GDPR and FinaMetrica

FinaMetrica, a PlanPlus Global company, is committed to compliance with the General Data Protection Regulation (GDPR), which came into effect on the 25th May 2018.

Information security, data protection and privacy are fundamental to the successful operations of FinaMetrica and all PlanPlus Global companies. We are committed to creating and maintaining practical information security, data protection and privacy policies and procedures that demonstrate and ensure the integrity of our operations. In addition, these policies and safeguards secure the interests of our customers and partners.

Over the last few years, FinaMetrica have been working to develop and implement a number of appropriate controls, aligned with the International Standard ISO27001/2 to improve the overall security posture of the organisation. These controls contain appropriate technical and organisational measures, providing confidence to our customers and partners that reasonable and appropriate steps are been undertaken by FinaMetrica to ensure ongoing information security, data protection and privacy compliance.

We have been reviewing, updating and making changes to our processes, procedures, and policies to be in line with GDPR.

GDPR is aimed at enhancing the personal data protection of EU data subjects, fostering transparency and accountability around personal data collection, storage, access, use, transfer and processing. GDPR applies to organisations that hold, record, control or processes data of EU residents and is one of the most significant data privacy reforms in years, harmonising for the first time data protection laws across the EU.

We’ve created this page to update you on our GDPR activities. If you have further questions, please feel free to contact Alan Ha, FinaMetrica Data Protection Officer (DPO), at

Last reviewed: 30-November-2020.

What FinaMetrica is doing to ensure GDPR compliance:


Review of our data inventory, personal data processing and our data operations to ensure our software development, data handling and management practices meet the requirements of GDPR.



Appointment of a Data Protection Officer (DPO), Alan Ha, who is responsible for our data protection compliance. Alan can be reached at



Perform risk assessments of our business processes and processing activities and where necessary update and implement appropriate physical, technical and organisational measures to meet the requirements of GDPR.



Verifying and updating our arrangements and agreements with third party suppliers (for example: web hosts, developers, CRM platform and regional partners) to ensure that they are GDPR compliant.

In Progress


Review and update our privacy policy and terms and conditions to meet the requirements of GDPR.

Data Processing Agreement (DPA)
We will require all EU subscribers to re-accept our terms and conditions agreement (which includes the updated privacy policy) when they next log in after the 25th May. Note that our terms and conditions and privacy policy together forms our DPA with our subscribers.



Implement required changes to our policies and procedures, to meet the requirements of GDPR, including our consent opt-in process and notification to data subjects of their GDPR rights. You'll soon be receiving a notice from us in relation to the above.



Verifying and communicating our GDPR compliance to you.