Data Protection — Daneio Bank

Table of Contents

01 Data Controller
02 Data Collected
03 Purpose and Legal Basis
04 Data Recipients
05 Data Retention
06 Your Rights
07 Cookies and Tracking Technologies
08 Data Security
09 Policy Changes
10 Contact & DPO

Data Controller

Art. 13 GDPR — Identity

The controller for the processing of your personal data is:

Daneio Bank
Panepistimiou 73, Athina 105 64, Greece
Email: info@daneio.eu
Phone: +30642771070
Site Publisher: http://127.0.0.1:8000

Data Collected

Art. 13 GDPR — Data Categories

We collect the following categories of data depending on the service used:

Category	Type of Data	Purpose
Identification	Last name, first name, date of birth, ID number	KYC / Identity verification
Contact	Email, phone, postal address	Communication, sending documents
Financial	IBAN, income, existing loans	Creditworthiness assessment
Technical	IP, browser, cookies, browsing history	Security, service improvement
Documents	Copies of identity documents, proof of income	AML/KYC compliance

Purpose and Legal Basis for Processing

Art. 6 GDPR — Lawfulness

Contract performance (Art. 6§1b) — Management of loans, repayments, and banking transactions.
Legal obligation (Art. 6§1c) — KWG, GwG, SCHUFA compliance and tax obligations.
Legitimate interest (Art. 6§1f) — Fraud prevention, system security, service improvement.
Consent (Art. 6§1a) — Sending newsletters and informational material (freely revocable).

Data Recipients

Art. 13§1e GDPR — Recipients

Your data may be disclosed to the following categories of third parties:

Credit assessment services — SCHUFA and other competent bodies for creditworthiness assessment.
Supervisory authorities — BaFin, tax authorities, anti-money laundering authorities.
Service providers — IT, legal services, auditors, always with a data processing agreement.
Partner banks — For the execution of bank transfers and SEPA payments.

Important: We never sell your data to third parties for commercial purposes. Any communication is exclusively carried out for the purposes mentioned above.

Data Retention

Art. 13§2a GDPR — Retention Periods

Category	Retention Period	Legal Basis
Contractual data	Contract duration + 10 years	§ 147 AO / § 290 HGB
AML/KYC data	5 years after end of relationship	§ 8 GwG
Technical files	90 days	System security
Newsletter	Until consent is withdrawn	Art. 6§1a GDPR

Your Rights

Art. 15–21 GDPR — Data Subject Rights

As a data subject, you have the following rights:

Right of Access

Right to be informed about the data we hold about you (Art. 15).

Right of Rectification

Correction of inaccurate data or completion of incomplete data (Art. 16).

Right to Erasure

Erasure of data under certain conditions (Art. 17).

Restriction of Processing

Restriction of data use in specific cases (Art. 18).

Data Portability

Obtaining data in a structured and readable format (Art. 20).

Right to Object

Objection to processing for direct marketing purposes (Art. 21).

To exercise your rights, contact the Data Protection Officer at info@daneio.eu. We respond within 30 days in accordance with the GDPR.

Cookies and Tracking Technologies

Art. 6§1a GDPR — ePrivacy

We use cookies and similar technologies for the operation and improvement of the Platform:

Necessary cookies — Essential for the basic operation of the Platform (login, session security). No consent required.
Analytical cookies — Used to understand the use of the Platform. Consent required.
Functionality cookies — Saving user preferences. Consent required.

You can manage your preferences via your browser settings or by contacting us. For more information, see our Cookie Policy.

Data Security

Art. 32 GDPR — Technical Measures

Daneio Bank implements appropriate technical and organizational measures to protect your data:

Encryption of data in transit (TLS/SSL) and at rest.
Role-based access control and principle of least privilege.
Regular backups and restoration tests.
System monitoring for anomaly and threat detection.
Staff training on security and data protection.

In the event of a data breach likely to result in a risk to your rights, we will inform you within 72 hours in accordance with Art. 33 GDPR.

Policy Changes

Art. 13§2 GDPR — Information

Daneio Bank reserves the right to modify this Data Protection Policy at any time. Any changes will be communicated by:

Information email to the address you have provided.
Notification on the Platform upon your next login.
Update of the "Last updated" date at the top of this page.

Continued use of the Platform after notification of changes constitutes acceptance of the new Policy.

Contact & DPO

Art. 13§1b GDPR — DPO Contact Details

For any questions regarding the processing of your data or to exercise your rights, contact the Data Protection Officer:

If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority.

Data Protection Officer — Daneio Bank

Panepistimiou 73, Athina 105 64, Greece
info@daneio.eu
+30642771070
http://127.0.0.1:8000