Your privacy is important to Bango. This privacy policy sets out what personal data Bango holds about you, why, and how Bango processes that data.

Most of the personal data Bango processes is obtained and processed through the Bango Platform. The Bango Platform enables online stores to charge their customers’ online purchases and subscriptions to integrated payment providers, such as mobile network operators. But, there are other reasons why Bango holds and processes personal data. This privacy policy explains what personal data Bango holds and why, how it is processed, stored and kept secure. It also explains your rights in relation to your personal data.

This policy applies to Bango Plc, “Bango” and its subsidiary companies Bango.net Limited, Bango Inc, Bango KK and Bango Movil SLU. Most data is collected, stored and processed by Bango.net Limited, the main trading company of the group, which is headquartered in Cambridge, UK. Bango therefore complies with UK and EU privacy laws, including GDPR. All Bango companies, whether based within or outside of the EU, comply with these laws and this Privacy Policy, ensuring you get the highest levels of data privacy and security.

What personal data does Bango collect?

Personal data is information about an individual that may be used to identify that individual. Depending on the circumstances in which Bango interacts with you and how you interact with Bango or the Bango Platform, for example customer, end user or shareholder, Bango collects a variety of personal data, including:

  • Name and contact data: your first, middle and last name, email address, postal address and phone number(s).
  • Transaction data: merchant products or services purchased and subscribed for, as well as attempts at purchase or subscription.
  • Payment data: payments made by you or to you for merchant products or services purchased and subscribed for through Bango’s payment providers partners (such as mobile network operators, wallet providers and resellers).
  • Payment provider account information: including the identity of your payment provider (for example your mobile network operator), as well as the type of account and payment plan you have with your payment provider, credit limits and spend caps.
  • Support data: support provided to merchants and payment providers in relation to your transactions and payments.
  • Credentials: including passwords and similar security information for account access.
  • Device data: including the make and model of any devices used by you to interact with Bango’s website and products, and used by you to purchase or subscribe to merchant products and services, and any associated IP addresses, cookies and browser header information.
  • Marketing and communications data: including your marketing and communications preferences.
  • Usage data: including your interaction with Bango’s website and products.
  • Shareholding data: Bango PLC is listed on AIM at the London Stock Exchange. It therefore processes shareholding data, including shareholding numbers and values, and share trades.

Why does Bango have this data and how does Bango use it?

Bango processes personal data for a variety of reasons, depending on the context. Bango uses the data it collects for two main reasons:

Delivery of Bango Platform products, including:

  • Delivery of products to Bango merchant and payment provider partners. For example, Bango may enable its merchant partners to set up subscriptions for their products through the end user’s preferred payment provider.
  • Supporting products and partners. For example, helping them to resolve a query an end user may have on their merchant purchase or payment provider bill, or helping them with errors or technical issues.
  • Developing, maintaining and enhancing the Bango Platform. Bango strives to constantly improve its platform, providing additional features and functionality, delivering to merchants, payment provider partners and end users a better experience. Bango technology delivers insights/transaction data to Bango merchant and payment provider partners enabling them to enhance their service

Operating Bango business, including:

  • Business operations. Data may be used in the day-to-day operations of Bango business, to enable Bango to pursue its legitimate business interests. It may also be used to enable Bango to monitor, analyze, operate and improve its business and products. For example, Bango actively monitors transaction data and reports on this to merchant and payment provider partners to ensure product functionality and quality. Data may also be used in aggregated or anonymized form to analyze and report upon consumer behavior and preferences, and to expand and improve the Bango Platform and its merchant and payment provider partners’ products and services.
  • Communicating with you and keeping you informed. Bango uses data to keep you up to date with Bango news and products. When Bango communicates with you in a marketing context, you will always be given the opportunity to opt-out of mailing lists.
  • Risk and security. Bango uses data to manage risk and secure the integrity of its products and data, to detect and prevent fraud, and the abuse of Bango’s and merchant and payment providers’ products and services, and to ensure legal, regulatory and contractual compliance.
  • Compliance with legal and regulatory requirements. Bango PLC is a listed company and the Bango Group of companies operate globally. Your data will be processed by Bango, and merchant and payment provider partners, in accordance with all applicable local laws and regulatory requirements.

How does Bango have this data?

The way in which data is collected will depend on the context in which Bango collects and is using your data. Your personal data is collected by Bango either directly or indirectly.

Direct interactions

Where Bango collects your personal data directly through interactions with you, Bango act as “controller” of your data. For example, when you navigate the Bango website, or contact Bango in your capacity as a shareholder, you are interacting with Bango directly, and in these circumstances your personal data will be processed in accordance with this Privacy Policy.

Indirect interactions

Most of the personal data Bango processes is passed to Bango by merchant and payment provider partners during the delivery of Bango products and services to them. In this context, Bango act as “processor” of the data.

For example, if an end user wishes to charge an app store purchase to their phone bill, details of the purchase request will be passed from the app store to the Bango Platform. Bango will work with the app store and the end user’s payment providers (for example, their Mobile Network Operator) to enable them to charge this purchase to their bill. The end user’s relationship will be with the relevant merchant and payment provider, who each act as “controller” of the data. Bango processes this data strictly in accordance with their instructions and with this Privacy Policy.

Who is personal data shared with?

Bango shares personal data for a variety of reasons:

Within the Bango Group

Bango shares personal data within the Bango Group as required to provide its products and operate its business. Whenever personal data is shared within the Bango Group, this is only ever done within the remit of this Privacy Policy.

With merchant and payment provider partners

The sharing of personal data is essential to the functionality of the Bango Platform. Bango shares data with its merchant and payment provider partners, and they share personal data with Bango, to: – facilitate and enable transactions on their behalf. – ensure the smooth functioning of, and to support, each party’s respective products and services. – assist each other in the prevention and detection of fraud and similar breaches of applicable laws, and to resolve disputes. – in aggregated, anonymized and / or statistical form, to analyze and report upon consumer behavior, and to expand and improve each party’s respective products. (This data will never include information that could be used by them to personally identify you).

With entities that provide services to Bango

These third parties may be used to provide support services to end users, Bango, or Bango partners or customers, to verify your identity, send communications on behalf of Bango, and similar. They are required to act and process your data in accordance with Bango directions.

With other third parties

Bango may share personal data with other third parties, where to do so is in Bango’s legitimate business interests, or where permitted or required to do so by law, including: – governmental or regulatory bodies, where Bango believes it is required to do so by law or any applicable regulation. – any court or alternative forum for the resolution of disputes, with the requisite authority and jurisdiction. – to protect Bango property, products and rights and those of Bango partners, customers and service providers. – where Bango, acting in good faith, suspect fraud, illegal activity or violations of any applicable regulation, contract or similar. – to facilitate the sale or purchase of all or any part of the Bango business. – to support Bango’s banking, audit, compliance and corporate governance functions.

How you can access and control your personal data

It is important that the personal data Bango holds about you is accurate and current. Please keep Bango informed if your personal data changes by emailing dataprivacy@bango.com

How Bango secures your personal data

Bango takes the security and integrity of your personal data seriously. Appropriate technical, physical and administrative security measures have been designed and implemented to protect your personal data against accidental loss, unauthorized access and use, disclosure, and alteration. For example, Bango uses firewalls, data encryption mechanisms such as SSL, and limits physical and logical access to your personal data to those employees, agents and contractors and other third parties who have a need to know, and who are subject to strict contractual confidentiality obligations.

Where Bango stores and processes your personal data

The Bango policy is to store and process most data in Bango offices, facilities and servers in the United Kingdom. In some circumstances, where required to do so either to comply with local laws or partner requirements, Bango stores and / or processes data outside of the United Kingdom. In these circumstances, your data will be stored and / or processed in the location required of Bango, which is usually within your country or region.

Like most other business, Bango uses cloud services; where these contain personal data it is stored geographically according to the end user’s country or region.

Data emanating from EU countries is only stored or processed outside of the EU if permitted by EU law.

Retention policy

The specific period for which Bango is required to retain personal data depends on the nature of the data held and the context in which it is held. It is also driven by legal, regulatory and contractual obligations, and Bango’s need to enforce and resolve contractual concerns. For example, tax laws require Bango to retain records of transactions for a certain period. Bango will always retain data for the minimum period necessary. Bango maintains a comprehensive list of retention periods according to data category, and has technical and organizational systems and procedures implemented to enforce these.

Protecting children

The Bango Platform is not directed at or intended to be used by children, and Bango never knowingly processes children’s personal data. Bango works with its merchant and payment provider partners, and has implemented its own measures, to ensure that children’s personal data is protected and is not processed. If you believe that Bango holds or is processing a child’s personal data, please contact Bango’s Data Privacy Officer immediately by emailing dataprivacy@bango.com. Unless Bango is legally required to retain it, the data will be deleted immediately.

Cookies

Bango may use a “cookie” in the browser files of a user’s access device. Please refer to the Bango Cookie Policy for further information.

Your rights

If you are an EU national you have particular rights in respect of your personal data. In particular, you have rights of access, rectification, erasure, restriction and objection. Bango has implemented systems and procedures to enable you to implement these rights in accordance with the relevant legal requirements.

EU nationals also have the right to raise a complaint with a data protection supervisory authority if you consider any of your rights under applicable data privacy legislation has been infringed. Please contact Bango using the contact details below to find out more and exercise these rights.

How to contact Bango

Bango values the opportunity to discuss data privacy queries or concerns. To raise any such query or concern, please get in touch with Bango’s Data Privacy Officer by emailing dataprivacy@bango.com. They will respond to your email as soon as possible, and in any event within 30 days.

Bango contact details are: Bango.net Limited, 100 Hills Road, Cambridge, CB2 1PH, United Kingdom

Changes to this Privacy Policy

Bango keeps all its policies under regular review to incorporate changes to the Bango Platform services, operational processes and business, and applicable laws and regulatory requirements. Accordingly, this Privacy Policy may change from time to time. Changes will be effective from the date they are published. Bango will notify you of any substantial change to this policy by using a pop-up display on the Bango website, which will appear for no less than 45 days from the date of publication.