Privacy Notice for this Website and the Developer Portal

General

This notice explains how ExtHand sprl/bvba (“ExtHand”), with offices at Av. Arnaud FraiteurLaan 15-23 A29, B1050 Brussels, +32 475 635 579 processes personal data we collect from you through our website and developer portal.

The developer portal is a dedicated website that allows users to register to test and use BankingSDK.

Information We collect

When you use the developer portal, we collect the following types of personal data about you:
a. Identification data: your name, email address, phone number and IP address;
b. Data relating to security: passwords, security logs, connection and activity logs, and the user agent of your web browser;

When you contact us through our website, we collect the following types of personal data about you:
a. Identification data: your name, email address, phone number and IP address;
b. Data relating to security: security logs, connection and activity logs, and the user agent of your web browser;

When you use or purchase a service from us or request information about our services, we collect the following types of personal data about you:
a. Identification data: your name and title, address, phone number, email address and information about your company;
b. We also collect all emails sent from and to you.

Cookies

We use cookies on our websites to improve your user experience and, where you consent to it, to know you better.
A cookie is a small text file that is downloaded onto your computer or smartphone when you access a website. It allows the website to recognize that computer or smartphone and store some information about your preferences or past actions.
We use three types of cookies on our websites:
1. Essential cookies: these cookies are required for the websites to function properly and to provide you with the services you are requesting. You may block and delete these cookies using your web browser parameters, but this may prevent the websites to function properly.
2. Analytics cookies: these cookies are used to measure the number of unique visitors of our websites and the number of pages viewed. You may block and delete these cookies using your web browser parameters.
3. Advertising cookies: these cookies are placed only after we have received your consent. They are used to get to know you better and to offer you advertising that suits you better.

The following cookies may be placed by our website, depending on your web browser parameters and given consent:

_ga Analytics | Google analytics anonymous visitor counting 2 years
_gat Analytics | Google analytics anonymous visitor counting Until the end of the brower's session
_gid Analytics | Google analytics anonymous visitor counting 1 day

Processing purposes

Your personal data is processed for the following purposes:
a. Where it is necessary for the performance of a contract between you and us or in order to take steps, at your request, to enter into a contract:
i. To allow users to register for the test and use of BankingSDK (through the developer portal);
ii. To provide the necessary input information to you in support of the execution of your critical business processes;
iii. To allow BankingSDK’s application administrators to configure and control the execution of the services, when you purchase a service from us.

b. Where you have given your consent, by accepting the cookies on our website:
i. To allow us to track precisely the information on the unique number of visitors, their sessions and the relevant timestamps.

c. Where necessary for our legitimate interests, as listed below, and where not overridden by your data protection rights:
i. To keep trace of BankingSDK’s business relationships with you, as our existing or prospect customer.
ii. To improve the services we provide by identifying, e.g. trends, recurrent issues, customer behaviors, through your use of our services.

For these purposes, we have conducted a balancing test, as the law requires, and have determined that, considering the limited personal data collected, the processing performed and your reasonable expectations, our legitimate interest in conducting this processing is not overridden by your interests or fundamental rights and freedoms.

d. Where it is necessary for us to comply with our legal obligations, such as reporting crime or crime intent or tax reporting.

Disclosure and Transfer of personal data

In order to deliver our service to you and for the above purposes, we need to share your personal data with:
a. ExtHand personnel with access on a “need to know” basis and to contractors who have signed a confidentiality agreement with us.

b. Third party processors, located in the European Economic Area, who support us in the processing of your personal data only on our instructions and who are subject to appropriate confidentiality clauses:
i. Microsoft, Azure Services.
ii. SendInBlue.

c. Third party processors located in the United States of America, who support us in the processing of your personal data only on our instructions and who are subject to appropriate confidentiality clauses:
i. Google Analytics, which provides us with simple statistics on the number of unique visitors on our website.

These third party processors are all part of the Privacy Shield, which is a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States.

d. Government institutions or regulatory bodies in compliance with our reporting obligations.

Data Security and Retention

Your personal data is and will be kept strictly confidential.
We take all reasonable steps to protect your personal data. This includes setting up processes and procedures to minimize the unauthorized access to, or disclosure of your personal data. We ensure that the third parties we share your personal data with also have adequate security measures in place.

We will store your personal data for as long as it is necessary to achieve the purposes defined in section 4 (Processing Purposes), with maximum retention periods as defined below:
a. Data collected when you use the developer portal will be kept for the duration of your contract with us.
b. Data collected when you contact us through our website will be kept for 10 years, when required by the Belgian Anti-Money Laundering (AML) regulation.
c. Data collected when you purchase services from us will be kept for 10 years after the end of the contract, as required by Belgian law.
d. Data collected when you request information about our services will be kept for 3 years or until you require us to delete your data.
e. Technical logs will be kept for a maximum of 60 days.

Automated decision-making and profiling

No automated decisions will be taken about you as part of the processing described in this notice.
A profile of your behavior when you use our website will be created if you accept our advertising cookies to be placed on your computer.

Your rights

You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provided us in a structured, machine-readable format. In addition, you can object to the processing of your personal data in some circumstances (when we do not have to process your personal data to meet a contractual or other legal requirement).
Where we have asked for your consent, you may withdraw this consent at any time; however, this will not affect processing that have already taken place before the withdrawal. You may withdraw your consent by deleting the cookies linked to our domain.
You may exercise the above-mentioned rights by contacting us as described in the “Contact us” section below.

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information that we are required to keep by law or that we have a compelling legitimate interest to keep.
If you have unresolved concerns, you have the right to complain to the Data Protection Authority: https://www.dataprotectionauthority.be/

Contact us

If you have any questions about this Privacy Notice or wish to contact us for any reasons in relation to the processing of your personal data, please contact our Data Protection Officer at BankingSDK, Jean-Gabriel Debaille, by sending an email to info@BankingSDK.com, or by sending a dated and signed request to ExtHand sprl/bvba, Av. Arnaud FraiteurLaan 15-23 A29, B1050-Brussels, Belgium.

Updates to this Privacy Notice

We reserve the right to modify this notice at any time but will in any case do so in accordance with the applicable laws and regulations. We will inform you by email, when possible, of any substantial changes to this notice. This notice was last modified and revised on the 1st November 2019.