Privacy Policy
Last Updated: May 01, 2022

This Privacy Policy ("Privacy Policy") describes how Cashbake UG ("Cashbake," "us," "we," or "our") collect, use, and share personal information in connection with our website at, and any other websites or digital properties that we operate and that post a link to this Privacy Policy (collectively, the "Site"), our mobile applications (collectively, the "App") our email communications, our card acceptance devices (each, a "Terminal"), and other products and services (together, the "Services").

1. What personal information we collect

1.1. Personal Information. The following are categories (with non-exhaustive examples) of personal information we may collect about you:

  • Online and device data (e.g. your IP address, device ID, computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, and general location information such as city, state or geographic area)
  • Identification data (e.g. your name, ID number/passport, proof of address, phone number, e-mail address, username and profile information)
  • Business data (e.g. your company name and date of creation of the company, legal form, business type, proof of business, the directors and ultimate beneficial owners, VAT number, bank statement)
  • Financial data (e.g. your bank account numbers, credit rating and report, financial history, share capital and account balances)
  • Audio data (e.g. customer service call recordings)
  • Marketing data (e.g. your preferences for receiving marketing communications)

1.2. Sources of personal information. We obtain the categories of personal information listed above via the following categories of sources:

Personal information you provide. Cashbake collects personal information when you voluntarily submit it to us. For example, we may collect or receive personal information when you create an account on the Services, register with us as a merchant, sign up to receive our promotional communications, use or access the Services through the Site or the App, submit a request to our customer service team otherwise interact with us.

Automatic Collection. Cashbake may indirectly collect other information from you automatically through the Services. For example, we receive personal information when you navigate to the Site, install and use the App, enable location-based features on the App. We, our service providers and our partners may also collect personal information about you over time and across different websites, apps, and devices and on the Services. Like many online companies, we collect some personal information automatically using cookies or other online tracking technologies as described in our Cookie Policy.

Third Parties. Cashbake may receive personal information about you from other third party sources. For example, we receive personal information from our affiliates, business partners, social media sites, or companies that provide personal information to supplement what we already know about you (including identity verification companies and data providers). We may merge or combine such personal information with the other personal information we collect about you.

2. How we use your personal information

We use information that we collect about you or that you provide to us, including any personal information:
  • To provide our products and services to you, including to process your orders and transactions.
  • To provide you with information, products, or services that you request from us.
  • To set up, maintain, customize, and secure your account, including verifying your age, date of birth, and place of residence.
  • To enable a merchant registration, including verifying your business data, financial information, criminal history and other information we may be required to process for compliance with anti-money laundering and other laws and fraud prevention.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
  • To improve our products and services.
  • To present our Site and its contents to you, including facilitating navigation and more effectively displaying information.
  • To support and personalize our services, websites, mobile services, and advertising, and to remember your preferences.
  • To protect the security and integrity of our services, content, and our business.
  • To comply with applicable legal or regulatory requirements and our policies, and to protect against criminal activity, claims, and other liabilities.

3. Disclosure of your information

We may disclose personal information that we collect or you provide as described in this policy:

  • To our subsidiaries and affiliates.
  • To contractors, service providers, and other third parties we use to support our business who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
  • To a potential buyer or other successor (and its agents and advisors) in the event of a proposed merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of assets, provided that we inform the recipient it must use your personal information only for the purposes disclosed in this policy.
  • To fulfill the purpose for which you provide it.
  • For any other purpose disclosed by us when you provide the information.
  • With your consent.

We may also disclose your personal information:

  • To comply with any court order, law or legal process, including to respond to any government or regulatory request.
  • To enforce or apply our terms of use and other agreements, including for billing and collection purposes.
  • If we believe disclosure is necessary for the purposes of fraud protection.

4. International transfers

Personal information collected through this Site may be transferred to, and processed in, other countries that might not, to the extent legally permissible, provide an equivalent level of protection as the data protection laws in your home country. We have taken appropriate safeguards, however, to require that your personal information will remain protected in accordance with this policy. These include use of standard data protection clauses adopted by supervisory authorities and approved by the European Commission to safeguard transfers, as well as other contractual protections.

5. Security

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. We maintain commercially reasonable administrative, technical and physical safeguards (which vary depending on the sensitivity of the personal information) designed to protect against unauthorized use, disclosure or access of personal information.

6. Your rights

You have the following data protection rights:

  • If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us as described below.
  • In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information. Again, you can exercise these rights by contacting us as described below.

Opt-Out of marketing communications. You have the right to opt out of marketing communications we send you at any time. You can exercise this right by clicking on the "unsubscribe" or "opt-out" link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us.

Withdraw consent. Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Right to lodge a complaint with a supervisory authority. Finally, you have the right to complain to a supervisory authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

We respond to all requests from individuals to exercise their data protection rights in accordance with applicable law.

7. Contacting us

If you have questions or concerns about our Privacy Policy or any other privacy or security issue, or wish to request to exercise one of the rights described in this Privacy Policy, please contact us by email at or at the address below:

Cashbake UG
Pappelallee 78/79
10437 Berlin

8. Updates

We may change this Privacy Policy from time to time by posting the updates to this page. We advise you to review this page regularly to stay informed and to make sure that you keep up to date with any changes. If we make material changes to this Privacy Policy, we will post those changes to this Privacy Policy and update the "Last Updated" date above. If required by law, we will notify you about material changes by email, through posting a notification when you log into our website or when you open our mobile application, or through another manner that is reasonably expected to reach you.


If you wish to withdraw your consent for data processing for marketing purposes, please enter your email address and send to confirm.


Privacy Policy

Of Nordigen’s website and services

Last Updated on 1st December, 2021

This privacy policy explains how Nordigen uses the personal data that is collected from You once You access or use website and services available on this website and all related subdomains, including ( Open Banking Portal) ( hereinafter - Services).


Services are provided by SIA "Nordigen Solutions", a private limited liability company registered under the laws of the Republic of Latvia, company registration number 40103982535 (hereinafter referred to as Nordigen, we or us). Nordigen is committed to protect your personal data and to respect your privacy. By accessing and using the Services You agree to the data processing practices described in this Privacy Policy.


"Applicable data privacy laws" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the GDPR ) or any national or internationally binding data privacy laws or regulations that may be applicable at any time during the term of this Privacy Policy.

"Data Controller" means the natural or legal entity/entities which determines the purposes and means of the processing of Personal Data;

"Data Processor" means the legal entity processing Personal Data on behalf of the Data Controller(s);

"Personal Data" means any information relating to an identified or identifiable natural person;

"Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Services" means Open Banking Portal.

"You" or “User” means You or the legal entity You represent.

“Account Information” means information relating to payment accounts.

"Account Information Service" means a service which enables to access, view or share (where relevant) information relating to payment accounts.

“Account Servicing Payment Service Provider” means an entity which provides and maintains a payment account for a payer.

“Nordigen Partner” means a third party, for example bank, credit institution or other service provider, which requires Your Account Information via Nordigen Account Information API to provide You services.


This Privacy Policy applies when You visit Nordigen’s website or access and use the Services.

If You are an end-user of Nordigen’s Account Information Service or You have connected Your bank account to Open Banking portal please refer to our End-User Privacy Policy

This Privacy Policy does not apply to services provided to You by Nordigen Partners. Such services may be subject to Nordigen’s Partner terms and conditions and privacy policies.


If You are Open Banking Portal user

Types of personal data we are Processing

Purpose of Processing

Lawful basis of Processing

Registration and login data (including email, information on company You work for)

To provide Services; to carry out customer support and Service maintenance

Performance of contract between You and Nordigen

Email, first name, last name, IP address, client/account ID, personal identity code and other information provided by You or obtained by performing Services

User identification and administration; to investigate any fraud, illegal activity or wrongdoing in connection with the Services; to conduct any due diligence required for us to provide You Services

To comply with our legal obligations (including regulatory requirements that we are subject to)

Contact details (including email, first name, last name, address, phone number and other data provided by You)

To contact You send You relevant information regarding Services and personalized offers;

Your consent

Contact details (including email, first name, last name and other data provided by You)

To record Your feedback and inquiries for the purpose of improving Services

Our legitimate interest in ensuring that we can provide You with the Services and to continuously improve our Services

If You are visitor of Nordigen website

Types of personal data we are Processing

Purpose of Processing

Lawful basis of Processing

Contact details (including email, first name, last name, address, phone number and other data provided by You)

To contact You and send You relevant information regarding Services and personalized offers;

Your consent


Nordigen collects information You voluntarily provide us via website or by registering and using the Services. Information You provide when registering to use our Services is mandatory to enter into a contract with Nordigen and for Nordigen to be able to provide You the Services. In case You don’t provide the required information we may not be able to provide You the Services.

When You use the Open Banking Portal and connect Your bank account, we obtain Account Information from Your Account Servicing Payment Service Provider. When You add additional users under Your Open Banking Portal account, we obtain email address and name of the users You have added directly from You.

Nordigen may also collect data we obtain from cookies. Information on how Nordigen uses cookies or similar tracking technologies is described in Cookie Policy


In general, Nordigen only keeps Your Personal Data for the time necessary to fulfil the purpose of collection or further Processing, namely providing the required Services.To determine data retention periods Nordigen takes into account:

  • whether Personal Data is processed based on Your consent;
  • our legal obligations under applicable law;
  • our contractual obligations and rights;
  • our legitimate interests;
  • potential disputes, necessity to be able to investigate any fraud, illegal activity or wrongdoing in connection with the Services;

Where Personal Data is processed based on Your consent, Personal Data is deleted after you have withdrawn Your consent or unsubscribed to receive relevant information. You can withdraw Your consent at any time by sending an e-mail to: or by clicking ‘unsubscribe’ where such option is present.

You can delete Your Open Banking Portal account and the Personal Data You have provided to Nordigen at any time, by clicking ‘delete account’. Please note that Nordigen still may keep log data and other Personal Data associated with Your account up to 5 years after deletion of Your account to fulfil applicable legal obligations.


Nordigen would like to make sure You are fully aware of Your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request Nordigen for copies of Your personal data.

The right to rectification – You have the right to request that Nordigen correct any information You believe is inaccurate. You also have the right to request Nordigen to complete information You believe is incomplete.

The right to restrict Processing – You have the right to request that Nordigen restrict the Processing of Your personal data.

The right to data portability – You have the right to request that Nordigen transfer the data that Nordigen has collected to another organization or directly to You.

Where Personal Data is Processed for direct marketing purposes or Processing is based on our legitimate interests, You have the right to object to such Processing.

If You make a request, Nordigen will answer You within one month. If You would like to exercise any of these rights, please contact us at our email:

In case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, Nordigen is entitled to charge an administrative fee. In such cases You will be notified thereof beforehand.


Your Personal Data may be accessed and Processed only by authorized Nordigen employees in connection with provision of Services. All authorized employees are under confidentiality agreements with a legitimate need to process personal data for the Processing purposes stated in this policy.

We have also engaged multiple suppliers and vendors as Data Processors to help us provide You Services, e.g. cloud service providers, client relations management service providers, email service providers, payment processors etc. Nordigen will be responsible for the correct Processing of Your Personal Data according to Nordigen’s instructions given to such Data Processors and Applicable data privacy laws.

Your Personal Data may be disclosed if it is required by the Applicable data privacy laws or competent authority in order to fulfil Nordigen's legal obligations.

Your Personal Data will not be transferred or stored in countries outside of the European Economic Area / European Union unless there are legal grounds for such transfer and there is an adequate level of data protection.


In order to protect Your Personal Data, Nordigen has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the Processing and the nature of the Personal Data being processed. Organisational measures include restricting access to the Personal Data solely to authorised persons under confidentiality agreements with a legitimate need to process Personal Data for the Processing purposes stated in this policy.


Nordigen keeps this privacy policy under regular review and places any updates on this web page. Nordigen will inform You about substantial changes to this privacy policy via Nordigen’s website, via email or other means of electronic communication. Nordigen has the right to change this privacy policy solely at any time.


If You have any questions about this privacy policy, the data Nordigen holds on You, or You would like to exercise one of Your data protection rights, please do not hesitate to contact our data protection officer:


Address: Ģertrūdes str. 44A, Riga, Latvia, LV-1011


Should You wish to report a complaint or if You feel that Nordigen has not addressed Your concern in a satisfactory manner, You may contact the Data State Inspectorate of the Republic of Latvia.

Phone: +371 67223