FRAUD PREVENTION AND ANTI-MONEY LAUNDERING CHECKS
When you register via the Mobilize Pay Application to use the banking services provided by Solaris SE and on an ongoing basis while you use such services, Solaris will perform a risk assessment for fraud prevention and anti-money laundering purposes. For such purposes, Solaris uses SEON Technologies Kft. (Rákóczi út 42. 7. em., Budapest 1072, Hungary) as a service provider under a data processing agreement with Solaris in accordance with Art. 28 GDPR. We will provide you with further information at any time upon request.
In order to perform the risk assessment, we collect and transfer to Solaris the following browser data, device data, traffic data and location data from your device: IP address including type (e.g. commercial, mobile line, university) and whether it is listed as harmful, TOR value, VPN, proxy, number of accessories attached to your device, whether your phone is muted or not, device system’s volume, country code and name of carrier (a) associated with the SIM card and (b) the device is currently using, device model type and unique identifier, system uptime, iCloud token, version and name of device given by the user in iOS settings, when the device last booted in UNIX time format and UTC time zone, country code and ID associated with device, cookie session ID, and browser details / settings including scrolling behavior.
Solaris may add additional information and will then transfer such data to SEON along with your email address, name and phone number for performance of a risk analysis regarding potential fraudulent or other illicit activities.
SEON analyses this personal data based on a mathematically-statistically recognised and proven procedure and will provide Solaris with a fraud risk score. As part of the analysis, SEON may perform email analysis, social media lookup or address profiling. Based on the analysis and risk score, you will be able to complete your registration, be rejected as a new customer, or may be guided through an extended registration process. The decision-making process is automated. If you want to challenge the automated decision and want to have a human review of this automated decision, you can get in touch with us by contacting […]. Once you have given your consent and are onboarded, Solaris will continuously collect the above data and perform additional risk analysis via SEON for ongoing fraud risk assessment.
The legal basis of the processing is your consent and the implementation of necessary steps for entering into a contract requested by you (Art. 25 TTDSG, Art. 6 (1) lit. a, Art. 22 (2) lit. a GDPR). While you are free to give your consent, you cannot use the banking service provided by Solaris without consenting, because the fraud prevention and anti-money laundering check is necessary for a secure provision of the banking services by Solaris. As a licensed bank, Solaris has a statutory obligation to fight money laundering by setting up a functioning risk management system and internal security measures as well as an ongoing screening of customers’ activities (sections 4, 6 and 10 of the German Anti-Money-Laundering Act). You can withdraw your consent at any time by email to [...], but without consent you will not be able to continue using Solaris’ services.
Your personal data will be stored until the purposes of processing these data as set forth above have been achieved, and be deleted within 12 months after performance of the risk assessment at the latest, unless statutory retention obligations apply (e.g. under anti-money laundering, commercial or tax law).”
WHO ARE THE RECIPIENTS OF YOUR DATA
In order to achieve the purposes described above and only to the extent necessary to pursue these purposes, the personal data we collect may be transmitted to all or part of the following recipients:
1. Within Mobilize Pay:
- Internal departments authorized to manage the business relationship.
- All persons in charge of the award, management, and execution of contracts
- Internal departments in charge of marketing, customer relations, complaints, prospecting, administrative services, IT services, Compliance and internal control
2. Within the Mobilize Financial Services Group (‘MFS'):
As part of Mobilize Financial services Groupe, we may share your personal data within the Mobilize Financial Services Group in accordance with the intra-group contract binding the Mobilize Financial Services Group entities, and subject to your consent when required by regulation.
- MFS group entities in charge of marketing, customer relations, complaints, prospecting, administrative services, IT services
- MFS group entities in charge of the centralized management of our clients' databases
- Any other MFS group entity whose intervention would be necessary to perform the processing carried out in accordance with this policy.
3. Outside of Mobilize Financial Services Group:
We may share your personal data with other companies:
o IT infrastructure and cloud services providers
o IT security providers
o Software and software maintenance providers
o Payments and transaction processing service providers
o Customer support software providers
o Fraud prevention service providers and identification service providers
o Payment cards service providers
o Ad service providers
o Debt collection providers
o Consultancy companies
o Analytical software/platform providers
o Productivity and office automation tools
o Motion tracking and analytics providers
o Loyalty program technical partner
- In other cases, we may share some of your personal data with partners, who will use it for their own purposes. These partners then act as data controllers and their personal data processing policy applies to the shared data. We make sure to ask for your consent to this sharing when the regulations require it, or at least allow you to object.
- Finally, we may disclose your personal data to third parties in order to comply with any legal obligation or administrative or legal decision.
As far as possible, your data is processed within the European Economic Area (EEA). However, some of our service providers or their subcontractors may be located in countries outside the EEA and your personal data is processed in these countries. Some of these countries may have different personal data regulations than the European Union. In such a case, we pay particular attention to ensure that this transfer is carried out in compliance with the applicable regulations and put in place guarantees ensuring a level of protection of your privacy and your fundamental rights equivalent to that offered by the European Union (notably through the use of the European Commission’s Standard Contractual Clauses).
Upon request to the address mentioned in the section "What are your rights", we can provide you with more information about these transfers (in particular, the standard contractual clauses of the European Commission).
WHERE DO WE STORE YOUR DATA?
The personal data collect, and process are stored on servers located in the European Economic Area (EEA) in compliance with the GDPR.
HOW IS YOUR DATA SECURED?
Your personal data is stored on secure servers. We put in place, and demand from our subcontractors and partners, appropriate security and data protection measures, in line with the latest technologies.
Where the processing of a personal data involves its transfer, we ensure that this transfer takes place under appropriate conditions guaranteeing a sufficient level of protection, security and confidentiality.
WHAT ARE YOUR RIGHTS?
You have several rights under the regulations on the protection of personal data:
- A right to withdraw your consent at any time, for the purposes for which we have collected your consent,
- A right of access to your personal data,
- A right of rectification, should your data prove to be incorrect or outdated,
- A right to erasure (or right to oblivion) of your personal data, which may be limited in accordance with our contractual or legal obligations,
- A right to request the limitation of the processing of your personal data, in certain cases provided by the regulations
- A right to the portability of your data, that is, under certain conditions, the right to receive the personal data you have provided to us, in a structured computer format, commonly used, and that they be transmitted to a third party if technically possible,
- A right to object to the processing of your personal data, subject to justifying reasons due to your particular situation,
- A right to information: you have the right to clear, transparent and understandable information about how we use your personal data and your rights. This policy is an example: You have the right to clear, transparent and understandable information about how we use your personal data and about your rights. This policy is an example of that.
- A right to define directives, either general or specific, regarding certain treatments, for the retention, erasure and communication of your personal data in case of death.
You have the right to lodge a complaint with the competent authorities about the processing of your personal data. We encourage you to contact us before any complaint, so that we try to solve your problem together.
You can exercise your rights by email at firstname.lastname@example.org or by mail at: Mobilize Pay SAS , Data Protection Officer, 15 rue d'Uzès, 75002 Paris