Privacy & Cookies Policy


1. Introduction

Iban (referred to as “Iban”, “we”, “us” or “our” in this notice) respects your privacy and is committed to protecting your personal data. This privacy notice explains what personal data we collect, what we do with it, who we share it with, how long we keep it for and what legal rights you have.

2. Use of our online Services

The personal data we hold about you

Your identity and contact data

This includes personal information about you (for example your name, date of birth, residential address, nationality, passport number) and your contact details. In most cases the information is provided by you during the set up and management of the Iban service, in the form of identity documents and any other personal data you have shared with us. In some cases, it may be provided by a third party where you have given your consent for them to share it with us. We may be provided with additional identity and contact data by third parties that we use to perform due diligence (for example, google search or fraud prevention agencies). In addition, we may source identity and contact data from publicly available sources such as company registers, or sanction lists.

Account and service data

This is information about your Iban products and any other products and services that you have obtained from us. It includes things like bank account numbers, account balances and information about transactions. The information is generated as you use our services and in some cases it is shared with us by the organisations we use to provide our account services.

Information you permit us to access on your phone

This is information stored on your phone that you explicitly permit us to access (for example, FaceID, TouchID).

Technical data

This is information about the phone you use (for example the browser version, time zone settings, phone operating system, IMEI number, IP address and other technical settings). This information is collected automatically when you use the Iban app.

Analytics

This includes information about how you interact with our services. We collect this information automatically when you visit our website or use the Iban app. Our use of cookies to help us achieve this is explained in our cookie policy in Section 12.

Special category data

This is information that is considered more sensitive by regulators and includes your race, ethnic origin, political views, religion, trade union membership, genetics, biometrics, health and sexual orientation. With the exception of the photo ID that you provide so we can verify your identity, we do not process this category of data. However, it is possible that we may hold special category data when it is included on documentation that you have given us (for example your ID document). When this is the case, we will only process this information in strict accordance with the law.

3. Personal Data

‍Use of your personal data

If the User fails to provide the personal data when processing of such data is necessary to enter into and fulfil the Agreement or required by statute, Iban cannot provide the Services.

Use of cookies

The Platform uses cookies to maintain and improve the operation of the Platform. Information on the use of cookies is available in Section 12 of this Privacy and Cookies Policy.

Providing Services to the User

Upon submission of the Registration Application and registration with the Platform, personal data of the User is used to enter into the Agreement and create the Virtual Account to be used as a means to receive the Services. For all of the sub-purpose specified below, the User’s data is processed by Iban and our Collaborating Providers that provide servers, IT, accounting, communication, bank, CRM services and/or other subjects.

Identifying the User and concluding the Agreement

In order to identify the User and conclude the Agreement, the User’s data, Contact Information, Account data is used. Additionally, such data as the date of conclusion is processed as well. This data is necessary to verify the User’s identity, conclude and fulfil the Agreement, communicate with the User regarding the fulfilment of the Agreement. The personal data processing is based on the conclusion and fulfilment of the Agreement and compliance with such legitimate interests of Iban as informing the User about the activity in the Virtual Account and protection of its rights and interests in case of a dispute as well as to comply with the statutory obligation to keep information on business activities conducted.

Creating and maintaining the Virtual Account

In order to create and maintain the Virtual Account, the User’s data, Contact Information, and Account data is used.

This data is necessary to provide log in options in the Platform, to communicate with the User in case of any inquiries, to conduct surveys and to ensure a means by which the User can receive the Services. The personal data processing is based on the conclusion and fulfilment of the Agreement and compliance with such legitimate interests of Iban as maintenance of the Virtual Account, improvement of the Service quality, informing the User about the activity in the Virtual Account and protection of its rights and interests in case of a dispute.

Providing Services

In order to provide Services, the User’s data, Contact Information and Account data is used and other if necessary.

This data is necessary to verify the User’s identity, conclude and fulfil the Agreement, ensure money deposits and withdraws, send daily summaries and notices about cash deposits, to provide any related services arising from Agreement and/or any promotional campaigns, not only but also for cost estimation and analyses of marketing campaigns, as well as prevent fraud and abuse of services. The personal data processing is based on the conclusion and fulfilment of the Agreement and compliance with such legitimate interests of Iban as informing the User about the activity in the Virtual Account and protection of its rights and interests in case of a dispute.

Iban provides the User with the opportunity to opt-out from receiving certain notices in connection with the Services, such as daily summaries and notices about deposits. The User can choose which notices to receive in the Virtual Account.

Sending registration reminders

In order to provide Services and conclude the Agreement, Iban can send registration reminders to Users, who have not completed the registration process via e-mail.

Enforcement of statutory obligations

In order to fulfil the statutory obligations in the fields of accountancy and anti-money laundering and terrorist financing prevention, Iban processes the User’s data, Due diligence data, Communication Data, Contact Information and information specified by the User in the User’s questionnaire in accordance with the provisions of the laws and regulations of the jurisdiction of the applicable provider and the internal control system of Iban.

For the purpose specified above, the User’s data is processed by Iban and our Collaborating Providers that provide server, IT, User verification and accounting services.

Due diligence

As per the applicable laws and regulations Iban performs the due diligence of the User, which includes, but is not limited to, to identifying the User and verification of the User’s identity document and processing the Due diligence data.

Identification of the User and verification of the Users identification document is carried out via a verification procedure, which processes the Users data and the Due diligence data. During this process, the User submits a photo of the User’s identification document to the verification portal using the specially designed system of the verification portal.

This data processing is based on the necessity to conclude and perform the Agreement and to comply with the legal obligations of Iban in the field of anti-money laundering and terrorist financing prevention.

Sending of informational materials

Upon applying for receipt of informational materials the User agrees that User’s data, Contact Information, and certain Account data (funds invested and incoming payments) is used to prepare an appropriate commercial communication for the User based on the User’s data available to Iban, using profiling, and to segment the User into a certain category.

Informational materials include any and all communication from Iban that is not connected to providing Services, the fulfilment of the Agreement or other essential information (such as a notice that the term of the provided personal identity number will expire).

Iban uses profiling, i.e., automatic means for processing personal data, which allows Iban to assess the Users interests, to determine which Services are most suitable for the User, to analyse the User’s activity and to segment the User into a certain category.

For the purpose specified above, the User’s data is processed by Iban and our Collaborating Providers that provide server, IT, email and message delivery platform services. Iban processes User’s personal data until the User withdraws the consent to receive informational materials or, in some cases, when the necessity to keep evidence that consent has been received is no longer in force. Withdrawing consent for receiving informational materials does not affect the consent given to process information obtained through cookies.

Service quality control

On the basis of the legitimate interest of Iban to improve the quality of the Services, Iban, within the aim to evaluate and control the quality of the Services, processes at least the Contact data when communicating with the User.

For the purpose specified above, the User’s data is processed by Iban and our Collaborating Providers that provide server, IT and call recording services.

Compilation of statistical data

On the basis of the legitimate interest of Iban to compile statistical data regarding the Services used by the Iban, to improve the Service quality and to develop Services, Iban, with the aim to analyse information related to the provision of the Services, processes summarised information regarding the User’s data, Contact Information and Account data.

For the purpose specified above, the User’s data is processed by Iban and our cooperation partner that provides server, IT and analytical services.

5. Deleting your Personal Information

We will not use, process or store you Personal Information for longer than is strictly necessary. The Personal Information will be kept whilst there is a business relationship or whilst it is necessary to carry out our Services, including our requirement to comply with our legal requirements.

‍6. Transfer of data

We may share your Personal Data with selected third parties, including business suppliers, distributors and sub contractors, when it is necessary for the delivery of our Service, or when there is a legal basis to do so.

The aforementioned third parties only collect, use and disclose your information in the ways indicated by us in order to provide adequate services. The third parties can share your data with other third parties for other purposes when they have legally acquired your prior consent.

‍7. Keeping Your Personal Information Secure

‍We take the security of your personal information very seriously and have appropriate physical, technical and administrative procedures in place to help protect your personal information from unauthorised access, use or disclosure as required by law.

Once we have received your user information, we will use strict procedures and security features to try to prevent unauthorised access including: by encrypting any Personal Information which we transfer to our banking partner; and having in place an agreement with our banking partner which requires it to have in place appropriate measures to safeguard the security of the Personal Information we send to them.

8. Your Rights

You can, at any moment, revoke the given agreement or request to exercise the following rights to Iban:

  • The right to be provided with certain information regarding how we collect, use and share you personal information and our legal basis for doing so. This information can be found in this Privacy Policy.
  • The right to access the personal information we are using.
  • The right to ask about the collection and use of your personal data.
  • The right to rectify when there is incomplete or inaccurate information.
  • The right to eliminate your personal data in certain cases such as when removing your consent, when the treatment of your data is illegal or when your data is no longer necessary.
  • The right to request limits to the treatment of your data in certain cases such as when you contest the accuracy of your data or when the treatment of your data is illegal.
  • The right to receive an electronic copy of your personal data or request that a copy of your personal data is sent directly to another person.
  • The right to oppose the treatment of your data in certain circumstances.

Exercising your rights

If you wish to invoke any of the aforementioned rights, you may contact us by email at privacy@banwallet.com.

When making such a request, you must include:

  • your name,
  • your address,
  • the period for which you wish to access your information (where applicable)

Making a complaint to a supervisory authority

Should you be dissatisfied or suspect that the use of your Personal Data violates your risk and interests with the applicable regulatory enactments, you have the right to submit complaints regarding the use of Personal Data to the European Data Protection Supervisor (https://edps.europa.eu/node/75_en) or corresponding local authority.

9. International transfer of data

We inform you that some of our suppliers and selected third parties in this Policy are situated outside of the European Economic Area (EEA). As such, the processing of personal data may be associated with an international transfer outside the EEA. In the case of such transfers, we will provide contractual guarantees in which the receiver of personal data will ensure an adequate level of protection as required in the EEA.

11. Changes to the Policy

In the case of modifying this policy, we will publish here the changes with a date on which the change was made. If we make a significant change, we may notify you through other means such as by email or by publishing a notice on our webpage.

12. Cookies Policy

‍We collect data about how you interact with our website through the use of cookies. Our website uses cookies to distinguish you from other users of our website. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. You can find out more information about cookies at www.allaboutcookies.org. We use cookies to enhance the online experience of our visitors and to better understand how our Site is used. Cookies may tell us, for example, whether you have visited our site before or whether you are a new visitor. They can also help to ensure that adverts you see online are more relevant to you and your interests. When you browse the Site, we automatically receive your computer’s internet protocol (IP) address. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.