Privacy Policy

1. Introduction

Ginih Business Cloud ("Ginih," "we," "us," or "our") is committed to protecting the privacy and security of your information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our Banking SaaS platform and Receivable Automation services (collectively, the "Services").

As a provider of financial technology services, we handle sensitive business and financial data. We maintain the highest standards of data protection and comply with applicable data protection laws and financial services regulations.

2. Definitions

• "Client" refers to a business entity that has entered into a service agreement with Ginih to use our Banking SaaS and/or Receivable Automation services.
• "Authorized Users" refers to employees, contractors, or agents of a Client who are authorized to access and use the Services on behalf of the Client.
• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Financial Data" means banking information, transaction records, account details, payment information, and other financial records processed through our Services.
• "Services" refers to our Banking SaaS platform, Receivable Automation tools, and related features and functionalities.

3. Information We Collect

3.1 Business Information

When you register for our Services, we collect:

• Company name, business registration number, and tax identification number
• Business address and contact information
• Industry type and business description
• Authorized Users' names, email addresses, job titles, and phone numbers

3.2 Financial Data

To provide our Banking SaaS and Receivable Automation services, we collect and process:

• Bank account information and credentials (encrypted)
• Transaction histories and payment records
• Invoice data, accounts receivable information, and payment status
• Customer and vendor financial records
• Account reconciliation data
• Payment processing information
• Financial reports and analytics data

3.3 Technical Information

We automatically collect certain technical information when you access our Services:

• IP addresses, device identifiers, and browser types
• Operating system and device information
• Log data, including access times, pages viewed, and actions taken
• Cookie data and similar tracking technologies
• API usage and integration data

3.4 Communication Data

We collect information from your communications with us, including:

• Customer support inquiries and responses
• Feedback, surveys, and product reviews
• Email correspondence and chat logs

4. How We Use Your Information

4.1 Service Delivery

We use your information to:

• Provide, maintain, and improve our Banking SaaS platform and Receivable Automation services
• Process transactions and facilitate banking integrations
• Automate receivables management and payment collections
• Generate financial reports and analytics
• Perform account reconciliation and financial tracking
• Facilitate communication between your business and your customers regarding payments

4.2 Account Management

We use your information to:

• Create and manage Client accounts and Authorized User profiles
• Authenticate users and prevent unauthorized access
• Provide customer support and respond to inquiries
• Send service-related notifications and updates
• Process billing and manage subscriptions

4.3 Security and Fraud Prevention

We use your information to:

• Monitor for suspicious activity and potential fraud
• Investigate security incidents and prevent unauthorized access
• Verify identity and authenticate transactions
• Maintain audit trails for security and compliance purposes
• Comply with anti-money laundering (AML) and know-your-customer (KYC) requirements

4.4 Service Improvement and Analytics

We use aggregated and anonymized data to:

• Analyze usage patterns and improve platform performance
• Develop new features and enhance existing functionality
• Conduct research and statistical analysis
• Optimize user experience and interface design

4.5 Legal and Regulatory Compliance

We use your information to:

• Comply with applicable laws, regulations, and legal processes
• Meet financial reporting and audit requirements
• Respond to law enforcement and regulatory requests
• Enforce our Terms of Service and protect our legal rights

5. Legal Basis for Processing

We process your information based on the following legal grounds:

• Contractual Necessity: Processing is necessary to perform our contract with you and provide the Services
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention, security, and service improvement
• Legal Obligation: Processing is required to comply with applicable laws and regulations
• Consent: Where required by law, we obtain your explicit consent for specific processing activities

6. How We Share Your Information

6.1 Service Providers and Partners

We share information with trusted third-party service providers who assist us in delivering the Services:

• Cloud Infrastructure Providers: For secure data storage and hosting (e.g., Amazon Web Services, Microsoft Azure)
• Banking and Financial Institutions: To facilitate banking integrations and transaction processing
• Payment Processors: To process payments and handle payment-related services
• Authentication Services: For secure user authentication and identity verification
• Analytics Providers: For platform analytics and performance monitoring
• Customer Support Tools: To provide efficient customer service

All service providers are contractually obligated to maintain the confidentiality and security of your information and may only use it for the purposes we specify.

6.2 Business Transfers

If Ginih is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have.

6.3 Legal Requirements

We may disclose your information when required by law or in response to:

• Court orders, subpoenas, or legal processes
• Requests from law enforcement or regulatory authorities
• Investigations of fraud, security threats, or illegal activity
• Protection of our rights, property, or safety, or that of others

6.4 With Your Consent

We may share your information with other third parties when you provide explicit consent to do so.

7. Data Security

7.1 Security Measures

We implement industry-leading security measures to protect your information, including:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Role-based access controls (RBAC) and multi-factor authentication (MFA)
• Network Security: Firewalls, intrusion detection systems, and regular security monitoring
• Secure Infrastructure: Data centers with physical security controls and redundancy
• Regular Audits: Periodic security assessments, penetration testing, and vulnerability scanning
• Data Isolation: Multi-tenant architecture with logical separation between Client data
• Backup and Recovery: Regular automated backups with secure, geographically distributed storage

7.2 Compliance and Certifications

We are committed to maintaining compliance with recognized security standards:

• PCI DSS (Payment Card Industry Data Security Standard) compliance for payment processing (currently in progress)
• Industry best practices for financial services security
• Ongoing evaluation and implementation of additional security certifications

7.3 Incident Response

In the event of a data breach or security incident that affects your information, we will:

• Notify affected Clients in accordance with applicable laws and regulations
• Investigate the incident thoroughly and take appropriate corrective action
• Cooperate with relevant authorities as required by law
• Provide reasonable assistance and information about steps you can take to protect yourself

7.4 Limitations

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials and notifying us immediately of any unauthorized access.

8. Data Retention

We retain your information for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Active Account Data

While your account is active, we retain all information necessary to provide the Services.

8.2 Financial Records

Financial data and transaction records are retained in accordance with:

• Applicable financial regulations and tax laws (typically 7-10 years)
• Contractual obligations with Clients
• Audit and compliance requirements

8.3 Account Closure

After account closure, we will:

• Delete or anonymize Personal Data within 90 days, unless retention is required by law
• Retain Financial Data for the period required by applicable regulations
• Maintain anonymized and aggregated data for analytics and service improvement

9. Your Rights and Choices

9.1 Access and Portability

You have the right to:

• Access your Personal Data and Financial Data stored in our systems
• Request a copy of your data in a structured, commonly used format
• Export your data for use with other services

9.2 Correction and Update

You may update or correct your information through:

• Your account settings within the platform
• Contacting our support team at info@ginih.com

9.3 Deletion

You may request deletion of your Personal Data, subject to:

• Legal and regulatory retention requirements
• Legitimate business needs (e.g., fraud prevention, audit trails)
• Contractual obligations

9.4 Restriction and Objection

You may:

• Request restriction of processing under certain circumstances
• Object to processing based on legitimate interests
• Opt out of marketing communications (while still receiving service-related messages)

9.5 Withdrawal of Consent

Where processing is based on consent, you may withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.

9.6 Exercising Your Rights

To exercise any of these rights, please contact us at info@ginih.com. We will respond to your request in accordance with applicable law. We may require verification of your identity before processing your request and may charge a reasonable fee for certain requests as permitted by law.

10. International Data Transfers

Our Services may involve transferring your information to countries outside of your jurisdiction. When we transfer data internationally, we ensure adequate protection through:

• Standard contractual clauses approved by relevant authorities
• Data processing agreements with service providers
• Compliance with applicable data transfer regulations
• Technical and organizational security measures

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

• Essential Cookies: Required for the Services to function properly
• Analytics Cookies: Help us understand how users interact with our platform
• Functional Cookies: Remember your preferences and settings
• Security Cookies: Authenticate users and prevent fraudulent activity

11.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may limit your ability to use some features of our Services.

11.3 Third-Party Analytics

We use third-party analytics services (such as Google Analytics) to analyze platform usage. These services may use cookies and similar technologies. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on.

12. Third-Party Integrations

Our Services integrate with third-party banking systems, accounting software, and other business tools. When you connect third-party services:

• You authorize us to access and process data from those services as necessary to provide our Services
• Third-party services have their own privacy policies, which govern their use of your information
• We are not responsible for the privacy practices of third-party services
• You should review the privacy policies of any third-party services you connect

13. Children's Privacy

Our Services are designed for business use and are not intended for individuals under 18 years of age. We do not knowingly collect Personal Data from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

14. Client Responsibilities

14.1 As a Data Controller

If you are a Client using our Services to process information about your customers or employees:

• You are the data controller and are responsible for compliance with applicable data protection laws
• You must have a lawful basis for processing and sharing data with Ginih
• You must provide appropriate notices to your data subjects about our processing
• You are responsible for responding to data subject requests concerning data you control

14.2 Data Processing Agreement

Our relationship as data processor is governed by our Data Processing Agreement (DPA), which forms part of our Terms of Service.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will make reasonable efforts to notify Clients via email or through the platform
• We may provide a notice on our website
• Changes will generally be effective 30 days after notification, unless immediate implementation is required by law or for security reasons

Your continued use of the Services after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

16. Limitations and Disclaimers

16.1 No Guarantee of Absolute Security

While we implement and maintain reasonable security measures consistent with industry standards, we cannot guarantee absolute security of your information. No method of transmission over the Internet or electronic storage is 100% secure. You acknowledge and accept the inherent security risks of providing information and conducting transactions online.

16.2 Third-Party Services

We are not responsible for the privacy practices, security measures, or content of third-party services that you choose to integrate with our platform. Your use of third-party services is governed by their respective terms and privacy policies.

16.3 Service Availability

While we strive to maintain continuous service availability, we do not guarantee uninterrupted access to our Services. We may suspend or restrict access for maintenance, security reasons, or due to circumstances beyond our reasonable control.

16.4 Changes to Services

We reserve the right to modify, suspend, or discontinue any aspect of our Services at any time. We will provide reasonable notice of material changes that affect data processing, where practicable.

16.5 Forward-Looking Statements

This Privacy Policy may contain statements about our plans, intentions, and expectations regarding security measures, compliance initiatives, and service features. These forward-looking statements represent our current intentions and are subject to change based on business, technical, legal, or regulatory developments.

16.6 Relationship to Terms of Service

This Privacy Policy is incorporated into and subject to our Terms of Service. In the event of any conflict between this Privacy Policy and the Terms of Service, the Terms of Service shall govern. Any limitations of liability, disclaimers, and dispute resolution provisions in the Terms of Service apply to matters related to this Privacy Policy.

17. Contact Us

For privacy-specific inquiries, please use the subject line: "Privacy Policy Inquiry"

18. Data Protection Officer

If you have concerns about how we handle your Personal Data, you may contact our Data Protection Officer at: info@ginih.com

19. Supervisory Authority

Where applicable under local law, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws.

20. Additional Information for Specific Jurisdictions

20.1 European Economic Area (EEA) and United Kingdom

If you are located in the EEA or UK and we provide Services to you, you may have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR, including:

• The right to lodge a complaint with your supervisory authority
• The right to data portability in certain circumstances
• Additional rights regarding automated decision-making and profiling (where applicable)

We will endeavor to comply with GDPR requirements to the extent they apply to our Services.

20.2 California Residents

If you are a California resident and we provide Services to you, you may have rights under the California Consumer Privacy Act (CCPA), including:

• Right to know what Personal Data we collect and how it's used
• Right to request deletion of Personal Data (subject to exceptions)
• Right to opt-out of the sale of Personal Data (note: we do not sell Personal Data)
• Right to non-discrimination for exercising privacy rights

20.3 Other Jurisdictions

We strive to comply with applicable data protection laws in all jurisdictions where we operate. The specific rights available to you may vary based on your location and the laws applicable to our relationship. If you have specific questions about compliance in your jurisdiction, please contact us at info@ginih.com.