, using Flinks, with our clients’ services.

The Flinks Services Privacy Statement applies to the following services:

Flinks Connectivity, (also referred to as “Aggregation” or “Connect”);
Flinks Enrichment (also referred to as “Enrich” or “Attributes”); and
Flinks Outbound
Flinks Pay

This Privacy Statement does not apply to the following activities:

Personal Information subject to Flinks’ General Privacy Policy. If you are a visitor to Flinks’ website, a service provider to Flinks, an actual or prospective client, an attendee at one of Flinks’ events, or have attended Flinks’ offices, the General Privacy Statement is where you will find information related to Flinks’ practices with respect to the processing of your Personal Information.
Personal Information collected about you by our clients. Our clients are responsible for implementing relevant procedures and determining how they process your personal information in order to provide their services, including how they use Flinks. Should you wish to find out more about how our clients process your personal information, or to understand what other personal information they have in their possession related to you, we encourage you to visit their website or contact their data protection officer directly.
Personal Information you provide to websites or services not controlled by Flinks. Flinks may provide you with links to our clients’ website(s) or social media page(s) Flinks uses through our website. Flinks does not have any control over these websites, or the marketing or other technologies such websites may deploy. Should you have any questions related to these websites, please contact Flinks’ Privacy Officer for how Flinks may use such information, or refer to such websites’ respective privacy policies for how they process your personal information.

Types of Personal Information We Process

Flinks processes the following types of personal information when it provides its services to its clients:

Information you provide through Connectivity. When you connect your financial account(s), you will provide your login information required by your financial institution to access your account. Typically, this consists of a username and password, but it could also include answers to challenge questions (e.g., a family member’s name or maiden name, street you grew up on), or a security token (e.g., multi-factor authentication code or one-time pad (OTP)). Information you provide may also consist of digital copies of bank statements, cheques, or other financial documents where you are sharing these types of documents through Flinks Connectivity with one of our clients.

Information obtained from your financial institution. When Flinks connects to your financial account for the purposes of our clients’ services, we retrieve information from such financial institution that maintains the account(s). The information we retrieve may vary depending on:

The information required by our client in order to power their service; and
The information made available by your financial institution.

Regardless of the types of information our clients require, the types of information we collect from your financial institutions will include, without limitation:

Account information (e.g., financial institution name, account name, account type, and account and routing number);
Information about an account balance (e.g., current and available balance);
Information about credit accounts, (e.g., statement due dates and balances owed, payment amounts and dates, transaction history, and interest);
Information about loan accounts (e.g., including due dates, balances, payment amounts and dates, interest, loan type, payment plan, and term);
Information about the account owner(s) (e.g., name, email address, phone number, and address information); and
Information about account transactions (e.g., amount, date, type, and a description of the transaction).

Information from your payroll or paystub provider. In addition to the ability to connect to your financial institution through our Connectivity Service, Flinks also has the ability to connect to your payroll or paystub provider. This allows Flinks to provide its clients with an up-to-date picture of your sources of income in addition to what is available from your financial institution.

Information you provide through Flinks Pay. Whether accepting an Interac e-Transfer Request for Money or entering into a pre-authorized debit (PAD) agreement with one of our clients for electronic fund transfers (EFTs), you will be required to provide certain information, namely:

For Interac e-Transfers: your name and e-mail address.
For EFTs: Your name, address, e-mail address, bank account number, routing number, institution number, and transit number.

This information may be collected directly by our clients, or for EFTs, through our Connectivity Service to help populate a PAD agreement and signing an electronic or paper copy of the PAD agreement.

Information from your devices. Our technology is integrated as part of our clients’ services. Thus, when you use one of your devices to connect with a client service, we may receive information about this device, including without limitation the IP address, hardware model, operating system, and other technical information about the device. We may also use cookies or similar tracking technologies to collect usage statistics and to help us improve our services.

Consent

As a service provider to our clients, Flinks has no direct relationship with you, the end-customer. As such, our clients are responsible for obtaining the necessary consent(s) from you to process your personal information for the purposes associated with providing you with their goods or services, including your consent that authorizes Flinks to (i) collect Information you provide and (ii) collect and share Information from your financial institution with our clients, and (iii) collect and share Information you provide through Flinks Pay. Flinks does have a consent screen available to clients through Flinks’ Connectivity service that takes steps ensure you understand who Flinks is and how we process your personal information. For further information as to why you have been directed to Flinks, and for what purposes the personal information Flinks receives and provides to its clients will be used for, please refer to the privacy practices and policies of the business who uses our services.

Collection of Personal Information of Children

Flinks does not market or target its services towards children (individuals under the age of 16), or any individual for that matter. Flinks is a business-to-business service provider, and as such, Flinks will not knowingly collect or ask for personal information belonging to children. Should a child connect a financial account with one of the services of Flinks’ clients, Flinks relies on the steps taken by its clients to ensure that the proper consent(s) are obtained from a parent or guardian, as Flinks will have no direct customer relationship with the child.

How We Use Your Personal Information

When we receive personal information from you, or from your financial institution related to you, we use your information for the following purposes:

To operate, provide, and maintain our services;
To improve, enhance, modify, add to, and further develop our existing services;
To protect you, our clients’ services, and Flinks from actual or potential fraud, malicious activity, and other privacy and security-related concerns;
To provide support to our developers;
To respond to your inquiries related to this Services Privacy Statement, should you make a request under Your Rights;
To investigate any misuse of our service or our clients’ service(s), including violations of our security policies, criminal activity, or other unauthorized accesses.

Where our clients use Flinks’ Enrichment service, we will also use your personal information to derive certain insights or make certain inferences related to your financial position. Through our Enrichment product, Flinks is able to derive insights and inferences from the Information from your financial institution in order to help our clients in gaining insights into things such as:

Fraud detection;
Credit risk analysis based on sources of income and transaction history;
Ability to pay a loan based on sources of income and transaction history;
Customer segmentation based on attributes selected by the client;
Insights into an individual’s overall account information (e.g., monthly income, monthly spend, account age, days with a negative balance, unusual transactions)

These insights only apply to those clients who use Enrichment. If you are uncertain whether or not the service that directed you to Flinks uses Enrichment, please reach out to the company whose services you used that uses Flinks, or refer to their privacy policy to understand how they may be using Enrichment.

Who We Share your Personal Information With

When you use Flinks’ Connectivity service to share your financial information with our clients (i.e., the organization with whom you have a direct relationship with that uses Flinks), depending on the type of connection that needs to be made with your financial institution, you may be providing Flinks with your account credentials to access your bank account.

As a starting point, your credentials are never shared. With anyone.

Due to the sensitive nature of the Information you provide and Information obtained from your financial institution, Flinks does not share any of your personal information with anyone other than our client whose service(s) you are using and have authorized to receive your financial information, with our service providers for the purposes of providing our clients with our services (as outlined in Our Use of Service Providers below), and as required or permitted by law (e.g., in the event Flinks must comply with a court order or is required to disclose information to protect an individual from serious or life threatening harm). In the event a part of Flinks, or all of Flinks is acquired or merged with another business, the license(s) or ownership associated with the services we use to process your personal and financial information, and any other such information Flinks processes, may be transferred to the new entity.

For Flinks Pay, Flinks will share the Information you provide through Flinks Pay with the following organizations for the purpose(s) listed:

Organization	Purpose(s)
Peoples Group	Facilitating money transfers between your financial institution and Flinks’ deposit account, and/or the bank account of our client.
Interac	Facilitating Interac e-Transfers.
ComplyAdvantage	Fraud Detection; and Know Your Business (KYB) / Know Your Client (KYC) checks.
Flinks’ Third Party Auditors	Review of suspicious transactions; and Audit of policies and procedures related to Flinks Pay, including KYB/KYC practices.

Where Flinks has reason to believe that a suspicious or illegal transaction has occurred through Flinks Pay that may violate the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Canada) or other applicable law(s), Flinks will report information about you and any associated transaction(s) to the Financial Transactions and Reports Analysis Centre of Canada (“FINTRAC”) and any other law enforcement or regulatory body as required, as well as Flinks’ parent company, National Bank of Canada (“National Bank”) as part of Flinks’ ongoing risk management and reporting obligations to National Bank.

Our Use of Service Providers

We will store the Information you provide and Information obtained from your financial institution for as long as it is necessary to provide our clients with our services. Depending on our clients’ use case(s) for Flinks’ services, the duration for which we store your personal information may vary.

Flinks uses industry leading service providers to process your personal information (also sometimes referred to as “subprocessors”). At no point will these service providers exercise any control over how personal information is used. With all of our service providers, contractual provisions and technical measures are in place to ensure that, among other things, your personal information is stored in secure environments, that the confidentiality of your personal information is maintained, and that no employees of our service providers may access the environments containing your personal information except with the express authorization from Flinks for the purposes of carrying out maintenance or support and under confidentiality terms equal to the confidentiality terms Flinks has entered into with its clients. Flinks uses the following categories of service providers in the provision of its services:

Cloud-based infrastructure for the development and hosting of Flinks’ services and personal information;
Cloud-based identity management; and
Service providers that provide optical character recognition and document processing capabilities as part of Flinks Connect;
Other data aggregators who provide similar services to Flinks, who provide redundancies in the event of an outage, or access to financial institutions or data Flinks may not have connectivity with.

For residents of the Province of Québec, this may mean that your personal information is stored in data centres located outside of the province. Should you wish to learn more about the service providers we use, please contact Flinks’ Privacy Officer.

To learn more about how we store and protect your personal information, please visit our Security page.

Your Rights and Making a Data Subject Request

Depending on where you reside, you may be entitled to exercise certain rights with respect to your personal and financial information. At Flinks, we want all of our clients’ customers to have equal privacy rights, and that’s why no matter where you reside, we will use our best efforts to afford you the same rights as others, even where we aren’t required to.

Specifically, Flinks recognizes that individuals have the following privacy rights:

To Access Your Personal Information. Where Flinks has collected personal information pursuant to this Privacy Statement, you have the right to access the records Flinks holds containing your personal information.
To Correct Your Personal Information. If you believe Flinks holds inaccurate or out-of-date personal information related to you and you would like Flinks to update its records, then you have the right to request correction of those records.
To Withdraw Your Consent (otherwise known as “Opting-Out”). Should you choose to withdraw your consent that permits Flinks to process your personal information, please indicate for which purpose(s) you wish Flinks to stop Processing your personal information (e.g., for a particular purpose, or for all purposes). Prior to fulfilling your request, we may inform you of any consequences that withdrawing your consent may have in relation to receiving services pursuant to this Privacy Statement.
Please note that withdrawing your consent is not the same as requesting that Flinks delete any personal information, and Flinks may continue to hold your personal information pursuant to any business (e.g., retention) or legal requirements where deletion has not also been requested.

To Delete Your Personal Information. If you no longer want Flinks to hold personal information related to you that is subject to this Privacy Statement, please indicate the specific records, or the types of records containing your personal information you would like Flinks to delete and Flinks will destroy those records subject to any legal or regulatory obligations that might prevent such destruction permanently.
To Make a Complaint. In the event you believe Flinks has collected, used, disclosed, or taken any other action(s) in regards to your personal information that you believe may not comply with this Privacy Statement or otherwise with applicable privacy legislation, then you are entitled to make a complaint to a regulatory authority (e.g., Office of the Privacy Commissioner of Canada, Commission d’accès à l’information du Québec). You may first contact Flinks’ Privacy Officer with the details of your complaint to inform Flinks of such activities, and potentially resolve the issue. Flinks’ Privacy Officer may contact you with a proposed resolution, and if you are not satisfied with the proposed resolution and there is no alternative from Flinks’ perspective, then you are still entitled to file a formal complaint with the relevant regulatory body.

Because Flinks has no direct relationship with you in providing our Services to our clients, we ask that you direct your request(s) that are related to Flinks’ processing of your personal information to the client with whom you have connected your financial account with. In your request to them, please be sure to copy Flinks’ Privacy Officer on your e-mail ([email protected]) and indicate:

that you would like your request to be directed to the information Flinks processed on behalf of the company;
the right(s) you wish to exercise; and
if applicable, the specifics of your request (e.g., the records you are requesting access to, or the purposes for which you are withdrawing your consent).

If you are unsure of who to contact in order to make your request, please reach out to Flinks’ Privacy Officer and they will be able to assist you in facilitating your request.

You may be asked by our client to verify your identity by answering some questions (e.g. name, e-mail address registered with client, or other identifying information). Flinks may also request that your identity first be verified before processing your request. In the event Flinks receives a request from a parent or guardian on behalf of an individual, Flinks or our clients may also ask for further information to prove the relationship before facilitating the request.

Our clients have the capability to fulfill any of your requests as it relates to Your Rights and the personal information processed by Flinks through our services. Where our clients require assistance in fulfilling any request, we will provide the necessary assistance to fulfill your request. While our clients are responsible for facilitating your requests, Flinks’ Privacy Officer will nonetheless endeavour to assist in making sure your request is processed within 30 days of your request being received and may notify you once your request has been completed. If an extension is required to respond to or facilitate your request, Flinks’ Privacy Officer or the organization using Flinks’ services will inform you of such an extension and the reasons for it nevertheless within the first 30 days.

Flinks reserves the right to refuse to address requests, questions, or complaints if, in the opinion of Flinks’ Privacy Officer, such request, question, or complaint is vexatious, unfounded, or repetitive in nature.

Contact Flinks’ Privacy Officer

Updates To This Policy

This Services Privacy Policy was last updated on April 19, 2024. From time to time, Flinks may update this Services Privacy Policy to reflect changes to Flinks’ services or purposes for which Flinks processes personal information, or to comply with new legal requirements.

Whenever Flinks makes an update to this Policy, Flinks will update its website to provide notice that changes have occurred, and direct individuals to the updated Services Privacy Statement.

Flinks Cookie Policy

Cookies are small text files that will be stored on your computer or device when you visit Flinks’ website. Flinks uses cookies to remember you and your preferences and help us understand how you engage with our website.

We collect data through the use of cookies, marketing pixels, and tags (collectively referred to as “Cookies”) When you interact with our website, we will receive technical information such as your internet protocol (“IP”) address (including the approximate geographic location of that IP address), your computer’s operating system and browser type, the address of a referring website, if any, and the path you take through our web site. Some of this information on its own or in combination, may be considered personal information in certain jurisdictions.

Flinks only collects information necessary to help Flinks personalize your browsing experience while browsing the Flinks website, or to generate statistical data regarding how individuals are interacting with the Flinks website or its advertisements to help inform marketing initiatives.

Use of Cookies

Flinks uses four categories of Cookies: (1) ‘Necessary’ cookies which are required for the functioning and security of the website; (2) ‘Analytic’ cookies used to understand how individuals interact with Flinks’ website; (3) ‘Functional’ cookies that perform certain functions on Flinks’ website (e.g., enabling the sharing content on social media, leaving reviews); or (4) ‘Advertising’ cookies used to provide relevant ads and marketing campaigns and track activity across websites to provide relevant ads.

Cross-Platform Advertising and Third-Party Cookies

Flinks also uses Cookies provided by third-parties (e.g., LinkedIn). The privacy practices of these platforms are governed by separate terms, conditions and policies for which Flinks is not responsible and has no control over. These Cookies operate in different ways but are used in connection with Flinks’ advertising and marketing campaigns on its websites, as well as campaigns on Flinks-operated page(s) on those third-party platforms. Should you wish to obtain more information on these Cookies, you should review these platforms terms, conditions and policies, where you will find more details on how information about you is used on their platforms and how you can set your privacy preferences.

Cookies We Use

The table below represents the complete list of Cookies Flinks uses:

Cookie Name	Provider	Description	Type
__gsas	google.com	Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.	Analytic / Advertising
__gpi	google.com	Collects information on user behaviour on multiple websites. This information is used in order to optimize the relevance of advertisement on the website.	Analytic / Advertising
__gpi_optout	google.com	This information collected from __gpi is used to deliver advertisements on the website.	Analytics / Advertising
NID	google.com	These cookies are used to remember your preferences and other information, such as your preferred language, how many results you prefer to have shown on a search results page (for example, 10 or 20), and whether you want to have Google’s SafeSearch filter turned on.	Functional
DSID	doubleclick.net	Used to store user preferences.	Functional
test_cookie	doubleclick.net	Used to check if the user’s browser supports cookies.	Functional
id	doubleclick.net	Used to provide ad delivery or retargeting.	Advertising
__gads	google.com	Used to provide ad delivery or retargeting.	Advertising
GED_PLAYLIST_ACTIVITY	google.com	Used to measure session activity for ad formats.	Analytic / Advertising
ACLK_DATA	youtube.com	Used to ensure that you can watch YouTube videos on our website. These cookies contain anonymous information to measure the behavior of YouTube users.	Functional / Analytic
pm_sess	doubleclick.net, google.com	Used to ensure that requests within a browsing session are made by the user, and not by other sites.	Necessary / Functional
pm_sess_NNN	doubleclick.net, google.com	Used to ensure that requests within a browsing session are made by the user, and not by other sites.	Necessary / Functional
aboutads_sessNNN	doubleclick.net, google.com	Used to track conversions from ads in Google search and on the Google Display network, as well as retargeting. The retargeting is anonymous targeting of ads across the Google display network.	Analytics / Advertising
FPAU	google.com	Assigns a specific ID to the visitor. This allows the website to determine the number of specific user-visits for analysis and statistics.	Analytics
ANID	google.com	Used to show Google ads on non-Google sites.	Functional
AID	google.com/ads, google.com/ads/measurement, googleadservices.com	Used to track your activity across devices, to coordinate ads and measure conversion events.	Functional / Analytics / Advertising
IDE	doubleclick.net	Used to provide ad delivery or retargeting.	Advertising
TAID	google.com/ads, google.com/ads/measurement, googleadservices.com	Used to track your activity across devices, to coordinate ads and measure conversion events.	Functional / Analytics / Advertising
FPGCLDC	google.com	Used to help advertisers determine how many times users who click on their ads end up taking an action on their site.	Analytics
_gcl_dc	google.com	Used by the conversion linker for click information	Analytics
_gcl_au	google.com	Used by Google AdSense for experimenting with advertisement efficiency	Advertising
FLC	doubleclick.net	Used to store the user’s actions on the site after having viewed an advert or having clicked on the advert.	Analytics
RUL	doubleclick.net	Used to determine whether website advertisements have been properly displayed.	Functional / Advertising
FCCDCF	google.com	Used to manage privacy choices, monetize content, and communicate with users to gather consent where applicable laws apply.	Functional
FCNEC	google.com	Used for analytics purposes associated with FCCDCF.	Analytics
FPGCLAW	google.com	Contains campaign related information on the user	Analytics / Advertising
FPGCLGB	google.com	Contains campaign related information on the user	Analytics / Advertising
_gcl_gb	google.com	Contains campaign related information on the user	Analytics / Advertising
_gac_gb_<wpid>	google.com	Contains campaign related information on the user	Analytics / Advertising
_gcl_aw	google.com	Contains campaign related information on the user.	Analytics / Advertising
1P_JAR	google.com and local variations, e.g. google.de	Contains campaign related information on the user	Analytics / Advertising
Conversion	www.googleadservices.com/pagead/conversion/	Contains campaign related information on the user	Analytics / Advertising
YSC	youtube.com	Contains campaign related information on the user	Analytics / Advertising
VISITOR_INFO1_LIVE	youtube.com	Used to provide bandwidth estimations	Functional
VISITOR_INFO1_LIVE__k	youtube.com	Used to provide bandwidth estimations	Functional
VISITOR_INFO1_LIVE__default	youtube.com	Used to provide bandwidth estimations	Functional
FPLC	google.com	Registers a unique ID that is used to generate statistical data on how the visitor uses the website, derived from a hashed value from the FPID cookie.	Analytics
_ga	google.com	Used to distinguish users	Functional / Necessary
_gac_<wpid>	google.com	Contains campaign related information for the user.	Functional / Analytics
_gid	google.com	Used to distinguish users	Functional / Necessary
_ga_<container-id>	google.com	Used to persist session state	Functional / Necessary
_gac_gb_<container-id>	google.com	Contains campaign related information.	Functional
_gat[_<customname>]	google.com	Used to throttle request rate.	Functional / Necessary
__utma	google.com	Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exist . The cookie is updated every time data is sent to Google Analytics.	Functional / Necessary
__utmb	google.com	Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exist . The cookie is updated every time data is sent to Google Analytics.	Analytics
__utmc	google.com	Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.	Functional / Analytics
__utmt	google.com	Used to throttle request rate.	Functional / Necessary
__utmz	google.com	Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.	Functional / Analytics
__utmv	google.com	Used to store visitor-level custom variable data. This cookie is created when a developer uses the setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.	Analytics
__utmx	google.com	Used to determine a user’s inclusion in an experiment.	Functional / Analytics
__utmxx	google.com	Used to determine the expiry of experiments a user has been included in.	Functional / Analytics
AMP_TOKEN	google.com	Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.	Functional
FPID	google.com	Registers statistical data on users’ behaviour on the website. Used for internal analytics by the website operator.	Analytics
GA_OPT_OUT	google-analytics.com	Shows if the user deactivated Google Analytics	Functional / Analytics
_ga_<wpid>	google.com	Used to store and count pageviews.	Analytics
_dc_gtm_<property-id>	google.com	This cookie is related to the _gat cookie. The _gat cookie pattern is used to throttle the request rate; if Google Analytics is deployed via Google Tag Manager, the cookie root changes to _dc_gtm_.	Necessary / Functional
_gaexp	google.com	Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in.	Functional / Analytics
_gaexp_rc	google.com	This cookie is set by Google Analytics and is used to determine a user’s inclusion in an experiment and the expiry of experiments that a user has been included in.	Functional / Analytics
_opt_awcid	google.com	Used for campaigns mapped to Google Ads Customer IDs.	Advertising
_opt_awmid	google.com	Used for campaigns mapped to Google Ads Campaign IDs.	Advertising
_opt_awgid	google.com	Used for campaigns mapped to Google Ads Ad Group IDs	Advertising
_opt_awkid	google.com	Used for campaigns mapped to Google Ads Criterion IDs	Advertising
_opt_utmc	google.com	Stores the last utm_campaign query parameter.	Advertising
_gcl_gf	google.com	Shares anonymised booking details with Google Flights when customers have been referred to our platforms by Google Flights. It uses first and third-party cookies that allows Google Flights to connect a booking to a previous session on their website.	Advertising
_gcl_ha	google.com	Used to track the origin of the user in order to be able to attribute Google Hotel Ads for any transaction resulting from a reservation.	Analytics / Advertising
PAIDCONTENT	doubleclick.net	Advertising cookies used by Google services via Google reCAPTCHA to track visitor behaviour (e.g., history of pages viewed, links opened, advertising seen before visiting our website, history from other devices) and provide targeted advertising	Analytics / Advertising
_opt_expid	google.com	This cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that’s being redirected.
test_cookie	doubleclick.net	Used to determine if the user’s browser supports cookies.	Advertising
__cf_bm	hubspot.com	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management to help prevent malicious activity associated with botnets from being directed towards Flinks’ website.	Necessaryß
UserMatchHistory	linkedin.com	LinkedIn sets this cookie to help measure advertising performance.	Functional
lang	ads.linkedin.com	LinkedIn sets this cookie to remember a user’s language setting.	Functional
bcookie	linkedin.com	LinkedIn sets this cookie to identify a browser ID through the share buttons on LinkedIn.	Functional
lidc	linkedin.com	LinkedIn sets the lidc cookie to facilitate data center selection.	Functional
lang	linkedin.com	LinkedIn sets this cookie to remember a user’s language setting.	Functional
bscookie	linkedin.com	LinkedIn sets this cookie to remember which users have logged in using multi-factor authentication.	Functional
__hs_opt_out	hubspot.com	Used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again.	Necessary
__hs_do_not_track	hubspot.com	Can be set to prevent the tracking code from sending any information to HubSpot.	Necessary
__hs_initial_opt_in	hubspot.com	Used to prevent the banner from always displaying when a visitor visits in strict mode.	Necessary
__hs_cookie_cat_pref	hubspot.com	This cookie is used to record the categories a visitor consented to.	Necessary
hs_ab_test	hubspot.com	This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before.	Necessary
<id>_key	hubspot.com	When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again.	Necessary
hs-messages-is-open	hubspot.com	Determine and save whether the chat widget is open for future visits.	Necessary
hs-messages-hide-welcome-message	hubspot.com	Prevents chat widget message from appearing one day after it is dismissed.	Necessary
__hsmem	hubspot.com	Set whenever a visitor logs into a HubSpot-hosted site.	Necessary
Hs-membership-csrf	hubspot.com	Prevents content membership logins from being forged	Necessary
hs_langswitcher_choice	hubspot.com	Save s a visitor’s selected language choice	Necessary
__cfruid	hubspot.com	Set by Hubspot’s CDN provider due to their rate limiting policies.	Necessary
__cf_bm	hubspot.com	Set by Hubspot’s CDN provider that is necessary for bot protection.	Necessary
_hstc	hubspot.com	Visitor tracking cookie that contains utk, initial timestamp of first visit, last timestamp, current timestamp, and session number	Necessary
hubspotutk	hubspot.com	Keeps track of a visitor’s identity and passed to Hubspot on form submission and used when duplicating contacts.	Necessary
__hssc	hubspot.com	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.	Necessary
__hssrc	hubspot.com	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.	Necessary
wp-wpml_current_language	flinks.com	This cookie stores the current language setting.	Other
_dc_gtm_UA-83575816-1	.flinks.com	This cookie is used to associate and track the performance of Google ad campaigns, which are then consumed by doubleclick.net.	Other
AnalyticsSyncHistory	.linkedin.com	This cookie is used to measure the performance of page content.	Other
li_gc	.linkedin.com	This cookie is used to store the consent of guests for cookies that have a non-essential purpose.	Other

Flinks does not share any other personal information covered by this Privacy Statement unless otherwise directed by you in the provision of our services.

Blocking or Withdrawing Consent to Use Cookies

At any point in time, you may block Flinks’ use of cookies through the settings in your browser, or other third-party browser plugins. Should you choose to withdraw your consent to Flinks’ use of Cookies, some aspects of Flinks’ website may not function as intended or as you may have previously experienced.

In order to exercise your right to withdraw your consent or opt-out of Flinks’ use of Cookies, please send your request to Flinks’ Privacy Officer at [email protected].

U.S. State Privacy

Overview

Within the United States, states are gradually adopting privacy legislation to provide rights to consumers as it relates to their personal information. These laws require organizations to be more transparent about how they collect, use, disclose, store, or manipulate (collectively “process” or “processing”) your personal information, and require organizations to implement processes and controls to ensure accountability for the processing activities established within their organization.

As a service provider to our clients, Flinks’ role in any processing of personal information is governed by our agreements with our clients, and in accordance with the state laws in which processing activities take place.

This Privacy Notice serves to provide you with the information we are required to share under the following state laws currently in force:

California Consumer Privacy Act (“CCPA”)	California Privacy Rights Act (“CPRA”)
Virginia Consumer Data Protection Act	Colorado Privacy Act
Connecticut Data Privacy Act	Utah Consumer Privacy Act

Flinks is always working to improve our compliance with these laws, and we will update our internal practices and this Privacy Notice notice as these laws are updated, new state laws come into effect, or regulations are released or updated.

Categories of Personal Information We Process

One of the fundamental rights you have is the right to know what personal information Flinks collects about you, how we use and share it, and for what purposes. In our General Privacy Statement, Services Privacy Statement, and Cookie Policy, Flinks has specifically identified the types of personal information it collects as applicable under those documents. Notwithstanding that, the CCPA specifically requires organizations to identify defined categories of personal information they collect, use, and share, for what purpose(s), and the types of organizations they share such information with.

The list below identifies, for each of Flinks’ Privacy Statements, those categories of personal information we collect and use, the source(s) of that information, the categories of organizations we share that information (i.e., our service providers), and for what purpose(s) we process such information.

General Privacy Statement

As you interact with Flinks’ website, communicate with its employees, visit Flinks’ offices, or attend a marketing event or conference which Flinks is in attendance at, Flinks may process the following categories of personal information:

Identifiers (Name and contact data)
- Source(s) of personal information: Directly from individuals through Flinks’ “Get A Demo”; through in-person marketing events; from a third-party referral; directly from individuals through e-mail correspondences with a Flinks employee.
- Purpose(s) of Processing: Sell or market our services; Provide our products; respond to client inquiries; and responding to privacy-related inquiries.
- Recipient(s): Customer relationship management platform(s) and Flinks’ ticketing service provider.
Identifiers (IP Address), Internet or other electronic network activity information (Interactions with Website), and Geolocation data
- Source(s) of personal information: Directly from individuals’ devices being used to interact with Flinks’ website.
- Purpose(s) of Processing: Improve website experience and functions; troubleshoot issues reported with website.
- Recipient(s): Service providers that host Flinks’ website and data.
Audio, electronic, and visual recordings
- Source(s) of personal information: Directly from individuals attending a virtual meeting with a Flinks employee; security cameras in Flinks offices.
- Purpose(s) of Processing: Sales training, meeting record keeping, customer relationship management; security of Flinks’ offices.
- Recipient(s): Web conferencing service provider and office
Commercial information (Feedback and Personal Views of Flinks’ Services)
- Source(s) of personal information: Submissions from individuals via a software review sites Flinks subscribes to.
- Purpose(s) of Processing: Provide our products; product improvement; product development; customer support.
- Recipient(s): Service providers and user-directed entities.

For more information about the privacy-related aspects of how Flinks processes the categories of personal information listed above, please refer to our General Privacy Statement and Cookie Policy.

Services Privacy Statement

Because of the nature of Flinks’ services, and the types of data we process in the provision of our services to our clients, Flinks considers all of the personal information we process to be considered “sensitive data” under applicable state privacy laws. The types of sensitive data Flinks processes in the course of providing its services consists of:

Customer record information (Financial account, financial institution login credentials, debit card or credit card number(s), transaction history, equity holdings)
- Source(s) of personal information: An individual’s financial institution or payroll or paystub provider.
- Purpose(s) of Processing: Provide our products; product improvement; product development; customer support.
- Recipient(s): Service providers that host our services infrastructure, and our clients who have received permission to obtain such data.
Identifiers (Name, address, date of birth and contact data)
- Source(s) of personal information: An individual’s financial institution.
- Purpose(s) of Processing: Provide our products; product improvement; product development; customer support.
- Recipient(s): Service providers that host our services infrastructure, and our clients who have received permission to obtain such data.
Inferences (Credit risk, loan repayment, income and balance insights, fraud detection)
- Source(s) of personal information: Insights derived from the information obtained from an individual’s financial institution or payroll or paystub provider.
- Purpose(s) of Processing: Provide our products; product improvement; product development; customer support.
- Recipient(s): Service providers that host our services infrastructure, and our clients who have received permission to obtain such data.

For more information about the privacy-related aspects of how Flinks provides its services, please refer to our Services Privacy Statement.

Confidentiality, Security, and Your Personal Information

You have the right to know with whom we share your personal information. Under our General Privacy Statement and Cookie Policy, the only parties we will share your personal information with are our service providers who help support and maintain our operations.

Under our Services Privacy Statement, our cloud-based infrastructure service providers will host your personal information when we receive it as part of your services. The only other party we share your personal information with under the Services Privacy Statement will be our clients, whom you would have directed Flinks to share your personal information with in the course of using our services.

With our service providers and our clients, Flinks takes the necessary steps to ensure that your personal information is kept confidential, and secure. In all of our agreements with our service providers, contractual provisions and technical measures are in place to ensure that, among other things, your Personal Information is stored in secure environments, that the confidentiality of your Personal Information is maintained, and that no employees of our service providers may access the environments containing your Personal Information except with the express authorization from Flinks for the purposes of carrying out maintenance or support and under confidentiality terms equal to the confidentiality terms Flinks has entered into with its clients.

For agreements with our clients, we maintain the same strict confidentiality and security terms that we expect from our service providers.

The only other circumstance where Flinks may share your personal information are under the limited circumstances that are permitted by law (e.g., to prevent fraud, in compliance with a court order, to protect the safety of individual(s), or in the event Flinks is part of a merger or acquisition).

We Do Not Sell Your Personal Information

Flinks does not sell your personal information as defined under the CCPA and other state privacy laws. When we provide our services to our clients, we are providing them with a license to an application programming interface that allows them to fetch your financial data from your financial institution, as authorized by you. A sale of personal information, as defined under the CCPA and other state laws, does not include circumstances where you have directed an organization to share their personal information to another organization. This exception to the definition of a sale of personal information is how Flinks operates its business and as such, is not engaged in the selling of personal information and does not offer an opt-out right related to the sale of personal information.

Your Rights

Under our General Privacy Statement and Services Privacy Statement, you have the following rights with respect to your personal information:

To Access Your Personal Information.
To Correct Your Personal Information.
To Withdraw Your Consent (otherwise known as “Opting-Out”).

To Delete Your Personal Information.
To Make a Complaint.

Should you wish to exercise either of these rights, please refer to the appropriate privacy statement for more information on how to exercise your rights.

Right to Limit Flinks’ Processing of Sensitive Personal Information

As described in this privacy notice, the personal information we process in the provision of our services is considered sensitive information. If you are a resident of a state that recognizes a right to restrict the processing of sensitive information, Flinks already aligns its processing activities to those limited purposes specified under applicable laws, namely:

To perform our services you reasonably expect;
To prevent, detect, and investigate actual or suspected fraudulent or illegal activity, or security incidents that may compromise the availability of our services or the confidentiality or integrity of the data we process;
To verify or maintain the quality of our services, and to improve, upgrade, or enhance our services; and
To facilitate your verified request related to Your Rights.

Flinks does not, and will not, use or disclose your sensitive information for any other purpose than those listed above, except as otherwise permitted under applicable state laws, or without your consent. As such, Flinks does not offer individuals a right to limit the use of sensitive information, as we are already adhering to the highest standard required by the applicable state privacy laws.

Financial Incentives

Under the CCPA and other state privacy laws, businesses are permitted to offer financial incentives to individuals in order to solicit the sharing of personal information. Flinks does not engage in the offering of financial incentives. In the event you receive a financial incentive to share your personal information through Flinks’ services, Flinks has no association with any such financial incentive and any inquiries you may have should be directed to the business you are interacting with that uses Flinks’ services and are offering you a financial incentive.

Statement on Non-Discrimination

If you exercise any of Your Rights under applicable state laws, businesses are prohibited from discriminating against you for exercising Your Rights. Discrimination in this context may include not providing you with a good or service, providing a different or lower-level quality of service, or charging you more for the good or service. While there are exceptions under applicable state laws that permit changing the quality of a service or charging more for a good, Flinks will not engage in any such activity in the provision of its services.

Flinks Applicant and Candidate Privacy Statement

1. Context

All individuals applying for a job at Flinks (also referred to as “you”) have the right to know how their personal information is being used in the course of the hiring process. This Privacy Statement describes:

Who this Privacy Statement Applies To;
The Information We Collect;
How We May Use Your Personal Information;
Who We May Share Your Personal Information With;
Our Retention of Your Personal Information;
Your Rights;
Updates To This Policy;
Contact Flinks’ Privacy Officer; and
U.S. State Law Requirements;

2. Who This Privacy Statement Applies To

This Privacy Statement applies to individuals who:

Have submitted their resume, or other document pertaining to their professional experience or qualifications in order to be considered for a position posted on Flinks’ Career page (https://flinks.com/careers/#jobs) or through any third-party site Flinks uses that allows for the submission of applications for a posted job (e.g., LinkedIn, Monster, ZipRecruiter);
Have submitted their resume through a recruitment agency where the individual was approached regarding an employment opportunity at Flinks, and directed the recruitment agency to submit their resume to Flinks on their behalf.
Have been invited to an interview with a Flinks representative, (e.g., a recruiter or hiring manager) for the position they applied to, or were recruited for directly by a Flinks recruiter;
Have been given an offer of employment at Flinks, but have not yet accepted it; and
Have accepted an offer of employment at Flinks, but have not yet started their employment at Flinks.

3. The Information We Collect

This Privacy Statement applies to the information you share with Flinks during the application, recruitment and interview, or the candidate consideration and offer processes.

During the application process (i.e., when you apply for a position), Flinks may collect the following types of information:

Identifiers such as your name, address, email address, telephone number and other contact information if necessary;
Your cover letter, resume, and any other document pertaining to relevant work experience, education, or other experience in support of your job application;
A “headline” to describe yourself;
Your desired salary expectations;
Details pertaining to your eligibility to work in Canada;
Details of how you heard about the position you are applying for;
Details related to your interaction with Flinks’ website through the use of Cookies (please refer to Flinks Cookie Policy for more information); information about your browser and device (e.g., model, operating system, version), and information derived from your IP address such as your location.

During the recruitment and interview process (i.e., when you meet with a recruiter, the hiring manager, or other employee from Flinks in relation to your application or a job posting), Flinks may receive or collect:

Additional information you provide about your resume, or other relevant work or educational experience(s);
Details about your expectations for the role you have applied for, including salary and benefit expectations;
Information from publicly available sources (e.g., LinkedIn, Google searches), that we believe is relevant to assessing your suitability for the role you have applied for;
Information submitted by you as part of a standardized assessment for the role you are applying for;
Images or video transmitted of you during an interview, including your voice (Flinks may also generate transcripts of interviews, with your permission).

Lastly, during the candidate consideration and offer process, Flinks may collect or document, based on prior interviews, the following types of personal information:

If we identify that you worked with a Flinks employee at previous employer, or you attended the same university or school as a Flinks employee during the same time, we may consult with that Flinks employee .
Information about you received from your reference(s), if provided; and
Information received from criminal, credit, or educational background checks (where applicable).

Once an individual has accepted an offer for employment at Flinks, information collected pursuant to this Privacy Statement will be retained and subject to Flinks’ Employee Privacy Statement, which is available to all new employees.

4. How We May Use Your Personal Information

Your personal information will be used by Flinks for the purposes of evaluating your suitability for the job(s) you have applied for at Flinks. This process includes:

Evaluating your work experience, education, certifications, licenses or other qualifications, skills, and interests against the job opportunity you are applying for;
Communicating with you about the hiring process, the status of your application, and putting you in contact with the Flinks employee(s) who will be conducting interviews with you;
Verifying the information you provided us with (i.e., conducting criminal and educational background checks, and contacting your reference(s) if you are offered an employment offer);
Making an offer of employment to you;
If requested by you, assisting you in obtaining an immigration visa or work permit (Note: it is the candidate’s responsibility to obtain all necessary work permits throughout their employment. Flinks can provide documentation about employment and other limited support if requested);
Making improvements to Flinks’ hiring processes through your feedback or the information discerned from your interview(s) with Flinks’ employee(s). This may include identifying improvements to ensuring equality and diversity in Flinks’ hiring practices;
Detecting and preventing fraudulent activity or any security or technical issue(s) on Flinks’ website;
Complying with any applicable laws, regulations, or judicial orders or authorizations.

If you accept an offer of employment with Flinks, the information collected under this Privacy Statement will become part of your record of employment at Flinks, and will become subject to Flinks’ Employee Privacy Statement, which will be presented to you as part of your onboarding.

5. Who We May Share Your Personal Information With

Flinks may share The Information We Collect with the following types of individuals or organizations

With your consent, your personal information may be shared with National Bank of Canada or a service provider for the purpose of conducting criminal, credit, or educational background checks.
Flinks may provide Flinks employees with whom you have had an interview with, with updates as to your progress during the hiring process. If you have been referred for a job at Flinks by a Flinks employee, Flinks may also provide that employee with information as to your progress during the hiring process. In the case of a referral from a Flinks employee, you may request that Flinks not share any information with the employee who referred you for the opportunity.
In compliance with any applicable laws, regulations, judicial order or authorization, or for the purpose of protecting you, Flinks, and Flinks’ property and its employees from harm, Flinks may disclose your personal information to applicable labour authorities, judicial or regulatory bodies, or law enforcement agencies.
Where you have provided us with references, we may contact those references to confirm the information you have provided us in your application or during your interview process;.
Your personal information may be shared with our service providers for the purpose of detecting or preventing fraud, or security or technical issues on Flinks ‘website.

6. Our Retention of Your Personal Information

If you are unsuccessful in your application for employment at Flinks,you withdraw your application from consideration, or you ultimately decide after accepting an offer of employment with Flinks, that you wish to terminate your employment agreement before your first day, Flinks will retain your personal information provided for a period of three (3) years after you have submitted your application. Flinks will retain this information in the event another opportunity at Flinks is made available and we believe you may be a suitable candidate, to defend ourselves in the event of a legal challenge as to Flinks’ hiring practices or decisions, and to analyze and improve our hiring processes.

If you do not want us to retain your personal information, for any reason, please contact Flinks’ Privacy Officer at [email protected].

7. Your Rights

As it relates to your personal information you provide to Flinks, you have the right to request that Flinks:

Provide you with access to a copy of the personal information we have collected about you;
Correct inaccurate information about you;
Delete your personal information, subject to any legal or regulatory obligations that may prevent such deletion;
Restrict its collection and use of your personal information only to information that is necessary to meet a stated purpose or legitimate interest;
Provide your personal information to another organization or individual;

You also have the right to:

Make a complaint to the appropriate data protection authority if you feel your rights have not been fulfilled or Flinks has not complied with this Privacy Statement;
Object to our processing of your personal information where we, or a contracted third party, relies on a legitimate interest to use your personal information;
Withdraw your consent to use your personal information where you have consented to such processing activities.

For any request made under this privacy statement, we may ask you, or your representative to provide certain information in order to verify your, or their identity, and to ensure that your rights are being exercised appropriately and legitimately.

Flinks may be permitted under certain circumstances permitted by law, to decline a request. Where this may occur, we will inform you of the reasons for doing so and if you disagree with our reasons for doing so, you are still able to make a complaint to your relevant data protection authority.

8. Updates to this Policy

This Privacy Statement was last updated on September 22nd, 2023. From time to time, Flinks may update this Privacy Statement to reflect changes to Flinks hiring practices or purposes for which Flinks uses personal information, or to comply with new legal requirements.

Whenever Flinks makes an update to this Privacy Statement, Flinks will update its website to provide notice that changes have occurred, and direct individuals to the updated Applicant and Candidate Privacy Statement

9. Contact Flinks Privacy Officer

Should you have any questions related to this privacy statement, or wish to make a request related to Your Rights, you may contact Flinks’ Privacy Officer at [email protected], and they will be able to provide you with assistance or further clarifications.

10. U.S. State Law Requirements

Certain U.S. state privacy laws, such as the California Consumer Privacy Act (“CCPA”), require businesses to make specific disclosures for state residents or households.

In compliance with this obligation, this section is designed to help you understand, in the context of what is required under those state laws: (1) the categories of personal information Flinks collects; (2) how Flinks uses that personal information; (3) with whom Flinks may disclose your personal information; and (4) Flinks retention practices.

At no point will Flinks “sell” or “share” (or any other similarly defined term) your personal information.

The Categories of Personal Information Flinks Collects

The CCPA specifically requires businesses to provide a description of the categories of personal information they collect, and the purposes for which they use that data. The following list identifies the categories of personal information Flinks collects as defined under the CCPA:

Identifiers or similar information, such as your name, phone number, address, e-mail address.
Demographic information, such as your age, gender, and language(s) spoken. You may also provide, if you choose or feel it is relevant to your application, information pertaining to your identity, including your race or ethnic origin, citizenship, place of origin, colour, ancestry, creed, religious beliefs, family status or pregnancy, marital status, gender expression, sexual orientation, gender identity, or disability;
Professional, employment, and education information such as your resume, or any document speaking to your professional experience or qualifications in connection with your job application. This category also includes any information Flinks may obtain from its service providers, including the National Bank of Canada in relation to criminal, credit, or educational background checks, and information we obtain from publicly available sources or social media (e.g., your LinkedIn page).
Communication data such as emails sent by you or received from us in connection with the hiring process.
Financial information, such as your current or desired salary expectations, and any other information related to desired total compensation package or benefits.
Audio, electronic, visual, and similar information, such as images or audio of you transmitted through interviews conducted over the phone or through web conferences.
Internet, network, and other activity information such as details about your interaction with Flinks’ website through our use of cookies, or information about your device (e.g., make, model, operating system, version, IP address);
Geolocation data such as the geolocation information associated with your IP address.
Health information, should you choose to provide Flinks with any during the hiring process, may include any information related to an accommodation request, or information you feel may be relevant to disclose during the interview process as it relates to your health.
Inferences drawn from the above types of information.

How Flinks Uses Your Personal Information

Flinks will use personal information in accordance with those purposes outlined in Section D, How We May Use Your Personal Information, above.

Who Flinks Shares Your Personal Information With

Flinks will share your personal information with those groups of individuals or organizations outlined in Section E, Who Flinks May Share Your Personal Information With, above.

Flinks’ Retention of Your Personal Information

Flinks will use personal information in accordance with those purposes outlined in Section F, Finks’ Retention of Your Personal Information, above.

For more information about Flinks’ compliance with applicable U.S. state privacy legislation, please refer to our U.S. State Laws Privacy Notice