The Outbank Banking Application (“Outbank” or “the App”) is provided for use by Verivox GmbH of Heidelberg, Germany (“We”, “Us”, or “Verivox”) to users of the App and Services (“You”, “Your”, or “User”).
The following information will inform You about the data We collect, process and store and explain why We need it, what We do with it, and how We keep it secure. “Personal Data” is any information capable of identifying an individual.
- After downloading the App, and in order to access the Services, You have the option to create a customer account (“Outbank ID”). The Outbank ID enable synchronization between multiple devices. As part of the synchronization process, the Verivox database on Your device (and any changes to it) is encrypted and anonymized on Your device and then stored on a server. As a result, the file thus stored is completely anonymous, access is only possible via an encrypted token, which is created for access to Your device and is temporary. If the token expires, You must restart the process.
- You are responsible for the accuracy of the data You provide in creating Your Outbank ID and while using the App or Services. Changes or updates of Your data must be made immediately within the App to ensure accuracy of the Services.
- During the process of creating Your Outbank ID within the App, You must create a secure password. Your password must be a combination of uppercase and lowercase letters, numbers and a symbol. This password secures Your Outbank ID and the stored data from access by unauthorized persons.
- Verivox GmbH reserves the right to change password requirements and/or require Customers to change their selected passwords at any time.
- You may not share Your password with third parties and You must keep it secure from access by third parties. Furthermore, You may electronically store or transmit passwords only with secure encryption.
General Data Protection Information
- Verivox GmbH does not control the data processing activities of third parties. If you click on a Third party link through our Services, you should review their respective privacy policies.
- Verivox GmbH aims to process and store any Personal Data received from the relevant application store or third parties in accordance with applicable data protection laws.
- Verivox GmbH will not share Your Personal Data with any third parties except where necessary for the performance of legal contracts, and to provide the services You have requested and consented to.
- Verivox GmbH undertakes not to collect, store, modify, block or delete the Personal Data protected by the GDPR for any other purpose other than to comply with its obligations to Users under the Terms;
- We point out that data transmission over the Internet (for example, when communicating via e-mail) may have security gaps. Therefore, whenever possible use encrypted communication connections and up-to-date security software for Your devices.
- Data is securely stored on servers that are assigned to our company and are located exclusively in Germany.
- Data will be transferred to third parties to facilitate provision of Services You have requested or to other vendors and service providers.
Personal Data and Use in General
- We receive Your Personal Data from the application store through which You downloaded the App. Also, You submit Personal Data required to create the Outbank ID account. You may also provide us with banking and financial data to fully utilize our Services.
- As part of the provision of technical and other support services, We use Your e-mail address, Your name, and technical information about Your device to assign Your support request to the technical support person who can assist You.
- We also use Your Data to communicate with You regarding Your use of the Services, as well as for cross-device usage You initiate, including synchronization between multiple devices.
Email Communications and Newsletter
We offer a Newsletter subscription on our Website. In order to subscribe, We require an e-mail address from You, as Well as information that allows us to verify that You are the owner of the e-mail address provided and that You consent to receive the newsletter. We use this Data exclusively for the delivery of the requested Newsletter and do not pass it on to third parties.
- We utilize the MailChimp service to send newsletters and to communicate with Users. Mailchimp is a service of Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA;
- We have a “Data Processing Agreement” with MailChimp, in which We require MailChimp to protect the data of our customers and not to pass them on to third parties. If You enter data on our Website or through the App for the purposes of newsletter subscription (e-mail address, for example), it will be stored on MailChimp’s servers in the United States.
- MailChimp is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the US to ensure compliance with European privacy standards in the United States.
- With the help of MailChimp We can analyze our newsletter campaigns. When You open an e-mail sent by MailChimp, a file included in the e-mail (called Web-beacon) connects to MailChimp’s servers in the United States. This will determine if a newsletter message has been opened and which links may have been clicked. In addition, technical information is collected (e.g., time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to the respective newsletter recipient. They serve exclusively for the statistical analysis of newsletter campaigns. The results of these analyzes can be used to better tailor future newsletters to the interests of the recipients.
- If You do not want to be analyzed by MailChimp You can unsubscribe from the newsletter. In each newsletter there is a link to “unsubscribe”. Furthermore, You can unsubscribe from the newsletter directly on Our Website.
- The data processing takes place on the basis of Your consent provided when you sign up. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the already completed data processing operations remains unaffected by the revocation.
Data and the App
- As part of the creation of a customer account (Outbank ID), the following data are collected and stored on servers in Germany: e-mail address, first name and last name where indicated, and a photo if one is uploaded by the user. In addition, information is stored through the Apple App Store or Google Play Store in accordance to the General Terms and Conditions and/or Privacy Policies of these Stores.
- Your Outbank ID and Your current IP address are temporarily stored in order to update connections to banks or accounts.
- Your photo, if You upload one, is stored and used only within the App.
- As part of the “Contract Recognition” function, the data stored in the App is analyzed and assigned to specific sales after activation of the corresponding function. The data generated as part of this function will only be processed within the App and will not be passed on to third parties.
- If You use the App or any other Services, the Verivox GmbH server automatically saves the following data that the App transmits:
a. A generic device ID generated by the device,
b. The last IP address (shortened in terms of data protection),
c. The date of the last change of a news (information) within the framework of the news page usage available in the App,
d. The license token and Periods when and what You purchased, within the framework of the licensing check,
e. device specifications (screen size, OS version, device version) and app version used.
f. Anonymous user statistics to improve the user experience of the app.
- While using the browser integrated in the App (in particular for the use of the support and FAQ pages) as was while using Verivox GmbH’s Website (“Web Services”) the following data can be collected:
a. If You use Web services, Verivox GmbH may send one or more cookies – small files containing a string – to the customer’s computer or other data processing unit, uniquely identifying the browser.
c. The cookie itself does not contain any Personal Data, but if You provide Personal Data during Your visit to Verivox GmbH and do not delete the cookie from Your browser after providing this data, Verivox GmbH collects the non-Personal Data stored in the cookie (such as the number of visits You have made to Verivox GmbH) and stores it anonymously.
d. If You use Web Services, the Verivox GmbH server automatically saves the data transmitted by Your browser whenever You visit a Website. These server logs contain data such as Your Web request, IP address, browser type, browser language, the date and time of Your request, and one or more cookies that uniquely identify Your browser. The IP address is stored in a shortened form for data protection.
- You can set Your external browser to notify You when a cookie is sent. This opens the option to either accept or refuse the tracking of cookies. If You choose to turn off cookies, it may affect Your ability to access or use the Services.
- Other Verivox GmbH Services including the App and related Services We may need to share or transmit Data to the indicated third party service provider to execute the services You request. Verivox GmbH will explicitly advise You of such transmission prior to its execution.
- If You send e-mail messages or other communications directly to Verivox GmbH via the App or otherwise, Verivox GmbH will retain such notifications in order to process the Your request, respond to Your questions and receive feedback to improve the Services. For example, if You provide feedback to Verivox GmbH regarding the Services, Verivox GmbH may use and disclose the feedback for any purpose (including, but not limited to, ratings in the applicable app store) Verivox GmbH will not provide Your Personal Data unless the You have specifically authorized Verivox GmbH to do so. The collection, processing and storage of the data contained in such feedback communications is done in accordance with the above data protection principles.
- Verivox GmbH takes the necessary security measures to protect against unauthorized access to or the unauthorized modification, publication or destruction of data. These security measures include internal audits of data collection, storage and processing practices and security as Well as physical security measures to protect against unauthorized access to the systems where We store Personal Data.
- Verivox GmbH restricts access to Personal Data to Verivox GmbH employees, contract workers and agents who need such information in order to provide, develop or improve the Services. These individuals are subject to confidentiality obligations and may be subject to disciplinary action, including dismissal and prosecution, if they fail to meet these obligations.
- Your rights to Access and Correction
You may request that We confirm to You whether We are processing Your Personal Data and what Data We are processing. If Your information is incorrect or incomplete, You may request that Your information be corrected or completed. If We have shared Your information with third parties, We will inform them of the correction, to the extent required by law.
- Your right to Erasure
If the legal requirements exist, You can request immediate deletion of Your Personal Data from us. This is especially the case when:
a. Your Personal Data is no longer needed for the purposes for which it was collected;
b. the legal basis for the processing was Your consent only and You have revoked it;
c. You have objected to processing for promotional purposes;
d. You have objected to processing based on the legal basis balance of interests for personal reasons and We cannot prove that there are legitimate reasons for processing;
e. Your Personal Data has been processed unlawfully; or
f. Your Personal Data must be deleted in order to comply with legal requirements.
If We have forwarded Your data to third parties, We will inform them about the deletion, insofar as required by law.
Please note that Your erasure right is subject to restrictions. For example, We may not or must not delete data that We still need to retain due to legal retention requirements. Also, data that We need in order to assert, exercise or defend Our legal rights is excluded from Your cancellation right.
- Your right to Object to Processing
If the legal requirements are met, You can request a limitation of Data processing from us. Relevant circumstances include when:
a. You dispute the accuracy of Your Personal Data that we have (We must have the opportunity to verify this);
b. the processing is not lawful and You require a restriction of use instead of erasure (see the previous section);
c. We no longer need Your information for the purposes of processing, but You need it to assert, exercise or defend Your rights;
d. You have raised an objection for personal reasons, we can halt processing until your objection has been evaluated.
If You can show a valid right to restrict processing, We mark the Data in question to ensure that it is processed only within the limits that apply to such restriction (for example, to defend legal claims or within the parameters of Your consent).
- Your Right to Data Portability
You have the right to receive personally identifiable information You have given to us for fulfillment of the contract or on the basis of consent in a transferable format. In this case, You can also request that We transmit this data directly to a third party, insofar as this is technically feasible.
- Your Right to Revoke Your Consent
If You have given us consent to the processing of Your data, You can withdraw it at any time for future processing. The lawfulness of the processing of Your data prior to revocation remains unaffected.
- Your Right to Object to Direct Marketing
You can also object at any time to the processing of Your Personal Data for advertising purposes. Please note that there may be an overlap between Your revocation and the use of Your data as part of an ongoing campaign.
- Your Right to Object for Personal Reasons
You have the right, for reasons that arise from Your particular situation, to object to Our processing of Your Data to the extent that the processing is based on a legitimate interest basis. We will then stop processing Your data, unless We can – in accordance with legal requirements – prove compelling legitimate reasons for further processing that outweigh Your rights.
- Your Right of Appeal to a Supervisory Authority
You have the right to file a complaint with a data protection authority. In particular, You can contact the data protection authority, which is responsible for Your place of residence or Your state, or who is responsible for the place where the violation of data protection law has taken place. Alternatively, You can contact the relevant data protection authority, which is:
The State Commissioner for Data Protection and
Freedom of Information Baden-Württemberg
PO Box 10 29 32
Phone: +49 711 61 55 41-0
Fax: +49 711 61 55 41-15
California Privacy Rights
California residents have the right to receive information that identifies any third-party companies or individuals that We have shared Your personal data within the previous calendar year, as well as a description of the categories of personal data disclosed to that third party.
Asserting Your Rights
If You wish to assert any of the above described rights, please address Your request by stating Your current address, Your date of birth and Your e-mail address to:
Am Taubenfeld 10
We will use Your information provided in this request exclusively for comparison with the information in our database and thus for the protection of Your Personal Data against access by unauthorized third parties.
Questions and Suggestions
If You have any questions or suggestions about data protection, We look forward to receiving Your message.
Please send written inquiries to:
Data Protection Officer
Am Taubenfeld 10