Privacy Policy

Spread the love
Privacy Policy

Introduction and Overview

At Finance Firefly we aim to provide you the best details to ease your financial decisions.  We do so by giving authentic and up-to-date financial information that you can rely on. We provide details of various creditors, card issuers, and mortgage lenders to the growing audience of global decision-makers. You have to agree to all the privacy policy document to use the site.

By utilizing the inside news of the financial market, this Privacy Policy describes the information we gather, how we use your information, and essential steps taken to protect your information.

Scope of the Privacy Policy

This Privacy Policy applies to all the information you access through Finance Firefly.  By using our services, you consent to the stated Privacy policies on the page.

 If you wish to change any of the information we hold about you or update your preferences, you can be sent as the email.  For queries about how we process the information ,  the  following document list them in detail.

Information we collect

We collect information directly from you when you use affiliate links to prequalify for third-party credit cards, loan products or when you fill out any sort of the form available on our site.  In such cases we ask you to provide the following information:

  •  Name
  •  Email address
  •  Mailing address
  •  Phone number
  •  Date of birth
  •  Third-party financial account information  such as ID and passcode
  •  In some cases it can be financial information such as investments , income, expenses
  •  Gender, age, and all other demographic information
  •  In case you contact us through email or support, we have the track record of all the communication including but not limited to the phone recording for business use cases that are permitted by law.

 Important Note:  We do not store information regarding third party financial accounts  and passwords. Instead  third parties are solely responsible for the collection and processing and information at their end. If you are using the affiliate link to get credit cards it is important to check the terms and conditions of the card issuer separately.  

 Information collected automatically

When you visit  the Finance Firefly site and use the services , we automatically receive and record certain information at our end from your computer , web browser, mobile devices. The information that is automatically collected is as follows  :

  • IP address or another device address
  •  Web browser and  device type
  •  Geo-location data even if you are using the  site on a mobile device
  •  Hardware and software settings and their configurations
  •  Pages you view occasionally or frequently on the site
  •  Web pages you visit before or after visiting the site
  •  The actions you do on the site that include the electronic path you take to the site   also the usage and activity on the site such as the links and objects you view.
  •  Date and time when you visit the site or access or services

Cookie Information

As per the Privacy Policy, when you use our services, we send one or more cookies to your mobile device or computer. We may use both the session cookies and the persistent cookies.

  •  Session cookies are  the type of cookies that  disappear  when you close your browser
  •  Persistent cookies  are the type of cookies  that remain after you close your browser and may be used subsequently by the browser. If they are causing annoyance to see the full details then they can also be removed.  You can make changes by changing the cookie settings.

 How we use information

 This is one of the most important clauses on the Privacy Policy page.  Your information is an important part and hence we use it to provide the best possible services.  We use the information you provide in the following ways :

  • To know your demands and needs and enable more affiliate programs that can benefit you in long term
  •  To operate and improve our services and create new features and functionalities on our website
  •  To thoroughly analyze the trends and preferences of users across different mediums
  •  For utmost security and fraud detection
  • We may use the mail to contact you for administrative purposes such as customer service, right of privacy, and defamation issues or to send promotional materials or messages related to our services.
  •   If you want to opt out of receiving the promotional emails then you can reach out directly.
  •  We may or may not use the automatically collected information to
  •  Personalize the services so that we remember the exact information so that  you would not  have to enter it again and again whenever you visit any service
  •  Pre-filled forms
  •  Provide customized advertisements to individuals
  •  Monitor the key metrics of the site including the total number of visitors and the page  viewed
  •  Track the submissions  and status  in any promotion  or other activities
  •  To make recommendations regarding  financial products that you are interested in  including mortgage lenders , credit cards, personal loans, home loans and  much more

 Changes and Updates to the Privacy Policy

We have the due rights to change the privacy policy at any time. However after changing we will notify you about how we  are going to treat your information  including   placing important notifications on the site or email. The modifications done to the privacy policy will be implemented 30 days after the initial notification.While the immaterial modifications are implemented upon posting of the updated Privacy Policy.

To stay up to date, it is important to revisit the Privacy Policy page periodically. For any inconvenience in the future, the dispute will be resolved in accordance with the Privacy policy.

Contact information

If you are facing trouble or have any questions to ask about the Privacy policy , feel free to contact us, We will assist you in the best possible ways regarding your personally identifiable information, disclosure practices and other terms listed in the Privacy Policy .

 GDPR Policy

 Finance Firefly strictly adheres to the GDRP policy as stated below:

Data protection principles

If you process data, you have to do so according to seven protection and accountability principles outlined in Article 5.1-2:

  1. Lawfulness, fairness and transparency — Processing must be lawful, fair, and transparent to the data subject.
  2. Purpose limitation — You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.
  3. Data minimization — You should collect and process only as much data as absolutely necessary for the purposes specified.
  4. Accuracy — You must keep personal data accurate and up to date.
  5. Storage limitation — You may only store personally identifying data for as long as necessary for the specified purpose.
  6. Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
  7. Accountability — The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.


The GDPR says data controllers have to be able to demonstrate they are GDPR compliant. And this isn’t something you can do after the fact: If you think you are compliant with the GDPR but can’t show how, then you’re not GDPR compliant. Among the ways you can do this:

  • Designate data protection responsibilities to your team.
  • Maintain detailed documentation of the data you’re collecting, how it’s used, where it’s stored, which employee is responsible for it, etc.
  • Train your staff and implement technical and organizational security measures.
  • Have Data Processing Agreement contracts in place with third parties you contract to process data for you.
  • Appoint a Data Protection Officer (though not all organizations need one)

Data security

You’re required to handle data securely by implementing “appropriate technical and organizational measures.”

Technical measures mean anything from requiring your employees to use two-factor authentication on accounts where personal data are stored to contracting with cloud providers that use end-to-end encryption.

Organizational measures are things like staff trainings, adding a data privacy policy to your employee handbook, or limiting access to personal data to only those employees in your organization who need it.

If you have a data breach, you have 72 hours to tell the data subjects or face penalties. (This notification requirement may be waived if you use technological safeguards, such as encryption, to render data useless to an attacker.)

Data protection by design and by default

From now on, everything you do in your organization must, “by design and by default,” consider data protection. Practically speaking, this means you must consider the data protection principles in the design of any new product or activity. The GDPR covers this principle in Article 25.

Suppose, for example, you’re launching a new app for your company. You have to think about what personal data the app could possibly collect from users, then consider ways to minimize the amount of data and how you will secure it with the latest technology.

When you’re allowed to process data

Article 6 lists the instances in which it’s legal to process person data. Don’t even think about touching somebody’s personal data — don’t collect it, don’t store it, don’t sell it to advertisers — unless you can justify it with one of the following:

  1. The data subject gave you specific, unambiguous consent to process the data. (e.g. They’ve opted in to your marketing email list.)
  2. Processing is necessary to execute or to prepare to enter into a contract to which the data subject is a party. (e.g. You need to do a background check before leasing property to a prospective tenant.)
  3. You need to process it to comply with a legal obligation of yours. (e.g. You receive an order from the court in your jurisdiction.)
  4. You need to process the data to save somebody’s life. (e.g. Well, you’ll probably know when this one applies.)
  5. Processing is necessary to perform a task in the public interest or to carry out some official function. (e.g. You’re a private garbage collection company.)
  6. You have a legitimate interest to process someone’s personal data. This is the most flexible lawful basis, though the “fundamental rights and freedoms of the data subject” always override your interests, especially if it’s a child’s data.

Once you’ve determined the lawful basis for your data processing, you need to document this basis and notify the data subject (transparency!). And if you decide later to change your justification, you need to have a good reason, document this reason, and notify the data subject.


There are strict new rules about what constitutes consent from a data subject to process their information.

  • Consent must be “freely given, specific, informed and unambiguous.”
  • Requests for consent must be “clearly distinguishable from the other matters” and presented in “clear and plain language.”
  • Data subjects can withdraw previously given consent whenever they want, and you have to honor their decision. You can’t simply change the legal basis of the processing to one of the other justifications.
  • Children under 13 can only give consent with permission from their parent.
  • You need to keep documentary evidence of consent.

Data Protection Officers

Contrary to popular belief, not every data controller or processor needs to appoint a Data Protection Officer (DPO). There are three conditions under which you are required to appoint a DPO:

  1. You are a public authority other than a court acting in a judicial capacity.
  2. Your core activities require you to monitor people systematically and regularly on a large scale. (e.g. You’re Google.)
  3. Your core activities are large-scale processing of special categories of data listed under Article 9 of the GDPR or data relating to criminal convictions and offenses mentioned in Article 10. (e.g. You’re a medical office.)

You could also choose to designate a DPO even if you aren’t required to. There are benefits to having someone in this role. Their basic tasks involve understanding the GDPR and how it applies to the organization, advising people in the organization about their responsibilities, conducting data protection trainings, conducting audits and monitoring GDPR compliance, and serving as a liaison with regulators.

People’s privacy rights

You are a data controller and/or a data processor. But as a person who uses the Internet, you’re also a data subject. The GDPR recognizes a litany of new privacy rights for data subjects, which aim to give individuals more control over the data they loan to organizations. As an organization, it’s important to understand these rights to ensure you are GDPR compliant.

Below is a rundown of data subjects’ privacy rights:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision-making and profiling.