Privacy Statement

We are INSIFR B.V. (referred to as "INSIFR", "we", or "us"). INSIFR offers a range of financial services, including:

  1. current accounts,

  2. debit cards, and

  3. other payment-related products.

to both individuals and businesses. More information is available on our website: insifr.com. In this Privacy Statement, we refer to our payment services and website collectively as the Services.

Personal data and applicable laws

This Privacy Statement explains how we handle personal data, which includes any information that can identify a person, either directly or indirectly. Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, we act as the data controller.

If you have any questions regarding our handling of personal data that are not addressed in this statement, you can reach out to us using the contact details at the end of this document.

What personal data do we process and why?

As a controller, we process personal data for different purposes, depending on how you interact with us. We may process your data when:

  1. you use our payment services – In which case you are considered a user or customer,

  2. you visit our website,

  3. you subscribe to our newsletter, or

  4. you contact us through any other channel.

In all cases, we process your personal data to:

  1. provide and maintain our services,

  2. comply with legal obligations, or

  3. respond to your inquiries.

Below is an overview of the types of personal data we process, the purposes for which we process them, and the applicable legal grounds:

When you use our payment services (as a user)

We may collect and process the following types of personal data:

  1. account information,

    We use this to register your account, give you access to our Payment Services, and communicate with you to keep your account secure (e.g., through notifications about suspicious activity). This data is processed based on our legitimate interest to carry out the agreement with the organization you represent or, if you're a consumer, because it's necessary for the performance of the agreement.

  2. authentication data,

    This may include identity document details (such as your name, date of birth, nationality, place of birth, document type and number, issue and expiry date, photo, and signature), biometric data (such as facial and fingerprint verification), and additional personal information (like your address, occupation, second nationality, source of income, and location). This data is used to verify your identity, grant access to our services, and prevent financial crime. Some of this data, like biometric verification, is processed only with your explicit consent.

  3. financial data, and

    This includes your name or company name, email address and bank account details. We use this data to transfer funds and maintain accurate records for tax purposes. Processing is based on our contractual obligations or legal requirements.

  4. transaction and bank details.

    If you perform transactions through our services, we process details such as account numbers, balances, card usage, transaction amounts, dates, times, and recipients. These details are processed to facilitate payments and maintain records, based on our legitimate interest or the necessity of performing our agreement with you.

In some cases, we receive personal data from third parties instead of directly from you. For example:

  1. your bank may provide us with account and transaction details, or

  2. the Chamber of Commerce may provide publicly registered company information.

When you visit our website

We may process technical data such as your device type, browser type, IP address, and session duration. This data helps us:

  1. display the website in your preferred language,

  2. adjust the website layout to your device,

  3. enable core functionality, and

  4. improve user experience.

This information is typically collected using cookies or similar technologies. We process this data based on our legitimate interest to maintain a functional and user-friendly website, or with your consent when required. See our Cookie Statement for more details.

When you interact with our social media pages

If you leave a comment or interact with our social media channels, we may process your name and any content you post publicly. We use this data to:

  1. respond to your message, and

  2. use your feedback to improve our services.

We process this data based on our legitimate interest. Please note that social media platforms also collect data themselves. For more information, refer to the privacy statements of LinkedIn, Instagram, or X (formerly Twitter).

When you contact us directly

If you reach out to us via email, contact form, or other channels, we may process your name, contact details, and the content of your message. We use this information to:

  1. handle your question or complaint,

  2. provide support, and

  3. improve our services based on your feedback.

We process this data based on our legitimate interest to offer responsive customer service and continually improve our offerings.

When you sign up for our newsletter

When you subscribe to our newsletter, we process your email address, first name, and company type. We use this data to send updates and tailor the content of our newsletters.

We process this data based on your consent. For existing users of our paid services, we may send similar service updates based on our legitimate interest. In every case, you have the option to unsubscribe at any time via the link provided in each email.

Legally required information

When you use our Payment Services, certain Personal Data may be required by law or under our contractual obligations. If you do not provide this information, it may not be possible for us to offer (parts of) our Payment Services or fulfill our agreement with your organization.

How long do we retain personal data?

We do not process or retain Personal Data longer than necessary. We keep Personal Data only for as long as required to fulfill the purposes described above, unless we are legally obligated to retain it for a longer period. Below are the retention periods we apply:

  1. account information and transaction/payment service data,

    This data is stored as long as your account is active, and for up to 2 years after the last use of the account. If you request your account to be deleted, we will retain your data until the request has been fully processed.

  2. authentication details,

    These details are stored until the verification procedure has been completed.

  3. newsletter subscriptions,

    We retain your data until you unsubscribe from the newsletter.

  4. personal data in correspondence,

    We store personal data from messages, questions, or complaints as long as necessary to handle the issue, and for an additional 5 years thereafter.

  5. personal data for tax administration purposes, and

    This data is kept for seven (7) years, unless we are legally required to retain it for a longer period.

  6. other information.

    Other types of personal data are only retained if necessary for the relevant purpose. Once that purpose no longer applies, the data is deleted.

In certain cases, we may retain the personal data listed above for a longer period if we have reasonable grounds to suspect it is necessary to detect or prevent address fraud or other illegal activities.

Even after the stated retention periods have expired, we may continue processing and storing some Personal Data in order to:

  1. comply with legal retention obligations,

  2. investigate or prevent fraud or abuse,

  3. support investigations into possible violations of our terms or policies, or

  4. prevent harm or protect our users and business.

Do we share your personal data with others?

To deliver our Services, we work with third parties who process Personal Data on our behalf (Processors). These parties only process data based on our instructions and are not permitted to use the data for their own purposes. Examples include:

  1. hosting and IT service providers, such as Amazon Web Services and Google Cloud, or

  2. email and customer support platforms.

We have entered into data processing agreements with all of our Processors to ensure that your Personal Data is handled securely and in compliance with applicable laws.

Other than the situations described above, we will not share your Personal Data with third parties, unless we are legally required to do so.

Transfer of personal data outside the European Union

We may transfer your Personal Data to countries outside the European Union if:

  1. one of our Processors or Controllers is located outside the EU, or

  2. such transfer is necessary to provide our Services.

In all cases, we ensure that data is only transferred to countries or parties that offer an adequate level of data protection according to EU standards, or we implement appropriate safeguards, such as Standard Contractual Clauses.

You can contact us if you would like more information or a copy of the measures taken to protect your data during such transfers.

Third-party websites

While using our Services, you may encounter references or (hyper)links to websites, products, or services provided by third parties, such as partners, vendors, advertisers, sponsors, or license holders.

Please note:

  1. we do not control the content or functionality of these third-party websites,

  2. we are not responsible for their privacy policies or practices,

  3. these websites and their content may change over time, and

  4. third-party websites may have their own privacy statements, terms of use, and service policies.

Your interaction with such external websites is governed by the terms and policies of those individual sites.

Changes to this privacy statement

This Privacy Statement may be updated periodically. We recommend reviewing it regularly.

When updates are made:

  1. the revised version will take effect immediately upon publication on our website, and

  2. if significant changes are made, we will clearly communicate this on our website along with the updated statement.

Your rights as a data subject and our contact details

As a data subject, you have several rights under the General Data Protection Regulation (GDPR). These include the right to access, correct, delete, restrict, transfer, or object to the processing of your personal data. Please refer to the following overview for a detailed explanation of these rights:

Privacy statement _ INSIFR-5

Filing a complaint with a supervisory authority

If you believe that we are processing your personal data in violation of the GDPR, you have the right to lodge a complaint with a data protection authority. In the Netherlands, this is:

Dutch Data Protection Authority: autoriteitpersoonsgegevens.nl

Questions or requests?

If you have any questions about this Privacy Statement or how we handle your personal data, you can contact us at: support@insifr.com or via the contact form on our website: insifr.com

Our details

INSIFR B.V.
Tijnmuiden 79
1046 AK Amsterdam
The Netherlands

Chamber of Commerce (KvK): 96888431

Privacy Statement | Download
icon
icon icon icon icon icon
icon
Vacancies Blog Legal

© INSIFR LTD 2025

If you would like to find out more about the services you are receiving, please check our corresponding FAQ page or reach out to us via the INSIFR app.

INSIFR's payment accounts and related payment services are provided by Transact Payments Malta Limited, a payments and electronic money institution authorised and regulated by the Malta Financial Services Authority (MFSA) to offer payment and electronic money services in Malta and in the European Economic Area (EEA). Registered office: Vault 14, Level 2, Valletta Waterfront, Floriana, Malta, FRN 1914. Company number: C 91879.

Whilst our products are not covered by the Depositor Compensation Scheme (DCS), your funds will be held in one or more segregated accounts and safeguarded in line with article 10B of the Financial Services Act.