Latest update: 27 April 2023
1. What data do we process, and for which purpose
We collect the data for the conclusion, administration, and performance of our contractual relationship with you. We further process this data for the purpose of providing our services to you.
We may use the data to pursue legitimate interests, such as direct marketing, research, and development (including marketing research), ensure quality control and safety, carry out audits, enforce our agreements, and comply with our legal obligations.
We may use this data to communicate with you about activities on the App, changes to our agreements, solicit your feedback, respond to questions, comments, and other requests.
While operating the App, the website, and our services, we collect and process the following types of data.
a) Investment data when you link a bank or broker account
Linking your bank or broker account to the App is optional. It will allow you to view and partially share your investments, money accounts, transactions, and portfolio data (collectively “investment data”) in the App.
We use the external data processing provider SPLIT PAYMENTS, S.L. (“Flanks”), Calle Sol 55, 08840 Viladecans Barcelona, Spain, to extract data from your external accounts. yeekatee acts as the data controller, and Flanks is our data processor. We have a specific data processing agreement with Flanks. Both we and Flanks process particularly sensitive data during investment data extraction and will always ask for your consent before doing so.
During Flanks extraction process, the extracted investment data is stored in London, UK, on the servers of Flanks subcontractor Google Ireland Limited, 4 Barrow St, Dublin, Ireland. Upon completion of the extraction process, all investment data is removed from Flanks and its subcontractors’ servers and partially retained on our servers, as explained below. We are hosting our servers using the provider Amazon Web Services EMEA SARL, the retained investment data is hosted in Ireland, see Section 5.
Upon completion of extraction processing, the subsequent data is permanently removed and not retained on either our servers or those of Flanks:
- Login credentials, including usernames and passwords;
- Personal account details, such as ownership, name, email address, address, identity documents, or account identifiers;
- Payment specifics, including IBAN numbers, credit cards, debit cards, or alternative payment methods;
- Customized or distinct payment descriptions;
- Demographic information, such as age and gender;
- Location data;
- Employment-related information, including your job title and work details.
The following investment data is extracted, processed, and retained on our servers (but not on Flanks servers):
- The information that you have an account relationship with the linked bank or broker and de-identified account identifiers;
- Money accounts, including their type, balance, currency, and de-identified IBAN number or de-identified money account number;
- Investments, including their type, name, amount, balance, listing, currency, accrued interests, investment identifiers such as ISIN, expiration date, and leverage;
- Transactions, including dates, transaction identifiers, type, amounts, balances and prices, affected money accounts, affected investments, currencies and exchange rates, gross, net, commissions, fees and taxes, accrued interest, leverage, listings, and status information of the transaction.
Based on this extracted investment data, we calculate and store additional portfolio data on different aggregation levels, including but not limited to investment performance, investment statistics, cost price, holding periods, return, allocation, and impact of commissions, fees, and taxes.
Your usage of the App and linking of an account is not disclosed to your bank or broker, but it may be able to detect and/or prevent it.
Your investment allocation and performance on the levels total, aggregations like currency and individual investments are automatically displayed to other users. Absolute amounts and values are never disclosed to other users. You may limit the users who can view the aforementioned data in the privacy settings.
If you use the “Delete linked accounts” option in the App, all investment data referred to in Section 1a will be permanently removed in due time from our servers and the servers of our data processors.
b) User Profile Data
When you register for the App, our services require you to create a user profile.
This profile data we process on our servers includes:
- your name or alias
- yeekatee username
- location (optional)
- reference currency
- email address (verified)
- profile picture (optional)
- other information you provide to us in “About” (optional)
Your name, username, location, language, profile picture, and other information (“About”) is automatically shown to other users of the App. Your email address is never disclosed to other users.
If you use the “Delete yeekatee account” option in the App, all profile data and investment data referred to in Sections 1a and 1b will be permanently removed in due time from our servers and the servers of our data processors.
c) Functional and technical data
We automatically collect functional data regarding your use of the App, such as the types of content you interact with, information derived from your user content (including other users with whom you interact, topics you discuss, and anything else that you post or interact with via the App) and the frequency, duration, and timing of your activities. We may combine your data with other users’ data when they use the App.
We collect technical data automatically when you use the App. This includes your internet protocol (IP) address, cookies (please see also Section 1f), user settings, details about your browser, operating system or device, location information, internet service providers, the links you click, and other similar technical and functional data.
If you use the “Delete yeekatee account” option in the App, the functional and technical data identifying you personally will be permanently removed from our servers and the servers of our data processors. This includes your posts and references in other users’ posts (@ tag) to your profile but excludes free text references other users may have posted about you.
Server log files may contain additional functional and technical data identifying you personally, including the IP address. They will only be periodically removed, see also Section 6.
d) De-identified and aggregated data
We may analyse your data in de-identified or aggregated form to operate, maintain, manage, and improve the App and our services. This de-identified or aggregated data does not identify you personally. We may also disclose aggregated statistics to describe our products and App to current and prospective business partners and to other third parties for other lawful purposes. Furthermore, we may publicly disclose aggregated statistics regarding activities in our App and website, including investment allocations and activities.
De-identified and aggregated data will be retained on our servers even after you delete your yeekatee account.
e) Data from interaction with yeekatee
When you interact with yeekatee, for example, by e-mail, telephone, chat, or social media, yeekatee collects the data exchanged, such as your name as well as the content of your message, including the metadata of the communication.
f) Online tracking and online advertising techniques
When you visit the website, our servers automatically record certain details of your use (e.g. your IP address, the website you are visiting us from, or subpages you are visiting, including the date and duration of your usage).
Types of cookies we may use:
- Essential cookies enable core functionality such as security, verification of identity, and network management. These cookies can’t be disabled.
- Marketing cookies are used to track advertising effectiveness to provide more relevant services and deliver better ads to suit your interest. We currently don’t show you ads and don’t have advertising partners. The use of marketing cookies will require your consent.
- Functional cookies collect data to remember choices you make to improve and give a more personalized experience. The use of functional cookies will require your consent.
- Analytics cookies help us to understand how visitors interact with the website, the App, and our services, discover errors, and provide better overall analytics. The use of analytics cookies will require your consent.
g) Data from survey forms
This data is used for direct marketing, research, and development (including marketing research) and to prioritize features of the App. We may use this data to communicate with you for surveys and email newsletters. The collected data includes your email address, name, and other inputs specifically asked.
We will require your consent before you submit survey forms.
h) Email newsletter
Using your email address collected with your consent when subscribing to the email newsletter, specifically the survey forms on the webpage and the user profile in the App, we may send you an email newsletter.
The data stored for the purpose of the newsletter subscription will be stored by us until you unsubscribe from the newsletter. After you have unsubscribed from the newsletter, your data will be deleted from our servers and from Sendingblue’s servers. Data stored by us for other purposes (e.g. email addresses for the user profile in the App, etc.) remains unaffected by this.
You cannot unsubscribe to important emails regarding your yeekatee account or our contractual relationship unless you delete your yeekatee account and stop using our services.
i) Social Media interaction
j) Downloads from our website
2. Legal basis for collecting and processing your data
We process your data in accordance with the relevant data protection provisions:
a) To meet contractual obligations
Your data is processed for the purpose of concluding our contract with you.
b) Your consent
c) Legitimate interests
If required, we process your data beyond the extent necessary for the performance of the contract in order to serve our legitimate interests or those of third parties, for example:
- Ensuring IT security and IT operations;
- Asserting legal claims and defence in case of legal disputes;
- Enforce our agreements;
- Preventing and investigating criminal offences;
- Development of products and services;
- Advertising or market research, unless you have objected to the use of your data.
We also collect personal data from publicly accessible sources for customer acquisition purposes. We may combine data obtained from third parties with data that we have collected for the purposes of direct marketing.
d) Due to legal regulations
We may process your data in order to fulfil legal and compliance obligations.
We may create profiles based on your data for the purposes set out in Section 1, in particular, to continually improve the App, the website, and our services by statistical analysis and to market the App, website, and services by addressing you with offers and advertising that yeekatee deems of interest to you. For these purposes, we may combine the data.
4. Sharing of your data
5. How and where is your data stored?
Data will be transferred to locations in countries outside of Switzerland (third countries) insofar as:
- this is necessary for providing our services,
- this is required by law,
- this is necessary due to the involvement of service providers (data processors), or
- you have given us your consent.
The data outlined in Sections 1f through 1j undergoes processing and storage by the respective providers disclosed within each individual Section.
6. How long is your data stored?
We store your data as long as it is necessary for the specific purpose for which we collected it. If you use the “Delete linked accounts” option in the App, all investment data referred to in Section 1a will be permanently removed in due time from our servers and the servers of our data processors.
If you use the “Delete yeekatee account” option in the App, all profile data and investment data referred to in Section 1a, 1b, and partially 1c (including as posts) will be permanently removed in due time from our servers, and the servers of our data processors. Server log files may contain functional and technical data identifying you personally, including the IP address, that will be kept for a maximum of 3 months.
De-identified and aggregated data (Section 1d) will be retained on our servers even after you delete your yeekatee account.
We will not store cookie information from cookies (Section 1f) for longer than a maximum of 2 years. You can manually clear and block cookies in your browser settings.
7. Your data protection rights
In some cases, your data will be processed for the purposes of direct marketing. You have the right to object to the processing of your personal data for the purposes of direct marketing at any time. You also have this right for profiling, where the profiling is connected to direct marketing.
Under Applicable data protection law and to the extent provided for therein, all data subjects have the right to access, the right to correction, the right to deletion, the right to restriction of processing, and the right to object to the processing of their data. Furthermore, you have the right to submit a complaint to the responsible data protection authority.
You may withdraw your consent to our processing of personal data at any time. The withdrawal will be effective for the future but does not affect the legality of the processing of data up until the time of withdrawal. Please be aware that, in such cases, it is possible that we may no longer be able to provide you with services or maintain a business relationship. You can exercise the above rights by contacting us at the address listed above. In order to prevent misuse, we may need to identify you by means of a copy of your ID, unless identification is possible otherwise.
8. Data Security
yeekatee takes appropriate security measures in order to maintain the required security of your data and ensure its confidentiality, integrity, and availability, to protect it against unauthorized or unlawful processing, and to mitigate the risk of loss, accidental alteration, unauthorized disclosure, or access. However, security risks cannot be completely excluded in general; minimal risks are unavoidable.