1. Numbrs protects your data
The Numbrs App is operated by Numbrs Personal Finance AG, Edenstrasse 20, 8045 Zurich, Switzerland. Certain services are offered by Numbrs Personal Finance UK Ltd, a wholly owned subsidiary of Numbrs Personal Finance AG (collectively referred to hereinafter as “Numbrs”, “we”, “us”, “our”). Numbrs believes that data protection is a fundamental human right, which is why we take the protection of our users’ personal data and privacy very seriously. Numbrs is subject to the provisions of the General Data Protection Regulation (GDPR) of the European Union and the UK Data Protection Act 2018. We put a lot of effort into ensuring that these regulations are implemented correctly.
The Numbrs App enables users to manage their finances in a simple, secure and neutral manner. Numbrs would never collect your personal to sell it to advertisers or to other companies.
We place the utmost priority on the security of the data that we collect. We have implemented technical and organisational measures which aim to ensure compliance with the data protection regulations by us as well as external service providers. Cutting-edge security technology protects the data and the privacy of each Numbrs’ user. All information recorded is exclusively stored in protected data centers. Our data centers that are located in Germany are all PCI-DSS and ISO27001 certified.
Furthermore, Numbrs is subject to strict data protection laws and uses the TLS 1.2 protocol with 2048-Bit SSL for the encryption of data during data transfers on all connections. Several German authorities and certifying bodies (e.g. TÜV Saarland) have carefully reviewed the security and privacy practices of Numbrs and certified the Numbrs App as highly trustworthy.
2. The Regulated Services
The regulated services, being the account information services (“AIS”) and payment initiation services (“PIS”), that are provided within the Numbrs App, are provided by the following partners:
3. Personal Data
It is our promise that all users can easily and securely manage their finances via the Numbrs App. It is our goal that every user can use the Numbrs App at any time, with the best possible quality and with the highest security standard.
Numbrs solely collects data (e.g. email address) that is necessary to offer you the features of the Numbrs App. A detailed list outlining the personal data that we collect and the purpose for such collection can be found here: User Data Appendix.
The analysis of data can help us improve the automatic categorisation function. The automatic categorisation function sorts users’ income and expenses into various categories such as “food” and “insurance”. Against this background, we reserve the right to analyse data sets for statistical purposes.
We limit access to your personal data that is collected by Numbrs to only those who absolutely need access to it, in order to carry out their professional tasks. To ensure the security of your data, a background check is performed on the few people who have access to personal data. These persons must, of course, also comply with the strict internal and legal regulations.
4. Retention Period
Numbrs only collects personal data to the extent necessary to fulfil our contractual obligations and only for the time necessary to achieve the purposes for which the personal data is collected, in accordance with applicable data protection laws.
The personal data is therefore stored for at least as long as you’re using the Numbrs App. If Numbrs no longer requires your personal data, or you request the deletion of your data, we shall delete it and/or take the necessary measures to anonymise your personal data. This does not apply if we are obliged to keep the data for a longer period of time, in particular to comply with legal retention obligations. Art. 958f of the Swiss Code of Obligations requires, for example, that we retain accounting records for ten years, starting from the expiry of the financial year. Furthermore, we are obliged to retain evidence in accordance with the statute of limitations. According to Art. 127 of the Swiss Code of Obligations, the statute of limitations is ten years. Lastly, data obtained in order to identify you, in accordance with applicable anti-money laundering laws, need to be retained for a period of 6 years after the end of the business relationship. The legal basis for the processing of this data is the fulfilment of our legal obligations (Art. 6 (1) (c) GDPR).
5. Transfer of personal data to third parties
Numbrs exclusively uses personal data for the purpose of offering the Numbrs App. Numbrs does not transfer personal data to third parties (other than those where required as part of the services we provide) without the consent of the user.
We may share personal data with a limited number of our service providers. We mandate service providers to support us in providing the Numbrs App, for example for data analysis, information technology and related infrastructure and customer service. These service providers may need to access personal data to perform their services. We authorize such service providers to use the personal data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of personal data they process on our behalf.
We may undertake checks via fraud prevention agencies to manage your account with us. Insofar as we are bound by law or court order to do so, we shall transfer personal data to third-parties authorised to request such information (e.g. courts or law enforcement agencies). We will inform you should this ever be the case, unless we are prohibited to do so by law or official order.
Click here for a detailed list of all third parties: User Data Appendix.
6. International exchange of personal data
Numbrs Personal Finance AG is a Swiss company with its registered office in Switzerland. The data collected will therefore be processed outside the United Kingdom e.g. in Switzerland, whereby the data remains protected by very strict data protection laws. The EU Commission has confirmed with an adequacy decision that Switzerland has an appropriate level of data protection (Decision of the EU Commission 2000/518/EC).
Furthermore, some of our service providers have their registered office outside the EU or Switzerland, so that the applicable laws guarantee a different national level of data protection than that provided for in European or Swiss data protection law. In this case, we shall ensure (e.g. by concluding appropriate contracts) that the service providers concerned guarantee an appropriate level of data protection comparable to that in the United Kingdom.
We are committed to making sure that all of our service providers comply with technical and organisational measures to ensure the protection of personal data.
7. Your rights
Users who have entered personal data into the Numbrs App can request to have their data deleted at any time, unless Numbrs is obliged to store this data for a certain period of time on the grounds of statutory retention periods, e.g. for contractual, tax or accounting purposes. Please note that you may no longer be able to use the Numbrs App if you delete your personal data.
The data is deleted as soon as the retention period has expired. Users may also request the correction of incorrectly recorded data at any time. Click here for a detailed list of all of your rights: Appendix Your Rights.
Please do not hesitate to contact our support team at email@example.com, or send a letter to: Numbrs Personal Finance AG, Edenstrasse 20, 8045 Zurich, Switzerland or Numbrs Personal Finance UK Ltd, 1 Canada Square, 37th Floor, Canary Wharf, London, E14 5AA, United Kingdom, should you have any questions or suggestions.
The address of our representative in the European Union is: IITR Cert GmbH, Eschenrieder Str. 62c, 82194 Gröbenzell, Germany.
You may also choose to contact our data protection officer at any time. Email: firstname.lastname@example.org. Address: Attorney at Law Dr. Sebastian Kraska, Marienplatz 2, 80331 Munich, Germany.
We are registered in the Information Commissioner’s Office Public Register of Data Controllers (at https://ico.org.uk) under registration number ZA746284.