GOIN’S PRIVACY POLICY

Goin is a completely free technological application that allows its users to achieve any goal they have set in the app through automatic savings and investments. We want to be transparent with you and make sure you know clearly what we do with your personal data when you register and use the services of the Goin app.

Access to and usage of the Goin app are regulated by the General T&C and this Privacy Policy, in compliance with the General Data Protection Regulation 679/2016 (GDPR) and Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights. We inform you that using the Goin application requires accepting this company’s Privacy Policy, and if you do not agree with the content of these legal texts, you should not use the Goin app.

1. 1. DATA CONTROLLER

Prakma Innovation, S.L.U. (hereinafter, “Prakma” or the “Controller”), with address at Calle  Aribau 230-240 Planta 5, Oficina M-N, 08006, Barcelona. You can contact us by email at gdpr@goin.app.

2. 2. PURPOSES AND CHARACTERISTICS OF PROCESSING

You have the right to know what personal data we have about you, why we collect it, how long we keep it and what we use it for. To do so, we will explain, step-by-step, the process of collecting your data, how we subsequently process them and the applicable retention periods for each of our purposes.

a) Registration on the Goin app: You need to have a personal account in the Goin app to access the services it offers, among other reasons, on the legal basis of the execution of the contractual relationship that you maintain with Prakma for the access and use of the Goin app. Furthermore, this information is necessary to comply with our regulatory obligations and to guarantee the security of your information as we will explain below. Therefore, during the registration process, we will ask you to provide us with:

1. 1. 1. Mobile phone number to link with your personal account and to which we will send a verification code during your registration.
      2. Name and surname.
      3. Contact email to link your personal account to.
      4. Date of birth.
      5. Invitation code, in the event you have received an invitation to join the Goin app.
      6. Access PIN that you must enter during registration and that will be linked to your user account for greater security when accessing the Goin app.

1. 1.  

This information is necessary to (a) generate your personal Goin user account based on the contractual relationship between you and Prakma for the use of the Goin app, in accordance with our General T&C; (b) guarantee the security of your future logins and prevent any misuse of your personal account and the services of the Goin app, based on our legitimate interest in guaranteeing our users a safe and quality service; (c) verify your identity to comply with our regulatory obligations regarding the prevention of money laundering and terrorist financing; (d) communicate with you when necessary for the execution of the procured services, including by electronic means (limited to non-commercial service communications, unless you give us your express consent to do so).

b) Use of the Goin app services: To be able to use the savings and investment systems offered by the Goin app, as well as to provide you with advantages in your purchases, discounts or other promotions that we make available to users through the Goin app, based on the execution of the contractual relationship that you maintain with Prakma and for the fulfillment of our regulatory obligations, we will need you to add your bank account and card details so that they are linked to your personal account and in order to provide you with the services that you request from us through the Goin app.

i. Card number, expiration date and CVV

This information is necessary to (a) create your savings goals; (b) transfer your savings from your bank account to your Goin account, which you can withdraw back to your bank account whenever you want; (c) add money to invest with a direct debit to your card. Therefore, if we do not have this information, we will not be able to provide the savings and investment services that you procure through the use of the Goin app.

ii. Personal identification document (i.e., passport, driver’s license, residence card)

When you deposit your first €, we will ask you to provide us with a photograph of your ID, residence card, passport or driver’s license to verify your identity and to be able to comply with the regulations on the prevention of money laundering and terrorist financing. At the same time, we will ask you to provide us with a personal photo and therefore we will ask you for access to your camera on your mobile phone or the device you are using. We will also request your ID or similar document that identifies you to verify your identity when you request a withdrawal of money to your bank account. 

iii. Bank entity and online banking access credentials

This information is necessary to execute the savings services that you procure through the use of the Goin app and to provide you with the best advantages and commercial discounts on your purchases, such as to (a) check the movements in your bank account to be able to automatically apply discounts and refunds for your purchases, as well as the automatic withholdings and/or rounding savings methods that you configure yourself from the Goin app as a result of having linked your card; (b) verify your identity when you wish to withdraw the money saved in your personal account, in order to comply with our legal obligations and guarantee the security of your money.

With these credentials, we can ask your bank for access to your bank account in accordance with the PSD2 Regulation. The access credentials that you provide us with are read-only, so no operations can be carried out in your account that you have not previously ordered us to do. 

iv. Data on your banking operations

This information is necessary (a) to be able to apply the saving and investment methods, as we must be able to monitor your banking movements, since they are based on your expenses, income, risk profile for investment operations, etc.; (b) we apply cashback programmes in which you will receive refunds for a percentage of the price you have paid when you make purchases at one of our partners’ establishments, so we need to know the details of the transaction to be able to validate it and offer you the benefits of the offer (see our General T&C to learn about the cashback method); (c) we also help you monitor your expenses to be able to offer you insights or advice so that you can achieve your goals in an optimal way.

v. Data of your contacts for the referral programme

The referral code, in the General T&C, can be shared with third parties and thus you can obtain different benefits, as long as you comply with the requirements defined in said General T&C. To do so, we need to access the contacts on your device and thus make it easier for you to send the code. When you open the Goin app for the first time on your device, we will ask you to give us access to your contacts. If you accept, we inform you that said access is only for the purposes detailed herein and that these data are not stored or shared with third parties.

vi. Data on your use of the Goin app and its services

In accordance with the previous points, to improve the execution of the services that we offer you through the Goin app, and in accordance with the applicable laws, we need to collect information on your bank accounts and payment cards, savings goals linked to your Goin account, and your position relative to the financial and investment products that you have procured through the Goin app. We may use this information to (a) send you alerts on movements, annotations, accumulated savings and/or liquidity needs as part of the execution of the Goin app’s services; (b) develop a profile of financial behavior according to your level of income and expenses. We will not use your profile for automated decision-making that may affect you legally or in any other significant way, unless you have given us your express consent for a specific purpose (i.e., procurement of an automated investment service). However, you will always be informed of the status of the services you procure through the Goin app, being able to take control at any time; (c) inspire other Goin users through the visibility of certain actions in the social feed as also indicated in the General T&C. 

c) Processing for advertising purposes: Provided you give us your consent, we can keep you informed of the new products and services that we offer in the Goin app, including through electronic means, or present you with offers from our partners for the purchase of products and services that you incorporate as savings goals, in addition to providing you with periodic information through our Newsletter service. You can withdraw your consent at any time and we will unsubscribe you from our mailing list.

In addition, in the event that you are a customer, Law 34/2002, of July 11, 2002, on information society services and electronic commerce allows us to send you information related to the services you have previously contracted with the Goin app. In any case, we will only send you information about our services when it is clearly interesting and truly beneficial to you, offering you the possibility to oppose it in each communication or communicating with Prakma through the contact means indicated in this Policy, in accordance with the regulations of services of the information society.

d) Other compatible purposes: Based on our legitimate interest, we may anonymize personal data to obtain information about which products and services work best on the Goin app and are most interesting to our users, in order to enhance or improve them, as well as to conduct statistical and research studies on the consumer and financial sector, directly or through our partners. 

For these purposes we have implemented protection measures to ensure the confidentiality of your information and privacy of your identity, such as selection of relevant and strictly necessary information for each of the studies that we will perform, aggregate data processing, as well as the irreversible anonymization of data through encryption and unlinking of any information with your identification data and blurring of accurate data by applying rounding techniques, avoiding any form of re-identification and linking such data with your identity. This processing is based on Prakma’s legitimate interest in improving the services provided to its customers and does not prejudice the data protection rights of the data subjects. If you would like to object to such processing or to know more details about the weighting test of the legitimate interest carried out by Prakma, you can request it via email: gdpr@goin.app.

In cases where we have to share such information with third party partners Parkma for these purposes, we will strengthen the implementation of these measures, in order to ensure that no third party can access your personal information, preventing to know details about your spending habits, banking information or your cards or any form of identification or linking of information with your person. We are aware of the technical difficulty involved in guaranteeing anonymization in the long term, so, in any case, as a sign of our commitment to provide you with transparent information and respect your data protection rights, we periodically review the anonymization processes to identify risks, implement measures to mitigate them and thus constantly reinforce your privacy.

3. 3. RECIPIENTS OF YOUR PERSONAL DATA

Your personal data may be communicated to the following third parties, with whom we have signed collaboration agreements in order to offer the services of the Goin app. In addition, we have contracts that regulate the communication and processing of personal data of Goin users, in order to ensure an adequate level of protection, even when these partners are located outside the European Economic Area (EEA), by signing the Standard Contractual Clauses approved by the European Commission to legitimize international data transfers. In particular, we will communicate your data with the following entities:

a) Easy Payment and Finance S.P. S.A.U., as a payment institution authorized by the Bank of Spain (No. 6849) for the provision of virtual bank account management services where we keep your money associated with your personal account. Easy Payment and Finance S.P. S.A.U. acts as the data controller of your personal data for the bank account and money deposit services associated with the use of the Goin app, so they have access to all the data necessary for identity verification (know your client), banking and operational data, whose processing is necessary to comply with the obligations of prevention of money laundering and terrorist financing.

b) Kernel Labs, S.L., as a provider of payment gateway technology services. Kernel Labs, S.L., is an entity linked to the same business group of Prakma that has developed a technology that allows Prakma to manage the money movements between your bank account and the Goin app accounts.

c) Bitstamp Europe SA., a company authorized and regulated in Luxembourg that provides the cryptocurrency exchange platform services used by the Goin app for investment services in cryptocurrencies. Prakma will execute your buy and sell orders that you place from your Goin account through Bitstamp, which may have your data for the fulfillment of its legal obligations in financial regulatory matters, prevention of money laundering and terrorist financing and, in particular, to execute the service linked to your order to buy and sell cryptocurrencies. You can find more information in Bitstamp’s Terms and Conditions and Privacy Policy.

d) Paylead, SAS.,  a Partner of the Cashback program, which consists in receiving remuneration for purchases you make at the merchants that publish their offers within the Cashback program. In this case, Paylead may securely process your banking data (previously pseudonymized by Prakma) as data controller in relation to the management services of the Cashback program and for the performance of aggregate statistical studies of various commercial sectors in order to provide the user with personalized Cashback offers (based on consumption habits), identify transactions eligible for cashback and generate and pay the user’s cashback amounts. For more details, please consult Paylead’s Privacy Policy.

e) Triple Technologies LTD, Partner of the Cashback program, consists in receiving remuneration for purchases you make at the merchants that publish their offers within the Cashback program. In this case, Triple may process your data (previously pseudonymized by Prakma) as a data controller in relation to the management services of the Cashback program and for the performance of aggregate statistical studies of different commercial sectors. For more information, you can consult Triple’s Terms and Conditions and their Privacy Policy.

f) Shoppiday Digital S.L., Partner of the Cashback program, consists in receiving remuneration for purchases you make at merchants that publish their offers within the Cashback program. In this case, Shoppiday may process your data (previously pseudonymized by Prakma) as a data controller in relation to the management services of the Cashback program and for the performance of aggregated statistical studies of various commercial sectors. For more information, you can consult Shoppiday’s Terms and Conditions and their Privacy Policy.

g) OpenAI, an artificial intelligence research platform, which provides an advanced language model, ChatGPT technology, to power the personal assistant chatbot within the app in order to prepare personalized assistance and address user-requested inquiries. In this case, OpenAI may process your data (previously pseudonymized by Prakma) as a data controller in relation to the analysis of your account-related matters such as transaction history to detect user preferences and financial patterns. Prakma reinforces its use of in-house encryption techniques and breaks any connection between encrypted data and your identifying information, aiming to achieve irreversible anonymization of your personal data. For more information, you can consult OpenAI’s Terms and Conditions and their Privacy Policy.

h) GoogIe, an international technology company, which provides an advanced language model, Bart technology, to power the personal assistant chatbot within the app in order to prepare personalized assistance and address user-requested inquiries. In this case, OpenAI may process your data (previously pseudonymized by Prakma) as a data controller in relation to the analysis of your account-related matters such as transaction history to detect user preferences and financial patterns. Prakma reinforces its use of in-house encryption techniques and breaks any connection between encrypted data and your identifying information, aiming to achieve irreversible anonymization of your personal data. For more information, you can consult Google’s Terms and Conditions and their Privacy Policy.

i) Profielectra S.L., hereinafter referred to as Selectra, a partner providing advice on electricity, gas, internet, and mobile tariffs. In this case, Selectra may process your data (previously pseudonymized by Prakma) as the data controller in relation to tariff advisory services and for the conduct of aggregated statistical studies in different commercial sectors. For more information, you can consult Selectra’s Terms and Conditions and their Privacy Policy or you will be provided with all the information about the processing of your personal data at the moment Selectra gets in touch with you.

j) Analytical partners with whom we collaborate to carry out statistical studies and market research in order to generate internal knowledge in Prakma by applying R&D processes. Our collaborations for these purposes are based on the aggregation of data and the application of in-house encryption techniques and the breaking of any connection between the encrypted data and your identification data, in order to achieve an irreversible anonymization of your personal data.

k) Banking aggregation partners who will be in charge of guarding the banking credentials and will function as a technological channel in the interaction with your bank for the connection of your account and the recurrent reading of banking transactions. See Morpheus Aiolos S.L’s Terms and Conditions and Tink’s Terms and Conditions.

l) Other service providers, such as hosting and cloud storage services (Google Cloud servers in Belgium), email services, providers of user validation services (Alice Biometrics, Twilio, etc.), gift card providers (Tillo), providers of business management tools such as ERP solutions, CRM, analytical tools, email marketing and contact, as well as Prakma’s auditing companies or potential investors in the context of due diligence activities prior to investment or business structuring processes.

m) Public authorities, fraud prevention agencies, credit reference agencies, Security Forces and Corps, Judges and Courts, Bank of Spain or any other entity to which we are obliged to provide your data by law.

Prakma reserves the right to change suppliers and partners when it deems appropriate, and to use for the provision of the services of the Goin app any other collaborations or services of third parties available on the market at any time.

4. 4. DATA RETENTION PERIOD

We will retain your data for as long as your personal account in the Goin app remains active. In any case, if you wish to cancel your personal account, once you have withdrawn your funds deposited in your Goin account, both savings and investment, we will proceed to block your data through encryption and, in accordance with data protection regulations, limiting any access to the minimum necessary for the case that we are required by public authorities, judges and courts, as well as regulatory control authorities and data protection as the Spanish Data Protection Agency during the prescriptive period of legal responsibilities for the processing of data reported here.

In particular, such retention periods shall be:

MATERIAL	INFORMATION	DETENTION PERIOD	LEGAL GROUNDS
Contractual documentation	Information related to your Goin account, such as your registration in the app, contracted services, newsletter subscriptions, acceptance of our legal texts, unsubscription process, etc.	5 years	Art. 1.964 – Civil Code
Investor Profile	Documentation and information obtained from investor profiling, including the recording of all services and transactions.	5 years	Markets in Financial Instruments Directive (MiFID)
Opposition to commercial communications	Contact details of recipients of promotional actions, once the consent has been withdrawn or by means of opposition to receive commercial information.	5 years	Art. 1.964 – Civil Code
Personal data processing	Information on data processing (detailed in this policy) and proof of compliance with our obligations.	3 years	Art. 78 – LOPDGDD
Information society services	Information related to user information obligations, electronic commercial communications and electronic contracting.	3 years	Art. 45 LSSI-CE
Anti-money laundering and fraud prevention	Information identifying the users and records that adequately prove the operations, the parties involved in them and the users’ business relationships. and the business relationships of the users.	10 years	Article 25 of Law 10/2010 on the prevention of money laundering and the financing of terrorism.

In any case, such data retention periods in blocked status will be subject to the 10-year retention period established in art. 25 of Law 10/2010, of April 28, 2010, on the prevention of money laundering and terrorist financing.

5. 5. YOUR DATA PROTECTION RIGHTS

Prakma guarantees in any case the exercise of your rights of access, rectification, deletion, opposition, limitation of processing and portability of data, as well as not to be subject to automated decisions, putting at your disposal an email address (gdpr@goin.app) to which you can send your requests for the exercise of rights, indicating in the subject “ARCOPOL” (Access, Rectification, Cancellation, Portability, Opposition and  Limitation of Processing).

In accordance with the applicable regulations on data protection, such request must contain the following data of the applicant: name and surname, address for notification purposes, and a photocopy of the National Identity Card or any other valid document that proves your identity, as well as a description of the request in which your request is specified. Any request that does not include the aforementioned data will not be processed by Prakma. 

Prakma may ask you for additional information to verify your identity before proceeding to respond to your request.

You may withdraw your consent at any time for those processing operations and purposes set out above that have a lawful basis in consent. This withdrawal of consent will stop any future processing for that purpose, but will not render unlawful any previous processing carried out while your consent was in force.

You also have the right to complain to the Spanish Data Protection Agency if you consider that the processing of your personal data by Prakma has not been adequate or does not comply with the applicable regulations.

Last update: 30 August 2023