left logo image
right logo image
Skip to main content Skip to main content Skip to main content Skip to main content Skip to main content Skip to main content

OBP Sandbox Privacy Policy

This policy explains what personal information we (Open Bank Project/TESOBE GmbH) collect, how it is used and shared, and what you can do with it. It applies to the API sandbox instance web sites at apisandbox.openbankproject.com, and all related web sites, downloadable software, API platform, mobile applications (including tablet applications), and other services provided by us and on which a link to this Privacy Policy is displayed, and all other communications with individuals though from written or oral means, such as email or phone (collectively, together with the Site, our "Service").

The Service is provided by TESOBE GmbH (herewith "TESOBE"); for contact details, see below.

1. Our Philosophy

  • Data Minimisation We treat your privacy seriously. We only collect the minimum personal data necessary to provide our Service. We do not sell your information or will not share it with a third party without your prior consent.
  • Data Sovereignty You own the content and data you provide to us. It’s yours, not ours, and you are entitled to access it, update it and ask us to delete it any time
  • Privacy by design Our Service, software and processes are designed with privacy in mind. We do not store your data longer than necessary and we make sure it’s easy for you to request a copy or to request that it be deleted.
  • Open by default To the extent that we can, everything we do is in the open. We strive to put our source code and processes under open source licences, free for people to review. We will inform you should there be any changes in our rules.

2. What information do we collect?

We collect different types of information from or through the Service. The most common personal information we collect is your email address. We seldom ask for your name or address unless we need it to, for example, issue an invoice. The legal base for processing your personal data is primarily our legitimate interests. We may also process data upon your explicit consent (for instance when joining our newsletter).

2.1. Information collected automatically

When you use our Service, we may automatically record certain information such as your IP address, web browser and/or device type. We also may collect information regarding your interaction with email messages we send, such as whether you opened, clicked on, or forwarded a message sent to you. This helps us understand how to improve our site and services.

2.2. Information you provide

We collect information you provide to us when you register details on our Services. We may collect and use the following kinds of personal information:

  • Information about your use of the services;
  • Information that you provide for the purpose of registering with the website (including your personal names, e-mail addresses, location, encrypted password);
  • Information that you provide for the purpose of subscribing to the website services (including your end user ID, App name, etc.);
  • Any other information that you send to TESOBE.

2.3. Information provided by others

We collect information about you from other sources such as:

  • Our partners when they recommend you or include you in communications with us including from the Bank
  • Via social media accounts of another user if your settings permit it. For example, if you are someone’s friend on Facebook and haven’t restricted the availability of your data in a common feature/app that you both use.
  • Through publicly available information and online business networks, for example: LinkedIn

If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.

2.4. Minors

While people of all ages may access our Service, we do not intentionally collect information about people under 13 years old. You must be 13 years old or over to sign up or submit any personal information through our Service. If you believe a person under 13 years old has provided us with their personal information, or have any concerns regarding this aspect of our policy, please get in touch.

3. Intend use of Personal Information

We use personal information we collect to provide our services, to improve and optimise what we do, and to protect you and TESOBE GmbH. We may use this information to:

3.1. Operate

We use the collected information to operate, maintain, enhance and provide all features of the Service, to provide the services and information that you request, to respond to comments and questions and to provide support as well as to do business with you (e.g. issue an invoice) and comply with the law (e.g. tax & employment information)

3.2. Communicate

We may use your email address to get in touch. The reason may be:

1) To inform you about our latest news through our monthly newsletter 2) Invite you to events that we or our partners organises 3) Other Administrative tasks such as customer service, surveys or right of privacy violation

You have the ability to opt-out of receiving any promotional communications as described below under "Your Rights".

3.3. Customise & Improve

We might use the collected information to understand and analyze traffic on our services in order to improve the overall experience, and to develop new products, services, feature, and functionality. We might use automatically collected information and other information collected on the Service through cookies and similar technologies to personalize our Service, e.g. to remember your login information so that you do not have to enter it again each time you log on. See our Cookie policy for further details.

4. To Whom We Disclose Information

  • We will not intentionally disclose your Personal information to any third party without your consent unless it is required by law.
  • We use third parties to process your information on our behalf but these services cannot share your data with anyone (see more information in section 8 "Third Party Access").
  • If TESOBE ceases trading, is acquired by or merged with another company, we will inform you in advance and give you the option of downloading and deleting your data.

5. Your Rights

5.1. Access, Update, Export & Deletion

If you wish to access or amend any Personal Data we hold about you, or to request that we delete, export or transfer any information about you, you may contact us as explained in the "How to Contact Us" section or email us with your request at mydata@tesobe.com. At your request, we will have any reference to you deleted or blocked in our database. It may take up to 10 days to process your request.

Please note that there are some records we are required to keep for other regulatory reasons, such as for finance, tax and employment purposes.

At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy as granted by applicable data protection laws has been infringed upon, please contact us at mydata@tesobe.com. You also have a right to lodge a complaint with data protection authorities.

5.2. Commercial Communication Opt-out

If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the "How to Contact Us" section.

6. Data Retention

We only retain the Personal Data collected from a User for as long as the User’s account is active or otherwise for only as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law. We regularly review our records to remove or anonymise data if it should no longer be retained. Some records we are required to retain by law for certain lengths of time. These include data retained for tax and employment purposes.

7. Security

We follow industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data as per our information security policy (available on request).

Some of the security measures we use include firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through public internet.

However, we cannot guarantee the total security of any information you transmit to us or which you store on the Service, and you do so at your own risk. If we are informed of a data breach we will contact the relevant authorities and those affected within 72 hours of discovery. If you believe your Personal Data has been compromised, please contact us as explained in the "How to Contact Us" section.

8. Third Party Access

To be able to deliver our Service in an proper way, we use a number of third party services who process your data on our behalf. This is to achieve such tasks as the operation of our email, the hosting of this website and management of documents. We keep an up-to-date list of these third parties that we can share with you should you request it. Some of those third parties include: PipeDrive, MailChimp, Google and Slack.

These third party services are not permitted to share your data with anyone. Most of the websites and services we operate are hosted in Germany; where a company is not based in Germany or the European Economic Area (EEA), or where data may be transferred outside the EEA, we have put in place agreements to ensure that your data is processed as per applicable European law.

9. Cookie Policy

We use automatically collected information and other information collected on the Service through cookies and similar technologies to manage sessions and personalize our Service, such as remembering a User’s or Visitor’s information so that the User or Visitor will not have to re-enter it during a visit or on subsequent visits. The cookies we collect are:

  • strictly necessary/essential cookies - These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for cannot be provided. These cookies don’t collect information that identifies you.
  • performance cookies - These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies you. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
  • functionality cookies - These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and to provide enhanced, more personalised features.

10. Changes to Privacy Policy

When we make changes to this policy we will inform registered users and our customers before changes take effect. The date at the bottom of this page will also be updated to reflect the effective date of any changes. We will also archive the older version of the policy.

11. How to Contact Us

TESOBE is the company behind the Open Bank Project. You can contact us via:

TESOBE GmbH
Osloer Strasse 16/17
D-13359 Berlin, Germany
Tel. +49 (0)30 8145 3994

X/Twitter: @OpenBankProject

Email: contact@tesobe.com

For any data privacy issue or query about this privacy policy, please email mydata@tesobe.com

Last update: May 3, 2024

Annex I - List of Sub-processors

TESOBE uses a range of third party Sub-processors to assist it in providing the Service (as described in the Privacy Policy). These Sub-processors set out below provide cloud hosting and storage services; content delivery and review services; assist in providing customer support; as well as incident tracking, response, diagnosis and resolution services.

Entity Name Corporate Location
Amazon AWS USA
Eventbrite USA
GitHub USA
Google USA
Hetzner Germany
MailChimp USA
PipeDrive USA
VarioMedia Germany