Last Updated: May 15, 2025
At Schnl, we collect and process various types of information to provide you with our banking services. This includes personal identification information such as your full name, date of birth, government-issued ID numbers, residential address, contact details, tax identification numbers, and biometric data for verification purposes. We collect this information through various channels including our website, mobile applications, customer service interactions, and third-party verification services.
We also collect financial information including your bank account details, transaction history, credit scores and reports, investment portfolio data, and tax documentation. This information is essential for providing you with secure and efficient banking services. We may also collect information about your device, IP address, and browsing behavior to enhance security and improve our services.
Additionally, we collect information about your preferences, feedback, and interactions with our services. This helps us personalize your experience and improve our offerings. We may also collect information from third-party sources, such as credit bureaus and identity verification services, to verify your identity and assess your creditworthiness.
Your information is used internally for account management, transaction processing, fraud prevention, customer service, and product development. We continuously work to improve our services based on how our customers use them. This includes analyzing transaction patterns, customer feedback, and service usage to identify areas for improvement and innovation.
We may share your information with regulatory authorities, law enforcement agencies, financial institutions for transfer processing, credit bureaus, and legal advisors. This sharing is done in compliance with applicable laws and regulations to ensure the security and legality of our services. We maintain strict confidentiality agreements with all third parties who have access to your information.
In cases of mergers, acquisitions, or business transfers, your information may be transferred as part of the transaction. We will notify you of any such changes and ensure that your information remains protected under the new ownership. We may also share aggregated, anonymized data for research and analysis purposes, which cannot be used to identify individual users.
We implement robust security measures to protect your data. This includes 256-bit AES encryption for data at rest, TLS 1.3 for data in transit, mandatory multi-factor authentication, and regular security audits and penetration testing. Our security infrastructure is continuously monitored and updated to address emerging threats and vulnerabilities.
Our access control systems include role-based access management, IP-based restrictions, session timeouts, and comprehensive activity logging and monitoring. These measures ensure that your data remains secure and protected from unauthorized access. We employ advanced threat detection systems and conduct regular security assessments to identify and mitigate potential risks.
We maintain a dedicated security team that works around the clock to monitor and respond to security incidents. Our incident response plan is regularly tested and updated to ensure quick and effective response to any security breaches. We also maintain cyber insurance coverage to protect against potential financial losses from security incidents.
We retain your account information for 7 years after account closure, transaction records for 7 years, KYC documents for 10 years, and communication logs for 2 years. This retention period is necessary to comply with legal and regulatory requirements. We regularly review our retention periods to ensure they align with current regulations and business needs.
You have the right to request the deletion of your data. We process such requests within 30 days, subject to legal requirements. In cases where complete deletion is not possible, we offer data anonymization as an alternative. We maintain detailed records of all data deletion requests and their outcomes.
When data is deleted, we ensure that it is completely removed from our active systems and backups. We use secure data destruction methods that comply with industry standards. We also maintain records of data deletion for audit purposes, which are themselves subject to appropriate retention periods.
When transferring your data internationally, we use standard contractual clauses, binding corporate rules, and approved certification mechanisms. All transfers are conducted in compliance with applicable data protection laws. We maintain detailed records of all international data transfers and regularly review our transfer mechanisms to ensure they remain compliant.
We maintain compliance with major data protection frameworks including GDPR, CCPA, and local data protection laws. Our practices are regularly audited to ensure they meet or exceed industry standards. We have appointed data protection officers in relevant jurisdictions to oversee compliance with local regulations.
In cases where we transfer data to countries without adequate data protection laws, we implement additional safeguards such as encryption and strict access controls. We regularly assess the data protection laws of countries where we operate and update our practices accordingly. We maintain a comprehensive data transfer impact assessment process to evaluate and mitigate risks associated with international data transfers.
You have several rights regarding your personal data, including the right to access, port, rectify, restrict processing, and object to processing. We provide easy-to-use tools to exercise these rights. Our data subject rights request process is designed to be user-friendly and efficient, with clear timelines for response and resolution.
Our privacy preferences dashboard allows you to control your data settings, manage marketing communications, handle cookies, and export your data. We regularly update these tools to ensure they meet your needs. The dashboard provides real-time updates on your privacy settings and clear explanations of how each setting affects your data.
We provide detailed information about how your data is used and shared, and offer multiple channels for exercising your rights, including online forms, email, and customer service. We maintain records of all data subject rights requests and their outcomes, and regularly review our processes to ensure they remain efficient and user-friendly.
We use various types of cookies to enhance your experience: essential cookies for functionality, analytics cookies for improvement, marketing cookies for personalization, and third-party cookies for services. Our cookie policy is regularly updated to reflect changes in our practices and new types of cookies we may use.
Our tracking technologies include pixel tags, web beacons, mobile device identifiers, location tracking, and behavioral analytics. These help us understand how you use our services and improve them accordingly. We provide clear information about each tracking technology we use and its purpose.
We offer granular controls over cookie and tracking preferences, allowing you to choose which types of cookies and tracking technologies you accept. Our cookie consent mechanism is designed to be user-friendly and compliant with relevant regulations. We regularly review our cookie and tracking practices to ensure they remain necessary and proportionate to their purposes.