How we collect, use, share and protect your personal data in accordance with the EU General Data Protection Regulation.
Last updated: 8 July 2026
Italian Financial Services S.R.L. ("Italian Financial", "we", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose and safeguard personal data when you visit our website, use our platform and API, or otherwise interact with us, and describes your rights under Regulation (EU) 2016/679 (the "GDPR") and applicable Italian data-protection law.
Italian Financial Services S.R.L., with registered office at Via Monte Napoleone 8, 20121 Milan, Italy, is the data controller responsible for personal data processed as described in this policy. Where we process personal data on behalf of our business customers in order to provide the Services, we act as a processor and the relevant customer is the controller; in that case, the customer's own privacy notice governs how the personal data of its End Users is handled.
You can contact our data-protection function, including our Data Protection Officer where appointed, at compliance@italianfinancial.com, or by post to the registered office above, marked for the attention of the Data Protection Officer.
Depending on how you interact with us, we may collect the following categories of personal data:
We process personal data only where we have a lawful basis to do so under Article 6 GDPR (and, for special categories of data, Article 9 GDPR). Our principal purposes and legal bases are:
Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
To onboard you securely and to meet our regulatory obligations, our KYC/KYB module may process a facial image and derive a facial template (a mathematical representation of facial features) which is compared against the photograph on your identity document, together with active or passive liveness detection to confirm that a live person is present. This biometric data is used for the sole purpose of identity verification and fraud prevention and is not used for any incompatible purpose such as profiling or advertising.
Because biometric data used to uniquely identify a person is a special category of personal data under Article 9 GDPR, we process it only where an Article 9 condition applies — typically substantial public interest in the prevention of fraud and money laundering as reflected in EU and Italian law, or, where required, on the basis of your explicit consent. Biometric templates are protected with strong technical measures, access is strictly limited, and they are retained only for as long as necessary for verification and the applicable record-keeping period (see section 7). You may contact us to ask about the biometric processing applied to your verification.
We do not sell your personal data. We share personal data only where necessary and with appropriate safeguards, including with:
We aim to store and process personal data within the European Economic Area (EEA). Where personal data is transferred to a country outside the EEA that has not been recognised by the European Commission as providing an adequate level of protection, we implement appropriate safeguards, in particular the European Commission's Standard Contractual Clauses (SCCs), supplemented where necessary by additional technical and organisational measures following a transfer risk assessment. You may request a copy of the relevant safeguards by contacting us at the address in section 12.
We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, regulatory or reporting requirements. In particular, personal data collected for anti-money-laundering purposes — including identity-verification and transaction records — is retained for the period required by applicable anti-money-laundering law, generally a minimum of five (5) years and up to ten (10) years from the end of the business relationship or the completion of the relevant transaction, where the law so requires or permits. When personal data is no longer required, we securely delete or irreversibly anonymise it.
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. These measures include encryption of data in transit and at rest, network segmentation, strict access controls on a need-to-know basis, multi-factor authentication, logging and monitoring, secure software-development practices, and regular testing and review of our controls. In the event of a personal-data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required, affected individuals, in accordance with Articles 33 and 34 GDPR.
Subject to the conditions and exceptions in the GDPR, you have the right to:
To exercise any of these rights, contact us at compliance@italianfinancial.com. We will respond within the timeframes required by law. If you are an End User of one of our business customers, you should generally direct your request to that customer, and we will assist them as their processor.
You also have the right to lodge a complaint with a supervisory authority. In Italy, this is the Garante per la protezione dei dati personali (the Italian Data Protection Authority). We would, however, appreciate the opportunity to address your concerns before you approach the authority.
We use cookies and similar technologies on our website. For details of the cookies we use and how to manage your preferences, please see our Cookie Policy.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or the Services. We will post the updated policy on this page and update the "Last updated" date, and, where changes are material, we will take reasonable steps to notify you. We encourage you to review this policy periodically.
For any question about this Privacy Policy or about how we handle your personal data, contact Italian Financial Services S.R.L., Via Monte Napoleone 8, 20121 Milan, Italy, or email our data-protection function at compliance@italianfinancial.com.