Keycount

Privacy policy app

In the following, you will find all information about the processing of your personal data by the keycount app of keycount LLC (hereinafter “keycount” or “keycount app”) and the rights to which you are entitled under data protection law.

What should you know in any case?

Data protection is our highest priority. We build keycount according to the motto “An app for our best friend”. Just as the relationship between friends is based on trust, we care about a trusting relationship with you as a customer. That’s why we promise that we will never sell your personal data or share it with third parties without your consent.

We put our heart and soul into providing you with the most convenient financial assistance ever. At the same time, we are aware that banking data is highly sensitive information. We use this data to make finance magically easy for you. We have built keycount according to the principle of Privacy by Design, so that only as little personal data as necessary can be processed and viewed. Our basic promise is: Only you can see your personal bank data. Without your explicit and separate consent, neither we nor any of our partners will have access to your personal banking data.

Who is responsible for processing my personal data and how can I reach the data protection officer?

You can reach our data protection officer by e-mail at company@key-count.com The responsible party for data processing within the meaning of Art. 4 No.7 of the Basic Data Protection Regulation (GDPR) is:

keycount LLC
Rauchackerstrasse 37
8102 Oberengstringen
Switzerland
company@key-count.com
represented by: Arman Öztürk und Luca Mayer

Which data categories do we use as keycount and where do they come from?

We use your personal data (for example, from your application submitted to us (downloading our application) in connection with the provision of services by keycount). The extent to which we collect, process and use this data depends on the services provided by keycount. This is usually the following data in particular:

  • Personal data (first and last name, date of birth, e-mail address, postal address, telephone numbers)
  • Bank data including IBANs and BICs
  • Transaction data of bank accounts (names of recipient and sender, amount, purpose of use, etc.)
  • Transactions and account balances (“on chain data” and “off chain data”) to crypto wallets and exchanges
  • Personal identifiers (customer’s number, tax number, official identification documents, invoices with official address, biometric data, etc.)
  • Enriched information from financial analysis, such as income and expense categorizations

When processing your personal data, we distinguish between personal data that we collect directly from you and personal data that we receive from other sources.

Personal data that we collect directly from you

We collect the personal data that you provide to us when downloading our application (keycount) or when using keycount, as well as data that is transmitted via an interface of your bank and, if applicable, data that we request from you for the proper operation of keycount in the further course. Please refrain from transmitting your data if you do not agree to process it. In this case, no further processing will take place.

Personal data we receive from other sources

The transmission of personal data from other sources, in particular your bank and turnover data, information on crypto wallets and exchanges, is carried out by means of authentication by you at your selected bank or provider through your login data (e.g. account log-in and strong authentication by customers) or by querying one of our partner companies (third-party providers). After successful authentication, your account and turnover data will be transferred by your bank and the financial analysis will be triggered.

The personal data, turnover data and financial analysis data are stored in encrypted form in a data center in the European Union. A contract for order processing has also been concluded with the operator of the data center. For encryption, we use the world’s most secure AES-256 encryption method in combination with a randomly generated key for each customer.

All data is transmitted via an encrypted TLS1.2. connection.

Who has access to my personal data?

We have built our systems according to the principles of data minimization (need-to-know principle) and privacy by design and ensure that our employees only have access to the personal data that is absolutely necessary for us to provide our services in the best possible way. Our employees do not have access to any of your personal data that is stored in the keycount app (especially your personal data, sales data and financial analysis data). All this data is encrypted and stored in a data center in the EU (operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). And only you and/or our technical systems have the appropriate code to decrypt and process it.

Except for the data minimization and privacy by design principles, your personal data may be accessed by us in the following cases:

  • When you contact our support team
  • When you provide us with personal data within the app with explicit consent
  • When we are required to do so by regulation, for example, to comply with regulatory requirements to combat money laundering and terrorist financing

For what purpose is my personal data processed?

We collect your personal data to provide, at your request, our application keycount, which allows you to manage your accounts and crypto wallets and to get an overview and analysis. Art 6 (1) b) GDPR.

The collection of this data takes place:

  • to provide a mobile application with a multi-bank capable account login
  • to retrieve your current account balances and turnover data for the automated creation of an overview
  • to create helpful analyses around your finances
  • to answer inquiries about the provision of the keycount app
  • to forward data to service providers to carry out an identity check in compliance with money laundering regulations, if this is necessary
  • for forwarding to service providers to categorize your data
  • to forward it to service providers to retrieve your current account balances and information from crypto wallets and exchanges
  • to comply with regulatory requirements to which we are subject as a payment institution, in particular to combat money laundering and terrorist financing

We process your personal data if this is necessary, at your request, for the performance and/or termination of the contract concluded thereupon or another contract to which you are a party. In particular, for the purposes of providing the contracted service, we create a file for your personal data when you contact us. Furthermore, for the purpose of fulfilling the contract, we will prepare demand analyses, manage and service your contract or improve these processes.

We may collect and process your personal data to comply with legal obligations to which we are subject.

To protect our legitimate interests as well as the interests of other data controllers or third parties in the processing of data, Art. 6 (1) f) GDPR.

We also collect and process your personal data to protect our legitimate interests or the legitimate interests of third parties, insofar as the data processing is necessary to protect these legitimate interests.

Furthermore, we have a legitimate interest in informing you about our improved internal processes regarding the handling of the existing contractual relationship as well as similar products and services. In addition, we have a legitimate interest in providing you with promotional information, unless you object to receiving such (promotional) information (such as, in particular: Conducting campaigns to acquire new customers, generating new customers, winning back customers). Furthermore, we may process your data for purposes of market and opinion research or demand analyses and transmit information on contractual relationships with our cooperation partners for proper processing. Furthermore, data processing may take place for the assertion of legal claims or defense against legal claims.

If you have given us your explicit consent, we will process your data according to the purposes stated there. These are:

  • To send you promotional information (such as periodic email updates).
  • To optimize our financial analytics (such as improved recognition of contracts and transaction types based on your sales data)

Will my data be passed on to third parties?

Your data will not be shared with third parties unless we have made this clear to you in advance. This may be the case, for example, if you connect your bank accounts or crypto wallets and exchanges via one of our partners. Only the information that is actually required for the execution of the respective order is transmitted. This usually includes name, address, birthday, account information- but no turnover data. During the execution of the service, keycount may cooperate with vicarious agents and partners who receive the necessary order data for the purpose of proper execution of the service.

Explicitly, keycount cooperates with the following vicarious agents:

Aiia

A licensed Payment Initiation Service Provider (PISP) and Account Information Service Provider (AISP) under the supervision of the Danish Financial Supervisory Authority (FSA), Aiia A/S, Artillerivej 86, st. tv, 2300 Copenhagen S, Denmark, which provides aggregation of bank account data.

Vezgo Crypto API

An application to provide an API to access all crypto balances, tokens and trading history for retail customers of Wealthica Financial Technology (“Welthica”), Inc. 1100 René-Lévesque Blvd W 25th floor, Montreal, Canada, which performs the aggregation of crypto data.

Genify

A transaction classification and financial analysis company, Genify (“Genify”), Business Center, Sharjah Publishing City Free Zone, Sharjah, United Arab Emirates, PO 417909, which performs transaction data categorization.

What other data is collected to improve keycount?

In order to further improve the keycount app for you, we use third-party vendors to help us understand which features you use and how. This allows us to better plan new features and improve existing features for you.

We may also transfer your personal data to anyone to whom we assign rights arising from our contractual relationship with you. Your data may also be transferred to other third parties for other purposes permitted under the General Data Protection Regulation, such as legal or tax service providers or supervisory authorities.

We use the following third-party service providers to improve the keycount app:

Amplitude

An analytics tool from, Amplitude (“Amplitude”), Inc, 201 Third Street, Suite 200, San Francisco, CA 94103, USA, which allows us to analyze how you use the App. This allows us to see where things are not running smoothly and where we can improve the app.

Firebase

An analytics tool from Google Firebase (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which allows us to analyze how you use the App. This allows us to see where things are not yet running smoothly and where we can improve the app.

Sentry

An analytics tool from Functional Software, Inc. dba Sentry (“Sentry”), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, which allows us to analyze what errors are occurring in the keycount app. Based on this, we can specifically fix those bugs for you.

AppsFlyer

An analytics tool from AppsFlyer Germany LLC (“AppsFlyer”), c/o WeWork, Kurfürstendamm 11, 10719 Berlin, Germany, that allows us to analyze how you found keycount. On this basis, we can better control our marketing measures and channels.

Anonymized evaluations

We perform pseudonymized and/or anonymized analyses, which may be shared with third parties on a project-by-project basis. For example, we conduct scientific studies with universities in order to provide private customers with the best possible support in improving their financial situation. A reference to personal data is not possible at any time.

Will my data be transferred to a third country?

Data transfer to third countries takes place for the following purposes:

Notifications (push notifications)

To best assist you with managing your accounts and contracts, we send helpful push notifications to your smartphone. To provide this feature, we use technology from Amazon Simple Notification Service (Amazon SNS), P.O. Box 81226, Seattle, WA 98108, U.S.A and technologies from Azure by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Push notifications are sent to your smartphone by Apple Inc (“Apple”), One Infinite Loop, Cupertino, California 95014, U.S. and Google Firebase (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S., respectively.

Social Login

To make login as easy as possible, we offer you Facebook Login from Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, and Google Login from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Analysis of app usage data

We use Amplitude’s analytics tool, Firebase and Sentry to analyze how the App is used. If Amplitude makes an international transfer of Personal Data in providing the Amplitude Services, Customer authorizes such transfer and the transfer mechanisms contained in the Amplitude Data Processing Agreement (DPA) apply, as applicable.

Provision of the service by vicarious agents

Wealthica and Genify, our vicarious agents, assist us in providing the Service. In particular, “Hosted Services” under the Transaction Classification are hosted on a cloud-based server in the European Union operated by Genify

Support for Customers

To organize and process our support for customers in the best possible way, we use the web-based software Aidaform by Alexander Grigorev, Im Uckerfeld 14, Bonn, 53127, Germany. As a customer:in you have the possibility to contact us via different channels like email, Facebook, Twitter, Telegram or Slack.

Over what period of time will my data be stored?

We process the personal data only as long as this is necessary for the fulfillment of our contractual and legal obligations. For example, data processing is necessary, among other things, for the performance and processing of contracts, including the defense and enforcement of civil law claims within the relevant limitation periods. The limitation periods can be up to three years because of §§ 195 Bürgerliches Gesetzbuch (German Civil Code) can be up to thirty years; the regular limitation period is three years. In addition, tax law, commercial law, tax law and other statutory retention obligations must be observed. The retention/documentation periods stipulated there are six to ten years plus the statute of limitations of a further four years. In order not to violate legal regulations or to lose the opportunity to enforce a claim or defend ourselves against one, we reserve the right to delete the data only after the expiration of the last period that legitimizes the data storage.

If you do not accept the privacy policy during registration in the app, we will delete your data within two weeks without any instructions from you to the contrary.

What are my rights as a data subject?

You have that right:

  • Request information on whether and if so, which personal data concerning you are being processed, Art. 15 GDPR; you have the possibility to download the information on all your processed data at any time in the tab “Settings”-> “Request collected data”.
  • Request the correction of inaccurate or the completion of incomplete personal data, Art. 16 GDPR;
  • request that we delete personal data concerning you without undue delay, provided that the conditions set out in Art. 17 DSGVO are met;
  • to request the restriction of the processing of your personal data, Art. 18 GDPR;
  • to receive the personal data concerning you in a format that meets the requirements of Art. 20 (1) GDPR;
  • to data portability under the conditions specified in Art. 20 (1) a), b) GDPR;
  • not to be subject to a decision based solely on automated processing including profiling – where a decision has been taken solely by an automated process and that decision significantly affects you. The decision will be reviewed manually again by us in case of rejection, after you have informed us of your considerations and objections to the decision taken in the automated process and requested the manual review, Art. 22 (1), (3) GDPR. In addition, you have the right to see the criteria for the decision.

Can I object to the processing of my personal data?

If we process your data to protect legitimate interests, you may object to this processing on grounds relating to your particular situation. You have the right to object to the processing of your personal data for direct marketing purposes without stating reasons; this also applies to profiling, insofar as it is related to such direct marketing. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

To object to the processing of your data, you can permanently and irrevocably delete your account at any time within the keycount app.

Where can you complain?

If you are of the opinion that the processing of your personal data by us is unlawful or, if applicable, that we are violating data protection law for other reasons, you can lodge a complaint with the supervisory authority responsible for us:

Data Protection Officer of the Canton of Zurich Beckenhofstrasse 23 8006 Zürich Switzerland

Are you obligated to provide your data?

In the course of downloading our application and using our services, you must provide such personal data as is necessary for the establishment, execution and termination of the contract and the fulfillment of the related obligations, or which we are required to collect by law. Without this data, we will not be able to provide you with our service.

Update: September 2022