This privacy policy (“Privacy Policy”) outlines how Banank PL Sp. z.o.o. (“babank”, "we", "us", or "our") collects, uses, discloses, and protects your personal data when you use our services. 

We are committed to safeguarding your privacy and ensuring that your personal data is protected in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) and Poland’s Personal Data Protection Act of 10 May 2018 (Ustawa z dnia 10 maja 2018 r. o ochronie danych osobowych). 

This Privacy Notice applies to all natural persons whose personal data we collect, use, or otherwise process in the course of providing our services or carrying out our business activities (“you” or “data subject”). 

We may collect, store and process the following categories of personal data:  

• Identification data (e.g. full name, personal ID number, nationality, date/place of birth, ID documents and copies, photo)  
• Contact information (e.g. address, phone number, e-mail)  
• Employment data (e.g. current employer, position, business affiliations)  
• Financial data (e.g. income, assets, bank account numbers, transactions, payment history, creditworthiness)  
• Contractual data (e.g. service agreements, account use records)  
• AML/KYC data (e.g. criminal records, PEP status, sanctions list data – collected when required by law)  
• Technical and usage data (e.g. App activity, login timestamps, interaction logs, IP address, browser/device details, access logs)  
• Marketing Preferences: Newsletter subscriptions and opt-in/opt-out history 
• Biometric data (only if required for identity verification purposes, and only where permitted by law) 

We collect your data from the following sources:  

• Directly from you (e.g. via online registration, applications, customer service)  
• Publicly accessible sources (e.g. business registries, sanctions lists, social media – used only for purposes permitted by law, such as meeting anti-money laundering obligations)  
• Third parties (e.g. fraud databases, AML/KYC providers, affiliates)  
• Regulatory and supervisory authorities, where permitted by law 

We process your personal data for the following purposes:  

• To identify you and conduct due diligence in accordance with anti-money laundering and counter-terrorism financing laws, including the Act on Counteracting Money Laundering and Terrorism Financing (Ustawa z dnia 1 marca 2018 r. o przeciwdziałaniu praniu pieniędzy oraz finansowaniu terroryzmu, hereinafter “Polish AML Act”) 
• To assess credit risk and evaluate transactions  
• To conclude and execute contracts with you  
• To manage your account and perform payment services  
• To comply with regulatory obligations under EU and Polish law, including the Polish AML Act, the Payment Services Act, the Accounting Act, and applicable tax legislation 
• To protect our legitimate interests (e.g. risk mitigation, fraud prevention, business analysis)  
• To send service communications and, where permitted by law, marketing communications and promotional offers (only if you have given consent or if we have a legitimate interest and you have not objected) 
• To establish, exercise, or defend legal claims 

We process your personal data only when we have a valid legal basis under the General Data Protection Regulation (GDPR) and applicable Polish law. These bases include:

• To take steps before entering into a contract with you (GDPR Article 6(1)(b)) – for example, when you apply for our services;
• To perform a contract we have with you and to ensure that you meet your obligations to Banank (GDPR Article 6(1)(b));
• To comply with legal obligations (GDPR Article 6(1)(c)), including obligations under:

o the Act on Counteracting Money Laundering and Terrorism Financing (Ustawa z dnia 1 marca 2018 r. o przeciwdziałaniu praniu pieniędzy oraz finansowaniu terroryzmu),
o the Payment Services Act (Ustawa z dnia 19 sierpnia 2011 r. o usługach płatniczych),
o the Accounting Act (Ustawa z dnia 29 września 1994 r. o rachunkowości),
o the Tax Ordinance Act (Ustawa z dnia 29 sierpnia 1997 r. – Ordynacja podatkowa), and
o other applicable Polish and EU laws;

• When processing is necessary for our legitimate interests (GDPR Article 6(1)(f)), such as:

o establishing, exercising, or defending legal claims,
o assessing the creditworthiness of potential customers, guarantors, and collateral providers (unless prohibited by law),
o offering and developing new products and services (unless you object).

• With your consent (GDPR Article 6(1)(a)), for example, for certain marketing activities or where consent is legally required.

For certain types of data, additional rules apply:

• Special categories of personal data (such as biometric data) are processed only when permitted under GDPR Article 9(2) and applicable Polish law, for example, to verify identity in line with the Polish AML Act.
• Data relating to criminal convictions and offences (such as information from sanctions lists or AML checks) are processed only when authorised under GDPR Article 10 and the Polish AML Act.

We may transfer your personal data to the following categories of recipients:  

• Financial institutions and payment systems  
• National authorities and regulators (including, where required, the General Inspector of Financial Information (GIFI) and other bodies under the Polish AML Act) 
• IT and cloud hosting providers 
• KYC, AML, and identity verification service providers  
• Auditors, legal and tax advisors  
• Postal and communication service providers  
• Credit registries and debt collection firms  

All third-party service providers are contractually bound to process your data in compliance with the GDPR and applicable Polish law. 

We transfer personal data outside of the European Economic Area (EEA) — which includes the Member States of the European Union, Norway, Iceland, and Liechtenstein — only when this is done in compliance with applicable data protection laws. 
Where the destination country is not recognised by the European Commission as providing an adequate level of data protection, we ensure that appropriate safeguards are in place. These may include: 

• standard data protection clauses adopted by the European Commission, 
• approved certification mechanisms together with binding and enforceable commitments of the recipient, or 
• other safeguards permitted by the GDPR and Polish law. 

We will not store your personal data longer than necessary for the purposes of processing. In determining the storage period, we consider:  

• the nature of the purpose, why personal data was collected;  
• the duration of your relationship with Banank;  
• any legal obligations requiring us to retain data (for example, under the Polish AML Act we must retain certain data for at least 5 years after the end of the relationship);  
• our legal position (such as applicable statutes of limitation, ongoing or potential litigation, or regulatory investigations).  

Once we determine that your personal data is no longer needed, we will securely delete it from our systems.  

We have implemented recognised technical and organisational measures to protect your personal data from loss, misuse, alteration, or destruction. All Banank personnel are required to maintain the confidentiality of personal data, and only authorised staff have access to it. 

You have various rights in relation to your personal data which we process about you: 

• Right of access: you may request confirmation of whether we process your personal data and receive a copy of it.  
• Right to rectification: you may ask us to correct or complete any inaccurate or incomplete personal data. If we have shared your data with third parties, we will inform them of the correction unless this is impossible or requires disproportionate effort. 
• Right to erasure (“right to be forgotten”): you may request that we delete your personal data in certain circumstances.  
• Right to restrict processing: you may request that we limit the processing of your personal data in certain cases. During the restriction period, we may store the data but not process it further. 
• Right to object: you may object to the processing of your personal data in specific situations, including processing based on legitimate interests or for direct marketing.  
• Right of data portability: you may request a copy of your personal data in a commonly used, machine-readable format and transfer it to another controller, where technically possible.  
• Right not to be subject to automated decision-making: ou have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects you. 
• Right to lodge a complaint with the supervisory authority: if you have any concerns about the way we handle your personal data, you can contact the Polish Personal Data Protection Office (“UODO”) using the following contact information: address: ul. Stawki 2, 00-193 Warsaw, Poland, phone: 22 531-03-00, e-mail kancelaria@uodo.gov.pl. 

We will respond to your requests in accordance with GDPR and applicable Polish law. If we refuse your request, we will explain the reasons for doing so. 

We may update this Privacy Policy from time to time to reflect changes in the law, our services, or how we process personal data. Updated versions will be published on our website and will indicate the date of the latest revision. Where required by law, we will also inform you directly about significant changes. 

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyse site traffic, and personalise content and advertisements.  

We obtain your consent before using non-essential cookies, in accordance with applicable laws. For more details on the types of cookies we use and how to manage your preferences, please refer to our Cookie Policy.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us: 
Email: support@banank.eu
Phone: +48(22)1531061 
Address: ul. Prusa 2, 00-493 Warsaw, Poland