Social Media
Blog
Company
Help
Bank From Anywhere, 24/7
Download the N365 app today for a 100% mobile banking experience. Available on iOS and Android.
Privacy Policy
(Version 7.7 Date 12.03.2023)
In this Privacy Policy, N365 Bank AG (hereinafter: “N365”, “we”, “our”) shall inform you about the collection, use and processing of personal data when using our website https://N365.com (hereinafter: “Website”), our web application (hereinafter: “Web App”) and our mobile app (hereinafter: “App”; jointly called: “Services”). We will explicitly point out in case any information of this Privacy Policy refers exclusively to our Website, Web App or App. For information related to the usage of cookies or similar technologies on our Websites or Apps, please refer to the respective website and app cookie policies in the legal documents section of your app or on our websites.
In this context, personal data means all detailed information about personal or factual circumstances of a specific or identifiable natural person, such as name, telephone number or address. We process your personal data either within our business relation if you are a N365 customer or when you are visiting our Website for informative purposes. Furthermore we process personal data coming from publicly accessible sources (e.g. records of debtors, trade registers, registers of associations, media, press, internet) whenever we have a legal ground that allows us to do so.
When using additional N365 products or products of our business partners additional personal data might be collected, processed and stored. Please find details concerning the processing of additional data in the respective product category below.
I. Controller, processors and separate controllers
The responsible entity for the collection, processing and use of your personal data is:
N365 Bank AG Voltairestraße 8 10179 Berlin
N365 has appointed a Data Protection Officer, who is accessible via [email protected].
You will find more detailed information regarding N365 in the imprint.
Some of our data processing activities can be carried out by a third party on behalf of N365. Where processing of personal data is carried out on behalf of N365, we conclude a separate contract with the processor in accordance with Art. 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR”).
Our list of processors includes pure data processors, meaning technical service providers, which fall under the following categories:
applicable)
You will also come across specific data processors which are expressly indicated to you when you use our Services. We understand that these specific data processors can be of interest to you in case you want to exercise, before them, your rights in accordance with the GDPR. These specific data processors are also mentioned in this Privacy Policy for each product or service.
N365 can transmit your personal data to other entities such as other financial institutions, regulatory and supervisory authorities as well as public and governmental bodies and agencies, including addition to that the ECB (European Central Bank), the EBA (European Banking Authority), the German Federal Bank, the BaFin (German Federal Financial Supervisory Authority) among other entities, who will act as separate data controllers of your personal data, for the purposes of:
N365 can transmit your data to external lawyers, advisors and consultants, who are separate controllers and bound to professional confidentiality, for the purposes described above.
Furthermore, N365 will transmit your personal data to third parties, meaning other data controllers of your personal data, if that is triggered by you in the framework of the provision of our Services to you. Specific separate controllers will be indicated for each processing activity in more detail in the following sections of our Privacy Policy.
II. Data processing purposes and legal basis
We process your personal data in accordance with the GDPR and any national legislation including but not limited to the German Federal Data Protection Act (hereinafter: “Data Protection Regulation”).
In compliance with such Data Protection Regulation, N365 will only process your personal data if at least one of the following legal bases applies, as detailed in section III. below regarding our specific data processing activities:
We process your personal data in order to pursue our legitimate interests or the legitimate interests of a third party, where those legitimate interests override any of your rights and the data processing activities are necessary to satisfy such legitimate interests. In such cases, we have carried out a legitimate interest assessment, where those legitimate interests, impact and guarantees have been analyzed. Those cases are the following:
● To conduct and produce anonymised statistical research and reports, based on the legitimate interest of N365 to conduct research and analysis regarding the use customers make of the products and features provided by N365.
● Processing is necessary for compliance with a legal obligation to which the controller is subject (Art. 6 (1) c) GDPR)
N365 is subject to several legal obligations as well as regulatory requirements which require N365 to process personal data, including for purposes of verification of your identity and age, prevention of money laundering and fraud, taking part to judicial proceedings or as part of judicial and police activities, verification of your credit risk rating, control and reporting obligations based on provisions of the supervisory authorities, tax laws and risk assessment of N365. Such obligations derive from the applicable banking legislation and regulatory requirements, including from the Anti Money Laundering Laws, Laws on Countering of Terrorism Financing, Banking Laws, Tax Laws as well as other binding measures on financial matters.
III. Data processing within the framework of N365 products
1. Data collection and processing in case of opening and using the N365
account
Personal data related to your identification, contact data, economic data and finance data will be processed by N365 for the purpose of opening an account with N365 (hereinafter: “Sign-up”) and using the Services of N365. The legal basis of the processing of these data is Art. 6 (1) b) GDPR. These data include the following personal data:
issuing authority
your IBAN, customer ID, card details, transaction details (card payment and banking transfer amounts and recipients) based on products and services contracted with N365.
Please note that it is not possible to open an account, if you do not provide your personal data as mentioned above.
In order to process transactions, N365 receives personal data and transfers personal data according to the applicable legal and regulatory framework to payers, recipients and other financial institutions. The personal
data received by other entities in this regard concerns your name and surname, including transaction details like the payment reference and registered IBAN.
During the creation of your N365 account we will need access to your geolocation upon your consent in the settings of your smartphone; you will find further information in the privacy policy of the operating system of your smartphone. The lawful basis of this processing is our legitimate interests in confirming that you are located in your country of residence in order for us to comply with our legal obligations related to fraud prevention (Art. 6 (1) f) GDPR). For more information on the legitimate interest as a legal basis for processing data, please see section II. above.
In addition, we might ask you to submit additional documents for verification. The lawful basis of this processing is Art. 6 (1) c) GDPR as the processing is required to comply with legal obligations stemming from Anti Money Laundering and Countering of Terrorism laws.
What personal data we will be processing depends on the document we are requesting and receiving from you. Such documents can be a proof of residence (such as a gas, water or electricity bill less than 3 months old or a registration certificate), a proof of salary (such as an employment contract, salary statement or statement of assets and income; in case you send us one of the two latter ones, we ask you to please black out any data related to your religious beliefs and family status, if provided therein), your visa documentation or proof of study which states the reason why you live in the country indicated by you as country of residence, or a document attesting your source of wealth (contracts, bank statements, information around asset sales, capital gains or inheritance).
Once you send us any of the mentioned documents they will be assessed manually by N365 to verify and confirm that we have all the data about you that we need in order to open your account with us or to allow you to continue using our Services.
In case the information you sent us upon our request is not sufficient, we will reach out to you and ask you for more documentation, which is equally subject to the above mentioned.
2. Data processing within the framework of MoneyBeam
The MoneyBeam service is available to you within the framework of the use of our account. You can send money via MoneyBeam to the contacts from your mobile device who are also N365 customers without knowing their bank details. In order to facilitate MoneyBeam, we have to process data from sender and recipient, as well as certain transaction data, based on the execution of our agreement with you, according to Art. 6 (1) b) GDPR. Transaction data are the same as for a normal bank transfer, with the difference that no IBAN is required, but only an email address or phone number, and that no data is transmitted to third parties. In order to use MoneyBeam, customers have to make themselves “visible” as N365 customers and allow access to their mobile device’s contact list. To enable this, N365 will access the contacts stored on your mobile device. N365 shall only access your stored contacts if you previously consent to this. Please find more information in section III.4. below.
3. Visibility as an N365 customer when using certain N365 features
In the context of using certain N365 features like MoneyBeam, Request from friends, Shared Spaces, Split the Bill or Money QR Code, we ask for your consent, according to Art. 6 (1) a) GDPR, to be visible to other N365 customers as an N365 customer. By granting N365 permission to share your status as an N365 customer, we can display this information to other N365 customers, in the context of their use of certain N365 features, if you are present on their mobile device’s contact list. You are then visible to your contacts if they are also customers of N365. You can revoke this consent in the App at any time via My Account > Settings > Personal Settings > Personal Information, and manage your visibility as explained here.
4. Data processing related to using N365 features in connection to your
contacts
To facilitate your use of N365 features in connection with your contacts, we will access your mobile device’s contact list and upload your contacts’ information to your N365 account, based on your consent, according to Art. 6 (1) a) GDPR. This will include a regular sync with your mobile device to ensure your contacts’ information is up-to-date. You can withdraw or manage your consent at any time directly through your mobile device’s operating system. You will be able to see all contacts from your mobile device in your N365 account, including which of them are also N365 customers, provided that they have made themselves “visible” as such. We will store your contacts to make them available to you in your N365 account and combine this data with other contact information you provide when using our services to make it easier for you to search and find your contacts in the context of a transaction and the use of other N365 features. For these purposes, we rely on our legitimate interest, according to Art. 6 (1) f) GDPR, to provide you with improved service functionality and a better customer experience. For more information on legitimate interest as a legal basis for processing data, please see section II. above.
5. Data processing in the framework of Shared Spaces
In order to facilitate Shared Spaces, we have to process data to identify the members of a Shared Space and transaction data related to the use of this feature, based on the execution of our agreement with you, according to Art. 6 (1) b) GDPR. No data is transmitted to third parties. In order to use Shared Spaces, members have to make themselves “visible” and allow access to their mobile device’s contact list. You can find more information on this in section III.3.
6. Data transmission within the framework of N365 You/Metal
In order to facilitate your insurance cover within the framework of N365 You/Metal, we collaborate with AWP P&C S.A. (branch for the Netherlands, which operates as Allianz Global Assistance Europe and is a member of Allianz Group), as our processor. For this purpose, we will transmit your first name and surname, date of birth, email address, N365 reference number and registered address to AWP P&C S.A, based on the execution of the respective agreement with you according to Art. 6 (1) b) GDPR.
7. Data transmission within the framework of Wise
In cooperation with Wise Payments Ltd., 6th Floor, The Tea Building, 56 Shoreditch High Street, London E1 6JJ, Great Britain (hereinafter: “Wise”), we offer “international transfers” from N365 accounts. For the purposes of this service, we will transmit the data collected concerning your identification document, first name and surname, date of birth, registered address, telephone number and email address, based on your request to execute such international transfer and your corresponding consent, according to Art. 6 (1) a) and b) GDPR to Wise, who will act as a separate controller. Additionally, upon regulatory inquiry by Wise, N365 - under its legal obligations, in accordance with Art. 6 (1) c) GDPR - is obligated to transmit to Wise the copy of your identification document created in the course of the process of opening your account.
8. Data processing in the framework of Cash26
In order to be able to implement the Cash26 service and enable you to withdraw and deposit cash, we shall transmit your account details and the corresponding transaction data, based on the execution of your request to withdraw or deposit cash according to Art. 6 (1) b) GDPR, to our Cash26 partner so you can withdraw and deposit cash in the stores selected by you when using Cash26. To display to you the location of our Cash26 partners nearby, we process your geolocation if you gave consent to it according to Art. 6 (1) a) GDPR. This geolocation will not be shared with the Cash26 partners and will only be used to provide this service, keeping
the data temporarily only for as long as you are using this service each time you are using it. You can revoke your consent at any time in the settings of your smartphone. You will find further information in the privacy policy of the operating system of your smartphone.
9. Data transmission in the framework of Google Pay and Apple Pay
In order for you to be able to use the mobile financial services of Google and Apple, N365 needs to transmit transaction data to our processor Mastercard MPTS, who will share the data with Alphabet Inc. (Google) or Apple Inc., as separate controllers, when you use such services to perform a transaction. Such transfer is based on the execution of the agreement between N365 and you, according to Art. 6 (1) b) GDPR.
Tokens are used to authorize and to perform transactions with one of the mentioned service providers and these tokens permit you personal data to remain confidential. Your transaction data is tokenized at Mastercard MPTS before it is transmitted to one of the mentioned service providers.
10. Data transmission in the framework of Facebook Custom Audiences and
Google Customer Match
In order to create custom audiences (consisting of N365 customers and internet users or only internet users while excluding N365 customers) and lookalike audiences (consisting of internet users similar to N365 users) and deliver personalized content to such audiences, we use Facebook Custom Audiences (a service provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin, Ireland) and Google Customer Match (a service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, Ireland). For this reason we transmit your hashed (pseudonymized) email address to Facebook and Google. The so-called “hashing” is a form of pseudonymisation which encrypts an email address in a way that individuals can no longer be identified by this hashed email address, without the use of additional information. Facebook and Google then match this email address against potential Facebook and Google email addresses. The hashed email addresses are deleted within 6-8 hours by Facebook and within 48 hours by Google, after the matching process is completed. Facebook and Google do not share these data with third parties or other advertisers or grant access to these data. The legal basis for the processing of this data is your consent under Art. 6 (1) a) GDPR. You can revoke your consent to this data processing at any time in the N365 Web App and App. You can find further information on Facebook here and Google here and here.
11. Data transmission in the framework of Open Banking
To comply with a request to access your N365 account for payment initiation services, account information services and confirmation on the availability of funds (hereinafter: “Open Banking Request”), your personal data is provided to authorized third party payment service providers. The personal data transmitted will include your IBAN, Bank Account ID and N365 User ID. We provide the personal data you request through a licensed third party described in this section on the basis that it is necessary to comply with our obligation under the applicable legal and regulatory framework to provide an interface for communication with licensed payment service providers of your choice (Art. 6 (1) c) GDPR) and that it is necessary to perform our obligations under the N365 account contract (Art. 6 (1) b) GDPR).
12. Data transmission in the framework of the Stripe Top Up Feature
The Stripe Top Up Feature (hereinafter: “Top Up Feature”) provides an easy method for new customers to add funds to their accounts instantly. Stripe Payments Europe Ltd. (hereinafter: “Stripe”), The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland is providing the technical setup and integration with the relevant payment processors, as a processor. In order to be able to use the Top Up Feature, N365 transmits information regarding payment details (cardholder name, email address, unique customer identifier, order ID, bank account details,
payment card details, card expiration date, CVC code, date, time and amount of transaction, merchant name/ID and location) to Stripe. Stripe will also process your data in order to fulfill its legal obligations, as a separate controller, like monitoring fraudulent payment transactions, know-your-customer obligations and anti-money-laundering screening. Stripe and N365 only exchange anonymized tokens and N365 never sees or stores the details of the card used for the deposit. The usage of the Top Up Feature is entirely voluntary for eligible customers, as part of your contract with N365 and the respective data processing is based on Art. 6 (1) b) GDPR.
13. N365 Crypto Service
In order to be able to make the N365 Crypto Service available to you, so you can use the crypto trading services powered by Bitpanda GmbH, Stella-Klein-Löw-Weg 17, 1020 Vienna, Austria (“«Bitpanda”») within your N365 app, we process the following data points related to you, based on the execution of the agreement between N365 and you, according to Art. 6 (1) b) GDPR:
We will also process this data on behalf of Bitpanda (Art. 28 GDPR), and transmit it to Bitpanda and to Bitpanda Asset Management GmbH so that Bitpanda can set up your N365 Crypto Service. This processing is based on pre-contractual steps taken upon your request in accordance with Art. 6 (1) b) GDPR.
When you use your N365 Crypto Service, we process your personal data related to any investment orders and transactions you wish to perform on your N365 Crypto account and we transmit that data to Bitpanda, so that Bitpanda can execute such orders and transactions as a separate data controller. This processing is based on your agreement with Bitpanda, in accordance with Art. 6 (1) b) GDPR.
14. Data processing in the framework of the Insights feature
The Insights feature is available within the App. The feature sorts your transactions/payments and visualizes your spendings in a variety of categories to offer you valuable insights on your spending behavior. In order to offer the Insights feature to you within the App, we process transaction data (i.e. data relating to the sender and recipient of transactions, such as the name of the retailer, amount of transitions, subject(hashtag of transactions) and data relating to certain actions by the user (i.e. hashtags created by the user for purposes of spending categorization), as part of your contract with N365 and the respective data processing is based on Art. 6 (1) b) GDPR.
15. Data processing when displaying in-App updates
If you use the App, so-called in-App updates will be displayed. The purpose of the in-App updates is to inform you about the content of your contract, new functionalities of the App or App updates and releases and to give you tips for an optimized use of the App. We will process your user and transaction data (recent deposits, payments, withdrawals, friend referrals) in order to provide you with the relevant in-App updates. We process your data to the extent necessary to display relevant information about your contract with N365 or the improved use or new functionalities in the App (Art. 6 (1) b) GDPR).
In addition, the in-App updates may help you to find information about our new services and products related to the App. In order to display in-App updates relevant to you, we will process your user and transaction data (recent deposits, withdrawals, payments, friend referrals). We process your data within the scope of our legitimate interests in informing you about new services and products implemented in our App, as far as this is necessary to display our new features, services and products so you can use any of them if you are interested (Art. 6 (1) f) GDPR). For more information on the legitimate interest as a legal basis for processing data, please see section II. above.
16. Data processing when using the Customer Chat
When discussing any contractual matters (such as account related information or your transactions) with us on our Customer Chat or on our Website or within our App, your IP-address and the information you provide us in your chat communication will be collected and processed, to the extent this is necessary for N365 to provide you the products and services under the contract between you and N365 or any pre-contractual actions required by N365 or as requested by you, based on Art. 6 (1) b) GDPR.
In addition, we process your data within the scope of our legitimate interest in answering your general questions about our services and products and to help you find information about our new services and products related to the App, so you can use any of them if you are interested, Art. 6 (1) f) GDPR. For more information on the legitimate interest as a legal basis for processing data, please see section II. above.
17. Data processing in the framework of informational communication
We use informational emails, in-App updates and push notifications to inform you about transactions, withdrawals, and other relevant information related to your usage of our App. For some informational emails, in-App updates and push notifications we screen and analyze your user behavior (recent transactions, withdrawals, friend referrals) to send you (additional) information about these processes via emails, in-App updates or push notifications. We will only send you these emails, in-App updates and push notifications based on your user behavior if the processing is necessary for the performance of the contract, based on Art. 6 (1) b) GDPR or within the scope of our legitimate interests of informing you about transactions, withdrawals, and other relevant information related to your usage of our App, as far as necessary to provide such information, based on Art. 6 (1) f) GDPR. For more information on the legitimate interest as a legal basis for processing data, please see section II. above.
18. Data transmission in the framework of N365 “Insurance”
In cooperation with simplesurance GmbH, Hallesches Ufer 60, 10963 Berlin (hereinafter: “Simplesurance”), we offer “N365 Insurance” for N365 customers as individual add-on options. For the purposes of this service, we will transmit the data collected concerning your personal information and your insurance data, namely your first name and surname, registered address, tax-ID, your email provided to N365, identification number and other information about the insured goods according to Art. 6 (1) b) GDPR to Simplesurance, who will act as a separate controller. Simplesurance may transmit the data collected to the insurer. Please find further information in the Simplesurance privacy policy here.
19. Preparing anonymised statistical datasets
We use your personal data to prepare anonymised statistical datasets about our customers’ spending patterns for forecasting purposes, refining product development and understanding consumer behavior and assess our company’s performance. The reports are produced by using information about you and other customers, however, the information used is anonymised so that it is no longer personal data. You cannot be linked back as an individual within anonymised statistical data and you will therefore never be identifiable from it. We may share these datasets with third parties. This processing is based on N365’s legal obligations, in accordance with Art. 6 (1) c) GDPR, or based on N365’s legitimate interest, under Art. 6 (1) f) GDPR. For more information on the legitimate interest as a legal basis for processing data, please see section II. above.
The following example gives you an idea how we are using anonymised data sets under our legal obligations: The Deposit Protection Scheme of German Banks (Entschädigungsfonds deutscher Banken ‘EdB’) requires us to provide anonymised datasets that allows EdB to be updated on indemnifiable deposits for the purposes of the Deposit Guarantee Act (Einlagensicherungsgesetz).
20. Data transmission in the framework of Mastercard Automatic Billing
Updater Program
In order to be able to use the Automatic Billing Updater (“ABU”), information concerning your current account is transferred to our processor Mastercard Europe S.A. (“Mastercard S.A.”), 198/A Chaussée de Tervuren, 1410 Waterloo, Belgium. ABU provides automatic updates of information concerning your Mastercard to third party services you use and to which you subscribed with your Mastercard. By doing this ABU helps to reduce preventable card-not-present declines by changes of stored payment account information. For this purpose N365 transmits Cardholder information (cardholder PAN and card expiration date) as well as payment information according to Art. 6 1b) GDPR to Mastercard S.A. Mastercard S.A. will process those Personal Data for the purpose of providing ABU, including hosting and maintaining the ABU database and checking authorization requests against the ABU database.
21. Data processing in the framework of the Waiting Lists
When you ask us to add you to our waiting list for information on when we’re able to provide our banking services to you, the following data will be collected and processed so that we can inform you once we are able to offer you our services:
The legal basis of the processing of these data is Art. 6 (1) (b) GDPR. Please note that it’s not possible to include you in the waiting list if you do not provide us with the referred personal data. Your data will be kept on our waiting list for your market for 18 months after you were included therein and will be deleted in case that period of time lapses and we are not able to offer you our services in the meantime.
If, after that period of time, you continue to be interested in being included in the waiting list, please ask us again to be added thereto.
Based on your decision to be added to the waiting list, we will send you emails containing the following information:
● Confirmation that you were successfully added to the waiting list
video-ident procedure
N365 is legally obliged to check your identity using a valid identification document within the framework of opening an account and to store specific information from the identification document. For this purpose, we offer you a liveness-detection photo (with the combination of photo and video), via an encrypted transmission path, through our reliance partner Safened-Fourthline.
N365 will transmit personal data to its external service providers, as data processors, for the purpose of verifying your identity as required by law. Regarding the liveness-detection photo performed by Safened-Fourthline, we refer to the Safened-Fourthline Terms and Conditions, which we provide you for your acceptance within the identification procedure. Safened-Fourthline will, after your authorization to do so directly on your device, access the camera of your end device and a photograph of you will be taken by yourself, as well as a video in which you will be requested to move, and the front and rear sides of your personal identification document or the principal page of your passport.
Your personal data is collected as proof of your eligibility to use our services, in accordance with our legal obligations and based on Art. 6 (1) c) GDPR. In order to verify your identity by means of the photo and videos collected in the identification procedure and the identification document, we collect your consent and thus the processing is based on Art. 6 (1) a) GDPR. Please note that, since we are a digital bank with fully remote communication with our customers, we can only offer a remote check of your identity and thus need your consent to proceed therewith.
Once you have completed this identification procedure your personal data will be retained as long as required by our legal obligations, based on Art. 6 (1) c) GDPR.
V. Social Plugins
On our Website, as well as in our Support Center, we have share buttons linking to Facebook, YouTube, LinkedIn, Twitter, Instagram and Glassdoor. These are not third-party plugins, and do not actively send or allow third parties to fetch personal data or any other sort of information whatsoever. The share buttons are hyperlinks that only redirect you to the respective website of the third party when clicked.
VI. Marketing Communication 1. Marketing emails
In our marketing emails, we inform you about our offers related to N365 financial products and services, partnerships between N365 and third parties (discounts on third party products/services for N365 customers), as well as friend referral initiatives. If you would like to receive marketing emails, we require an email address from you. We will only send you marketing emails if you expressly consent to this as you open an account, based on the Data Protection Regulation
In order to ensure that we only send you information that is most relevant to you and corresponds with your personal interests, we screen and analyze your user behavior by processing data related to your recent transactions, withdrawals, deposits, payments as well as friend referrals and use this information for marketing emails, based on our legitimate interest under Art. 6 (1) f) GDPR to inform you about offers related to N365 financial products and services, partnerships between N365 and third parties (discounts on third party products/services for N365 customers), as well as friend referral initiatives. For more information on the legitimate interest as a legal basis for processing data, please see section II. above.
Once you created your account you can also give or revoke your consent to receive marketing emails in the App settings via N365 App > My Account > Settings > App-Settings > Communication-Settings > disable respective toggle. Please see the Support Center Article for further information on Marketing Communication settings here. These data will only be used for sending you marketing emails and will not be disclosed to third parties.
2. Marketing push notifications
In our marketing push notifications, we inform you about our offers related to N365 financial products and services, partnerships between N365 and third parties (discounts on third party products/services for N365 customers), as well as friend referral initiatives. Push notifications are messages you receive on your phone without a specific request and regardless of whether the App is open. We will only send you marketing push notifications if you expressly consent to this as you open an account, in terms of the Data Protection Regulation.
In order to ensure that we only send you information that is most relevant to you and corresponds with your personal interests, we screen and analyze your user behavior by processing data related to your recent transactions, withdrawals, deposits, payments as well as friend referrals and use this information for marketing push notifications, based on our legitimate interest under Art. 6 (1) f) GDPR. For more information on the legitimate interest as a legal basis for processing data, please see section II. above. Once you created your account you can also give or revoke your consent to receive marketing push notifications in the App settings via N365 App > My Account > Settings > App-Settings > Communication-Settings > disable respective toggle. Please see the Support Center Article for further information on Marketing Communication settings here.
3. Marketing in-App updates
In our marketing in-App updates, we inform you about our offers related to N365 financial products and services, partnerships between N365 and third parties (discounts on third party products/services for N365 customers), as well as friend referral initiatives. In-App updates are small sections within the App providing you with contextual and personalized information.
In order to ensure that we only send you information that is most relevant to you and corresponds with your personal interests, we screen and analyze your user behavior by processing data related to your recent transactions, withdrawals, deposits, payments as well as friend referrals and use this information for marketing in-App updates, based on our legitimate interest under Art. 6 (1) f) GDPR to inform you about our offers related to N365 financial products and services, partnerships between N365 and third parties (discounts on third party products/services for N365 customers), as well as friend referral initiatives. For more information on the legitimate interest as a legal basis for processing data, please see section II. above. Once you created your account you can object to the processing of your personal data to receive marketing in-App updates in the App settings via N365 App > My Account > Settings > App-Settings > Communication-Settings > disable respective
toggle. Please see the Support Center Article for further information on Marketing Communication settings here.
4. Customer Chat
In our Customer Chat we inform you about offers related to N365 financial products and services, partnerships between N365 and third parties (discounts on third party products/services for N365 customers), as well as friend referral initiatives.
In order to ensure that we only send you information that is most relevant to you and corresponds with your personal interests, we screen and analyze your user behavior by processing data related to your recent transactions, withdrawals, deposits, payments, as well as friend referrals and use this information for marketing information via our Customer Chat, when you are in contact with a customer service agent or N365 Neon, our chatbot, based on our legitimate interest under Art. 6 (1) f) GDPR to inform you about offers related to N365 financial products and services, partnerships between N365 and third parties (discounts on third party products/services for N365 customers), as well as friend referral initiatives. For more information on the legitimate interest as a legal basis for processing data, please see section II. above. Once you created your account you can object to the processing of your personal data to receive marketing messages when using our support chat in the App settings via N365 App > My Account > Settings > App-Settings > Communication-Settings > disable respective toggle. Please see the Support Center Article for further information on Marketing Communication settings here.
5. Email newsletter
In our email newsletter, we inform you about our offers related to N365 financial products and services, partnerships between N365 and third parties (discounts on third party products/services for N365 customers), as well as friend referral initiatives. If you would like to receive the email newsletter, we require an email address from you. We will only send you our newsletter if you expressly consent to this as you open an account, based on the Data Protection Regulation.
Processing your data in order for us to send you our newsletter is based on your prior consent according to Art. 6 (1) a) GDPR. You can revoke your consent to receiving our email newsletter at any time. The revocation can be made via a link in the newsletter. Please see the Support Center Article for further information on Marketing Communication settings here.
VII. International transfer of personal data
Insofar as N365 transmits data to entities located outside the European Economic Area and in order to ensure an appropriate level of protection similar to the one granted under the GDPR upon the international transfer of data, N365 has implemented one or more of the following transfer tools, in addition to safeguards in accordance with the respective international data transfer impact assessment on the respective data transfer, if applicable:
● A decision of the European Commission deciding that the third country ensures an adequate level of protection, pursuant to Art. 45 (1) GDPR - the existing adequacy decisions can be found here;
● Standard data protection clauses for the transfer of personal data to third countries (hereinafter: “SCCs”), as adopted by the Commission, pursuant to Art. 46 (2) c) GDPR - the most recent version of the SCCs can be found here.
You can obtain a detailed copy of the transfer tool and more information in this regard by sending a request to N365 to the addresses indicated in section IX. below.
Insofar as we transmit data to entities located outside the European Economic and in third countries that do not provide an adequate level of protection of personal data in the terms of the GDPR, we do so upon your explicit consent under Art. 49 (1) a) GDPR.
VIII. Data collected in the framework of phone call recordings
When discussing any contractual matters (such as account related information or your transactions) with us on the phone, the call between us will be recorded for security and evidence reasons. Our interest to be able to prove contractual inquiries as well as to prevent and detect fraudulent behavior stipulates our legitimate interest to record calls in accordance with Art. 6 (1) f) GDPR. This does not apply to calls aimed at clarifying general inquiries related to N365 products and services.
The call recordings will be retained as long as required for security and evidentiary purposes. The call recordings will be processed by our Interactive Voice Response (IVR) service provider who is processing personal data on behalf of N365 (Art. 28 GDPR). If we are required to do so, the recordings will be shared with the competent authorities, in accordance with the applicable law.
If you do not wish to be recorded when calling us, please do contact us by email or through our Customer Chat for queries related to account related information or your transactions.
IX. Rights
1. Your rights
You have the following rights concerning your personal data:
access to documents or the obtention of copies of such documents;
data when they are incomplete or inaccurate;
personal data when they are no longer required by N365 for the purposes they were initially collected for, or when you understand they have been illicitly used. N365 can reject your request, if the data is necessary to comply with a legal obligation, for public interest reasons or for legal actions;
data to another controller where the data processing is based on the consent, or on a contract and the
processing is carried out by automated means;
● Right to lodge a complaint with a supervisory authority according to Art. 77 GDPR, which means
that you can complain before the supervisory authority if you consider that the processing of your personal data by N365 infringes the GDPR.
Without prejudice to section XI.2. below, please:
Exercise your right of access, right to erasure and right to object to the processing through our webform;
Please do not address your requests through a third party platform which requires us to get back to you through that same means, since we are not able to clearly identify you as an N365 customer in such cases. Instead, please resort to the aforementioned ways of making use of your rights before N365.
2. Specifically, your right to revoke consent and right of objection
You can find below more details about your right to revoke consent and right of objection:
You have the right to revoke your consent to the processing of your personal data at any time with effect for the future. In the event you revoke your consent, your personal data is not processed any longer, unless further processing can be based on a different legal basis for processing (excluding consent). The processing of your personal data remains justified until the date of your revocation.
You have the right to object to the processing of your personal data, which is processed in accordance with Art. 6 (1) e) and Art. 6 (1) f) GDPR, at any time. This does also include profiling according to Art. 4 (4) GDPR. In case you object, your personal data is not processed any longer, except when we have legitimate reasons to continue the processing, which exceed your interests, rights and liberties or when the processing is necessary to enforce, exercise or defend legal claims. The processing of your personal data remains justified until the date of your objection.
You can exercise your right to revoke your consent and your right of objection, as mentioned above, either via the specific means provided in our Web App or App, if applicable. You can exercise your right of objection also through our webform.
● Right of objection concerning data processing for direct marketing purposes (in accordance with Art. 21 (2) GDPR)
In some cases, we process your personal data for direct marketing purposes. You have the right to object to the processing of your personal data for direct marketing purposes at any time. This also applies to profiling, in case it is connected to direct marketing purposes. In case you object to the processing of your personal data for direct marketing purposes, your personal data is not processed any longer for this purpose. The processing of your personal data remains justified until the date of your objection.
Via the communication settings of your App, you can easily exercise your objection right by using the opt out toggles provided. You can access the settings as follows: N365 App > My Account > Settings > App-Settings >
Communication-Settings > disable respective toggle. Please see the Support Center Article for further information on Marketing Communication settings here.
X. Deletion and retention periods
We are storing and processing your personal data only as long as it is necessary to perform our obligations under the agreement with you or as long as the law requires us to store it. That means, if the data is not required anymore for statutory or contractual obligations, your data will be deleted. This also occurs in case your onboarding process is not finalized with the opening of an account, and meanwhile there are still pending legal or security obligations for the bank to preserve your data. However, that rule does not apply, if its limited processing is necessary for the following purposes:
Furthermore, whenever your consent is the legal ground to process your personal data, N365 will store that data for as long as you do not revoke your consent or until your account is closed, whatever happens the latest.
Download the N365 app today for a 100% mobile banking experience. Available on iOS and Android.
