Privacy Policy

At Fineqia, our focus lies in digital asset investment, specifically targeting early and growth-stage technology companies that play a pivotal role in shaping the future of the internet. Additionally, we offer a platform dedicated to the management of debt security issuance.

We care about data protection and provide this Privacy Notice for all website users, candidates, investors, portfolio companies, partners and other third-parties that engage with us. We are committed to preserving the privacy of any individuals with whom we have a relationship in the course of our business.

In this Privacy Notice, we have capitalised several terms and defined them in the Glossary in Section 20. We have created this Glossary to help you to understand the meaning of key terms used.

This Privacy Notice applies to the following legal entities within our group:

• Fineqia International Inc. (Canada): listed on the Canadian Securities Exchange in Canada.
• Fineqia Limited (United Kingdom): an appointed representative of Kession Capital Limited, regulated by the Financial Conduct Authority.
• Fineqia Investments Limited (Malta): our legal entity responsible for managing a portfolio of investments.
• Fineqia AG (Liechtenstein): our legal entity issuing financial statements.

Fineqia is listed on the Canadian Security Exchange (CSE: FNQ), the United States (OTC: FNQQF) and Europe (Frankfurt: FNQA).

When we mention “Fineqia”, “we”, “us” or “our”, we are referring to the relevant Fineqia legal entity responsible for collecting your personal data.

Data Protection Laws have created the concepts of a Data Controller and a Data Processor. Fineqia acts as a Data Controller which means that we determine the purposes and means of Processing Personal Data.

Where applicable, Fineqia has registered with the appropriate data protection supervisory authorities. Examples of the data protection supervisory authorities which govern Fineqia are as follows:

• Office of the Privacy Commissioner of Canada and the Office of the Information and Privacy Commissioner for British Colombia in Canada.
• Information Commissioner’s Office in the United Kingdom.
• Office of the Information and Data Protection Commissioner in Malta.
• The Datenschutzstelle in Liechtenstein.

Our data protection compliance program is founded on the following fundamental principles:

• Personal Data is processed lawfully, fairly and transparently.
• Personal Data is collected only for specified, explicit and legitimate purposes.
• Personal Data is adequate, relevant and limited to what is necessary for its intended purposes.
• Personal Data is accurate and, where necessary, kept up to date.
• Personal Data is not retained in an identifiable form for longer than required for its designated purposes.
• Personal Data is processed in a manner that ensures its security through suitable technical and organisational measures, guarding against unauthorised or unlawful processing, as well as accidental loss, destruction or damage.

We collect, use, store and transfer different kinds of Personal Data depending on our relationship with you. In general, the following categories are collected:

• Identity Data (e.g., first name, last name, title, and date of birth).
• Contact Data (e.g., phone number, email address, country of residence, business address and billing address).
• Financial & Transaction Data (e.g., salary, income, benefits, tax residency, bank account details, value added tax numbers, tax code, national insurance number, invoices, payment details and investment history).
• Profile Data (e.g., next of kin, family dependents, information on professional experience, agreements you have entered into with us such as our terms and conditions).
• Technical & Usage Data (e.g., internet protocol addresses, location, browser type and version, time zone and information on how you use our website).
• Special Category Data (e.g., information about your health).
• Criminal Convictions Data (e.g., information about whether you have received any convictions).
• Communications & Marketing Data (e.g., your preferences in respect of cookies and marketing).

We also collect, use and share “Aggregated Data”. This type of data is gathered for purposes such as research and analysis. Aggregated Data might be created from your Personal Data but is not considered as such under Data Protection Laws.

This is because Aggregated Data, by itself, doesn’t reveal your identity directly or indirectly. For instance, we might use your Technical & Usage Data to figure out what percentage of users access a specific website feature. However, if we ever combine or link Aggregated Data with your Personal Data in a way that it can identify you, we’ll treat this combined data as Personal Data which will be used in accordance with this Privacy Notice.

What? – We collect Technical & Usage Data for tracking purposes. We also collect Identity Data, Contact Data and Communications & Marketing Data (if you decide to get in touch with us).

Why? – Our lawful basis for Processing is one or more of the following:

• Consent (i.e., in that you are choosing to provide us with your details so that we can contact you).
• Legitimate Interests (i.e., it is necessary for our Legitimate Interests in running and developing our business including our marketing strategy).
• Legal obligation (i.e., it is necessary for us to comply with a legal obligation such as in the instance where you no longer wish to be contacted for direct marketing purposes).

How? – We collect your Personal Data as you interact with our website; we automatically collect this data about you by using cookies and similar technologies. We also collect your Personal Data through our direct interactions with you such as when you contact us through our website.

What? – We collect Technical & Usage Data (for tracking purposes). We collect Communications & Marketing Data. We also collect Identity Data, Contact Data and Profile Data (for when you have submitted your application to us). Further to this, we collect some Special Category Data about you (such as information about your health where you are a candidate, and we are required to put in place reasonable adjustment for your interview). If your application is successful, we carry out pre-employment screening checks as part of our onboarding process. We may collect Criminal Convictions Data in the employment context where we are permitted by law to do so when completing background checks.

Why? – Our lawful basis for Processing is either:

• Consent (i.e., in that you are choosing to provide us with your details so that we can contact you about a vacancy).
• Contract (i.e., in that we need this information to potentially enter into an employment contract with you).

How? – We collect your Personal Data as you interact with our website; we automatically collect this data about you by using cookies and similar technologies. We also collect your Personal Data through our direct interactions with you and third parties (such as through background check providers).

What? – We collect your Technical & Usage Data (for tracking purposes). We also collect your Identity Data, Contact Data, Financial & Transaction Data, Profile Data and Communications & Marketing Data (for when you have entered into an agreement with us)

Why? – Our lawful basis for Processing is one or more of the following:

• Contract (i.e., in that you have entered into an agreement with us).
• Consent (i.e., in that you are choosing to provide us with certain details which include Special Category Data)
• Legitimate Interests (i.e., it’s necessary for our Legitimate Interests in running and developing our business including our marketing strategy).
• Legal obligation (i.e., it’s necessary for us to comply with a legal obligation such as in the instance where you no longer wish to be contacted for direct marketing purposes).

How? – We collect your Personal Data as you interact with our website; we automatically collect this data about you by using cookies and similar technologies. We also collect your Personal Data through our direct interactions with you and third parties.

What? – We collect your Technical & Usage Data (for tracking purposes). We also collect your Identity Data, Contact Data, Financial & Transaction Data, Profile Data and Communications & Marketing Data (for when you have entered into an agreement with us).

Why? – Our lawful basis for Processing is one or more of the following:

• Contract (i.e., in that you have entered into an agreement with us)..
• Consent (i.e., in that you are choosing to provide us with certain details which include Special Category Data).
• Legitimate Interests (i.e., it’s necessary for our Legitimate Interests in running and developing our business including our marketing strategy).
• Legal obligation (i.e., it’s necessary for us to comply with a legal obligation such as in the instance where you no longer wish to be contacted for direct marketing purposes).

How? – We collect this data as you interact with our website, we automatically collect this Personal Data about you by using cookies and similar technologies. We also collect this Personal Data through our direct interactions with you and third parties.

What? – We collect your Technical & Usage Data (for tracking purposes). We also collect your Identity Data, Contact Data, Financial & Transactional Data and Profile Data (for when we are engaging you for your services and expertise).

Why? – Our lawful basis for Processing is one or more of the following:

• Contract (i.e., in that we need this information to perform a contract with you).
• Legitimate Interests (i.e., it’s necessary for our Legitimate Interests in keeping records to develop our business strategy).

How? – We collect this data as you interact with our website, we automatically collect this Personal Data about you by using cookies and similar technologies. We also collect this Personal Data through our direct interactions with you (i.e., we will hold Personal Data on your staff that have engaged with us).

We will share your Personal Data only when it is necessary, and we have provided examples of the kinds of organisations with whom we may share it:

• Legal entities within our group; data may be shared among Fineqia’s legal entities to ensure seamless and coordinated business operations.
• Technology companies that support us in providing our services and to help provide, run and manage our information technology systems (e.g., Microsoft and Dropbox).
• Professional service providers and advisers such as custodians, trustees, law firms, banks, payment providers, regulatory hosting agencies and accountancy firms which we need to engage with for the purposes of our business and may need to provide data (e.g., Kession Capital Limited)
• Regulators and other governmental authorities (e.g., Canada Revenue Agency and the UK’s HM Revenue & Custom) which we need to engage with for the purposes of our business and may need to provide data.
• Credit reference agencies and fraud prevention agencies’ who we engage to provide services to us.
• Other third parties to whom we may be in contact with to sell, transfer or merge parts of our business or assets, or to attempt to acquire or merge with other companies.

We require all third parties to respect the security of your Personal Data and to treat it in accordance with Data Protection Laws. We enter into contractual agreements with all of our third parties (with the exception of regulators and governmental authorities) which include the appropriate data protection clauses.

We have put in place appropriate technical and organisational security measures to prevent your Personal Data from being accidentally lost, falsified, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees and other third parties who have a business need to know. We have put in place policies and procedures to deal with any suspected or actual personal data breaches.

We ensure that Personal Data is transferred safely and securely at all times. Whenever your Personal Data is transferred outside of certain jurisdictions such as the UK and/or the EEA, we ensure that it’s protected by putting in place one of the following safeguards:

• We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data as endorsed by the Information Commissioner’s Office and identified and determined by the European Commission. For example, we are able to transfer personal data between our entity in the UK to our entity in Canada as Canada has been deemed to provide an adequate level of protection for Personal Data since 20 December 2001.
• We will only transfer your Personal Data where we have entered into specific contracts with an organisation outside of the UK and/or EEA which states that they will ensure that your Personal Data has the same level of protection as if it were in the UK and/or the EEA.

We will only keep your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax accounting or reporting requirements.

To determine the appropriate retention period for your Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we Process your Personal Data and whether we can achieve those purposes through other means as well as applicable legal, regulatory, tax or other requirements.

We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you

In certain situations, you possess particular rights concerning the Personal Data we Process about you. These rights include:

• Right of access to information and copies of the Personal Data that we hold about you.
• Right to rectify (i.e., correct) your Personal Data where it is inaccurate or incomplete.
• Right to delete your Personal Data, but only in specific circumstances, for example where the Personal Data is no longer necessary in relation to the purpose for which it was originally collected or Processed. It may not therefore always be possible for us to delete all of the information we hold about you if you request this, for example, if we have an ongoing contractual relationship with you.
• Right to restrict Processing in specific circumstances, for example while we are reviewing the accuracy or completeness of data or deciding on whether any request for erasure is valid.
• Right to object to Processing in cases where Processing is based upon our Legitimate Interests or where Processing is for direct marketing purposes (including profiling).
• Right to data portability which means the right to receive, move, copy or transfer your Personal Data to another Data Controller. You have the right to this when we are Processing your Personal Data based on Consent or on a contract and the Processing is carried out by automated means.

Should you wish to exercise any of the rights set out above, please reach out to us using the details provided in Section 19.

You won’t have to pay a fee to access your Personal Data or to exercise any of your other rights. However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee or decline your request in such instances.

To ensure your security and prevent unauthorised access to your Personal Data, we may request specific information to confirm your identity. This serves as a protective measure in your best interest.

Our aim is to address all valid requests within one month. However, if your request is particularly complex or you have made a number of requests, it may take longer. In such situations, we will keep you informed and notify you accordingly.

While we strive to uphold the highest data protection standards, we acknowledge that errors can occur. If you’re unsatisfied with how we handle your Personal Data, we encourage you to contact us initially. Your feedback is invaluable to us.

We need to make you aware that if you have concerns or are dissatisfied with our approach, you do have a right to file a complaint with the appropriate data protection supervisory authority.

You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing. You can ask us to stop sending you marketing messages at any time by contacting us and withdrawing your Consent. Where you opt out of receiving these marketing messages, this will not apply to messages that we need to send you a result of performing a contract that we have with you (i.e., as we may be required to contact you in order to perform the contract).

Our Privacy Notice was last updated in December 2023 and is regularly kept under review and updated when necessary.

Our Privacy Notice was last updated in December 2023 and is regularly kept under review and updated when necessary.

To make this Privacy Notice accessible, we’ve included a short glossary below, clarifying some essential data protection terms including those we’ve capitalised throughout this Privacy Notice.

• Consent: refers to when an individual gives agreement which is freely given, specific, informed and is an unambiguous indication of their wishes. It is done by a statement or by a clear positive action in respect of the Processing of any Personal Data relating to them.
• Criminal Convictions Data: refers to Personal Data relating to criminal convictions and offences and includes Personal Data relating to criminal allegations and proceedings.
• Data Controller: refers to an organisation that determines when, why and how to Process Personal Data. It is responsible for establishing policies and procedures in line with Data Protection Laws.
• Data Processor: refers to an organisation that Processes Personal Data on behalf of a Data Controller. It is responsible for establishing policies and procedures in line with Data Protection Laws and also its contractual obligations with Data Controllers.
• Data Protection Laws: refers to European, English and Canadian data protection laws including the European Union’s General Data Protection Regulation 2016/679 (“GDPR”), the UK’s GDPR and Data Protection Act 2018 and Canada’s Personal Information Protection and Electronic Documents Act 2000 and the Personal Information Protection Act (British Columbia) 2003.
• European Economic Area (“EEA”): refers to the 27 countries in the European Union, Iceland, Liechtenstein and Norway.
• Legitimate Interestsa: refers to when an organisation’s interests are legitimate (as they need to do something to operate) and these interests do not override an individual’s interests or fundamental rights and freedoms.
• Personal Data: refers to any information identifying an individual or information relating to an individual that an organisation can identify (directly or indirectly) from that data alone or in combination with other identifiers that it Processes. Personal Data includes Special Category Data, Criminal Convictions Data and pseudonymised Personal Data. Further examples of Personal Data are included in section 5 of this Privacy Notice. Personal Data excludes anonymous data or data that has had the identity of an individual permanently removed.
• Process or Processing: refers to any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.
• Special Category Data: refers to information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data of an individual.