C2Bank's

My Account

Privacy Policy

C2Banks.com – Privacy Policy

Effective Date: October 2025
Website: https://c2banks.com
Controller: Novo Capital S.r.o
Company Number: 19386389
Registered Office: Cimburkova 916/8, Žižkov, 130 00 Prague 3, Czech Republic
Email: privacy@c2banks.com

1. Introduction

This Privacy Policy explains how C2Banks / Novo Capital S.r.o (“C2Banks”, “we”, “our”, or “us”) collects, uses, shares, and protects your personal information when you visit our website, create an account, or use any of our financial, payment, or crypto-fiat services (“Services”).

C2Banks is committed to protecting your privacy and complying with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Czech Data Protection Act, and other applicable data-protection laws.

2. Data Controller and Contact

The data controller for your personal data is:
Novo Capital S.r.o, Cimburkova 916/8, Žižkov, 130 00 Prague 3, Czech Republic
📧 privacy@c2banks.com

For certain regulated activities (such as IBAN, payment card, or e-money services), C2Banks may act as a joint controller or data processor in partnership with licensed financial institutions (e.g., Era Finance Ltd, Bankera, or other EMIs). In such cases, data protection responsibilities are shared according to GDPR Article 26.

3. What Personal Data We Collect

We collect and process personal data that you voluntarily provide or that we obtain automatically when you use our Services.

(a) Information You Provide Directly

  • Identity data: full name, date of birth, nationality, gender, ID/passport details, tax ID, photos or videos for verification.

  • Contact details: email, phone number, address, and country of residence.

  • Account data: username, login credentials, security questions, authentication tokens, 2FA settings.

  • Financial information: IBAN, card numbers, wallet addresses, account balances, transaction details.

  • Verification data (KYC/KYB): proof of address, business registration documents, ownership details, source of funds/wealth, declarations.

  • Customer support data: inquiries, messages, complaints, or feedback.

  • Marketing preferences: newsletter subscriptions, referral participation, and event registrations.

(b) Information Collected Automatically

  • Technical data: IP address, browser type/version, operating system, device identifiers, language, and location (approximate).

  • Usage data: pages visited, time spent, clickstream data, login timestamps, referral URLs.

  • Cookies and tracking: data stored via cookies, pixels, or analytics tools (see Section 11).

(c) Information from Third Parties

We may receive data from:

  • Verification providers (e.g., SumSub, Onfido);

  • Payment or card partners;

  • Public registers or sanctions databases;

  • Marketing or referral partners (if you joined through an affiliate link).

4. Purpose and Legal Basis of Processing

We process your personal data only where legally permitted. The main purposes and bases are:

PurposeLegal Basis
Account registration, KYC/KYB verificationPerformance of a contract; Legal obligation (AML laws)
Providing banking, card, crypto, and payment servicesPerformance of a contract
Processing and verifying transactionsLegal obligation; Legitimate interest (fraud prevention)
Communication and customer supportLegitimate interest; Contract performance
Compliance with AML/CFT, sanctions, tax, and financial regulationsLegal obligation
Security monitoring, fraud and abuse detectionLegitimate interest
Marketing communications (email, SMS, Telegram, etc.)Consent
Analytics and service improvementLegitimate interest
Legal claims, audits, and risk managementLegal obligation; Legitimate interest

5. How We Use Your Information

We use personal data to:

  • Create and maintain your C2Banks account.

  • Verify your identity and prevent fraud.

  • Execute your transactions, transfers, and card operations;

  • Manage account limits, fees, and authorisations;

  • Provide customer service and respond to requests;

  • Enforce our Terms and Conditions and legal rights;

  • Send important updates, alerts, and policy changes;

  • Customise your user experience and display relevant offers.

  • Comply with anti-money-laundering, counter-terrorist-financing, and sanctions screening laws.

6. Data Sharing and Disclosure

We share data only when necessary for lawful purposes. Recipients may include:

  1. Service providers & processors:

    • KYC/AML verification firms (e.g., SumSub, Veriff);

    • Cloud hosting, IT, and cybersecurity providers;

    • Payment gateways, card issuers, and banking partners.

  2. Partner institutions:
    When services (e.g., IBANs, cards, crypto swaps) are issued or maintained by partner EMIs or PSPs, your data is shared with those licensed entities under data-sharing agreements.

  3. Regulatory and governmental authorities:
    When required by law or regulatory request (e.g., AML, tax, sanctions enforcement).

  4. Affiliates and business partners:
    Where you join through a referral or marketing link.

  5. Legal entities:
    If we are involved in a merger, acquisition, or restructuring, your data may be transferred under confidentiality safeguards.

We do not sell personal data to third parties.

7. International Data Transfers

Personal data may be transferred outside the EU/EEA (e.g., to service providers or partners in other jurisdictions).
When doing so, we ensure appropriate safeguards under GDPR Chapter V, such as:

  • Adequacy decisions by the European Commission;

  • Standard Contractual Clauses (SCCs); or

  • Binding corporate rules.

8. Data Retention

We retain data only as long as necessary for the purpose collected or required by law:

  • KYC/AML data – minimum 5 to 10 years after account closure (per AML laws);

  • Transaction and accounting data – 10 years;

  • Marketing and analytics data – until withdrawal of consent or inactivity for 24 months;

  • Technical logs – up to 12 months.

When data is no longer required, it is securely deleted or anonymised.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.

  • Rectification: Correct inaccurate or incomplete data.

  • Erasure (“Right to be forgotten”): Request deletion, where legally permissible.

  • Restriction: Request limited processing in certain circumstances.

  • Portability: Receive your data in a structured, machine-readable format.

  • Objection: Object to processing based on legitimate interests or direct marketing.

  • Withdraw consent: At any time, for processing based on consent.

Requests can be submitted to: privacy@c2banks.com.
We may require proof of identity before fulfilling your request.

You also have the right to complain to the Office for Personal Data Protection of the Czech Republic (ÚOOÚ) or your local supervisory authority.

10. Data Security

We implement industry-standard technical and organisational measures to protect your information, including:

  • TLS/SSL encryption;

  • Encrypted databases and backups;

  • Firewalls, DDoS mitigation, and monitoring;

  • Access control and multi-factor authentication;

  • Regular security audits and penetration testing.

Despite these measures, no system is fully secure. Users are responsible for maintaining the confidentiality of their login credentials.

11. Cookies and Tracking Technologies

C2Banks uses cookies and similar technologies to:

  • Enable essential website functions;

  • Analyze traffic and usage (Google Analytics, Matomo, etc.);

  • Personalise content and ads;

  • Remember your preferences.

You can manage or disable cookies in your browser settings.
For detailed information, refer to our Cookie Policy (available on the website).

12. Marketing Communications

With your consent, we may send you emails, SMS, or Telegram/WhatsApp notifications about C2Banks updates, promotions, or partner offers.

You can unsubscribe at any time via the link in the email or by contacting privacy@c2banks.com.
We do not send unsolicited marketing messages.

13. Automated Decision-Making

In limited cases, we may use automated systems (e.g., during AML screening or risk scoring) to comply with legal obligations.
We ensure human review is available upon request, and you may contest automated decisions by contacting us.

14. Children’s Privacy

C2Banks services are intended for users aged 18 and above.
We do not knowingly collect or process data from individuals under the age of 18. If we become aware of data collected from a minor, we will delete it immediately.

15. Changes to this Privacy Policy

We may update this Policy periodically.
Any changes will be published on https://c2banks.com/privacy with a revised “Last Updated” date.
Significant changes will be communicated via email or platform notification.

16. Contact Us

For questions or data-protection concerns, contact:
📧 privacy@c2banks.com
📍 Novo Capital S.r.o
Cimburkova 916/8, Žižkov, 130 00 Prague 3, Czech Republic