Compliance Policy

Finsight is committed to ongoing GDPR compliance. Finsight will execute a Data Processing Agreement (DPA) with clients, which pertains to how Finsight uses and protects Personal Data acting in the Processor Role. For more information, please contact privacy@finsight.com.

MiFID II Compliant

Under MiFID II, the European Securities & Markets Authority (ESMA) requires firms to have systems in place to accurately track all interactions such that a “national competent authority” can readily access and reconstitute each stage of the transaction process (and identify any corrections or amendments). Corporates are largely exempt from MiFID II unless they actively engage in derivatives (outside of hedging) or other broad capital market activities within the EU.

Finsight complies with EU-US data privacy laws and is both Swiss-US and EU-US Privacy Shield certified. We also ensure MiFID II compliance by providing:

• Instant, seamless and immutable record retention of all information shared with investors including logins, document shared/downloaded and location of access
• Free and unlimited access to historical data for unlimited authorized internal & external stakeholders
• Ability to self-generate analytical reports
• Minimum 7 year data retention

Privacy Shield Certified

For personal information that we receive from the European Union, Finsight has certified its compliance with the EU-U.S. Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the EU countries. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity Purpose Limitation and Recourse, Enforcement Liability when processing personal information from the EU in the U.S.

To access the Privacy Shield List and to find details of our certification, please visit: www.privacyshield.gov.

Standard Contractual Clauses

Since July of 2020, the Court of Justice of the European Union (CJEU) has upheld the validity of Standard Contractual Clauses (SCCs) as an adequate data transfer mechanism, including for transfers to the US, provided additional safeguards are met. In light of this, Finsight is making its Standard Contractual Clauses Addendum generally available. The execution of the SCCs combined with Finsight's existing data protection policies, such as encrypting data in transit and scrutinizing government requests for information, provide the additional protection required to transfer personal data from the EU to the US in compliance with GDPR. If your organization relied on Finsight's Privacy Shield certification, please reach out to privacy@finsight.com in order to execute the appropriate SCC as soon as possible. For now, Finsight also continues to abide by both the EU-US and Swiss-US Privacy Shield framework principles.

Rule 433 Compliant

Since January of 2013, Finsight has worked with the Staff of the Division of Trading and Markets of the Securities and Exchange Commission (“SEC”) to ensure that our products and services adhere to Rule 433 of the Securities Offering Reform of 2005 with respect to the transmission of electronic road shows in connection with public and private offerings of securities.

In May of 2013, the SEC informed Deal Roadshow that a “no-action” letter would not be necessary in light of the clarifications provided by the 2005 Securities Offering Reform as well as the similarities of our products and services with other market participants for which no-action letters have already been issued. The SEC’s conclusion that the Deal Roadshow products and services are covered by the 2005 Securities Offering Reform and other no-action letters affirmatively resolves the issue of whether or not our electronic roadshow solution and related products and services complies with the provisions of Rule 433.

Relevant links:

• 2005 SEC Securities Offering Reform https://www.sec.gov/rules/final/33-8591.pdf
• Letter 1 http://www.sec.gov/divisions/marketreg/mr-noaction/2011/roadshowbroadcast050611-15a.pdf
• Letter 2 http://www.sec.gov/divisions/marketreg/mr-noaction/2013/netroadshow012913-15c2-12.pdf

SOC 2 Certified

Finsight completes a SOC 2 Type II certification annually. The SOC 2 Type II report provides assurance to our clients that we have designed effective security controls as defined by the SOC 2 standards set forth by the American Institute of Certified Public Accountants (AICPA). A copy of the report is available under NDA. Please reach out to security@finsight.com to request a copy.