Last Revised: 22 September 2021
This Policy describes:
- The types of information we collect from you or that you may provide when using Bankable’s financial services, products, and our website available at https://www.bnkbl.com/ (collectively, the “Services”).
- Our practices for collecting, using, maintaining, protecting, and disclosing that information.
What We Collect and How We Collect It
To ensure that we provide you with the best possible experience, we will store, use, and share information about you in accordance with this Policy.
Information You Provide to Us
Personal Information is any information that can be used to individually identify you from a larger group, such data includes, but is not limited to, your:
- first and last name;
- email address;
- telephone number;
- mailing address;
- credit card information;
- comments or messages provided in free text boxes.
You may provide us Personal Information when:
- requesting information;
- conducting digital banking;
- applying for a position with Bankable;
- developing corporate or consumer card programs;
- processing standardized and proprietary data formats;
- managing payment flows for marketplaces;
- subscribing to our emails;
- registering with the Services.
The information that you provide in each case will vary. In some cases, we may ask you to create a username and password that should only be known to you. When you provide credit card information, that information will be stored and processed in accordance with PCI-DSS requirements. By providing us with Personal Information, you warrant and represent that you have the appropriate authority and consent to disclose such Personal Information.
Automated Information Collection
In addition to the information that you provide to us, we may also collect information about you during your visit to our Services. We collect this information using automated tools that are detailed below. These tools may collect information about your behavior and your computer system, such as your internet address (IP Address), the pages you have viewed, and the actions you have taken while using the Services. Some of the tools we use to automatically collect information about you may include:
- Cookies. A “cookie” is a small data file transmitted from a website to your device’s hard drive. Cookies are usually defined in one of two ways, and we may use both of them: (1) session cookies, which do not stay on your device after you close your browser, and (2) persistent cookies, which remain on your device until you delete them or they expire.
Of course, if you do not wish to have cookies on your devices, you may turn them off at any time by modifying your internet browser’s settings. However, by disabling cookies on your device, you may be prohibited from full use of the Services’ features or lose access to some functionality.
- Google Analytics. One of our
trusted third-party partners is Google Analytics. The Services send aggregated, non-Personal
Information to Google Analytics for the purpose of providing us with the
ability to conduct technical and statistical analysis on the Services’
performance. For more information on how
Google Analytics supports the Services and uses information sent from the
- Web Beacons. A Web Beacon is an electronic image. Web Beacons can track certain things from your computer and can report activity back to a web server allowing us to understand some of your behavior. If you choose to receive emails from us, we may use Web Beacons to track your reaction to our emails. We may also use them to track if you click on the links and at what time and date you do so. Some of our third-party marketing partners may use Web Beacons to track your interaction with online advertising banners on our Services. This information is only collected in aggregate form and will not be linked to your Personal Information. Please note that any image file on a webpage can act as a Web Beacon.
- Embedded Web Links. Links provided in our emails and, in some
cases, on third-party websites may include tracking technology embedded in the
link. The tracking is accomplished through a redirection system. The
redirection system allows us to understand how the link is being used by email
recipients. Some of these links will
enable us to identify that you have personally clicked on the link and this may
be attached to the Personal Information that we hold about you. This data is
used to improve our service to you and to help us understand the performance of
our marketing campaigns.
- Third-party Websites and Services. We work with a number of service providers of marketing communications technology. These service providers may use various data collection methods to improve the performance of the marketing campaigns we are contracting them to provide. The information collected can be gathered on our Services and also on the websites where our marketing communications are appearing. For example, we may collect data where our banner advertisements are displayed on third-party websites.
Your Choices and Selecting Your Privacy Preferences
We want to provide you with relevant information that you have requested.
If we provide subscription-based services, such as email newsletters, we will allow you to make choices about what information you provide at the point of information collection or at any time after you have received a communication from us while you are subscribed. Transactional or service-oriented messages are usually excluded from such preferences, as such messages are required to respond to your requests or to provide goods and services, and are not intended for the purposes of marketing.
We will not intentionally send you email newsletters and marketing emails unless you consent to receive such marketing information. After you request to receive these emails, you may opt out of them at any time by selecting the “unsubscribe” link at the bottom of each email. Please note that by opting out or unsubscribing you may affect other services you have requested we provide to you, in which email communication is a requirement of the service provided.
Any such communications you receive from us will be administered in accordance with your preferences and this Policy.
Accuracy and Access to Your Personal Information
We strive to maintain and process your information accurately. We have processes in place to maintain all of our information in accordance with relevant data governance frameworks and legal requirements. We employ technologies designed to help us maintain information accuracy on input and processing.
Where we can provide you access to your Personal Information in our possession, we will always ask you for a username and password to help protect your privacy and security. We recommend that you keep your password safe, that you change it periodically, and that you do not disclose it to any other person or allow any other person to use it.
To view and change the Personal Information that you have provided to us, you can log in to your account and follow the instructions on that webpage, or contact us directly for assistance.
Information of Minors
We do not intentionally seek to gather information from individuals under the age of eighteen(18). We do not target the Services to minors, and would not expect them to be engaging with our Services. We encourage parents and guardians to provide adequate protection measures to prevent minors from providing information unwillingly on the internet. If we are aware of any Personal Information that we have collected about minors, we will take steps to securely remove it from our systems.
How We Use Your Information
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
In more detail, the information we gather and that you provide is collected to provide you information and the services you request, in addition to various other purposes, including, but not limited to:
- Preventing malicious activity and providing you with a secure experience.
- Providing service and support for services you request.
- Providing marketing communications that are effective and optimized for you.
- Keeping you up-to-date with the latest benefits available from us.
- Preventing unwanted messages or content.
- Measuring the performance of our marketing programs.
- Contacting you about services and offers that are relevant to you.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How We Share Your Information
We do not sell or lease your information to any third party. We may disclose your Personal Information to our trusted third-party business partners in accordance with this Policy. We work with a number of partners that help us process your requests, deliver customer service and support, send email marketing communications, and provide experiences that you have come to expect from us. We will share your Personal Information with these third parties in order to fulfill the service that they provide to us. These third-party partners are under contract to keep your Personal Information secure and not to use it for any reason other than to fulfill the service we have requested from them.
Except as described in this Policy, we will not share your information with third parties without your notice and consent, unless it is under one of the following circumstances:
- Responding to duly authorized information requests from law enforcement or other governmental authorities.
- Complying with any law, regulations, subpoena, or court order.
- Investigating and helping prevent security threats, fraud, or other malicious activity.
- Enforcing or protecting the rights and properties of Bankable or its subsidiaries.
- Protecting the rights or personal safety of Bankable’s employees.
There are circumstances where Bankable may decide to buy, sell, or reorganize its business in selected countries. Under these circumstances, it may be necessary to share or receive Personal Information with prospective or actual partners or affiliates. In such circumstances, Bankable will ensure your information is used in accordance with this Policy.
Your California Rights
Pursuant to California Civil Code Section § 1798.83, we will not disclose or share your Personal Information with third parties for the purposes of third-party marketing to you without your prior consent.
Other than as disclosed in this Policy, the Services do not track users over time and across third-party websites to provide targeted advertising. Therefore, the Services do not operate any differently when it receives Do Not Track (“DNT”) signals from your internet web browser.
If you are a California consumer, as defined by the California Consumer Privacy Act of 2018, you are afforded additional rights with respect to your “Personal Information” as that term is explicitly defined under California law. Any Personal Information we collect is collected for the commercial purpose of effectively providing our services to you, as well as enabling you to learn more about, and benefit from, our services. You may exercise each of your rights as identified below, subject to our verification of your identity.
Access. You may email us at email@example.com to request a copy of the Personal Information our Service databases currently contain.
Prohibit Data Sharing. When applicable, you may prohibit the sharing of your Personal Information by submitting a request via email to firstname.lastname@example.org _. In your email, please explain how you wish us to prohibit the sharing of your Personal Information, and which categories of third parties you want to prohibit from receiving your Personal Information. When such prohibitions are not possible to provide our services to you, we will advise you accordingly. You can then choose to exercise any other rights under this Policy.
Portability. Upon request and when possible, we can provide you with copies of your Personal Information. You may submit a request via email to email@example.com . When such a request cannot be honored, we will advise you accordingly. You can then choose to exercise any other rights under this Policy.
Deletion. If you should wish to cease use of our Services and have your Personal Information deleted from our Services, then you may submit a request by emailing us at firstname.lastname@example.org . Upon receipt of such a request for deletion, we will confirm receipt and will confirm once your Personal Information has been deleted. Where applicable, we will ensure such changes are shared with trusted third parties.
We do not sell your Personal Information. If we ever decide to sell Personal Information, we will update you via this Policy and include a link entitled “Do Not Sell My Personal Information,” to provide you with an opportunity to opt out of sales of your Personal Information.
In addition, if a California resident exercises his or her rights under California law, including the CCPA, we shall not discriminate against that California resident by denying our goods or services, charging different prices or rates to similarly situated consumers, providing a different level or quality of our goods or services, or taking any other adverse action.
For Service Users Around the World
We do not warrant or represent this Policy or the Services’ use of your Personal Information as it complies with the laws of any jurisdiction outside the UK, European Union and United States. Furthermore, to provide you with our services, we may store, process, and transmit information in the United States, United Kingdom, and other locations around the world, including countries that may not have the same privacy and security laws as yours. Regardless of the country in which such information is stored, we will process your Personal Information in accordance with this Policy.
For Service Users in the European Economic Area (EEA) or the UK
Under the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, or “GDPR”), individuals in the EU are afforded specific rights with respect to their Personal Information, or “personal data” as defined under the GDPR. For the purposes of this Policy, Bankable operates as a data controller. Any personal data we collect from you is processed in EEA or the UK and under the terms of this Policy.
Under the Data Protection Act 2018 and the UK GDPR (as per Schedule 1 to Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419)) the information individuals in the UK are afforded specific rights with respect to their Personal Information, or “personal data” as defined under the UK GDPR. For the purposes of this Policy, Bankable operates as a data controller. Any personal data we collect from you is processed in the EEA or the UK and under the terms of this Policy.
The information below applies to individuals in the UK and the EEA.
Any personal data we collect from you is processed in the legitimate interest of our business and providing our services to you as the lawful means of such processing. You may always withdraw your consent to our use of your personal data as described below. We will only retain your personal data for the time necessary to provide you the information and services to which you have consented, to comply with the law and in accordance with your rights below.
The Data Controller is:
NAME: Bnkbl Ltd.
ADDRESS: Level39 High-Growth Space,
One Canada Square,
London, E14 5AB
EMAIL ADDRESS email@example.com
You can exercise any of the following rights, subject to verification of your identity, by notifying us as described below:
- Access. You may email us at firstname.lastname@example.org to request a copy of the personal data our Service databases currently contain.
- Automated Processing and Decision-Making. You may email us at email@example.com to request that we stop using your personal data for automated processing, such as profiling. In your email, please explain how you wish us to restrict automated processing of your personal data. When such restrictions are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Policy, to include withdrawing your consent to the processing of your personal data.
- Correction or Rectification. You can correct what personal data our Service database currently contains by accessing your account directly, or by emailing us at firstname.lastname@example.org to request that we correct or rectify any personal data that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause information to be incorrect. Where applicable, we will ensure such changes are shared with trusted third parties.
- Restrict Processing. When applicable, you may restrict the processing of your personal data by submitting a request via email to email@example.com . In your email, please explain how you wish us to restrict processing of your personal data. When such restrictions are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Policy, to include withdrawing your consent to the processing of your personal data. Where applicable, we will ensure such changes are shared with trusted third parties.
- Object to Processing. When applicable, you have the right to object to the processing of your personal data by submitting a request via email to firstname.lastname@example.org . When such objections are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Policy, to include withdrawing your consent to the processing of your personal data. Where applicable, we will ensure such changes are shared with trusted third parties.
- Portability. Upon request and when possible, we can provide you with copies of your personal data. You may submit a request via email to email@example.com. When such a request cannot be honored, we will advise you accordingly. You can then choose to exercise any other rights under this Policy, to include withdrawing your consent. Where applicable, we will ensure such changes are shared with any trusted third parties.
- Withdraw Consent. At any time, you may withdraw your consent to our processing of your personal data through the Services by notifying us via email at firstname.lastname@example.org . Using the same email address associated with your Services account, simply type the words “WITHDRAW CONSENT” in the subject line of your email. Upon receipt of such a withdrawal of consent, we will confirm receipt and proceed to stop processing your personal data. Where applicable, we will ensure such changes are shared with trusted third parties.
- Erasure. If you should wish to cease use of our Services and have your personal data deleted from our Services, then you may submit a request by emailing us at email@example.com . Upon receipt of such a request for erasure, we will confirm receipt and will confirm once your personal data has been deleted. Where applicable, we will ensure such changes are shared with trusted third parties.
- Submit Complaints or Questions. If you wish to raise a complaint on how we have handled your personal data, you can contact us as described below. If you reside in a European Union member state, you may also lodge a complaint with the supervisory authority in your country.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Changes to this Policy
Safeguarding the Information We Collect
We use reasonable technical, administrative, and physical safeguards in order to protect your Personal Information against accidental loss and from unauthorized access, use, alteration, and disclosure. However, we can never promise 100% security. You have a responsibility, as well, to safeguard your information through the proper use and security of any online credentials used to access your Personal Information, such as a username and password. If you believe your credentials have been compromised, please change your password. Please also notify us of any unauthorized use.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six (6) years after they cease being customers for tax, insurance and regulatory purposes (even though on instances this can be five (5) years).
In some circumstances you can ask us to delete your data: see relevant section in this Policy.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
How to Contact Us
We value your opinions and welcome your feedback. To contact us about this Policy or your Personal Information, please contact us at
Level39 High-Growth Space, One Canada Square,
Email address: firstname.lastname@example.org
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk) or any other regulator with authority over your case. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.