GDPR Compliance

Last Updated: 10 September 2025

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas.

GDPR aims to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Our Commitment to GDPR Compliance

At FINavigator Hub Ltd, we are committed to protecting your data and complying with all applicable data protection laws, including the GDPR. We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing your personal data.

We have reviewed our data processing activities and have taken steps to ensure that they comply with the principles set out in the GDPR, namely:

• Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner.
• Purpose limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner that is incompatible with those purposes.
• Data minimization: We ensure that the personal data we collect is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
• Accuracy: We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
• Storage limitation: We keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
• Integrity and confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
• Accountability: We are responsible for and can demonstrate compliance with these principles.

Your Rights Under GDPR

Under the GDPR, you have the following rights:

• Right to information: You have the right to know what personal data we collect about you, how we use it, and how long we keep it.
• Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data.
• Right to rectification: You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
• Right to erasure (right to be forgotten): You have the right to have your personal data erased in certain circumstances, such as where the personal data is no longer necessary, you withdraw your consent, or you object to the processing.
• Right to restrict processing: You have the right to request the restriction of processing of your personal data in certain circumstances, such as where you contest the accuracy of the data.
• Right to data portability: You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format, and to transmit those data to another controller without hindrance.
• Right to object: You have the right to object to the processing of your personal data in certain circumstances, including profiling and direct marketing.
• Rights in relation to automated decision making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

How to Exercise Your Rights

You can exercise your rights by contacting our Data Protection Officer at privacy@finavigator.com. We will respond to your request within one month of receiving it. Please note that we may need to verify your identity before responding to your request.

Data Transfers Outside the EEA

If we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA. This can be done in a number of ways, for instance:

• The country to which we send the personal data may be approved by the European Commission;
• The recipient may have signed up to a contract based on "model contractual clauses" approved by the European Commission, obliging them to protect your personal data;
• Where the recipient is located in the US, it may be a certified member of the EU-US Privacy Shield scheme.

In other circumstances, the law may permit us to otherwise transfer your personal data outside the EEA. In all cases, however, any transfer of your personal data will be compliant with applicable data protection law.

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

Where the breach is likely to result in a high risk to the rights and freedoms of natural persons, we will also communicate the personal data breach to you without undue delay.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. We provide clear information about the cookies we use and give you the option to consent to non-essential cookies. For more information about the cookies we use, please see our Cookie Policy.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO at privacy@finavigator.com.

Changes to This GDPR Compliance Statement

We may update this GDPR compliance statement from time to time in response to changing legal, technical, or business developments. When we update our statement, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

Contact Us

If you have any questions about our GDPR compliance, please contact our Data Protection Officer at: