TheFinanceRoom legal
Privacy Policy and GDPR
How TheFinanceRoom collects, uses, stores and protects personal data.
Article 1 - Controller
TheFinanceRoom acts as controller for the personal data processed to operate the marketplace, manage accounts, process bookings, handle support and improve platform safety.
[NOTE AVOCAT] The legal entity, address and data protection contact must be completed before publication.
Article 2 - Data collected
TheFinanceRoom may process:
- identity and contact data such as name and email address;
- account and role data;
- candidate profile information, CV information where uploaded, preferences and booking history;
- interviewer profile, availability and payout-related information;
- messages, support requests, disputes and reviews;
- technical logs, device, security and cookie data;
- payment status and Stripe identifiers, but not raw card data.
Article 3 - Purposes and legal bases
Data may be processed to:
- create and manage accounts;
- provide marketplace bookings and payments;
- perform contracts with users;
- comply with legal obligations;
- prevent fraud, abuse and platform circumvention;
- answer support requests;
- improve service quality on the basis of legitimate interests where applicable;
- send marketing only where lawful consent or another valid basis applies.
Article 4 - Session data
Where enabled and disclosed, TheFinanceRoom may process meeting metadata, recordings or transcripts for attendance verification, quality assessment, dispute prevention and safety. Raw transcripts should be deleted after assessment unless retention is legally required.
[NOTE AVOCAT] Recording, transcription and retention rules require specific review and may require a DPIA/AIPD depending on final use.
Article 5 - Recipients and processors
Data may be shared with hosting providers, payment providers such as Stripe, email providers, analytics tools, support tools and professional advisers where necessary.
Article 6 - International transfers
Some providers, including Stripe, may process data outside the European Economic Area. TheFinanceRoom should rely on appropriate safeguards such as standard contractual clauses where required.
[NOTE AVOCAT] International transfer wording must be confirmed against the final subprocessor list.
Article 7 - Retention
Data is retained only for as long as necessary for the relevant purpose, legal obligations, accounting, disputes, fraud prevention and security. Detailed retention periods must be documented before launch.
Article 8 - User rights
Users may request access, rectification, deletion, restriction, objection and portability where applicable. Users may also lodge a complaint with the CNIL.
Article 9 - Cookies
Cookie and local storage use is described in the Cookie Policy. Non-essential cookies should be subject to consent where required.
Article 10 - Contact
Privacy requests may be sent to TheFinanceRoom's data protection contact to be completed before publication.