Personal data & GDPR / FADP

Privacy Policy

We are committed to protecting your personal data with full transparency, in compliance with GDPR and the Swiss Federal Act on Data Protection (FADP).

Last updated: 9 May 2026

Contents

  1. Data controller
  2. Data collected
  3. Purposes and legal bases
  4. Retention periods
  5. Recipients
  6. Your rights
  7. Data security
  8. Cookies and trackers
  9. Transfers outside the EU/EEA
  10. Contact & DPO

1. Data controller

The data controller for your personal data is:

  • Company name: Finance Global Services
  • Registered office: 25 rue de Fontarabie, 75020 Paris, France
  • SIREN: 429 052 384 — SIRET: 429 052 384 00063
  • Email: contact@financeglobalservices.com
  • Phone: +33 6 44 69 75 46
  • Supervisory authority: CNIL (France) — www.cnil.fr

2. Data collected

We collect the following categories of data depending on your interactions with our services:

CategoryData concernedSource
IdentitySurname, first name, date of birth, nationalityApplication form
ContactEmail address, phone number, postal addressContact / application form
Financial situationIncome, expenses, employment status, financing projectCredit application form
BrowsingIP address, pages visited, session duration, browserCookies and trackers
CommunicationsHistory of email, chat and telephone exchangesInteractions with our advisors

We do not collect any sensitive data within the meaning of Article 9 of the GDPR (racial origin, political opinions, health data, etc.) without your explicit consent.

3. Purposes and legal bases

PurposeLegal basis
Processing your credit applicationPerformance of a contract (Art. 6.1.b GDPR)
Assessing your creditworthinessLegal obligation (Art. 6.1.c GDPR)
Sending commercial communicationsConsent (Art. 6.1.a GDPR)
Improving our servicesLegitimate interest (Art. 6.1.f GDPR)
Anti-fraud and regulatory obligationsLegal obligation (Art. 6.1.c GDPR)
Statistics and analyticsConsent or legitimate interest (Art. 6.1.f GDPR)

4. Retention periods

  • Credit application data: 5 years from the end of the contractual relationship
  • Contact data: 3 years from the last contact
  • Browsing data: 13 months maximum
  • Identity documents: Duration of the contract + 5 years
  • Anti-money-laundering data: 5 years after the end of the business relationship

Upon expiry of these periods, your data is permanently deleted or anonymised.

5. Recipients

Your personal data may be communicated to the following categories of recipients:

  • Our financial partners: banks and credit institutions for processing your application
  • Technical service providers: hosting, CRM, emailing tools (bound by GDPR sub-processing agreements)
  • Competent authorities: ACPR (France), FINMA (Switzerland), judicial authorities on requisition
  • Credit bureaus: consultation of the credit file with CRIF or ZEK (Switzerland)

We never sell your data to third parties for commercial purposes.

6. Your rights

Under GDPR and the Swiss FADP, you have the following rights over your personal data:

Right of access

Obtain a copy of all the data we hold about you.

Right of rectification

Correct any inaccurate or incomplete data concerning you.

Right of erasure

Request deletion of your data under the conditions provided by GDPR.

Right to portability

Receive your data in a structured, machine-readable format.

Right to object

Object to the processing of your data, in particular for direct marketing purposes.

Right to restriction

Request temporary suspension of processing of your data.

To exercise these rights, send your request by email to contact@financeglobalservices.com or by post to our registered office, enclosing a copy of your identity document. We respond within 30 days.

If you are not satisfied, you have the right to lodge a complaint with the CNIL: www.cnil.fr/fr/plaintes. Swiss residents may also contact the FDPIC (Federal Data Protection and Information Commissioner): www.edoeb.admin.ch.

7. Data security

Finance Global Services implements appropriate technical and organisational measures to protect your data against unauthorised access, loss or destruction:

  • TLS 1.3 encryption of all communications
  • Encryption of data at rest (AES-256)
  • Two-factor authentication for internal access
  • Logging and monitoring of data access
  • Regular security audits and penetration tests
  • Mandatory data protection training for staff

8. Cookies and trackers

Our website uses cookies and trackers. For detailed information on their use and how to manage your preferences, please consult our Cookie Policy.

9. Transfers outside the EU/EEA

Some of our technical service providers may process your data outside the European Economic Area. In such cases, we ensure that appropriate safeguards are in place, including:

  • Standard contractual clauses adopted by the European Commission
  • Adequacy decisions for countries recognised as providing a sufficient level of protection

10. Contact & Data Protection Officer

Our Data Protection Officer (DPO) is available for any questions relating to the processing of your personal data:

This privacy policy may be updated. In the event of material changes, we will inform you by email or by a prominent notice on our website.