PRIVACY POLICY

We give utmost importance to the protection of data of our users. This Privacy Policy defines the purpose and methods of processing personal data and explains how we collect, use, process and disclose your data, including data regarding your access to and use of the Flik POS mobile application (hereinafter: the mobile application, the Flik POS mobile application).

References to “we”, “us” or “our” herein refer to one of the user’s (savings) banks stated below, which is responsible for processing your data (hereinafter: the Data Controller):

• Addiko Bank d.d., with its registered office and registered address at Dunajska cesta 117, 1000 Ljubljana. For additional information regarding the collection, processing and protection of data, please write to dpo.si@addiko.si or call +386 (0)1 580 40 00.
• Banka Sparkasse d.d., with its registered office and registered address at Cesta v Kleče 15, 1000 Ljubljana. For additional information regarding the collection, processing and protection of data, please write to info@sparkasse.si or call +386 (0)1 583 66 66.
• BKS Bank AG, with its registered office and registered address at Verovškova ulica 55a, 1000 Ljubljana. For additional information regarding the collection, processing and protection of data, please write to info@bksbank.si or call +386 (0)1 589 57 18.
• Delavska hranilnica d.d. Ljubljana, with its registered office and registered address at Miklošičeva 5,, 1000 Ljubljana. For additional information regarding the collection, processing and protection of data, please write to info@delavska-hranilnica.si or call +386 (0)1 300 02 00.
• DBS d.d., with its registered office and registered address at Kolodvorska ulica 9, 1000 Ljubljana. For additional information regarding the collection, processing and protection of data, please write to info@dbs.si or call +386 (0)1 472 71 00.
• Gorenjska banka d.d., with its registered office and registered address at Bleiweisova cesta 1, 4000 Kranj. For additional information regarding the collection, processing and protection of data, please write to info@gbkr.si or call +386 (0)4 208 40 00.
• LON d.d., with its registered office and registered address at Žanova ulica 3, 4000 Kranj. For additional information regarding the collection, processing and protection of data, please write to info@lon.si or call +386 (0)4 280 07 77.
• N Banka d.d., with its registered office and registered address at Dunajska cesta 128a, 1000 Ljubljana. For additional information regarding the collection, processing and protection of personal data, please write to dpo@nbanka.si or call 080 22 65.
• NOVA KBM d.d., with its registered office and registered address at Ulica Vita Kraigherja 4, 2000 Maribor. For additional information regarding the collection, processing and protection of data, please write to dpo@nkbm.si or call 080 17 70.
• NLB d.d., with its registered office and registered address at Trg republike 2, 1520 For additional information regarding the collection, processing and protection of data, please write to info@nlb.si or call +386 (0)1 252 24 22.
• SKB banka d.d., with its registered office and registered address at Ajdovščina 4, 1000 Ljubljana. For additional information regarding the collection, processing and protection of data, please write to dpo@skb.si or call +386 (0)1 471 55 55.
• UniCredit Banka Slovenija d.d., with its registered office and registered address at Ameriška ulica 2, 1000 Ljubljana. For additional information regarding the collection, processing and protection of data, please write to dpo@unicreditgroup.si or call 080 88 00.

For information on the data protection officer of the Data Controller, please contact the Data Controller using the contact details above.

References to “you”, “your” or “yours” herein refer to you as a user of our service.

For the purposes of this Privacy Policy, the service includes all services related to sending and receiving instant payments in accordance with the rules of the Slovenian national Flik scheme and the General Terms and Conditions of the Flik POS mobile Application (hereinafter: the Terms and Conditions).

By accepting the Terms and Conditions together with this Privacy Policy, you confirm that you are familiar with this Privacy Policy. The data we collect, use, process and keep are used only to provide and improve the service. We will not use, share or disclose your data to third parties except as described herein.

1. What data are being collected and/or processed?

I. Data about you/your device:

• type of user (business subject),
• name of the business subject,
• address: street and number, town, postal code,
• tax number,
• transaction account data (IBAN and BIC),
• contact number for sending a one-time password,
• contact information (alias): telephone number, e-mail address,
• information about your mobile device,
• push token,
• operating system and version,
• mobile application and its version,
• IP address,
• data about transactions.

II. Use of permissions on your device
The mobile application requires access to the data and components of your device described below for the proper functioning of some of its functions.

Required permissions to use the mobile application on Android devices:

View network connections, Full network access, View Wi-Fi connections and Receive data from the internet
The mobile application requires access to the internet to function.

Disable stand-by mode
The mobile application requires access to this permission to prevent a device from switching to stand-by mode during the payment process.

Vibration control
The mobile application requires this permission to send feedback to you.

Read phone status and identity and change sound settings
The mobile application requires these permissions to be able to send audio feedback.

Read badge notifications
This permission is needed to allow to read and change number of notifications received by the mobile application.

Optional permissions to use the mobile application on Android devices:

Enable fingerprint authentication and biometrics
If your device supports fingerprint recognition or other biometric identification, the mobile application requires this permission for user authentication.

Directly call phone numbers
The mobile application needs access to call phone numbers to call the contact number of the user’s (savings) bank.

Required permissions to use the mobile application on iOS devices:

Read badge notifications
This permission is needed to allow to read and change number of notifications received by the mobile application.

Background App Refresh
It is used to refresh the mobile application while running in the background.

Optional permissions to use the mobile application on iOS devices:

Mobile data transfer
The mobile application requires access to the internet to function.

Fingerprint
If your device supports fingerprint recognition, the mobile application requires this permission for user authentication.

Face ID
If your device supports face identification, the mobile application requires this permission for user authentication.

Notifications
The mobile application needs access to notifications for sending and receiving push notifications.

You can limit the access to your data in the mobile application through the settings of your mobile device. Please note that certain functions will be disabled if you limit access which might cause the mobile application not to function properly. Biometric identification, such as fingerprint and face recognition, can be used instead of a password to log in to the Flik POS. Fingerprint or face data are stored exclusively on your mobile device. We do not process fingerprint and face image data (we do not store or access these data), which means that we are not the controller of such data. Nor can it be considered that such data are processed by our contractual processor on our behalf. Moreover, we are not liable nor do we guarantee the security of the fingerprint identification and facial recognition function on any device and the operation of the function as provided by the device manufacturer.

The mobile application will ask for your consent to process the data necessary for additional features provided by the mobile application – optional permissions.

2. For what purposes do we use the data we collect

We use, store, and process data, including data, about you and your device in order to provide the service of:

• • Verifying or authenticating information or identifications provided by you;
  • Authenticating your access to the mobile application;
  • Receiving instant payments via the QR interface;
  • Receiving instant payments in caste of defined at least one contact data (alias) in Flik register;
  • Reviewing transaction status managed with Flik POS mobile application
  • Providing and monitoring your payment transactions;
  • Receiving push notifications regarding important updates to the mobile application or other information related to the use of the mobile application.

Based on legitimate interests pursued by controllers and which are not overridden by your interests or your fundamental rights and freedoms, your data which we collected from you and are listed in point II. of chapter 1. are also processed for the purpose of providing a better and safer user experience and functioning of the application, and to prevent possible fraud and scam.

With your consent, your data are processed for the purpose of using additional functionalities of the mobile application, as stated in item II under the optional permissions for the use of the mobile application.

3. Data retention

Data of executed transactions are kept for 10 years after the transaction or after the termination of the business relationship with you or, if the collection of personal data is subject to you consent, until the revocation of consent.

4. With whom do we share the data

We do not provide or disclose data to third parties, unless we are required to do so by the law or other appropriate legal basis.

The processing of payment transactions on our behalf is performed by Bankart d.o.o., which has its registered office and registered address at Celovška cesta 150, 1000 Ljubljana and with which we have concluded an appropriate data processing contract and which is our contractual partner for the processing of data.

5. Push notifications and opt-out options

We may occasionally send you push notification for important mobile application updates or other information regarding the use of the mobile application. You may opt-out of receiving such notifications by going to your device Settings, clicking on App Notifications and then changing the settings.

6. Safety

We take the responsibility to ensure that your data is secured.
To prevent unauthorised access to or disclosure of data transmitted, stored or otherwise processed we maintain physical, technical, electronic, organisational and procedural safeguards that comply with applicable regulations to guard non-public data. All internet communications are secured using all necessary measures. We allow access to your data only to persons authorised to process such data who need to know such information in order to provide the service to you. These persons are bound by secrecy.

7. Amendments to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time in accordance with this provision. If this Privacy Policy is amended, the revised Privacy Policy will be posted on the website of the data processor Bankart d.o.o. and in the mobile application.

Ljubljana, 13/04/2022