GDPR at Bankin'

At Bankin', security and transparency are our top priorities. The General Data Protection Regulation is therefore very good news, especially for you!

Simply put, this regulation states that each user owns his/her data and may ask for it at anytime. The GDPR aims primarily at giving a simplified access to users to their personal data and to simplify the regulatory environment for international business by unifying the regulation within the European Union.

We have anticipated it and are already compliant.

Which data are affected by the GDPR?

• This regulation only applies to personal data defined as "any information relating to an identified or identifiable person". For instance, it can be a name, an email address, an IP address or bank credentials.
  
  All data is collected in compliance with the current regulations (we are regulated by the French Prudential Supervisory Authority (ACPR) and have done the required declarations before May 25th, 2018 to the Commission on Informatics and Liberty (CNIL).

For what purpose do we collect personal data?

• This data allows us to provide the service offered by Bankin', such as banks' accounts synchronizations, the display of your transactions, balances and Coach’s advice tailored to your situation.
  
  As a payment institution, Bankin' must comply with the AML/CFT measures. These obligations are on European and French levels (PSD2,  French Monetary and Financial Code).
  
  We always seek to provide the most accurate advice in the interest of each of our users.

What is the retention period of personal data?

• We store personal data as long as you're using the service.
  
  Now that we are a payment institution, approved by the French Prudential Control and Resolution Authority (ACPR), some personal data must be kept for 5 years after the end of the contract (deletion of a Bankin' account) to comply with our obligations to the AML/CFT measures.
  
  The data remains accessible to authorized persons only to search for data and solely when a judicial or administrative authority makes a request to access this data.

What is the process of securing personal data?

• Bankin' is approved by the French Prudential Control and Resolution Authority (ACPR) and applies the same security standards as the largest international banks.
  
  More information about our security policy can be found here.

Does Bankin' sell personal data?

• We do not sell your data: we build a virtuous business model for you and for us. When we identify opportunities for you (mortgage renegotiation, savings on bank fees, etc), we suggest a partner to help you achieve your project. We work with partners who respect our values: they focus on your goal, they are mobile oriented and offer great products and services.
  
  We make sure that our partners respect the GDPR regulation. Most of our partners are located in the European Union, and for those who are located in Canada and in the United States, we make sure they are compliant with the Privacy Shield, or that they signed protection of personal data standards (in order to be in agreement with the GDPR).

How to get your data?

• If you want us to send you your data, just make the request by email. Then, we will send you a file (in CSV format), strictly personal and confidential, with all of your data.
  
  You will find more details on the treatment of your personal data in the Terms of Use here.