PURPOSE AND SCOPE OF THE POLICY
Purpose of the policy
OLINDA is committed to the protection of users' data in accordance with French and European regulations, in particular with the Data Protection Act of 1978 and the General Data Protection Regulation of April 27th, 2016 (GDPR).
This policy describes our rules concerning the protection of personal user data. In particular, it describes how data is collected and processed, and how users can exercise their rights.
We are responsible for the processing of personal data collected through the QONTO platform. This means that we define the purpose and means of the processing of personal data collected. In this context, some of our partners, including our payment institution Treezor, are our subcontractors.
We apply a strict policy to ensure the protection of your data, as follows:
- We do not sell your personal data to third parties
- We make sure your personal data is always safe
Scope of the policy
This policy supplements our general terms and conditions of use, the Payment Services Framework Agreement and our Cookies Policy. It covers the use of:
- Our website Qonto.eu and services accessible from this site
- Our iOS and Android mobile apps, as soon as you download them
DATA WE COLLECT
We collect personal data on the basis of a legal obligation, a legitimate interest, or your consent.
Data you give us
You give us personal data through forms that you complete on our website or our mobile applications to subscribe to our services or those of our partners (in particular Treezor and Kantox). You may also send us personal data when you get in touch with us, in particular with our customer service, by mail or telephone. In this case, we keep a copy of this exchange. You may also send us personal data when you interact with us on social media.
The personal data that you give us includes the following:
- Data identification: name, date and place of birth, photo, identity card numbers, passport or residence, mailing address, email address, telephone number, gender, age, signature,
- Authentication and identification data when using our website or our applications: username, password, PIN code.
- Professional and tax data: professional category, sector of activity, profession, tax data, VAT returns.
- Banking and financial data: income, asset value, bank details, IBAN.
- Transaction data: date, time of transaction, amount, country, counterparty, transaction label, notes, MCC.
- Contact and interaction data with us : messages, emails, calls, interaction on our sites, mobile application, and social networks,
Data we collect automatically
We collect personal data automatically when you visit our website or use our mobile applications. The data we collect is the following:
- Technical connection information, in particular your IP address, the type and version of your browser, your time zone, installed plug-ins, the device you use to connect, the identification number of your device, your operating system.
- Information about your visits: the number of connections, the hours of connection, visited pages, durations of connection, searches, your response time, links on which you clicked.
- Data from subcontractors: to improve our quality of service, we also collect personal data from our subcontractors, including advertising agencies or private databases.
- Data coming from third-party applications : when you give us your consent, we can access your contact list on your facebook or google profile.
USE MADE OF DATA
We collect and use your personal data for the following purposes:
To provide our service, especially to execute the payment service agreement that you sign with us when you open a Qonto account. This allows us, for example, to make withdrawals, transfers, obtain and use your Qonto payment card.
For anti-money laundering, fraud and terrorist financing prevention purposes, to protect yourself and comply with applicable regulations, including ensuring the accuracy of your identity when you open a Qonto account or make transactions.
To inform you of changes in the service we offer, including new features or partnerships.
To make you aware of similar products or services proposed by us or our partners which could interest you.
To facilitate your interactions with our services especially with our customer support and to help you in the best conditions.
To improve your navigation on our website or the use of our applications and to ensure that the content we display is adapted to your needs.
To allow you to give us your opinion on the services we offer to improve them permanently.
To steer our marketing to better target our campaigns and measure their reach and the audience generated.
To allow you to participate in our HR Referral program, and for the purpose of recruitment.
To ensure the security of your data and your operations
COOKIES AND TAGS INTERNET
STORAGE SECURITY & INTERNATIONAL TRANSFER
Data we collect is stored on Amazon Web Services servers which ensure a high level of security. These servers are located in the European Union, in Germany.
Third parties transmission
For the purposes of the service, we may transfer some of your personal data to our subcontractors, some of which are located outside the European Union or the European Economic Area. In that case, we make sure that they are located in a country considered adequate by the European Union for the protection of personal data and, if the subcontractors are located in the United States, that they are subject to the agreement on the Privacy Shield. If this is not the case, we ask them to contractually committ to implement equivalent measures to ensure the protection of your personal data (standard clauses of the European Commission).
Transmission of your information via the Internet is secured via an HTTPS connection protected by an SSL certificate (SHA-256 / RSA Encryption). We are audited on a regular basis by banking security specialists in order to ensure the good protection of our systems. Access to your Qonto account is secured by your username and password which must be strong enough and not shared. For the most sensitive actions, we use a 2-factor authentication system. This is achieved by requiring you to confirm the actions with a 6-digit code received by SMS or generated by a third-party application.
We keep your data only as long as necessary for the purposes pursued. In accordance with our anti-money laundering and terrorist financing obligations, your transaction data will be retained for a period of five years following the closure of your account. Thus, we will keep your personal data for a maximum of five years after the closure of your payment account.
In accordance with the applicable regulations, you have rights attached to your personal data.
Right of access: You have the right to receive a copy of all personal data that we hold about you. In these cases, we will communicate your data in structured form and in an easily readable format.
Right to portability : You may receive from us the data about you in a structured, commonly used and machine readable format, in particular for the purpose of transmission to a third-party.
Right of rectification: you have the right to request the correction of the personal data that we hold about you if the latter is incomplete or erroneous. In this case, we may ask you to verify the new data provided.
Right of cancellation: You can ask us to delete your personal data when we no longer have a legitimate interest in detaining them. Note, however, that this right is not applicable when we have a legal obligation to retain some of your personal data, for example to combat money laundering or terrorist financing.
Right to limitation : In certain cases, you may obtain a limitation of treatment from us.
Right to object, to suspend a processing or to withdraw your consent: You can oppose the processing, profiling if necessary, or suspend the processing of some of your personal data, for example when we collect them on the basis of our legitimate interest. For personal data we collect on the basis of your consent, you have the right to withdraw your consent at any time. However some data is essential for the proper functioning of our service. In addition, as a regulated payment institution, we collect some data in order to fulfill our regulatory obligations, particularly in terms of customer knowledge and for money laundering prevention. Thus in the case of exercise of these rights we may not be able to continue offering you access to our services.
Right to decide the fate of your post mortem data: You may tell us the fate you want to reserve for your data in case of your death.
Exercising your rights
You may exercise one of your rights by submitting a request to our Data Protection Officer or Customer Support, indicating your request and providing us with an ID. We usually process requests of this type within one month. For this purpose, we may request additional information or documents.
For any question concerning the processing of your personal data or for any remark, request or complaint concerning their privacy, please contact our Data Protection Officer by:
- mail at QONTO - Data Protection Officer, 8 rue du Sentier, 75002 Paris
- e-mail at firstname.lastname@example.org
- contacting QONTO customer support