This document sets out how we intend to deliver on our promises to protect and responsibly manage your personal data under GDPR regulations.

Document Date: 9 April 2019
Copyright © 2019 Identity Bank B.V.

Contents

Personal data: what we need from you and why

Personal data is only ever collected by us under these circumstances:

You wish to be contacted by us when you fill in our website contact form

We will need to have your name and your email address so that we can complete your request to provide information to you.

You wish to be considered for a position in Identity Bank

You have provided us with your CV and/or additional information in, for instance, a covering letter about yourself (hereinafter, called "job application information"), or you have instructed a third party work placement business to supply us with your job application information.

In this case you consent to us having your job application information either by sending it to us directly, or indirectly, by giving your permission to send this to us via an agency or similar related work placement business.

When you sign up to become an Identity Bank business customer

To create a business account for you we need to know the name of the person who will be the primary contact for your business. We will also need to have an email address and a phone number for this person to be contacted.

We need this information so that we can contact the business about administration issues for the business account.

When you are invited by an Identity Bank business to create an Identity Bank personal account

We will need your name, email and mobile number to open a personal account for you.

General Data Protection Regulation (GDPR) lawful bases we rely on for processing personal data

Lawful bases we do rely on:

  • We have a contractual obligation.
  • Your consent.
  • We have a legal obligation.

Lawful bases we might rely on:

  • We have a legitimate interest.

What we do with the personal data you provide

We use the personal data information that you provide us with as follows.

When you fill in the contact form on our website

We use your name and email address to contact you by email. We will contact you once to respond to your enquiry. Twice by email if you want to be notified of Identity Bank service availability - just before product release and again when our product is launched. After that we will delete your information.

When you wish to be considered for a position in Identity Bank

If your job application does not result in your placement for the position you have applied for within Identity Bank, then your job application information will be deleted and permanently removed from our storage – this means paper, electronic media, whatever format(s) the job application information was supplied in, all will be permanently deleted from our storage system.
You are of course welcome to apply for other positions, but you will have to resubmit job application information to do this as we won’t hold anything on file, unless you ask us in writing to do this.

When you are the primary contact for an Identity Bank business account

We need to be able to contact the person who is responsible for opening the Identity Bank business account and for the administration of the business account.

We will keep your contact details as long as you have an Identity Bank business account with us and that account is open, valid and operating under the terms and conditions of the contract you have agreed to when you signed up to open your account.

When you have an Identity Bank personal account

We need your contact details (name, email and phone number) to open a personal account for you. We need this information to check you are who you claim to be. After the account has been opened we keep your contact details in case you need to recover your account.

We keep your contact details for as long as your personal account is open. Personal accounts that do not have links to businesses in Identity Bank will be automatically closed. See the section: "Your right to erasure" for more information.

What we don’t do with your personal data

We do not share any information with any organizations or individuals.

How we store your personal data

Your information is securely stored in encrypted form within the European Union.

We keep your personal data for a time period required by the lawful basis with the exception of details sent to us using our contact form, see section ‘When you fill in the contact form on our website’. We will then erase your personal data.

Your data protection rights

Under data protection law, you have rights as explained below along with an explanation of how we fulfil your rights in Identity Bank.

Your right of access

You have the right to access your personal information.

Identity Bank has two types of accounts - personal and business. In both cases once the initial account is set up: We have no access to your account.

Personal accounts: You can add, amend or delete data about yourself and decide which businesses can see what data about you. The only personal data we have about your account are your contact details (name, email and phone number). We need this information to administer your account and send notifications to your attention about your account.

We have no access to your personal account data.

Business accounts: You upload your own customer data and/or business files, this means that you decide what information you store about your customers and what business files are in your business account. The only personal data we have about your business account is the information we need to administer your account, that is, the business account holder’s name, email and phone number.

We have no access to your business account data.  

Your right to rectification

You have the right to rectify information you think is inaccurate. You also have the right to complete information you think is incomplete.

Personal accounts: you have full access to your own personal information, It is your account and you can add, amend and delete your personal data.

For example, if you see inaccurate information held about you by a business you can change that information yourself. This latest information will then be available to the business(es) that you have allowed to have that information about you.

We cannot amend any personal information about you. You are in control of your personal account and only you have access to do this.

Business accounts: the primary business account holder can amend or update their personal data profile information (name, email and phone number) within their account. Identity Bank will then be notified of this action.

Your right to erasure

You have the right to erase your personal information in certain circumstances.

Personal accounts: you have full access to your own personal information in your account. You can delete personal data that you have entered about yourself into your account, or your personal account anytime you like.

There are some conditions however, under which you cannot remove data about yourself and/or delete your account or you might want to rethink these actions, these are explained below.

Example 1: You have an association with an entity that is legally bound to keep personal data about you.

This entity is likely to be a national body or organization or some form of business that is obliged by national law to keep certain information about you. Such entities are subject to specific additional rules on top of the GDPR rules.

Example 2: You have entered into a transaction with a business to supply goods to you and the transaction is in progress, but not complete.

In such a case if you delete your account or deny access to the business, to, for example, your name and address. Then it is not in your interest to do this as the business will be unable to deliver to you the goods you have ordered without this information.

We cannot erase any personal information stored in your personal account about you. You are in control of your personal account and you alone have the access to do this task yourself.

Identity Bank Account Closures

This section explains the circumstances under which either personal or business account can be closed and what we do with personal data under these circumstances.

Personal accounts: There are two circumstances under which a personal account can be closed.

  1. If you decide to close your personal account.
    In this case we will inform your associated businesses of your decision and once all these businesses accept your decision, then the associations will be terminated.
  2. If we decide to close your personal account.
    We will close your personal account if you have no association with any Identity Bank businesses.

At this point there are no more associated businesses in your account, and your account will be erased from our storage systems within 30 days. If you associate a business during these 30 days then the account stays operational. After these 30 days you will have to create a new personal account.

Business accounts: Business account closures are bound under the terms and conditions entered into in the contract which you signed up to when you opened the business account.  

The personal data details (name, email and phone number) of the business account holder will be permanently deleted from our storage systems within 30 days after the account has been closed.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

We have explained below what processing we do on personal data that you provide to us.

Personal Accounts: we keep your name, email and phone number personal data and we use this information (process this data) as follows:

  • to open a personal account for you
  • to send notifications to your personal account that an issue needs your attention
  • to verify your identity in case of account access recovery

Business accounts: we keep the business account holder’s name, email and phone number personal data and we use this information (process this data) to administer your business account as follows:

  • to open a business account for your business
  • to send notifications to your business account that an issue needs your attention
  • to restore your account if it has been inadvertently deleted
  • to verify your identity in case of account access recovery

Furthermore, for both personal and business accounts:

  • We do not do any further processing on your personal data.
  • We do not share your personal data with any third parties.

Your right to data portability

You are in charge of your personal account. This means you get to decide what personal data gets transferred to, or accessed by, another business, not us. We will facilitate a transfer of your personal data into, out of, or within Identity Bank. Full Instructions can be found inside the portal on how to do this.

How to complain

If you are not happy over how we handle your personal data then please do contact us.

Our contact details

Name:  Identity Bank B.V.
Address:  Postbus 6676, 6503 GD, Nijmegen, Nederland
E-mail:  Use the form on our contact page or send an email direct to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

We sincerely hope we can resolve any personal data processing issues to your complete satisfaction.

If we cannot, or you wish to make a complaint, then you have a right to do this by contacting your national supervisory authority, contact details can be found here https://edpb.europa.eu/about-edpb/board/members_en, or the Dutch Data Protection Authority – Autoriteit Persoonsgegevens.

Cookies Policy

This policy can be found here: Cookies Policy.