Data Protection Policy – iFinance

Name and contact data of the data protection official

You can use the app iFinance without providing your personal data to us.

Your personal data will only be processed by us, the

Synium Software GmbH
Robert-Koch-Str. 50

55129 Mainz, Germany
Phone: +49 (0)6131 4970 0

Fax: +49 (0)6131 4970 12

if you give us the information voluntary.

The data protection official of Synium Software GmbH can be reached via the address mentioned before, attn. data protection commissioner or via email to You can always reach out to our commissioner of data protection directly if you have any questions about data protection law or about your rights as a data subject.

When using the account retrieval

There are two options to connect to your bank account. If you use the service without a third party (Tink Germany GmbH or Plaid) but communicate directly via FinTS/HBCI interface between iFinance and the bank, generally no data storage takes place. FinTS/HBCI is usually not offered for banks outside of Germany.

If you register to use Tink Germany GmbH (EU) or Plaid (US/CA) to retrieve your bank account data, the communication takes place with the respective providers. Please take a look at the privacy statements of

Tink Germany GmbH:


In no case we, Synium Software, store your account information (e.g. bank routing number, turnovers) – the communication is done from the app iFinance directly with the bank or optionally via intermediary of the mentioned third party providers via the PSD2 compliant interface.

Registration with Tink Germany GmbH or Plaid requires the creation of a Synium ID, see next paragraph.

When registering a “Synium ID“

When you register for a Synium ID, in addition to the registration data such as mail address, name, time of registration, we also store the following server data when you access the service:

  • IP address of the requesting computer,
  • date and time of access,

The aforementioned data is processed by us for the following purposes:

  • Ensuring a smooth connection setup
  • evaluation of system security and stability, and
  • for other administrative purposes.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person. When communicating with the interface of Tink Germany GmbH or Plaid, no personal data of the Synium ID is transferred to the aforementioned service providers.

When registering for our newsletter

In so far as you have given consent under Art. 6 Subs. 1 Sentence 1 lit. a GDPR, we will use your email address to regularly send you our personalised newsletter. Providing an email address is sufficient for receiving the newsletter. Voluntary you can also tell us your name and country. We use this information to individualize the newsletter. Cancellation is possible at any time, e.g. via a link at the end of every newsletter. Alternatively, you can cancel at any time by sending an email to After your cancellation your voluntary information will be deleted. To ensure that you will not receive any further emails from us, we will only continue to store your email address for further X months in a so-called blacklist. Right to object pursuant to Art. 21 GDPR

You have the right at any time, for reasons arising out of your particular situation, to prevent the processing of personal data concerning you pursuant to Art. 6 Subs. 1 Sentence 1 lit. e (Data Processing in the Public Interest) and Art. 6 Subs. 1 Sentence 1 lit. f GDPR (Data processing on the basis of legitimate interests). This also applies to profiling based on those provisions as defined in Art. 4 no 4 GDPR. If you submit an objection we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defence of legal claims.

If your objection is to the processing of data for direct marketing purposes, we shall cease processing immediately. In this case it is not necessary for you to assert a particular situation. This also applies to profiling to the extent that it is related to such direct marketing.

If you want to exercise your right to object, simply send an email to

Data Security

All personal data transmitted by you will be transferred encrypted using the customary and secure TLS standard (Transport Layer Security). TLS is a secure and proven standard, which e.g. is also used in online banking. You can recognise a secure TLS connection inter alia by the “s” appended to the http (i.e. https://..) in the address bar of your browser or by the lock icon at the bottom of your browser. We also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously monitored and improved in line with technological developments.

Actuality of and changes to this Data Protection Policy

This Data Protection Policy is currently valid and was last amended as of May 2022.

Due to further development of our app and our newsletter offer or due to changed legal or regulatory requirements, it might get necessary to amend this Data Protection Policy. The current version of Data Protection Policy can be accessed and saved at any time in the app under the