Privacy & Cookies Policy
- Use of our online Services
- Personal Data
- Your Consent
- Deleting your Personal Information
- Transfer of data
- Keeping Your Personal Information Secure
- Your Rights
- International transfer of data
- Third Party Links
- Changes to the Policy
- Cookies Policy
Iban (referred to as “Iban”, “we”, “us” or “our” in this notice) respects your privacy and is committed to protecting your personal data. This privacy notice explains what personal data we collect, what we do with it, who we share it with, how long we keep it for and what legal rights you have.
2. Use of our online Services
The personal data we hold about you
Your identity and contact data
This includes personal information about you (for example your name, date of birth, residential address, nationality, passport number) and your contact details. In most cases the information is provided by you during the set up and management of the Iban service, in the form of identity documents and any other personal data you have shared with us. In some cases, it may be provided by a third party where you have given your consent for them to share it with us. We may be provided with additional identity and contact data by third parties that we use to perform due diligence (for example, google search or fraud prevention agencies). In addition, we may source identity and contact data from publicly available sources such as company registers, or sanction lists.
Account and service data
This is information about your Iban products and any other products and services that you have obtained from us. It includes things like bank account numbers, account balances and information about transactions. The information is generated as you use our services and in some cases it is shared with us by the organisations we use to provide our account services.
Information you permit us to access on your phone
This is information stored on your phone that you explicitly permit us to access (for example, FaceID, TouchID).
This is information about the phone you use (for example the browser version, time zone settings, phone operating system, IMEI number, IP address and other technical settings). This information is collected automatically when you use the Iban app.
Special category data
This is information that is considered more sensitive by regulators and includes your race, ethnic origin, political views, religion, trade union membership, genetics, biometrics, health and sexual orientation. With the exception of the photo ID that you provide so we can verify your identity, we do not process this category of data. However, it is possible that we may hold special category data when it is included on documentation that you have given us (for example your ID document). When this is the case, we will only process this information in strict accordance with the law.
3. Personal Data
Use of your personal data
If the User fails to provide the personal data when processing of such data is necessary to enter into and fulfil the Agreement or required by statute, Iban cannot provide the Services.
Providing Services to the User
Upon submission of the Registration Application and registration with the Platform, personal data of the User is used to enter into the Agreement and create the Virtual Account to be used as a means to receive the Services. For all of the sub-purpose specified below, the User’s data is processed by Iban and our Collaborating Providers that provide servers, IT, accounting, communication, bank, CRM services and/or other subjects.
Identifying the User and concluding the Agreement
In order to identify the User and conclude the Agreement, the User’s data, Contact Information, Account data is used. Additionally, such data as the date of conclusion is processed as well. This data is necessary to verify the User’s identity, conclude and fulfil the Agreement, communicate with the User regarding the fulfilment of the Agreement. The personal data processing is based on the conclusion and fulfilment of the Agreement and compliance with such legitimate interests of Iban as informing the User about the activity in the Virtual Account and protection of its rights and interests in case of a dispute as well as to comply with the statutory obligation to keep information on business activities conducted.
Creating and maintaining the Virtual Account
In order to create and maintain the Virtual Account, the User’s data, Contact Information, and Account data is used.
This data is necessary to provide log in options in the Platform, to communicate with the User in case of any inquiries, to conduct surveys and to ensure a means by which the User can receive the Services. The personal data processing is based on the conclusion and fulfilment of the Agreement and compliance with such legitimate interests of Iban as maintenance of the Virtual Account, improvement of the Service quality, informing the User about the activity in the Virtual Account and protection of its rights and interests in case of a dispute.
In order to provide Services, the User’s data, Contact Information and Account data is used and other if necessary.
This data is necessary to verify the User’s identity, conclude and fulfil the Agreement, ensure money deposits and withdraws, send daily summaries and notices about cash deposits, to provide any related services arising from Agreement and/or any promotional campaigns, not only but also for cost estimation and analyses of marketing campaigns, as well as prevent fraud and abuse of services. The personal data processing is based on the conclusion and fulfilment of the Agreement and compliance with such legitimate interests of Iban as informing the User about the activity in the Virtual Account and protection of its rights and interests in case of a dispute.
Iban provides the User with the opportunity to opt-out from receiving certain notices in connection with the Services, such as daily summaries and notices about deposits. The User can choose which notices to receive in the Virtual Account.
Sending registration reminders
In order to provide Services and conclude the Agreement, Iban can send registration reminders to Users, who have not completed the registration process via e-mail.
Enforcement of statutory obligations
In order to fulfil the statutory obligations in the fields of accountancy and anti-money laundering and terrorist financing prevention, Iban processes the User’s data, Due diligence data, Communication Data, Contact Information and information specified by the User in the User’s questionnaire in accordance with the provisions of the laws and regulations of the jurisdiction of the applicable provider and the internal control system of Iban.
For the purpose specified above, the User’s data is processed by Iban and our Collaborating Providers that provide server, IT, User verification and accounting services.
As per the applicable laws and regulations Iban performs the due diligence of the User, which includes, but is not limited to, to identifying the User and verification of the User’s identity document and processing the Due diligence data.
Identification of the User and verification of the Users identification document is carried out via a verification procedure, which processes the Users data and the Due diligence data. During this process, the User submits a photo of the User’s identification document to the verification portal using the specially designed system of the verification portal.
This data processing is based on the necessity to conclude and perform the Agreement and to comply with the legal obligations of Iban in the field of anti-money laundering and terrorist financing prevention.
Sending of informational materials
Upon applying for receipt of informational materials the User agrees that User’s data, Contact Information, and certain Account data (funds invested and incoming payments) is used to prepare an appropriate commercial communication for the User based on the User’s data available to Iban, using profiling, and to segment the User into a certain category.
Informational materials include any and all communication from Iban that is not connected to providing Services, the fulfilment of the Agreement or other essential information (such as a notice that the term of the provided personal identity number will expire).
Iban uses profiling, i.e., automatic means for processing personal data, which allows Iban to assess the Users interests, to determine which Services are most suitable for the User, to analyse the User’s activity and to segment the User into a certain category.
For the purpose specified above, the User’s data is processed by Iban and our Collaborating Providers that provide server, IT, email and message delivery platform services. Iban processes User’s personal data until the User withdraws the consent to receive informational materials or, in some cases, when the necessity to keep evidence that consent has been received is no longer in force. Withdrawing consent for receiving informational materials does not affect the consent given to process information obtained through cookies.
Service quality control
On the basis of the legitimate interest of Iban to improve the quality of the Services, Iban, within the aim to evaluate and control the quality of the Services, processes at least the Contact data when communicating with the User.
For the purpose specified above, the User’s data is processed by Iban and our Collaborating Providers that provide server, IT and call recording services.
Compilation of statistical data
On the basis of the legitimate interest of Iban to compile statistical data regarding the Services used by the Iban, to improve the Service quality and to develop Services, Iban, with the aim to analyse information related to the provision of the Services, processes summarised information regarding the User’s data, Contact Information and Account data.
For the purpose specified above, the User’s data is processed by Iban and our cooperation partner that provides server, IT and analytical services.
4. Your Consent
We will only proceed to use your Account Information, including any Personal Information, once you have given us explicit consent to use such information.
How do I remove my consent?
If, for whatever reason, you no longer give your consent for us to process your Personal Information, you are able to remove you consent by contacting us at our email address which is found in the contact information.
You can also withdraw your consent for us to process your Personal Information for marketing purposes, while retaining consent for correspondence relevant to the core service. You are able to do this by contacting us at our email address which is found in the contact information.
Change in purpose
We will only use your personal data for the purposes for which it was collected unless we reasonably consider that we need to use it for another purpose which is compatible with the original purpose.
If we need to use your personal data for a purpose that is not related to the purpose for which we collected your data, we will notify you explaining the legal basis which allows us to do so.
In certain circumstances, we may anonymise your personal data (so that it can no longer be associated to you) for research purposes or statistical analysis. In this case, we can use this information indefinitely without prior notice.
5. Deleting your Personal Information
We will not use, process or store you Personal Information for longer than is strictly necessary. The Personal Information will be kept whilst there is a business relationship or whilst it is necessary to carry out our Services, including our requirement to comply with our legal requirements.
6. Transfer of data
We may share your Personal Data with selected third parties, including business suppliers, distributors and sub contractors, when it is necessary for the delivery of our Service, or when there is a legal basis to do so.
The aforementioned third parties only collect, use and disclose your information in the ways indicated by us in order to provide adequate services. The third parties can share your data with other third parties for other purposes when they have legally acquired your prior consent.
7. Keeping Your Personal Information Secure
We take the security of your personal information very seriously and have appropriate physical, technical and administrative procedures in place to help protect your personal information from unauthorised access, use or disclosure as required by law.
Once we have received your user information, we will use strict procedures and security features to try to prevent unauthorised access including: by encrypting any Personal Information which we transfer to our banking partner; and having in place an agreement with our banking partner which requires it to have in place appropriate measures to safeguard the security of the Personal Information we send to them.
8. Your Rights
You can, at any moment, revoke the given agreement or request to exercise the following rights to Iban:
- The right to access the personal information we are using.
- The right to ask about the collection and use of your personal data.
- The right to rectify when there is incomplete or inaccurate information.
- The right to eliminate your personal data in certain cases such as when removing your consent, when the treatment of your data is illegal or when your data is no longer necessary.
- The right to request limits to the treatment of your data in certain cases such as when you contest the accuracy of your data or when the treatment of your data is illegal.
- The right to receive an electronic copy of your personal data or request that a copy of your personal data is sent directly to another person.
- The right to oppose the treatment of your data in certain circumstances.
Exercising your rights
If you wish to invoke any of the aforementioned rights, you may contact us by email at firstname.lastname@example.org.
When making such a request, you must include:
- your name,
- your address,
- the period for which you wish to access your information (where applicable)
Making a complaint to a supervisory authority
Should you be dissatisfied or suspect that the use of your Personal Data violates your risk and interests with the applicable regulatory enactments, you have the right to submit complaints regarding the use of Personal Data to the European Data Protection Supervisor (https://edps.europa.eu/node/75_en) or corresponding local authority.
9. International transfer of data
We inform you that some of our suppliers and selected third parties in this Policy are situated outside of the European Economic Area (EEA). As such, the processing of personal data may be associated with an international transfer outside the EEA. In the case of such transfers, we will provide contractual guarantees in which the receiver of personal data will ensure an adequate level of protection as required in the EEA.
11. Changes to the Policy
In the case of modifying this policy, we will publish here the changes with a date on which the change was made. If we make a significant change, we may notify you through other means such as by email or by publishing a notice on our webpage.