Transparency in the management of personal data is a core value for Budget Insight.
We give priority to respecting privacy and we therefore apply the provisions of the French Data Protection Act no. 78-17 of 6 January 1978 in its current version and Regulation (EU) no. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such Personal Data (GDPR).
- 1. With Budget Insight, aggregating your bank accounts and bills and transferring money will be much easier.
- 2. Our business activities are authorised and supervised by the ACPR/Banque de France, which has granted us the mandatory and highly selective authorisation as a payment institution.
- 3. We also comply with the principles of the GDPR.
- 4. At Budget Insight, security measures are taken to keep your data confidential. Your data are stored and encrypted in France;
- 5. We do not transfer any of your data outside France.
- 6. We do not sell your data.
the processing of your personal data.
We also undertake to pursue our efforts and to update this policy with a view to improving the security and management of your personal data. We therefore ask you to regularly consult any changes we may have made.
To learn more about our personal data security and management policy, please read the sections below:
Budget Insight is a French payment institution authorised by the French Prudential Supervision and Resolution Authority (ACPR). Our main activity is the supply of account information services (Budgea Bank and Budgea Wealth) and payment initiation services (Budgea Pay).
We also offer an invoice aggregation service (Budgea Bill).
Presentation of Budget Insight’s policy
We have introduced internal procedures to protect all your data against misuse and any use that does not comply with the previously defined purpose of the processing.
We make IT security our priority and our teams are constantly focussed on ensuring maximum protection of your data.
To provide account information, payment initiation and invoice aggregation services, we work with other companies to host your data (OVH) or to encrypt and secure your bank identifiers (GEMALTO).
When selecting our partners, we ensure that they comply with the provisions of personal data protection legislation.
One crucial factor to us is that all your data are stored in France.
Personal data we may collect and purposes of processing
We undertake to only collect data that are adequate, relevant and strictly necessary for the purpose for which they are processed.
We process data for specified, explicit and legitimate purposes in accordance with Article 5 of the GDPR.
|Service||Purpose of processing||Legal basis for processing your personal data||Personal data collected||Retention period|
|Budgea Bank||Aggregate user payment account information (balances and transactions)||Performance of a contract entered into with the end user (Article 6.1.b of the GDPR)||
||Until the service is terminated|
|Budgea Wealth||Aggregate information (balances and transactions) from the user’s accounts (other than payment accounts)||Performance of a contract entered into with the end user (Article 6.1.b of the GDPR)||
||Until the service is terminated|
|Budgea Pay||Initiate account to account transfers||Performance of a contract entered into with the end user (Article 6.1.b of the GDPR)
Legitimate interest of the third party e
||Until the service is terminated
Pursuant to legislation in force, the User is informed that any supporting documents requested are retained for a period of up to five (5) years after the end of the contractual relationship.
|Budgea Bill||Aggregate user||Performance of a contract entered into with the end user (Article 6.1.b of the GDPR)||
||Until the service is terminated|
|Contact Budgea||Respond effectively to queries from potential prospects||Consent of the data subject||
||3 years after the last contact from the prospect|
Cookies used by third parties
For more information about Google Analytics cookies, please visit the official Google Analytics website.
If you do not want any cookies to be stored, you can change your browser settings.
Your rights and choices
You have the following rights:
- Right of access to all your data that we process;
- Right of rectification in the event of inaccurate data;
- Right to erasure ;
- Right to object: You can object to us processing your data unless we are required to do so in the context of the contractual relationship we have with you, for any legal proceedings and if there are compelling and legitimate grounds for us to continue processing your data;
- Right to data portability: You may ask to receive the data you provided to us in a machine-readable format if the processing of such data is necessary for the performance of the contract or if you have consented to it. You may exercise your rights by sending a request to the following email address: firstname.lastname@example.org, specifying the purpose of your request and enclosing a copy of your ID document;
- Right to restrict processing of your data in accordance with Article 18 of the GDPR;
- Right to provide instructions on the post-mortem processing of your data.
All requests must be clear, precise and justified, sent with a copy of an ID document and made in accordance with the applicable legal framework.
Data Subjects may lodge a complaint with the CNIL:
3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Tel : 01 53 73 22 22 / Fax : 01 53 73 22 00
or at www.cnil.fr/fr/plaintes ou www.cnil.fr.
Data Subjects are informed that if they object to the Processing or if they provide inaccurate or unreliable Data, it will not be possible to provide the services for which Data are collected, and the Data Controller shall not, under any circumstances, incur any liability in this respect.
The collection of certain Data may also be required for regulatory or contractual reasons. The data subject is therefore required to provide the Personal Data requested.
Transfer of your personal data
Our services do not involve any transfer of your personal data to third countries.
Because the confidentiality and integrity of your personal data are essential to maintaining your trust, we ensure their security and will take all reasonably necessary measures to ensure that your personal data are processed securely and in accordance with this personal data security and management policy.
The selected third parties to whom your personal data may be transferred are: our agents and partners, OVH for data hosting and GEMALTO for the encryption of your bank identifiers.
Finally, in the context of a request made by the competent public authorities, we may be required to disclose your personal data in order to fulfil our legal obligations.
We shall take all necessary measures to ensure the security and confidentiality of personal data and particularly to prevent them from being damaged, erased or accessed by unauthorised third parties.
Furthermore, in the event of a security incident affecting your personal data (destruction, loss, alteration or disclosure), we shall take all necessary measures to remedy it.
If such a situation occurs, we will inform you and report the incident to the French Data Protection Authority.
Changes to our policy
Any significant changes we may make to our personal data security and management policy in future will be posted on this page before the change takes effect.
Please visit this page frequently to consult updates or changes to our personal data security and management policy. If you do not agree or consent to any such updates or changes, we ask that you no longer use our services.