Home

Privacy Policy for fino Account Information and Payment Initiation Service

Dated: 19 Nov 2020

TrueLayer is partnering with fino run GmbH (“fino”) to ensure that account information services or payment initiation services will continue to be provided once the Brexit transition period ends - please see here for more details.

Under our partnership, fino will be providing you with account information services or payment initiation services. How fino will collect, store, process and protect your personal data in relation to these services is described in, and subject to, fino’s Privacy Policy as set out below. fino will then use TrueLayer’s technology services to access information at your EU bank accounts or to initiate payments from those accounts, so TrueLayer will be processing personal data on behalf of fino in relation to these services.

These services will also be subject to fino’s terms and conditions, which you can find here.

If you have any questions regarding fino’s Privacy Policy, you may contact fino using the contact details set out below under Questions and Contact Information.

Overview

The privacy and security of your data is of paramount importance to all of us at fino. Please read this Privacy Policy carefully before using our services.

fino run GmbH (Universitätsplatz 12, 34127 Kassel, Germany) is responsible for the provision of account information services (“AIS”) and payment initiation services (“PIS”). fino outsources certain parts of the provision of these services to TrueLayer Limited (“TrueLayer”), with company number 10278251, based at 1 Hardwick Street, London, EC1R 4RB. TrueLayer will be processing your data in connection with fino’s AIS and PIS services – further details of this are set out below.

In this Privacy Policy, fino will be referred to as ‘we’, ‘us’, or ‘our’. Additionally, there are references to “You” and “Your”. In these instances, “You” may be a customer that is an individual, or an employee of a corporate customer (in each case, a “Customer”), or a user of our Customer’s products or services (“End- User”).

This Privacy Policy explains how we collect, store, process and protect your personal data for the services listed below (together, the “Services”).

You should read this notice, so that you know what we are doing with your personal data. Please also read our service terms and conditions if you are an End-User (the “End-User Terms and Conditions”, a copy of which can be found here, in addition to any other privacy notices and documentation that we give you that might apply to our use of your personal data in specific circumstances in the future.

Personal Data

The personal data we collect about you and how we use itWhat type of personal data are we using?Purpose of ProcessingWhat lawful basis do we rely on to use your personal data?
If you are an End-User of our AIS ServiceAny Personal Data that is contained in the account information that you have given us your explicit consent to access in accordance with the End-User Terms and Conditions. To deliver our Services to you and/or your Provider and to improve our Services and AIS ToolIt is necessary for our legitimate interest in ensuring that we can provide you and your Provider with the Services and to continuously improve our Services
If you are an End-User of our PIS Service Any Personal Data that you give to us, for example your name, email address, username, login data and any payment reference that you supply. To deliver our Services to you and/or your Provider and to improve our Services and PIS Tool It is necessary for our legitimate interest in ensuring that we can provide you and your Provider with the Services and to allow us to continuously improve our Services
If you are an End-User of any of our products Your name, address and any photo identification. Such personal data may include any criminal background information. To conduct any due diligence that we are required to do in order for you to receive our Services To comply with our legal obligations (including regulatory requirements that we are under)
Your username, email and account information, supplied to us by your Provider To debug any issues you have when you access our Services and to improve our automated processes for retrieving data. It is necessary for our legitimate interest in ensuring that we can provide you and your Provider with the Services and to allow us to continuously improve our Services
Any Personal Data that is contained in the account information that you have given us your explicit consent to access in accordance with the End-User Terms and Conditions. To anonymise or pseudonymise the Personal Data in order for it to be used to improve our Services, to be part of a market study or analytics by us or a third party. It is necessary for our legitimate interest in ensuring that we are able to continuously improve and develop our Services and enhance the experience of you and your Provider

How we collect your Personal Data

If you are an End-User

If you are an End-User, the provider of the application through which you access our Services (your “Provider”) will direct you to use our Services which will include the following:

  • If you are an End-User using our AIS Service, through a software tool provided by TrueLayer (the “ AIS Tool ”) which you can use to transmit information (including Personal Data) relating to payment accounts (“Account Information”) that you hold with Account Servicing Payment Service Providers (i.e. any payment service provider, such as a bank or a credit card issuer that maintains an online payment account on your behalf) (“ASPSPs”) to you and your Provider, in accordance with the End- User Terms and Conditions. When you use the AIS Tool, we will collect and process the Personal Data contained in the Account Information retrieved from your ASPSP. We may also collect and process Personal Data provided to us by your Provider.

  • If you are an End-User using our PIS Service, through a software tool provided by TrueLayer (the “PIS Tool”) which you can use to consent to and authorise a payment as specified by your Provider; this may require that your ASPSP sends us your bank account details When you use the PIS Tool, we will collect and process the Personal Data that you provide to us (e.g. any Personal Data you include in the payment reference) in order for us to provide the PIS Tool. We may also collect and process Personal Data contained in your bank or payment account details shared with us by your ASPSP.

  • The Tools may merge or aggregate Account Information retrieved from a particular ASPSP with Account Information retrieved from other ASPSPs where you have consented to us accessing and transmitting such information. The Tools may use your Account Information for profiling purposes or store your Account Information if this forms part of the Services we are delivering to your Provider, for example, if it is necessary for the functioning of your Provider’s app.

  • Through email when you communicate with us.

How long we keep your Personal Data

We will not keep your Personal Data for any longer than we think is necessary. When deciding how long to keep your Personal Data, we consider factors including:

  • our contractual obligations and rights in relation to the Personal Data involved (including the End- User Terms and Conditions);

  • legal obligation(s) under applicable law to retain data for a certain period of time;

  • whether we relied on your consent to use the Personal Data, but you have since withdrawn your consent;

  • statute of limitations under applicable law(s);

  • our legitimate interests where we have carried out balancing tests;

  • fraud and risk management;

  • (potential) disputes; and

  • guidelines issued by relevant data protection authorities.

Sharing of your Personal Data

By using our Services as an End-User, we share your Personal Data with TrueLayer who will be acting on our behalf as a data processor in relation to that Personal Data, using your Personal Data for specified purposes in connection with our Services and in accordance with our instructions.

If you are an End-User or a Customer, we may also have to share your Personal Data:

  • if we reasonably consider that we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation;

  • we need to enforce or apply our End-User Terms and Conditions and other agreements;

  • to protect the rights, property, or safety of fino, our customers, or others;

  • if we have to do so to fulfil our legal obligations;

  • in addition to TrueLayer, with other partners or suppliers who process Personal Data on our behalf (such as our professional advisers, payment schemes, auditors or IT suppliers) - we take the security and protection of your Personal Data seriously and only allow such suppliers to use your Personal Data for specified purposes and in accordance with our instructions;

  • with third parties to whom we may sell, transfer or merge parts of our business or assets. If a change like this happens to our business, the new owners may use your Personal Data in the same way as set out in this Privacy Policy; and/or

  • to another company in our group, if this is necessary to ensure continuity in the provision of Services to you or to reflect any business reorganisation or expansion that we may engage in from time to time.

International transfers of your Personal Data

The data that we collect from you will generally speaking not be transferred to or stored outside the European Economic Area ("EEA"). We will take reasonable steps to ensure that your Account Information (including any Personal Data) is handled securely and in accordance with this Privacy Policy.

However, whenever we do transfer your Personal Data out of the EEA, we will only do so if:

  • it is to a country that has been deemed to provide an adequate level of protection for Personal Data by the European Commission; or

  • we have entered into a standard contractual clause approved by the European Commission, which give Personal Data the same protection it has in the EEA, with the recipient of the data.

Please contact us if you want further information on how we ensure adequate protection for any Personal Data transferred out of the EEA.

Cookies

When you browse the Site, we automatically receive your computer’s internet protocol (IP) address. We collect data about how you interact with our website through the use of cookies. A cookie is a small file of text that is stored on your browser or the hard drive of your computer.

Our Site uses cookies to distinguish you from other users of our website. It helps us to remember your preferences. When you visit our Site, Cookies allow us to keep track of how many times you’ve visited us, how long you’ve visited us for and what you’ve done whilst you’ve been on our Site.

We use cookies to enhance your online experience of our Site and to better understand how our Site is used. Cookies help to ensure that what you see online is more relevant to you and your interests, based on information you’ve previously entered on our Site.

Cookies never store any of your banking details.

We use the following types of cookies:

  • Strictly necessary cookies, that are required for the operation of our Site. These include cookies that tell us if you’ve consented to the placement of functionality or analytical /performance cookies, let you log into secure areas of our website, let us authenticate you when you sign-on to use any of our Services, and help us distinguish you from other users of our Site (for example, if you are using our chat service). The functionality of our Services would be affected if these cookies are disabled.

  • Functionality or preference cookies, that are used to recognise you when you return to our website so we can personalise our content for you (such as your country or language preferences).

  • Analytical or performance cookies, that enable us to count the number of unique visitors to our Site and to see how users interact with our Site. We use this information to help improve our Site and your experience. For example, we can use these cookies to understand what areas of our Site are not being used by users and make improvements.

Managing cookies

You can change your cookie preferences by changing the setting on your browser. Below we have provided links to some of the most popular browser websites:

To find information relating to other browsers, visit that browser developer's website.

Finally, you can find more information about how to manage and remove cookies (including how to opt-out) at this link.

Your Rights

We guarantee your right to informational self-determination and the protection of your personal rights when using our services. You can at any time and free of charge claim the following rights against us upon request: Information about your stored data, correction or deletion of your stored data, restriction of the processing of your stored data, objection to the processing of your stored data, right of revocation of a once given consent to the collection, processing and use of your personal data with effect for the future as well as your right to data transferability. For this purpose, please use the contact details set out below. You have the right to appeal to a supervisory authority at any time if you are of the opinion that the processing of your personal data has taken place unlawfully.

Changes to this Privacy Policy

Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

Questions and Contact Information

If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information about how we process your Personal Data, you can contact us at privacy@fino.run or by mail at:

  • Data Protection Officer

  • fino run GmbH

  • Universitätsplatz 12

  • 34127 Kassel

  • Germany

Annex Account Information

Subject to such Account Information being returned by the relevant ASPSP, Account Information shall include, but not be limited to, the following financial information and Personal Data:

  • Personal details: name, date of birth, full address(es), email address, phone number, gender;

  • Bank account information:

    • a. Account type (e.g. current, saving, investment, credit card);

    • b. Account name;

    • c. IBAN/Account number/Sort code/SWIFT;

    • d. Currency;

  • Account balance information:

    • e. Current balance;

    • f. Available balance (credit cards);

  • Transactions;

    • g. Time;

    • h. Description;

    • i. Amount;

    • j. Meta-data (arbitrary data that banks associate with a transaction e.g. category); and/or

  • Additional data which fino may collect in the future (as confirmed in writing from time to time):

    • k. Loans data when available;

    • l. Insurance data when available; and/or

    • m. Investments data when available;

    • n. Payment due date (credit cards) when available; and/or

    • o. Minimum payment due (credit cards) when available.

Quick Links