Last Updated: March, 2026
FISPAN Services Inc. (together with its subsidiaries and affiliates, collectively, “FISPAN”, “us”, “we”, “our”) is a technology company that provides a platform and solutions (the “FISPAN Platform”) that facilitate the exchange of business and financial data between FISPAN’s bank partners (“Bank Partners”) and their business clients (“Business Clients”) through connectivity with the applicable Bank Partner systems and each Business Client’s ERP (enterprise resource planning) or accounting systems (“ERP Systems”).
As a service provider to our Bank Partners, pursuant to agreements entered into with them, FISPAN enables payment, account and other related business data of the Business Client to be synced between the Bank Partner systems and the Business Client’s ERP System, resulting in streamlined payment processing, automatic reconciliation, and the availability of real-time reporting (the “Services”).
We access, collect, use and disclose information on a daily basis in order to provide the Services to our Bank Partners and, by extension, to their Business Clients. The confidentiality, privacy and security of all of the information we process, including personal information, is of utmost importance to us in terms of both our own ethical standards and legal obligations, as well as those of our Bank Partners and their Business Clients.
The specific purpose of this Privacy Policy is to explain what personal information we collect in our own right (e.g., via the FISPAN website, or at conferences or other events), for what purposes, and how we otherwise use, share and handle that personal information. In connection with this type of collection, FISPAN is the “controller” of your personal information.
When we collect or access personal information on behalf of our Bank Partners and their Business Clients in order to provide our Services, we are a “processor” and our Bank Partner (or its applicable affiliate or Business Client) is the “controller” of your personal information. These data processing practices are addressed in our Personal Information Processing Code of Practice (the “Processing Code”).
This Privacy Policy does not apply to, and FISPAN is not responsible for, any third party websites that may be accessible through links from the FISPAN website. If you follow a link to any of these third party websites, they will have their own privacy policies that you will need to review to understand how these third parties handle your personal information.
This Privacy Policy does not apply to FISPAN’s relationship with its own employees and contractors, which includes current, prospective and former employees and contractors, and the personal information exchange that occurs to establish, manage or end that relationship. The FISPAN Employee Handbook and associated policies govern our use of personal information in that context.
This Privacy Policy does not apply to FISPAN’s relationship with its own employees and contractors, which includes current, prospective and former employees and contractors, and the personal information exchange that occurs to establish, manage or end that relationship. The FISPAN Employee Handbook and associated policies govern our use of personal information in that context.
Direct collection from you for our own purposes. We may collect personal information, including your name, contact information, business affiliation(s) and any other personal information you choose to provide, directly from you when you:
in order to respond to your queries, to demonstrate our platform and solutions, and to otherwise engage with you (all with your consent).
Automated collection. When you visit our website or use our platform we collect usage information, such as your browsing history, IP address, and interaction with our online and service offerings, using cookies and other automated analytics tools. Please refer to the “How do we use cookies and other automated tools?” section of this Privacy Policy for further information about our practices and your choices.
Providing us with other people’s personal information. If you choose to provide us with personal information about another individual, you represent to us (and we rely on your representation) that you have the appropriate authority to disclose this information to us, and that we may use and disclose the third party information you provide to us in accordance with this Privacy Policy and applicable law. For example, if you are an accounting consultancy firm, ERP System provider, or fintech industry participant, and you wish to refer a potential Business Client to us to obtain information about our products and services, by providing the particular Business Client Representative’s name, contact information and any other personal information to us, you are representing that you have authority to disclose this information to us and that we have the authority to use this information to contact that individual.
For personal information for which we are the controller, we use personal information to:
Develop our products and services. If you have communicated with us regarding our products and services, whether by providing us with feedback, requesting additional or enhanced functionality, or otherwise, we may use this information and any related personal information that we have collected, as required, in order to further analyze, research, develop and test our current and future products and services (“R&D”).
Train our employees. We may record product demonstrations, onboarding sessions, technical support calls and other meetings or sessions in which you participate, for the purpose of training our employees and in order to conduct R&D. Where we record such interactions, we will provide you with advance notice of our intent to record.
Communicate with you. We may use your personal information to respond to your inquiries and to send you communications about our products and services. Where such communications are considered to be marketing communications, we will only reach out to you with your consent or as permitted by applicable law. For further information, please refer to the “Your Marketing Preferences” section of this Privacy Policy.
Practice security and fraud prevention. With a view to protecting you, us, our Bank Partners, the Business Clients and the public, we may use personal information to monitor, detect, and prevent or address fraud or improper or illegal activity.
Debug. We may use your personal information to debug our products and services, including online services, including our network and website.
De-identify. We may use personal information to create aggregated, anonymized or de-identified data or datasets, which, subject to applicable law, we may use for legitimate business purposes without restriction.
Comply with applicable law. We may use personal information as and only to the limited extent needed to comply with our legal and regulatory obligations, to participate in investigations, or to defend ourselves in or pursue litigation; in the EU context, see Article 6 (1) (c) of the EU General Data Protection Regulation (“ GDPR”).
All of the above processing purposes (with the exception of the last) serve our legitimate interests to maintain and enhance our services and to keep them secure, as well as to develop our business (in the context of the EU, see Article 6 (1) (f), GDPR). You are not under a statutory or contractual obligation to provide your personal data to us.
For personal information for which we are the controller, we disclose personal information as follows:
Engage with our Bank Partners. With your consent, we may provide personal information about you as a Business Client Representative to our Bank Partners in connection with their potential or actual relationships with your organization, in relation to it becoming a Business Client and accessing the FISPAN products and services in connection with such banking relationships. For example, if you contact us directly to inquire about FISPAN products and services, and you disclose to us information about your organization’s banking arrangements, we may offer to connect you with a Bank Partner for the purpose of onboarding to our products and services via that Bank Partner.
Enable our service providers. We may provide personal information to third parties who provide services to FISPAN when and only to the extent that disclosure of such personal information is required to enable the provision of services to FISPAN, and only where such third parties have agreed to abide by appropriate confidentiality, privacy and security requirements.
Other disclosures with consent. With your consent, we may provide personal information about you to a third party or parties for, and to the limited extent required to satisfy, reasonable purposes that we specify to you prior to making any such disclosure.
Obtain professional services. We may disclose personal information to professional services firms, such as our lawyers, accountants and auditors, when and only to the extent that such disclosure is required in order to enable us to obtain the corresponding professional services, and only where such third parties are bound by (or have agreed to abide by) appropriate confidentiality, privacy and security requirements.
Government, regulatory or law enforcement agencies. We reserve the right to disclose personal information, as required, in order to respond to valid and enforceable governmental demands or requests, court orders, or as otherwise required by law. We may disclose personal information, including to law enforcement agencies, to the extent necessary where we have reason to suspect fraud or a criminal act has occurred or is occurring. We may also disclose personal information where we have a good faith belief that it is necessary to do so in order to establish or protect the safety, rights or property of FISPAN or others.
Facilitate a merger, acquisition or business transfer. If we sell all or part of the assets of our company, or enter into a merger, consolidation or similar corporate event, we may disclose personal information to the other party(ies) to the transaction and their advisors and representatives (a) to the extent necessary to evaluate the transaction, and/or (b) to close the transaction (e.g., transfer the asset to the purchaser).
We do not sell personal information and we do not transfer personal information to third parties to use for their own purposes.
We may disclose anonymized or de-identified information at our discretion, subject to applicable laws.
Our Services are not intended for or directed to children or other persons who are under the age of 16 years old (“minors”). We do not knowingly collect, access or process the personal information of minors. If you are a minor, please do not provide us with any of your personal information without the express consent of your parent or guardian.
If you are a parent or guardian, and you become aware that a minor for whom you are responsible has provided us with their personal information without your express consent, please contact us using one of the methods listed in the “Contact Us” section of this Privacy Policy. If we learn that we have inadvertently collected the personal information of a minor without express parental/guardian consent, we will endeavor to securely and permanently delete that information.
We keep personal information only for as long as is reasonably necessary for the purposes described in this Privacy Policy and to comply with our legal, contractual and regulatory obligations, this is typically 7 years.
Depending on where you reside, you have certain rights in relation to your personal information.
In accordance with, and subject to, applicable privacy and data protection laws, you may have one or more of the following rights:
To exercise any of these rights, please reach out to us using any of the mechanisms set out in the “Contact Us” section of this Privacy Policy.
Please note that if and when you contact us to exercise your rights, we will need to take appropriate steps to verify your identity in order to ensure that only you or your authorized representative are able to make choices that affect your personal information. If you are an authorized representative making a request on behalf of another individual, we may request and require you to provide additional information to verify the nature and extent of your authorization.
There may be situations in which we are unable to grant your request. If we deny your request, in whole or in part, we will take steps to provide you with an explanation of our actions and the reason for the denial.
We respect that you have a choice about whether to receive direct marketing materials. FISPAN will only directly send you marketing materials if you have provided opt-in consent (where required), or as permitted by applicable law (e.g., if we have an existing business relationship). If you initially opt-in to receiving marketing materials from FISPAN, and you no longer wish to receive such marketing materials, you may opt-out at any time by following the “unsubscribe” or similar instructions that will be included in the marketing materials themselves. If and when we receive an unsubscribe request from you, we will act promptly to process that request.
Please note, however, that even if you opt-out of receiving marketing materials from us, depending on the nature of our relationship with you we may still be required to send you non-marketing communications such as technical or legal notices.
TRANSFER OF PERSONAL INFORMATION BETWEEN COUNTRIES
Your personal information is currently hosted in Canada or in the United States of America.
Personal information may be stored and processed in any country where we have facilities or in which we engage third party service providers (i.e., Canada and the United States). You acknowledge the transfer of information to countries outside your country of residence, which may have different privacy and data protection rules than the country where you reside. Your personal information is subject to the laws of the country where it is stored, and may be legally subject to disclosure to government, law enforcement or regulatory agencies, or as directed by an enforceable court order.
In all cases, FISPAN will handle your personal information in accordance with this Privacy Policy regardless of where your personal information is stored. Where we or a third party transfer your personal information outside the EU, we typically rely on Standard Contractual Clauses (available here) as a safeguard to ensure the same level of data protection as in the EU.
We follow generally accepted industry standards to protect the information we collect or access, and process, both during the transmission of that information and during our storage and processing of that information. We maintain appropriate physical, administrative and technical safeguards to protect personal information against unauthorized or unlawful access, use, modification, disclosure, loss, theft, disposal or destruction. We take steps to ensure that only authorized personnel who are aware of their and our privacy and confidentiality obligations are able to access personal information, and provide such access only on a limited, need-to-know basis.
We, our service providers, and our business partners may collect certain information about the use of our online services, including user’s online activities over time and across third party websites, by automated means, such as cookies, web beacons and other technologies.
The information that we may collect by automated means includes:
Web browsers may offer users of our online services the ability to disable the receipt of certain types of cookies; however, if cookies are disabled, some features or functionality of our website or apps may not function correctly. In addition, please note that our website does not currently have a mechanism to recognize various web browser “Do Not Track” signals. To learn more about browser tracking signals and Do Not Track, please visit www.allaboutdnt.org.
We do not, without your consent, share personal information as defined by California Civil Code §1798.83 (the “Shine the Light Law”) with third parties for their direct marketing purposes. If you are a California resident, you may request information about our compliance with the Shine the Light Law by sending an email to privacy.officer@fispan.com. Any such request must include “Request for California Privacy Information” in the subject line and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per individual each year, and we are not required to respond to requests made by means other than through this email address or the mailing address provided under “Contact Us”.
We may change this Privacy Policy at any time. We therefore encourage you to review this Privacy Policy whenever you visit the website to stay informed about how we handle personal information.
The date on which this Privacy Policy was most recently updated appears at the top of this page.
To contact FISPAN about this Privacy Policy, or your personal information that we hold as a controller, to exercise your rights and choices, or to make a complaint, please reach out to us:
