Customer Privacy Notice
Effective 01 September 2023
Table of content
- About us
- Why do I need to read this notice?
- What personal data do you collect about me?
- What is your legal basis for using my personal data?
- How do you use my personal data?
- Do you make automated decisions about me?
- Do you run credit checks on me?
- How do you use my personal data for marketing?
- What are my rights?
- How do I exercise my rights?
- Do you share my personal data with anyone else?
- Will my personal data go outside Europe?
- How do you protect my personal data?
- How long will you keep my personal data for?
- How will you keep me updated about how you use my personal data?
Bankata Online SRL is the owner of Bankata.ro and Bankata app and it’s organized and existing under the laws of Romania with Trade Register number J40/3719/02.03.2021, with sole registration code no. RO43831593.
We’re committed to protecting and respecting your privacy. We will:
- always keep your personal data safe and private
- never sell your personal data
- allow you to manage and review your marketing choices at any time
Why do I need to read this notice?
We collect your personal data when you use:
- our website at bankata.ro
- the Bankata app
- any of the services available to you through the Bankata app or website
- We may also collect your personal data from other people or companies. We explain how this can happen in more detail in the What personal data do you collect about me? section below.
When we say ‘personal data’, we mean information which:
- we know about you (for example, we know what accounts you have registered with us)
- can be used to personally identify you (for example, a combination of your name and postal address)
This notice explains what information we collect, how we use it, and your rights if you want to change how we use your personal data.
If you have concerns about how we use your personal data, you can contact email@example.com
What personal data do you collect about me?
We collect the information you provide when you:
- ﬁll in any forms
- correspond with us
- respond to any of our surveys
- register to use the Bankata app
- give us access to your other ﬁnancial accounts through Open Banking
- take part in online discussions or promotions
- speak with a member of our social media or customer support teams (either on the phone or through the Bankata app)
- enter a competition or share information with us on social media
- contact us for other reasons
- We will collect the following information:
- your name, address, and date of birth
- your email address, phone number and details of the device you use (for example, your phone, computer or tablet)
- your registration information
- details of your bank accounts, including the account number, sort code and IBAN
- details of debit or credit cards you have registered with us including the card number, expiry date and CVC (the last three digits of the number on the back of the card)
- copies of your identiﬁcation documents (for example, your national ID, passport or driving licence) and any other information you provide to prove you are eligible to use our services
- information you provide when you apply for credit, including details about your, or your spouse’s, income and ﬁnancial obligations
- records of our discussions, if you contact us or we contact you (including records of phone calls)
- If you give us personal data about other people (such as a joint account holder, your spouse or family), or you ask us to share their personal data with third parties, you conﬁrm that you have brought this notice to their attention beforehand.
- We collect the following information from your use of our products and services.
- Whenever you use our website or the Bankata app, we collect the following information:
- technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, the browser type and version, the time zone setting, the operating system and platform, the type of device you use, a unique device identiﬁer (for example, your device’s IMEI number, the MAC address of the device’s wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system and the type of mobile browser you use
- information about your visit, including the links you’ve clicked on, through and from our website or app (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling and clicks), and methods used to browse away from the page
- information on transactions (for example, payments into and out of your account), including the date, time, amount, currencies, exchange rate, beneﬁciary details, details of the merchant or ATMs associated with the transaction (including merchants’ and ATMs’ locations), IP address of sender and receiver, sender’s and receiver’s name and registration information, messages sent or received, details of device used to arrange the payment and the payment method used
- information stored on your device, including if you give us access to contact information from your contacts list. The Bankata app will regularly collect this information in order to stay up to date (but only if you have given us permission)
- We collect information about your location only if you turn location services on in the Bankata app.
- We collect the following information from others
- Personal data from third parties or other people, such as credit reference agencies, ﬁnancial or credit institutions, oﬃcial registers and databases, as well as joint account holders, fraud prevention agencies and partners who help us to provide our services.
- This includes your credit record, information about late payments, information to help us check your identity, information about your spouse and family (if applicable in the context of an application for credit that you make) and information relating to your transactions.
- Personal data from accounts you hold with third party ﬁnancial institutions. If you apply for credit products, when you allow us, we may use this information for credit checks to improve your experience.
What is your legal basis for using my personal data?
We must have a valid legal reason for using your personal data. Our legal basis will be one, any or all of the following:
- Keeping to our contracts and agreements with you. We need certain personal data to provide our services and cannot provide them without this personal data.
- Legal obligations: in some cases, we have a legal responsibility to collect and store your personal data (for example, under anti-money laundering laws we must hold certain information about our customers).
- Legitimate interests: we collect and use your personal data because we have a legitimate reason to use it and this is reasonable when balanced against your human rights and freedoms.
- Consent: where you’ve agreed to us collecting your personal data, or sensitive personal data, for example when you tick a box to indicate you’re happy for us to use your personal data in a certain way.
We explain more about how we use your personal data in the How do you use my personal data? section below.
How do you use my personal data?
We use your personal data for the following reasons:
- Providing our services
- Whenever you sign up with Bankata, apply for or use a product or service, we’ll use your personal data to:
- check your identity, and the identity of joint account holders (as part of our KYC process)
- decide whether or not to approve your application
- meet our contractual and legal obligations relating to any products or services you use
- help you understand your spending behaviour, how you use linked bank accounts and to help you save money (for example, by providing you with product usage and spending insights)
- provide you with customer support services. We may record and monitor any communications between you and us, including phone calls, to maintain appropriate records, check your instructions, analyse, assess and improve our services, and for training and quality control purposes
- Protecting against fraud
- We use your personal data to check your identity to protect against fraud, keep to ﬁnancial crime laws and to conﬁrm that you’re eligible to use our services. We also use it to help us better understand your ﬁnancial circumstances and manage fraud risks related to your Bankata account.
- Marketing and providing products and services that might interest you
- to personalise your in-app experience and marketing messages about products and services you can apply for so they’re more relevant and interesting to you (where allowed by law). This may include analysing how you use your linked bank accounts and cards
- if you agree, provide you with information about our partners’ promotions or offers which we think you might be interested in
- if you agree, allow our partners and other organisations to provide you with information about their products or services
- measure or understand the effectiveness of our marketing and advertising, and provide relevant advertising to you
- ask your opinion about our products or services
- Remember, you can ask us to stop sending you marketing information by adjusting your marketing choices
- To keep our services up and running
- We use your personal data to manage our website and the Bankata app (including troubleshooting, data analysis, testing, research, statistical and survey purposes), and to make sure that content is presented in the most effective way for you and your device.
- We also use your personal data to:
- verify your identity if you contact our customer support or social media teams
- allow you to take part in interactive features of our services
- tell you about changes to our services
- help keep our website and the Bankata app safe and secure
- We use your data to help with social interactions our services, or to add extra functions in order to provide a better experience (for example, if you give us permission, we’ll use the contacts list on your phone so you can easily make payments to, or message, your contacts using the Bankata app).
- Providing location-based services such as:
- provide you with products and services
- provide relevant advertising to you (for example, information about nearby merchants)
- protect against fraud
- Preparing anonymous statistical datasets. We prepare anonymous statistical datasets about our customers’ spending patterns:
- for forecasting purposes
- to understand how customers use Bankata and improve our services
- to comply with governmental requirements and requests
- These datasets may be shared internally or externally with others, including non-Bankata companies. We produce these reports using information about you and other customers. The information used and shared in this way is never personal data and you will never be identiﬁable from it. Anonymous statistical data cannot be linked back to you as an individual.
- Improving our products and services
- We use your personal data to help us develop and improve our current products and services. This allows us to continue to provide products and services that our customers want to use.
- Meeting our legal obligations, enforcing our rights and other legal uses such as:
- to share it with other organisations (for example, government authorities, law enforcement authorities, tax authorities, fraud prevention agencies)
- if this is necessary to meet our legal or regulatory obligations
- to identify and support vulnerable customers by analysing your behaviour in the Bankata app, customer support communications and through transactions (for example, we will try to identify whether you are potentially vulnerable so we can provide you with enhanced support)
- in connection with legal claims
- to help detect or prevent crime
Do you make automated decisions about me?
Depending on the Bankata services you use, we may make automated decisions about you.
This means that we may use technology that can evaluate your personal circumstances and other factors to predict risks or outcomes. This is sometimes known as proﬁling. We do this for the eﬃcient running of our services and to ensure decisions are fair, consistent and based on the right information.
For example, we may make automated decisions about you that relate to:
- Suitability for credit products and affordability checks to see whether you are eligible for a credit product
Do you run credit checks on me?
We, and our lending partners, use credit reference agencies (or other providers of credit information in some countries) to run credit checks if you apply (or tell us you want to apply) for a credit product through Bankata.
When you give us access to other accounts you hold with other ﬁnancial institutions, through Open Banking, where you agree, we’ll use available information to carry out credit checks on you.
We’ll carry out additional credit checks on you from time to time to make sure that your ﬁnancial wellbeing hasn’t changed over the course of the year.
The personal data we receive from, credit reference agencies (or other providers of credit information) when you apply for a credit product through Bankata will vary depending on the country you live in. We’ll provide full details when you apply for a credit product through Bankata.
For details of credit information providers we engage with in each country, please check out our website
How do you use my personal data for marketing?
If you sign up to our services, and where national laws allow, we’ll assume you want us to contact you by post, push notiﬁcation, email and text message with information about Bankata & partners products, services, offers and promotions. Where national laws require us to get your consent to send marketing messages, we’ll do so in advance.
We use your personal data to personalise marketing messages about products and services so they are more relevant and interesting to you (where allowed by law). This may include analysing how you use our services and your transactions.
You can object to proﬁling for direct marketing purposes. You can also adjust your preferences or tell us you don’t want to hear from us at any time. Just use the privacy settings in the Bankata app or tap the unsubscribe links in any marketing message we send you.
If you do not want to receive personalised marketing messages, and opt out from receiving them, you will not receive any marketing communications. However, you may still receive generic information about our products and services in the Bankata app.
We won’t pass your details on to any organisations outside the Bankata for their marketing purposes without your permission.
What are my rights?
- You have the right to be told how we use your personal data
- We provide this privacy notice to explain how we use your personal data.
- If you ask, we’ll provide a copy of the personal data we hold about you. We can’t give you any personal data about other people, personal data which is linked to an ongoing criminal or fraud investigation, or personal data which is linked to settlement negotiations with you. We also won’t provide you with any communication we’ve had with our legal advisers.
- You can ask us to correct your personal data if you think it’s wrong
- You can have incomplete or inaccurate personal data corrected. Before we update your ﬁle, we may need to check the accuracy of the new personal data you have provided.
- You can ask us to delete your personal data if:
- there’s no good reason for us to continue using it
- you gave us consent (permission) to use your personal data and you have now withdrawn that consent
- you have objected to us using your personal data
- we have used your personal data unlawfully
- the law requires us to delete your personal data
- Just to let you know, we may not be able to agree to your request. As a regulated ﬁnancial services provider, we must keep certain customer personal data even when you ask us to delete it. If you’ve closed your Bankata account, we may not be able to delete your entire ﬁle because these regulatory responsibilities take priority. We’ll always let you know if we can’t delete your personal data.
- You can object to us processing your personal data for marketing purposes
- You can object to us processing other personal data (if we’re using it for legitimate interests)
- If our legal basis for using your personal data is ‘legitimate interests’ and you disagree with us using it, you can object.
- However, if there is an overriding reason why we need to use your personal data, we will not accept your request.
- If you object to us using personal data which we need in order to provide our services, we may need to close your account as we won’t be able to provide the services.
- You can ask us to restrict how we use your personal data in the following circumstances:
- you want us to investigate whether it’s accurate
- our use of your personal data is unlawful but you don’t want us to delete it
- we no longer need your personal data, but you want us to continue holding it for you in connection with a legal claim
- you have objected to us using your personal data (see above), but we need to check whether we have an overriding reason to use it.
- You can ask us to transfer personal data to you or another company and if we can, and are allowed to do so under regulatory requirements, we’ll provide your personal data in a structured, commonly used, machine-readable format.
- You can withdraw your permission at any time by changing your privacy settings in the Bankata app or sending an email to firstname.lastname@example.org
Your ability to exercise these rights will depend on a number of factors. Sometimes, we won’t be able to agree to your request (for example, if we have a legitimate reason for not doing so or the right does not apply to the particular information we hold about you).
How do I exercise my rights?
To exercise any of your rights set out in the previous section, you can contact us through the Bankata app or send us an email at email@example.com.
For security reasons, we can’t deal with your request if we’re not sure of your identity, so we may ask you for proof of ID.
If a third party exercises one of these rights on your behalf, we may need to ask for proof that they’ve been authorised to act on your behalf.
When you exercise one of your rights, or update your privacy settings in the Bankata app, it may take us up to one month to respond or implement your changes.
Bankata will usually not charge you a fee when you exercise your rights. However, we’re allowed by law to charge a reasonable fee or refuse to act on your request if it is manifestly unfounded or excessive.
Do you share my personal data with anyone else?
People or companies that you transfer money to
Where you make a payment through Bankata app, we’ll provide the recipient with your details alongside your payment (for example, your name and IBAN). This is because, like all payment institutions, we’re required by law to include certain information with payments.
- Suppliers who provide us with IT, payment and delivery services to help us provide our services to you
- Our banking and ﬁnancial services partners and payments networks to help us provide our services to you. This includes banking and lending partners, banking intermediaries and international payment service providers
- Analytics providers and search information providers to help us improve our website and app
- Customer-service providers, survey providers and developers to help us provide our services to you
Partners who help to provide our services
We may share your personal data with our partners to provide certain services you’ve asked us for (for example, when you apply for a loan or a insurance product).
We’ll only share your personal data in this way if you’ve asked for the relevant service or if it’s provided as part of our membership plans.
From time to time, we may work with other partners to offer you co-branded services or promotional offers, and we’ll share some of your personal data with those partners. We will always make sure you understand how we and our partners process your personal data for these purposes.
Credit reference agencies
As set out in the Do you run credit checks on me? section above, if you apply for a credit product, we’ll share your personal data with credit reference agencies to check whether you are eligible for the loan.
For legal reasons
We also share your personal data with other ﬁnancial institutions, government authorities, law enforcement authorities, tax authorities, companies and fraud prevention agencies to check your identity, protect against fraud, keep to tax laws, anti-money laundering laws, or any other laws and conﬁrm that you’re eligible to use our products and services.
If fraud is detected, you could be refused certain services by Bankata or other companies.
We may also need to share your personal data with other third party organisations or authorities:
- if we have to do so under any law or regulation
- if we sell our business
- in connection with criminal or fraud investigations
- to enforce our rights (and those of customers or others)
- in connection with legal claims.
Social media and advertising companies
When we use social media for marketing purposes, your personal data (limited to only your name, email address and app events) may be shared with the social media platforms so that they can check if you also hold an account with them. If you do, we may ask the advertising partner or social media provider to:
- use your personal data to send our adverts to you, because we think that you might be interested in a new Bankata product or service
- not send you our adverts, because the marketing relates to a service that you already use
- send our adverts to people who have a similar proﬁle to you (for example, if one of our services is particularly useful to people with similar interests to the ones on your social media proﬁle, we may ask our advertising partner or social media partner to send our adverts for that service to those people)
We may share your personal data with our advertising partners in the ways described above, but the personal data is hashed before we send it, and the social media platform we share it with is only allowed to use that hashed personal data in the ways described above.
Our legal basis is:
- legitimate interests (to ensure Bankata’s advertising is as effective as possible)
You can contact us at any time, either through the Bankata app or by emailing firstname.lastname@example.org, if you don’t want us to share your personal data for advertising purposes. You can also use the privacy settings in the Bankata app to opt out from having your personal data shared in this way.
Remember you can also manage your marketing preferences directly with any social media provider that you have an account with.
Where you ask us to share your personal data
Where you direct us to share your personal data with a third party, we may do so. For example, you may authorise third parties to act on your behalf (such as a lawyer, accountant or family member or guardian under a power of attorney). We may need to ask for proof that a third party has been validly authorised to act on your behalf.
Will my personal data go outside Europe?
As we provide an international service, we may need to transfer your personal data outside the European Economic Area (EEA) to help us provide our services.
For example, if you make an international payment, we’ll send funds to banks outside of the EEA. We might also send your personal data outside of the EEA to keep to global legal and regulatory requirements, and to provide ongoing support services.
We may send your personal data outside of the EEA to:
- keep to global legal and regulatory requirements
- provide ongoing support services
- credit reference agencies, fraud prevention agencies, law enforcement authorities
- enable us to provide you with products or services you have requested
- If we transfer your personal data to another country that doesn’t offer a standard of data protection equivalent to the EEA, we will make sure that your personal data is suﬃciently protected. For example, we’ll make sure that a contract with strict data protection safeguards is in place before we transfer your personal data. In some cases, you may be entitled to ask us for a copy of this contract.
If you would like more information, please contact us by sending an email to email@example.com.
How do you protect my personal data?
We recognise the importance of protecting and managing your personal data. Any personal data we process will be treated with the utmost care and security. This section sets out some of the security measures we have in place.
We use a variety of physical and technical measures to:
- keep your personal data safe
- prevent unauthorised access to your personal data
- make sure your personal data is not improperly used or disclosed
Electronic data and databases are stored on secure computer systems with control over access to information using both physical and electronic means. Our staff receives data protection and information security training. We have detailed security and data protection policies which staff are required to follow when they handle your personal data.
While we take all reasonable steps to ensure that your personal data will be kept secure from unauthorised access, we cannot guarantee it will be secure during transmission by you to our app, a website or other services.
If you use a password for the Bankata app or our website, you will need to keep this password conﬁdential. Please do not share it with anyone.
When you use our public services, which includes our social network accounts and the Bankata Community forum, do not share any personal data that you don’t want to be seen, collected or used by other customers, as this personal data will become publicly available.
How long will you keep my personal data for?
We’ll generally keep your personal data for six years after our business relationship with you ends, or such period as may be required by applicable local laws.
We’re required to keep your personal data for this long by anti-money laundering and e-money laws. We may keep your personal data for longer because of a potential or ongoing court claim, or for another legal reason.
How will you keep me updated about how you use my personal data?
If we change the way we use your personal data, we’ll update this notice and, if appropriate, let you know by email, through the Bankata app or through our website.
We also use pixels or web beacons in the direct marketing emails that we send to you. These pixels track whether our email was delivered and opened, and whether links within the email were clicked. They also allow us to collect information such as your IP address, browser, email client type and other similar details. We use this information to measure the performance of our email campaigns, and for analytics. You can control whether you receive direct marketing emails through the privacy settings in the Bankata app or by unsubscribing using the link in the email we’ve sent.