Privacy Policy

Last updated: 2026-03-16

This Privacy Policy explains how BankFormats ("we", "us", "our") processes personal data in connection with the website bankformats.com and the conversion tools offered on it. We are committed to complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable European data protection laws.

1. Data controller and contact

The controller of your personal data is BankFormats. You can contact us via the contact options provided on this website (for example, the contact form) if you have any questions about this Privacy Policy or your data protection rights.

2. Processing of bank statement files

Your bank statement files (PDF, CSV, etc.) are processed securely on EU-based servers. Files are automatically deleted after conversion and are not stored permanently by us.

We act as a data processor in relation to the transaction data contained in those files only for the duration of the conversion process, in accordance with Article 28 GDPR. All processing infrastructure is located within the European Union.

3. Categories of personal data we process

Independently of your files, we may process the following categories of personal data when you use our website:

  • Technical usage data, such as IP address, browser type and version, device information, operating system, referrer URL, date and time of access, and basic interaction data (e.g. which pages are visited).
  • Communication data, such as your name, email address and the content of your message when you contact us (e.g. via a contact form or email).

4. Purposes and legal bases (Art. 6 GDPR)

We process personal data only where a legal basis applies:

  • Providing the website and tools: We process technical usage data to operate our website, ensure security, prevent misuse and improve stability (Art. 6(1)(f) GDPR – legitimate interests in providing a secure, reliable service).
  • Responding to enquiries: If you contact us, we process your communication data to answer your request and, if applicable, to take steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR) or on the basis of our legitimate interest in providing customer support (Art. 6(1)(f) GDPR).
  • Legal obligations: Where necessary, we may process data to comply with legal obligations, for example tax and accounting rules or to comply with requests from competent authorities (Art. 6(1)(c) GDPR).
  • Analytics and optimisation: Where we use cookies or similar technologies for non-essential analytics or performance measurement, this is done on the basis of your consent (Art. 6(1)(a) GDPR in conjunction with the ePrivacy rules). You can withdraw your consent at any time with effect for the future.

5. Cookies and similar technologies

We use cookies and similar technologies that are strictly necessary to provide the website and its core functions (for example, to maintain security and your language preferences). These are used on the basis of our legitimate interests in providing a functional website (Art. 6(1)(f) GDPR).

If we use additional cookies or similar technologies for analytics or optimisation, we will ask for your prior consent where required by law. You can adjust your preferences at any time via the settings made available in your browser or any consent tools we provide.

6. Recipients and international transfers

We may share personal data with carefully selected service providers who support us in hosting, operation, security and development of this website. These providers act as processors in accordance with Art. 28 GDPR and are contractually bound to process data only on our instructions and to implement appropriate technical and organisational measures.

Where such service providers are located outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place for any international data transfer, such as adequacy decisions by the European Commission or standard contractual clauses (Art. 46 GDPR).

7. Retention periods

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law. In particular:

  • Technical usage data is typically stored in log files for a short period of time for security and troubleshooting purposes and then deleted or anonymised.
  • Communication data from enquiries is generally stored for up to 12 months after the request has been fully processed, unless longer retention is required by law or for the establishment, exercise or defence of legal claims.

8. Your rights under the GDPR

As a data subject, you have the following rights under the GDPR, subject to the conditions set out in the law:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing based on Art. 6(1)(e) or (f) GDPR (Art. 21 GDPR)
  • Where processing is based on consent, the right to withdraw consent at any time (Art. 7(3) GDPR), without affecting the lawfulness of processing based on consent before its withdrawal.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, your place of work or the place of the alleged infringement (Art. 77 GDPR).

9. Obligation to provide data

You are not legally obliged to provide personal data when using our website. However, without certain technical data the website cannot be provided and we may not be able to respond to your enquiries without the relevant contact information.

10. Automated decision-making

We do not use your personal data for automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes to our services or applicable law. The latest version is always available on this page. If changes are material or require your consent, we will inform you via the website or by other appropriate means.

This Privacy Policy is a general template intended to support compliance with European data protection law. You should review it and adapt it to your specific circumstances and legal requirements.

Privacybeleid | BankFormats