Unbanx Data Protection Notice
Effective Date: 30/06/2022
Last Reviewed: 05/09/2022
Who We Are
Unbanx LLC is a company limited by shares and registered in the Republic of Ireland.
You can contact us at our main business address: 14 Woodstown Lane, Knocklyon, Dublin 16, D16NH30.
Our Data Protection Officer can be contacted via email@example.com
We believe in a fair digital economy, and we want to ensure that our customers are rewarded for the value they create from the data they create by doing their day-to-day banking.
We are also aware that data needs to be handled securely and transparently. We believe you should have control over your data and should have the choice about who has access to your data or who you consent to view the data.
What We Do
The mission of Unbanx is to ensure that our customers are rewarded for the value they create from their day-to-day banking data.
How Do We Obtain Your Personal Data?
When you use our products or services and apps, we collect information about you. This information can be manually entered by you or be collected automatically from your smartphone. Other information comes from third parties, such as your bank.
We obtain your personal data in one or more of the following ways:
You directly provide it to us by manually inputting it into one of our apps (example: your name, mobile number and when you connect your bank account to the Unbanx application) or when you enquire with us about our products and services.
You authorise a third party to provide it to us (example: Nordigen to collect your banking data using PSD2 open standards.)
We automatically record it from your smartphone, when you use our products or services, including usage data.
Categories of Personal Data We Process
The specific types of personal data we process about you may vary depending on the specific product or service you are using. Examples or descriptions of categories of data provided here are not exhaustive and are for information purposes. Supplemental information will be provided to users for specific contexts where necessary.
• First Name
• Last Name
• Email address
• Year of Birth
• Employment status
• Income range
• Industry of employment
• Credit cards
• Debit Cards
• Bank account details
• Unique identifier of the transaction in a request. It may change between requests
• Date the transaction was posted on the account
• Type of the transaction
• Category of the transaction
• Classification of the transaction (array can be empty if classification has not been successfully assigned)
• Optional (if merchant has been identified) name of the Merchant
• Original description of the transaction as reported by the Provider
• Alpha -3 Currency code
Technical Data[This is indirectly personal data as it can be associated to your device]
• Device type
• Features used in application
• Logs of date/time of interaction
• Details of app crashes or failures
• A collection of additional Provider specific transaction metadata
How Do We Use Your Data (and our Legal Basis for Processing)
Categories of Data Processors
Unbanx makes use of several different categories of data processor to help us deliver our services.
IT Service Providers
Unbanx uses a range of IT service providers to host our systems, develop and maintain software, and support our internal information management processes.
Accounting, and Finance Service Providers
We avail of the services of a number of third parties to support our accounting and payments management processes.
Data Protection Officer Services
Unbanx has engaged the services of an outsourced Data Protection Officer to support our compliance obligations.
Categories of Recipients
Unbanx may provide personal data to the following categories of recipient:
Data buyers on the Unbanx Marketplace.
To law enforcement agencies or regulatory authorities on receipt of a valid court order or where expressly required under legislation and only to the extent required by law.
In the event of a corporate sale, merger, reorganisation, sale of assets, dissolution, or other business-related event, your information may be transferred as part of the assets of Unbanx.
How Long Do We Keep Your Data?
Unbanx retains identifiable data for the duration of your use of our service or use of the application plus any retention period that may be defined by:
Legal requirements set out in legislation or regulatory guidance in jurisdictions in which our services are provided.
Periods that are reasonably necessary for business and legal purposes.
We will also keep data which cannot directly or indirectly identify living individuals for analytics and research purposes to help improve our products and services.
Cross-border Data Transfers
Third party service providers contracted by Unbanx hold personal data in secure data centres inside the EEA. Where data is transferred outside the EU/EEA, such transfers are carried out on the basis of either:
Standard Contractual Clauses, or
An adequacy decision of the European Commission.
In addition, the provision of data on Streamer network nodes may necessitate transfer of your personal data to Switzerland or other jurisdictions outside the EU/EEA with different data protection regimes to that which applies in Ireland or the EU.
We regularly review our providers and the basis for any transfers of personal data outside the EEA.
Keeping Your Data Safe and Secure
We place great importance on the security of all personal data associated with our customers. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control.
Periodic reviews of our security standards are carried out and our software development process has a checkpoint to identify and new risks when we define / develop new features.
However, with any electronic transmission and storage of data comes risks and we cannot guarantee that our databases, or those of our third-party affiliates, will be 100% secure. There is also a risk of data being intercepted while being transferred over the internet.
In the event of a breach of data security, Unbanx will:
Where we are acting as a Data Controller, we will notify without undue delay the relevant Supervisory Authority where we identify that there is a risk to the fundamental rights and freedoms of people using our applications or services.
Where we are acting as a Data Controller and we identify a high risk to your rights and freedoms we will notify you of the incident without undue delay.
Automated Decision Making and Profiling
The operation of the Unbanx application requires the processing of data for profiling to identify usage patterns and ensure usage information is available.
Profiling and analytics is carried on the basis of your explicit consent and is necessary for the performance of our your contract with us.
No decisions are taken based solely on automated decision making which would have a legal or equally significant impact on a user as the data is used for creating insights on use of Unbanx.
Your Rights under GDPR
Where Unbanx is acting as a Data Controller, you have rights under EU Data Protection law. These rights are:
A right of access which allows you to request a copy of your data in an intelligible form (Article 15 GDPR)
A right of rectification which allows you to request a correction of errors or inaccuracies in the data that we hold relating to you (Article 16 GDPR)
A right to object to processing and to “opt-out” of having your data processed by us on the basis of consent, our legitimate interests or a public interest basis unless we can demonstrate compelling legitimate grounds that over-ride your interests, rights, and freedoms. (Article 21 GDPR)
A right to erasure in certain specified circumstances. This right does not apply where we are processing data for compliance with a legal obligation, for reasons of public interest in relation to public health, for archiving purposes for historical or scientific research, or where necessary to establish or defend legal claims (Article 17)
A right to restrict processing in certain circumstances (Article 18)
Under GDPR individuals also have rights to seek compensation for infringement of their data protection rights under the legislation.
Right to Complain to the Data Protection Commission
You have the right to file a complaint to the Data Protection Commission.
Their contact information can be found online at this link: https://dataprotection.ie/en/contact/how-contact-us
Survey Serving Technology