Privacy Policy

This policy explains how Finro Limited collects, uses, and protects personal data when you visit our website, contact us, book a call, or purchase a digital product. It is provided in accordance with the EU General Data Protection Regulation (GDPR) and applicable national data protection law.

Last updated: 11 June 2026

1. Who is responsible for your data

The controller responsible for processing your personal data is:

Finro Limited 64, "Excalibur", B. Bontadini Street, Birkirkara, Malta Company registration number: C 84689 (Malta Business Registry) Email: info@finrofca.com

We have not appointed a Data Protection Officer. Under Article 37 of the GDPR and Section 38 of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), we are not required to do so. For any data protection enquiry, contact us at info@finrofca.com.

2. The data we collect, why, and on what legal basis

Visiting the website

When you visit the site, our hosting provider automatically processes technical data such as your IP address, browser type, device information, the pages you view, and the date and time of access. This is necessary to deliver the site, maintain security, and prevent abuse. Legal basis: our legitimate interest in operating a secure, functioning website (Art. 6(1)(f) GDPR).

Analytics and advertising

We use Google Analytics 4 to understand how visitors use the site, and Google Ads to measure the performance of our advertising and to reach relevant audiences. These tools set cookies and process online identifiers, usage data, and a shortened IP address. They run only after you give consent through our cookie banner, and you can withdraw consent at any time. Legal basis: your consent (Art. 6(1)(a) GDPR), together with the consent requirement for non-essential cookies under applicable ePrivacy law.

Contacting us

When you use our contact form, we process your name, email address, the reason for contact, and your message. We use this only to respond to and handle your enquiry. Legal basis: our legitimate interest in responding to enquiries and, where your enquiry concerns engaging our services, taking steps at your request before entering a contract (Art. 6(1)(f) and Art. 6(1)(b) GDPR).

Booking a call

When you schedule a call, our scheduling provider processes your name, email address, and the details of the booking. We use this to arrange and hold the meeting. Legal basis: steps taken at your request before entering a contract, and our legitimate interest in managing scheduling (Art. 6(1)(b) and Art. 6(1)(f) GDPR).

Purchasing a digital product

When you buy a dataset or other digital product, payment is handled by our payment provider, which processes the data needed to complete the transaction, such as your name, email address, and billing details. We do not receive or store your full card details. After purchase you are redirected to a page providing your download. Legal basis: performance of the contract for the product you purchase (Art. 6(1)(b) GDPR).

Accounting and record-keeping

We keep records of transactions and customer details in our accounting system to issue invoices and meet our bookkeeping and tax obligations. Legal basis: compliance with our legal obligations under commercial and tax law (Art. 6(1)(c) GDPR).

Client engagements

If you engage us for advisory work, you may share information with us during the engagement, which can include financial information and, in some cases, personal data relating to founders, team members, or other individuals. We process this only to deliver the agreed services. Legal basis: performance of our contract with you, and our legitimate interest in carrying out the engagement (Art. 6(1)(b) and Art. 6(1)(f) GDPR). Where you provide personal data about other individuals, you are responsible for ensuring you may lawfully share it with us.

Older embedded content

Some older articles may contain embedded third-party content such as videos or social posts. Viewing a page with such an embed can cause the relevant provider to set cookies or receive your IP address. Where this involves non-essential cookies, it is subject to your consent.

We do not send marketing emails or newsletters, and we do not carry out cold outreach.

3. Service providers who process data on our behalf

We use established third-party providers to run the website and our operations. Each processes personal data only as needed to provide its service to us:

  • Squarespace, our website host and the provider of our contact forms and online store

  • Google (Google Ireland Limited and Google LLC), for analytics and advertising

  • Stripe, our payment provider

  • Calendly, our scheduling provider

  • Intuit (QuickBooks), our accounting system

4. International data transfers

Some of these providers are based in, or process data in, the United States. Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards: the EU-US Data Privacy Framework where the recipient is certified under it, and the European Commission's Standard Contractual Clauses where it is not. You can request more detail on these safeguards using the contact details above.

5. How long we keep your data

We keep personal data only as long as necessary for the purpose it was collected for:

  • Website technical and log data: for a short period, then deleted or anonymised

  • Contact enquiries: for as long as needed to handle your enquiry and a reasonable follow-up period, then deleted, unless the enquiry leads to an engagement

  • Booking data: for as long as needed to arrange the meeting and any resulting follow-up

  • Transaction, customer, and accounting records: for the period required by applicable commercial and tax law, generally up to ten years

  • Analytics and advertising data: for the retention period configured in the relevant tool, or until you withdraw consent

6. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you

  • have inaccurate data corrected

  • have your data erased in certain circumstances

  • restrict or object to our processing in certain circumstances

  • receive your data in a portable format

  • withdraw consent at any time, where processing is based on consent, without affecting processing carried out before withdrawal

To exercise any of these rights, contact us at info@finrofca.com. We will respond within the timeframes required by law.

7. Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority, in particular in the EU country where you live or work. Given our operations, the competent German authority is the Hessian Commissioner for Data Protection and Freedom of Information (Der Hessische Beauftragte für Datenschutz und Informationsfreiheit), and the authority for our country of registration is the Information and Data Protection Commissioner of Malta (IDPC).

8. Data security

We use appropriate technical and organisational measures to protect personal data, including encrypted connections (HTTPS) and the use of reputable providers who maintain their own security standards. No method of transmission over the internet is completely secure, but we work to protect your data and keep our measures under review.

9. Children

Our website and services are intended for businesses and professionals and are not directed to children. We do not knowingly collect personal data from anyone under 16.

10. Automated decision-making

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

11. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The current version is always available on this page, with the date of the last update shown above.

12. Contact

For any question about this policy or how we handle your data, contact us at info@finrofca.com.