Front Financial Global PRIVACY NOTICE
This Global General Privacy Notice (this “Notice”) describes how Front Financial Inc. and its affiliates (collectively referred to as “Front Financial”, “we”, “us”, “our” or similar pronouns) collect, use, and process personal information about natural persons globally (“customers”). Depending on the jurisdiction of such individuals, we seek to uphold data privacy practices in line with the following regulations:
|United States||Gramm-Leach-Bliley Act (“GLBA”); Regulation S-P, California Consumer Privacy Act (“CCPA”), others as applicable.|
|European Economic Area||General Data Protection Regulation (“GDPR”).|
|Other (ex. the Germany, Turkey, etc.)||Comparable regulations, as applicable.|
Our privacy policies seek to minimize personal information storage and will hold data for the minimum required retention periods.
This Notice describes our privacy policies and practices with respect to “nonpublic personal information” (as defined by GLBA) such as personally identifiable financial information that is not otherwise publicly available (collectively, “personal information”) of natural persons who are current or former customers of Front Financial’s financial products or services within the meaning of GLBA (“you”).
- YOUR PRIVACY IS IMPORTANT TO US
Your privacy is important to us. We recognize that customers entrust your personal information to us, and we understand the importance of maintaining the confidentiality and security of your personal information. As used in this Notice, “personal information” means any information related to employees as an identified or identifiable natural person.
This Notice replaces all previous global customer privacy notices and may be amended from time to time. Please read this Notice in its entirety to understand what we do with your personal information.
2. WHAT PERSONAL INFORMATION DO WE COLLECT?
We collect, use and process various types of personal information about employees and your accounts, and activities. The types of personal information we collect and share depend on the product or service employees have with us. This information includes:
- Personal details, such as name, age, occupation, and marital status;
- Contact details, such as email address and mailing address;
- Identification documents, such as your passport, national identity card or driver’s license;
- A personal identifier or identification number, such as your taxpayer identification number;
- Financial information, such as source of wealth, financial resources, investment experience, risk tolerance, etc.;
- Account balances and account transactions;
- Assets and account history; and
- Information about your device and online activities if employees interact with us online or access www.getfront.com or any other website or online service on which the is posted, as described in that policy, including information collected through cookies and other tracking technologies.
We collect personal information about employees from various sources, including but not limited to:
- Information we receive from employees, such as on your Front Financial App and other Front Financial specific forms, in your communications with us, or if employees provide information to us through a Front Financial website or online service;
- Information about your transactions with us; and
- Information we receive from third parties, including but not limited to credit bureaus or affiliates.
Where existing or prospective corporate customers/vendors provide us with personal information relating to their directors, employees, officers, agents, customers or any other person, such information is deemed to have been provided on the basis that: (i) those individuals have been informed and understand that their personal information is being provided to us or our affiliates; (ii) those individuals have been provided with information regarding the collection, use, processing, disclosure and cross-border transfer of their personal information; (iii) the customer/vendor has a lawful basis (in accordance with applicable data protection laws and regulations) to provide such personal information to us for our use in accordance with this Notice; and (iv) those individuals are aware of their data protection rights and how to exercise them.
While employees are not required to supply any of the aforementioned personal information to us, please know that failure to do so may result in our being unable to open, maintain or provide service to employees.
3. PURPOSES FOR WHICH WE USE YOUR PERSONAL INFORMATION
We or others authorized to act on our behalf may use your personal information for the following purpose(s):
- To provide our products and services and to enhance the quality of the products and services we provide employees;
- In connection with your relationships and investments with or through us including:
- to provide services requested by employees;
- to perform obligations under our agreements;
- to conduct credit checks;
- to confirm a person’s authority as a representative or agent of employees or an organization employees represent; and
- to carry out day-to-day business functions;
- To carry out credit, money laundering and conflict checks;
- To contact employees about products and services (including for marketing purposes);
- Conduct monitoring activities to the extent permissible under applicable law. Examples include but are not limited to:
- monitoring to investigate or detect unauthorized or unlawful processing or misuse of our data, including data of our vendors and customers;
- monitoring to ascertain compliance with regulatory practices; and
- monitoring to ascertain or demonstrate the standards which are achieved or ought to be achieved by persons using the system in the course of their duties;
- In order to comply with legal and regulatory obligations and requests and/or to defend our legal rights; and
- Other legitimate business purposes as deemed required and otherwise permitted by law.
If employees provide us with information about third parties (e.g., relatives, beneficiaries, guardians), employees agree to inform such third parties and obtain their consent to the processing in accordance with this Notice and any other applicable laws and regulations prior to providing the information to us.
Front Financial does not use personal information to perform automated individual decision-making or profiling.
4. SHARING PERSONAL INFORMATION
We may process personal information in, and transfer personal information to, Front Financial affiliates (in various ways and for various reasons), service providers and other third parties in countries that may not guarantee the same level of protection for personal information as the country in which employees reside.
i. SHARING WITH Front Financial AFFILIATES
Front Financial does not have affiliates at this time.
ii. SHARING WITH SERVICE PROVIDERS
Front Financial shares personal information with service providers that work for us in the countries in which we operate. We require service providers that provide Front Financial support or marketing services to agree to adhere to appropriate security standards.
iii. SHARING WITH OTHER THIRD PARTIES
Front Financial shares personal information with other third parties which may include public, regulatory and government authorities, credit reporting agencies, intermediaries or non-affiliated third parties as requested by employees or for the purposes described in this Notice.
iv. SHARING ACROSS JURISDICTIONS
Your personal information may be stored, processed, and transferred outside of the country employees reside (and outside of the EEA) for the purposes described in this Notice, including in countries that may not guarantee the same level of protection for personal information as the country in which employees reside.
We will endeavor to make sure that any transfers of your personal information from one country to another comply with those data protection and privacy laws which apply to us. In particular, European data protection laws include specific rules on transferring personal information outside the EEA. For example, and among other lawful bases for transfers, we may transfer personal information outside the EEA:
- Pursuant to standard data protection clauses approved by the European Commission for transferring personal information outside the EEA under Article 46(2) of the General Data Protection Regulation (GDPR); or
- to a country which is deemed to provide “adequate” protection for personal information by the European Commission under Article 45 of the GDPR.
v. PROTECTING YOUR PERSONAL INFORMATION
Front Financial has a policy to maintain physical, electronic, and procedural safeguards that comply with applicable law to help protect the personal information we collect about employees, prevent unlawful or unauthorized processing of personal information, and prevent unauthorized disclosure of, or accidental loss of, or damage to, such information. We endeavor to restrict access to personal information about employees to those employees, agents or other parties who need to know that information to provide products and services to employees or in connection with your investments with or through us.
vi. OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION
We use your personal information where there is an appropriate lawful basis. Specifically, we process your personal information under the following legal grounds:
- The processing is necessary to meet contractual obligations into which employees have entered or to take preparatory steps to enter into a contract.
- The processing is necessary for the purposes of our legitimate interests or those of a third party, as long as such interests are not overridden by your fundamental rights and freedoms. For example, we have a legitimate interest in using your personal information to send employees marketing communications about our business, services and news. You can choose not to receive these messages when employees first provide your personal information to us, or by contacting us at any time to opt out using the contact information in “The Right to Access” section below or by following the unsubscribe instructions in our communications.
- The processing is necessary to meet our legal and/or regulatory obligations, for example to prevent money laundering and fraud.
- In rare cases, we may process your personal information for the protection of your interests (or someone else’s interests) or where it is needed in the public interest.
- We will only process personal information within the “special categories” of personal information under the GDPR where a further condition is also met.
vii. HOW LONG WE KEEP OUR PERSONAL INFORMATION
We endeavor to only keep your personal information in a form that allows employees to be identified for as long as we need to in order to use it for the reasons described above. At the end of the applicable retention period, we may destroy, erase from our systems, or anonymize personal information as part of such efforts. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of the personal information, the purposes for which we process the personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
- Where necessary, we shall keep your personal information for as long as required to do so by law or to establish, exercise or defend our legal rights.
- Customer personal details used for marketing purposes will be held for an appropriate period of time since your last interaction with us. The precise length of time will depend on the type of data, our legitimate business needs and other legal or regulatory rules that may require us to retain it for certain minimum periods.
- To make sure that employees do not receive marketing from us after employees have told us to stop sending it, we need to keep a record of that instruction with your contact details. We shall hold that information until employees tell us otherwise.
2. 5. ADDITIONAL PROTECTIONS UNDER THE GENERAL DATA PROTECTION REGULATION (“GDPR”) AND SUBSTANTIALLY SIMILAR LAWS
You may be entitled to additional protections and to exercise additional rights under GDPR or a substantially similar law if employees reside in the European Economic Area or a jurisdiction with substantially similar privacy or data protection laws (including, for example, the United Kingdom, Switzerland and Cayman Islands). Such rights include, where conditions are met, the rights set forth below.
i. THE RIGHT TO ACCESS
You are entitled to request to access any personal information about employees held by Front Financial.
You may exercise these rights by sending a written request, specifying the nature of your request in reasonable detail, to us by email at [email protected].
You may be required to supply a valid means of identification as a security measure aimed to prevent the unauthorized disclosure of your personal information. Your request will be processed within the time proscribed by applicable law.
You may have the right to object to further processing of your personal information in certain circumstances.
ii. THE RIGHT TO OPT OUT WITH RESPECT TO MARKETING MATERIALS
In the ordinary course, Front Financial may contact employees by mail, telephone, electronic mail, etc., with details of products and services that may be of interest to employees, in accordance with this Notice and applicable laws. Should employees not wish to be contacted in this manner, please be sure to unsubscribe using the instructions in our communications or send us a written request, specifying the nature of your request in reasonable detail, to us by email at [email protected].
iii. THE RIGHT TO BE FORGOTTEN
You may also have the right to request that your data be erased by Front Financial or third parties, subject to additional, applicable jurisdictional retention requirements. To exercise this right, please submit a request as described under “The Right to Access” section above.
iv. THE RIGHT TO DATA PORTABILITY
If your personal information is available from us in a “structured and commonly used format,” employees may have the right to demand a transfer of your personal information to a new service provider. To exercise this right, please submit a request as described under “The Right to Access” section above.
v. THE RIGHT TO RECTIFICATION
You also have the right to request that we rectify any inaccurate or incomplete personal information that we process or control. To exercise this right, please submit a request as described under “The Right to Access” section above.
vi. THE RIGHT TO WITHDRAW CONSENT OR OBJECT
This right enables employees to withdraw consent at any time (where relevant) or to object to us processing your personal information where we do so for one of the following reasons: (i) our legitimate interests; or (ii) to send employees relationship management materials for additional products or services. To exercise this right, please submit a request as described under “The Right to Access” section above.
vii. THE RIGHT TO LODGE A COMPLAINT
In accordance with data protection laws, employees also have the right to lodge a complaint with applicable data protection authorities, in particular, in the Member State of the European Union of your habitual residence, place of work or of an alleged infringement of the GDPR or with the UK regulator for data protection, the Information Commissioner’s Office.
Requests and/or questions concerning your rights can be made to us by email at [email protected]
SECURING YOUR DATA
Under certain circumstances, and in addition to the security protection measures referenced above, Front Financial may notify employees and/or the requisite legal authority of a personal information breach and document the same. Front Financial may also conduct data protection impact assessments.
This Notice was last updated on November 04, 2022.