PRIVACY POLICY

App Privacy Notice

When you use the App, your personal data is handled by different parties depending on the type of processing. The issuer, Bnext Electronic Issuer, E.D.E., S.L. (“Bnext” or “We) is the Data Controller for all information connected to your Wallet and regulated payment services, such as e-money issuance, safeguarding, AML/KYC checks, transaction monitoring, and card services.

Articuno Holdings Limited provides the App as a technical interface and acts only as a Data Processor on behalf of Bnext. Articuno does not make regulated decisions or use your data for its own purposes.

 

WHAT DATA WE PROCESS

 

The data We process about you may include:

  • Identification data: name, passport, email, mobile number, user ID.

  • Device data: device identifier, IP address, security tokens.

  • Authentication data: login credentials (hashed), trusted device status, session tokens.

  • Financial data: transaction history, balances, card details, remittances..

  • Communication data: support queries, documents uploaded, notifications.

WHY WE PROCESS YOUR DATA

We process your personal data to create and manage your App account, operate core App features such as authentication, device trust, notifications, and customer support, and to enable and display payment, card, and remittance data. Your data is also used to ensure security, fraud detection, and misuse prevention, to communicate updates, service messages, and mandatory notices, and to improve the app through troubleshooting and analytics (using aggregated or anonymized data). In addition, your data is processed to provide regulated payment services and to comply with legal and regulatory obligations, including anti-money laundering, counter-terrorist financing, sanctions screening, and financial reporting, according to Bnext’s Privacy Policy.

LEGAL BASIS

We rely on different legal bases for processing:

  1. the performance of a contract to provide you with the App and payment services;

  2. legitimate interests to ensure security, fraud prevention, and service improvement, and

  3. consent where required, including for notifications or analytics.

HOW LONG WE KEEP YOUR DATA

Your App account and communication data are retained while your account is active and for a limited period after closure. Logs and analytics are retained for operational and security purposes, generally short-term unless aggregated or anonymized. Transaction data are retained in line with statutory financial and AML/CTF obligations. Once this purpose has been fulfilled, the data will be kept, duly blocked, only for as long as claims or liabilities may arise in relation to it and until the limitation periods for such claims or liabilities have expired, after which it will be completely deleted.

 

WHO WE SHARE YOUR DATA WITH

Your data may be processed by Bnext and other regulated payment service provider to enable payment services, and shared with KYC/AML verification partners used exclusively by the licensed provider, with technology infrastructure vendors such as cloud hosting, analytics, and messaging systems strictly for app operation, other group companies and with professional services such as auditors, legal advisors and authorities when legally required. All partners operate under data protection agreements that ensure compliance and confidentiality.

 

INTERNATIONAL TRANSFER

Some service providers may be located in the EEA or in countries with equivalent adequacy decisions. Where transfers occur outside the EEA, appropriate safeguards such as Standard Contractual Clauses are applied.

 

YOUR DATA PRIVACY RIGHTS

You have the right to access your personal data, request rectification of inaccurate data, request erasure (“right to be forgotten”), restrict processing, request portability of your data, and object to processing based on legitimate interests. You also have the right not to be subject to automated decision-making without human involvement. To exercise these rights, you should contact: [email protected].

 

TECHNICAL ORGANIZATIONAL SECURITY MEASURE

Your App and platform data are hosted with organization-wide security controls in place, including encryption, access controls, pseudonymization, and breach response protocols, in accordance with the state of technology and the nature of the data, which is subject to incidents.

 

ARTICUNO’s OBLIGATIONS TO THE ISSUER

As a processor, Articuno provides the App as a technical interface and acts solely as Processor on behalf of Bnext, does not make regulated decisions or use your data for its own purposes, and shall process Personal Data only in accordance with Issuer’s documented instructions, this Agreement, and Applicable Data Protection Law (including Regulation (EU) 2016/679 – “GDPR”).

 

HOW TO CONTACT US

If you have concerns, you may contact the Data Protection Officer of Articuno at [email protected]. The Issuer’s DPO can be contacted through [email protected]. The details are provided in Bnext’s separate privacy notice. (see link:)

You also have the right to lodge a complaint with your local data protection authority.