Privacy Policy

Transparency in the management of personal data is a core value for Budget Insight.
We give priority to respecting privacy and we therefore apply the provisions of the French Data Protection Act no. 78-17 of 6 January 1978 in its current version and Regulation (EU) no. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such Personal Data (GDPR).

Budget Insight wants to process your data in a way that is transparent and clear, we have defined our personal data management policy in 6 points:

  1. 1. With Budget Insight, aggregating your bank accounts and bills and transferring money will be much easier.
  2. 2. Our business activities are authorised and supervised by the ACPR/Banque de France, which has granted us the mandatory and highly selective authorisation as a payment institution.
  3. 3. We also comply with the principles of the GDPR.
  4. 4. At Budget Insight, security measures are taken to keep your data confidential. Your data are stored and encrypted in France;
  5. 5. We do not transfer any of your data outside France.
  6. 6. We do not sell your data.

the processing of your personal data.
This privacy policy has a general scope and applies to all our services. Please refer to the service(s) for which you have given your consent.
We also undertake to pursue our efforts and to update this policy with a view to improving the security and management of your personal data. We therefore ask you to regularly consult any changes we may have made.
To learn more about our personal data security and management policy, please read the sections below:

About us

Budget Insight is a French payment institution authorised by the French Prudential Supervision and Resolution Authority (ACPR). Our main activity is the supply of account information services (Budgea Bank and Budgea Wealth) and payment initiation services (Budgea Pay).
We also offer an invoice aggregation service (Budgea Bill).

Presentation of Budget Insight’s policy

We have introduced internal procedures to protect all your data against misuse and any use that does not comply with the previously defined purpose of the processing.
We make IT security our priority and our teams are constantly focussed on ensuring maximum protection of your data.
To provide account information, payment initiation and invoice aggregation services, we work with other companies to host your data (OVH) or to encrypt and secure your bank identifiers (GEMALTO).
When selecting our partners, we ensure that they comply with the provisions of personal data protection legislation.
One crucial factor to us is that all your data are stored in France.

Personal data we may collect and purposes of processing

We undertake to only collect data that are adequate, relevant and strictly necessary for the purpose for which they are processed.
We process data for specified, explicit and legitimate purposes in accordance with Article 5 of the GDPR.

Service Purpose of processing Legal basis for processing your personal data Personal data collected Retention period
Budgea Bank Aggregate user payment account information (balances and transactions) Performance of a contract entered into with the end user (Article 6.1.b of the GDPR)
  • Bank Identifiers
  • Aggregated account balances and transactions
  • Other personal information available on the bank’s online space (IBAN, last name, given name, etc.)
Until the service is terminated
Budgea Wealth Aggregate information (balances and transactions) from the user’s accounts (other than payment accounts) Performance of a contract entered into with the end user (Article 6.1.b of the GDPR)
  • Bank Identifiers
  • Aggregated account balances and transactions
  • Other personal information available on the bank’s online space (IBAN, last name, given name, etc.)
Until the service is terminated
Budgea Pay Initiate account to account transfers Performance of a contract entered into with the end user (Article 6.1.b of the GDPR)
Legitimate interest of the third party e
  • Bank Identifiers
  • Aggregated account balances and transactions
  • Other personal information available on the bank’s online space (IBAN, last name, given name, etc.)
Until the service is terminated
Pursuant to legislation in force, the User is informed that any supporting documents requested are retained for a period of up to five (5) years after the end of the contractual relationship.
Budgea Bill Aggregate user Performance of a contract entered into with the end user (Article 6.1.b of the GDPR)
  • Login credentials
  • Invoices
  • Related metadata
  • Other personal information available on the online space
Until the service is terminated
Contact Budgea Respond effectively to queries from potential prospects Consent of the data subject
  • Data indicated
  • Email
  • Telephone if registered
  • Message Data
3 years after the last contact from the prospect

Your cookies

Professional websites use cookies, which are tiny files downloaded to your computer, to improve your experience. They only contribute to the proper functioning of the website.

Account-related cookies

If you create an account with us, we will use cookies to manage the registration process and general administration. These cookies will usually be deleted when you log out, but in some cases they may remain on your computer to retain your site preferences after logging out.

Use of cookies for the interface

We use cookies when you are logged in so that we remember this status. This saves you having to log in every time you visit a new page. These cookies are usually deleted or erased when you log out. This ensures that your interface can only access restricted features and areas when you are logged in.

Cookies used by third parties

In some specific cases, we also use cookies provided by trusted third parties. Our website uses Google Analytics, which is one of the most widely used and reliable analytics solutions on the web, to help us understand how you use the site and how we can improve your experience. These cookies can track information such as time spent on the website and the pages you visit so that we can continue to produce attractive content.
For more information about Google Analytics cookies, please visit the official Google Analytics website.
If you do not want any cookies to be stored, you can change your browser settings.

Your rights and choices

You have the following rights:

  • Right of access to all your data that we process;
  • Right of rectification in the event of inaccurate data;
  • Right to erasure ;
  • Right to object: You can object to us processing your data unless we are required to do so in the context of the contractual relationship we have with you, for any legal proceedings and if there are compelling and legitimate grounds for us to continue processing your data;
  • Right to data portability: You may ask to receive the data you provided to us in a machine-readable format if the processing of such data is necessary for the performance of the contract or if you have consented to it. You may exercise your rights by sending a request to the following email address: dpo@budget-insight.com, specifying the purpose of your request and enclosing a copy of your ID document;
  • Right to restrict processing of your data in accordance with Article 18 of the GDPR;
  • Right to provide instructions on the post-mortem processing of your data.

All requests must be clear, precise and justified, sent with a copy of an ID document and made in accordance with the applicable legal framework.

Data Subjects may lodge a complaint with the CNIL:
3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Tel : 01 53 73 22 22 / Fax : 01 53 73 22 00
or at www.cnil.fr/fr/plaintes ou www.cnil.fr.
Data Subjects are informed that if they object to the Processing or if they provide inaccurate or unreliable Data, it will not be possible to provide the services for which Data are collected, and the Data Controller shall not, under any circumstances, incur any liability in this respect.
The collection of certain Data may also be required for regulatory or contractual reasons. The data subject is therefore required to provide the Personal Data requested.

Transfer of your personal data

Our services do not involve any transfer of your personal data to third countries.
Any transfer of certain personal data to third parties is always carried out within a strictly defined framework, for a limited period and to trusted third parties. The collection and use of information by the third-party service that provides these functions are governed by the third party’s privacy policy and by a subcontracting agreement.
Because the confidentiality and integrity of your personal data are essential to maintaining your trust, we ensure their security and will take all reasonably necessary measures to ensure that your personal data are processed securely and in accordance with this personal data security and management policy.
The selected third parties to whom your personal data may be transferred are: our agents and partners, OVH for data hosting and GEMALTO for the encryption of your bank identifiers.
Finally, in the context of a request made by the competent public authorities, we may be required to disclose your personal data in order to fulfil our legal obligations.

Security

We shall take all necessary measures to ensure the security and confidentiality of personal data and particularly to prevent them from being damaged, erased or accessed by unauthorised third parties.
Furthermore, in the event of a security incident affecting your personal data (destruction, loss, alteration or disclosure), we shall take all necessary measures to remedy it.
If such a situation occurs, we will inform you and report the incident to the French Data Protection Authority.

Changes to our policy

Any significant changes we may make to our personal data security and management policy in future will be posted on this page before the change takes effect.
Please visit this page frequently to consult updates or changes to our personal data security and management policy. If you do not agree or consent to any such updates or changes, we ask that you no longer use our services.

Contacts

Questions, comments and requests regarding this privacy policy may be sent to dpo@budget-insight.com.