Legal
Privacy Policy
1. Introduction
This Privacy Policy (the "Policy") describes how DEVYREX VB LTD ("viaBanking," "we," "us," or "our") collects, uses, stores, and protects personal data in connection with the operation of https://viabanking.com/ (the "Website"), the viaBanking API, and all related software, widgets, tools, and services (collectively, the "Service").
viaBanking is a software-only technology solution, a middleware aggregation layer built on top of open banking infrastructure. viaBanking is not a bank, electronic money institution, payment service provider, or any other type of regulated financial services provider. This distinction is important for understanding the scope and nature of data processing described in this Policy.
We are committed to protecting your privacy and handling your personal data in compliance with applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK General Data Protection Regulation ("UK GDPR"), and the Data Protection Act 2018, as applicable.
By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with the practices described herein, please do not use the Service.
2. Data Controller
The data controller responsible for the processing of personal data described in this Policy is DEVYREX VB LTD, company number 17289324, registered at 2nd Floor College House, 17 King Edwards Road, Ruislip, London, United Kingdom, HA4 7AE.
For any data protection enquiries, please contact us at: privacy@viabanking.com.
3. Personal Data We Collect
We may collect and process the following categories of personal data:
Identity and contact data: name, surname, email address, telephone number, company name, job title, and postal address.
Account and credentials data: username, password (in hashed form), API keys, access tokens, and account preferences.
Technical and device data: IP address, browser type and version, operating system, device identifiers, time zone settings, and referral URLs.
Usage and analytics data: information about how you interact with the Service, including pages visited, features used, API call logs, session duration, and navigation paths.
Transaction and billing data: billing address, payment method information, invoicing records, and transaction history related to your use of the Service.
Communications data: records of correspondence with us, including emails, support tickets, and chat messages.
Integration data: technical configuration data related to your API integration, including webhook endpoints, connected provider identifiers, and integration logs.
Important: viaBanking operates as a technical pass-through layer. Where end-user financial data (such as account balances or transaction histories) transits through our systems as part of API aggregation, such data is processed solely for the purpose of routing it to the intended recipient and is not retained beyond what is technically necessary for the operation of the Service, unless otherwise required by law.
4. How We Collect Personal Data
(a) Directly from you when you register for an account, contact us, subscribe to communications, or submit information through the Website or API dashboard.
(b) Automatically through cookies, server logs, and similar technologies as you interact with the Service (see our Cookie Policy for details).
(c) From third parties including payment processors, analytics providers, and identity verification services where applicable.
5. Purposes and Legal Bases for Processing
To provide and operate the Service, including API access and account management. Legal basis: performance of a contract.
To process payments and manage billing. Legal basis: performance of a contract, legitimate interests.
To communicate with you, including responding to enquiries and providing support. Legal basis: performance of a contract, legitimate interests.
To monitor, maintain, and improve the security, performance, and reliability of the Service. Legal basis: legitimate interests, legal obligations.
To detect and prevent fraud, misuse, and unauthorised access. Legal basis: legitimate interests, legal obligations.
To comply with applicable legal and regulatory requirements. Legal basis: legal obligations.
To analyse usage patterns and improve the Service. Legal basis: legitimate interests.
To send marketing communications (where you have opted in or where permitted by law). Legal basis: consent, legitimate interests.
To enforce our Terms of Use and protect our rights and interests. Legal basis: legitimate interests.
To manage business relationships and conduct internal administration. Legal basis: legitimate interests.
6. Data Sharing and Recipients
We may share your personal data with the following categories of recipients:
- Service providers and processors including hosting providers, payment processors, analytics services, and customer support tools that assist us in operating the Service;
- Third-Party Providers open banking providers, banks, and EMIs to which you connect through the Service, to the extent necessary to facilitate the technical connection (note: once your data reaches a Third-Party Provider, that provider's own privacy policy governs);
- Professional advisors including legal, accounting, and auditing firms;
- Regulatory and governmental authorities where required by law, regulation, or legal process;
- Corporate transactions in connection with any merger, acquisition, reorganisation, or sale of assets, provided the acquiring entity assumes equivalent data protection obligations.
We do not sell your personal data to third parties.
7. International Transfers
Your personal data may be transferred to, stored in, or processed in countries outside the European Economic Area ("EEA") or the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place, including standard contractual clauses approved by the European Commission or the UK Information Commissioner's Office, adequacy decisions, or other legally recognised mechanisms.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal, regulatory, and contractual obligations. General retention periods include:
- Account and contract-related data: for the duration of the contractual relationship and up to six (6) years thereafter for tax and legal compliance;
- Transaction and billing records: up to six (6) years;
- Technical logs and API usage data: up to twenty-four (24) months;
- Marketing consent records: until consent is withdrawn.
When personal data is no longer required, it is securely deleted or anonymised.
9. Your Data Protection Rights
Depending on your jurisdiction, you may have the following rights:
Right of access: to request a copy of the personal data we hold about you.
Right to rectification: to request correction of inaccurate or incomplete data.
Right to erasure: to request deletion of your data where it is no longer necessary.
Right to restriction: to request that we limit the processing of your data in certain circumstances.
Right to data portability: to receive your data in a structured, commonly used, machine-readable format.
Right to object: to object to processing based on legitimate interests or direct marketing.
Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time without affecting prior processing.
To exercise any of these rights, please contact us at privacy@viabanking.com. We may request additional information to verify your identity. We will respond to your request within one (1) month, or within the applicable statutory timeframe.
10. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and incident response procedures. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Automated Decision-Making
We do not engage in automated decision-making that produces legal effects or similarly significant effects on you. We may use automated processes for fraud detection and system monitoring, but these do not result in decisions that solely determine your access to the Service without human review.
12. Children's Data
The Service is not directed at individuals under the age of eighteen (18). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
13. Complaints
If you have any concerns about how we handle your personal data, please contact us at privacy@viabanking.com. We will endeavour to resolve your concern promptly.
You also have the right to lodge a complaint with the relevant supervisory authority. If the data controller is established in the UK, this is the Information Commissioner's Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; website: https://ico.org.uk; telephone: 0303 123 1113.
14. Changes to This Policy
We may update this Policy from time to time. The updated version will be published on our Website with a revised "Last Updated" date. We encourage you to review this Policy periodically. Where material changes are made, we will use reasonable efforts to notify you.
15. Contact
Company: DEVYREX VB LTD
Address: 2nd Floor College House, 17 King Edwards Road, Ruislip, London, United Kingdom, HA4 7AE
Email: privacy@viabanking.com