Privacy Policy

Updated on February 01, 2019
EBANX Limited (we or us) are committed to protecting and respecting your privacy.

Purpose of this policy

This policy applies to your use of our website at www.ebanx.uk (Website), the EBANX App (App)
once you have downloaded the App onto your mobile device, and any of the services accessible through
the App or Website (Services).
This policy sets out the basis on which any personal data we collect from you, or that you provide to us,
will be processed and used by us.
We are part of the EBANX group of companies (Group). If you are already our customer for other
services provided by companies within the Group, upon your request or express consent we may be able
to transfer your data from one company to the other for your convenience.

Controller

We are the data controller and responsible for your personal data and are registered with the Information
Commissioner’s Office (ICO) with reference number ZA274857.
If you would like further information about data protection you can visit the ICO at ico.org.uk. The ICO
is the UK’s independent authority set up to uphold information rights in the public interest and data
privacy for individuals. We comply with all ICO regulatory and statutory requirements. You have the
right to make a complaint to the ICO regarding the handling of your data.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in
relation to this policy. If you have any questions about this policy, including any requests to exercise
your legal rights, please contact our DPO via the App or at support@ebanx.uk.

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed
if your personal data changes during your relationship with us.
Please read the following carefully to understand our views and practices regarding your personal data
and how we will treat it. By visiting our Website and using our Services you are accepting and
consenting to the practices described in this policy.

Third-party links

The Website may include links to third-party websites, plug-ins and applications. Clicking on those
links or enabling those connections may allow third parties to collect or share data about you. We do not
control these third-party websites and are not responsible for their privacy statements. When you leave
our website, we encourage you to read the privacy policy of every website you visit.

Information we collect from you

Personal data, or personal information, means any information about an individual from which that
person can be identified. It does not include data where the identity has been removed (anonymous
data).
We may collect, use, store and transfer different kinds of personal data about you which we have
grouped together follows:

  • Identify Data includes information about your identity such as name, address, date of birth,
    username or similar identifier, title, gender.
  • Contact Data includes where you live and how to contact you including: address, email address
    and telephone numbers.
  • Financial Data includes information about your financial position, status and history, and
    payment account details (can include bank, credit, payment and electronic money accounts).
  • Transaction Data includes details about payments to and from your accounts with us.
  • Technical Data includes details about the devices and technology you use including internet
    protocol (IP) address, your login data, browser type and version, time zone setting and location,
    browser plug-in types and versions, operating system and platform and other technology on the
    devices you use to access our website or services.
  • Profile Data includes your username and password, purchases made by you, your interests,
    preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us
    and our third parties and your communication preferences.
  • We also collect, use and share Aggregated Data such as statistical or demographic data for any
    purpose. Aggregated Data may be derived from your personal data but is not considered personal
    data in law as this data does not directly or indirectly reveal your identity. For example, we may
    aggregate your Usage Data to calculate the percentage of users accessing a specific website
    feature. However, if we combine or connect Aggregated Data with your personal data so that it
    can directly or indirectly identify you, we treat the combined data as personal data which will be
    used in accordance with this privacy policy.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and if
you fail to provide that data when requested, we may not be able to perform the contract we have or are
trying to enter into with you (for example, to provide you with goods or services). In this case, we may
have to cancel a product or service you have with us but we will notify you if this is the case at the time.

How your personal data is collected

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms on
the App and/or the Website or by corresponding with us by post, phone, email or otherwise. This
includes personal data you provide when you:

  • apply for Services;
  • create an account on our Website or App;
  • subscribe to our service or publications;
  • request marketing to be sent to you;
  • enter a competition, promotion or survey; or
  • give us some feedback.

Automated technologies or interactions. As you interact with our Website, we may automatically
collect Technical Data about your equipment, browsing actions and patterns. We collect this personal
data by using cookies, server logs and other similar technologies.

Your use of our Services. The data we collect when you use our Services (such as making transactions,
viewing your account details or using any part of our Website) includes:

  • Transaction Data;
  • Profile Data;
  • Usage Data; and
  • Technical Data as outlined above.

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

  • Companies that introduce you to us;
  • Government and law enforcement agencies; and
  • Agents working on our behalf including fraud prevention agencies, analytics providers,
    advertisers.

How we use your data

We will only use your personal data when the law allows us to. Most commonly, we will use your
personal data in the following circumstances:

  • Where you consent to it;
  • Where we need to perform the contract we are about to enter into or have entered into with you;
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and
    fundamental rights do not override those interests; and
  • Where we need to comply with a legal or regulatory obligation.

Generally we do not rely on consent as a legal basis for processing your personal data other than in
relation to sending third party direct marketing communications to you via email or text message. You
have the right to withdraw consent to marketing at any time by contacting us.

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data,
and which of the legal bases we rely on to do so. We have also identified what our legitimate interests
are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific
purpose for which we are using your data. Please contact us if you need details about the specific legal
ground we are relying on to process your personal data where more than one ground has been set out in
the table below.

Purpose/Activity Type of Data Lawful basis for processing
including basis of legitimate interest
To register you as a new customer, to
verify your identity, to open an account,
provide services to you and manage our
relationship with you (e.g. inform you
of changes and correspond with you)
To enable you to use your account to
make and receive payment transactions.
Identity, Contact,
Financial,Transact
ion, Marketing
and
Communications
Performance of a contract with you.
Necessary to comply with a legal
obligation.
Necessary for our legitimate interests
(e.g. risk management and fraud
prevention).
Consent.
To administer and protect our business,
your account and our website, to
improve our website and
products/services (including
troubleshooting, data analysis, testing,
system maintenance, support, security,
reporting, complying with our
regulatory obligations and hosting of
data)
Identity, Contact,
Technical,
Transaction,Usage
Necessary for our legitimate interests
(for running our business, provision of
administration and IT services,
network security, to prevent fraud and
in the context of a business
reorganisation or group restructuring
exercise).
Necessary to comply with a legal
obligation.
To manage our relationship with you
which will include notifying you about
changes to our terms or privacy policy
Identity, Contact,
Profile, Marketing
and
Communications
Performance of a contract with you.
Necessary to comply with a legal
obligation.
Necessary for our legitimate interests
(to keep our records updated and to
study how customers use our
products/services).
To give you, or allow selected third
parties to give you, information about
goods and services we think you may
be interested in.
Identity, Contact,
Profile, Usage,
Marketing and
Communication,
Technical.
Consent
Necessary for our legitimate interests
(to study how customers use our
products/services, to develop them, to
grow our business,to inform our
marketing strategy to develop new
products/services and grow our
business).
To deliver relevant Website content and
advertisements to you and measure or
understand the effectiveness of the
advertising we serve to you.
Identity, Contact,
Profile, Usage,
Marketing and
Communications,
Technical
Necessary for our legitimate interests
(to study how customers use our
products/services, to develop them, to
grow our business and to inform our
marketing strategy).
To use data analytics to improve our
Services, marketing, customer
relationships and experiences.
Identity, Contact,
Technical Usage,
Profile
Necessary for our legitimate interests
(to develop our products/services and
grow our business).

Automated decision making

We may process your personal data without human intervention to evaluate your personal situation such
as transactional history and account opening anniversary events. We may do this to decide what
marketing communications are suitable for you, to analyse statistics and to assess risks.
This is all done on the basis of our legitimate interests, to protect our business, and to develop and
improve our products and services. If we use automated decision making including profiling activity to
assess your application, this will be performed on the basis of it being necessary to perform the contract.

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around
marketing and advertising.

Promotional offers from us

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think
you may want or need, or what may be of interest to you. This is how we decide which products,
services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or
purchased services from us and, in each case, you have not opted out of receiving that marketing.

Third-party marketing

We will get your express opt-in consent before we share your personal data with any company outside
our group of companies for marketing purposes.

Opting out

You can ask us or third parties to stop sending you marketing messages at any time by following the
opt-out links on any marketing message sent to you or by contacting us at any time.

Cookies

We use cookies to distinguish you from other users of the Site. This helps us to provide you with a good
experience when you use our Site and also allows us to improve the App and our Site. For detailed
information on the cookies we use and the purposes for which we use them, see our cookie policy.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably
consider that we need to use it for another reason and that reason is compatible with the original
purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible
with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the
legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance
with the above rules, where this is required or permitted by law.

Who may disclose your information

  • Any member of our Group which means our subsidiaries, our ultimate holding company and its
    subsidiaries as reasonably necessary for the purposes, and on the legal bases, detailed in this
    policy;
  • Our agents, advisors and business partners who we use to help manage your accounts and
    services, improve services and resolve issues such as legal disputes;
  • HM Revenue & Customs, regulators and other authorities;
  • Fraud prevention and credit reference agencies for the purpose of verifying your identity and
    ensuring the security of your account;
  • Any party linked with you or your business’s products or services;
  • Organisations that introduce you to us;
  • Organisations we introduce you to for marketing purposes;
  • Analytics and search engine providers that assist us in the improvement and optimisation of our
    website;
  • Card scheme providers such as Visa, MasterCard, Maestro where the card scheme rules require us
    to do so or to any regulatory body as required under any applicable law or regulations;
  • Any insurance company for the purposes of insuring risk; and
  • Other entities where we are obliged to by law or to law enforcement agencies for the purposes of
    registration of fraud or suspected fraud or where we have your consent.
  • You agree that we can and will disclose your personal information to third parties:
  • In the event that we sell or buy any business or assets, in which case we will disclose your
    personal data to the prospective seller or buyer of such business or assets;
  • If substantially all of our assets are acquired by a third party, in which case personal data held by it
    about its customers will be one of the transferred assets;
  • If we are under a duty to disclose or share your personal data in order to comply with any legal
    obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the
    rights, property, or safety of us, our customers, or others. This includes exchanging information
    with other companies and organisations for the purposes of fraud protection and credit risk
    reduction.

In addition to the disclosures detailed in this section, we may also disclose your personal information
where it is necessary to do so: for compliance with a legal obligation; in order to protect the vital
interests of you or another natural person; and for the establishment, exercise or defence of legal claims.
We require all third parties to respect the security of your personal data and to treat it in accordance with
the law. We do not allow our third-party service providers to use your personal data for their own
purposes and only permit them to process your personal data for specified purposes and in accordance
with our instructions.

International transfers

Your personal data may be transferred outside the UK and the European Economic Area. If these
countries do not have adequate protections for personal data under applicable laws we will take all
necessary steps to safeguard your personal data.

Data security

We have put in place appropriate security measures to prevent your personal data from being
accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit
access to your personal data to those employees, agents, contractors and other third parties who have a
business need to know. They will only process your personal data on our instructions and they are
subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you
and any applicable regulator of a breach where we are legally required to do so.
The transmission of information via the internet is not completely secure and although we will do our
best to protect your personal data, we cannot guarantee the security of your data transmitted to our App
or the Website; any transmission is at your own risk. Once we have received your information, we will
use strict procedures and security features to try to prevent unauthorised access: we are PCI-DSS
certified and have a Certificate of Assurance by Cyber Essentials.

Keeping and deleting your data

We will retain your data whether you become a customer or not for:

  • As long as necessary to deal with your query
  • As long as you might legally bring a claim against us
  • After your account has been closed or otherwise come to an end based on our legal and regulatory
    requirements

Your rights under the GDPR

  • The right to be informed
  • The right of access
  • The right of rectification
  • The right of erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

Please contact us if you would like to exercise any of these rights.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your
right to access your personal data (or to exercise any of your other rights). This is a security measure to
ensure that personal data is not disclosed to any person who has no right to receive it. We may also
contact you to ask you for further information in relation to your request to speed up our response.

Changes to our privacy policy

Any changes we make to our privacy policy in the future will be posted on this page and, where
appropriate, notified to you by email. Please check back frequently to see any updates or changes to our
privacy policy.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed
to our support team via the App or the Website.