Reibanq Money
Privacy Policy
Privacy Policy
This privacy policy (hereinafter – the “Privacy Policy”) is meant to inform how Reibanq Ltd, Reibanq Holding B.V. and its subsidiaries (hereinafter – “the Company” or “Reibanq” or “we” or “us”) collects, stores, and processes personal data.
Your personal data is processed in accordance with Canadian, Internationa and EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation; hereinafter – “the Regulation”), and other legislation governing the protection of personal data.
We have a legitimate interest in detecting and preventing abuse of our service, and we also have a legitimate interest in improving our service and tailoring it to your needs.
Respecting your privacy and the protection of your personal data, the Company shall make every effort to ensure the security and confidentiality of your personal data and other information processed by us.
We have a legitimate interest in detecting and preventing abuse of our service, and we also have a legitimate interest in improving our service and tailoring it to your needs.
Respecting your privacy and the protection of your personal data, the Company shall make every effort to ensure the security and confidentiality of your personal data and other information processed by us.
Furthermore, based on Article 25 of the GDPR, the Company engages with the concepts of Data Protection by Design and by Default. This means that the Company by design protects the rights of its users through data protection principles (such as data minimization), as well as by Default ensuring that the data collected has necessary purposes behind it.
The Company reserves the right to change the provisions of the Privacy Policy at its own discretion. Changes to the Privacy Policy shall enter into force from the day of their publication on the Website. If these changes are minor or structural, they will go into effect without any prior notice, and the duty to be informed shall fall upon you. However, if the changes are substantial or material, the Company shall make sure that its users are updated accordingly, and where necessary, the Company shall seek consent regarding the new policy.
What data do we collect and how is it collected?
According to Article 4 of the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
In processing your personal data, the Company adheres to the following principles of personal data processing:
- Your personal data is only processed to the extent necessary to achieve the corresponding clearly defined and legitimate purposes, taking the protection of your privacy into account;
- Your personal data is processed accurately, fairly, and lawfully and processed only for purposes that are consistent with the purposes stated before your personal data were collected;
- The Company processes your personal data strictly in accordance with the clear and transparent requirements for the processing of personal data established by legislation;
- Your personal data is processed in such a form that makes it possible to establish your identity for no longer than is necessary for the purposes for which the personal data are being processed;
- In processing your personal data, appropriate technical and organisational measures are used in order to ensure the protection of personal data, including protection against unlawful data processing and against accidental loss, destruction, and damage.
Personal data processed by submitting an application.
When you decide to apply for funding, based on Article 6(1)(b) of the GDPR, in order to provide you with our services, the Company (depending on the jurisdiction) can and may ask you to provide your personal data: enterprise name, your full name, date of birth, residential address, copy of an ID, passport, driving license, photo, video, company name, telephone number, e-mail address, buyer, requested amount of funding, invoice payment term, your comments, and potentially other types of data (such as the Ultimate Beneficial Owner).
The aforementioned personal data are collected to contact you regarding the possible conclusion of an invoice financing agreement and/or to take the first steps to conclude the agreement.
Additionally, with respect to Article 6(1)(c), the data collected may be retained for legal obligations and risk assessment, such as compliance to money laundering and fraud-related legislation, KYC (Know Your Customer)/AML (Anti-Money Laundering) checks, Audit, Accounting, sanctions, etc.
The collected data can be disclosed to other parties to the extent required for the performance of agreements concluded by and between such third parties and the Company.
Furthermore, for those purposes, the Company shall not only process personal data provided by the Seller, but also collect and process personal data from any third-party sources, which may include credit reference agencies, financial crime, and terrorism databases, and any other public register.
In order to determine the retention period for the personal data specified during your reservation, the Company applies criteria that are in line with the obligations specified in legislation and also takes your rights into account, e.g., the Company sets a personal data retention period during which requirements relating to the performance of the agreement may be provided if any should arise. For example, the retention period for AML related data is 5 years, which is the same as the statute of limitations for criminal activity.
Additionally, with respect to Article 6(1)(c), the data collected may be retained for legal obligations and risk assessment, such as compliance to money laundering and fraud-related legislation, KYC (Know Your Customer)/AML (Anti-Money Laundering) checks, Audit, Accounting, sanctions, etc.
The collected data can be disclosed to other parties to the extent required for the performance of agreements concluded by and between such third parties and the Company.
Furthermore, for those purposes, the Company shall not only process personal data provided by the Seller, but also collect and process personal data from any third-party sources, which may include credit reference agencies, financial crime, and terrorism databases, and any other public register.
In order to determine the retention period for the personal data specified during your reservation, the Company applies criteria that are in line with the obligations specified in legislation and also takes your rights into account, e.g., the Company sets a personal data retention period during which requirements relating to the performance of the agreement may be provided if any should arise. For example, the retention period for AML related data is 5 years, which is the same as the statute of limitations for criminal activity.
Personal data processed for the purpose of providing information to you.
If you would like to contact and receive additional information, you can do this by submitting an inquiry on the Company’s Website and indicating your name, company name, telephone number, and e-mail address so that the Company knows what address to provide you with the requested information.
Your personal data processed for this purpose will be stored at the Company for as long as it takes to properly analyse the information you provided and answer the questions that concern you.
Who is your personal data provided to?
Based on Article 6(1)(b) of the GDPR, in order to ensure uninterrupted Company operations and the proper provision of services, the Company may disclose your personal data to its partners, customer service, accounting, and marketing and to third parties that provide services to the Company including marketing companies, information technology service providers, entities screening KYC/AML-checks, audit, accounting, legal and debt recovery services and other parties to the extent required for the performance of agreements concluded by and between such third parties and the Company if this is reasonably necessary to achieve the purposes stated in this Privacy Policy. In this case, the Company shall take appropriate measures to ensure that the assisting data processors only process the personal data entrusted to them for the purposes specified by the Company, perform the actions that the Company has instructed them to complete, and ensure appropriate organizational and technical personal data protection measures. Personal data provided to or obtained from third-party sources by the Company may be transferred to or stored in a geographic region that imposes different privacy obligations than your country of origin.
The Company does not currently transfer your data to third parties for marketing-related services. If the Company starts transferring data to third parties, this will constitute a material change to the privacy policy and you (the user) will be duly notified and updated.
The Company has the right to transfer your processed personal data to state institutions and bodies to properly implement legislative requirements. Additionally, your personal data may be transferred to persons providing legal services when these personal data must be disclosed to establish, implement or defend the Company’s rights and legitimate interests.
The Company has the right to transfer your processed personal data to state institutions and bodies to properly implement legislative requirements. Additionally, your personal data may be transferred to persons providing legal services when these personal data must be disclosed to establish, implement or defend the Company’s rights and legitimate interests.
Your rights and opt-out.
As the data subject, you have the right:
- to know (be informed) about the processing of your personal data;
- to receive information on which personal data have been collected and from which sources, for what purpose they are being processed, and to which data recipients they are being or were provided;
- to demand that your personal data being processed be rectified if the data is inaccurate and/or incomplete;
- to demand that your personal data be destroyed or that the processing of your personal data be suspended;
- to demand restriction to the processing of your personal data and/or to object to processing;
- to receive the personal data related to you which you have provided to the Company in a structured, commonly used, and machine-readable format, and to forward said data to another data controller, or demand that the Company forward this personal data directly to another data controller where this is technically possible (right to data portability).
The Company does not carry out profiling of your personal data, which may have legal consequences for you or may have a major impact on you, but in providing customised marketing offers and market research, you may be assigned to a relevant customer category. In light of this, you have the right to obtain human intervention, to express your point of view, and to challenge the decision.
If you have agreed to receive marketing, you may always opt-out at a later date.
You have the right at any time to stop the Company from contacting you for marketing or research purposes.
You have the right at any time to stop the Company from contacting you for marketing or research purposes.
If you intend to exercise your rights, you can contact the Company by e-mail.
Please note that when exercising your rights, you must properly verify your identity. Therefore, if you intend to send a request to the Company, you must confirm your identity, in the procedure established by legislation, by electronic means of communication that make it possible to identify you.
The Company will provide you with the requested information free of charge within one month, but if the requests you send are clearly unsubstantiated or disproportionate, in particular, due to their repetitive content, the Company is entitled to charge a reasonable fee, taking into account the administrative costs of providing the information or of the notifications or actions you request, or to refuse to take action according to the request.
If you believe that the Company is not processing your personal data correctly or is improperly implementing or not implementing your rights, you should first contact the Company; the Company is ready to work with you to clear up any problems. If you are not satisfied with the Company’s response, you are also entitled to file a complaint with the national supervisory authority.
Please note that when exercising your rights, you must properly verify your identity. Therefore, if you intend to send a request to the Company, you must confirm your identity, in the procedure established by legislation, by electronic means of communication that make it possible to identify you.
The Company will provide you with the requested information free of charge within one month, but if the requests you send are clearly unsubstantiated or disproportionate, in particular, due to their repetitive content, the Company is entitled to charge a reasonable fee, taking into account the administrative costs of providing the information or of the notifications or actions you request, or to refuse to take action according to the request.
If you believe that the Company is not processing your personal data correctly or is improperly implementing or not implementing your rights, you should first contact the Company; the Company is ready to work with you to clear up any problems. If you are not satisfied with the Company’s response, you are also entitled to file a complaint with the national supervisory authority.
What are your duties and responsibility?
By using the services provided by the Company, you assume full responsibility for the correctness and accuracy of the personal data you provide. By submitting personal data (e.g. by completing an application form), you assume full responsibility for the lawfulness of the submission of your personal data.
If there are changes to the personal data or other related information that you have provided, you are required to update us accordingly.
If there is incorrect data collected, we have the right to restrict/terminate the services relationship.
How does the Company take care of the security of your personal data?
The Company uses appropriate organisational and technical personal data protection measures to protect your personal data from an accidental or unlawful destruction, damage, alteration, and any other unlawful actions. These measures are selected, taking into account the risks to your rights and freedoms as the data subject.
In this case, the Company ensures strict access control to the personal data processed, only giving access to the Company employees for whom the personal data are necessary to perform their job, and monitoring how the access granted is used. The Company protects access to personal data with passwords of the appropriate level and concludes confidentiality agreements with the individuals who have access to your personal data.
Furthermore, the Company uses a safe cloud-hosted architecture, meaning there are no servers run by us. Access to our various databases (e.g., for software development or keeping registries) is limited to our development team. Specific tasks are restricted to specific departments; for example, the data gathered by cookies is only disposable to the Marketing Department. Furthermore, when possible, the Company uses pseudonymization of personal data and encryption of hard-drives, which is practiced throughout the entire Company. The Company provides online security as well, such as our Website has an SSL security certificate. There is a password policy in place, which protects the data and computers from foreign bodies, as well as the regular checks and backups to ensure recoverability. Lastly, we have annual reviews on our policies and activity with regards to privacy and data.
In this case, the Company ensures strict access control to the personal data processed, only giving access to the Company employees for whom the personal data are necessary to perform their job, and monitoring how the access granted is used. The Company protects access to personal data with passwords of the appropriate level and concludes confidentiality agreements with the individuals who have access to your personal data.
Furthermore, the Company uses a safe cloud-hosted architecture, meaning there are no servers run by us. Access to our various databases (e.g., for software development or keeping registries) is limited to our development team. Specific tasks are restricted to specific departments; for example, the data gathered by cookies is only disposable to the Marketing Department. Furthermore, when possible, the Company uses pseudonymization of personal data and encryption of hard-drives, which is practiced throughout the entire Company. The Company provides online security as well, such as our Website has an SSL security certificate. There is a password policy in place, which protects the data and computers from foreign bodies, as well as the regular checks and backups to ensure recoverability. Lastly, we have annual reviews on our policies and activity with regards to privacy and data.
The Company employees who have access to personal data are familiarised with personal data protection requirements and ensure confidentiality of the personal data processed.
What rights does the Company have?
The Company reserves the right to change the provisions of the Privacy Policy at its own discretion. Changes to the Privacy Policy shall enter into force from the day of their publication on our website. If these changes are minor or structural, they will go into effect without any prior notice and the duty to be informed shall fall upon the visitors of the Website (you). However, if the changes are substantial or material, the Company shall make sure that its users are updated accordingly and where necessary, the Company shall seek consent regarding the new policy.
The right to submit a complaint
If you believe that your privacy rights have been violated, you can contact the Data Protection Officer. You can also submit a complaint to the Privacy Commissioner of Ontario (IPC) or apply to the Court.
How to contact us
If you have any questions about Our Company’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us :
– Reibanq Ltd. – 1 King Street West, Suite 4800–371, Toronto, Ontario, M5H1A1, Canada
Or e-mail our Data Protection Officer at: privacy@reibanq.money
How to contact the appropriate authority
Should you wish to report a complaint or if you feel that the Company has not addressed your concern in a satisfactory manner, you may contact the Privacy Commissioner of Ontario (IPC):
Postal address:
Information and Privacy Commissioner of Ontario
2 Bloor Street East,
Suite 1400
Toronto, ON
M4W 1A8
2 Bloor Street East,
Suite 1400
Toronto, ON
M4W 1A8
Canada
Telephone 1-800-387-0073