(Version 2.3 – Date 28.11.2017)
In general, it is possible to use our Services without providing any personal data. Insofar as personal data are collected via our Services, this shall take place, as far as possible, on a voluntary basis.
Your data will only be transmitted to third parties if this is necessary for the performance of the contract or if you have previously consented to this.
We would like to point out that there are inherent security risks in the transmission of data via the internet (e.g. in communication via email). It is thus not possible to guarantee complete protection of data from access by third parties.
I. Responsible authority
The authority responsible for the collection, processing and use of personal data within the context of the Federal Data Protection Act is:
N26 Bank GmbH, Klosterstrasse 62, 10179 Berlin
You will find more detailed information regarding N26 Bank GmbH (hereinafter "N26 Bank") in the Imprint.
For the technical provision of our Services, N26 Bank is supported by N26 GmbH, Klosterstrasse 62, 10179 Berlin and is bound by its instructions. With regard to the collection, use and processing of data within the framework of our Services, there is a written agreement between N26 Bank (Client) and N26 GmbH (Contractor) concerning contract data processing pursuant to sec. 11 of the Federal Data Protection Act (BDSG).
II. Data collection in case of informational use of our Website and Web App
If you visit our Services purely for informational reasons (and do not open a current account with N26 Bank), we shall not collect any personal data, with the exception of the data which your browser or your end device transmits in order to enable your visit to our Website or Web App. Thereby, the following data will be transmitted to N26 Bank:
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/http status code
Volume of data transferred
Website (from which the request comes)
Language and version of the browser software
Advertising Identifier (IDFA)
Additionally, through the use of our Website and Web App, Cookies will be stored on your end device. You will find further information on the Cookies used under VI.
III. Data processing within the framework of N26 products
1. Data collection and processing in case of opening and using the N26 current account.
The following data will be collected, used and processed by N26 Bank for the purpose of opening a current account with N26 Bank ("Sign-up") and using the Services of N26 Bank:
First name and surname
Date of birth
Place of birth
Mobile telephone number
Identification document including (for details see III.)
Type of identification document
Additionally, N26 Bank is legally obligated to document and store your payments and transfers processed within the framework of your use of the current account.
The Moneybeam service is available to you within the framework of use of our current account. You can send money to your contacts via MoneyBeam without knowing their bank details. If the recipient is also an N26 customer, the transactions will be carried out in real time. To enable this, N26 Bank will access your contacts stored on your end device. Furthermore, as a current account holder with N26 Bank, you are visible to your contacts if they are also customers of N26 Bank. N26 Bank shall only access your stored contacts if you previously consent to this. You will also only be visible for other customers of N26 Bank if you have previously expressly consented to this or enable this subsequently in the system preferences.
2. Data collection and processing when using N26 Invest
Within the framework of our optional investment service N26 Invest, N26 Bank collaborates with vaamo Finanz AG, Mainzer Landstrasse 250, 60326 Frankfurt am Main (hereinafter: "vaamo") and with FIL Fondsbank GmbH, Kastanienhöhe 1, 61476 Kronberg im Taunus (hereinafter: "FFB"). In order to facilitate this service for our customers, the following data will be transmitted to vaamo and FFB for creating a portfolio and concluding a depositary agreement with FFB.
First name and surname
Date and place of birth
Mobile telephone number
Identification document type
Identification document number
Place of birth
N26 Bank will only transmit your data to vaamo and FFB if you have previously expressly consented to their transmission.
3. Data transmission within the framework of N26 Black
In order to facilitate your insurance cover within the framework of N26 Black, we collaborate with AWP P&C S.A. (branch for the Netherlands, which operates as Allianz Global Assistance Europe and is a member of Allianz Group). For this purpose, we will transmit your first name and surname, date of birth, email address, N26 reference number and registered address to AWP P&C S.A.
4. Data transmission within the framework of N26 TransferWise
In co-operation with TransferWise Ltd., 6th Floor, The Tea Building, 56 Shoreditch High Street, London E1 6JJ, Great Britain (hereinafter: "TransferWise"), we offer "international transfers" from N26 current accounts. For the purposes of this service, we will transmit the data collected concerning your identification document, first name and surname, date of birth, registered address, telephone number and email address to Transferwise. Additionally, upon regulatory inquiry by TransferWise, N26 Bank is obligated to transmit to TransferWise the copy of your identification document created in the course of the process of opening your current account. TransferWise will use these data exclusively for anti-money laundering purposes prescribed by law. N26 Bank will only transmit your data to TransferWise if you previously consent to this data transmission.
5. Data transmission within the framework of Cash26
In order to be able to implement the Cash26 service and enable you to withdraw cash, we shall transmit your account details and the corresponding transaction data to the Cash26 partners selected by you (Penny, Real and REWE BUDNI, Ludwig, ON Express, Eckert, Adam's, Barbarino and Mobilcom Debitel) whenever you wish to withdraw cash using Cash26.
6. N26 Credit
If you wish to apply for a N26 consumer credit, you must provide at least the following details regarding your credit request:
details of the desired loan amount,
details of the intended purpose of the loan,
detailed presentation of monthly net income and other monthly incomes (child benefit, rental income, etc.) of the credit applicant, detailed presentation of the monthly expenses (rent, insurance, maintenance, etc.) as well as details of your property (the data in this section 1 will hereinafter be referred to jointly as the "financial report"),
details of whether you have the use of a car belonging to you or to a third party (hereinafter "car").
Additionally, N26 Bank shall transmit your data to the SCHUFA within the framework of N26 Credit. You will find more detailed information on this below under section V.
After submission of your credit application, we will be entitled to use the personal data listed hereinafter. Using a mathematical-statistical procedure for calculating a probability value, we will assess your default risk and calculate the amount that you will be able to repay on a monthly basis.
The following personal data will be required from you:
The SCHUFA score concerning you communicated by the SCHUFA.
The data provided by you within the framework of your registration, e.g. the availability of a car and the availability of residential property (hereinafter "Personal Score Data").
If you have already received a loan from N26 Bank and you have separately consented to the electronic transmission of these data to us, additional information and data on the repayment and progress of this loan will be used, e.g. defaults on payments and punctual payments.
7. Data transmission within the framework of N26 Fixed Savings
N26 has the right to process and use the personal customer data that N26 has gained as part of the business relationship with the customer for the purposes of contract implementation.
As part of the services N26 renders for the customer, it is necessary for certain personal data to be exchanged between N26, Raisin GmbH, MHB Bank AG and the partner bank with which the customer wishes to conclude or has concluded a deposit contract. This personal data includes the form of address, title, first name(s), last name, street/street number, postcode/place, email address, mobile number, the deviating shipping address (where applicable), nationality, date of birth, birth place, birth country, marital status, job, job field (where applicable), tax identification number and residency, IBAN and BIC of the reference account, documentation provided by the customer as well as information regarding the balance and status of the customer's deposits. As the contract data processor, N26 provides Raisin with the named data for the purposes of concluding the contract with the customer.
The customer agrees that personal data (person master data, account data) may also be conveyed to him via (unencrypted) email for the purposes of contract implementation.
8. N26 Insurance
In co-operation with Clark Germany GmbH ("Clark"), N26 offers insurance services in connection with an insurance wallet for customers with N26 current accounts. For the purposes of this service, we will transmit the data collected concerning your personal information and your insurance data, i.e. the details of your insurance contracts or individual insurance claims to Clark and broker pools. Your personal information includes your name, email address, birth date, your gender and KYC address. Clark and N26 will use these data exclusively for the purpose of fulfilling the broker contract. N26 Bank will only transmit your data to Clark to other purposes if you previously consent to this data transmission.
For certain insurance, it is necessary to provide health-related information (e.g., in the case of health insurance and life insurance). As health-related data is particularly sensitive information, we will ask you to give express consent so that we can collect and process this data.
IV. Identification procedures
N26 Bank is legally obligated to check your identity using a valid identification document within the framework of opening an account and to store specific information from the identification document. For this purpose, we offer you a Video-Ident procedure as well as a Post-Ident procedure.
1. Video-Ident procedures
The execution of video identification is performed either on behalf of N26 Bank by the service provider IDnow GmbH, Auenstr. 100, 80469 Munich (hereinafter: "IDnow") or directly by employees of N26 Bank. In both cases, identity is established by means of a web-based video identification procedure via an encrypted transmission path.
For this purpose, N26 Bank will transmit your personal data (first name and surname, date and place of birth, nationality, email address, sex, mobile telephone number, registered address, preferred language) to IDnow. IDnow will allocate a process number to these data, which will be communicated to you by N26 Bank and with which you can carry out the video identification. A secure video connection will be established between IDnow and your end device to enable the required direct visual contact. Thereupon, an employee of IDnow will check your identifying characteristics provided by us, on the basis of the identification document. To prove the proper execution of the Video-Ident procedure, the employee must be able to access the camera of your end device and take photographs of you and the front and rear sides of your personal identification document or the principal page of your passport. After taking the photograph of your identification document, the information on the photograph regarding height, eye colour and access number will be irrevocably blacked out by IDnow. This redacted photograph of your identification document will then be transmitted to N26 Bank. The conversation held between you and the employee of IDnow will be recorded and stored for evidentiary purposes. At the start of the video identification, the employee of IDnow will ask for your express consent to the taking of the photographs and the recording of the conversation. The data will be transmitted by IDnow to N26 Bank and deleted from the IDnow server within 90 days. If you do not wish for the creation of photographs or recordings, we request that you use the Post-Ident procedure for identification confirmation.
During the video identity confirmation, IDnow must ensure the authenticity of the personal identity document or passport presented by you. Additionally, the employee of IDnow must properly visually inspect the integrity of the identification document and the respective optical security features of the identification document. The IDnow employee will also ask you to read out the complete serial number on your identification document.
To conclude the Video-Ident procedure, IDnow will send you a TAN via SMS, which you shall please confirm via the input field provided, upon request by the employee of IDnow.
2. Post-Ident procedure
The Post-Ident procedure is carried out by Deutsche Post AG (hereinafter: "Deutsche Post") on behalf of N26 Bank. With the Post-Ident procedure, you can have the identity check carried out in your local post office.
We will send you an email with a coupon. Please bring a printout of the coupon (with individual reference number for internal assignment of the identification documentation) together with your personal identity document or your passport and certificate of registration to the nearest post office branch. Please note that this service is only offered in branches of Deutsche Post; parcel offices or postal agencies may not offer this service.
The postal employee will then transfer the data from your identification papers into the coupon. You must subsequently check these data and sign the coupon. This signature will be confirmed by the postal employee with a signature and stamp and sent to N26 Bank.
V. Credit check and data transmission
1. Credit check and data transmission to the SCHUFA (applicable to end customers located in Germany)
When you open an account with N26 Bank ("Sign-Up"), when granting an overdraft facility and when granting an instalment loan (N26 Credit - see section III 6.), we will transmit your data to the SCHUFA for the purpose of a creditworthiness check. This transmission shall only take place if you have previously expressly consented to N26 Bank performing a creditworthiness check with the SCHUFA.
Furthermore, N26 Bank shall transmit to the SCHUFA the data of its customers concerning the substantiation, proper execution and termination of the overdraft facility agreement and your instalment loan, unless the legitimate interests of the customer in excluding the transmission obviously outweigh the interests of the SCHUFA in acquiring the data.
The SCHUFA will store and use the data received. This use also comprises the calculation of a probability value for evaluating the credit risk (Score) based on the SCHUFA database. The SCHUFA shall transmit the data received to its contractual partners in the European Economic Area and Switzerland, in order to provide them with information for evaluating the creditworthiness of individuals. Contractual partners of the SCHUFA are companies which bear financial default risks based on performances or deliveries (particularly banks and credit card and leasing companies, but also, for example, rental, retail, telecommunications, energy supply, insurance and debt collection companies). The SCHUFA shall only make personal data available if a justified interest in this has been credibly presented in the individual case and the transmission is permissible in consideration of all interests. Therefore, the scope of the respective data made available may differ depending on the type of contractual partner. Furthermore, the SCHUFA shall use the data to check the identity and age of persons, upon request by their contractual partners, which for example offer services on the internet.
Otherwise, N26 Bank will only transmit data to the SCHUFA concerning existing outstanding debts of their customers in the cases legally governed under § 28a para. 1 of the German Federal Data Protection Act (BDSG).
In addition, we will also transmit data to the SCHUFA concerning other non-contractual conduct (e.g. fraudulent behaviour). Under the Federal Data Protection Act (§ 28 paragraph 2), these reports are only permitted to the extent that they are necessary to protect our legitimate interests or those of third parties, and there is no reason to believe that your legitimate protectable interests in excluding the transmission outweigh them. To that extent, at the same time you release us from our duty of banking secrecy.
You are entitled to demand information from the SCHUFA concerning the data stored there about you. Further information about the SCHUFA information and score procedure is retrievable at https://meineschufa.de. The postal address of the SCHUFA is: SCHUFA Holding AG, Privatkunden Servicecenter, Postfach 103441, 50474 Köln.
This section V. 1 is only applicable to end customers located in Germany.
2. Transmission of personal data to CRIF GmbH (applicable to end customers located in Austria)
For the purpose of verifying your identity as well as checking your credit and payment history, N26 Bank requests information about your payment history, company and address data from CRIF GmbH, Diefenbachgasse 35, A-1150 Vienna. Your first and last name, date of birth and address are transmitted. In addition, any breach of contract in the course of the contractual relationship with N26 Bank GmbH will be reported to CRIF. You can revoke your consent at any time by e-mail to terms@N26.com.
For the purpose of requesting your data from CRIF as well as reporting any negative payment incidents, you also release N26 Bank GmbH from the bank secrecy. You can revoke this consent via email to terms@N26.com at any time.
This section V. 2 is only applicable to end customers located in Austria.
VII. Social Plugins
1. Use of Facebook plugins
Plugins from the social network Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA) are integrated in our Services. You can recognise the Facebook plugins from the Facebook logo or the "Like button" on our page. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/.
If you do not want Facebook to be able to associate the visit to our Services with your Facebook user account, please log out of your Facebook user account.
2. Use of Twitter
Functions of the Twitter service are integrated in our Services. These functions are offered by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "re-tweet" function, the websites visited by you are linked to your Twitter account and announced to other users. Data are thereby also transmitted to Twitter.
You can change your Twitter privacy settings in the account settings at http://twitter.com/account/settings.
3. Use of LinkedIn
Our Services use functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter: "LinkedIn"). If you visit our Services and click on the LinkedIn plugin ("recommend button"), a connection to the LinkedIn servers will be established. LinkedIn will be informed that you have visited our Services with your IP address. If you click on the LinkedIn "recommend button" and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our Services with your user account. We hereby point out that as provider of the pages, we do not receive any information on the contents of the data transmitted and their use by LinkedIn.
4. Use of Instagram
Functions of the Instagram service are integrated in our Services. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA (hereinafter: "Instagram"). If you are logged into your Instagram account, you can link the contents of our pages with your Instagram profile by clicking on the Instagram button. Thereby, Instagram can associate the visit to our Services with your user account. We hereby point out that as provider of the Services, we do not receive any information on the contents of the data transmitted and their use by Instagram.
VIII. Use of tracking technologies
1. Use of Google Analytics and Google Tag Manager on our Website and our Web-App
Our Website and our Web-App use Google Analytics and Google Tag Manager; web analysis services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). Google Analytics and Google Tag Manager use so-called "Cookies"; text files which are stored on your computer/smartphone and which enable analysis of your use of our Website and Web-App. The information generated by the Cookie about your use of our Website and Web-App is generally transmitted to a Google server in the USA and stored there. However, within member states of the European Union or in other parties to the Agreement on the European Economic Area, your IP address will be previously shortened by Google on our Website and Web-App.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this Website/App to evaluate your use of the Website, in order to compile reports about the Website activities and to render further services to the Website operator/App operator connected with the Website use/app use and internet use. The IP address transmitted by your browser within the framework of Google Analytics and Google Tag Manager will not be merged with other data from Google.
You can prevent the storage of Cookies by configuring your browser software accordingly; however, we hereby point out that in this case you may not be able to use all functions of our Website fully. Furthermore, you can prevent the collection of the data generated by the Cookie related to your use of our Website (incl. IP address) by Google as well as the processing of these data by Google, by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout
You can find more detailed information about this here: http://google.com/intl/de/analytics/privacyoverview.html (general information about Google Analytics and data protection).
We hereby point out that, on our Website, Google Analytics are expanded with the code "gat._anonymizeIp();" in order to guarantee an anonymised collection of IP addresses (so-called IP Masking).
2. Use of Adjust in our App
The App of N26 Bank uses the Adjust usage statistics and analysis technology of adjust GmbH, Saarbrücker Str. 36, 10405 Berlin (hereinafter: "Adjust"). When you open the App, Adjust collects installation and event data, such as for example "App opened." We use this anonymised information to understand how users interact with our App and to analyse mobile ad campaigns. Adjust uses your anonymised IDFA or Android ID as well as your anonymised IP and MAC address for this type of analysis. It is not possible to identify you individually.
3. Use of Crashlytics in our App
4. Use of TrackJS on our Website and our Web-App
5. Use of SnowPlow on our Services
6. Use of Finance ads on our Website
N26 Bank uses the Re-Targeting Tool of financeAds GmbH & Co. KG, Karlstrasse 9, 90403 Nuremberg (hereinafter: "Finance Ads"), in order to be able to inform you about advertising on other websites that may interest you. For this purpose, alias information about the use of our Services will be stored in Cookies and on this basis advertisements will be displayed on other websites. No usage profiles will be merged with your personal data as a result of this and no identifying information about your person will be disclosed to third parties. You can prevent the storage of Cookies via browser settings.
Alternatively, you can object to this data usage by setting an opt-out Cookie via the following link, which remains on the device until you delete the Cookies: https://financeads.net/ueberuns/cookies/
7. Use of FinanceQuality on our Website
N26 Bank uses the FinanceQuality statistics tool. FinanceQuality.net is a service provided by Netzeffekt GmbH, Theresienhöhe 28, 80339 Munich. With the FinanceQuality tool, N26 Bank can record the online mediation achieved from other pages.
Alongside other optional tracking technologies, the use of FinanceQuality is based on Cookie/tracking pixel tracking. A Cookie is a text file which is stored on the user's computer when they click on an advertisement/tracking link. The regular Cookie runtime is 30 days. According to information from FinanceQuality, only anonymised Cookies are used. Cookies do not contain any personal data of the user.
8. Use of HasOffers on our Website
9. Use of Taboola on our Website
IX. Retargeting – Use of Google Adwords (Remarketing/Conversion Tracking) on our Website
N26 Bank uses the Google Adwords service from Google. Our Website uses the Remarketing function from Google Adwords. This function serves to present visitors to the Website with advertisements tailored to their interests, within the framework of the Google advertising network. The Website visitors' browser stores so-called "Cookies"; text files which are stored on your end device and which enable the user to be recognised when they access websites which are part of Google's advertising network. On these pages, the user can then be shown advertisements related to content that the visitor has previously accessed on websites which use Google's Remarketing function.
X. Use of Voluum DSP on our Website
XI. Use of Tradedesk on our Website
XII. Email newsletter
In our email newsletter, we inform you about our offers. If you would like to receive the email newsletter, we require an email address from you. We will only send you our newsletter if you expressly consent to this as you open an account. We will thereby check whether you are the holder of the email address given or its holder is in agreement with receiving the email newsletter. This storage solely serves as proof in case a third party misuses an email address and registers to receive the newsletter without the knowledge of the entitled party. These data will only be used for sending the email newsletter and will not be disclosed to third parties.
In our newsletter, we use the Remarketing functions of the Salesforce Marketing Cloud from the service provider salesforce.com, Inc. The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA (hereinafter: "Salesforce"). If you consent to receiving our newsletter and visit our site via a newsletter, Cookies will be set which will enable N26 Bank to understand the customer's interest in the newsletter.
Furthermore, in the email newsletter, Salesforce uses so-called Web Beacons. Web Beacons (also called ClearGIFs or tracking pixels) are small graphics (approx. 1x1 size GIF files) which among other things are set on websites or in HTML emails in order to provide the website operators with a better understanding of visitors' interactions with the website. Web Beacons fulfil similar functions as Cookies, but they are not visible to the users. Information can be obtained via Web Beacons, in particular about whether the email was opened and whether the user's system is capable of receiving HTML emails. No personal data is collected via the Web Beacon.
You can revoke your consent to storage of the data and the email address, as well as their use for sending the email newsletter, at any time. The revocation can be made via a link in the newsletter or via a message to the contact options below.
XIII. Transmission of personal data abroad
Insofar as N26 Bank transmits data to states outside of the scope of application of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 for the protection of natural persons during the processing of personal data and for the free movement of data, N26 Bank shall ensure that the recipient of the data guarantees an appropriate level of data protection. In case of transmission to the USA, N26 Bank will obligate the recipient to observe and comply with the principles of the Privacy Shield (i.e. to recognise minimum standards in handling personal data). Additionally, in order to ensure an appropriate level of protection by the recipient of the data, we use the standard contracts of the European Union for the transmission of data outside the EU, as amended.
XIV. Information, correction, deletion and revocation
You are entitled at any time to receive information free of charge about your stored personal data, its origin and recipient and the purpose of the data processing. Furthermore, in the cases listed in sec. 35 BDSG, you are entitled to the correction, blocking or deletion of your personal data. N26 Bank hereby points out that corresponding documentation may be requested in order to authenticate a person before its issue, because personal data is not allowed to be issued to unauthorised persons.
If you have granted consent to use data, you may revoke this at any time with effect for the future. The revocation of consent may cause our services no longer to be unrestrictedly available to you or the user relationship to be terminated. It is hereby pointed out that in some cases, collection and storage of data regardless of consent may be required by applicable law. In such cases, we will discontinue any further processing and use of your personal data and delete or block them, insofar as we are not obligated under statutory provisions to continue to process or in particular to store them.
Please direct all requests for information, queries or revocations regarding data processing via email to firstname.lastname@example.org or in writing to the address specified in the Impressum.