(Version 2.1 – Date 28.11.2017)
In general, it is possible to use our Services without providing any personal data. Insofar as personal data are collected via our Services, this shall take place, as far as possible, on a voluntary basis.
Your data will only be transmitted to third parties if this is necessary for the performance of the contract or if you have previously consented to this.
We would like to point out that there are inherent security risks in the transmission of data via the internet (e.g. in communication via email). It is thus not possible to guarantee complete protection of data from access by third parties.
I. Responsible authority
The authority responsible for the collection, processing and use of personal data within the context of the Federal Data Protection Act is:
N26 Bank GmbH, Klosterstrasse 62, 10179 Berlin
You will find more detailed information regarding N26 Bank GmbH (hereinafter "N26 Bank") in the Impressum.
For the technical provision of our Services, N26 Bank is supported by N26 GmbH, Klosterstrasse 62, 10179 Berlin and is bound by its instructions. With regard to the collection, use and processing of data within the framework of our Services, there is a written agreement between N26 Bank (Client) and N26 GmbH (Contractor) concerning contract data processing pursuant to sec. 11 of the Federal Data Protection Act (BDSG).
II. Data collection in case of informational use of our Website and Web App
If you visit our Services purely for informational reasons (and do not open a current account with N26 Bank), we shall not collect any personal data, with the exception of the data which your browser or your end device transmits in order to enable your visit to our Website or Web App. Thereby, the following data will be transmitted to N26 Bank:
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/http status code
Volume of data transferred
Website (from which the request comes)
Language and version of the browser software
Advertising Identifier (IDFA)
Additionally, through the use of our Website and Web App, Cookies will be stored on your end device. You will find further information on the Cookies used under VI.
III. Data processing within the framework of N26 products
1. Data collection and processing in case of opening and using the N26 current account.
The following data will be collected, used and processed by N26 Bank for the purpose of opening a current account with N26 Bank ("Sign-up") and using the Services of N26 Bank:
First name and surname
Date of birth
Place of birth
Mobile telephone number
Identification document including (for details see III.)
Type of identification document
Additionally, N26 Bank is legally obligated to document and store your payments and transfers processed within the framework of your use of the current account.
The Moneybeam service is available to you within the framework of use of our current account. You can send money to your contacts via MoneyBeam without knowing their bank details. If the recipient is also an N26 customer, the transactions will be carried out in real time. To enable this, N26 Bank will access your contacts stored on your end device. Furthermore, as a current account holder with N26 Bank, you are visible to your contacts if they are also customers of N26 Bank. N26 Bank shall only access your stored contacts if you previously consent to this. You will also only be visible for other customers of N26 Bank if you have previously expressly consented to this or enable this subsequently in the system preferences.
2. Data transmission within the framework of N26 Black
In order to facilitate your insurance cover within the framework of N26 Black, we collaborate with AWP P&C S.A. (branch for the Netherlands, which operates as Allianz Global Assistance Europe and is a member of Allianz Group). For this purpose, we will transmit your first name and surname, date of birth, email address, N26 reference number and registered address to AWP P&C S.A.
3. Data transmission within the framework of N26 TransferWise
In co-operation with TransferWise Ltd., 6th Floor, The Tea Building, 56 Shoreditch High Street, London E1 6JJ, Great Britain (hereinafter: "TransferWise"), we offer "international transfers" from N26 current accounts. For the purposes of this service, we will transmit the data collected concerning your identification document, first name and surname, date of birth, registered address, telephone number and email address to Transferwise. Additionally, upon regulatory inquiry by TransferWise, N26 Bank is obligated to transmit to TransferWise the copy of your identification document created in the course of the process of opening your current account. TransferWise will use these data exclusively for anti-money laundering purposes prescribed by law. N26 Bank will only transmit your data to TransferWise if you previously consent to this data transmission.
4. Data collection and processing in case of credit applications
The credit product is currently only available and applicable for user with their residence in France.
4.1. Data Collection for the Arrangement of Credit Applications
If you wish to apply for a N26 consumer credit, you must provide at least the following details regarding your credit request:
- the desired loan amount,
- the loan's intended purpose,
- declaration whether insurance for the remaining loan is desired,
- detailed exposition of your monthly net income and other monthly incomes (child benefit, rental income, other income.), detailed exposition of monthly expenses (rent, alimony, mortgage, child care, debt) as well as statements regarding your property (data referenced in this section will be referred to as the "financial report" hereinafter),
- declaration about your family, housing and employment status.
The abovementioned data shall jointly with the personal data from section III. 1. from this policy be referred to as the "Credit Application Data" hereinafter.
All information asked during the credit application are mandatory for the processing of your application.
4.2 Consent to the data transfer to Younited Credit
Younited Credit is a French société anonyme governed by an executive board and a supervisory board with a share capital 1.107.060 euros, its registered office is located at 24 rue Drouot, 75009 Paris (France) and registered with the RCS of Paris with the unique number 517 586 376. Younited Credit is authorised by the French Prudential Supervisory Authority as credit and investment institution (number: 16488).
You explicitly consent to the collecting, saving, processing and transmission of the Credit Application Data to Younited Credit for the purpose of obtaining a loan with Younited Credit. Younited Credit is allowed to use the transmitted data for the purpose of granting credit, financial control, ongoing and intensified loan management, as well as making follow-ups. Your application might be declined by Younited Credit, who is solely responsible for the decision of granting the credit. Every false declaration might be subject to a specific treatment for the purpose of fraud prevention.
Your Credit Application Data can be used to fulfill regulatory measures, especially regarding anti-money laundering and anti-terrorism financing measures.
You further consent that we and Younited Credit send you personal loan contract including the pre-contractual information (including your personal data and part of your credit application data) via unencrypted e-mail.
N26 will only transmit data to Younited Credit if you previously explicitly consent to the transmission.
You can revoke your consent in part or total any time without giving a reason.
4.3 Digital Bank Statement Upload-Function
In case the user does not use N26 as main account, the credit applicant might be asked to provide their main account bank statement via the Digital Bank Statement Upload-Function provided by the FinTecSystems GmbH, Gottfried-Keller-Str. 33, 91245 München (hereinafter "FTS"). The Digital Bank Statement Upload-Function allows the applicant to create a bank statement from their main bank account and transmit it to N26 directly from the N26 App by entering their online-bank login details into a securely encrypted login page provided by our partner FTS. Your login information is not stored neither by N26 nor by FTS and is only used once to create and transmit your bank statement. The consent to use this service is voluntary.
N26 collects, processes, saves, and uses the following personal data with regard to this service:
Customer master data: name, surname, address, telephone number, date of birth, account data (name of bank, account type, IBAN, BIC).
Transaction data (bank account): account balance, credit limit, overdraft limit, activity ranging up to 365 days into the past, standing orders, fixed date transfers.
N26 makes uses the hereby obtained data exclusively to validate declarations made by the user regarding their monthly expenses and incomes as well as assessing the users capability to repay the agreed monthly loan installments.
4.4 Digital Contract Signing
In order to complete the credit application, the user needs to digitally sign the credit contract. For this service, N26 and Younited Credit have chosen to work together with SAS Cryptolog International ("Universign") with a share capital of 508.932 €, registered with the RCS of Paris with the unique number 439 129 164 and registered office at 7 rue du Faubourg Poissonnère, 75009 Paris, France. To use the digital signing service of Universign N26 and Younited Credit share your first name, last name, phone number and e-mail address with Universign. This data transfer is required for establishing and executing the contract.
IV. Identification procedure
N26 Bank is legally obligated to check your identity using a valid identification document within the framework of opening an account and to store specific information from the identification document. For this purpose, we offer you a Video-Ident procedure.
The execution of video identification is performed on behalf of N26 Bank by the service provider IDnow GmbH, Auenstr. 100, 80469 Munich (hereinafter: "IDnow"). Identity is thereby established by means of a web-based video identification procedure via an encrypted transmission path.
For this purpose, N26 Bank will transmit your personal data (first name and surname, date and place of birth, nationality, email address, sex, mobile telephone number, registered address, preferred language) to IDnow. IDnow will allocate a process number to these data, which will be communicated to you by N26 Bank and with which you can carry out the video identification. A secure video connection will be established between IDnow and your end device to enable the required direct visual contact. Thereupon, an employee of IDnow will check your identifying characteristics provided by us, on the basis of the identification documents. To prove the proper execution of the Video-Ident procedure, the employee must be able to access the camera of your end device and take photographs of you and the front and rear sides of your personal identification documents or the principal page of your passport. After taking the photograph of your identification document, the information on the photograph regarding height, eye colour and access number will be irrevocably blacked out by IDnow. This redacted photograph of your identification document will then be transmitted to N26 Bank. The conversation held between you and the employee of IDnow will be recorded and stored for evidentiary purposes. At the start of the video identification, the employee of IDnow will ask for your express consent to the taking of the photographs and the recording of the conversation. The data will be transmitted by IDnow to N26 Bank and deleted from the IDnow server within 90 days. If you do not wish for the creation of photographs or recordings.
During the video identity confirmation, IDnow must ensure the authenticity of the personal identity documents or passport presented by you. Additionally, the employee of IDnow must properly visually inspect the integrity of the identification documents and the respective optical security features of the identification documents. The IDnow employee will also ask you to read out the complete serial number on your identification documents.
To conclude the Video-Ident procedure, IDnow will send you a TAN via SMS, which you shall please confirm via the input field provided, upon request by the employee of IDnow.
VI. Social Plugins
1. Use of Facebook plugins
Plugins from the social network Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA) are integrated in our Services. You can recognise the Facebook plugins from the Facebook logo or the "Like button" on our page. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/.
If you do not want Facebook to be able to associate the visit to our Services with your Facebook user account, please log out of your Facebook user account.
2. Use of Twitter
Functions of the Twitter service are integrated in our Services. These functions are offered by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "re-tweet" function, the websites visited by you are linked to your Twitter account and announced to other users. Data are thereby also transmitted to Twitter.
You can change your Twitter privacy settings in the account settings at: http://twitter.com/account/settings.
3. Use of LinkedIn
Our Services use functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter: "LinkedIn"). If you visit our Services and click on the LinkedIn plugin ("recommend button"), a connection to the LinkedIn servers will be established. LinkedIn will be informed that you have visited our Services with your IP address. If you click on the LinkedIn "recommend button" and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our Services with your user account. We hereby point out that as provider of the pages, we do not receive any information on the contents of the data transmitted and their use by LinkedIn.
4. Use of Instagram
Functions of the Instagram service are integrated in our Services. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA (hereinafter: "Instagram"). If you are logged into your Instagram account, you can link the contents of our pages with your Instagram profile by clicking on the Instagram button. Thereby, Instagram can associate the visit to our Services with your user account. We hereby point out that as provider of the Services, we do not receive any information on the contents of the data transmitted and their use by Instagram.
VII. Use of tracking technologies
1. Use of Google Analytics and Google Tag Manager on our Website and our Web-App
Our Website and our Web-App use Google Analytics and Google Tag Manager; web analysis services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). Google Analytics and Google Tag Manager use so-called "Cookies"; text files which are stored on your computer/smartphone and which enable analysis of your use of our Website and Web-App. The information generated by the Cookie about your use of our Website and Web-App is generally transmitted to a Google server in the USA and stored there. However, within member states of the European Union or in other parties to the Agreement on the European Economic Area, your IP address will be previously shortened by Google on our Website and Web-App.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this Website/App to evaluate your use of the Website, in order to compile reports about the Website activities and to render further services to the Website operator/App operator connected with the Website use/app use and internet use. The IP address transmitted by your browser within the framework of Google Analytics and Google Tag Manager will not be merged with other data from Google.
You can prevent the storage of Cookies by configuring your browser software accordingly; however, we hereby point out that in this case you may not be able to use all functions of our Website fully. Furthermore, you can prevent the collection of the data generated by the Cookie related to your use of our Website (incl. IP address) by Google as well as the processing of these data by Google, by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout
You can find more detailed information about this at: http://google.com/intl/de/analytics/privacyoverview.html
(general information about Google Analytics and data protection). We hereby point out that, on our Website, Google Analytics are expanded with the code "gat._anonymizeIp();" in order to guarantee an anonymised collection of IP addresses (so-called IP Masking).
2. Use of Adjust in our App
The App of N26 Bank uses the Adjust usage statistics and analysis technology of adjust GmbH, Saarbrücker Str. 36, 10405 Berlin (hereinafter: "Adjust"). When you open the App, Adjust collects installation and event data, such as for example "App opened." We use this anonymised information to understand how users interact with our App and to analyse mobile ad campaigns. Adjust uses your anonymised IDFA or Android ID as well as your anonymised IP and MAC address for this type of analysis. It is not possible to identify you individually.
3. Use of Crashlytics in our App
4. Use of TrackJS on our Website and our Web-App
5. Use of SnowPlow on our Services
6. Use of Finance ads on our Website
N26 Bank uses the Re-Targeting Tool of financeAds GmbH & Co. KG, Karlstrasse 9, 90403 Nuremberg (hereinafter: "Finance Ads"), in order to be able to inform you about advertising on other websites that may interest you. For this purpose, alias information about the use of our Services will be stored in Cookies and on this basis advertisements will be displayed on other websites. No usage profiles will be merged with your personal data as a result of this and no identifying information about your person will be disclosed to third parties. You can prevent the storage of Cookies via browser settings.
Alternatively, you can object to this data usage by setting an opt-out Cookie via the following link, which remains on the device until you delete the Cookies: https://financeads.net/ueberuns/cookies/
7. Use of FinanceQuality on our Website
N26 Bank uses the FinanceQuality statistics tool. FinanceQuality.net is a service provided by Netzeffekt GmbH, Theresienhöhe 28, 80339 Munich. With the FinanceQuality tool, N26 Bank can record the online mediation achieved from other pages.
Alongside other optional tracking technologies, the use of FinanceQuality is based on Cookie/tracking pixel tracking. A Cookie is a text file which is stored on the user's computer when they click on an advertisement/tracking link. The regular Cookie runtime is 30 days. According to information from FinanceQuality, only anonymised Cookies are used. Cookies do not contain any personal data of the user.
8. Use of HasOffers on our Website
VIII. Retargeting – Use of Google Adwords (Remarketing/Conversion Tracking) on our Website
N26 Bank uses the Google Adwords service from Google. Our Website uses the Remarketing function from Google Adwords. This function serves to present visitors to the Website with advertisements tailored to their interests, within the framework of the Google advertising network. The Website visitors' browser stores so-called "Cookies"; text files which are stored on your end device and which enable the user to be recognised when they access websites which are part of Google's advertising network. On these pages, the user can then be shown advertisements related to content that the visitor has previously accessed on websites which use Google's Remarketing function.
IX. Use of Voluum DSP on our Website
X. Use of Tradedesk on our Website
XI. Email newsletter
In our email newsletter, we inform you about our offers. If you would like to receive the email newsletter, we require an email address from you. We will only send you our newsletter if you expressly consent to this as you open an account. We will thereby check whether you are the holder of the email address given or its holder is in agreement with receiving the email newsletter. This storage solely serves as proof in case a third party misuses an email address and registers to receive the newsletter without the knowledge of the entitled party. These data will only be used for sending the email newsletter and will not be disclosed to third parties.
In our newsletter, we use the Remarketing functions of the Salesforce Marketing Cloud from the service provider salesforce.com, Inc. The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA (hereinafter: "Salesforce"). If you consent to receiving our newsletter and visit our site via a newsletter, Cookies will be set which will enable N26 Bank to understand the customer's interest in the newsletter.
Furthermore, in the email newsletter, Salesforce uses so-called Web Beacons. Web Beacons (also called ClearGIFs or tracking pixels) are small graphics (approx. 1x1 size GIF files) which among other things are set on websites or in HTML emails in order to provide the website operators with a better understanding of visitors' interactions with the website. Web Beacons fulfil similar functions as Cookies, but they are not visible to the users. Information can be obtained via Web Beacons, in particular about whether the email was opened and whether the user's system is capable of receiving HTML emails. No personal data is collected via the Web Beacon.
You can revoke your consent to storage of the data and the email address, as well as their use for sending the email newsletter, at any time. The revocation can be made via a link in the newsletter or via a message to the contact options below.
XII. Transmission of personal data abroad
Insofar as N26 Bank transmits data to states outside of the scope of application of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 for the protection of natural persons during the processing of personal data and for the free movement of data, N26 Bank shall ensure that the recipient of the data guarantees an appropriate level of data protection. In case of transmission to the USA, N26 Bank will obligate the recipient to observe and comply with the principles of the Privacy Shield (i.e. to recognise minimum standards in handling personal data). Additionally, in order to ensure an appropriate level of protection by the recipient of the data, we use the standard contracts of the European Union for the transmission of data outside the EU, as amended.
XIII. Information, correction, deletion and revocation
You are entitled at any time to receive information free of charge about your stored personal data, its origin and recipient and the purpose of the data processing. Furthermore, in the cases listed in sec. 35 BDSG, you are entitled to the correction, blocking or deletion of your personal data. N26 Bank hereby points out that corresponding documentation may be requested in order to authenticate a person before its issue, because personal data is not allowed to be issued to unauthorised persons.
If you have granted consent to use data, you may revoke this at any time with effect for the future. The revocation of consent may cause our services no longer to be unrestrictedly available to you or the user relationship to be terminated. It is hereby pointed out that in some cases, collection and storage of data regardless of consent may be required by applicable law. In such cases, we will discontinue any further processing and use of your personal data and delete or block them, insofar as we are not obligated under statutory provisions to continue to process or in particular to store them.
Please direct all requests for information, queries or revocations regarding data processing via email to email@example.com or in writing to the address specified in the Impressum.