Privacy and Data Retention Policy

(version 1.1, date: October 15th 2023)

In this Privacy and Data Retention Policy, Ozla, Inc (hereinafter: “Beso”, “we”, “our”) shall inform you about the collection, use and processing of personal data when using our website https://www.beso.dev (hereinafter: “Website”), our web application (hereinafter: “Web App”) and our mobile app (hereinafter: “App”; jointly called: “Services”). We will explicitly point out in case any information of this Privacy Policy refers exclusively to our Website, Web App or App. For information related to the usage of cookies or similar technologies on our Websites or Apps, please refer to the respective website and app cookie policies in the legal documents section of your app or on our websites. In this context, personal data means all detailed information about personal or factual circumstances of a specific or identifiable natural person, such as name, telephone number or address. We process your personal data either within our business relation if you are a Beso customer or when you are visiting our Website for informative purposes. Furthermore we process personal data coming from publicly accessible sources (e.g. potentially records of debtors, trade registers, registers of associations, media, press, internet) whenever we have a legal ground that allows us to do so. When using additional Beso products or products of our business partners additional personal data might be collected, processed and stored. Please find details concerning the processing of additional data in the respective product category below.

I. Controller, Processors and Separate Controllers

The responsible entity for the collection, processing and use of your personal data is: 16192 Coastal Hwy
Lewes DE 19958
United States of America
www.beso.dev

Beso has appointed a Data Protection Officer, who is accessible via dpo@beso.dev. You will find more detailed information regarding Beso in the imprint. Some of our data processing activities can be carried out by a third party on behalf of Beso. Where processing of personal data is carried out on behalf of Beso, we conclude a separate contract with the processor in accordance with Art. 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR”). Our list of processors includes pure data processors, meaning technical service providers, which fall under the following categories:


  • IT infrastructure and connection providers
  • IT security providers
  • Software and software maintenance providers, including for the provision of our App
  • Back office management service providers
  • Cloud infrastructure service providers
  • Financial services, payments and transaction processing service providers
  • Customer relationship management providers
  • KYC providers
  • Customer support providers
  • Fraud prevention service providers and identification service providers
  • Payment cards service providers
  • Account switching service providers
  • Ad service providers
  • Address verification providers
  • Information/Documentation automation, management & destruction service providers
  • Customer reach/impact assessment providers
  • Consultancy companies
  • Analytical software/platform providers

You will also come across specific data processors which are expressly indicated to you when you use our Services. We understand that these specific data processors can be of interest to you in case you want to exercise, before them, your rights in accordance with the GDPR. These specific data processors are also mentioned in this Privacy Policy for each product or service. Beso can transmit your personal data to other entities such as other financial institutions, regulatory and supervisory authorities as well as public and governmental bodies and agencies, including addition to any regulatory entity, who will act as separate data controllers of your personal data, for the purposes of:

  • Enforcement of claims and defense within legal disputes, based on the legitimate interest of Beso of exercising its right of defense before courts/ competent authorities;

  • Complying with legal obligations regarding regulatory, tax and anti-money laundering reporting requirements;

  • Fraud prevention, based on the legitimate interest of Beso not to contract or provide services to any potential customer related to fraud;

  • Preventing criminal acts, based on the legitimate interest of Beso not to contract or provide services to any potential customer related to any crimes. Beso can transmit your data to external lawyers, advisors and consultants, who are separate controllers and bound to professional confidentiality, for the purposes described above. Furthermore, Beso will transmit your personal data to third parties, meaning other data controllers of your personal data, if that is triggered by you in the framework of the provision of our Services to you. Specific separate controllers will be indicated for each processing activity in more detail in the following sections of our Privacy Policy.

II. Data Processing purposes and Legal Basis


We process your personal data in accordance with the GDPR and any national legislation including but not limited to the national privacy and data regulations in force (hereinafter: “Data Protection Regulation”). In compliance with such Data Protection Regulation, Beso will only process your personal data if at least one of the following legal bases applies, as detailed in section III. below regarding our specific data processing activities:


  • The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 (1) b) GDPR). Personal data is processed to conduct financial services and banking transactions in order to fulfill our pre-contractual and contractual obligations.

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Art. 6 (1) a) GDPR) In case you gave your consent to the processing of your personal data for specific purposes, the processing is permitted on the legal basis of your consent. Your consent is revocable at any time, as described in section X. below.

  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Art. 6 (1) f) GDPR) We process your personal data in order to pursue our legitimate interests or the legitimate interests of a third party, where those legitimate interests override any of your rights and the data processing activities are necessary to satisfy such legitimate interests. In such cases, we have carried out a legitimate interest assessment, where those legitimate interests, impact and guarantees have been analyzed.
    Those cases are the following:

  • Improving our processes and service levels relating to the provision of banking services, based on the legitimate interest of Beso of improving its internal processes and services offered to customers and improving the customer experience.

  • Direct marketing for Beso products and partnership offers, based on the legitimate interest of Beso to inform customers about updates to existing products, the launch of new products as well as products which are offered together with partners, including marketing or market and opinion analysis.

  • Enforcement of claims and defense within legal disputes, based on the legitimate interest of Beso of exercising its right of defense before courts/competent authorities.

  • To ensure IT security, based on the legitimate interest of Beso to ensure the security of the IT infrastructure used to provide its services and products.

  • Fraud prevention, based on the legitimate interest of Beso not to contract or provide services to any potential customer related to fraud.

  • To prevent criminal acts, based on the legitimate interest of Beso not to contract or provide services to any potential customer related to any crimes.

  • Risk management within the Beso, based on the legitimate interest of Beso of managing the financial risk that it can take with regard to performing financial services.

  • To conduct and produce anonymized statistical research and reports, based on the legitimate interest of Beso to conduct research and analysis regarding the use customers make of the products and features provided by Beso.

  • Processing is necessary for compliance with a legal obligation to which the controller is subject (Art. 6 (1) c) GDPR) BESO is subject to several legal obligations as well as regulatory requirements which require Beso to process personal data, including for purposes of verification of your identity and age, prevention of money laundering and fraud, taking part to judicial proceedings or as part of judicial and police activities, verification of your credit risk rating, control and reporting obligations based on provisions of the supervisory authorities, tax laws and risk assessment of Beso. Such obligations derive from the applicable banking legislation and regulatory requirements, including from the Anti Money Laundering Laws, Laws on Countering of Terrorism Financing, Banking Laws, Tax Laws as well as other binding measures on financial matters.

III. Data Processing within the Framework of Beso Products


1. Data collection and processing in case of opening and using the Beso account


Personal data related to your identification, contact data, economic data and finance data will be processed by BESO for the purpose of opening an account with Beso (hereinafter: “Sign-up”) and using the Services of BESO. The legal basis of the processing of these data is Art. 6 (1) b) GDPR. These data include the following personal data:


  • First name and surname
  • Date of birth
  • Place of birth
  • Nationality
  • Email address
  • Legal address
  • Mobile telephone number
  • Tax-ID and tax residence
  • Occupation
  • Gender
  • Identification document including type of identification document, issue date, document number and issuing authority
  • Data concerning your economic situation and your Beso products and services usage history which are your IBAN, customer ID, card details,

    • transaction details (card payment and banking transfer amounts and recipients) based on products and services contracted with Beso. Please note that it is not possible to open an account, if you do not provide your personal data as mentioned above. In order to process transactions, Beso receives personal data and transfers personal data according to the applicable legal and regulatory framework to payers, recipients and other financial institutions. The personal data received by other entities in this regard concerns your name and surname, including transaction details like the payment reference and registered IBAN. During the creation of your Beso account we will need access to your geolocation upon your consent in the settings of your smartphone; you will find further information in the privacy policy of the operating system of your smartphone. The lawful basis of this processing is our legitimate interests in confirming that you are located in your country of residence in order for us to comply with our legal obligations related to fraud prevention (Art. 6 (1) f) GDPR). For more information on the legitimate interest as a legal basis for processing data, please see section II. above. In addition, we might ask you to submit additional documents for verification. The lawful basis of this processing is Art. 6 (1) c) GDPR as the processing is required to comply with legal obligations stemming from Anti Money Laundering and Countering of Terrorism laws.


    What personal data we will be processing depends on the document we are requesting and receiving from you. Such documents can be a proof of residence (such as a gas, water or electricity bill less than 3 months old or a registration certificate), a proof of salary (such as an employment contract, salary statement or statement of assets and income; in case you send us one of the two latter ones, we ask you to please black out any data related to your religious beliefs and family status, if provided therein), your visa documentation or proof of study which states the reason why you live in the country indicated by you as country of residence, or a document attesting your source of wealth (contracts, bank statements, information around asset sales, capital gains or inheritance). Once you send us any of the mentioned documents they will be assessed manually by Beso to verify and confirm that we have all the data about you that we need in order to open your account with us or to allow you to continue using our Services. In case the information you sent us upon our request is not sufficient, we will reach out to you and ask you for more documentation, which is equally subject to the above mentioned.

2. Data processing when displaying in-App updates


If you use the App, so-called in-App updates will be displayed. The purpose of the in-App updates is to inform you about the content of your contract, new functionalities of the App or App updates and releases and to give you tips for an optimized use of the App. We will process your user and transaction data (recent deposits, payments, withdrawals, friend referrals) in order to provide you with the relevant in-App updates. We process your data to the extent necessary to display relevant information about your contract with BESO or the improved use or new functionalities in the App (Art. 6 (1) b) GDPR). In addition, the in-App updates may help you to find information about our new services and products related to the App. In order to display in-App updates relevant to you, we will process your user and transaction data (recent deposits, withdrawals, payments, friend referrals). We process your data within the scope of our legitimate interests in informing you about new services and products implemented in our App, as far as this is necessary to display our new features, services and products so you can use any of them if you are interested (Art. 6 (1) f) GDPR). For more information on the legitimate interest as a legal basis for processing data, please see section II. above.

3. Data processing when using the Customer Chat


When discussing any contractual matters (such as account related information or your transactions) with us on our Customer Chat or on our Website or within our App, your IP-address and the information you provide us in your chat communication will be collected and processed, to the extent this is necessary for BESO to provide you the products and services under the contract between you and BESO or any pre-contractual actions required by BESO or as requested by you, based on Art. 6 (1) b) GDPR. In addition, we process your data within the scope of our legitimate interest in answering your general questions about our services and products and to help you find information about our new services and products related to the App, so you can use any of them if you are interested, Art. 6 (1) f) GDPR. For more information on the legitimate interest as a legal basis for processing data, please see section II. above.

4. Data processing in the framework of informational communication


We use informational emails, in-App updates and push notifications to inform you about transactions, withdrawals, and other relevant information related to your usage of our products and services. For some informational emails, in-App updates and push notifications we analyze your user behavior (status of signup to BESO, recent transactions, withdrawals, interaction with services offered such as friend referrals) to send you (additional) information about these processes via emails, in-App updates or push notifications. We will only send you these emails, in-App updates and push notifications based on your user behavior if the processing is necessary for the performance of the contract, based on Art. 6 (1) b) GDPR or within the scope of our legitimate interests of informing you about transactions, withdrawals, and other relevant information related to your usage of our App, as far as necessary to provide such information, based on Art. 6 (1) f) GDPR. For more information on the legitimate interest as a legal basis for processing data, please see section II. above.

5. Preparing anonymized statistical datasets


We use your personal data to prepare anonymized statistical datasets about our customers’ spending patterns for forecasting purposes, refining product development and understanding consumer behavior and assess our company’s performance. The reports are produced by using information about you and other customers, however, the information used is anonymized so that it is no longer personal data. You cannot be linked back as an individual within anonymized statistical data and you will therefore never be identifiable from it. We may share these datasets with third parties. This processing is based on Beso’s legal obligations, in accordance with Art. 6 (1) c) GDPR, or based on Beso’s legitimate interest, under Art. 6 (1) f) GDPR. For more information on the legitimate interest as a legal basis for processing data, please see section II. above.

6. Data processing in the framework of the Waiting Lists


When you ask us to add you to our waiting list for information on when we’re able to provide our banking services to you, the following data will be collected and processed so that we can inform you once we are able to offer you our services:

  • Country of Residence
  • Email address
  • Language selected by you when using our website The legal basis of the processing of these data is Art. 6 (1) (b) GDPR. Please note that it’s not possible to include you in the waiting list if you do not provide us with the referred personal data. Based on your decision to be added to the waiting list, we will send you emails containing the following information:
  • Confirmation that you were successfully added to the waiting list
  • Information on products/services you may expect as a future BESO customer in your market, once the launch is getting closer, so you can decide if you are still interested to sign-up
  • Notification that BESO is available again soon, for example containing the envisaged launch date and information about how to sign up
  • Information containing a link to sign up for a Beso account, once Beso is available again.

7. Data processing when participating in In-App surveys


When you share your feedback with us in the App by participating in surveys, on a voluntary basis, we process the information that is technically necessary to provide the survey function and enable us to display it to you (metadata). We process your data, as described, for the purpose of displaying surveys to you and obtaining your feedback, based on our legitimate interests, in accordance with Art. 6 (1) f GDPR. Depending on the survey, we may also process the content of your responses and, in particular, the information that you choose to share with us. Additionally, we may combine the data collected through the survey with other customer data that we process in the context of our contractual relationship with you, including your customer ID, date of account creation, age group, gender, country and city of residence. In this case, we will inform you accordingly in the respective information note at the beginning of the survey. We process your data, as described, for analysis purposes and to improve our products, processes and service levels, based on our legitimate interests, in accordance with Art. 6 (1) f GDPR. If you decide to share your feedback with us, we may anonymize the data obtained to create research reports and publications. This is done based on our legitimate interest to conduct and produce statistical research and reports and analysis regarding the use customers make of the products and features provided by Beso, in accordance with Art. 6 (1) f GDPR. For more information on legitimate interest as a legal basis for processing data, please see section II. above.

IV. Marketing Communication


1. Marketing emails


In our marketing emails, we inform you about our offers related to Beso products and services, features and partnerships between Beso and third parties (discounts on third party products/services for Beso customers), and we may ask for your feedback or opinion via surveys. If you would like to receive marketing emails, we require an email address from you. We will only send you marketing emails if you expressly consent to this as you open an account, based on the Data Protection Regulation In order to ensure that we only send you information that is most relevant to you and corresponds with your personal interests, we screen and analyze your user behavior by processing data related to your recent transactions, withdrawals, deposits, payments as well as friend referrals and use this information for marketing emails, based on our legitimate interest under Art. 6 (1) f) GDPR to inform you about offers related to Beso financial products and services, features and partnerships between Beso and third parties (discounts on third party products/services for Beso customers), friend referral initiatives, as well as ask for your feedback or your opinion via surveys. For more information on the legitimate interest as a legal basis for processing data, please see section II. above. Once you created your account you can also give or revoke your consent to receive marketing emails by clicking unsubscribe in the email footers. These data will only be used for sending you marketing emails and will not be disclosed to third parties.

2. Marketing push notifications


In our marketing push notifications, we inform you about our offers related to Beso financial products and services, features and partnerships between Beso and third parties (discounts on third party products/services for Beso customers), and we may ask for your feedback or your opinion via surveys. Push notifications are messages you receive on your phone without a specific request and regardless of whether the App is open. We will only send you marketing push notifications if you expressly consent to this as you open an account, in terms of the Data Protection Regulation. In order to ensure that we only send you information that is most relevant to you and corresponds with your personal interests, we screen and analyze your user behavior by processing data related to your recent transactions, withdrawals, deposits, payments as well as friend referrals and use this information for marketing push notifications, based on our legitimate interest under Art. 6 (1) f) GDPR. For more information on the legitimate interest as a legal basis for processing data, please see section II. above.


3. Marketing in-App updates


In our marketing in-App updates, we inform you about our offers related to Beso products and services, features and partnerships between BESO and third parties (discounts on third party products/services for Beso customers), and we may ask for your feedback or your opinion via surveys. In-App updates are small sections within the App providing you with contextual and personalized information. In order to ensure that we only send you information that is most relevant to you and corresponds with your personal interests, we screen and analyze your user behavior by processing data related to your recent transactions, withdrawals, deposits, payments as well as friend referrals and use this information for marketing in-App updates, based on our legitimate interest under Art. 6 (1) f) GDPR to inform you about our offers related to BESO financial products and services, features and partnerships between Beso and third parties (discounts on third party products/services for Beso customers), and ask for your feedback or your opinion via surveys. For more information on the legitimate interest as a legal basis for processing data, please see section II. above.


4. Customer Chat In our Customer Chat


We inform you about offers related to Beso financial products and services, features and partnerships between Beso and third parties (discounts on third party products/services for Beso customers), and we may ask for your feedback or your opinion via surveys. In order to ensure that we only send you information that is most relevant to you and corresponds with your personal interests, we screen and analyze your user behavior by processing data related to your recent transactions, withdrawals, deposits, payments, as well as friend referrals and use this information for marketing information via our Customer Chat, when you are in contact with a customer service agent or Beso Neon, our chatbot, based on our legitimate interest under Art. 6 (1) f) GDPR to inform you about offers related to Beso products and services, features and partnerships between Beso and third parties (discounts on third party products/services for Beso customers), and ask for your feedback or opinion via surveys. For more information on the legitimate interest as a legal basis for processing data, please see section II. above.


5. Email newsletter


In our email newsletter, we inform you about our offers related to Beso products and services, features and partnerships between Beso and third parties (discounts on third party products/services for Beso customers), and we may ask for your feedback or your opinion via surveys. If you would like to receive the email newsletter, we require an email address from you. We will only send you our newsletter if you expressly consent to this as you open an account, based on the Data Protection Regulation. Processing your data in order for us to send you our newsletter is based on your prior consent according to Art. 6 (1) a) GDPR. You can revoke your consent to receiving our email newsletter at any time. The revocation can be made via a link in the newsletter. Please see the Support Center Article for further information on Marketing Communication settings here.

V. Online Advertising


Online advertising helps us promote our products and services on the internet. In this context, we process personal data about your use of Beso services to deliver personalized advertisements to you and other internet users online and to measure and optimize their performance. We only process personal data for online advertising purposes if you consent to such processing, in accordance with Art. 6 (1) a) GDPR and Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG) together with Art. 5 (3) of the EU Directive on Privacy and Electronic Communications (Directive 2002/58/EC) and the respective national act of implementation. The data processing for online advertising purposes is described in more detail further down in each section.


1. Custom and lookalike audiences


We process your data to create so-called custom and lookalike audiences. Custom audiences consist of Beso customers and internet users and are created to display personalized content to both groups. This permits us to exclude Beso customers from the delivery of advertisements that we believe are not relevant to them. Lookalike audiences consist of internet users that share certain characteristics with Beso customers, which enables us to define target groups that are more similar to Beso customers than the average internet user and deliver more relevant advertisements to them. To create custom and lookalike audiences, we use the services of our Advertising Partners below:


  • Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, Ireland (“Google”);
  • Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").

For the purposes described above, we transfer your pseudonymised email address to Google and Meta. They then match this email address against a potential account you might have on their services. For this purpose, and regardless of whether the matching is successful or not, the data is retained by Google for up to 48 hours and by Meta for up to 8 hours, after which it is deleted. Google and Meta do not share these data with third parties. You can find further information on how these technologies work under How Google uses Customer Match data and in the terms of Facebook Custom Audiences.


2. Conversion tracking


We process your data to capture specific actions that take place inside the Beso App and Web App, specifically the sign-up, acceptance of T&Cs, identification procedure of new customers and completion of a first transaction (so-called “conversions”). This enables us to measure and optimize the performance of our online advertisements and to deliver them to internet users that we infer are more likely to complete these conversions. For the purposes described above, we use the services of Google and Meta (as identified in the previous section). We transfer conversion data, including date and time, to Google and Meta together with the following personal data, which is transmitted with encryption: email address, first name, last name, phone number, gender, city, zip code and country of residence, IP address, customer ID and predicted customer lifetime value. These data points are associated with other personal data collected on our website (see the section on Personalization/Targeting Cookies in our Cookie Policies for Beso websites). Google and Meta are able to associate these data with your account on their services, if existent. The data is deleted by Google after a maximum of 18 months and by Meta after a maximum of 2 years.

VI. International Transfers of Personal Data


When discussing any contractual matters (such as account related information or your transactions) with us on the phone, the call between us will be recorded for security and evidence reasons. Our interest to be able to prove contractual inquiries as well as to prevent and detect fraudulent behavior stipulates our legitimate interest to record calls in accordance with Art. 6 (1) f) GDPR. This does not apply to calls aimed at clarifying general inquiries related to BESO products and services. The call recordings will be retained as long as required for security and evidentiary purposes. The call recordings will be processed by our Interactive Voice Response (IVR) service provider who is processing personal data on behalf of BESO (Art. 28 GDPR). If we are required to do so, the recordings will be shared with the competent authorities, in accordance with the applicable law. If you do not wish to be recorded when calling us, please do contact us by email or through our Customer Chat for queries related to account related information or your transactions.

VIII. Rights


1. Your Rights


You have the following rights concerning your personal data:

  • Right to revoke your consent according to Art. 7 (3) GDPR, which is detailed in section X.2. below;

  • Right of access according to Art. 15 GDPR, which means you can request information on whether your personal data is being processed by BESO and information on the particular processing of personal data, at any time, along with a copy of the information processed. In no case this right covers the access to documents or the obtention of copies of such documents;

  • Right of rectification according to Art. 16 GDPR, which means you can request the rectification of your data when they are incomplete or inaccurate;

  • Right to erasure according to Art. 17 GDPR, which means you can request the deletion of your personal data when they are no longer required by Beso for the purposes they were initially collected for, or when you understand they have been illicitly used. BESO can reject your request, if the data is necessary to comply with a legal obligation, for public interest reasons or for legal actions;

  • Right to restriction of the processing according to Art. 18 GDPR, which means you can request the restriction of the processing of your personal data when it is legally permitted and, in particular, (i) while you challenge the accuracy of your data, (ii) when you request the restriction of your data because you believe the processing is unlawful, or (iii) when the data is no longer needed for the purposes for which it was collected but BESO needs them for legal actions;



  • Right to object to the processing according to Art. 21 GDPR, which is detailed in section X.2. below;

  • Right to data portability according Art. 20 GDPR, which means you can request BESO to provide you personal data, in a structured, commonly used and machine-readable format and to transmit your data to another controller where the data processing is based on the consent, or on a contract and the processing is carried out by automated means;

  • Right to lodge a complaint with a supervisory authority according to Art. 77 GDPR, which means that you can complain before the supervisory authority if you consider that the processing of your personal data by BESO infringes the GDPR. Without prejudice to section X.2. below, please: Exercise your right of access, right to erasure and right to object to the processing through our webform; Please do not address your requests through a third party platform which requires us to get back to you through that same means, since we are not able to clearly identify you as an BESO customer in such cases. Instead, please resort to the aforementioned ways of making use of your rights before BESO. 2. Specifically, your right to revoke consent and right of objection You can find below more details about your right to revoke consent and right of objection:

  • Right to revoke your consent (in accordance with Art. 7 (3) GDPR) You have the right to revoke your consent to the processing of your personal data at any time with effect for the future. In the event you revoke your consent, your personal data is not processed any longer, unless further processing can be based on a different legal basis for processing (excluding consent). The processing of your personal data remains justified until the date of your revocation.

  • Right of objection (in accordance with Art. 21 (1) GDPR) You have the right to object to the processing of your personal data, which is processed in accordance with Art. 6 (1) e) and Art. 6 (1) f) GDPR, at any time. This does also include profiling according to Art. 4 (4) GDPR. In case you object, your personal data is not processed any longer, except when we have legitimate reasons to continue the processing, which exceed your interests, rights and liberties or when the processing is necessary to enforce, exercise or defend legal claims. The processing of your personal data remains justified until the date of your objection. You can exercise your right to revoke your consent and your right of objection, as mentioned above, either via the specific means provided in our Web App or App, if applicable. You can exercise your right of objection also through our webform.

  • Right of objection concerning data processing for direct marketing purposes (in accordance with Art. 21 (2) GDPR) In some cases, we process your personal data for direct marketing purposes. You have the right to object to the processing of your personal data for direct marketing purposes at any time. This also applies to profiling, in case it is connected to direct marketing purposes. In case you object to the processing of your personal data for direct marketing purposes, your personal data is not processed any longer for this purpose. The processing of your personal data remains justified until the date of your objection. Please see the Marketing section for further information on Marketing Communication settings here.

IX. Deletion and Retention Periods


1. Storing and Processing Personal Data


We store and process your personal data only as long as it is necessary to perform our obligations under the agreement with you or as long as the law requires us to store it. That means, if the data is not required anymore for statutory or contractual obligations, your data will be deleted. This also occurs in case your onboarding process is not finalized with the opening of an account, and meanwhile there are still pending legal or security obligations for the bank to preserve your data. However, that rule does not apply, if its limited processing is necessary for the following purposes:


  • Performing regulatory and tax retention periods, which relate to the applicable laws and complementary regulation, including the following laws: applicable commercial codes, tax law or codes, and anti-money laundering and terrorist financing laws and regulations. The statutory retention periods and documentation obligations are

  • Keeping evidence in the context of statutory limitation periods. The regular limitation period for data retention is three years. The applicable legal basis for this is Art. 17 (3) e) GDPR together with Art. 6 (1) f) GDPR. Furthermore, whenever your consent is the legal ground to process your personal data, Beso will store that data for as long as you do not revoke your consent or until your account is closed, whatever happens the latest.

    • 2. Right to Revoke


    Each Beso user has the right to revoke their consent for any of the terms or clauses mentioned in this Privacy Policy by revoking their consent in the app, accessed via More > Terms & Privacy > Delete Account. Upon prompting, an email will be send to the user’s email address as registered with Beso asking for a final confirmation by clicking on a designated link, as shown below:


    ***


    Dear Beso User,


    We noticed you recently requested to delete your Beso account. Please note that this will permanently delete all personal data in accordance with our Privacy Policy.


    By clicking the link below, you may confirm your intent to delete all data:


    Yes, I would like to delete my account

    If you don’t want to delete your account, you don’t need to do anything and may disregard this email, we won’t do anything.


    If this wasn’t you, please contact info@beso.dev immediately to help us secure your account.


    Kind regards,


    The Beso Team

    data@beso.dev


    ***


    Following a confirmation prompt on the email, all user data will be deleted, except for data where Beso has a legal obligation or legitimate interest in preserving data in adherence to all classification and duration requirements.