Skip to content

Mambu Privacy Notice

At Mambu, we are committed to protecting your personal data and your privacy. To ensure that you can make informed decisions, please read this Privacy Notice. It will help you understand how we use your Personal Data, who we share it with, for what purposes, and the privacy choices you have.

Introduction

This Privacy Notice (“Notice”) applies to the Personal Data that Mambu B.V., its subsidiaries, and affiliates located worldwide (“Mambu,” “we,” or “us”) collect through mambu.com and other websites (i.e. support.mambu.com, my.mambu.com, community.mambu.com, api.mambu.com, partners.mambu.com, twitter.com/mambu_com, xing.com/companies/mambu?sc_o=da980_e, linkedin.com/company/mambu, facebook.com/pg/mambucloud, youtube.com/channel/UC0vXbn7DBeCVXTD1GmYZd2A, instagram.com/life_atmambu, academy.mambu.com), applications, products, and services (collectively “Services”) owned or controlled by Mambu.

When we refer to “Personal Data” in this Notice we mean any information relating to an identified or identifiable individual. This includes, for example, names or identification numbers.

Mambu offers a Software-as-a-Service (SaaS) cloud banking platform. As such, our Customers will typically act as data controllers for the Personal Data related to them or the Personal Data that they or third parties upload in our systems, products, and applications in connection with the provision of our Services. Mambu will typically act as a data processor in accordance with applicable Service and/or data processing agreements (“Service Agreement/s”). Further information, including specific obligations of the data controller and processor, can be found in the Agreements.

You will typically interact with Mambu as an individual affiliated to Mambu Customer (or prospective Customer), Partner or Service Provider. This Notice aims to inform you about how we collect, use, disclose and store Personal Data when you:

  • Use our websites, including when you download materials from our Insights Hub;
  • Register to receive emails about Mambu products, services, and events;
  • Use any of our Services in any manner.

If you have applied for a position at Mambu, please refer to our job applicant privacy notice at: https://mambu.com/legal/job-applicant-privacy-notice.

1. Personal Data we collect

We will collect and process some or all of the following Personal Data about you:

(a) Your contact information

The contact details you choose to share with us such as your name, work email, job title, company name, country.

(b) Information about the use of our Services

We receive and store the Personal Data you provide us with when using our Services.

For example, if you are an authorised user of our Customer you would need to provide us with your personal details such as name, user name, email address, password, to be registered at my.mambu.com and use all functionalities of our platform.

We may collect and store media, documents, or other information you provide to us. We collect commercial information, such as records of the purchased Services or information related to requests for demos.

We keep track of user activity in relation to the types of Services our Customers and their authorised users use, the configuration of their computers, and performance metrics related to their use of the Services.

We log information about our Customers and their authorised users when they use one of our Services, including their IP addresses.

(c) Your use of our websites and social media platforms

We collect and process details of your visits to our websites, your use of social media platforms and other information collected through cookies and other tracking technology including information that you look at. We may also collect information about you that is publicly available online, including your social media profiles.

(d) Our interactions with you

We will keep a record of our interactions with you such as an email exchange with our support agents, any interactions you have with our employees or representatives (including during trade fares) or any interactions with us or posts that refer to us on social media.

While using the Services, you may be asked to provide feedback (e.g., in the software directly or after receiving help from our support team). Providing this feedback is entirely optional.

(e) Any information you choose to share with us

We may collect Personal Data that you choose to provide to us, for example, on our “Contact us” online form or when you register for events. If you contact us through our websites, we will keep a record of our correspondence.

2. Cookies

Mambu stores so-called "cookies" in order to offer you a comprehensive range of functions and to make the use of our websites more convenient. Cookies are small files that are stored on your computer with the help of your Internet browser. If you do not wish the usage of "cookies", you can prevent the storage of cookies on your computer by appropriate settings of your Internet browser. Cookies that are already stored, can be deleted at any time, this can also be done automatically.

3. Why we collect and use your Personal Data

When you share Personal Data with us, you allow us to provide you with our Services and make them better. Here are the ways we may use your Personal Data:

(a) To provide our products and Services

We process your Personal Data to provide our Services (e.g. if you are an authorised user of our Service) and to meet our responsibilities under the applicable Customer Service Agreement. Generally processing of Personal Data in this context is necessary to execute our Service Agreement/s.

Insofar as we collect and process your data for the purpose to provide the functionalities of our platform and Services, as described above, you are contractually obliged to provide this data, as we are simply not able to provide our Services to you or gain access to the platform without that.

We may process Personal Data to assess the capacity requirements of our Services to the extent that it is in our legitimate interest to ensure that we are meeting the necessary capacity requirements of our service offering.

If you have provided financial information to us, we process your Personal Data to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with our customer to whom you may be affiliated.

If we have not entered into a Service Agreement/s, we base the processing of your Personal Data on our legitimate interest to operate and administer our Services and to provide you with content you access and request (e.g., to download content from our websites).

(b) To provide customer support

Whenever you request support, we may use Personal Data to investigate and resolve the case and further communicate with you on your request. While providing you with customer support we process Personal Data to perform our Service Agreement and to the extent it is necessary for our legitimate interest in fulfilling your requests and communicating with you.

(c) To communicate with you

If you share your contact details with us, e.g by completing the “Contact Us” form on our website or share them with a Mambu representative at a trade fair, we will process Personal Data to register your details in our customer management system and contact you based on your request, which is in our legitimate interest.

If you have consented to receive emails about Mambu products, Services, and events, we will process your Personal Data for marketing purposes, in line with the consent you have provided us, as explained in more detail in Section 4 below.

If you interact with us on our social media pages, we will process your Personal Data as joint controllers with the social media provider and to respond to your request and record the interaction. This is our legitimate interest, to ensure that we respond to your demands and feedback and improve our Services and service offering.

(d) To improve our Services and service offering

We may collect customer feedback through surveys, which may include your Personal Data. We may also conduct market research. We may use the Personal Data to assess new potential customer opportunities. We process your Personal Data to analyse trends and to track your usage of and interactions with our websites and Services.

We carry out these activities by seeking your consent or to the extent they are necessary to meet our legitimate interests to ensure that we continuously improve our customer experience and service offerings.

(e) To present you with personalised ads and content

We process your Personal Data to conduct market research, advertise to you, provide personalised information about us on and off our websites and to provide other personalised content based upon your activities to the extent it is necessary for our legitimate interest in advertising our websites or, where necessary, to the extent you have provided your prior consent.

(f) Promoting the security of our Services

We use your Personal Data to monitor the use of our websites and Services, verifying accounts and user activity, investigating suspicious activity, and enforcing our information security policies. We carry out these activities pursuing our legitimate interest in promoting the security of the Services, websites, systems, applications and premises, and in protecting our rights and the rights of others.

(g) To comply with our legal obligations and for legal and administrative purposes

To comply with our legal and regulatory obligations and for legal and administrative purposes such as, verifying and processing payment, screening against fraud, money laundering and other criminal or unlawful activities, accounting, billing and audit purposes, developing, maintaining and testing our systems, and for understanding, exercising, enforcing or protecting our legal rights and those of others.

4. Marketing

We may use Personal Data for marketing and promotional purposes, including (i) for sending or showing you updates on latest news, offers and promotions in connection with our products and Services (ii) for sending or showing you joint marketing offers about our platform, for example together with our partners such as system integrators, consultants and technology partners; or (iii) for tailoring and tracking your interactions with internet banner advertising and links from our websites, newsletters and third party websites.

We may also use Personal Data to analyse our Prospects’, Customers’, Partners’ or Service Providers’ preferences and market trends and derive insights, which we may use to tailor the types of products and offers that we present to you. This may involve combining Personal Data that we hold about your use of our Services with information that we have collected about your web usage. We may also combine information that we have collected about you with information that we have collected about our other individuals affiliated to our customers in order to derive these insights and establish market trends. We also use advertising services and products provided by third party service providers (such as marketing agencies and social media platforms) for marketing and promotional purposes, which may involve us sharing Personal Data that we hold about you with them.

We may communicate marketing, promotions and research invitations to you and, as appropriate and where required, we will ask you for your consent, or otherwise provide you with the opportunity to choose not to receive marketing.

We will provide an option to unsubscribe or opt out of further communication on the direct marketing communication sent to you. You may also opt out by contacting us as set out in Section 9 below.

5. How do we share and disclose Personal Data to third parties?

In certain circumstances, we will disclose your Personal Data to third parties as described below:

(a) Our Service Providers and Mambu Affiliates who process Personal Data on our behalf for the purposes described in Sections 3 and 4

We will permit our third party Service Providers, including agents, contractors and Mambu Affiliates, to use your Personal Data on our behalf for the purposes set out in Sections 3 and 4. Examples of such third parties include customer relationship management providers, web analytics services, partner relationship management, payment processing providers, email service providers, information security service providers and others.

(b) Our third party partners, for marketing purposes

We may disclose your Personal Data to third parties so they can provide marketing services or conduct marketing or social interaction activities on our behalf such as campaigns, contests, sweepstakes, market research, customer surveys and data analytics to help us improve and tailor our marketing activities, and Services.

Subject to us having obtained appropriate consent from you, we may also disclose your Personal Data to our third party marketing partners and they may market their products and services to you.

(c) Our Customers or Mambu Partners and Service Providers with whom your are affiliated

If you are an authorised user of Mambu’s Services as an individual affiliated to Mambu Customer, Partner or Service Provider we may share your usage information, including your Personal Data with the affiliated Customer or Service provider or Partner, responsible for your access to the Services to the extent this is necessary for verifying accounts and activity, investigating suspicious activity, or enforcing our terms and policies.

(d) Third party networks and websites

Subject to us having obtained appropriate consent from you, we may share your Personal Data with third-party social media networks, advertising networks and websites, so that Mambu can market and advertise on third party platforms and websites.

(e) Event sponsors

When you attend an event organised by Mambu, we ask your preferences on sharing your contact details with the event sponsor. Subject to having obtained appropriate consent from you, we may share your contact details (such as your name, job title, email address, company name, and phone number) with the event sponsor. If you’d like to opt-out of sharing your details with sponsors, you can always do so either at the time of registration or by reaching out to us at dataprivacy@mambu.com.

(f) Business transfers

We may choose to buy or sell assets and may share and/or transfer Customer information, including Personal Data, in connection with the evaluation of and entry into such transactions and based on our legitimate interests.

Also, if we or our assets are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Data may be one of the assets transferred to or acquired by a third party.

(g) Mambu Affiliates

We may also share your Personal Data with Mambu Affiliates for purposes consistent with this Notice and based on our legitimate interests.

(h) Government and regulatory bodies and other individuals, bodies and organisations

Under certain circumstances, we may be required to disclose Personal Data in response to valid requests by public authorities, based on our legitimate interests or legal obligations.

We may also disclose Personal Data to individuals, bodies and organisations for reasons of safety and security, to enable us to provide our Services and otherwise for legal and administrative purposes. Such individuals, bodies and organisations include law firms, accounting companies, consultants, banks, insurers, etc.

6. International Transfers of Personal Data

As a global company Mambu and its Affiliates and third parties as described in Section 5, may collect, transfer, process, and store your Personal Data in different jurisdictions such as the European Economic Area, United Kingdom, United States of America, United Arab Emirates, Brazil, Mexico, Singapore, Australia.

Therefore, Personal Data may be processed outside your jurisdiction, including in countries and jurisdictions that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction. We are committed to maintaining appropriate technical and organisational measures to ensure an adequate level of protection and security of your Personal Data as required by the applicable regulators or legislators.

7. Transmission, storage, and processing of your Personal Data securely

7.1 Security

All Personal Data we collect about you is stored on our or our subcontractors’ secure systems. We comply with our security policies and standards when accessing or using this information and restrict access to your Personal Data to those persons who need to use it for the purpose(s) for which it was collected.

No data transmission over the Internet, a website, or via email or other message service, and no data processing or storage can be guaranteed to be secure from manipulation,  disclosure, or unavailability. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your Personal Data in accordance with the requirements of the relevant data protection legislation, including encryption, and backups.

You are responsible for keeping any information that we send to you confidential and for complying with any other security procedures that we notify you of. In particular, where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, we ask you not to share a password with anyone.

7.2 Retention period

We will retain your Personal Data for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose (for example where we are required to retain Personal Data for longer than the purpose for which we originally collected it in order to comply with certain regulatory requirements). Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised (and the anonymised information will be retained) or securely destroyed.

8. Your privacy rights

8.1 Access

You can obtain from Mambu a confirmation as to whether or not your Personal Data is being processed, and a copy of the relevant Personal Data undergoing processing.

8.2 Rectification

You can ask us to have inaccurate or outdated Personal Data amended.

8.3 Other Privacy Rights

Based on data protection laws in your country, you may have certain additional rights in relation to your Personal Data as listed below. Please be aware that certain exceptions apply to the exercise of these rights and so you will not be able to exercise these in all situations.

(a) Erasure

In certain circumstances, you can ask us to erase Personal Data and we will take reasonable steps to inform other controllers that are processing the data that you have requested the erasure of any links to, copies or replications of it.

(b) Withdrawal of consent

You can withdraw any consents to processing that you have given us and prevent further processing if there is no other ground under which Mambu can (and does) use to justify the processing of your Personal Data.

(c) Restriction

You can require certain Personal Data to be marked as restricted whilst your complaints are resolved and also restrict processing in certain other circumstances.

(d) Portability

You can ask us to transmit the Personal Data that we process about you to a third party electronically.

(e) Prevent processing

You can require Mambu to stop any processing based on the legitimate interests ground unless Mambu’s reasons for undertaking that processing outweigh any prejudice to your data protection rights.

(f) Profiling

In connection with our marketing activities, we analyse some of the information that we collect about our customers (together with information about customers that we collect from partners and other parties) to determine what offers are most likely to be of interest to different categories of customers in different circumstances and at different times.

You have the right to opt out of our direct marketing, and the underlying analysis of your Personal Data that we use to tailor the direct marketing that we send to you, at any time.

9 Contacting us

9.1 Should you need any support in regards to your privacy rights, or any questions about the measures taken by Mambu to ensure the protection of the Personal Data you share with us, please do not hesitate to contact our Data Protection Officer at dataprivacy@mambu.com or write to us at the below mailing address:

Data Protection Officer, Mambu Tech B.V., Piet Heinkade 55, 1019GM, Amsterdam, The Netherlands

9.2 If we are unable to resolve an inquiry or a complaint, you have the right to contact the data protection authority in the country in which you are based.

10. Changes to this Notice

We are constantly trying to improve our Services, so we may need to change this Notice from time to time. We will alert you about material changes by, for example, placing a notice on our Websites. You are responsible for periodically reviewing this Notice.

Access it here

View imprint