Privacy Policy Version 1.3 Created on 28 May 2024 Updated on 13 January 2026
Spiko Finance places great importance on protecting your personal data.
In the course of managing our contractual relations with our Customers, we may collect personal data concerning them. The purpose of this Policy is to inform you about the ways in which we process such data in compliance with Regulation (EU) 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the "GDPR") and Law No. 78-17 of January 6, 1978 on data processing, files and freedoms (together the "Applicable Regulations").
Capitalized terms not defined in this Privacy Policy refer to the definition given to them in Spiko Finance's Terms of Use.
1. Why do we collect personal data?
Spiko Finance acts as:
- data controller for all services offered on our Site, in particular the regulated services such as the service of reception and transmission of orders;
- subcontractor for other specific services, in particular in our role as technical service provider for portfolio management companies to which we provide a technical solution.
To enable customers to access all Spiko Finance services, Spiko Finance collects and processes personal data when creating and using an Account.
For data collected during the Customer's visit to the Spiko Finance Site, please refer to our section on cookies.
2. What personal data do we process and for what purposes?
We collect and use only the data we need to provide you with personalized, high-quality services.
| Personal data processed | Purpose of processing | Legal basis for processing | Retention period |
|---|---|---|---|
| Identification and contact information (surname, first name, date and place of birth, copy of identity document, etc.), identification and authentication data when using Spiko Finance's services (e-mail address, computer traces, technical logs, IP address, etc.), information relating to employment, assets, income, banking and financial information (bank details, value of assets, transactions, etc.), where applicable, tax information (such as the tax identification number) | AML-CFT, regulatory information, fight against fraud | Legal obligation, Legitimate interest | For the duration of the business relationship and 5 years after the end of the business relationship |
| Data relating to interactions with us (chat, e-mail, telephone) via our site and via our accounts on social networks, data relating to the use of products and services subscribed to in connection with banking, financial and transactional data | Statistical studies, Path improvement, Path modeling | Legitimate interest | For the duration of the contract and 5 years after the end of the business relationship |
| First name and surname, data relating to interactions with us (chat, e-mail, telephone) | Assistance of prospect or Customer, Execution of pre-contractual measures | Consent, legitimate interest | Until withdrawal of consent, 3 years maximum |
| First name, surname, e-mail address | Newsletters, commercial operations | Consent, Legitimate interest | Until withdrawal of consent, 3 years maximum |
| First name, surname, e-mail address, telephone number, training | Recruitment | Consent | 2 years from submission of application |
Please note that these retention periods will be suspended in the event of any legal action being brought against Spiko Finance or members of the company in connection with their duties.
Details of certain purposes:
- Execution of pre-contractual measures: Measures prior to the signature of a contract and which facilitate its conclusion, even in the absence of the actual conclusion of such a contract. These measures are only taken at the customer's initiative.
- Anti-fraud and AML-CFT: All the legal and regulatory rules designed to combat tax fraud, money laundering and the financing of terrorism. The opening of an account may be validated or invalidated on the basis of an automated decision by our systems.
- Regulatory information: Any information required by law or regulation to open an account, the refusal of which prevents the account from being opened or leads to its closure.
- Path improvement: In order to offer you an ever smoother experience of our services, we are constantly striving to improve our website and application.
3. Who will receive your data?
The following will have access to your personal data:
- Spiko Finance staff;
- Our subcontractors: hosting service provider (Amazon Web Services), newsletter sending service provider (Postmark), audience measurement and analysis service provider, cookie management tool, review management tool, appointment scheduling tool, form and survey management tool, webinar creation tool; etc.
- Our regulated partners (asset management companies, financing companies such as Defacto SAS);
- Public and private bodies, exclusively to meet our legal obligations.
4. Is your data transferred outside the EU?
Your data is kept and stored for the duration of the processing on Amazon Web Services servers, located in the European Union.
As part of the tools we use, your data may be transferred outside the European Union. The transfer of your data in this context is secured using the following tools:
- either the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, this country ensures a level of protection deemed sufficient and adequate to the provisions of the GDPR;
- or the data is transferred to a country whose level of data protection has not been recognized as adequate to the GDPR: in this case such transfers are based on appropriate safeguards indicated in Article 46 of the GDPR, tailored to each provider, including but not limited to the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or under an approved certification mechanism;
- or the data is transferred on the basis of one of the appropriate guarantees described in Chapter V of the GDPR.
5. What about your interactions with us on social networks?
In order to communicate with our active customers, prospects or social network users who might be interested in our services and news, we are present on several social networks. By accessing these social network platforms, you are subject to the general conditions and privacy policies of these operators. The processing of your personal data by these platforms is not controlled by Spiko Finance, which cannot therefore be held responsible for their actions. When you interact directly with us on these social networking platforms, we may process your personal data on the basis of your consent.
6. What are your rights and how can you exercise them?
You have the following rights with regard to your personal data:
- Right to information: this is precisely why we have drawn up this Policy. This right is provided for in Articles 13 and 14 of the GDPR.
- Right of access: you have the right to access all your personal data at any time, under Article 15 of the GDPR.
- Right of rectification: you have the right to rectify inaccurate, incomplete or obsolete personal data at any time pursuant to Article 16 of the GDPR.
- Right to limitation: you have the right to obtain the limitation of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
- Right to erasure: you have the right to demand that your personal data be erased, and to prohibit any future collection on the grounds set out in Article 17 of the GDPR.
- Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a breach of the applicable texts, in accordance with Article 77 of the GDPR.
- Right to define directives relating to the retention, deletion and communication of your personal data after your death.
- Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR states that you may withdraw your consent at any time. This withdrawal will not call into question the lawfulness of the processing carried out prior to the withdrawal.
- Right to portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a standard machine-readable format and to demand its transfer to the recipient of your choice.
- Right to object: under Article 21 of the GDPR, you have the right to object to the processing of your personal data. Please note, however, that we may continue to process them despite this objection, for legitimate reasons or the defense of legal rights.
You can exercise these rights by writing to us using the contact details below. We may ask you to provide additional information or documents to prove your identity.
7. Contact point for exercising your rights
- Contact email: dpo@spiko.finance
- Contact address: Spiko Finance, 16 rue des immeubles industriels, 75011 Paris, France
- Website: www.spiko.io
8. How can I find out about changes to this policy?
We regularly update this information document. We invite you to consult the latest version of this document on our website and we will inform you of any substantial changes via our website.
9. What is our cookie policy?
A cookie, or tracer, is a small computer file deposited and read on the user's terminal, whatever it may be, when browsing our website.
These files enable us to record certain information about your use of our website and application in order to continually improve your customer experience and allow you to access certain secure areas of the site.
We may use the following types of cookies:
- technical cookies, which enable customer authentication to the service and the security of the authentication mechanism, and which are therefore strictly necessary for the operation of the Site;
- audience measurement cookies, which enable us to compile statistics and analyze the number of visitors to our website.
The use of these cookies may lead to the collection of personal data, which is why you can manage cookies via the banner that appears when you visit our Site.
On your first visit to our Site, a banner will be displayed allowing you to select the cookies you wish to accept, to accept all of them or to refuse all of them, with the exception of cookies required for the proper operation of the Site. You can reverse your choice at any time by clicking on the "Set your cookies" tab displayed at the bottom of the page on our Website.