Transparency in the management of personal data is a core value for Budget Insight.
We attach the utmost importance to the respect of privacy and in this sense, we apply the provisions of the Data Protection Act No. 78-17 of January 6, 1978 in its current version and Regulation (EU) No. 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such Personal Data (the RGPD).
With Budget Insight, aggregating your bank accounts, bills and transfers will become much easier;
Our activities are authorized and controlled by the ACPR/Banque de France, which has given us the mandatory and very selective approval as a payment institution;
We also comply with the principles of the GDPR;
At Budget Insight, security measures are in place to ensure the confidentiality of your data. Your data is stored and encrypted in France;
We do not sell your data.
Therefore, we invite you to read the following carefully to understand our practices regarding the treatment of your personal data.
We are also committed to continuing our efforts to improve the security and management of your personal data. In this respect, we invite you to regularly inform yourself of any changes that may have been made.
Who are we?
Budget Insight is a French payment institution approved by the Autorité de Contrôle Prudentiel et de Résolution (ACPR) whose main activity is the provision of banking and financial services, and invoice aggregation.
Budget Insight Policy Overview
Computer security is our priority, our teams are permanently mobilized to ensure maximum protection of your data.
Budget Insight takes the necessary technical, physical and organizational measures, taking into account the nature of the personal data and the risks presented by the processing, to safeguard the security of the personal data and to prevent it from being distorted, damaged or accessed by unauthorized third parties.
We have put in place internal procedures to protect all of your data from misuse or from being used for purposes other than those for which it was collected.
Outsourcing at Budget Insight
To provide our services, we work with other companies.
When choosing our partners, we make sure that they offer guarantees in terms of quality, security, reliability and resources to ensure the implementation of technical and organizational measures, including security of processing.
We have a Data Processing Agreement with all our subcontractors. Where necessary, we sign Standard Contractual Clauses (SCC) and ensure that additional measures have been put in place.
Finally, in the context of a request made by the competent public authorities, we may be required to communicate your personal data in order to comply with our legal obligations.
Personal data we may collect and purposes of processing
We are committed to collecting only the data that is adequate, relevant and strictly necessary for our business to enable us to offer you appropriate products and/or services.
In order to be able to enter into a relationship, you provide us with a certain amount of information about yourself:
- Login information from your bank
- Security token
You acknowledge that Budget Insight has the ability to act on your behalf to access and transmit your information from any financial product and service providers, and/or billers who hold data.
We may collect in the course of providing our service:
- Bank Identifiers
- Aggregate account balances and transactions
- Other personal information present on the online space of the bank (IBAN, name, first name, …)
- Details of the initiated transfer
- Possible supporting documents in accordance with our legal obligations in the fight against money laundering and terrorist financing
- Login credentials
- Related metadata
- Other personal information on the online space
Data may be collected directly from you or indirectly from outside sources such as:
- Publications or databases such as the Official Journal, the Official Bulletin of Civil and Commercial Announcements
- Anti-fraud agencies
- The use of prospect files
- Databases made publicly accessible by third parties.
Finally, we may learn about personal data of people who are not direct customers of Budget Insight. Examples (non-exhaustive list):
- Legal representatives of legal entities or natural persons such as minors or protected adults
- Persons carrying out transactions with our clients with you or on your behalf (notary, lawyer, chartered accountant…)
Duration of data retention
This information is kept until the purpose is achieved. Unless otherwise provided by law, this means that the deletion of your account on the platform allowing you to access our services, leads to the deletion of all your information in our databases.
Purposes and legal bases of the processing
Our processing operations are carried out for an explicit, legitimate and specific purpose in accordance with Article 5 of the GDPR.
- To comply with our legal and regulatory obligations such as:
- Customer knowledge,
- The fight against money laundering and the financing of terrorism,
- Official requests from duly authorized public or judicial authorities.
- To take pre-contractual steps, to conclude and execute contracts concluded with you and in particular to :
- Present the characteristics of the products and services,
- To establish the contract and manage the relationship between you and us for the provision of banking and financial services
- To manage and execute our services under the products and services to which you have subscribed such as payment operations (transfers…).
- To pursue the legitimate interests of Budget Insight and to respect your fundamental rights and freedoms
The legal bases on which we rely to carry out the processing depends on the context in which the processing takes place (collection, hosting, deletion). The most frequent legal bases are the following
- Compliance with contractual or pre-contractual obligations with you
- Compliance with legal obligations under applicable laws;
- Necessities related to our legitimate interests within the limits of the protection of your fundamental rights and freedoms; and
- Your consent can be withdrawn at any time
Your rights and choices
You have the following rights:
- Right of access to all data concerning you that is processed by us;
- Right of rectification in case of erroneous data;
- Right to erasure;
- Right to object: You may object to our processing of your data except where we are required to do so in connection with our contractual relationship with you, for possible legal proceedings and where there are compelling legitimate grounds for us to continue processing your data;
- Right to portability of your data: You may request to receive in a machine-readable format the data provided to us if the processing of such data is necessary for the performance of the contract or if you have consented to it. You can exercise your rights by sending a request to the following e-mail address: firstname.lastname@example.org, specifying the subject of your request and enclosing a copy of your identity card;
- Right to limit the processing of your data in accordance with Article 18 of the GDPR;
- Right of communication of instructions on data processing in case of death.
All requests must be clear, precise and justified, accompanied by a copy of an identity document and made in accordance with the applicable legal framework.
The Data Subject is hereby informed that if he/she objects to the Processing or if he/she submits erroneous or fictitious Data, the services related to the collection of the Data cannot be rendered, and the Data Processor shall not be held liable in any way for this.
In addition, the collection of certain Data may be imposed for a regulatory or contractual reason. The person concerned is thus required to provide the Personal Data requested.
We undertake to take all necessary measures to ensure the security and confidentiality of personal data and in particular to prevent them from being damaged, deleted or accessed by unauthorized third parties.
Furthermore, in the event of a security incident affecting your personal data (destruction, loss, alteration or disclosure), we undertake to take all necessary measures to remedy the situation.
In the event of such a situation, we will inform you and report the incident to the Commission Nationale de l’Informatique et des Libertés.
Changes to our policy