Privacy Policy

Introduction

ibana Software GmbH ("ibana" or "the Company") is committed to protecting the privacy and security of the data it processes on behalf of its users. This Data Protection Policy outlines our practices and procedures for handling personal data in compliance with the General Data Protection Regulation (GDPR).

Scope

This policy applies to all personal data processed by ibana, including data of our users, their transactions, and any other data considered personal under the GDPR. It encompasses data collected through our B2B SaaS platform, ibana, aimed at reducing financial fraud risks.

Principles of Data Processing

ibana adheres to the following principles when processing personal data:

• Lawfulness, Fairness, and Transparency: Data is processed lawfully, fairly, and transparently in relation to the data subject.
• Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
• Data Minimization: Only data that is necessary for the purposes of processing is collected and processed.
• Accuracy: Every reasonable step is taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.
• Storage Limitation: Personal data is kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
• Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Rights of the Data Subject

Data subjects have the following rights:

• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling

Data Processing Activities

Collection and Use

Users upload planned transactions to the ibana platform for analysis. These transactions are marked as "normal" or "suspicious". Suspicious transactions undergo a verification process, after which transactions can be downloaded by the user for further processing.

ibana only collects and uses personal data if the use case meets one or several of the following requirements:

• To manage your access to and use ibana services.
• To carry out customer management, including contracts, orders, deliveries, invoices, and follow-ups.
• To constitute a file of registered members, users, customers and prospects.
• To respect our legal and regulatory obligations.

Authentication

For authentication purposes, ibana uses WorkOS.com. Users should refer to WorkOS.com's privacy policy for details on how their data is processed.

Data Storage and Security

All personal data is stored on servers located in Germany, operated by Hetzner. ibana implements robust technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

Data Sharing and Transfers

ibana does not share personal data with third parties without the user's explicit consent, except as required by law or as necessary for the provision of ibana's services. Data transfers outside the EU are conducted in compliance with GDPR requirements, ensuring an adequate level of data protection.

Changes to this Policy

ibana reserves the right to modify this Data Protection Policy at any time. All modifications will be posted on our website and, where appropriate, notified to you by email.

Contact Us

For any inquiries related to this Data Protection Policy or the processing of your personal data, please contact us at [email protected].