ibanXS Privacy declaration

This is the privacy declaration of ibanXS. In this declaration we explain why we collect and use personal data, what this data is and what rights you have when we process your personal data. Privacy is important to ibanXS, and we are serious about protecting the security of your personal data. We are committed to safeguarding your privacy when you visit our website, use our services or communicate electronically with us. We may update this declaration from time to time.

Who are we?

We are ibanXS. 
ibanXS is a provider of Payment Initiation and Account Information services. To provide our services, we process personal data. If you have questions about our use of your personal data, then, please contact our compliance department by sending an email to compliance@ibanXS.eu.


When you visit our website, we process your personal data with cookies. We use technical cookies to allow the website to function. We also use a programme for website statistics, but in doing so, we anonymise your data as much as possible. 

Why do we process personal data?

We process personal data to be able to provide our services. We are a provider of Payment Initiation and Account information services. In doing so, we process personal data if this is necessary.

What data do we collect and use?

If we collect and use your personal data, it is usually because you have contacted us yourself. And you have given us information about yourself. For example, if you have a question about our services or enter into an agreement with us. But it can also happen that we process personal data of you that you did not provide to us yourself, because we may need to investigate who you are or the organisation you represent, based on our business relationship. In doing so, we may obtain and record information from public sources.

We process your personal data based on the following grounds:

  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6, first paragraph, under b of the AVG);
  • Processing is necessary for compliance with a legal obligation to which the controller is subject (Article 6, paragraph 1 (c) of the AVG), and;
  • Processing is necessary for the purposes of the legitimate interests (Article 6, paragraph 1 (f) of the AVG).

What personal data do we process?

Personal data is processed according to the grounds and purposes of the processing. To provide our services, we process the personal data of the contact persons who (wish to) purchase services from us, either for themselves or on behalf of the organisation they represent. We also process the personal data of directors and beneficial owners of our clients. The processing of this personal data has a regulatory basis, laid down in and based on the Money Laundering and Terrorist Financing (Prevention) Act. ibanXS does not process special categories of personal data.

To operate our website, we may collect different types of data points, including details of your visits to our website, the resources that you access, traffic data, location data, weblogs and other communication data, information that you provide by filling in forms on our website, your name, business or residential address, phone number, email address, contact preferences, device identifiers, IP address, hardware attributes, and location information and information provided to us when you communicate with us by any means and for any reason. We will use such information to fulfil your requests, provide the relevant service or for anti-fraud purposes. In some instances, we may ask for a government-issued ID, proof of address or photo of you to prevent fraud or as required by law.

How do we secure your data?

We take both technical and organisational measures to secure the personal data we process. So that this data does not get lost, for example. We do this according to the applicable legal requirements and guidelines.

An example of a technical measure is that your data is sent via a secure connection when exchanging your data with parties involved in providing services. Your data will also be encrypted during transmission. This means that your data cannot be read by people who are not authorised to see it.

An example of an organisational measure is that only authorised employees of iban-XS are allowed to view your data. And these employees only have access to your personal data to the extent necessary to perform their tasks.

How long do we keep your data?

We do not keep your personal data longer than is necessary for the purpose for which we are processing your data and to comply with our legal obligations, for example those stipulated in the Money Laundering and Terrorist Financing (Prevention) Act.

Do we share your data with third parties?

It may be necessary to share data with other parties (third parties) to provide our services. This can be within the Netherlands or the European Union (EU). Or sometimes outside the EU, for example, if we use digital services that are based outside the EU.

We may share data with regulators and the Public Prosecutor’s Office. We only do this if it is allowed by law or when it is necessary to share data to comply with a legal obligation, e.g., to detect and prevent money laundering.

What are your rights?

You have many privacy rights. For example, you can ask us what personal data we process about you. And if the data is not correct, you can have it corrected. In some cases, you can also ask us to delete, transfer or limit the processing of your data.

Finally, you can object to the processing of your data. Do you disagree with the way we process your data? If so, you can report a privacy complaint to us by sending an email to compliance@ibanXS.eu