top of page

Privacy Policy

Global Finances LLC

Data Processing Addendum (DPA)
To the Subscription Agreement for GFSYS, GF-POS, and WOLOP
Effective Date: July 31, 2025
Version: 2.0


1. Purpose and Scope
This Data Processing Addendum (“DPA”) is entered into as an integral part of the Master SaaS Agreement or Subscription Agreement (the “Agreement”) between the Customer (“Controller”) and Global Finances LLC (“Processor”) for the processing of Personal Data in connection with the provision of GFSYS, GF-POS, and WOLOP services.

Contractual Precedence: In the event of any conflict between this DPA and the Agreement or a separately executed contract, the terms of the signed contract shall control.


2. Definitions
- Agreement: The principal agreement governing the use of services provided by Global Finances.
- Controller: The entity determining the purposes and means of processing Personal Data.
- Processor: Global Finances LLC, acting on behalf of the Controller.
- Data Subject: Any identified or identifiable natural person.
- Personal Data: Any information relating to a Data Subject.
- Subprocessor: Any third party engaged to process Personal Data on behalf of Global Finances.
- Applicable Laws: Includes GDPR, CCPA/CPRA, and other data protection laws applicable to the Customer and the Services.


3. Processing Details
- Subject Matter: Processing of Personal Data for cloud-based ERP, POS, and middleware services.
- Duration: For the term of the Agreement and a 30-day retention period thereafter.
- Nature & Purpose: Hosting, managing, transmitting, and analyzing Personal Data per Customer instructions.
- Data Categories: Contact data, IDs, employment info, login credentials, activity logs.
- Data Subjects: Employees, users, suppliers, contractors, clients of the Customer.


4. Controller Obligations
- Obtain all required consents and legal bases for processing and transferring Personal Data.
- Ensure no instructions to the Processor violate Applicable Laws.
- Remain solely responsible for lawfulness of processing and disclosure.


5. Processor Obligations
Global Finances agrees to:
- Process Personal Data only under documented instructions.
- Implement industry-standard technical and organizational safeguards.
- Train personnel and ensure confidentiality agreements are in place.
- Assist in responding to Data Subject rights requests (access, rectification, deletion).
- Maintain processing activity records under GDPR Article 30.


6. Subprocessors
- Global Finances may engage Subprocessors to support its services.
- All Subprocessors are bound by data processing agreements with equivalent obligations.
- A current list of Subprocessors is available upon request.
- Controller will be notified in advance and may object within 30 days of a proposed change.


7. Security and Confidentiality
- Security controls include encryption, access restrictions, backups, and incident monitoring.
- Frameworks followed: ISO 27001, SOC 2 Type II, and other relevant best practices.
- All personnel are subject to strict confidentiality obligations.


8. Personal Data Breach
- Global Finances shall notify the Customer within 48 hours of discovery.
- Notification includes nature, scope, mitigation steps, and regulatory reporting if applicable.
- Cooperation will be provided for any required remediation.


9. Data Transfers and International Compliance
- Transfers outside the EEA shall be made using Standard Contractual Clauses (SCCs) or similar safeguards.
- Transfers comply with frameworks such as the EU-U.S. Data Privacy Framework where applicable.
- Data residency services are available per subscription level or agreement.


10. Global Trade and Export Compliance
- Both parties agree to comply with U.S. export control regulations, including OFAC and EAR.
- Customer shall not use the Services in sanctioned countries or for prohibited uses.
- Global Finances reserves the right to suspend or terminate Services to prevent non-compliance.


11. Data Retention and Deletion
- Upon expiration or termination, Global Finances retains Personal Data for a maximum of 30 days.
- During this period, Customer may request return or deletion of the data.
- After the retention window, data will be securely and irreversibly deleted, unless legally required otherwise.


12. Audits and Certifications
- Customer may conduct an audit (no more than once per year) with 30 days’ notice.
- Audits must respect confidentiality terms and be performed during normal business hours.
- Independent certifications and compliance summaries may also be made available.


13. Indemnity and Liability
- Each Party remains liable for its own data protection obligations under Applicable Laws.
- Liability under this DPA is subject to the limitations and exclusions of the underlying Agreement.


14. Governing Law and Jurisdiction
This DPA is governed by the laws of the State of Maryland, USA, without regard to conflict of law principles.
Disputes shall be resolved as provided in the Agreement (e.g., arbitration or judicial resolution).


15. Contact Information
Global Finances LLC
2442 Wood Stream Ct., Ellicott City, MD 21042, USA
Email: legal@globalfinances.us
Web: www.globalfinances.us

Security & Compliance Overview
For GFSYS, GF-POS, and WOLOP Platforms
Effective Date: July 31, 2025
Version: 2.0


1. Commitment to Security
At Global Finances LLC, security is a foundational principle. Our platforms (GFSYS, GF-POS, and WOLOP) are built with multi-layered, enterprise-grade controls in accordance with industry-leading standards including:
- ISO/IEC 27001
- SOC 2 Type II
- NIST Cybersecurity Framework

Contractual Precedence: In case of any conflict between this Overview and a separately signed agreement with Global Finances LLC, the terms of the signed agreement shall prevail.


2. Data Security Measures
2.1. Encryption
- TLS 1.2+ for data in transit
- AES-256 for data at rest
- End-to-end encryption across APIs and records

2.2. Access Control
- Role-Based Access Control (RBAC)
- Least-privilege enforcement
- Multi-Factor Authentication (MFA) for privileged users
- Full access audit logs

2.3. Network & Perimeter Security
- Firewalls and network segmentation
- DDoS mitigation at infrastructure layer
- Intrusion detection and vulnerability scanning

2.4. Application Security
- Secure development lifecycle (SDLC)
- Static/dynamic code analysis
- Threat modeling and CI/CD security checks
- OWASP Top 10 mitigations by design


3. Operational Security
3.1. Monitoring
- 24/7 real-time monitoring with anomaly detection
- SIEM integration for centralized log management

3.2. Incident Response
- Documented response plans
- Customer notification within 48 hours of confirmed breach
- Cross-functional incident resolution (legal, technical, compliance)

3.3. Change Management
- ITIL-compliant workflows
- Change approval and rollback plans
- Risk scoring for critical changes


4. Compliance and Assurance
Global Finances complies with key legal and regulatory requirements, including:
- GDPR, CCPA/CPRA, and data protection laws
- HIPAA (where applicable)
- PCI DSS compliance for GF-POS payment modules
- U.S. EAR and OFAC sanctions compliance
- AML (Anti-Money Laundering) controls
- Annual SOC 2 Type II / SSAE-18 audits


5. Privacy and Data Protection
- Our Data Processing Addendum (DPA) governs Personal Data processing
- No customer data is sold or used for third-party marketing
- GDPR and CCPA rights are supported through self-service tools and support channels
- Processing is strictly purpose-limited and contractually defined


6. Physical Security and Hosting
Our infrastructure partners include AWS, Oracle, and Azure, hosted in Tier IV data centers with:
- Biometric access controls
- 24/7 video surveillance
- Redundant power/cooling systems
- Geographic redundancy and data sovereignty options


7. Employee and Vendor Controls
- All employees undergo background checks prior to production access
- Mandatory security training and NDA execution
- Third-party vendors are risk-assessed and reviewed regularly


8. Business Continuity & Disaster Recovery (BC/DR)
- DR plans are tested at least annually
- Documented Recovery Time Objective (RTO) and Recovery Point Objective (RPO) per service
- Daily data backups, replicated across secure geographic zones


9. Audit and Risk Management
- Annual third-party penetration testing for all major systems
- Internal risk assessments conducted quarterly
- Clients may request security reports or arrange a compliance review via their account manager


10. Contact and Escalation
To report a security concern or request a compliance document, contact:

Global Finances LLC
2442 Wood Stream Ct., Ellicott City, MD 21042, USA
Email: support@globalfinances.us
Web: www.globalfinances.us

 

 

GDPR / CCPA Rights Notice
Applicable to GFSYS, GF-POS, and WOLOP Services
Effective Date: July 31, 2025
Version: 2.0


1. Introduction
At Global Finances LLC, we respect your privacy and are committed to protecting personal data. This Rights Notice outlines your rights under:
- The General Data Protection Regulation (GDPR) for residents of the European Economic Area (EEA) and the United Kingdom
- The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA) for California residents

Contractual Precedence: In case of any inconsistency between this Notice and a separately executed agreement with Global Finances, the signed agreement shall prevail.


2. Scope of Applicability
This Notice applies to you if you are:
- A resident of the EEA or UK (subject to GDPR)
- A resident of California, USA (subject to CCPA/CPRA)


3. Your Rights Under GDPR
If you are a resident of the EEA or the UK, you have the following rights regarding your personal data:
- Right to Access – Obtain confirmation of processing and access to your data
- Right to Rectification – Correct inaccurate or incomplete personal data
- Right to Erasure – Request deletion under specified conditions (“right to be forgotten”)
- Right to Restriction – Request limited processing of your data
- Right to Data Portability – Receive data in a portable, structured format
- Right to Object – Object to processing based on legitimate interests or direct marketing
- Right to Withdraw Consent – Withdraw your consent at any time
- Right to Lodge a Complaint – File a complaint with a supervisory authority


4. Your Rights Under CCPA / CPRA
If you are a California resident, you are entitled to:
- Right to Know – What personal information we collect, use, disclose, or sell
- Right to Delete – Request deletion of your personal information
- Right to Opt-Out – Prevent your personal data from being sold or shared
- Right to Correct – Request corrections of inaccurate personal data
- Right to Limit Use of Sensitive Information – Restrict how certain data is used
- Right to Non-Discrimination – Equal service and pricing regardless of exercising your privacy rights


5. How to Exercise Your Rights
To exercise your rights under either GDPR or CCPA/CPRA:
Email: legal@globalfinances.us

Requests must include enough information for us to verify your identity. You may appoint an authorized agent to make the request on your behalf.


6. Data Collection and Processing Purposes
We collect and process personal data to:
- Deliver and improve our services
- Fulfill contractual and legal obligations
- Ensure platform security and integrity

For full details, please review our Privacy Policy at: https://www.globalfinances.us/privacy-policy.


7. Retention and International Transfers
- We retain data as required for business, legal, or regulatory purposes
- Personal data may be transferred outside your jurisdiction under appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms


8. Contact and Dispute Resolution
If you believe your rights under GDPR or CCPA have been infringed:
- Contact our legal team at legal@globalfinances.us
- We will investigate and respond promptly
- You also have the right to escalate the issue to a data protection authority (GDPR) or California Attorney General’s Office (CCPA)
 

bottom of page