As of now, this program uses Nordigen as a middleman towards the banks. This certainly has some advantages, for example a unified interface and authentication scheme for over 2000 banks, in addition to a generous free tier.
Any Personal Data obtained from Your Account Servicing Payment Service Provider as part of Account Information in accordance with Your explicit consent (First name, last name, social security number, personal identity code, IBAN, BBAN, type of account, transaction details including amount and payment recipient/sender, account balance)
To provide You Account Information Services according to Account Information Service terms and conditions and to transfer Personal Data to Nordigen Partner, if you have requested to do so and if it is necessary for You to use Nordigen Partner’s services.
Performance of contract between You and Nordigen
User identification,to investigate any fraud, illegal activity or wrongdoing in connection with the Services; to conduct any due diligence required for us to provide You Services
To comply with our legal obligations (including KYC checks to comply with applicable AML laws)
*To improve, modify, enhance and further develop our Services, to anonymise or pseudonymise the Personal Data in order for it to be part of market study or analytics by us or a third party.
Our legitimate interest in ensuring that we can provide You with the Services and to continuously improve our Services*.
In the highlighted text, it seems to me that there is a possibility that anonymized (or pseudonymized) data may be sold to third-parties (including transaction data). I might be wrong about some of this, as the text is pretty vague.
In an ideal world, this program should be integrated directly towards PSD2, but it seems like the government entity regulating PSD2 in my home country of Norway does not allow personal use of the Directive (you need an organization, approval and to pay a fee of approx. 3000 USD).
So, if anyone wants to comment on this, please do.
As of now, this program uses Nordigen as a middleman towards the banks. This certainly has some advantages, for example a unified interface and authentication scheme for over 2000 banks, in addition to a generous free tier.
However, their Privacy Policy for End Users contains the following table on data processing:
In the highlighted text, it seems to me that there is a possibility that anonymized (or pseudonymized) data may be sold to third-parties (including transaction data). I might be wrong about some of this, as the text is pretty vague.
In an ideal world, this program should be integrated directly towards PSD2, but it seems like the government entity regulating PSD2 in my home country of Norway does not allow personal use of the Directive (you need an organization, approval and to pay a fee of approx. 3000 USD).
So, if anyone wants to comment on this, please do.