Finowo

Privacy Policy

Last updated: November 2025

Introduction

FINOWO sp. z o.o. ("we", "our", "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.

Information We Collect

Personal Information

We may collect personal information that you voluntarily provide to us when you:

  • Register on our website
  • Express interest in our products or services
  • Participate in activities on our website
  • Contact us

The personal information we collect may include:

  • Name and contact data (email, phone number, address)
  • Credentials (passwords, security questions)
  • Payment information
  • User-generated content

Automatically Collected Information

When you visit our website, we automatically collect certain information about your device, including:

  • Browser and device characteristics
  • Operating system
  • Language preferences
  • Referring URLs
  • Device name and country
  • Information about how and when you use our website
  • Other technical information

How We Use Your Information

We use personal information collected via our website for:

  • Facilitating account creation and authentication
  • Sending you marketing and promotional communications
  • Providing and managing your account
  • Processing your transactions
  • Improving our services
  • Protecting our services and users
  • Responding to legal requests and preventing harm

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Consent (Art. 6(1)(a) GDPR) - You have given explicit consent
  • Contract (Art. 6(1)(b) GDPR) - Processing is necessary to fulfill a contract with you
  • Legal Obligation (Art. 6(1)(c) GDPR) - We must comply with legal requirements
  • Legitimate Interests (Art. 6(1)(f) GDPR) - Our legitimate business interests (balanced with your rights)

Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this Privacy Policy. Retention periods depend on:

  • Contractual obligations - Duration of the contract plus applicable limitation periods
  • Legal requirements - As required by Polish and EU law (typically 5-10 years for financial records)
  • Legitimate interests - Until the purpose is fulfilled or you object

After the retention period, we securely delete or anonymize your data.

Your Privacy Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of Access (Art. 15 GDPR) - Access to your personal information
  • Right to Rectification (Art. 16 GDPR) - Correct inaccurate data
  • Right to Erasure (Art. 17 GDPR) - Delete your information ("right to be forgotten")
  • Right to Restriction (Art. 18 GDPR) - Request restriction of processing
  • Right to Data Portability (Art. 20 GDPR) - Receive your data in structured format
  • Right to Object (Art. 21 GDPR) - Object to processing of your information
  • Right to Withdraw Consent (Art. 7 GDPR) - Withdraw consent at any time
  • Right to Lodge a Complaint - File a complaint with supervisory authority

Polish and EU Regulatory Compliance

As a Polish company, we comply with:

  • GDPR (EU Regulation 2016/679) - General Data Protection Regulation
  • Polish Data Protection Act (Act of 10 May 2018)
  • Electronic Services Act (Act of 18 July 2002)
  • Telecommunications Law (Act of 16 July 2004) for cookies

Cookies and Tracking

We use cookies and similar tracking technologies in accordance with GDPR and Polish Telecommunications Law (Art. 173). Types of cookies used:

  • Essential cookies: Necessary for website functionality (no consent required)
  • Analytics cookies: Help us understand how visitors use our website (requires consent)
  • Marketing cookies: Used to personalize advertising (requires consent)

Cookie Consent: We obtain explicit consent before using non-essential cookies, in compliance with GDPR and Article 173 of the Polish Telecommunications Law.

You can manage your cookie preferences at any time:

  • Through your browser settings
  • Through our cookie management panel on the website
  • By contacting us directly

Third-Party Services and Data Processors

We may employ third-party data processors to:

  • Facilitate our service
  • Provide service-related services
  • Perform service-related activities
  • Assist us in analyzing how our service is used

All third-party processors:

  • Are bound by Data Processing Agreements (DPA) compliant with Art. 28 GDPR
  • Have access to personal data only to perform tasks on our behalf
  • Are obligated not to disclose or use data for any other purpose
  • Implement appropriate technical and organizational security measures
  • Process data only in the EU/EEA or countries with adequacy decisions

Data Security

We implement appropriate technical and organizational security measures to protect your personal information. However, no method of transmission over the Internet is 100% secure.

International Data Transfers

We primarily process data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure:

  • Adequacy Decision - Transfer to countries with EU Commission adequacy decisions
  • Standard Contractual Clauses (SCCs) - Using EU-approved standard contractual clauses
  • Binding Corporate Rules - Internal data protection policies
  • Explicit Consent - Your explicit consent for the transfer

Your data is protected by appropriate safeguards ensuring compliance with GDPR requirements.

Children's Privacy

Our services are not directed to children under 16 years of age (as required by GDPR Art. 8). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Supervisory Authority

You have the right to lodge a complaint with the Polish supervisory authority:

President of the Personal Data Protection Office (UODO)

Contact Us

For questions about this Privacy Policy or to exercise your GDPR rights:

  • Email: hello@finowo.finance
  • Address: FINOWO sp. z o.o., Żurawia 6/12 lok 745, 00-503 Warszawa, Poland

Data Protection Officer

You can contact our Data Protection Officer (DPO) for any data protection inquiries:

We will respond to your request within 30 days as required by GDPR Art. 12.