Banque Travelex S.A. operating under the trade name Ditto Bank, is committed to protecting your privacy. Through this policy, Ditto Bank affirms its commitment to comply with legal obligations regarding the management of personal data and the respect for privacy.
Banque Travelex S.A., company registered in the commercial register of Paris companies under number 389 585 233, whose head office is located at 52 avenue des Champs-Elysées, 75008 Paris is responsible for the processing of your personal data. The purpose of this document is to inform you about how we use and protect your personal data, and about the reasons why we are processing this data.
1. What information do we collect about you?
We collect and use only the personal data that are necessary to our activity in order to offer you personalised and quality products and services. We may collect different types of personal data from you, including:
– Identification and contact information (surname, first name, place and date of birth, photo, identity card and passport numbers, gender, age)
– Contact information (postal and e-mail address, telephone number)
– Tax data (tax number, tax status, country of residence)
– Family status (marital status, matrimonial regime, number of children)
– Employment status (training, education, employment, employer’s name, compensation)
– Banking, financial and transaction information (bank details, card number, transaction data)
– Technical identification and authentication data, particularly when using the services through our application or the online site (technical logs, computer traces, information on the security and use of the terminal, IP address)
– Data related to the use of products and services subscribed in connection with banking, financial and transaction data
– Data relating to interactions with us from our website, on our application, on social networks, during phone calls and in emails
– Location data (locations of withdrawals, payments and use of your mobile application for security and fraud reasons)
– Data needed to fight money laundering and terrorist financing
– Data needed to fight over-indebtedness We may collect sensitive data with your explicit consent.
We may collect personal data about you even if you are not a Ditto Bank customer. The non-customers from whom we may collect information are prospects, guarantors, agents, legal representatives, corporate officers, beneficial owners and shareholders of a client legal entity, contractors or beneficiaries during transactions carried out in connection with a Ditto Bank customer.
2. How do we get the information?
The data we use may be collected from the following sources:
– For the most part, directly from you
– Publications, databases made accessible by official authorities
– Websites, social networking pages containing information that you have made public or made public by third parties.
3. Why do we use your information?
3.1. Purposes for which we will use your personal data
We use your information for the following purposes:
– To comply with our legal and regulatory obligations such as fighting against money laundering and terrorist financing, fighting against tax fraud, complying with banking and financial regulations and responding to official requests from duly authorised public or judicial authorities
– To execute a contract with you or give you pre-contractual information in order to provide you with information about our products and services, assist you with subscription requests or during the subscription to our service offer and in the context of customer relationship management
– To serve our legitimate interests in order to set up and develop our products or services, guarantee network and information security, optimise our risk management and defend our interests in court, including for the purposes of proof of transactions or operations, prevention of fraud and abuse, collection, recording of phone calls, transmission of personal data within the group for administrative purposes and personalisation of commercial offers by improving the quality of banking products or services and by offering you products or services corresponding to your situation and profile
We will only use your personal information for the purposes for which it was collected, unless we need to use it for another purpose and that purpose is consistent with the original purpose. In the event that we need to use your personal information for other purposes, we will inform you and explain the legal basis for doing so.
3.2. Commercial proposals
Business proposals can be made through lead and customer segmentation, analysis of your habits and preferences across different channels to get an idea of what we think you want or need, or what may interest you. This is how we decide which products, services and offers may be relevant to you.
The use of your personal data for our commercial communications serves our legitimate interests. You will receive marketing communications from us if you are registered or if you use Ditto Bank services.
We want to be clear about how we use your information and you can opt-out of receiving marketing communications from us at any time.
3.3. The consent
For specific processing, we may use your personal data, only with your explicit consent. You will be informed before giving your consent and you can easily withdraw your consent at any time.We will obtain your express consent if we share your personal data with any company outside the Finablr group for marketing or promotional purposes.Currently, we do not make decisions that can have a significant impact on you, based solely on automated decisions. If the situation changes, we will inform you about it. You can ask us to stop sending you marketing messages at any time.
4. How do we use your information?
We may share your personal information with:
– Service providers and subcontractors performing services on our behalf
– Commercial and banking partners
– Some regulated professions such as lawyers and auditors
– Judicial financial authorities or State agencies, public bodies on request and within the limits permitted by regulations
– The entities of the Finablr group
5. Do we transfer your information to other countries?
We ensure that all data is processed with the same security standards regardless of destination, in accordance with our regulatory and legal standards, policies and obligations.
The data we collect from you is mainly transferred to countries in the European Union (EU) or the European Economic Area (EEA). The European Commission recognises that these countries have a level of protection that is equivalent and compliant with the regulations.
We may use online systems to collect and use your information, which implies the data transmission and storage on an international basis and sometimes outside the European Union and the European Economic Area. If necessary, we ensure that security measures and safeguards are in place to protect your information and to ensure that all transfers of your information comply with applicable data protection law and are carried out in accordance with our instructions. If the level of protection has not been recognised as equivalent by the European Commission, we rely either on a derogation applicable to the situation (for example: in the event of international payments, the transfer is necessary for the performance of the contract), or on the implementation of one of the appropriate guarantees to ensure the protection of your personal data.
6. How long do we keep your information?
We retain your personal data for as long as necessary to comply with applicable legal and regulatory provisions or for another period as operational constraints require.
When we establish the retention period for personal information, we consider the amount, nature, and sensitivity of personal information, the potential risks of harm from unauthorized use or disclosure of your personal information, the purpose for which we use your personal information and whether we might achieve those purposes by other means, and applicable legal requirements.
In order not to keep your information longer than strictly necessary, when it comes to customers, the majority of the information is kept for the duration of the contractual relationship and for 10 years after the end of the contractual relationship; when it comes to prospects, the information is kept 3 years from the time it was collected or our last contact with you.
In some cases, we may make your personal information anonymous so that it can no longer be associated with you.
7. How do we ensure the security of your information?
We have put in place appropriate security measures to prevent accidental loss, use or unauthorized access, modification or disclosure of personal information.
We also have procedures in place to deal with any suspected breach of data security and will notify you and any applicable regulatory body of an alleged breach when we are legally required to do so.
8. What are your rights?
In accordance with applicable data protection regulations, you have a number of rights regarding the use of your personal data:
– The right to information: You have the right to access clear, transparent and easily understandable information about how we use your information.
– The right of access: you can obtain information concerning the processing of your personal data as well as a copy of these personal data
– The right of rectification: if you consider that your personal data is inaccurate or incomplete, you can demand that this personal data be corrected accordingly
– The right to erasure: also known as the “right to forget”, you can request that your personal data be erased to the extent permitted by the regulations
– The right to limit processing: you have the right to ask to restrict or limit the processing of your personal data
– The right of opposition: you can object to the processing of your personal data, for reasons related to your particular situation. You have the absolute right to object to the processing of your personal data for commercial prospecting purposes, including profiling related to such prospecting.
– The right to the portability of your data: when this right is applicable, you have the right to retrieve the personal data you have provided to us in a commonly used and readable electronic format.
– The right to withdraw your consent: if you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time.
We try to respond to all requests within one month of receipt. If your application is particularly complex or if you have made a number of applications, this period may be extended by two months. In this case, we will inform you about it.In accordance with applicable regulations, you have the right to file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) in France (www.cnil.fr).
We will notify you of any material changes through our site or through our regular communications channels.
11. How to contact us?
– By post: Ditto Bank –Service Clients, 52 avenue des Champs-Elysées, 75008 Paris, France
– By phone: 01 85 74 17 41 Monday to Saturday from 8am to 10pm.
– By email: firstname.lastname@example.org
– From the Ditto Bank app