Privacy Policy

This column is a quick guide to Spiir's Privacy Policy. The guide is not part of the policy itself.

 Last updated June 2021


 

  • Spiir has two services: The Spiir App and Spiir Web.
  • Spiir processes your information to deliver a good app and web service to you. The information is processed in accordance with the current regulations.

1. In General

1.1 In this Privacy Policy, "Spiir", "we", "us", and "our" refers to Spiir A/S, with registered address at Mejlgade 48b, 2. th., DK-8000 Aarhus C, Denmark. When using Spiir's website (hereinafter "the Web") or Spiir's app (hereinafter "the App") (collectively "Services"), your personal data is processed in accordance with this policy.

1.2 Data processed by Spiir’s Services will be processed in accordance with applicable legislation and the valid guidelines issued by the Danish Data Protection Agency.

 

 

  • Spiir is the data controller regarding the personal data, you allow us to use, or which we collect and store, when you are using Spiir Services. This means that Spiir is responsible for abiding by the rules of the privacy legislation, when we process your personal data

2. Data Controller

2.1 Spiir is the data controller of personal data used in connection with the following activities and services on the Services:

  • User Profile
  • Spending Overview
  • Spending Targets
  • Receipt Service
  • Account Overview
  • Budget Service
  • Assistant Service
  • Spiir Treats 
  • Quiz Service
  • Benchmarking and statistics
  • Internal app payments

 

3. What processing is performed?

 

  • When you create a profile in the app or on web, you must enter your email and a password as a minimum.

  • Spiir needs your information to identify you and to provide its services and customer service to you.

  • Spiir also uses your information to contact you regarding new features in our products and to get your feedback on our Services, and in some instances, we may use your answers to questionnaires for marketing.

3.1 User Profile

3.1.1 Data

When creating a profile at Spiir, you must enter your email and password.

In addition, Spiir collects, depending on the services you use, offered by Spiir or by third parties, Spiir processes other information you provide to Spiir. This can be, for example, your civil personal registration number, address, your phone number, number of people in your household, age and gender, as well as other data. Spiir collects this information only if you provide it to Spiir, which is voluntary, but for some functions some of this information is required.

If you use Spiirs App, technical id of your mobile device is also registered. 

If you answer questionnaires within Spiir Services, your answers will in some instances be associated with your user profile. 

3.1.2 Purpose

Spiir collects your personal data to register and identify you as a user and to provide Spiir’s Services to you. Spiir will also collect the personal data to be able to contact you if it is necessary to confirm your information, answer your questions, and provide customer service to you. The collected information can further be used by Spiir in order to request your experience with using the Services. If you have consented to this Spiir will also use your information to send out information on new features in Spiir Services and other marketing material.

Your answer to questionnaires from Spiir will be used for improving the Spiir Services, or for the marketing of such improvements, as well as for Spiir Treats (see section 3.4.) 

Spiir also collects your personal data in order to comply with applicable legislation, comply with governmental requirements, comply with Spiir's internal policies, and to enforce Spiir's Terms of Use.

Finally, Spiir collects your personal data in order to pursue available legal remedies and limit liability in case of any disputes.

3.1.3 Legal basis

Spiir’s legal basis to process said personal data is, that the processing of the data is required for Spiir to provide its Services to you (GDPR art. 6, sect. 1, lit. b).

Some information is processed by Spiir due to Spiir having a legitimate interest in such processing. Among others Spiir has a legitimate interest in contacting you to get your feedback on the Spiir Services, and also Spiir has a legitimate interest in sending you marketing materials, if you have consented to this.

 

3.1.4 If you do not wish to be contacted directly

If you do not wish for Spiir to use your information to contact you directly in order to obtain your feedback on the Spiir Services, you may either click “unsubscribe” in such email, or change the settings in Spiir App. You may also always withdraw your consent to receive marketing materials within Spiir Services, or by clicking “unsubscribe in such emails.

 

  • Spiir collects data from your bank to provide our various services to you.

  • You must consent to Spiir’s processing of your username and the PIN to your online bank for Spiir to provide its services to you.

  • If you do not consent, certain features in Spiir’s services will be inaccessible to you.

3.2 Account information via financial institution

3.2.1 Data

When you add a bank account to Spiir using the "Add Accounts" feature, you must enter your username to your online bank and your service code or online bank PIN. In some cases, depending on your financial institution, this may be other information – however, it is always the same information your bank requires for you to log in.

Only information about account name, balances and transactions is retrieved.

3.2.2 Purpose

Spiir asks for your username and code to retrieve information about your accounts, balances and transactions with your bank so that Spiir can provide an overview of your spending and deliver Spiir’s other services to you.

Entering your username for your online bank is thus a prerequisite for making automated use of Spiir's Account Overview, Budget Service, Assistant Service, Quiz Service, Internal app payments, and Spiir Treats.

Spiir collects your data for the following purposes:

  • Account Overview: Spiir's Account Overview gives you a complete overview of your spending and transactions.
  • Budget Service: Spiir's Budget Service gives you access to set up spending targets and gives you an overview of your spending relative to your budget (Web only).
  • Assistant Service: Spiir's Assistant Service monitors your spending and transactions on your behalf so that you are updated at all times and have an overview of the movements in your accounts. You will be able to enable notifications, which will notify you when changes occur in your spending.
  • Quiz Service: Spiir’s Quiz Service lets you test your knowledge of your own spending.
  • Spending Service: Spiir’s Spending Service lets you categorize your various spending items.
  • Internal app payments: Based on the accounts you have added to Spiir, upon your request, Spiir will initiate payments to your own accounts within the app.
  • Spiir Treats: Based on your information about your spending Spiir Treats in some instances provides you with information on special offers targeted you. This requires your specific consent.
  • Benchmarking: Using your spending data Spiir calculates statistics and performs benchmarking. Spiir ensures your personal data’s anonymity, so that statistical data does not contain personal information and thus cannot be traced back to you. The statistics make it possible for you as Spiir user to compare your own spending to a particular group in society.

3.2.3 Legal basis

You can consent to Spiir using your username or other log in information for your online bank so that Spiir can retrieve data about your accounts, balances, and transactions. (GDPR art. 6, sect. 1, lit a.) 

By your consent, you confirm that Spiir may use your account data as described in section 3.2.2.

3.2.4 If you do not consent

If you do not consent to Spiir using your account information to access your account information, you will not be able to use certain features in Spiir’s Services, including account Overview, Quiz Service, Assistant Service, Budget Service, Spiir Treats, etc. However, you may be able to manually upload your data, see below.

 

  • On the Web service your transaction information may be uploaded manually.

  • By supplying your transaction information, you can use Spiir's various services on both App and Web – subject to certain restrictions.

3.3 Account Information - Manual Upload - Only Web

3.3.1 Data

You can manually upload your transaction data to Spiir via the Web.

3.3.2 Purpose

Once you have manually uploaded your transaction data, you have the option to use Spiir's various services. For manual upload, there may be restrictions to the services:

  • Account Overview: Spiir's Account Overview provides you with an overview of your spending and transactions.

  • Budget Service: Spiir's Budget Service lets you set spending targets and gives you an overview of your spending relative to your budget (Web only). 

  • Assistant Service: Spiir’s Assistant Service monitors your spending and transactions on your behalf so that you are updated at all times and have an overview of the movements in your accounts. You will be able to enable notifications, which will notify you when changes occur in your spending.

  • Quiz Service: Spiir’s Quiz Service lets you test your knowledge of your own spending.

  • Spending Service: Spiir’s Spending Service lets you categorize your various spending items.

  • Internal app payments: Based on the accounts you have added to Spiir, upon your request, Spiir will initiate payments to your own accounts within the app.

  • Spiir Treats: Based on your information about your spending Spiir Treats in some instances provides you with information on special offers targeted you. This requires your specific consent.

  • Benchmarking: Using your spending data Spiir calculates statistics and performs benchmarking. Spiir ensures your personal data’s anonymity, so that statistical data does not contain personal information and thus cannot be traced back to you. The statistics make it possible for you as Spiir user to compare your own spending to a particular group in society.

3.3.3 Legal basis

When you manually upload your account information, you also consent to Spiir using your account information in accordance with section 3.3.2. (GDPR art. 6., sect. 1, lit. a)

3.3.4 If you do not consent

When manually uploading your account information, if you do not consent to Spiir using said data, you will not be able to use certain features of Spiir’s Services, including Account Overview, Quiz Service, Assistant Service, Budget Service, Spiir Treats, etc.

 

  • With your consent, Spiir can send you great offers based on your profile and/or overall spending information.

  • Spiir processes some of your information on an overall level to provide you with great offers.

  • The purpose of processing your data is to be able to target relevant offers to you.

3.4 Spiir Treats and partners

3.4.1 General offers and services

3.4.1.1 In general

When using Spiir Services, you have the possibility of using select offers from Spiir’s cooperation partners. These offers are generally available to all Spiir users, though certain offers are only available in specific countries.

In addition, depending on the services you use, offered by Spiir or by our partners, Spiir may process other personal information. This can be, for example, your address, your vehicle license plate, as well as other data. Spiir collects this information only if you provide it to Spiir, which is voluntary, but for some functions some of this information is required.

3.4.1.2 Data

If you make use of a general offer and/or services from one of our cooperation partners via Spiir we confirm to such partner that you are a user of Spiir, by forwarding a unique pseudonym, which is only related to the cooperation partner. 

3.4.1.3 Purpose and legal basis

The purpose of forwarding a pseudonym to our cooperation partner, is to ensure, that you are a user of Spiir and therefore is qualified for the offer (GDPR art. 6, sect. 1, lit. b), and to ensure correct settlement of accounts between Spiir and the cooperation partner. (GDPR art. 6, sect. 1, lit. f). 

3.4.2 Targeted offers

3.4.2.1 In General

With your consent Spiir may on Web, in App, through email or push messages provide you with relevant and targeted offers, based on your spending information, and possibly your location.

Spiir never grants access to your information to the offers, besides forwarding of a unique pseudonym to confirm, that you are a user of Spiir. If Spiir wish to forward further information to the offerors, you will be asked for specific consent regarding this.   

3.4.2.2 Data

If you consent in Spiir using your information for Spiir Treats, Spiir process the following data:

  • Email address or technical id on your mobile device. 
  • Profile information (personal information)
  • Spending information 
  • Geolocation information
  • Unique ID 

 

3.4.2.3 Purpose and legal basis

The purpose of processing your profile information and your spending information is to target offers to you (GDPR art. 6, sect. 1, lit. a). Using your geolocation information is for targeting offers to you requires your specific consent (GDPR art. 6, sect. 1, lit. a). Information on your email address or technical id of your mobile device is processed in order to send the targeted offers to you (GDPR art. 6, sect. 1, lit. a.) 

The purpose of forwarding a unique ID (pseudonym) to our cooperation partner, is to ensure, that you are a user of Spiir and therefore is qualified for the offer (GDPR art. 6, sect. 1, lit. b), and to ensure correct settlement of accounts between Spiir and the cooperation partner. (GDPR art. 6, sect. 1, lit. f). 

3.4.2.4 If you do not consent

If you do not consent in Spiir processing information on your spending, you cannot make use of Spiirs targeted offers. Neither will you be able to use the targeted offers if you do not consent in Spiir sending such offers to either your email address or as push messages on your mobile device. 

If you do not consent in Spiir processing your geolocation information for targeting offers to you, you will not be able to receive offers based on your location, but instead general offers based on your user profile information and your spending information. 

If you do not want to provide relevant consents, and hence cannot use Spiirs targeted offers, you may instead use the offers by finding them yourself in Spiir App.

 

  • You can use Spiir's Voucher Service to save receipts and documents and associate them with transactions.

  • Spiir processes your receipts and documents and information provided on these.

  • The processing is performed for you to be able to find them again.

3.5 Voucher Service

3.5.1 In general

You can upload electronic copies of your receipts via the Web and the App.

Spiir stores these so you can always retrieve receipts and, to the extent possible, Spiir will make your receipts searchable.

You can attach receipts to certain transactions to improve your overview.

3.5.2 Data

In the Receipt Service, the electronic copies of your receipts are processed.

When the receipt is made searchable, the data on the receipt is processed.

3.5.3 Purpose

The purpose of the processing is to enable you to retrieve your receipts and associate them with payment transactions.

3.5.4 Legal basis

The processing is required for Spiir to provide its Receipt Service. (GDPR art. 6, sect. 1, lit. b.)

 

  • Spiir registers several technical data when you use Spiir’s Services and other services.

  • The purpose of the collection is to optimize Spiir’s Services and track any potential abuse.

3.6 Technical Information

3.6.1 In general

Spiir registers several technical data when you use Spiir’s Services.

3.6.2 Data

Spiir registers your IP address, operating system, and device information when using Spiir’s Services, and browser information and settings when using the Web. Further Spiir registers how you use Spiir’s Services.

3.6.3 Purpose

Spiir collects the technical data for the purpose of making technical improvements and optimization of its Services and services, and in order to use this information for marketing. 

In addition, IP address, device information, and browser information is collected by Spiir to track any illegal activities and track abuse of its Services.

3.6.4 Legal basis

Spiir has a legitimate interest in obtaining your technical information in order to improve and optimize its Services and to prevent and pursue abuse of its Services. (GDPR art. 6, sect. 1, lit. f.)

Also, Spiirs use of information on the use of its Services for marketing purposes is a legitimate interest (GDPR art. 6., sect. 1, lit. f.)

 

  • Spiir uses cookies and other technical measures in our services.

  • Cookies, etc. are used for various purposes. Some are required, others help remember your preferences, and others are used for analytical purposes. Some are used for marketing purposes.

  • You can always delete or block cookies, but the use of Spiir’s services may be restricted by doing so.

3.7 Cookies etc.

3.7.1 In general

By using Spiir’s Services, you agree that Spiir uses cookies , so-called widgets on the Web, and so-called tracking identifiers on the App for various purposes.

You can read more about Spiir’s use of cookies, widgets, and tracking identifiers here.

3.7.2 Purpose

The cookies, etc., which Spiir uses on its Services have various purposes.

On the Web:

  • Required cookies. These are cookies that are necessary for you to use the Web, for example, to remember that you are logged in to the Web.
  • Preference cookies. These are cookies that remember your settings, for example, your login may be remembered if you have requested this.
  • Analytical cookies. These are cookies that are used to measure and analyse how the Web is used.
  • Widgets. On the Web, so-called widgets from Facebook and Twitter are used, so Spiir can display the latest Spiir activities from Facebook and/or Twitter. If you are logged into Facebook or Twitter, the overview is personal.

 

In the App:

  • Required tracking identifiers. These are used to distinguish between different mobile devices and to send push messages.
  • Analytical tracking identifiers. These are used to analyse how the App is used and to optimize the App.
  • Marketing tracking identifiers. These are used to measure and enhance the effect of Spiir's marketing for Spiir’s Services.

3.7.3 Withdrawal of consent/deletion of cookies

You may at any time withdraw your consent for Spiir to use cookies on the Web. In your browser, you can delete and block the use of cookies. How you do this depends on which browser you are using. If you use more than one internet browser, you must delete and block the use of cookies in all of them. You can find instructions on how to do this at youronlinechoices.eu.

3.7.4 If you do not accept cookies, etc.

If you do not accept that cookies are used on Spiir’s Web, you can either choose to stop using Spiir or delete cookies and block the use of cookies. Blocking cookies may lead to some functionality not being accessible on the Web.

In the App, it is not possible to delete or deselect the use of tracking identifiers. Therefore, if you do not accept the use of tracking identifiers, please do not use the App and uninstall it.

 

  • If Spiir is to provide support for you, Spiir may process personal data so we can help you.

  • Spiirs support can only access your transactions if you give explicit consent to it. The consent can always be recalled and expires after 7 days.

3.8 Support

3.8.1 In general

Based on your inquiry, Spiir provides support in connection with your use of Spiir’s Services.

When providing support, Spiir may access limited personal data that is registered about you. However, only data that is required will be accessed. Spiir will only access your transaction data with your prior consent.

3.8.2 Data

When you contact Spiir support, Spiir's employees can access limited data about you as a user:

  • Your email address
  • Names of the banks and accounts you have added to Spiir
  • Information about which features in Spiir you use and to what extent
  • Logs of events, such as when you have logged on or if errors have occurred during the use of Spiirs Services, etc.

 

Spiir’s employees cannot access your detailed information such as your accounts’ balances, your transaction information, and your receipt, unless you give your explicit consent.

3.8.3 Purpose

The purpose of Spiir's access to your information is to provide support and resolve any challenges you may have encountered using Spiir’s Services.

3.8.4 Legal basis

Spiir accesses your information in connection with support to meet your need for assistance. (GDPR, art. 6, sect. 1, lit. a.)

Spiir will only access your detailed data in connection with support, if you on Spiir’s request or your own accord explicitly consent hereto. (GDPR art. 6, sect. 1, lit. a.)

3.8.5 Withdrawal of consent

You may withdraw your consent at any time for Spiir to access your detailed data. After this, Spiir's support cannot access such data for support purposes. Your consent will automatically expire after 7 days.

3.8.6 If you do not consent

If you do not consent to Spiir accessing your detailed data when providing support, there may be issues that Spiir cannot provide support for.

 

  • Spiir only transfers your personal data with your consent, or where it is statutory, or to process legal claims.

  • You can allow others, such as your spouse or partner, to see your information in Spiir. You can always change this again.

4. Recipients/data disclosure

4.1 The personal data held by Spiir will not be disclosed to third parties without your consent, unless Spiir under applicable legislation is required to disclose the data, or if disclosure is required for Spiir to protect itself or to enforce legal claims, or as specified in these terms. 

4.2 You can give other Spiir users access to view your information in Spiir. This may for example be a spouse or partner. If you choose to do this, you simultaneously agree that Spiir, in order to comply with this agreement with you, may  disclose your information to the person concerned. You can always change this on the Web and in the App.

4.3 If you use an offer through Spiir Treats and/or a service by our partners, a unique ID (pseudonym) is forwarded to the offeror.

 

  • Spiir stores your personal information as long as you are a user of Spiir. However, if it is statutory or needed to handle legal claims, personal data is stored for a longer period.

  • Spiir can anonymize your information instead of deleting it.

5. Storage Period

5.1 Spiir stores your personal data until you delete your Spiir user. However, Spiir may store data for a longer period, if required to comply with legal requirements or to protect Spiir's legal interests.

5.2 In some cases, instead of deleting your personal data, Spiir will anonymize these so that the data can no longer be attributed to you.

 

  • You have several rights when Spiir processes your personal data.

  • You are entitled to insight into how Spiir's processes your personal data.

  • You have the right to have incorrect information corrected.

  • You are entitled to delete your information in some cases, and you can always delete your profile.

  • You have the right to so-called data portability.

  • You can always object to Spiir's processing of your personal data.

  • You always have the right to object with Spiir's use of your personal data for direct marketing.

6. Privacy Rights

6.1 At any time, you have the right to know what personal data Spiir processes about you, the purpose of the processing, where Spiir has obtained your personal data, and the identity of any recipient of your personal information.

6.2 At any time, you have the right to rectify incorrect or misleading personal data that Spiir is processing about you. You can correct personal information, such as your name, email address, etc. via your personal profile. Spiir would like to hear from you if we can help you correct your information.

6.3 In certain cases, you may require that the data Spiir processes about you is deleted. At any time, if you do not want to use Spiir’s Services anymore, you can delete your personal profile via the Web or via the App. All the data registered with your profile will then be deleted or anonymized and will not be recoverable.

6.4 At any time, you are entitled to receive the personal data you have provided to Spiir in a commonly used and machine-readable format. You can always retrieve your personal data via the Web.

6.5 You may at any time object to Spiir's processing of your personal data due to your particular circumstances.

6.6 At any time, you may object to Spiir's use of your personal data for direct marketing purposes. Spiir will then discontinue such use.

 

  • Spiir may transfer your data to certain data processors in countries outside the EU.

7. Transfer of personal data outside the EU

7.1 Spiir uses certain data processors located outside the EU. Below are the entities and legal bases for the transfer.

Slack Technologies, Inc. Standard Contractual Clauses (SCC)
The Rocket Science Group LLC. Standard Contractual Clauses (SCC)
SendGrid, Inc. Standard Contractual Clauses (SCC)
Google, Inc. Standard Contractual Clauses (SCC)
Branch Metrics, Inc. Standard Contractual Clauses (SCC)
Help Scout, Inc. Standard Contractual Clauses (SCC)
Facebook, Inc. Standard Contractual Clauses (SCC)

7.2 Upon request, Spiir may refer you to where you can obtain a copy of the applicable legal transfer basis.

 

  • Spiir handles your data confidentially. However, data can be accessed if necessary to resolve technical issues or to provide support to you, and Spiir asks for permission.

8. Confidentiality

8.1 Spiir always handles your personal data confidentially. Appointed employees with Spiir have the authority to access data where it is necessary to solve operational or technical issues. In connection with support for you, Spiir employees may, with your consent, access your transaction data. All Spiir's employees are subject to strict confidentiality requirements when processing personal data.

 

  • You can always withdraw all or some of your consents to Spiir.

9. Withdrawal of consent

9.1 At any time, you can withdraw your consent on the Web or in the App by deleting your profile at Spiir or by contacting Spiir.

9.2 If you withdraw one or more of your consent(s) you may no longer be able to use Spiir’s Services in whole or in part.

 

  • Spiir may change this privacy policy at any time. You will be informed of any changes.

10. Changes to the policy

10.1 Spiir reserves the right to change this policy at any time without prior notice. Changes to the policy will come into effect upon publication of the policy in Spiir’s Services.

Spiir also informs you of changes to the policy by contacting you at the email address you provided when setting up your profile, as a message in Spiir App or by push message.

 

  • If you have questions about Spiir's processing of your personal data, you can always contact dpo@spiir.dk.

11. Data Protection Officer

11.1 Spiir has appointed a data protection officer who advises Spiir regarding the processing of personal data and can guide you on how to exercise your rights. You can contact Spiir’s Data Protection Officer by contacting Spiir A/S, Att .: DPO, Mejlgade 48b, 2. th., DK-8000 Aarhus C, Denmark or dpo@spiir.dk.

11.2 If you have questions about the Privacy Policy or Spiir's processing of your personal data, please contact Spiir’s Data Protection Officer.

 

  • If you want to complain about Spiir's personal data processing you may contact Spiir directly or contact the Danish Data Protection Agency (Datatilsynet).

12. Complaints

12.2 If you wish to file a complaint regarding the processing of your personal data, we would love to hear from you. Spiir’s contact information can be found in section. 11.1. You can also file a complaint with Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Denmark or www.datatilsynet.dk, or your national competent authority.

 

  • The Privacy Policy was last updated in June 2021.

13. Version

13.1 This Privacy Policy has been updated in June 2021.

MCOBS Europe Privacy Notice (Spiir)

Effective Date: March 2024

This Privacy Notice (the “Notice”) describes how the Mastercard entities identified in the “How to Contact Us” section below (together, “Spiir,” “we,” or “us”) process your Personal Information.


Spiir is a Personal Financial Management app used by Mastercard OB Services Europe A/S ("MCOBS Europe"). MCOBS Europe will provide you with 'account information services' ("AIS"), which allows you to connect your online payment accounts to the Spiir application so that you can view consolidated payment account information (such as balance and transaction information), obtained from your online payment accounts through Spiir. Please see further information about how to contact MCOBS Europe, in the "How to Contact Us" section below.

This Notice describes the Personal Information we collect, the purposes for which we process that Personal Information, the parties with whom we may share it and the measures we take to protect its security. It also tells you about your rights and choices with respect to your Personal Information, and how you can contact us about our privacy practices.

This Notice applies to the processing of Personal Information you provide to us or that we collect through our website www.spiir.com (the "Site"), our mobile application, (the “App”) and any services provided by Spiir that link to this Notice (collectively the “Services”).

For more information about MCOBS Europe’s Open Banking Solutions, please visit Mastercard’s Open Banking Notice. For more information about Mastercard’s privacy practices in other contexts, please visit Mastercard’s Global Privacy Notice.


1. Personal Information We May Collect

We may collect the following types of Personal Information:

  • User account Information
  • Payment Account Information
  • Payment Receipts
  • Contact Information
  • Questionnaire and Quiz Information
  • Usage Information collected via cookies and similar technologies

For the purpose of this Privacy Notice, “Personal Information” means any information relating to an identified or identifiable individual. In connection with the provision of the Services, we obtain Personal Information relating to you from the various sources described below.

  1. Personal Information provided by you
     
    • User Account Information. When registering a user account with the Services, you must provide us with your e-mail address, password, and your country of residence. In case you make use of the “Joint Finances” feature, you must provide us with the email address of your partner user account user account (collectively “User Account information”).

    • Payment Account Information. You may choose to upload information about your bank account(s) to Spiir via the Site, such as account holder name or reference, balance, transactions, as well as the name(s) of other individuals with whom you share a bank account (“shared account”).

    • Payment Receipts. You may choose to upload electronic copies of payment receipts when using our Services. Where possible, we make these receipts searchable and process their content.

    • Contact information. When you contact us, via email, we collect your first and last name, email address, as well as any other content that you provide. Please be aware that if you do not provide certain contact information, we may not be able to answer your requests or queries. 

    • Questionnaire and Quiz Information. When you take part in questionnaires or quizzes within our Services, we collect any information that you provide through your answers. 

  2. Personal Information provided by third parties

    • Payment Account Information (uploaded via your Financial Institution(s)). We retrieve payment account information from the bank account(s) that you enrol into the Services, such as account holder name or reference, balance, and transactions.

  3. Personal Information automatically obtained from your interaction with the Services

    • Usage Information collected via cookies and similar technologies. When you use our Services, we may collect certain information via automated means such as cookies, web beacons, pixel tags, and embedded scripts. This usage information may include standard information from a web browser (such as browser type and browser language), the operating system used, the IP-address used, your overall geographical location, device identifier numbers, logs of events, information about which features you use and to what extent, and the actions taken on a website (such as how a visitor interacts with the web pages and the links clicked) (collectively “Usage Information”). For detailed information about the use of cookies and similar technologies, please see our cookie policy here.

 

2. How We May Use Your Personal Information

We may use your Personal Information to:

  • Provide and operate our Services
  • Evaluate the use and performance of our Service
  • Monitor and ensure data quality
  • Generate anonymised and/or aggregated data to prepare insights regarding spending patterns, fraud, and other trends
  • Diagnose and troubleshoot our Services, including customer support
  • Monitor and understand IT performance
  • Market, promote and advertise our Services
  • Comply with legal obligations, and to establish, exercise, or defend against legal claims
  • Detect, investigate, and prevent financial crime
  • To manage our customer and vendor relationships

Where required under applicable law, we will only use your Personal Information as necessary to provide you with our Services; with your consent; to comply with a legal obligation; or when there is a legitimate and overriding interest that necessitates the use.

We use Personal Information we obtain about you for the purposes set out below.  We will only process your Personal Information when we have a legal basis for the processing as identified in the table below.

Processing purposes Legal basis Categories of Personal Information

Provide and operate our Services

 This includes (a) creating and managing any user account you may have with us; (b) retrieving your Payment Account Information on a periodic basis; and (c) providing an overview of your spending and income.

The processing is necessary for entering into, or performance of a contract to which you are a party.

User Account Information

Payment Account Information

Payment Receipts

Contact Information

Questionnaire and Quiz Information

Usage Information

Monitor and ensure data quality

Monitoring IT performance of our Open Banking Solutions for stability, improvement and ensuring the integrity of our Solutions is necessary for the performance of the contract to which you are a party.

Compliance with a legal obligation (e.g., to detect and fix issues with data quality or accuracy).

Profile Information

Payment Account Information

Payment Receipts

Generate anonymised and/or aggregated data to prepare insights regarding spending patterns, fraud, and other trends

We have a legitimate interest in anonymising or aggregating Personal Information and analysing it for internal business purposes.

Where required under applicable law, we obtain your prior consent to process your Payment Account Information for this purpose.

User Account Information

Payment Account Information

Payment Receipts

Questionnaire and Quiz Information

Usage Information

Diagnose and troubleshoot, our Services, including customer support

This includes our ticketing system where you contact us for assistance when you are experiencing a technical issue

The processing is necessary for the performance of a contract to which you are a party (e.g., to keep the overview of your bank account(s) and the data provided therein up to date).

 

User Account Information

Payment Account Information

Contact Information

Usage Information

Monitor and understand IT performance

We have a legitimate interest in monitoring and understanding IT performance of our Services for stability and improvement and ensuring the integrity of our Services.

Usage Information

Market, promote and advertise our Services

We will obtain your prior consent to send you electronic direct marketing communications.

User Account Information

Contact Information

Questionnaire and Quiz Information

Usage Information

Comply with legal obligations, and to establish, exercise, or defend against legal claims

Compliance with a legal obligation (e.g., to respond to law enforcement requests or requests to exercise your data protection rights).

We, or a third party, have a legitimate interest in protecting against legal claims.

User Account Information

Payment Account Information

Payment Receipts

Contact Information

Questionnaire and Quiz Information

Usage Information

Any other data element you provide us when submitting a request

Detect, investigate, and prevent possible financial crime

This includes tracking and hindering any possible illegal activities and abuse of our products and services, including by monitoring logs.

 

We have a legitimate interest in detecting, investigating, and preventing financial crime, such as illegal activities or abuse of the Services, or we must do so to comply with legal obligations (e.g., under anti-money laundering laws).

User Account Information

Payment Account Information

Payment Receipts

Contact Information

Questionnaire and Quiz Information

Usage Information

To manage our customer and vendor relationships

Managing our customer and vendor to operate the Services is necessary for the performance of a contract to which you are a party.

Contact Information

Usage Information

 

3. How We Share Your Personal Information

We may share Personal Information with the following third parties:

  • Other Permitted Spiir users
  • Service Providers acting on our behalf
  • Other entities within the Mastercard group of companies
  • Public authorities
  • Potential transactional partners

We may disclose Personal Information we collect about you to the following third parties, for the purposes described below:

  1. Other permitted Spiir users

    You may allow other Spiir users to access and view your Personal Information in the Services (e.g., a spouse, via the “Partner Settings”). To enable such access, we may need to disclose your Personal Information to the concerned individual. You can revoke this access at any time in the Services’ settings.

  2. Service Providers acting on our behalf

    We may share Personal Information with our service providers who perform services on our behalf and in relation to the purposes described in this Notice (e.g., for marketing, security, hosting, customer support). We require these service providers by contract to only process Personal Information in accordance with our instructions and as necessary to perform services on our behalf or comply with legal requirements. We also require them to have safeguards designed to protect the security and confidentiality of the Personal Information they process on our behalf.

  3. Other entities within the Mastercard Group

    We share the Personal Information we collect with Mastercard’s headquarters in the U.S., our affiliates and other entities within the Mastercard group of companies, for the purposes described in this Notice. Please see the “Data Transfers” section below to understand how we comply with applicable cross-border data transfer rules.

    MCOBS Europe is part of the Mastercard group.  We engage MCOBS Europe to provide services which enable us to deliver our account information services and work with MCOBS Europe in connection with the delivery of our services. We therefore share your Personal Information with MCOBS Europe which is a controller for this purpose. If you have any questions regarding the services of MCOBS Europe, please contact us.

  4. Public authorities

    In some circumstances we share the Personal Information we collect with public authorities. This includes (i) if we are required to do so by law or legal process, (ii) in response to a request from a court, law enforcement authorities, or government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, to protect our legal interests, or in connection with an investigation of suspected or actual fraudulent or illegal activity.

  5. Potential transactional partners

    We reserve the right to transfer Personal Information we have about you to potential transactional partners or other third parties in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use Personal Information you have provided to us in a manner that is consistent with this Notice.

 

4. Your Rights and Choices

Subject to applicable law, you have the right to:

  • Access your Personal Information, rectify it, restrict, or object to its processing, request its deletion, and request us to transmit it to another company
  • Withdraw any consent provided, including in relation to the use of cookies and other tracking technologies
  • Opt-out from receiving marketing communications
  • Where applicable, lodge a complaint with your supervisory authority

You can exercise your rights by accessing the export feature on Mine Spiir platform or by submitting a manual request as described in the “How to Contact Us” section below.

You can learn more about Mine Spiir’s export feature here.


Please see the “Data Transfers” section below to understand how we comply with applicable cross-border data transfer rules (including for any Personal Information provided in connection with data export accessible from Mine Spiir.).  

You have certain rights regarding the Personal Information we maintain about you and certain choices about what Personal Information we collect from you, how we use it, and how we communicate with you.

Subject to applicable law, you have the right to:

  • Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer information to another company.
  • Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.

  • Opt-out from receiving marketing communications by clicking on the unsubscribe link in such communications or via your privacy settings in the Services.
  • Not to provide Personal Information to us by refraining from using our Services and from submitting Personal Information directly to us. When we collect Personal Information from you, we indicate whether and why it is necessary to provide it to us, as well as the consequences of failing to do so. If you do not provide Personal Information, we may not be able to provide you with our Services if that information is necessary to provide you with them, or if we are legally required to collect it in relation to the provision of such Services.

 

The above rights may be limited in some circumstances by local law requirements.

To update your preferences, ask us to remove your information from our mailing lists or submit a request to exercise your rights under applicable law, contact us as specified in the "How To Contact Us" section below.

If we fall short of your expectations in processing your Personal Information or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time and as required under applicable law.

 

5. How We Protect Your Personal Information

We maintain appropriate security safeguards to protect your Personal Information and only retain it for a limited period of time.

We maintain appropriate administrative, technical, and physical safeguards to protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorised alteration, unauthorised disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. The types of measures we take vary depending on the type of data, and how it is collected and stored. 

We restrict access to Personal Information about you to those employees who need to know that information to provide products or services to you. All our employees are subject to strict confidentiality requirements when processing Personal Information.

When determining the specific retention period, we take into account various criteria, such as the type of service provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law and the statute of limitations.

We retain your Personal Information until you delete your user account on our Services. However, we may retain Personal Information for a longer period, if required to comply with legal requirements or to protect our legal interests.

We also take measures to delete your Personal Information or keep it in a form that does not permit your identification when this information is no longer necessary for the purposes for which we process it or when you request their deletion unless we are required by law to keep the information for a longer period.

 

 

6. Data Transfers

We may transfer your Personal Information outside of your country, including to the United States, in compliance with Mastercard Binding Corporate Rules and other data transfer mechanisms.

Spiir is the Personal Financial Management application used by MCOBS Europe which is part of the Mastercard group, a global business. We may transfer or disclose Personal Information to third party recipients which are situated in countries other than your country. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer or disclose your Personal Information to other countries, we will protect that information as described in this Notice.

We comply with applicable legal requirements when transferring Personal Information to countries other than the country where you are located.   If Personal Information is transferred to a country outside the EEA, the adequacy of that country and the organisations and systems processing the information is assessed to ensure that appropriate safeguards are in place.  This is in accordance with EU data protection law and may be by an adequacy decision issued by the EU, Binding Corporate Rules, standard contractual clauses or other transfer mechanisms as permitted by law.

Mastercard has established and implemented Binding Corporate Rules (“BCRs”) that have been recognised by the relevant European Data Protection Authorities as providing an adequate level of protection to the Personal Information we process globally. Copies of our BCRs applicable to the EEA and to the UK are available here.

You may contact us as specified in the “How to Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of the UK or EEA.

 

You may choose to use certain features for which we partner with other entities that operate independently from us.

 

8. Children’s Privacy

The Services are not intended for use by children under the age of 16 years old. We do not knowingly collect information from children under the age of 16.

Our Services are not directed to, or intended for, children under the age of 16. If you learn that a child has provided us with Personal Information in violation of this Notice, please alert us at spiirprivacy@mastercard.com.

 

9. Updates to This Notice

This Notice may be updated periodically to reflect changes in our privacy practices.

This Notice may be updated periodically to reflect changes in our Personal Information practices. We will notify you of any significant changes to our Notice and indicate at the top of the Notice when it was most recently updated. If we update this Privacy Notice, in certain circumstances, we may seek your consent.

 

10. How to Contact Us

You may contact our global privacy office at spiirprivacy@mastercard.com, or write to us at:

Att.: Privacy
Mastercard OB Services Europe
Arne Jacobsens Allé 13
2300, Copenhagen
Denmark

If you have any questions, comments or complaints about this Notice and our privacy practices, or would like to update your privacy preferences, please email us at: spiirprivacy@mastercard.com or write to entity responsible for the processing of your Personal Information (or data controller) as indicated below:

Att.: Privacy
Mastercard OB Services Europe
Arne Jacobsens Allé 13
2300, Copenhagen
Denmark