Overview of confidentiality

Privacy policy


We consider ensuring the right to personal data protection as a fundamental commitment of Finaco SRL, therefore we will dedicate all necessary resources and efforts to process your data in full compliance with EU Regulation 2016/679 (“General Data Protection Regulation” or ” GDPR ”), as well as with any other legislation applicable on the territory of Romania. As one of the key principles of this legal framework is transparency, we have prepared this document to inform you about how we collect, use, transfer and protect your personal data when you interact with us about products and services. including our website or mobile applications.

We reserve the right to periodically update and modify this Privacy Policy to reflect any changes to the way we process your personal data or any changes to legal requirements. In the event of any such changes, we will display the amended version of the Privacy Policy on our website, for which reason please check the contents of this Privacy Policy periodically.

What categories of personal data do we process?

We generally collect your personal data directly from you so that you have control over the type of information you provide to us. For example, we receive information from you as follows:

When you send us a message or request a quote, you provide us with information such as: the desired product or service, first and last name, email address, phone number, etc.

We may also collect and further process certain information about your behavior while visiting our website, to personalize your online experience and provide you with offers tailored to your profile. We invite you to find out more details in this regard by consulting the section below on the purposes of processing.

On our website we may store and collect information in cookies and similar technologies, in accordance with the Cookies Policy.

We do not collect or otherwise process sensitive data, included in the General Data Protection Regulation in special categories of personal data. We also do not want to collect or process data on minors under the age of 18.

What are the purposes and grounds of processing?

We will use your personal data for the following purposes:

To provide Finaco services for your benefit.

This general purpose may include, as appropriate, the following:

  1. a) The answer to the questions and / or requests addressed by you through the contact form;
  2. b) Providing support services, including providing answers to your requests or questions regarding Finaco services.


The processing of your data for these purposes is in most cases necessary for the conclusion and execution of a contract between Finaco and you. Certain processing subject to these purposes is also required by applicable law, including tax law.

To improve our services

We always want to provide you with the information and details that interest you the most. For this, we may collect and use certain information about your behavior during your visit to our website, we may invite you to complete various questionnaires or we may conduct, directly or with the help of partners, studies, and market research.

We base these activities on our legitimate interest in doing business, always making sure that your fundamental rights and freedoms are not affected.


For marketing

We want to keep you informed about the best offers for the products / services that interest you. In this regard, we may send you any type of message (such as: e-mail / SMS / telephone / mobile or web alerts, etc.) containing general and thematic information, information on products and services similar or complementary to the information you have purchased, information about offers or promotions, information about the products / services you have shown interest in, and other business communications such as market research and opinion polls, and we may display personalized recommendations on website.

In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any case where we use information about you for our legitimate interest, we take care and take all necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you can ask us at any time, by the means described above, to stop the processing of your personal data for marketing purposes, and we will process your request.


To defend our legitimate interests

There may be situations in which we use or transmit information to protect our rights and business. These may include:

– Measures to protect the finaco.ro website against cyber-attacks:

– Measures to prevent and detect fraudulent attempts, including the transmission of information to the competent public authorities;

– Other risk management measures.

The general basis of these types of processing is our legitimate interest in defending our commercial activity, it being understood that we ensure that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.

In some cases, we also base our processing on legal provisions such as the obligation to ensure the protection of goods and values ​​provided by the applicable legislation in this matter.

How long do we keep your personal data?

As a rule, we store your personal data while you are in collaboration with us. You may request the deletion of certain information from us at any time and we will comply with such requests, subject to the retention of certain information where applicable law or our legitimate interests so require.

To whom we transmit your personal data

Where applicable, we may transmit or provide access to certain personal data of yours to the following categories of recipients:

– FinAco partners;

– courier service providers;

– payment / banking service providers;

– marketing / telemarketing service providers;

– market research service providers;

– insurance companies;

– IT service providers;

– other companies with which we can develop joint programs to offer our goods and services on the market.

If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.

We ensure that access to your data by third parties under private law is made in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.

In which countries do we transfer your personal data

We currently store and process your personal data in Romania.

However, we may transfer certain of your personal data to entities located in the European Union or outside the Union, including in countries for which the European Commission has not recognized an adequate level of protection of personal data.

We will always take steps to ensure that any international transfer of personal data is carefully managed to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual commitments and, where appropriate, other guarantees, such as standard contractual clauses issued by the European Commission or certification schemes, such as the Privacy Shield for the protection of personal data transferred from within the EU to the United States.

How we protect the security of your personal data

We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, according to industry standards.

The transmission of your personal data is done using state-of-the-art encryption algorithms and stored on secure servers, while ensuring data redundancy.


Despite the measures taken to protect your personal data, we warn you that the transmission of information via the Internet, in general, or through other public networks, is not completely secure, there is a risk that the data may be viewed and used by unauthorized third parties. We cannot be held responsible for such vulnerabilities in systems that are beyond our control.

What rights do you have?

The General Data Protection Regulation recognizes several rights in relation to your personal data. You may request access to your data, correct any errors in our files and / or object to the processing of your personal data. You may also exercise your right to complain to the competent supervisory authority or to go to court. Where applicable, you may also have the right to request the deletion of your personal data, the right to restrict the processing of your data and the right to data portability.

More information on each of these rights can be obtained by consulting the paragraphs below.

In order to exercise your rights, you can contact us using the contact details set out above. Please note the following if you wish to exercise these rights:

Identity. We take seriously the confidentiality of all records that contain personal data. For this reason, please send us your requests regarding such registrations using the e-mail address you use in relation to Finaco. Otherwise, we reserve the right to verify your identity by requesting additional information aimed at confirming your identity.

Fees. We will not charge a fee to exercise any right in respect of your personal data, unless your request for access to information is unfounded, repetitive, or excessive, in which case we will charge a reasonable amount in such respect. circumstances. We will inform you of any fees applied before resolving your claim.

Response time. We intend to respond to any valid requests within a maximum of 30 working days, unless this is particularly complicated or if you have made several requests, in which case we will respond within a maximum of 60 days. We will let you know if we need more than 30 days. We may ask you if you can tell us exactly what you want to receive or what worries you. This will help us act faster and shorten the response time to your request.

Third party rights. We must not comply with a request if it would adversely affect the rights and freedoms of other data subjects.

You have the following rights:

– to confirm if we process your personal data;

– provide you with a copy of this data;

– to provide you with other information about your personal data, such as the data we have, what we use it for, to whom we disclose it, if we transfer it abroad and how we protect it, how long we keep it, what rights you have, how can you make a complaint, from where we obtained your data, to the extent that the information has not already been provided to you by this information.

You may ask us to rectify or complete your inaccurate or incomplete personal data. We may try to verify the accuracy of the data before rectifying it.


You can ask us to delete your personal data, but only if:

  • they are no longer necessary for the purposes for which they were collected; or
  • you withdrew your consent (if the data processing was based on consent); or
  • exercise a legal right to oppose; or
  • they have been processed illegally; or
  • we have a legal obligation in this regard. We are not obligated to comply with your request to delete your personal data if the processing of personal data is necessary:
  • for the observance of a legal obligation; or
  • to establish, exercise or defend a right in court.
  • You can ask us to restrict the processing of personal data, but only if:
  • their accuracy is contested (see rectification section), to allow us to verify their accuracy; or
  • the processing is illegal, but you do not want the data to be deleted; or
  • they are no longer needed for the purposes for which they were collected, but you need them to establish, exercise or defend a right in court; or
  • You have exercised your right to object, and the verification of whether our rights prevail is ongoing.

We may continue to use your personal data following a request for a restriction if:

  • we have your consent; or
  • to establish, exercise or ensure the defense of a right in court; or
  • to protect the rights of FinAco or any other natural or legal person.


You can ask us to provide you with personal data in a structured, commonly used and automatically readable format, or you can request that it be “ported” directly to another data controller, but in each case only if:

  • the processing is based on your consent or on the conclusion or execution of a contract with you; and
  • the processing is done by automatic means.
  • You can request not to be subject to a decision based solely on automatic processing, but only when that decision:
  • produces legal effects on you; or
  • affects you in a similar way and to a significant extent. This right shall not apply if the decision reached as a result of automatic decision-making;
  • we need you to conclude or run a contract with you;
  • is authorized by law and there are adequate guarantees for your rights and freedoms;
  • or is based on your explicit consent.


You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data. In Romania, the contact details of the supervisory authority for data protection are the following: The National Authority for the Supervision of Personal Data Processing B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania Telephone: +40.318.059.211 or +40.318.059.212; E-mail: anspdcp@dataprotection.ro

Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance, and we promise that we will make every effort to resolve any issue amicably.

We remind you that you can contact us at any time at: +40 364 11 33 31 or office@finaco.ro.