How Fininvo ensures compliance with the EU General Data Protection Regulation
February 28, 2026
March 1, 2026
1.0
You have the right to lodge a complaint with your local supervisory authority.
This GDPR Compliance Statement is published by Fininvo, a trade name of Prashbi Global Services Pvt. Ltd., a company incorporated under the laws of India (CIN: U52100KA2020PTC133490), with its registered office at Tholons Tower, 346 HIG, 17th Cross Rd, Dollars Colony, R.M.V. 2nd Stage, Bengaluru, Karnataka 560094, India. References to "Fininvo", "we", "us", or "our" in this document refer to Prashbi Global Services Pvt. Ltd..
Fininvo is fully committed to compliance with the General Data Protection Regulation (GDPR) and upholds the highest standards of data privacy and protection. We believe that strong data protection is not just a legal requirement, but a fundamental right of every individual.
At Fininvo, we believe every individual has the fundamental right to control their personal data. We are committed to transparency, accountability, and empowering our users and their customers with full control over their information.
Our approach to GDPR compliance is built on two core principles:
Data protection is integrated into the development of our platform from the outset, not added as an afterthought. Every feature is built with privacy considerations at its core.
The strictest privacy settings are applied by default. Only data that is necessary for a specific purpose is collected and processed, minimizing data exposure.
Dual Role: Fininvo acts as a Data Controller for account and billing data (e.g., your name, email, payment information) and as a Data Processor for the business data you store and manage within our platform (e.g., your customers' records, invoices, employee data).
Under GDPR Article 6, we rely on the following lawful bases for processing personal data. Each processing activity is mapped to a specific legal basis, ensuring full compliance and transparency.
Processing necessary for the performance of our contract with you, including providing ERP, HR, and payroll services, managing your account, and delivering customer support.
Processing for our legitimate business interests, such as improving our services, fraud prevention, network security, and internal analytics, balanced against your rights and freedoms.
Where required, we obtain your explicit, freely given, informed consent for specific processing activities such as marketing communications, cookies, and optional analytics.
Processing necessary to comply with legal obligations, including tax reporting, financial record-keeping, anti-money laundering requirements, and regulatory compliance.
Under the GDPR, individuals have the following rights regarding their personal data. Fininvo is committed to honoring all data subject rights promptly and transparently.
Request a copy of your personal data that we process, along with information about how it is used.
Request correction of inaccurate or incomplete personal data we hold about you.
Request deletion of your personal data when it is no longer necessary for the purpose it was collected.
Receive your personal data in a structured, machine-readable format and transfer it to another controller.
Request that we limit the processing of your personal data under certain circumstances.
Object to processing of your personal data based on legitimate interests or for direct marketing purposes.
Right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects.
All data subject rights are exercised free of charge. We respond to all requests within 30 days.
To exercise any of your data subject rights, follow the steps below. We have streamlined the process to make it as simple and efficient as possible.
Email dpo@fininvo.com with the subject line "DSAR" (Data Subject Access Request). Include your full name, the email address associated with your account, and a description of the rights you wish to exercise.
For your security, we will verify your identity within 3 business days of receiving your request. We may ask for additional information to confirm your identity and locate the relevant data.
We will respond to your request within 30 days of verification. In complex cases, we may extend this by an additional 60 days, but we will inform you of any extension and the reasons within the initial 30-day period.
For Fininvo Customers' End Users: If you are an end user of a Fininvo customer's platform (e.g., an employee managed through our HR module), please direct your data subject request to the relevant Fininvo customer (the Data Controller) first. Fininvo will assist the controller in fulfilling your request.
Fininvo has appointed a Data Protection Officer (DPO) to oversee our GDPR compliance efforts and serve as a point of contact for data subjects and supervisory authorities.
Prashbi Global Services Pvt. Ltd.
Phone
+91 9481306665Fininvo operates globally and may transfer personal data outside the European Economic Area (EEA). We ensure that all cross-border data transfers comply with GDPR Chapter V requirements through the following safeguards.
We use EU-approved Standard Contractual Clauses (SCCs) as the primary mechanism for transferring personal data to countries without an adequacy decision.
Where available, we rely on European Commission adequacy decisions that recognize a country as providing an adequate level of data protection.
Additional technical (encryption, pseudonymization) and organizational measures are implemented to supplement SCCs where necessary based on Transfer Impact Assessments.
Enterprise customers can choose their preferred data residency region: India (Mumbai), EU (Frankfurt), or US (Virginia) to meet local compliance requirements.
EU Data Residency: EU-based customers can opt to have all their data stored and processed exclusively within the EU (Frankfurt region), ensuring no personal data leaves the EEA. Contact our sales team or DPO for more information on data residency options.
Fininvo conducts Data Protection Impact Assessments (DPIAs) as required under GDPR Article 35 to evaluate and mitigate risks associated with data processing activities that are likely to result in a high risk to individuals' rights and freedoms.
Transparency: Summaries of relevant DPIAs can be shared with customers upon request as part of our commitment to transparency. Contact dpo@fininvo.com for more information.
In the event of a personal data breach, Fininvo follows a rigorous incident response process that complies with GDPR Articles 33 and 34. Timely notification is a cornerstone of our data protection commitment.
We notify the relevant supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to individuals' rights and freedoms, as required by GDPR Article 33.
When a breach is likely to result in a high risk to individuals, we communicate the breach to affected data subjects without undue delay, as required by GDPR Article 34.
Step 1 - Detection & Containment: Our security team identifies and contains the breach immediately to prevent further data exposure.
Step 2 - Assessment: We assess the nature, scope, and severity of the breach, including the categories and approximate number of individuals affected.
Step 3 - Notification: Supervisory authorities are notified within 72 hours. Affected customers and data subjects are notified without undue delay.
Step 4 - Remediation: We implement corrective measures, conduct a root cause analysis, and update our security controls to prevent recurrence.
Step 5 - Documentation: All breaches are documented in our breach register, including facts, effects, and remedial actions taken, regardless of whether notification was required.
Customer Notification: As a data processor, Fininvo will notify affected customers (data controllers) without undue delay upon becoming aware of a breach involving their data, enabling them to fulfill their own notification obligations.
Data Protection Officer
dpo@fininvo.comLegal Inquiries
legal@fininvo.comPhone
+91 9481306665CIN
U52100KA2020PTC133490
Registered Office
Prashbi Global Services Pvt. Ltd.
Tholons Tower, 346 HIG, 17th Cross Rd, Dollars Colony,
R.M.V. 2nd Stage, Bengaluru, Karnataka 560094, India