privacy policy

Bofin Tech Services Limited, with its registered office at Kemp House, 152-160 City Road, London, England, EC1V 2NX (Bofin, we, us, our) operates an electronic commerce platform facilitating the trade in financial products and services.  

Bofin recognizes the importance of privacy and the confidentiality of your personal data.  This Privacy Notice describes how we process your personal data through our websites, portals, applications and services (together Services).  Please read it carefully.

  1. Collected Personal Data

As the data controller, Bofin is responsible for the processing of your personal data.  When you use the Services, Bofin may collect and process the following information about you:

  • the IP address assigned to you during your connection;
  • the date and time you access our websites or applications, the pages you consult, and the links you click;
  • data about your activities and interactions with advertising partners, including data about the advertisements that were shown, and whether you took any action, such as clicking on an advertisement or making a purchase;
  • model or device type, operating system and version, browser type and settings, device ID, advertisement ID, individual device token and cookie-related data (such as cookie ID);
  • the search engine and key words used to find our websites;
  • information obtained within the context of Google Analytics;
  • location data, including your general location data such as IP address and the precise location of your mobile device;
  • data such as your name, address, telephone number, email address, product interests, business information and tax identification number as well as other information that you provide us with when registering an account or at a later stage;
  • financial information, such as credit card and account numbers;
  • information relating to your transactions when you order a product or service, such as types and specification of the goods or services, form of payment, pricing and delivery information and postage and billing information;
  • information relating to your advertising preferences and your communications with us; and
  • passport or ID card details, a profile picture, utility bills, financial information, employment details, vehicle details and any other personal data you submit to us as part of an identity verification procedure.

We may also collect personal data about you from other sources and from third parties to the extent permitted by applicable law.  This may include:

  • data from public sources;
  • data from credit rating agencies or bureaus (such as credit reports or checks, identity confirmation, data for risk modelling and setting of credit limits);
  • data from data providers (such as identity verification, demographic, interest-based and online advertising related data);
  • data from financial institutions you have purchased a product or service from, to allow us to display relevant information through our Services (such as transactions, account balances);
  • data from providers of single sign-on services (such as Google) with whom you already have an account, when you link your Bofin account to such single sign-on services;
  1. Data

Bofin, as well as the entities with which Bofin shares your personal data, may use such personal data for the following purposes:

  • To fulfil our contract with you and provide you with the Services. This may include:
  • enabling and facilitating your transactions with other users;
  • displaying your transactions and balances to you;
  • providing you with customer support; and
  • enforcement of our policies (including this Privacy Notice and our Terms and Conditions).
  • To comply with our legal obligations. This may include:
  • participation in investigations and proceedings conducted by authorities for the purpose of detecting, investigating and prosecuting illegal acts;
  • the prevention, detection and mitigation of illegal activities such as fraud, money laundering and terrorist financing;
  • complying with information requests from third parties based on any statutory information rights they have against us (such as in the case of an intellectual property infringement); and
  • the retention and storage of your personal data to comply with legal retention requirements.
  • To pursue our legitimate interests, except where your interests or fundamental rights or freedoms override such interests. This may include:
  • prevention, detection, mitigation and investigation of fraud, security breaches and other prohibited or unlawful activities;
  • performance of identity checks, creditworthiness and other financial standing checks, comparison of information for accuracy and verification purposes; and
  • analysis and improvement of the Services, including research and statistical analysis.
  • If you give your consent below, we may also process your personal data for the following purposes:
  • personalisation, measurement and improvement of advertisements and offerings; and
  • marketing communications to offer you vouchers, discounts and special offers, to conduct opinion polls and surveys, and to inform you about our Services. Note that if you would change your mind and no longer want to receive marketing communications from us, you can always unsubscribe by clicking on the link in the email you received [or by changing your communication preferences on your Bofin account].
  • Automated decision-making

We may use technologies that are considered automated decision-making or profiling.  We will not make any automated decisions about you that would significantly affect you unless (a) such a decision is necessary for entering into, or the performance of a contract with you, (b) we have obtained your consent, or (c) we are required by applicable law to use such technology.

  • Identity verification and prevention of fraud

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity.  If fraud is detected, you could be refused certain services.  Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found HERE.

  1. Disclosure of your Personal Data

In the light of the purposes set out above, Bofin may transfer your personal data to the following recipients:

  • Bofin Group members
  • other users of our Services;
  • third-party financial institutions which offer financial products and services to you through our Services;
  • external service providers;
  • third parties using our single sign-on service;
  • payment service providers;
  • fraud prevention agencies;
  • law enforcement agencies, courts, government agencies or public authorities, intergovernmental or supranational bodies;
  • third parties who are involved in judicial proceedings, in particular if they submit a legal order to us;
  • credit agencies or bureaus, data verification services, risk assessment vendors and collection agencies; and
  • other companies in the context of a company acquisition.
  1. Transfer of Personal Data Out of the European Economic Area

Bofin may share your personal data with parties that are located outside the European Economic Area (EEA).

Bofin is committed to ensure that your personal data remains protected and secure when it is transferred outside the EEA, in accordance with the General Data Protection Regulation (GDPR).

Unless you are otherwise notified, any transfers of your personal data to third parties outside the EEA will be based on an adequacy decision (see the list here) or on the EU standard contractual clauses (a copy of which can be obtained through the contact information included below).  If we believe that standard contractual clauses do not afford the same level of protection as you would enjoy under the GDPR, we will take supplementary measures to guarantee a level of protection that is essentially equivalent to the GDPR. 

  1. Proportionality and Data Retention

Bofin will only process your personal data where relevant to the purposes for which they are collected.

Our data retention policies and practices.  Some examples:

  • When you access our Services, your IP address is stored for as long as you keep your Bofin profile and 7 years after closing your Bofin profile;
  • When you provide us your ID or passport for identification purposes, we keep a copy for as long as you keep your Bofin profile and 7 years after closing your Bofin profile;
  • Information regarding your transaction history is stored for as long as you keep your Bofin profile and 7 years after closing your Bofin profile .
  • What is necessary in order to provide our Services to you. At least as long as you maintain an account with us, we will store information such as your name, address and telephone number that you provided to us upon registration, unless we receive a request for erasure or modification;
  • What is necessary to protect our legitimate interests. After the termination of your account, we may store information that we would require in case of a legal dispute. We will store such information until the limitation periods for contractual claims expire, which will usually be six years;
  • What is required under any contract or by applicable law, such as for legal compliance, tax, accounting or auditing purposes. Certain types of data must be stored beyond the closure of your account with us.  We will only access such data on a need to know basis, and we will only process it if necessary. 

If you have any questions regarding the retention of your personal data, please contact support@bofin.com .

  1. Your Rights as a Data Subject

Subject to the conditions and exceptions provided for in applicable data protection laws, you have the right to:

  • access your personal data, including the right to be provided with a copy of your personal data;
  • request the correction and/or deletion of your personal data;
  • request the restriction of the processing of your personal data, or object to that processing;
  • request receipt or transmission to another organisation, in a machine-readable form, of the personal data that you have provided to Bofin;
  • withdraw your consent, where processing is based on your consent; and
  • submit a complaint to your local supervisory authority if your data protection rights are violated, or if you have suffered as a result of unlawful processing of your data.

In order to exercise your rights, you can contact Bofin at support@bofin.com .

Where you are given the option to share your personal data with us, you can always choose not to do so.  If you object to the processing of your personal data, Bofin will respect that choice in accordance with its legal obligations.  This could mean that Bofin is unable to perform the actions necessary to achieve the purposes of processing described in Section 2 (Purposes of Processing of Personal Data).

Bofin is committed to taking all appropriate technical and organizational measures to protect your personal data against accidental or unauthorized destruction, against accidental loss and modifications, access and any other unauthorized processing of personal data.

  1. Cookies and Similar Technologies

When you use our Services, we and selected third parties may use cookies and similar technologies to provide you with a better, faster and safer user experience, or to show you personalised advertising.  Cookies are small text files that are automatically created by your browser and stored on your device when you use the Services.  For detailed information about our use of cookies and similar technologies, please refer to our Cookie Policy.

  1. Contact

You can address any request or question to Bofin relating to your personal data to: support@bofin.com.

Bofin Tech Services Ltd is a company registered in England and Wales (No. 11281283) Registered Address: Kemp House, 152-160 City Road, London, England, EC1V 2NX
All financial products and services available on the Bofin app are provided to you directly by financial institutions in accordance with their regulatory obligations.

The Proto, Meliora and Raris Accounts are operated by AF Payments Limited, which is Authorised by the Financial Conduct Authority as an Authorised Electronic Money Institution (FRN 900440). Registered in England and Wales with Company Number 09356276. Registered Office address, 33 Lowndes Street, Knightsbridge, London SW1X 9HX, England. The Proto, Meliora and Raris Mastercard cards are issued by AF Payments Limited pursuant to a license by Mastercard International. Mastercard and the Mastercard brand mark are registered trademarks of Mastercard International.