Have you seen our Widget online? Have you been asked to log in to your account in order to verify your financial condition? Let us explain who we are and why it’s secure to share your data.
AISP - Account Information Service Provider.
You might have heard that some time ago new regulations called PSD2 came into effect. One of the changes it introduced you could’ve noticed is that when logging in to your bank account you have to provide an SMS code more often or have to additionally confirm your transactions.
PSD2 also introduced new types of companies providing payments-related services. One of them is an Account Information Service Provider - a company that is authorised to download data from bank accounts after a user requests such information.
Kontomatik is authorized to provide Account Information Service. It means that we’ve passed multiple checks and are compliant with EU regulations as well as adhere to the highest security standards in order to perform this service well.
We cooperate with our business partners that want to verify their users’ payment discipline and financial capacity in order to provide their services e.g. finance management, granting loans, mortgages, rentals or others.
We developed a tool we call SingIn Widget. You go through multiple steps, either being redirected to the bank’s site to log in or providing your credentials directly in the Widget. Then we connect with the bank in order to download accounts and transactions details. Then we do analysis on the data and pass it on to our partner so they can, for example, accept your loan application.
Depending on our partners, the country they operate in and other factors, one of our entities is involved - Kontomatik Sp. z o.o. or Kontomatik UAB. Both of them are monitored and required to report their financial services activities to the national supervisory authorities in Poland (KNF, Komisja Nadzoru Finansowego) or Lithuania (BoL, Bank of Lithuania).
In most cases we operate under the Lithuanian company, which means you’ll see “Kontomatik UAB” in the Widget and attached documents, but we do have clients who decided to cooperate with our Polish company as well (Kontomatik Sp. z o.o.).
In any case, both work adhering to the same quality and security standards when providing the services. If you want to read more about compliance at Kontomatik and the security measures we use that made us earn ISO Information Management Security certification, visit this page.
We perform two types of services: single and multiple access. Depending on the one that our partners might need, you’ll be informed in the Widget that you agree to us having access to your account once only or for up to 4 times daily up to 90 days.
After the data has been imported, either once or as part of the multiple access service, it’s being sent to our partner and additionally stored on our servers for up to 14 days. After that all information about your accounts is removed from our servers*
If you have any questions about how we process your data, feel free to read our Privacy Policies or contact us via firstname.lastname@example.org.
*Please note that our partner might still process the information they received even if we remove them from our servers. To find out more about, you should contact the company of which website you visited to authenticate using our Widget.