Neobank Capital — Criminal Data Processing Policy

Home

Last Updated: 23 Oct 2025

1. Purpose

At Neobank Capital (“we”, “our”, or “us”), we are committed to maintaining the highest standards of security, compliance, and transparency in handling personal data.

In accordance with international data protection laws, including Article 10 of the EU General Data Protection Regulation (GDPR), this Criminal Data Processing Policy explains when and how we may process information relating to criminal convictions, offences, or related security checks.

This policy applies to all users, clients, employees, contractors, and partners interacting with our fintech platform, PRS ONE Connect, and associated services.

2. Scope

This policy covers the processing of data that reveals or relates to:

  1. Criminal convictions or offences;
  2. Allegations of criminal conduct;
  3. Law enforcement or sanctions data;
  4. Data obtained from background, fraud, or anti-money laundering (AML) checks.

We only process such data when it is strictly necessary, lawful, and proportionate for the purposes described in this policy.

3. Legal Basis for Processing

Under GDPR and other international privacy frameworks, criminal offence data may be processed only under specific conditions.

Neobank Capital processes this category of data based on the following legal grounds:

  1. Compliance with Legal Obligations:
  2. To meet KYC (Know Your Customer), AML (Anti-Money Laundering), CFT (Counter-Financing of Terrorism), and financial crime prevention requirements under applicable law.
  3. Substantial Public Interest:
  4. For fraud detection, identity verification, and ensuring the integrity of the financial ecosystem, consistent with national and international regulatory frameworks.
  5. Explicit Consent (where required):
  6. In jurisdictions that require it, we will obtain your express written consent before processing such data.
  7. Legitimate Interests:
  8. Where permitted, to protect our systems, customers, and partners from misuse or illegal activity.

4. Types of Data We May Process

Depending on the purpose and applicable laws, we may process:

  1. Information regarding criminal convictions or pending charges;
  2. Records of financial or identity fraud;
  3. Data included in official sanctions lists (e.g., OFAC, EU, UN, or local authorities);
  4. Watchlist or politically exposed person (PEP) information;
  5. Verification data obtained from lawfully authorized third parties or compliance databases.

We do not collect this information directly from law enforcement agencies unless required by law or authorized by a competent authority.

5. How We Obtain Criminal Data

Neobank Capital may receive criminal data through:

  1. Authorized third-party verification providers (e.g., KYC, AML, or sanctions screening platforms);
  2. Regulatory or compliance partners conducting background checks;
  3. Official public records or government databases;
  4. User disclosures during onboarding or verification.

All third-party data processors are contractually bound by Data Processing Agreements (DPAs) that ensure compliance with GDPR and equivalent data protection laws.

6. Purpose of Processing

We process criminal data solely for compliance and security purposes, including:

  1. Preventing fraud, money laundering, and terrorist financing;
  2. Verifying user and business identities;
  3. Screening for sanctions or PEP exposure;
  4. Protecting platform integrity and regulatory compliance;
  5. Meeting obligations under local and international financial laws.

We do not use criminal data for marketing, profiling, or unrelated commercial purposes.

7. Data Minimization and Retention

We collect and retain only the minimum necessary data for the specific purpose for which it was obtained.

Retention periods are determined by:

  1. Legal and regulatory obligations;
  2. Statutory recordkeeping requirements;
  3. Internal compliance and risk management needs.

Once no longer required, criminal data is securely deleted, anonymized, or archived in compliance with applicable retention laws.

8. Data Sharing

Criminal offence data may be shared with:

  1. Regulated compliance partners (KYC/AML providers);
  2. Regulatory or supervisory authorities, when required by law;
  3. Law enforcement agencies, when responding to a lawful request;
  4. Affiliated entities under Neobank Capital, only for compliance-related functions.

All sharing is performed in a secure, encrypted manner and only when lawful grounds exist.

9. Security Safeguards

We implement advanced technical and organizational measures to safeguard sensitive criminal data, including:

  1. AES-256 encryption at rest and TLS 1.3 encryption in transit;
  2. Strict access controls and multi-factor authentication;
  3. Role-based access limitations;
  4. Continuous monitoring, auditing, and compliance oversight.

Access to criminal data is limited to authorized personnel with appropriate training and confidentiality obligations.

10. Data Subject Rights

Individuals have the right to:

  1. Request access to their criminal data;
  2. Correct inaccuracies or incomplete records;
  3. Request deletion of data where legally permissible;
  4. Object to processing in certain circumstances;
  5. Withdraw consent (where applicable).

Requests can be submitted to our Global Data Protection Officer (DPO) at privacy@neobank.capital.

We may verify your identity before processing your request and comply in accordance with legal timelines.

11. International Transfers

As a global fintech company, we may transfer criminal data to jurisdictions outside your country of residence.

Where such transfers occur, we use EU Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure adequate protection consistent with GDPR and other privacy laws.

12. Oversight and Accountability

Our Data Protection Officer (DPO) and Chief Compliance Officer (CCO) jointly oversee compliance with this policy.

We perform:

  1. Annual compliance audits;
  2. Periodic risk assessments;
  3. Training for staff with access to sensitive data.

Any breach or unauthorized disclosure involving criminal data is handled under our Incident Response and Breach Notification Procedures.

13. Policy Updates

We may update this Criminal Data Processing Policy periodically to reflect changes in our legal obligations or business practices.

Updates will be published on our website with a revised “Effective Date.”

14. Contact Information

Global Data Protection Officer

Neobank Capital / PRS ONE Capital Trust KB

Email: privacy@neobank.capital

Website: https://legal.neobank.capital

On this Page
Contents 1. Purpose 2. Scope 3. Legal Basis for Processing 4. Types of Data We May Process 5. How We Obtain Criminal Data 6. Purpose of Processing 7. Data Minimization and Retention 8. Data Sharing 9. Security Safeguards 10. Data Subject Rights 11. International Transfers 12. Oversight and Accountability 13. Policy Updates 14. Contact Information

© 2025 Neobank Capital Legal Center | Privacy & Compliance Hub

Support
Marketing
...