Privacy Policy

Finastra Privacy Notice

Updated: February 1, 2026

INTRODUCTION

Turaz Global S.à r.l and its group companies d/b/a Finastra (“we”, “us” or “Finastra”) is a leading provider of financial services software that the world's financial institutions rely on every day to help them grow and succeed. Our customers, consumers, prospects, registered users, applicants for employment, and others with whom we do business entrust us with their personal data and personally identifiable information (“Personal Information”) and they expect us to protect that Personal Information with the same level of care we do our own. This is fundamental to the way we do business.

This Finastra Privacy Notice (the “Notice”) describes the practices we have adopted with respect to processing Personal Information including the collection, use, storage or disclosure of Personal Information, (i) on our websites that link to this Notice (collectively the “Sites”); (ii) when you interact with our support centre or other online forums; (ii) when you participate in our webinars, events and demonstrations; (iii) when you purchase our products or services (“Services”); or (iv) when you interact with us as a vendor, partner or sub-contractor, except where there are specific privacy requirements for a Service and a separate policy has been published for that particular Service.

SCOPE & CHANGES TO THIS NOTICE

Whether acting as a data controller, a data processor or data intermediary, Finastra is required to comply with all applicable laws and regulations protecting the privacy of Personal Information in the jurisdictions where Finastra conducts business.

Specifically, this Notice applies to Personal Information where we decide how and why your Personal Information is Processed (i.e., where we are the data controller). This Notice does not apply where we are acting as a service provider or data processor to another organization (e.g., our customers) who decide how and why we Process Personal Information. Where we act as a service provider or data processor—in lieu of a data controller—this Notice does not apply.

We may amend this Notice from time to time, should it become necessary or advisable to do so to comply with regulatory requirements or best practices. The most recent modification date of this Notice will appear at the top of this page. If we materially change our practices in processing Personal Information, we will post an updated policy in place of this Notice. If you do not agree to any updates to this Notice, please do not continue using or accessing the Sites and Services.

GENERAL DEFINITIONS

These definitions may vary slightly according to local data privacy laws.

“Personal Information” is any information relating to an identified or identifiable natural person (which in some jurisdictions may include individuals who are recently deceased, and whether or not the information is true) or to a legal entity (to the extent protected under applicable data protection law), recorded in any medium including but not limited to electronic, paper, or voice recordings. It may include information such as name, address, date of birth, identification numbers, financial information and any other identifiable personal information. Personal Information may include non-identifiable information which, when combined with other information to which Finastra is likely to have access, can be used to identify an individual.

Individuals or entities that are identified or identifiable by Personal Information are referred to as “data subjects”.

“Processing” means any operation that is performed on Personal Information, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, blocking, disabling or destruction.

“Sensitive Personal Information” is a subset of Personal Information, which due to its sensitive nature has been classified by law or policy as requiring additional privacy protection. Sensitive Personal Information may include, without limitation, race, ethnicity, health information, biometric information, religion, gender, sexual orientation, medical/health records, credit card information, dietary requirements, political beliefs and criminal history.

1. NOTICE

We will provide notice and, where required by law, obtain consent, in order to Process Personal Information for the purposes set out in this Notice.

Jurisdiction-Specific Notices

For Processing carried out by Finastra when acting as a data controller within the European Economic Area (“EEA”), the UK or Switzerland or in respect of any Processing of Personal Information relating to data subjects in the EEA, the UK or Switzerland carried out by Finastra when acting as a data controller (“European Processing Activities”), please see our supplemental notice that meets applicable European data protection notice requirements (“Finastra EEA/UK/Switzerland Privacy Notice”). If you are a candidate applying for a position at Finastra in the EEA/UK/Switzerland please refer to our Finastra EEA/UK/Switzerland Applicant Privacy Notice.

For more information regarding the privacy rights of California residents, please refer to the Finastra California Privacy Notice. If you are a candidate applying for a position at Finastra and you are a resident of California, please refer to our California Applicant Privacy Notice.

Personal Information Collected

The nature of the information we collect or receive varies depending on the Service being provided. We process Personal Information in a reasonable and lawful manner for relevant business purposes. Personal Information, for the following categories of purposes (as further defined in Purposes for Processing below, and disclose to the following categories of third parties (as further defined in Onward Transfers & Disclosures below):

Categories of Personal Information	Categories of Purposes (defined in the Use of Information section above)	Categories of Recipients (defined in the Disclosure of Information section above)
Identifiers such as Name, phone number, e-mail address, IP address	Direct Marketing Communication; Site and Service Delivery Email Alerts Personalization; Advertising; Analytics Evaluation and Improvement Quality Assurance Lawful Processes; Protection of Company With Your Consent	Finastra Group Companies Third-Party Service Providers Marketing Providers Law Enforcement and Government Authorities Business Transactions Advisors At Your Direction
Commercial information such as transaction information and purchase history
Internet or other similar network activity such as information regarding your interaction with the Sites, browsing history, etc.
Approximate geolocation data such as IP address
Audio, electronic, visual, or similar information such as photographs and voice recordings
Professional or employment-related information such as title of profession, employer, business contact information
Inferences drawn from other personal information

Unless specifically responding to a question asked by us, please do not include any sensitive data as part of your application, i.e. information relating to your racial or ethnic origin, political opinions, religious beliefs, trade union membership, health status or sexuality, or information regarding criminal convictions. If we do require this information in connection with your internation with us, this will be highlighted to you where we will obtain any necessary consents or acknowledgements.

Purposes for Processing

We collect Personal Information for different purposes, in particular the following:

Direct Marketing: We may occasionally use direct marketing to introduce and market new Services that may be of interest, or to point out different ways that users may be able to take advantage of existing Services. Where required by law, we will obtain consent before using Personal Information for direct marketing purposes. In order to provide you with a personalized experience, these communications may be tailored to your preferences based on, for example, inferences we make using your visits to the Sites, Services or the links you click on in our emails. Please note that pixel tags, cookies and other online trackers may be used within emails to track your interactions with those websites and when emails are opened. We will also provide an “unsubscribe” or other mechanism to allow opt out from receiving direct marketing messages from us. However, because of the nature of our Services, users who elect not to receive direct marketing messages from us may still be contacted with messages relating to servicing an account with us, or with notifications about software upgrades or release availability, or of other information related to licensed products, if applicable.
Communication; Site and Service Delivery: For the purpose for which you disclosed and we collected the information about you, for example, to process and communicate with you in connection with the Sites, Services, or requests from you. In order to deliver the Sites and Services, (including, for example, administering your Service account), we may gather specific information (contact, financial, and other general information), as well as information relating to business needs and preferences and additional non-identifiable information (such as core system, domain server, computer operating system, or web browser).
Email Alerts: We may ask for an email address upon registration for email alerts on Finastra Sites, for the Services or through a Finastra mobile app. Additional information may be collected depending on the type of alert requested. We will provide an “unsubscribe” or other mechanism to allow individuals who no longer wish to receive email alerts from us.
Personalization; Advertising; Analytics: To tailor the content and information that we may send or display to you, to suggest personalized help and instructions, and to personalize your experience while visiting or using our Sites and/or Services; sharing it with our third party service providers to understand how our Sites and Services are used and to improve the Sites and Services; so we and our third party service providers to target advertisements for goods and services and to display those advertisements on other websites.
Evaluation and Improvement: To analyze, develop, and improve the content, materials, products, and the Sites and Services; to inform marketing and communication plans; to understand user demographics and preferences; to analyze the effectiveness of the Sites and Services; and to evaluate user experiences (e.g., analyzing which features and portions of the Sites and Services are most popular; for troubleshooting, for statistical purposes).
Quality Assurance: To perform quality assurance; to assist with fraud identification, and to assist our customer relationship representatives (for example, through representatives in our call center), we use tools to monitor and record certain user experience information, including, without limitation, audio of customer service calls and information resulting from such calls.
Lawful Processes; Protection of Company: In accordance with and in response to regulatory authorities, courts with competent jurisdiction, valid law enforcement requests, governmental agency requests, emergency services, and other necessary third parties for legal, protection, security, and safety purposes (e.g., to protect the safety of our employees, agents, and customers, or any other person); to protect our rights or the rights of others, including to enforce our agreements, policies, and terms; to bring legal action; to protect our operations and assets.
With Your Consent: We may use and share information about you in ways not specifically described in this Notice.

We may deidentify information about you such that it cannot reasonably be used to infer information about you or otherwise be linked to you (or we may collect information that has already been deidentified), and we may use such deidentified information for any purpose. To the extent we possess or process any deidentified information, we will maintain and use such information, we will maintain and use such information in deidentified form and not attempt to re-identify the information, except solely for the purpose of determining whether our deidentification process satisfies legal requirements.

Sources of Personal Information

We collect Personal Information in several ways, but mainly directly from you. The categories of sources from which we collect Personal Information are identified below:

Event Registration: We may collect Personal Information (such as hotel, meal, and other travel preferences) as part of the registration process for Finastra events. This information is used solely for confirmation and billing purposes and to service the registration.
Conferences: We may interact with you and collect Personal Information (such as business contact information) from you at events and conferences we attend.
Finastra Sites: Finastra Sites may require users to create an account and choose a password. Passwords are for individual use only and may not be shared with others.
Mobile Computing Devices: Some Finastra Sites and Services are specifically designed to be compatible with and used on mobile computing devices. Information about the use of each mobile version or mobile application will be associated with user account credentials. Some of the Finastra Sites enable download of applications, widgets or other tools that can be used on a mobile device. These tools may transmit Personal Information to us (i) to enable access to a user account, and (ii) to enhance and track use of these tools as well as develop new tools for quality improvement.
Third-party Sources: Information about you may also be provided to Finastra by third party sources, who may not have a direct relationship with you (for example, data aggregators) or by third parties who collect information about you on behalf of Finastra such as when you download items from Finastra Sites or view Finastra marketing materials delivered by such third parties. Also, certain online information about you or device information may originate from the use of cookies and similar technologies (pixel tags and device identifiers) on our sites or sites of third parties.

Cookies and Other Tracking Technologies

The Sites and Services may use cookies and other tracking technologies (e.g., pixel tags) that track your use of the Sites and/or Services for the purposes identified above. This includes, for example, facilitating and enhancing the Sites and Services, learning and tracking how users access and use the Sites and Services, collecting and analyzing analytics about the Sites and Services, and providing you with customized advertising.

For more information on our use of cookies and similar tracking technologies, please see our Cookie Notice.

Do Not Track and Global Privacy Control Signals

Certain State laws require that we indicate whether we honour “Do Not Track” settings in our browser concerning targeted advertising. We adhere to the standards set out in this Privacy Notice and do not monitor or follow any Do Not Track browser requests. However, some jurisdictions may require adherence to Global Privacy Control signals. Our Sites recognize the Global Privacy Control (GPC) signal which enables you to opt out of certain uses or disclosures of information about you. See the Finastra California Privacy Notice for more information.

2. ONWARD TRANSFER & DISCLOSURES

In General

We may disclose Personal Information about you to third parties in furtherance of the legitimate purposes set forth in this Privacy Notice, including the following categories of third parties:

Finastra Group Companies: Finastra’s group companies or related entities for the purposes of delivering our Services, managing your accounts, hosting, IT, security, support, billing, marketing and communications.
Third-Party Service Providers: Vendors or other services providers who assist in providing the Sites and Services (including, for example, to perform certain software upgrades or changes, or to provide certain Services). This may include third parties providing Finastra with services related to system administration, cloud storage, security, website hosting, mailing, customer relationship management, marketing communications, web analytics, payment networks, and payment processing.
Marketing Providers: Third parties for marketing purposes.
Law Enforcement and Government Regulators: We will comply with requests to disclose Personal Information where required by local law or government authorities to comply with a legal obligation.
Business Transactions: We may transfer Personal Information in connection with a contemplated reorganization, sale, bankruptcy or transfer of all or a portion of our business or assets, to the extent permitted by applicable law. Following such a sale or transfer, the entity to which we transferred Personal Information will be the data controller and point of contact for any inquiries concerning the processing of that Personal Information.
Advisors: Professional advisors, such as auditors, law firms, or accounting firms.
At Your Direction: Third parties to whom you request or direct us to disclose information.

We take our obligation to protect and safeguard Personal Information seriously and we ensure that our third-party service providers apply the same care when processing information on our behalf.

Cross-Border Transfers

Finastra is a global business. To provide our Sites and Services, we may transfer Personal Information around the world, including to the United States and to countries outside of the EEA, the UK and Switzerland, which may have different data protection standards to those from the country in which the information was initially provided. Where information is transferred outside or its original location (as determined by who the data subject is located at the time of collection), Finastra will take such steps necessary to comply with law to ensure such cross-border transfers are lawful. This may include ensuring the location to which Personal Information is transferred has laws in place that adequately protect Personal Information or Finastra ensuring contractual clauses are entered into between Finastra and any third-party recipient of the transferred Personal Information.

3. SECURITY

The security of Personal Information is extremely important to Finastra and Finastra takes reasonable and appropriate standard administrative, technical, physical, and operational safeguards measures designed to:

(i) maintain the security and confidentiality of Personal Information entrusted to us; and
(ii) protect Personal Information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use that could result in harm.

Despite our reasonable efforts to protect Personal Information, no security measures are impenetrable, and we cannot guarantee perfect security. Any information you send to us electronically, while using the Sites or Services, or otherwise interacting with us, may not be secure. We recommend that you do not use unsecure channels to send us sensitive or confidential information.

We have implemented protocols to verify ongoing compliance with this Notice and to enforce disciplinary action against those who violate the privacy and security practices. To report a privacy violation, contact privacy@finastra.com.

4. DATA INTEGRITY & RETENTION

We endeavour to keep Personal Information accurate and current; and we update it whenever we receive a request to do so, as described below under “Rights”.

We take reasonable steps designed to ensure the Personal Information we have collected is accurate, complete, and current.
We rely on the accuracy and completeness of the Personal Information that has been provided to us to perform the Services requested and provide the Sites.

Additionally, we maintain appropriate security measures designed to ensure the secure disposal and destruction of records containing Personal Information. Personal Information you provide to us should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up to date. We retain Personal Information for as long as it is reasonably necessary for the purposes specified in this Notice. When determining the length of time to retain Personal Information, we consider various criteria, including whether we need the Personal Information to continue to provide you the Sites or Services, resolve a dispute, enforce our contractual agreements, prevent harm, promote safety, security and integrity, or protect ourselves, including our rights, property or product.

5. RIGHTS

Certain jurisdictions (such as California, Canada, the EU, and the UK) provide certain rights and options to their residents with respect to their Personal Information. Depending on laws applicable to our Processing of Personal Information and the location in which you reside, you may have certain rights as identified below. Subject to the foregoing, we honour data subjects’ rights under applicable law. Subject to applicable exceptions and exemptions, these rights may include the:

Right to Access: Access to your Personal Information.
Right to Data Portability: Receive the specific Personal Information we Process about you in a structured, commonly used and machine-readable format, and to transmit it to another entity where this is technically feasible.
Right to Correct: Correct your Personal Information upon request sent to privacy@finastra.com..
Right to Delete: Delete your Personal Information.
Right to Opt-Out: You may also opt out of direct marketing from Finastra.
Right to Withdraw Consent: Where consent was the basis for our Processing, you can request to withdraw that consent going forward.
Right to Complain: Lodge a complaint with a government regulator or supervisory authority, in the jurisdiction that you reside in, if you consider that the collection or use of Personal Information about you violates this Privacy Notice or applicable law.

To make a request pursuant to the rights listed above, please email privacy@finastra.com or submit a request at https://www.finastra.com/california-consumer-privacy-rights-request-web-form. To verify certain requests—for example, requests to access, delete, or correct—we may need to collect additional information to verify your identity and the request before providing a substantive response to the request.

Some jurisdictions, depending on your location, permit you to authorize an agent to make requests on your behalf to exercise your rights. If you have a registered agent to act on your behalf, we have the right to authenticate such agent’s authority to act.

Where we are Processing Personal Information on behalf of one of our customers we will refer requests from data subjects to that customer for handling and we will assist our customers in responding to access requests we receive.

We do not use Personal Information about you in furtherance of automated profiling decisions that produce a legal or similarly significant effect.

For more details and information with respect to additional rights applicable to European Processing Activities, please see the “Finastra EEA/UK/Switzerland Privacy Notice”.

For more information regarding the privacy rights of California residents, please see the “Finastra California Privacy Notice”.

6. ENFORCEMENT

We have policies and procedures in place to implement and audit the privacy principles set forth in this Notice. We have adopted a procedure to receive and respond to complaints and inquiries about our policies and practices relating to the handling of Personal Information. We will investigate all complaints in respect of Personal Information. If a complaint is justified, we will take appropriate measures, including, as necessary, amending our policies and practices. Where we are collecting, using or disclosing Personal Information on behalf of one of our customers, we will assist them in responding to questions and complaints respecting their customers’ Personal Information maintained by us on their behalf. Any inquiries or complaints regarding this Notice or our practices relating to the handling of Personal Information should be addressed to privacy@finastra.com..

7. SOCIAL FEATURES

Certain features of the Sites allow you to initiate interactions between the Sites and third-party services or platforms, such as social networks (“Social Features”). Social Features include features that allow you to access our pages on third party platforms, and from there “like” or “share” our content. Use of Social Features may allow a third party to collect and/or use information about you. If you use Social Features, information you post or make accessible may be publicly displayed by the third-party service. Both we and the third party may have access to information about you and your use of both the Sites and the third-party service for more information, see the section below, Third Party Websites and Links Section below.

8. THIRD PARTY WEBSITES; LINKS; EMBEDDED CONTENT

We may provide links to third party websites or platforms. If you follow links to sites or platforms that we do not control and are not affiliated with us, you should review the applicable privacy notice, policies and other terms. We are not responsible for the privacy or security of, or information found on, these sites or platforms. Information you provide on public or semi-public venues, such as third-party social networking platforms, may also be viewable by other users of the Sites, Services, and/or users of those third-party platforms without limitation as to its use. Our inclusion of such links does not, in itself, imply any endorsement of the content on such platforms or of their owner or operators.

Our Sites and/or Services may also use YouTube to make content in video format available to you. By accessing a part of the Sites and/or Services where videos are available, watching an embedded video, or otherwise interacting with any content made available through YouTube, you signify your agreement with YouTube’s terms and conditions. YouTube collects and otherwise has access to usage data (e.g., what videos you accessed and watched) through videos embedded in the Sites and/or Services as further described in YouTube’s Privacy Notice. YouTube adheres to Google's privacy policies and principles, part of which allows you to control certain privacy settings and which data are collected.

9. CHILDREN’S PRIVACY

The Sites and/or Services are not designed to be used by, or targeted to, anyone under the age of 18. We do not seek or knowingly collect any personal Information about anyone under the age of 18. If we become aware that we have unknowingly collected Personal Information about someone under the age of 18, we will make commercially reasonable efforts to delete such Personal Information.

10. CONSENT

Except in respect of our European Processing Activities or where express consent is required under applicable law, use of any of our Services in conjunction with this Notice is deemed to be consent to the collection, retention, processing, transfer to third parties and transfer to other countries of your Personal Information, all in accordance with the purposes set forth herein. Data subjects provide Personal Information at their own volition. If you do not agree to this Notice, please do not use or access the Sites and Services.

The lawful basis for processing Personal Information in respect of our European Processing Activities is set out in our “Finastra EEA/UK/Switzerland Privacy Notice”.

11. CONTACT US

For further information on our privacy policies and practices relating to the handling of Personal Information, contact our Privacy Officer by postal mail to Four Kingdom Street, Paddington, W2 6BD, United Kingdom or by email to privacy@finastra.com..