Unbanx Data Protection Notice

Effective Date: 30/06/2022

Last Reviewed: 05/09/2022

Who We Are

Unbanx LLC is a company limited by shares and registered in the Republic of Ireland.

Contact Us

You can contact us at our main business address: 14 Woodstown Lane, Knocklyon, Dublin 16, D16NH30.

Our Data Protection Officer can be contacted via hello@unbanx.me

Our Values

We believe in a fair digital economy, and we want to ensure that our customers are rewarded for the value they create from the data they create by doing their day-to-day banking.

We are also aware that data needs to be handled securely and transparently. We believe you should have control over your data and should have the choice about who has access to your data or who you consent to view the data.

As part of our ethos of continuous improvement, this Privacy Policy and any associated policies or procedures may be changed in the future. If we make changes, we will provide notice of any proposed changes via email and/or a prominent notice on our service before they come into effect.

What We Do

The mission of Unbanx is to ensure that our customers are rewarded for the value they create from their day-to-day banking data.

How Do We Obtain Your Personal Data?

When you use our products or services and apps, we collect information about you. This information can be manually entered by you or be collected automatically from your smartphone. Other information comes from third parties, such as your bank.

Summary:

We obtain your personal data in one or more of the following ways:

• You directly provide it to us by manually inputting it into one of our apps (example: your name, mobile number and when you connect your bank account to the Unbanx application) or when you enquire with us about our products and services.

• You authorise a third party to provide it to us (example: Nordigen to collect your banking data using PSD2 open standards.)

• We automatically record it from your smartphone, when you use our products or services, including usage data.

Categories of Personal Data We Process

The specific types of personal data we process about you may vary depending on the specific product or service you are using. Examples or descriptions of categories of data provided here are not exhaustive and are for information purposes. Supplemental information will be provided to users for specific contexts where necessary.

Identity Information

• First Name

• Last Name

• Email address

• Gender

• Year of Birth

Directly Provided

Employment Data

• Employment status

• Income range

• Industry of employment

Directly Provided

Banking Data

• Credit cards

• Debit Cards

• Bank account details

Nordigen

Transaction id

• Unique identifier of the transaction in a request. It may change between requests

Nordigen

Time Stamp

• Date the transaction was posted on the account

Nordigen

Transaction Type

• Type of the transaction

Nordigen

Transaction category

• Category of the transaction

Nordigen

Transaction Classification

• Classification of the transaction (array can be empty if classification has not been successfully assigned)

Nordigen

Merchant name

• Optional (if merchant has been identified) name of the Merchant

Nordigen

Description

• Original description of the transaction as reported by the Provider

Nordigen

Currency

• Alpha -3 Currency code

Nordigen

Technical Data[This is indirectly personal data as it can be associated to your device]

• Device type

• Features used in application

• Logs of date/time of interaction

• Details of app crashes or failures

Automatically Recorded

Meta

• A collection of additional Provider specific transaction metadata

Nordigen

How Do We Use Your Data (and our Legal Basis for Processing)

Categories of Data Processors

Unbanx makes use of several different categories of data processor to help us deliver our services.

• IT Service Providers

  Unbanx uses a range of IT service providers to host our systems, develop and maintain software, and support our internal information management processes.

• Accounting, and Finance Service Providers

  We avail of the services of a number of third parties to support our accounting and payments management processes.

• Data Protection Officer Services

  Unbanx has engaged the services of an outsourced Data Protection Officer to support our compliance obligations.

Categories of Recipients

Unbanx may provide personal data to the following categories of recipient:

• Data buyers on the Unbanx Marketplace.

• To law enforcement agencies or regulatory authorities on receipt of a valid court order or where expressly required under legislation and only to the extent required by law.

• In the event of a corporate sale, merger, reorganisation, sale of assets, dissolution, or other business-related event, your information may be transferred as part of the assets of Unbanx.

How Long Do We Keep Your Data?

Unbanx retains identifiable data for the duration of your use of our service or use of the application plus any retention period that may be defined by:

• Legal requirements set out in legislation or regulatory guidance in jurisdictions in which our services are provided.

• Periods that are reasonably necessary for business and legal purposes.

We will also keep data which cannot directly or indirectly identify living individuals for analytics and research purposes to help improve our products and services.

Cross-border Data Transfers

Third party service providers contracted by Unbanx hold personal data in secure data centres inside the EEA. Where data is transferred outside the EU/EEA, such transfers are carried out on the basis of either:

• Standard Contractual Clauses, or

• An adequacy decision of the European Commission.

In addition, the provision of data on Streamer network nodes may necessitate transfer of your personal data to Switzerland or other jurisdictions outside the EU/EEA with different data protection regimes to that which applies in Ireland or the EU.

We regularly review our providers and the basis for any transfers of personal data outside the EEA.

Keeping Your Data Safe and Secure

We place great importance on the security of all personal data associated with our customers. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control.

Periodic reviews of our security standards are carried out and our software development process has a checkpoint to identify and new risks when we define / develop new features.

However, with any electronic transmission and storage of data comes risks and we cannot guarantee that our databases, or those of our third-party affiliates, will be 100% secure. There is also a risk of data being intercepted while being transferred over the internet.

In the event of a breach of data security, Unbanx will:

• Where we are acting as a Data Controller, we will notify without undue delay the relevant Supervisory Authority where we identify that there is a risk to the fundamental rights and freedoms of people using our applications or services.

• Where we are acting as a Data Controller and we identify a high risk to your rights and freedoms we will notify you of the incident without undue delay.

Automated Decision Making and Profiling

The operation of the Unbanx application requires the processing of data for profiling to identify usage patterns and ensure usage information is available.

Profiling and analytics is carried on the basis of your explicit consent and is necessary for the performance of our your contract with us.

No decisions are taken based solely on automated decision making which would have a legal or equally significant impact on a user as the data is used for creating insights on use of Unbanx.

Your Rights under GDPR

Where Unbanx is acting as a Data Controller, you have rights under EU Data Protection law. These rights are:

• A right of access which allows you to request a copy of your data in an intelligible form (Article 15 GDPR)

• A right of rectification which allows you to request a correction of errors or inaccuracies in the data that we hold relating to you (Article 16 GDPR)

• A right to object to processing and to “opt-out” of having your data processed by us on the basis of consent, our legitimate interests or a public interest basis unless we can demonstrate compelling legitimate grounds that over-ride your interests, rights, and freedoms. (Article 21 GDPR)

• A right to erasure in certain specified circumstances. This right does not apply where we are processing data for compliance with a legal obligation, for reasons of public interest in relation to public health, for archiving purposes for historical or scientific research, or where necessary to establish or defend legal claims (Article 17)

• A right to restrict processing in certain circumstances (Article 18)

• Under GDPR individuals also have rights to seek compensation for infringement of their data protection rights under the legislation.

Right to Complain to the Data Protection Commission

You have the right to file a complaint to the Data Protection Commission.

Their contact information can be found online at this link: https://dataprotection.ie/en/contact/how-contact-us

​

Survey Serving Technology

This app uses Pollfish SDK. Pollfish is an on-line survey platform, through which, anyone may conduct surveys. Pollfish collaborates with Publishers of applications for smartphones in order to have access to users of such applications and address survey questionnaires to them. When a user connects to this app, a specific set of user's device data (including Advertising ID, Device ID, other available electronic identifiers and further response meta-data is automatically sent, via our app, to Pollfish servers, in order for Pollfish to discern whether the user is eligible for a survey. For a full list of data received by Pollfish through this app, please read carefully the Pollfish respondent terms located at https://www.pollfish.com/terms/respondent. These data will be associated with your answers to the questionnaires whenever Pollfish sends such questionnaires to eligible users. Pollfish may share such data with third parties, clients and business partners, for commercial purposes. By downloading the application, you accept this privacy policy document and you hereby give your consent for the processing by Pollfish of the aforementioned data. Furthermore, you are informed that you may disable Pollfish operation at any time by visiting the following link https://www.pollfish.com/respondent/opt-out. We once more invite you to check the Pollfish respondent's terms of use, if you wish to have more detailed view of the way Pollfish works and with whom Pollfish may further share your data.

​

​