Flinks’ mission is to put consumers at the center of finance. This is not just some marketing pitch; this vision is formally enshrined in internal company documents of the utmost importance, like our Constitution.
In the furtherance of this mission, security and privacy are top priorities for us. We try to make everything we build as seamless as possible, and our privacy program is no exception. Depending on your interaction with Flinks, different privacy statements will apply. Please read the descriptions below carefully in order to understand which privacy statement applies, and how we collect, use, and share share your information:
Flinks General Privacy Statement – This privacy statement addresses Flinks’ practices with respect to personal information Flinks collects associated with:
Your use of Flinks’ website and social media pages that link to the General Privacy Statement,
Your interactions with Flinks at Flinks-sponsored events or in-person meetings at Flinks’ offices, during the course of any sales or marketing activities with Flinks’ representatives, and
Where Flinks receives professional services from its vendors.
Flinks Services Privacy Statement – The Flinks Services Privacy Statement describes Flinks’ privacy practices relating to how and where you have connected your bank account with one of our clients’ services (e.g., a mobile or web application or financial service provider), and the information Flinks receives as a result of your use of those client services.
This Privacy Statement provides information as to Flinks and its affiliates’ (“Flinks”, “we”, or “us”) practices as it relates to the collection, use, storage, protection, disclosure, and disposal (collectively referred to as “processing”) of personal information in connection with (i) your use of Flinks’ website and social media pages that link to this Privacy Statement, (ii) your attendance at Flinks’ offices, events, or other sales and marketing activities whether they be initiated online, over the phone, or in-person, and (iii) information relating to employees of service providers who provide business or professional services to Flinks.
This Privacy Statement has been divided into the following sections to explain:
Scope
Types of Personal Information We Process
How We Use Your Personal Information
Consent
Our Use of Marketing Technology and Disclosure of Personal Information
Your Rights
Contacting Flinks’ Privacy Officer
Changes to This Privacy Statement
The aim of this Policy is to provide a clear, yet concise explanation of what information we collect about End Users, how we use it, and how we share it. One important thing we want you to keep in mind is that this Policy covers only the information that Flinks handles, thus it does not explain what the Applications do with your information. We do encourage you to review their privacy policies to know about their practices. As in everything we do, we tried to make this Policy seamless and user-friendly; however, should you have any questions about it, please let us know at [email protected].
Scope
This Privacy Statement applies to the processing of personal information by Flinks related to:
visitors to Flinks’ website (https://www.flinks.com)
visitors to Flinks’ social media pages that refer to this Privacy Statement (e.g., LinkedIn)
clients, prospective clients, and their representatives inquiries about Flinks’ services;
visitors to Flinks’ offices;
individuals who submit a request under the “Your Rights” section of this Privacy Statement;
attendees at Flinks-sponsored events; and
individuals who provide business or other professional services to Flinks.
This Privacy Statement does not apply to the following activities:
Personal information processed by Flinks to provide its Services. In order to provide our services to our clients, we may process your personal information on behalf of our clients. If you believe you may be a customer of one of our clients, please refer to Flinks’ Services Privacy Statement for more information.
Personal Information collected about you by our clients. Our clients are responsible for implementing relevant procedures and determining how they process your personal information in order to provide their services, including when they use Flinks to provide their services to you. Should you wish to find out more about how one of our clients processes your personal information, we encourage you to visit their website or contact their data protection officer.
Personal information you provide to websites not controlled by Flinks. Flinks may provide you with links to our clients’ or partners’ website(s) and/or social media page(s) through our website. Flinks does not have any control over these websites, or the marketing or other technologies they may deploy on those sites.To the extent such personal information collected could be displayed on Flinks’ website, this Privacy Statement will apply to that personal information (e.g., leaving a review through G2). Should you have any questions related to these websites, please contact Flinks’ Privacy Officer for how Flinks may use such information, or refer those websites respective privacy policies for how they process your Personal Information.
Types of Personal Information We Process
For the activities listed within the Scope of this Privacy Statement, Flinks processes the following types of Personal Information:
Information from prospective clients, partners, or event attendees. When you use our ‘Request a Demo’ service, contact one of our sales representatives directly, leave a review, or attend one of our Flinks-sponsored events, we may require from you certain personal information, namely: your first and last names, e-mail address, telephone number, job title and the type of industry you work in.
Flinks may also ask to record calls or virtual meetings with current and prospective clients and partners for training and note-taking purposes, in which case your voice and/or images may be captured. Such information will not be collected by Flinks without first obtaining each participants’ consent and providing an opportunity to withdraw their consent where applicable laws require such notice.
Information from service providers. In the case of service providers who are providing services to Flinks, Flinks may collect certain information about an employee or employees of the service provider who are engaged in providing the contracted services to Flinks or who are responsible for managing the service provider’s relationship with Flinks. This information includes: the employee’s first and last name, their role, e-mail address, and telephone number.
Information website visitors provide from their devices. When you use one of your devices (e.g., laptop, mobile phone, desktop computer) to browse our website, we receive certain information about your device, including its hardware model, operating system, browser version, IP addresses, and geographic information derived from IP addresses (e.g., country, province or state, city, postal code, longitude and latitude) and other technical information about the device (e.g., device fingerprint?) to help us improve our website experience. We also use cookies, or similar tracking technologies to collect usage statistics when interacting with our site (e.g., content areas visited, time spent on page, date and time of the activity), or improve your experience when interacting with our website. For more information related to Flinks’ use of technologies to collect device information, please see Our Use of Marketing Technologies and Disclosure of Personal Information, below.
Information individuals provide when attending Flinks’ offices. If attending Flinks’ Toronto or Montreal offices, Flinks may capture images of you by video recording devices in order to maintain the physical security of Flinks’ offices. Flinks has no control over cameras that may be placed in the common areas of the buildings its offices are located in.
Flinks will do its best to collect Personal Information directly from you to ensure the accuracy of the personal information we are collecting. Where Personal Information is held by a third party, we will obtain the subject individual’s consent before seeking such information. Where we obtain Personal Information directly from a third party, we will take reasonable steps to ensure that the third party has represented to us that he/she has the right to disclose the subject individual’s Personal Information to us. In some cases, involving less sensitive Personal Information, consent may be implied by your actions.
How We Use Your Personal Information
We may use the personal information we collect for the following purposes:
To operate and maintain our website;
To improve, enhance, modify, add to, and further develop our website and services;
To manage the security of our website and offices, including the investigation of criminal activity or other unauthorized access to our website or offices;
To communicate with, and, where necessary, confirm information provided by prospective and current clients, which includes responding to inquiries, and providing a demo of our services;
To maintain our list of prospective and actual clients, partners, service providers, and their respective representatives’ contact information;
Where phone calls or meetings are recorded, for quality assurance training and record keeping purposes
To respond to data subject requests made pursuant to this Privacy Statement, including verifying the identity of the requestor; and
To enable us to comply with applicable laws and regulations in the jurisdictions Flinks operates in.
Should you require further clarification related to any of the purposes for which Flinks uses personal information it collects, please contact Flinks’ Privacy Officer at [email protected] and upon receiving such a request, our Privacy Officer will reach out to you directly to clarify any of the stated purposes for which personal information is being used.
Consent
While Flinks will make its best efforts to obtain your express consent to collect or otherwise process your personal information. Flinks does not consider personal information collected pursuant to this Privacy Statement to be “sensitive personal information” or any similar wording as defined under applicable privacy legislation that may apply to Flinks. As such, in some cases, your consent may be implied by the actions you take (e.g., reaching out directly to a sales representative requesting a demo). In providing your personal information to us, by any means and whether consent is given explicitly or indirectly, you agree that we may collect, use, disclose or otherwise process your personal information in accordance with this Privacy Statement.
In some circumstances, including but not limited to requests from law enforcement or to protect a Flinks employee or other individual(s) personal safety, Flinks may be required to disclose Personal Information without your consent. In those circumstances, if Flinks believes it is necessary and appropriate in the circumstances to disclose your personal information without consent, Flinks will limit the disclosure only to that information which is necessary to fulfill the request.
Our Use of Marketing Technologies and Disclosure of Personal Information
We may use and share Information website visitors provide from their devices as defined above, to maintain and improve our website, or to give you a more personalized browsing experience on our website. We do this through the use of cookies and other marketing technologies (e.g., “marketing pixels”) provided to us through third parties. Unless you have adjusted your browser settings, cookies may be issued when you visit our site. Flinks uses four categories of cookies: (1) ‘Necessary’ cookies which are required for the functioning and security of the website; (2) ‘Analytic’ cookies used to understand how individuals interact with Flinks’ website; (3) ‘Functional’ cookies that perform certain functions on Flinks’ website (e.g., sharing content on social media, leaving reviews); or (4) ‘Advertising’ cookies used to provide relevant ads and marketing campaigns and track activity across websites to provide relevant ads. Flinks uses the following cookies and marketing technologies for the purposes as indicated below:
Cookie Name
Provider
Description
Type
__gsas
google.com
Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.
Analytic / Advertising
__gpi
google.com
Collects information on user behaviour on multiple websites. This information is used in order to optimize the relevance of advertisement on the website.
Analytic / Advertising
__gpi_optout
google.com
This information collected from __gpi is used to deliver advertisements on the website.
Analytics / Advertising
NID
google.com
These cookies are used to remember your preferences and other information, such as your preferred language, how many results you prefer to have shown on a search results page (for example, 10 or 20), and whether you want to have Google’s SafeSearch filter turned on.
Functional
DSID
doubleclick.net
Used to store user preferences.
Functional
test_cookie
doubleclick.net
Used to check if the user’s browser supports cookies.
Functional
id
doubleclick.net
Used to provide ad delivery or retargeting.
Advertising
__gads
google.com
Used to provide ad delivery or retargeting.
Advertising
GED_PLAYLIST_ACTIVITY
google.com
Used to measure session activity for ad formats.
Analytic / Advertising
ACLK_DATA
youtube.com
Used to ensure that you can watch YouTube videos on our website. These cookies contain anonymous information to measure the behavior of YouTube users.
Functional / Analytic
pm_sess
doubleclick.net, google.com
Used to ensure that requests within a browsing session are made by the user, and not by other sites.
Necessary / Functional
pm_sess_NNN
doubleclick.net, google.com
Used to ensure that requests within a browsing session are made by the user, and not by other sites.
Necessary / Functional
aboutads_sessNNN
doubleclick.net, google.com
Used to track conversions from ads in Google search and on the Google Display network, as well as retargeting. The retargeting is anonymous targeting of ads across the Google display network.
Analytics / Advertising
FPAU
google.com
Assigns a specific ID to the visitor. This allows the website to determine the number of specific user-visits for analysis and statistics.
Used track your activity across devices, to coordinate ads and measure conversion events.
Functional / Analytics / Advertising
FPGCLDC
google.com
Used to help advertisers determine how many times users who click on their ads end up taking an action on their site.
Analytics
_gcl_dc
google.com
Used by the conversion linker for click information
Analytics
_gcl_au
google.com
Used by Google AdSense for experimenting with advertisement efficiency
Advertising
FLC
doubleclick.net
Used to store the user’s actions on the site after having viewed an advert or having clicked on the advert.
Analytics
RUL
doubleclick.net
Used to determine whether website advertisements have been properly displayed.
Functional / Advertising
FCCDCF
google.com
Used to manage privacy choices, monetize content, and communicate with users to gather consent where applicable laws apply.
Functional
FCNEC
google.com
Used for analytics purposes associated with FCCDCF.
Analytics
FPGCLAW
google.com
Contains campaign related information on the user
Analytics / Advertising
FPGCLGB
google.com
Contains campaign related information on the user
Analytics / Advertising
_gcl_gb
google.com
Contains campaign related information on the user
Analytics / Advertising
_gac_gb_<wpid>
google.com
Contains campaign related information on the user
Analytics / Advertising
_gcl_aw
google.com
Contains campaign related information on the user.
Analytics / Advertising
1P_JAR
google.com and local variations, e.g. google.de
Contains campaign related information on the user
Analytics / Advertising
Conversion
www.googleadservices.com/pagead/conversion/
Contains campaign related information on the user
Analytics / Advertising
YSC
youtube.com
Contains campaign related information on the user
Analytics / Advertising
VISITOR_INFO1_LIVE
youtube.com
Used to provide bandwidth estimations
Functional
VISITOR_INFO1_LIVE__k
youtube.com
Used to provide bandwidth estimations
Functional
VISITOR_INFO1_LIVE__default
youtube.com
Used to provide bandwidth estimations
Functional
FPLC
google.com
Registers a unique ID that is used to generate statistical data on how the visitor uses the website, derived from a hashed value from the FPID cookie.
Analytics
_ga
google.com
Used to distinguish users
Functional / Necessary
_gac_<wpid>
google.com
Contains campaign related information for the user.
Functional / Analytics
_gid
google.com
Used to distinguish users
Functional / Necessary
_ga_<container-id>
google.com
Used to persist session state
Functional / Necessary
_gac_gb_<container-id>
google.com
Contains campaign related information.
Functional
_gat[_<customname>]
google.com
Used to throttle request rate.
Functional / Necessary
__utma
google.com
Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.
Functional / Necessary
__utmb
google.com
Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.
Analytics
__utmc
google.com
Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.
Functional / Analytics
__utmt
google.com
Used to throttle request rate.
Functional / Necessary
__utmz
google.com
Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.
Functional / Analytics
__utmv
google.com
Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.
Analytics
__utmx
google.com
Used to determine a user’s inclusion in an experiment.
Functional / Analytics
__utmxx
google.com
Used to determine the expiry of experiments a user has been included in.
Functional / Analytics
AMP_TOKEN
google.com
Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
Functional
FPID
google.com
Registers statistical data on users’ behaviour on the website. Used for internal analytics by the website operator.
Analytics
GA_OPT_OUT
google-analytics.com
Shows if the user deactivated Google Analytics
Functional / Analytics
_ga_<wpid>
google.com
Used to store and count pageviews.
Analytics
_dc_gtm_<property-id>
google.com
This cookie is related to the _gat cookie. The _gat cookie pattern is used to throttle the request rate; if Google Analytics is deployed via Google Tag Manager, the cookie root changes to _dc_gtm_.
Necessary / Functional
_gaexp
google.com
Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in.
Functional / Analytics
_gaexp_rc
google.com
This cookie is set by Google Analytics and is used to determine a user’s inclusion in an experiment and the expiry of experiments that a user has been included in.
Functional / Analytics
_opt_awcid
google.com
Used for campaigns mapped to Google Ads Customer IDs.
Advertising
_opt_awmid
google.com
Used for campaigns mapped to Google Ads Campaign IDs.
Advertising
_opt_awgid
google.com
Used for campaigns mapped to Google Ads Ad Group IDs
Advertising
_opt_awkid
google.com
Used for campaigns mapped to Google Ads Criterion IDs
Advertising
_opt_utmc
google.com
Stores the last utm_campaign query parameter.
Advertising
_gcl_gf
google.com
Shares anonymised booking details with Google Flights when customers have been referred to our platforms by Google Flights. It uses first and third-party cookies that allows Google Flights to connect a booking to a previous session on their website.
Advertising
_gcl_ha
google.com
Used to track the origin of the user in order to be able to attribute Google Hotel Ads for any transaction resulting from a reservation.
Analytics / Advertising
PAIDCONTENT
doubleclick.net
Advertising cookies used by Google services via Google reCAPTCHA to track visitor behaviour (e.g., history of pages viewed, links opened, advertising seen before visiting our website, history from other devices) and provide targeted advertising
Analytics / Advertising
_opt_expid
google.com
This cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that’s being redirected.
test_cookie
doubleclick.net
Used to determine if the user’s browser supports cookies.
Advertising
__cf_bm
hubspot.com
This cookie, set by Cloudflare, is used to support Cloudflare Bot Management to help prevent malicious activity associated with botnets from being directed towards Flinks’ website.
Necessaryß
UserMatchHistory
linkedin.com
LinkedIn sets this cookie for to help measure advertising performance.
Functional
lang
ads.linkedin.com
LinkedIn sets this cookie to remember a user’s language setting.
Functional
bcookie
linkedin.com
LinkedIn sets this cookie to identify a browser ID through the share buttons on LinkedIn.
Functional
lidc
linkedin.com
LinkedIn sets the lidc cookie to facilitate data center selection.
Functional
lang
linkedin.com
LinkedIn sets this cookie to remember a user’s language setting.
Functional
bscookie
linkedin.com
LinkedIn sets this cookie to remember which users have logged in using multifactor authentication.
Functional
__hs_opt_out
hubspot.com
Used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again.
Necessary
__hs_do_not_track
hubspot.com
Can be set to prevent the tacking code from sending any information to HubSpot.
Necessary
__hs_initial_opt_in
hubspot.com
Used to prevent the banner from always displaying when a visitor visits in strict mode.
Necessary
__hs_cookie_cat_pref
hubspot.com
This cookie is used to record the categories a visitor consented to.
Necessary
hs_ab_test
hubspot.com
This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before.
Necessary
<id>_key
hubspot.com
When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again.
Necessary
hs-messages-is-open
hubspot.com
Determine and save whether the chat widget is open for future visits.
Necessary
hs-messages-hide-welcome-message
hubspot.com
Prevents chat widget message from appearing one day after it is dismissed.
Necessary
__hsmem
hubspot.com
Set whenever a visitor logs into a HubSpot-hosted site.
Necessary
Hs-membership-csrf
hubspot.com
Prevents content membership logins from being forged
Necessary
hs_langswitcher_choice
hubspot.com
Save’s a visitor’s selected language choice
Necessary
__cfruid
hubspot.com
Set by Hubspot’s CDN provider due to their rate limiting policies.
Necessary
__cf_bm
hubspot.com
Set by Hubspot’s CDN provider that is necessary for bot protection.
Necessary
_hstc
hubspot.com
Visitor tracking cookie that contains utk, intial timestamp of first visit, last timestamp, current timestamp, and session number
Necessary
hubspotutk
hubspot.com
Keeps track of a visitor’s identity and passed to Hubspot on form submission and used when duplicating contacts.
Necessary
__hssc
hubspot.com
HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
Necessary
__hssrc
hubspot.com
This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
Necessary
wp-wpml_current_language
flinks.com
This cookie stores the current language setting.
Other
_dc_gtm_UA-83575816-1
.flinks.com
This cookie is used to associate and track the performance of Google ad campaigns, which are then consumed by doubleclick.net.
Other
AnalyticsSyncHistory
.linkedin.com
This cookie is used to measure the performance of page content.
Other
li_gc
.linkedin.com
This cookie is used to store the consent of guests for cookies that have a non-essential purpose.
Other
If you choose to share our digital content through social networks, such as Facebook, Twitter or LinkedIn, watch one of our videos posted to a third-party media site, or leave a review of Flinks a review website, you may be sent cookies from these third-party websites. We do not control the settings of these marketing technologies and cannot verify the content of the data transmitted to the social networks Flinks uses, or how each of them uses such data. Please consult those websites’ privacy policies to learn how you may modify your account settings to manage their cookies and similar technologies.
Flinks does not share any other personal information covered by this Privacy Statement unless otherwise directed by you in the provision of our services.
Your Rights
If you have, or believe you have provided Flinks with Personal information subject to this Privacy Statement, you have certain rights that you are entitled to:
Access Your Personal Information. Where Flinks has collected Personal Information pursuant to this Privacy Statement, you have the right to access the records Flinks holds containing your Personal Information. When making a request to access records containing your Personal Information, please indicate either the specific records you are requesting access to, or if not known, the general type(s) of records your Personal Information may be contained in. Once your request has been received, Flinks will provide those records in a standard format that is readable on most devices (e.g., .pdf, .docx, .csv). Should you request physical copies or transcription of any records, Flinks reserves the right to charge a reasonable fee to cover the costs associated with printing or transcribing the records, and any shipping fees associated with the delivery of those records. Flinks will indicate the cost of such fees, and obtain your approval prior to the processing of any such request.
Correct Your Personal Information. If you believe Flinks holds inaccurate or out-of-date Personal Information related to you and you would like Flinks to update its records, then you have the right to request correction of those records.When making a request for Flinks to correct your Personal Information, please indicate the information you are requesting correction of, and the correct information that will be updated.
Withdrawing Your Consent (i.e. “opting out”). Should you choose to withdraw your consent that permits Flinks to process your Personal Information, please indicate for which purpose(s) you wish Flinks to stop Processing your Personal Information (e.g., for a particular purpose, or for all purposes). Prior to fulfilling your request, we may inform you of any consequences that withdrawing your consent may have in relation to receiving services pursuant to this Privacy Statement. Please note that withdrawing your consent is not the same as requesting that Flinks delete any Personal Information, and Flinks may continue to hold your Personal Information pursuant to any business (e.g., retention) or legal requirements where deletion has not also been requested.
Delete Your Personal Information. While not required by law everywhere, Flinks lets individuals, regardless of where they reside, have the option to request that Flinks delete their Personal Information permanently. If you no longer want Flinks to hold Personal Information related to you that is subject to this Privacy Statement, please indicate the specific records, or the types of records containing your personal information you would like Flinks to delete and Flinks will destroy those records subject to any legal or regulatory obligations that might prevent such destruction.
Make a Complaint. In the event you believe Flinks has collected, used, disclosed, or taken any other action(s) in regard to your Personal Information that you believe may not comply with this Privacy Statement or with applicable privacy legislation, then you are entitled to make a complaint to a regulatory authority (e.g., Office of the Privacy Commissioner of Canada, Commission d’Accès à l’Information du Quebec). If you choose to, you may first contact Flinks’ Privacy Officer with the details of your complaint to inform Flinks of such activities in an effort to resolve the issue. Flinks’ Privacy Officer may contact you with a proposed resolution, and if you are not satisfied with the proposed resolution, then you are still entitled to file a formal complaint with the relevant regulatory body.
When a request is received, Flinks’ Privacy Officer may request certain information from you (e.g. name, e-mail address or other information Flinks would already have on file related to you), as well as proof of identification in order to verify your identity before processing your request.
For any request received, Flinks’ Privacy Officer will respond to your e-mail within 30 days of your request being received, and if an extension is required to respond to or facilitate your request, Flinks’ Privacy Officer will inform you of such an extension and the reasons for it nevertheless within the first 30 days.
Flinks reserves the right to refuse to address requests, questions, or complaints if, in the opinion of Flinks’ Privacy Officer, such request, question, or complaint is vexatious, unfounded, or repetitive in nature.
Contact Flinks’ Privacy Officer
For any of Your Rights listed above, or any other inquiries related to this Privacy Statement or other privacy-related inquiries related to Flinks or its services, please direct all inquiries to Flinks’ Privacy Officer at [email protected].
If you wish to exercise “Your Rights” associated with you having linked your bank account with one of our clients’ services, please refer to our Services Privacy Statement before contacting Flinks’ Privacy Officer.
Updates To This Policy
This General Privacy Statement was last updated on August 11, 2022. From time to time, Flinks may update this General Privacy Statement to reflect changes to Flinks’ services or purposes for which Flinks processes personal information, or to comply with new legal requirements.
Whenever Flinks makes an update to this Privacy Statement, Flinks will update its website to provide notice that changes have occurred, and direct individuals to the updated version.
Flinks allows you to share your bank account details and transaction history, among other financial information, in order to receive financial or other related goods and services from our clients. This Privacy Statement provides information as to Flinks and its affiliates’ (“Flinks”, “we”, or “us”) practices as it relates to the collection, use, disclosure, storage, or destruction (collectively referred to as “processing”) of Personal Information (i.e., identifiable information about you) Flinks receives in connection with your use of any of our clients’ services (e.g., mobile application, web application, or other service offering) that uses Flinks.
This Privacy Statement has been divided into the following sections to explain:
Scope
Types of Personal Information We Process
Consent
How We Use Your Personal Information
Who We Share Your Personal Information With
How We Store and Protect Your Personal Information
Your Rights and Making a Data Subject Request
Contacting Flinks’ Privacy Officer
Changes to This Privacy Statement
Scope
This Privacy Statement applies to the processing of personal information by Flinks when you connect your bank account, using Flinks, with our clients’ services.
The Flinks Services Privacy Statement applies to the following services:
Flinks Enrichment (also referred to as “Enrich” or “Attributes”); and
Flinks Outbound (also referred to as the “Open Banking Environment” or “OBE”).
This Privacy Statement does not apply to the following activities:
Personal Information subject to Flinks’ General Privacy Policy. If you are a visitor to Flinks’ website, a service provider to Flinks, an actual or prospective client, an attendee at one of Flinks’ events, or have attended Flinks’ offices, the General Privacy Statement is where you will find information related to Flinks’ practices with respect to processing your personal information.
Personal Information collected about you by our clients. Our clients are responsible for implementing relevant procedures and determining how they process your Personal Information in order to provide their services, including when they use Flinks to provide their services to you. Should you wish to find out more about how our clients process your Personal Information, or to understand what other Personal Information they have in their possession related to you, we encourage you to visit their website or contact their data protection officer directly.
Personal Information you provide to websites or services not controlled by Flinks. Flinks may provide you with links to our clients’ website(s) or social media page(s) Flinks uses through our website. Flinks does not have any control over these websites, or the marketing or other technologies such websites may deplo.Should you have any questions related to these websites, please contact Flinks’ Privacy Officer for how Flinks may use such information, or refer to such websites’ respective privacy policies for how they process your Personal Information.
Types of Personal Information We Process
Flinks processes three types of Personal Information when it provides its services to its clients:
Information you provide. When you connect your financial account(s), you will provide your login information required by your financial institution to access your account. Typically, this consists of a username and password, but it could also include answers to challenge questions or a security token.
Information from your financial institution. When Flinks connects to your financial account for the purposes of our clients’ services, we retrieve information from such financial institution that maintains the account(s). The information we retrieve may vary depending on:
The information required by our client in order to power their service; and
The information made available by your financial institution.
The types of information we collect from your financial institutions may include, without limitation:
Account information (e.g., financial institution name, account name, account type, and account and routing number);
Information about an account balance (e.g., current and available balance);
Information about credit accounts, (e.g., statement due dates and balances owed, payment amounts and dates, transaction history, and interest);
Information about loan accounts (e.g., including due dates, balances, payment amounts and dates, interest, loan type, payment plan, and term);
Information about the account owner(s) (e.g., name, email address, phone number, and address information); and
Information about account transactions (e.g., amount, date, type, and a description of the transaction).
Information from your devices. Our technology is integrated into our clients’ applications. Thus, when you use one of your devices to connect with a client service, we may receive information about this device, including without limitation the IP address, hardware model, operating system, and other technical information about the device. We may also use cookies or similar tracking technologies to collect usage statistics and to help us improve our services.
Consent
Flinks is a service provider to itsclients, and has no direct relationship with you, the end-user. As such, our clients are responsible for obtaining your consent(s) to process Personal Information for purposes associated with providing you with their goods and services, including your consent that authorizes Flinks to (i) collect Information you provide and (ii) collect and share Information from your financial institution with our clients.
How We Use Your Personal Information
When we receive Personal Information from you, or from your financial institution related to you, we use your information for the following purposes:
To operate, provide, and maintain our services;
To improve, enhance, modify, add to, and further develop our existing services;
To protect you, our clients’ services, and Flinks from fraud, malicious activity, and other privacy and security-related concerns;
To provide support to our developers;
To respond to your inquiries related to this Services Privacy Statement;
To investigate any misuse of our service or our clients’ service(s), including violations of our security policies, criminal activity, or other unauthorized accesses.
Who We Share your Personal Information With
When you use Flinks to share your financial information with our clients (i.e., the organization with whom you have a direct relationship with that uses Flinks), depending on the type of connection that needs to be made with your financial institution, you may be providing Flinks with your account credentials to access your bank account.
As a starting point, your credentials are never shared. With anyone.
Due to the sensitive nature of such information, Flinks does not share any of your financial information with anyone other than our client whose service(s) you are using and have authorized to receive your financial information, and as required or permitted by law (e.g., in the event Flinks must comply with a court order or is required to disclose information to protect an individual from serious or life threatening harm).
In the event a part of Flinks, or all of Flinks is acquired or merged with another business, the license(s) or ownership associated with the services we use to process your personal and financial information, and any other such information Flinks processes, may be transferred to the new entity.
How We Store and Protect Your Personal Information
Flinks uses industry leading service providers to process your Personal Information. With all of our providers, contractual provisions and technical measures are in place to ensure that, among other things, your Personal Information is stored in secure environments, that the confidentiality of your Personal Information is maintained, and that no employees of our service providers may access the environments containing your Personal Information except with the express authorization from Flinks for the purposes of carrying out maintenance or support and under confidentiality terms equal to the confidentiality terms Flinks has entered into with its clients.
To learn more about how we protect your Personal Information, please visit our Security page.
Your Rights and Making a Data Subject Request
Depending on where you reside, you may be entitled to exercise certain rights with respect to your personal and financial information. At Flinks, we want all of our clients’ customers to have equal privacy rights, and that’s why no matter where you reside, we afford you the same rights as others, even where we aren’t required to.
Specifically, Flinks recognizes that individuals have the following privacy rights:
To Access Your Personal Information. Where Flinks has collected Personal Information pursuant to this Privacy Statement, you have the right to access the records Flinks holds containing your Personal Information.
To Correct Your Personal Information. If you believe Flinks holds inaccurate or out-of-date Personal Information related to you and you would like Flinks to update its records, then you have the right to request correction of those records.
To Withdraw Your Consent (otherwise known as “Opting-Out”). Should you choose to withdraw your consent that permits Flinks to process your Personal Information, please indicate for which purpose(s) you wish Flinks to stop Processing your Personal Information (e.g., for a particular purpose, or for all purposes). Prior to fulfilling your request, we may inform you of any consequences that withdrawing your consent may have in relation to receiving services pursuant to this Privacy Statement. Please note that withdrawing your consent is not the same as requesting that Flinks delete any Personal Information, and Flinks may continue to hold your Personal Information pursuant to any business (e.g., retention) or legal requirements where deletion has not also been requested.
To Delete Your Personal Information. If you no longer want Flinks to hold Personal Information related to you that is subject to this Privacy Statement, please indicate the specific records, or the types of records containing your Personal Information you would like Flinks to delete and Flinks will destroy those records subject to any legal or regulatory obligations that might prevent such destruction permanently.
To Make a Complaint. In the event you believe Flinks has collected, used, disclosed, or taken any other action(s) in regards to your Personal Information that you believe may not comply with this Privacy Statement or otherwise with applicable privacy legislation, then you are entitled to make a complaint to a regulatory authority (e.g., Office of the Privacy Commissioner of Canada, Commission d’accès à l’information du Québec). You may first contact Flinks’ Privacy Officer with the details of your complaint to inform Flinks of such activities, and potentially resolve the issue. Flinks’ Privacy Officer may contact you with a proposed resolution, and if you are not satisfied with the proposed resolution and there is no alternative from Flinks’ perspective, then they will let you know that you are still entitled to file a formal complaint with the relevant regulatory body.
Because Flinks has no direct relationship with you in providing our Services to our clients, we ask that you direct your request(s) that are related to Flinks’ processing of your Personal Information to the client with whom you have connected your bank account with. In your request to them, please be sure to copy Flinks’ Privacy Officer on your e-mail ([email protected]) and indicate:
that you would like your request to be directed to Flinks;
the rights you wish to exercise; and
if applicable, the specifics of your request (e.g., the records you are requesting access to, or the purposes for which you are withdrawing your consent).
Once your request is received, Flinks’ Privacy Officer may reach out to you to confirm receipt of your request. You may be asked to verify your identity by answering some questions by our client (e.g. name, e-mail address or other identifying information). Flinks may also request that your identity first be verified before processing your request.
If you are unsure of who to contact in order to make your request, please reach out to Flinks’ Privacy Officer and they will be able to assist you in facilitating your request.
Flinks’ Privacy Officer will endeavour to process your request within 30 days of your request being received and will notify you once your request has been completed. If an extension is required to respond to or facilitate your request, Flinks’ Privacy Officer will inform you of such an extension and the reasons for it nevertheless within the first 30 days.
Flinks reserves the right to refuse to address requests, questions, or complaints if, in the opinion of Flinks’ Privacy Officer, such request, question, or complaint is vexatious, unfounded, or repetitive in nature.
Contact Flinks’ Privacy Officer
For any of Your Rights listed above, or any other inquiries related to this Privacy Statement or other privacy-related inquiries related to Flinks or its services, please direct all inquiries to Flinks’ Privacy Officer at [email protected].
Updates To This Policy
This Services Privacy Policy was last updated on August 11, 2022. From time to time, Flinks may update this Services Privacy Policy to reflect changes to Flinks’ services or purposes for which Flinks processes personal information, or to comply with new legal requirements.
Whenever Flinks makes an update to this Policy, Flinks will update its website to provide notice that changes have occurred, and direct individuals to the updated Services Privacy Statement.