Privacy Policy

1. Introduction

FinEcon Analytics Ltd ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring transparency in how we handle personal data. This Privacy Policy explains our data practices, your rights, and how to exercise them.

Data Controller: FinEcon Analytics Ltd
Registered Address: 45 Lombard Street, London, EC3V 9EA, United Kingdom
Contact Email: [email protected]
Data Protection Officer (DPO): [email protected]

We process personal data in accordance with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and applicable international privacy laws. This policy applies to all users of our website (fineconom.co.uk) and services, regardless of location.

2. What Personal Data We Collect

We collect personal data directly from you and through automated systems. The categories of data we process include:

• Contact Information: Full name, email address, phone number, postal address, company name, and job title when you subscribe to newsletters or contact us.
• Account Data: Username, password (hashed), account preferences, and subscription tier if you create an account on our platform.
• Technical Data: IP address, browser type, operating system, pages visited, time spent on each page, referring/exit pages, and device identifiers.
• Cookies and Tracking: Session identifiers, analytics tracking IDs, marketing attribution cookies, and functional cookies for website optimization.
• Usage Data: Research papers downloaded, charts viewed, articles read, search queries, navigation patterns, and interaction history with our content.
• Communication Data: Email correspondence, inquiry content, feedback, survey responses, and support tickets.
• Financial Data: Payment method information (processed securely by third parties), subscription start/end dates, and invoice records.
• Inferred Data: Geographic location derived from IP address, interests inferred from browsing behavior, and professional profile deduced from usage patterns.

We do not knowingly collect personal data from children under 16 years of age. Our services are intended for adult financial professionals and investors.

3. How We Collect Your Data

We obtain personal information through multiple channels:

• Forms and Submissions: Newsletter signup, contact forms, research paper download requests, and event registration.
• Cookies: First-party cookies for session management, preferences, and security; third-party cookies from analytics and marketing partners.
• Analytics Tools: Google Analytics 4, Hotjar heatmaps, and server-side event tracking to monitor user behavior and website performance.
• Meta Pixel: Facebook/Instagram conversion tracking for retargeting campaigns (where you have consented).
• Server Logs: Automatic collection of HTTP headers, request timestamps, response codes, and bandwidth usage.
• Third-Party Data: Email verification services, fraud detection partners, and optional integration with professional networks.
• Direct Communication: Information you voluntarily provide via email, phone, live chat, or feedback forms.

Cookies are placed with your explicit consent (marketing/tracking) or due to legitimate operational necessity (essential/functional). You can manage cookie preferences through your browser settings or our cookie consent banner.

4. Why We Process Your Data – Legal Basis

Under GDPR Article 6, we process personal data based on the following legal grounds:

• Consent (Article 6(1)(a)): Marketing emails, analytics cookies, and advertising pixels are processed only with explicit consent, which you can withdraw at any time.
• Contract Performance (Article 6(1)(b)): Delivering research content, managing subscriptions, processing payments, and fulfilling service requests you initiate.
• Legal Obligation (Article 6(1)(c)): Compliance with financial regulations, tax reporting, anti-money laundering (AML) screening, and fraud prevention requirements.
• Legitimate Interests (Article 6(1)(f)): Website security, fraud detection, analytical improvements, service optimization, and business continuity planning—balanced against your privacy expectations.

We conduct Data Protection Impact Assessments (DPIA) for high-risk processing activities and maintain records of processing activities as required by Article 30 of the GDPR.

5. How We Use Your Data

We use your personal data for the following purposes:

• Service Delivery: Creating accounts, authenticating users, delivering research content, managing subscriptions, and providing customer support.
• Communication: Responding to inquiries, sending transactional emails (receipts, confirmations), and administrative notifications about service changes.
• Marketing (Consent-Based): Sending newsletters, market analysis reports, webinar invitations, and promotional offers. You can opt-out anytime via the unsubscribe link.
• Analytics and Insights: Aggregating anonymized usage patterns to understand user behavior, optimize website performance, and improve content relevance and design.
• Personalization: Tailoring content recommendations, displaying relevant research papers, and customizing the user experience based on your interests and browsing history.
• Retargeting Ads: Using Meta Pixel and Google Ads to display relevant financial market insights to users across Facebook, Instagram, and Google properties.
• Security and Compliance: Detecting and preventing fraud, unauthorized access, and abuse; ensuring regulatory compliance; and investigating security incidents.
• Legal Defense: Preparing for and defending against legal claims, disputes, and regulatory inquiries.

We never sell personal data. Marketing and profiling are optional and consent-based; you retain full control to withdraw consent at any time.

6. Data Retention Periods

We retain personal data only as long as necessary for the stated purposes or as required by law:

• Newsletter Subscriber Data: For the duration of the subscription; deleted within 30 days of unsubscribe or inactivity exceeding 24 months.
• Contact Form Submissions: Retained for 2 years to respond to inquiries and maintain communication history, then deleted securely.
• Account Data: Retained for the active account lifetime plus 12 months after account closure for archival and dispute resolution.
• Payment Records: Retained for 6 years per UK tax law and accounting standards; payment processor retains data per their policies.
• Analytics Cookies: Retained for 13 months; older data is automatically aggregated and anonymized.
• Server Logs: Automatically purged after 90 days except where required for security investigations.
• Support Tickets: Retained for 3 years for quality assurance and audit trail purposes.
• IP Address Logs: Stored for 30 days for security monitoring; anonymized thereafter for trend analysis.

Where a legal hold is in place (litigation, investigation), we retain data until the hold is lifted. Deletion requests are processed within 30 days, unless technical or legal constraints apply.

7. Who We Share Your Data With

We only share personal data with third parties when necessary to deliver services or comply with legal obligations. Recipients are contractually bound to protect your data:

• Payment Processors: Stripe, PayPal, and other payment gateways process payment methods; we never store full credit card details.
• Hosting Provider: Amazon Web Services (AWS) and Cloudflare host our servers and provide CDN/DDoS protection within EU data centers.
• Analytics Partners: Google Analytics, Hotjar, and Mixpanel receive anonymized usage data to generate insights; these partners have their own privacy policies.
• Marketing Platforms: Mailchimp (email marketing) and SendGrid process newsletter subscriptions; Facebook and Google receive anonymized conversion data via Meta Pixel and Google Ads.
• Email Service Provider: Mailchimp stores email addresses and engagement metrics (opens, clicks) for newsletter management.
• Customer Support Tools: Zendesk manages support tickets; data is encrypted and retained per our support SLA.
• Legal/Regulatory Bodies: Law enforcement, tax authorities, and financial regulators (FCA, HMRC) may receive data in response to lawful requests.
• Service Providers: Data security consultants, backup vendors, and IT support contractors who are subject to Data Processing Agreements.

No Data Sales: We explicitly do NOT sell, rent, or trade personal data to third parties for marketing purposes. We do not use your data for behavioral profiling beyond your own service experience.

All data processors are bound by Data Processing Agreements (DPA) compliant with GDPR Article 28, ensuring adequate safeguards and sub-processor transparency.

8. International Data Transfers

Some of our service providers operate outside the European Economic Area (EEA), particularly in the United States. We ensure lawful transfers through:

• Standard Contractual Clauses (SCCs): Required in all agreements with non-EEA processors to ensure GDPR-compliant data protection terms.
• Adequacy Decisions: Where available, we leverage UK-US or EU-US adequacy arrangements for transfers to certified providers.
• AWS Compliance: Our primary hosting provider operates under AWS Standard Contractual Clauses and maintains EU data residency options.

If you are located outside the UK/EU, your data may be transferred to and processed in the UK. By using our services, you consent to such transfer. We remain compliant with applicable local laws where you reside.

9. Your Data Protection Rights

Under GDPR Articles 15–22, you have the following rights (subject to applicable exemptions):

• Right of Access (Article 15): You may request a copy of all personal data we hold about you in a structured, commonly used, and machine-readable format. We will provide this within 30 days of verified request.
• Right to Rectification (Article 16): You may correct incomplete or inaccurate information. We will update records within 14 days.
• Right to Erasure (Article 17): You may request deletion of your data ("right to be forgotten"), except where we have a legal obligation to retain it. Deletion occurs within 30 days unless technical constraints apply.
• Right to Restrict Processing (Article 18): You may limit how we process your data while disputes are resolved or during erasure requests.
• Right to Data Portability (Article 20): You may obtain and reuse your data in a portable format (e.g., CSV, JSON) with another service provider.
• Right to Object (Article 21): You may object to direct marketing, profiling, and processing based on legitimate interests. Objections are honored immediately for marketing; other objections are reviewed within 30 days.
• Right to Withdraw Consent: For any processing based on consent (marketing, analytics cookies), you may withdraw consent at any time via our preference center or by emailing [email protected].
• Right Not to Be Subject to Automated Decision-Making (Article 22): We do not make automated decisions with legal or significant effects on individuals without human review.

To exercise any of these rights, contact us at [email protected] with "Data Subject Rights Request" in the subject line. We will verify your identity before processing requests.

Right to Lodge a Complaint: If you believe we have violated your data protection rights, you may file a complaint with the supervisory authority in your jurisdiction. In the UK, contact the Information Commissioner's Office (ICO) at ico.org.uk or +44 303 123 1113.

There is no charge for exercising these rights unless requests are manifestly unfounded or excessive, in which case we may impose a reasonable fee.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (pixels, web beacons, local storage) to enhance your experience and measure performance:

• Essential Cookies: Necessary for website functionality (session ID, CSRF token, authentication). These are not subject to consent.
• Functional Cookies: Remember your preferences (theme, language, layout). Optional but improve usability.
• Analytics Cookies: Google Analytics (_ga, _gid) track pageviews, bounce rate, and user flow. Deployed with your consent.
• Marketing Cookies: Meta Pixel (fbq), Google Ads, and LinkedIn Pixel track conversions and enable retargeting. Opt-in only.
• Third-Party Cookies: Partners like Facebook and Google place cookies on our domain for their own analytics and advertising purposes.

Cookie Consent: On your first visit, a banner requests consent for non-essential cookies. You can accept, reject, or manage preferences individually. Your choice is saved in localStorage for 12 months.

Managing Cookies: You can refuse or delete cookies via your browser settings (Settings → Privacy → Cookies). Note that disabling essential cookies may impair website functionality.

For more information about cookies, visit allaboutcookies.org. Third-party partners' privacy practices are available on their respective websites (Google, Facebook, LinkedIn).

11. Children's Privacy

Our website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If we discover that a child under 16 has submitted data, we will delete it immediately and notify parents where possible.

If you believe we have collected data from a minor, contact [email protected] immediately with evidence, and we will investigate and remedy the situation within 48 hours.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in law, technology, or our practices. We will notify you of material changes via:

• Email to your registered address (for account holders)
• A prominent notice on our website homepage
• Posting the updated date at the top of this policy

Continued use of our services after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically. The "Last Updated" date indicates the most recent revision.