Version 1.0
Updated: 18 December 2024
We have put together this privacy policy to let you know:
One Finance Limited is a company organized under the laws of Malta with registration number C 108849, and having its registered address at 14 Le Julien Residence A FL 1, Sqaq Ciantar, St Julians, STJ 1280, Malta ("OneBanking", "we", "us", "our").
OneBanking has created the OneBanking App (jointly referred to as the "Platform"), through which customers in the European Economic Area can access and use a personal payment account, as well as virtual and physical card services, for the purpose of, among other things, facilitating transactions with electronic money.
We have partnered with (coming soon). (coming soon) We provide payment services, and we offer you a first-class Platform through which you can access and use these services.
You sign up with OneBanking, and within our Platform, you apply to become a customer to utilize our payment services (coming soon). Generally, you are provided with a payment account and a payment card. You can read more about the payment services in the Payment Services Terms and Conditions. You must accept the Payment Services Terms and Conditions. If you are onboarded as a customer of (coming soon) in accordance with these terms and conditions, you will be able to access and use the payment services through our Platform. When you use the payment services within our Platform, (coming soon) will process your personal data.
(coming soon) is the controller and is responsible for processing your personal data in relation to the provision of payment services, as further described in the policy (coming soon).
We also offer a Virtual Private Network (VPN) application called oneVPN, which is developed and maintained by our technology partner Netsepio. The oneVPN app is made available to all users to enhance digital privacy and online security.
The oneVPN service is provided by Netsepio Ltd. When you use oneVPN, your personal data is processed in accordance with Netsepio's privacy practices. We remain responsible for integrating and providing user support within the OneBanking environment.
OneBanking will start processing your personal data when you open an Account in our OneBanking App. OneBanking is a Data Controller for the provision of the Platform and any other services which are independent of the payment services provided by (coming soon), e.g., customer support for services provided by OneFinance.
We collect personal data about you from different sources, including:
(coming soon) may share personal data for performance analytics with us. When this happens, we act as an independent data controller for such data. We may use this data to analyze service performance, but not for other purposes.
Your personal data will be shared with (coming soon) to provide customer support for your queries regarding the provision of payment services. For this processing activity, (coming soon) is the Data Controller, and OneFinance is the Data Processor.
We have divided the personal data we process into the following categories:
According to the GDPR, we must have a clear purpose and a valid legal basis for processing your personal data. Read more about our purpose for processing your personal data below.
At OneBanking, the legal basis for processing your personal data is either:
In sporadic cases, we may also process your personal data if we have received your explicit consent to do so. In such a case, you can always withdraw your consent at any time.
We use the personal data we collect for the following purposes:
The administration and management of our relationship with you, such as reviewing your application to become OneBanking's customer, setting up your platform account, conducting performance analytics, and keeping you informed about product updates. The legal basis for such processing is (i) the agreement you have entered into, or are about to enter into, with us or (ii) our legitimate interest. Our view is that keeping you up to date on the products and services available to you provides you with meaningful knowledge.
Provision of our services. The legal basis for the provision of our services is the agreement you have entered into with us.
Accounting and auditing requirements. The legal basis for such processing is mandatory law, such as the Maltese Companies Act (Chapter 386 of the Laws of Malta), the Income Tax Act (Chapter 123 of the Laws of Malta), and other applicable Maltese legislation.
Business development, such as compiling statistics and analyzing the data to improve our services. The legal basis for such processing is our legitimate interest in maintaining our relationship with you and improving our services. Our view is that you, as our customers, benefit from improvements to the services.
Assess or defend legal claims against us or to protect ourselves from fraud and in connection with a reorganization, transfer of business, merger, IPO, or acquisition. The legal basis for such processing is our legitimate interest to defend ourselves against legal claims, to protect our company from fraud, and to be able to reorganize or scale up our business.
We may share your personal data with our affiliates and trusted third-party service providers to provide our services. These trusted third-party service providers may include services of delivery of goods, search engine facilities, advertising, and marketing. In some cases, the third parties may require access to some or all of your personal data. Where any of your personal data is necessary for such a purpose, we undertake steps to ensure that your personal data is processed in accordance with the requirements of the applicable data protection laws.
We also share data with our other trusted third-party service providers, who act as our processors:
We have carefully reviewed our service providers and ensured that their processing of your personal data is compliant with EU standards and the GDPR.
Your personal data will also, when applicable, be shared with parties that themselves are data controllers of the processing of personal data.
We are sometimes required to share personal data with parties operating outside the EU. In these cases, we ensure that the data is transferred in accordance with the applicable requirements of the GDPR, primarily the standard contract clauses (SCC) and complementary security measures, or, if available, other means that comply with the GDPR.
Suppose OneBanking engages in a merger, acquisition, reorganization, or sale of some or all of OneBanking's assets or shares, financing, initial public offering, or similar transactions or proceedings, or steps in contemplation of such activities (such as due diligence). In that case, OneBanking may share personal data with third parties, subject to standard confidentiality arrangements.
We store your personal data for the purposes set out above during the term of our contractual relationship with you, for as long as we otherwise have a meaningful contact with you, or as may otherwise be required by law.
When the purpose for which your personal data was collected is no longer relevant, we will stop processing your personal data and either delete or anonymize it securely. We may retain your personal data for an extended period, to the extent required by law, or if necessary to assess or defend legal claims, or to maintain our automated disaster recovery backup systems.
Under mandatory law, we are required to keep your personal data due to:
As a data subject, you have the right to request access to and information about the personal data that we process about you. Additionally, you may also request that we correct (rectify), complete, erase, or restrict the processing of personal data regarding you. You also have the right to request a copy of the personal data we process regarding you, free of charge.
Where OneBanking processes your personal data on the legal grounds of consent or contract fulfillment, you have the right to data portability, which means that you can receive the personal data in a commonly used, structured, and machine-readable format. You also have the right to transfer it to another controller.
You have the absolute right to object to the processing of your personal data for direct marketing purposes.
If you have any concerns about OneBanking's processing of your personal data, please get in touch with us using the details provided in this Privacy Policy, and we will do our best to address them.
Customer Support:
Please be aware that you have the right to complain to a supervisory authority if you are not satisfied with our processing of your personal data. You may find your local supervisory authority by following this link: https://edpb.europa.eu/about-edpb/board/members_en
When you use the oneVPN application, we collect and process the following categories of personal data:
We use this data to provide, maintain, and improve the oneVPN service, ensure its security, and respond to your inquiries. With your explicit consent, we may also send marketing communications related to oneVPN, which you can opt out of at any time.
We may share your information with Netsepio Ltd. and with carefully selected service providers that support the operation of oneVPN. When data is transferred outside the EU, we ensure that such transfers comply with GDPR requirements through mechanisms such as Standard Contractual Clauses (SCC).
For more information on how oneVPN processes your personal data, please review the oneVPN-specific privacy documentation in the app or on our website.
We may need to update this privacy policy, for example, when we add new features to the services, due to changes in law or regulations, or as a result of evolving industry standards. You will be informed about such changes via email.