Privacy Statement

You must be curious how we handle your personal data. In this Privacy Statement we explain how we handle your personal data and why we do so. We believe it’s important that you check this and understand our statement. Any questions left? Reach out out to us via [email protected]

Our principles are:

  • We will keep your personal data safe and private at all times
  • We will not sell your data
  • We always give you the option to adjust your marketing preferences

1. Introduction

This is the Privacy Statement of Flow Money Automation B.V. and we do our best to help you get a grip on your financial affairs. In this Privacy Statement we describe which personal data we process and why we need it. We want to be clear and transparent in this. We have set up our company in such a way that your privacy is always guaranteed first according to the principles of privacy by design and privacy by default. Flow has been assessed by an independent auditor and is ISO27001 certified. This is the standard in information security. In this way we can demonstrate that information security is an important element at Flow. Every year we are assessed on this by independent auditors who keep us sharp. You can find our certificate here. We shall, among others:

  • Limit the use of your personal information to the minimum necessary to run Our Services
  • Continuously inform us and let us advise on the obligations under privacy legislation
  • Raise awareness and train involved staff to ensure your privacy
  • Collaborate with the national regulators (AFM, DNB, AP, FIOD)
  • Have strict security standards and procedures to prevent unauthorized access to your data by anyone, including our staff
  • Only work with partners who comply with our strict information security policy so that we can guarantee your privacy

We reserve the right to unilaterally amend our Privacy Statement. You may not be able to use our services until you have accepted the latest version of our Privacy Statement. We will notify you when there are changes to the Privacy Policy. This Privacy Statement was published on August 20, 2020, the latest version can always be viewed via:

2. About us

Flow is responsible for processing your personal data. We take this job very seriously. And of course you want to know who we are. Here you have our data:

Flow Money Automation B.V.
Riperwei 54
8406 AK Tijnje
Chamber of Commerce: 72829796
E-mail: [email protected]

Flow has a so-called "PSD2 license". This is a license from the Dutch Central Bank with which we can offer our payment services. PSD2 stands for "Payment Services Directive 2" and is a guideline that ensures that European consumers can ask their bank to share data with companies such as Flow, in a safe and responsible manner. From July 13, 2020, Flow has a license to view your account information (Service 8) and to perform payment initiations (Service 7). You can find us in the DNB Register of Payment Institutions under number: R166735

3. Cookies

We use cookies to distinguish you from other visitors to the Site. This way we get a better picture of our visitors and we can improve the user experience of the Site. Would you like to know more about the cookies and our purpose with them? Read our Cookie Statement.

4. Type of data we collect

We collect and process data about you. There are several reasons why we process this information. Below is an explanation of what for, why and how long we keep the information:

  • ID data:
    Personal details (name, date of birth, place of birth, gender), ID document, address, company details (Chamber of Commerce number, UBO information)
  • Communication data:
    Social media profile, email address, mobile phone number
  • Identification data:
    Your email address, mobile phone number
  • Bank information:
    Details of your bank account, linked banks, your name known to the bank, IBAN number (s), balances
  • Transaction information:
    Per transaction (date and time, transaction amount, description (s), IBAN number (s), transaction attachments, counterparty (s)) and general (Balances)
  • Technical information:
    A unique identification number, IP address, time zone setting, operating system and platform, device information, session information, URLs you view on our Site, errors, duration of your visit, page interaction information (scroll behavior, mouse clicks)
  • Anti Money Laundering (AML):
    Background checks, transaction analysis and payment initiations

Overview of data

What data? Purpose? Which basis?? When?
ID data
  • Identification
  • Provide our services
  • Legal obligation
  • While connecting the App with your bank
Communication data
  • Provide our services
  • Legitimate interest
  • By communicating with Flow
  • During registration
Identification information
  • Identification
  • Provide our services
  • Communication
  • Legitimate interest
  • Execution of the agreement
  • During registration
Bank information
  • Provide our services
  • Legal obligation
  • Execution of the agreement
  • While connecting the App with your bank
Transaction information
  • Provide our services
  • Against money laundering and terrorist financing
  • Legal obligation
  • Execution of the agreement
  • While connecting the App with your bank
Technical information
  • Provide our services
  • Execution of the agreement
  • While using the Site and App
Anti Money Laundering (AML)
  • Against money laundering and terrorist financing
  • Legal obligation
  • After verifying your ID
  • With every incoming transaction
  • At every payment initiation

5. Storing information

The data we collect (ID data, communication data, identification data, bank information, transaction information, technical information, anti money laundering) is sent to and stored at a location in the European Economic Area (“EEA”): Amazon Web Services in Frankfurt, Germany. We only work with partners who meet the security requirements and comply with our Privacy Statement.

  • We store the information we collect on secure servers. Sending encrypted data is done through Transport Layer Security technology (“TLS”).
  • We have taken appropriate (technical and organizational) measures to protect your information. We protect our equipment with passwords, security procedures such as two-step verification and encryption of the storage medium.
  • Much of the storage of the data is legally required under the Wwft (Money Laundering and Terrorist Financing Prevention Act). This means that we have to check all transactions and report them to the regulator if they are suspicious.

Some of the information (communication data) is stored with our suppliers (including Whatsapp, Google, Facebook, Twitter) because we use their services. To the extent possible, we will require this to be stored within the European Economic Area (“EEA”).

As you can see, we will do our utmost to keep your personal information secure. We have internal procedures and policies regarding the security of our product to prevent unwanted access.

When do we remove it?

Type of information How long do we keep it? Why?
ID data 5 years Legal obligation
Communication data 1 year GDPR
Identification information 1 year GDPR
Bank information 5 years Legal obligation
Transaction information 5 years Legal obligation
Technical information 1 year GDPR
Anti Money Laundering (AML) 5 years Legal obligation

Protocol Data Leaks

We have taken strict measures to protect your personal information. In addition, the Data Leaks Protocol of the AP is active at Flow. Based on this protocol it is determined whether there is a data breach and under what conditions this must be reported to the Dutch Data Protection Authority (AP). We communicate transparently and honestly about this with you.

6. Sharing your data

We exchange personal information with the following authorities in order to provide Flow services:


We are required by law to report unusual transactions to the authorities. We may restrict or exclude you from using Flow based on unusual transactions.

Banks and financial service providers

We can work with these parties to provide services. Our role is to protect your personal data and we will never exchange data without a legitimate reason. Your data will only be sent to these service providers when you have asked us to use their service.

Advertising and analysis service providerss

We use a third party to analyze the use of the Site (Google Analytics). We do not exchange personal data, but draw up a profile of your use so that we can define different types of user groups.

7. Communication

We believe it is important to explain how we use your data to communicate with you and to state that you have the right to unsubscribe. You can unsubscribe from our mailings at any time by clicking unsubscribe at the bottom of the email or by contacting [email protected].

8. Your rights

You have rights regarding the personal data we collect. You can contact Flow at [email protected] to make your request.

The right to access

You have the right to request access to the personal data that we process. We will provide a copy of the personal data being processed.

The right to rectification

If your details are incorrect, you can request us to adjust the details. We will then correct this.

The right to erasure (oblivion)

By using the services of Flow we process your data. You have the right to ask us to delete this data from our systems. We will comply with this requirement without unreasonable delay, and when it is reasonably within our control.

If you no longer use your account, you can contact [email protected] to request that your data be removed from our system.

The right to portability (data portability)

You can request us to transfer your personal data in a structured, commonly used and machine-readable format. That way you can transfer your data to a new service provider without any obstacles.

We will try to fulfill legitimate requests within one month. Exceptionally, it can take us longer than a month, we ask for your understanding.