Banktopus Privacy Policy
Last Updated: 31 July 2025
1. Introduction & Applicability
Thank you for trusting Banktopus ("we," "us," "our"). This Privacy Policy explains how we collect, use, share, and protect your Personal Data when you use our business banking application services (the "Services").
As a company based in the United Arab Emirates, we comply with the UAE Personal Data Protection Law (PDPL). For users located in the European Union (EU) or European Economic Area (EEA), we are also committed to processing your data in full accordance with the General Data Protection Regulation (GDPR). This policy outlines our commitments and your rights under these regulations.
2. Personal Data We Collect and Our Legal Basis for Processing
We only collect and process Personal Data when we have a legitimate and lawful reason to do so. The table below outlines the data we collect, our purpose for collecting it, and the legal basis we rely upon for processing.
| Purpose of Processing | Types of Personal Data Processed | Legal Basis (under GDPR/PDPL) |
|---|---|---|
| To Provide Our Core Services | Personal identification details (name, email, phone number); Business information (name, industry, registration); Application data. | Performance of a Contract |
| Identity & Business Verification | Personal identification details; Business information; Financial documents (e.g., ownership structure). | Legal Obligation (KYC/AML laws) |
| To Improve Our Services (Analytics) | Technical information (IP address, browser type); Usage data (how you interact with our platform) via our provider, PostHog. | Legitimate Interest |
| To Communicate with You | Name, email address, phone number. | Legitimate Interest |
| For Marketing Communications | Name, email address. | Consent |
3. Cookies and Tracking Technologies
We use cookies and similar technologies to operate and improve our Services. Our use of these technologies is detailed in our separate Cookie Policy. You can manage your preferences for non-essential cookies at any time via the "Cookie Settings" link in our website footer.
For complete details, please read our Cookie Policy.
4. How We Share Your Information
We do not sell your Personal Data. We only share your data with the following categories of third parties when necessary to provide our Services or comply with the law:
- Financial Institutions: To submit and process your business bank account application.
- Identity Verification Services: To perform required Know Your Customer (KYC) and Anti-Money Laundering (AML) checks.
- Analytics Providers: We share usage data with PostHog to help us analyze and improve our service.
- Government and Law Enforcement: If required to do so by law or in response to a valid legal request.
5. International Data Transfers
As we are based in the UAE, your data will be processed here. If you are an EU resident, this involves transferring your data outside the European Economic Area (EEA). We ensure such transfers are lawful by using appropriate safeguards, such as Standard Contractual Clauses (SCCs), to ensure your data is afforded a level of protection equivalent to that under GDPR.
6. Data Security and Retention
Security: We implement robust technical and organizational security measures, including data encryption and strict access controls, to protect your data from unauthorized access, disclosure, alteration, or destruction.
Data Breach: In the unlikely event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it. We will also inform you directly if you are impacted.
Retention: We will retain your Personal Data only for as long as is necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or regulatory reporting requirements.
7. Your Data Protection Rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
- Right to Access: You have the right to ask for a copy of the personal data we hold about you.
- Right to Rectification: You have the right to ask us to correct any information you think is inaccurate or incomplete.
- Right to Erasure ('Right to be Forgotten'): You have the right to ask us to erase your personal data in certain circumstances.
- Right to Restrict Processing: You have the right to ask us to suspend the processing of your data in certain circumstances.
- Right to Data Portability: You have the right to ask that we transfer the information you gave us to another organization, or to you, in certain circumstances.
- Right to Object: You have the right to object to our processing of your data where we are relying on a legitimate interest.
How to Exercise Your Rights
To exercise any of these rights, please submit a request to our data protection team at privacy@banktopus.com. We will respond to all legitimate requests within one month.
8. Data Protection Officer
To ensure transparency and proper handling of your data, we have designated a primary point of contact for all data protection matters. For any questions or concerns, please contact them at privacy@banktopus.com.
9. Children's Privacy
Our Services are not intended for use by individuals under the age of 18. We do not knowingly collect Personal Data from children under 18.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of any significant changes by posting the new policy on our website and updating the "Last Updated" date.
11. Contact Us
For any general questions about this Privacy Policy, please contact us at help@banktopus.com.
For specific inquiries regarding your data rights or our privacy practices, please contact our data protection team at privacy@banktopus.com.