Welcome to the Open Bank Project Privacy Policy. This policy explains what personal information we (Open Bank Project/TESOBE GmbH) collect, how it is used and shared and what you can do with it. It applies to our web sites at https://www.openbankproject.com, www.tesobe.com and all related web sites, downloadable software, sandbox environments, API platform, mobile applications (including tablet applications), and other services provided by us and on which a link to this Privacy Policy is displayed, and all other communications with individuals though from written or oral means, such as email or phone (collectively, together with the Site, our “Service”).

1. Our Philosophy

  • Data Minimisation. We treat your privacy seriously. We only collect the minimum personal data necessary to provide our Service. We do not sell your information or will not share it with a third party without your prior consent.
  • Data Sovereignty. You own the content and data you provide to us. It’s yours, not ours, and you are entitled to access it, update it and ask us to delete it any time.
  • Privacy by design. Our Service, software and processes are designed with privacy in mind. We do not store your data longer than necessary and we make sure it’s easy to for you request a copy or to request that it be deleted.
  • Open by default. To the extent that we can, everything we do is in the open. We strive to put our source code and processes under open source licences, free for people to review. We will inform you should there be any changes in our rules.

2. What information do we collect?

We collect different types of information from or through the Service. The most common personal information we collect is your email address. We seldom ask for your name or address unless we need it to, for example, issue an invoice. The legal base for processing your personal data is primarily our legitimate interests. We may also process data upon your explicit consent (for instance when joining our newsletter).

2.1. Information collected automatically When you use our Service, we may automatically record certain information such as your IP address, web browser and/or device type. We also may use collect information regarding your interaction with email messages we send, such as whether you opened, clicked on, or forwarded a message sent to you. This helps us understand how to improve our site and services.

2.2. Information you provide We collect information you provide to us when you register details on our Services. We collect information in different ways including but not limited to :

  • When you sign up for our newsletter
  • When you register an account on Open Bank Project software, sandbox or one of the related applications developed by TESOBE
  • When you register for one of our events (e.g. a hackathon or conference)
  • When you send us a support query
  • When you would like to access some of the content we publish (e.g. Reports)
  • When meet face to face, by phone or on social media
  • When you apply for a job
  • When we do business with together, e.g. invoice, billing and payment details

2.3. Information provided by others
We collect information about you from other sources such as:
Our partners when they recommend you or include you in communications with us
Via social media accounts of another user if your settings permit it. For example, if you are someone’s friend on Facebook and haven’t restricted the availability of your data in a common feature/app that you both use.
Through publicly available information and online business networks, for example: LinkedIn

If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.

2.4. Minors
While people of all ages may access our Service, we do not intentionally collect information about people under 13 years old. You must be 13 years old or over to sign up or submit any personal information through our Service. If you believe a person under 13 years old has provided us with their personal information, or have any concerns regarding this aspect of our policy, please get in touch.

3. Intend use of Personal Information

We use personal information we collect to provide our services, to improve and optimise what we do, and to protect you and TESOBE GmbH. We may use this information to:

3.1. Operate. We use the collected information to operate, maintain, enhance and provide all features of the Service, to provide the services and information that you request, to respond to comments and questions and to provide support as well as to do business with you (e.g. issue an invoice) and comply with the law (e.g. tax & employment information)

3.2. Communicate. We may use your email address to get in touch. The reason may be:
To inform you about our latest news through our monthly newsletter
Invite you to events that we or our partners organises
Other Administrative tasks such as customer service, surveys or right of privacy violation
You have the ability to opt-out of receiving any promotional communications as described below under “Your Rights”.

We maintain a monthly newsletter sent the first weeks of the month to keep our community members informed about our latest development. To register for the newsletter, we require double opt-in. You can register via the Open Bank Project website or the form on http://eepurl.com/Mwl-1. The newsletter is managed through MailChimp.

3.3. Customise & Improve. We might use the collected information to understand and analyze traffic on our services in order to improve the overall experience, and to develop new products, services, feature, and functionality. We might use automatically collected information and other information collected on the Service through cookies and similar technologies to personalize our Service, e.g. to remember your login information so that you do not have to enter it again each time you log on. See our Cookie policy for further details.

4. To Whom We Disclose Information

  • We will not intentionally disclose your Personal information to any third party without your consent unless it is required by law.
  • We use third parties to process your information on our behalf, we may share personal data with these third parties but these services cannot share your data with anyone else (see more information in section 8 Third Party Access)
  • If TESOBE ceases trading, is acquired by or merged with another company, we will inform you in advance and give you the option of downloading and deleting your data.

5. Your Rights

5.1. Access, Update, Export & Deletion
If you wish to access or amend any Personal Data we hold about you, or to request that we delete, export or transfer any information about you, you may contact us as explained in the “How to Contact Us” section or email us with your request at mydata@tesobe.com. At your request, we will have any reference to you deleted or blocked in our database. It may take up to 10 days to process your request.

Please note that there are some records we are required to keep for other regulatory reasons, such as for finance, tax and employment purposes.

At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy as granted by applicable data protection laws has been infringed upon, please contact us at mydata@tesobe.com. You also have a right to lodge a complaint with data protection authorities.

5.2. Commercial Communication Opt-out
If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the “How to Contact Us” section.

6. Data Retention

We only retain the Personal Data collected from a User for as long as the User’s account is active or otherwise for only as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law. For instance, personal data collected via a sandbox or a newsletter are deleted when the end user request it. We regularly review our records to remove or anonymise data if it should no longer be retained. Logs on Open Bank Project sandboxes are erased every 3 months. Some records we are required to retain by law for certain lengths of time. These include data retained for tax and employment purposes.

7. Security

We follow industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data as per our information security policy (available on request).

Some of the security measures we use include firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through public internet.

However, we cannot guarantee the total security of any information you transmit to us or which you store on the Service, and you do so at your own risk. If we are informed of a data breach we will contact the relevant authorities and those affected within 72 hours of discovery. If you believe your Personal Data has been compromised, please contact us as explained in the “How to Contact Us” section.

8. Third Party Access

To be able to deliver our Service in an proper way, we use a number of third party services who process your data on our behalf. This is to achieve such tasks as the operation of our email, the hosting of this website and management of documents. We keep an up-to-date list of these third parties that we can share with you should you request it. Some of those third parties include: PipeDrive, MailChimp, Google and Slack.

These third party services are not permitted to share your data with anyone. Most of the websites and services we operate are hosted in Germany; where a company is not based in Germany or the European Economic Area (EEA), or where data may be transferred outside the EEA, we have put in place agreements such as a Privacy Shield to ensure that your data is processed as per applicable European law. All our Third Party partner are listed below with their place of operations.

9. Cookie Policy

We use automatically collected information and other information collected on the Service through cookies and similar technologies to manage sessions and personalize our Service, such as remembering a User’s or Visitor’s information so that the User or Visitor will not have to re-enter it during a visit or on subsequent visits. The cookies we collect are:

  • strictly necessary/essential cookies – These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for cannot be provided. These cookies don’t collect information that identifies you.
  • performance cookies – These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies you. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
  • functionality cookies – These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and to provide enhanced, more personalised features.

10. Changes to Privacy Policy

When we make changes to this policy we will inform registered users and our customers before changes take effect. The date at the bottom of this page will also be updated to reflect the effective date of any changes. We will also archive the older version of the policy.

11. How to Contact Us

TESOBE is the company behind the Open Bank Project. You can contact us via:
Osloer Strasse 16/17
D-13359 Berlin, Germany
Tel. (DE) :+49 (0)30 8145 3994
Twitter: @OpenBankProject
Emai: contact@tesobe.com

For any data privacy issue or query about this privacy policy, please email mydata@tesobe.com or you can contact Ismail Chaib, our Data Privacy Officer (DPO) at ismail@tesobe.com

Last update: May 23, 2018

Annex I – List of Sub-processors

TESOBE uses a range of third party Sub-processors to assist it in providing the Service (as described in the Privacy Policy). These Sub-processors set out below provide cloud hosting and storage services; content delivery and review services; assist in providing customer support; as well as incident tracking, response, diagnosis and resolution services.

Entity Name Entity Location
Amazon Germany
Eventbrite USA
GitHub USA
Google USA
Hetzner Germany
MailChimp USA
PipeDrive Estonia
Slack USA
VarioMedia Germany
Zendesk USA