Politica de privacidade

TRICOUNT S.A.

Website and Application Privacy Policy

Last updated: 18/12/2023

  1. About this Policy

    1.1 This Privacy Policy (the "Policy") describes how we (as defined below) collect, share and use any information that, used alone or in combination with other information, relates to you ("Personal Data") when you ("you" and "your") use our website Tricount ("Website") or one of our mobile applications ("Application/Applications").

    1.2 This Policy also sets out the rights you have in relation to the Personal Data we process concerning you, as well as the way in which you can exercise them.

    1.3 Tricount S.A. ("Tricount") takes its privacy obligations seriously. This is why we have developed this Policy describing the standards Tricount applies in order to protect your Personal Data.

    1.3.1 Tricount has developed the application. Tricount has its registered office at Av. Arnaud Fraiteur 15/23, 1050 Ixelles (Belgium) and is a company registered with the Banque Carrefour des Entreprises (RPM Brussels) under number 0508.560.013, and whose VAT number is BE 0508.560.013.

    1.3.2 bunq B.V. ("bunq"), markets banking services and manages the infrastructure necessary for the operation of the Tricount application. bunq has its registered office at Naritaweg 131-133, 1043 Bs Amsterdam (Netherlands) and is registered with the Kamer van Koophandel (KvK) under number 54992060, and whose VAT number is NL851519945B01 .

    1.4 For the purposes of this Policy, these two entities of the same group (collectively, "we", "us", "our"), have complementary activities and process your Personal Data in the context of the Offers available via the Application. They act jointly as data controllers of the Personal Data collected via the Website and the Applications. As explained in the table below, some processing of your Personal Data is carried out exclusively by bunq and others exclusively by Tricount, depending on their activities and tasks.

    1.5 This Policy describes the high standards we apply to protect your Personal Information with the utmost care. Respecting your privacy is one of our core values. To achieve this, we have a team dedicated to the protection of personal data, including a Data Protection Officer registered with the "Autoriteit Persoonsgegevens" (the Dutch data protection authority), a security team and a legal team.

    1.6 In our capacity as data controllers, we are responsible for ensuring that the processing of Personal Data complies with the applicable data protection legislation, and more particularly with the General Data Protection Regulation. Please take the time to read this Policy carefully. If you have any questions or comments, please contact Tricount Privacy Team by email at privacy@tricount.com or by post at Avenue Arnaud Fraiteur 15-23 B-1050 Brussels, Belgium.

  2. What Personal Data is collected by Tricount and why?

    2.1 The type of Personal Data we collect, and the reasons for which we process it, include:

    Processing activities set up jointly by Tricount and bunq

    Why do we collect it? Type of Personal Data Legal basis
    Managing people with a user account (storing personal data, making data available to mobile applications via APIs, triggering APIs from third-party partners required for given functionalities (e.g. connection to social networks, initiating payments, etc.)). Financial characteristics, identification data, electronic identification data Contractual necessity
    Update and validation of the user's personal data Financial characteristics, identification data, electronic identification data Contractual necessity
    Processing user requests through an email address (client support by email) Identification data, electronic identification data Consent of the data subject
    Display of advertising and associated services (monitoring, fraud detection, etc.) identification data, electronic identification data Legitimate interest of the data controller or a third party
    Display of personalised advertising and associated services (collection of consent, monitoring, fraud detection, etc.) identification data, electronic identification data, location data, Internet connection tracking and usage data Consent of the data subject
    Integration with partner financial services Financial characteristics, identification data, electronic identification data Contractual necessity
    Creation of a tricount, addition of expenses and comments accessible to certain users, calculation of the balance of accounts, export of accounts, ability to analyse the budget and expenses of the group Financial characteristics, identification data, lifestyle data, leisure activities and interests Contractual necessity
    Sending creation and invitation emails to tricounts Identification data Legitimate interest of the data controller or a third party
    Sending "Push" notifications Identification data Consent of the data subject
    Sending emails promoting Tricount and bunq services and offers Identification data Legitimate interest of the controller or a third party
    Statistical analysis of use, growth, etc. Electronic identification data, location data, tracking and use data of the Internet connection Legitimate interest of the data controller, or consent of the data subject when these analyses are based on the placement of analytical Cookies.
    Add card payments (and other payments) from bunq as expenses in a tricount Financial characteristics, identification data, electronic identification data Consent of the data subject

    Processing activities implemented by Tricount

    Why do we collect it? Type of Personal Data Legal basis
    Recording of actions carried out by users in order to understand the use of the application and to solve any problems. Electronic identification data, location data, tracking and use data of the Internet connection Legitimate interest of the data controller or a third party
    Collection of consent for the display of personalised advertising (including retention of documentation relating to this consent) Identification data, electronic identification data Legal obligation

    Processing activities set up by bunq

    Why do we collect it? Type of Personal Data Legal basis
    Ensuring the interoperability of the Tricount and bunq services by linking user data between the two digital platforms. Financial characteristics, identification data, lifestyle data, leisure activities and interests For those using both platforms directly: Contractual necessity.

    For those using Tricount only: legitimate interest of the controller or a third party
    Identify users and the services they have subscribed to in order to identify sales and marketing opportunities Identification data, electronic identification data Legitimate interest of the controller or a third party

    2.2 We may also automatically collect certain information from your device. More specifically, the information we automatically collect may include information concerning your IP address, device type, unique identification numbers, browser type, broad geographic location (for example, country-wide or city-wide), advertising identifier and other technical information. We may also collect information about how your device interacted with our Application (screens displayed or clicks on the Application or on the website). The collection of this information makes it possible to track how the Application is used and to identify/correct any bugs. When cross-referenced with other sources, this collection also allows us to understand who its users are (where they are, their age, gender, language, etc.) and thus determine how to develop the Application and advertising content that may be of interest to them.

    We use this information for internal analysis purposes, as well as to improve the quality and relevance of our Application for our visitors.

    Some of this information may be collected using cookies and similar tracking technologies, as further explained in our Cookies Policy which is available here.

    2.3 From time to time, we may receive Personal Data concerning you from third party sources (including integrated services for processing refunds), but only where we have verified that such third parties have your consent or are legally authorised or required to disclose your Personal Information to us.

    The type of Personal Data we collect from third parties include confirmations of payments made and we use the Personal Information we receive from these third parties to ensure the accuracy of the information we hold concerning you.

    2.4 In general, we will only use the Personal Data we collect from you for the purposes described in this Policy or for those that we will explain to you when collecting the Personal Data. However, we may also use your Personal Data for other purposes which are not incompatible with the purposes we have communicated to you (such as processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes) and provided that they are permitted by applicable data protection law.

  3. Who does Tricount share your Personal Data with?

    3.1 We may transmit your Personal Data to the following categories of recipients:

    1. to our group companies for purposes consistent with this Notice. We take precautions to allow access to Personal Data only to those staff members who have a legitimate business need for access and with a contractual prohibition of using the Personal Data for any other purpose.
    2. to our third party suppliers, service providers and partners who provide us with a data processing service, or who process Personal Data for the purposes described in this Policy, or who are notified to you when collecting your Personal Data. This may include communications to third party suppliers and other service providers we use in connection with the services they provide to us, including to support us in areas such as IT platform management or support services, infrastructure or application services, marketing and data analysis;
    3. to any relevant law enforcement agency, regulator, government agency, court or other third party when we believe that disclosure is necessary (i) under applicable laws or regulations, (ii) to establish or defend our rights, or (iii) to protect your vital interests or those of any other person.
    4. to our auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us for legitimate business purposes and subject to a contractual prohibition on using the Personal Data for other purposes;
    5. to a potential purchaser/investor/lender (and its agents and advisors), in connection with a proposed capital raising, purchase, merger or acquisition of a portion of our business, provided that we inform the buyer that they must only use your Personal Data for the purposes described in this Policy;
    6. to any other person as long as you have given your prior consent to the disclosure.
  4. How we protect your privacy

    4.1 In accordance with this Policy, we will process Personal Data as follows:

    1. Loyalty: We will process Personal Data fairly. This means that we are transparent about how we process Personal Data and will process it in accordance with applicable law.

    2. Purpose limitation: We will process Personal Data for specified and lawful purposes and will not process it in a manner that is inconsistent with those purposes.

    3. Proportionality: We will process Personal Data in a manner proportionate to the purposes for which the processing is intended.

    4. Accuracy of data: We take appropriate measures to ensure that the Personal Data we hold is accurate, complete and, if necessary, kept up to date. However, it is also your responsibility to ensure that your Personal Data is as accurate, complete and up-to-date as possible by promptly notifying Tricount of any changes or errors.

    5. Data security: We use appropriate technical and organisational measures to protect the Personal Data that we collect and process concerning you. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data. We have, directly or indirectly through our service providers, use of the following security measures: securing system access, prevention, detection and action measures against physical hazards (such as fire), backup systems, network security, logical access protection, list of authorised personnel and authentication system.

    6. Data processors: We may engage third parties to process Personal Data for and on behalf of Tricount. We require these data processors to process the Personal Data and act strictly in accordance with our instructions and to take appropriate measures to ensure that Personal Data remains protected.

    7. International data transfers: Your Personal Data may be transferred and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your own country (and in some cases may not be as protective).

      However, we have taken appropriate safeguards to demand that your Personal Data remain protected in accordance with this Policy. They include the implementation of a data transfer agreement based on the Standard Contractual Clauses of the European Commission for the transfer of Personal Data with the third parties we engage to provide our services, which require all parties involved in the service provided by Tricount to protect the Personal Data they process from the EEA in compliance with European Union data protection law.

      Our data transfer agreement can be provided upon request. We have put in place similar appropriate safeguards with our third-party service providers and our partners and other details may be provided upon request.

    8. Data retention: We retain the Personal Data we collect from you for as long as we have a legitimate business need (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

      When we no longer have a legitimate business need to process your Personal Data, we delete it or make it anonymous, or if this is not possible (for example, when your Personal Data has been stored in backup archives), we store it securely and isolate it from any further processing until such time as deletion is possible.

  5. Your data protection rights

    5.1 You have the following data protection rights:

    1. If you wish to access, correct or update your Personal Data, you can do so at any time by contacting us via: privacy@tricount.com.

    2. With regard to the deletion of your Personal Data, you can also do this at any time by contacting us via: privacy@tricount.com. Please note that the data of the tricounts themselves (expenses, etc.) will not be deleted in this context. Indeed, since a tricount is an account sheet shared between several users, we must keep this data as it can still benefit other users. When requesting the deletion of your Personal Data, your identifiers within the tricounts in which you participate will be pseudonymised.

    3. In addition, in certain circumstances, you can object to the processing of your Personal Data, ask us to restrict the processing of your Personal Data or request the portability of your Personal Data. Again, you can exercise these rights by contacting us via: privacy@tricount.com.

    4. If we have collected and processed your Personal Data with your consent, you may withdraw your consent at any time. The withdrawal of your consent will not affect the legality of any processing we have carried out prior to such withdrawal and will not affect any processing of your Personal Data carried out on the basis of legal grounds other than consent.

    5. If you have any complaints or concerns about how we process your Personal Data, we will endeavour to address these concerns. If you believe that we have not sufficiently addressed your complaint or concern, you have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area are available at here.)

    5.2 We respond to all requests we receive from data subjects wishing to exercise their rights relating to the protection of their personal data in accordance with the applicable data protection law.

    5.3 We will only respond to requests that relate directly to data processing carried out jointly by Tricount and bunq or solely by Tricount. If a request concerning data processing carried out solely by bunq is addressed to Tricount, we will transfer your request to bunq.

  6. Links to other Websites

    6.1 The Website and the Applications may contain hyperlinks or buttons redirecting to Websites and/or applications owned and operated by third parties. These Websites/Applications have their own privacy policies and we encourage you to review them. They will govern the use of the Personal Data you submit by visiting these Websites.

    We are not responsible for the privacy practices of these third party Websites and your use of such websites is at your own risk.

  7. Updating this Policy

    7.1 We may update this Policy from time to time in response to changes in legal, technical or commercial developments. When we update our Policy, we will take appropriate steps to notify you, given the significance of the changes we will be making. We will obtain your consent to any material changes to this Policy if required by applicable data protection law.

    7.2 You can see the date of the last update of this Policy by referring to the date of the "last update" posted at the top of this Policy.