CINXE.COM

<!DOCTYPE html>  <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  <title>Data Processing Agreement (GDPR compliant)</title> <meta name="description" content="Obligations, applications and legal agreements about the data processing and the responsability of IBAN.com and the customers on the platform." /> <meta name="keywords" content="" /> <meta name="theme-color" content="#153570"> <meta name="apple-mobile-web-app-status-bar-style" content="#153570"> <meta name="MobileOptimized" content="width" /> <meta name="HandheldFriendly" content="true" /> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="preconnect" href="https://www.google.com" crossorigin> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link rel="preconnect" href="https://www.google-analytics.com" crossorigin> <link rel="preconnect" href="https://cdnjs.cloudflare.com" crossorigin> <link href="https://www.iban.com/dpa" rel="canonical"> <link rel="alternate" href="https://www.iban.com/dpa" hreflang="x-default" /> <link rel="alternate" href="https://www.iban.com/dpa" hreflang="en" /> <link rel="alternate" href="https://de.iban.com/dpa" hreflang="de" /> <link rel="alternate" href="https://fr.iban.com/dpa" hreflang="fr" /> <link rel="alternate" href="https://es.iban.com/dpa" hreflang="es" /> <link rel="alternate" href="https://pt.iban.com/dpa" hreflang="pt" /> <link rel="alternate" href="https://nl.iban.com/dpa" hreflang="nl" /> <link rel="alternate" href="https://it.iban.com/dpa" hreflang="it" /> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/css/bootstrap.min.css" integrity="sha512-oc9+XSs1H243/FRN9Rw62Fn8EtxjEYWHXRvjS43YtueEewbS6ObfXcJNyohjHqVKFPoXXUxwc+q1K7Dee6vv9g==" crossorigin="anonymous" /> <link rel="stylesheet" type="text/css" href="/stylesheets/style.css?v=2"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css" integrity="sha512-SfTiTlX6kk+qitfevl/7LibUOeJWlt9rbyDn92a1DqWOw9vWG2MFoays0sgObmWazO5BQPiFucnnEAjpAB+/Sw==" crossorigin="anonymous" /> </head> <body> <div class="boxed"> <div class="topheader"> <div class="container"> <div class="row"> <div class="col-4"> <div class="top-navigator float-left"> <ul> <li ><a href="/contact" title="Contact Us" class="no-border"><i class="fa fa-envelope"></i> Contact</a></li> </ul> </div> </div> <div class="col-8"> <div class="top-navigator float-right"> <ul> <li class="d-none d-sm-inline-block"><a href="#" class="language"><img src="/images/icon/blank.png" class="flag flag-gb" width="16" height="11" alt="en"> EN</a> <ul> <li><a href="https://de.iban.com/" title="Deutsch" data-lang-id="de_DE"><img src="/images/icon/blank.png" class="flag flag-de" width="16" height="11" alt="de"> Deutsch</a></li> <li><a href="https://fr.iban.com/" title="Français" data-lang-id="fr_FR"><img src="/images/icon/blank.png" class="flag flag-fr" width="16" height="11" alt="fr"> Français</a></li> <li><a href="https://it.iban.com/" title="Italiano" data-lang-id="it_IT"><img src="/images/icon/blank.png" class="flag flag-it" width="16" height="11" alt="it"> Italiano</a></li> <li><a href="https://nl.iban.com/" title="Dutch" data-lang-id="nl_NL"><img src="/images/icon/blank.png" class="flag flag-nl" width="16" height="11" alt="nl"> Dutch</a></li> <li><a href="https://es.iban.com/" title="Español" data-lang-id="es_ES"><img src="/images/icon/blank.png" class="flag flag-es" width="16" height="11" alt="es"> Español</a></li> <li><a href="https://pt.iban.com/" title="Português" data-lang-id="pt_PT"><img src="/images/icon/blank.png" class="flag flag-pt" width="16" height="11" alt="pt"> Português</a></li> <li><a href="https://www.iban.pl/" title="Polski" data-lang-id="pl"><img src="/images/icon/blank.png" class="flag flag-pl" width="16" height="11" alt="pl"> Polski</a></li> <li><a href="https://www.iban.se/" title="Svenska" data-lang-id="sv"><img src="/images/icon/blank.png" class="flag flag-se" width="16" height="11" alt="sv"> Svenska</a></li> <li><a href="https://www.iban.fi/" title="Suomi" data-lang-id="fi"><img src="/images/icon/blank.png" class="flag flag-fi" width="16" height="11" alt="fi"> Suomi</a></li> <li><a href="https://www.iban.dk/" title="Dansk" data-lang-id="da"><img src="/images/icon/blank.png" class="flag flag-dk" width="16" height="11" alt="da"> Dansk</a></li> <li><a href="https://www.iban.co.no/" title="Norsk" data-lang-id="no"><img src="/images/icon/blank.png" class="flag flag-no" width="16" height="11" alt="no"> Norsk</a></li> <li><a href="https://www.iban.hu/" title="Magyar" data-lang-id="hu"><img src="/images/icon/blank.png" class="flag flag-hu" width="16" height="11" alt="hu"> Magyar</a></li> <li><a href="https://www.iban.gr/" title="Eλληνική" data-lang-id="el"><img src="/images/icon/blank.png" class="flag flag-gr" width="16" height="11" alt="el"> Eλληνική</a></li> <li><a href="https://www.iban.cz/" title="Čeština" data-lang-id="cs"><img src="/images/icon/blank.png" class="flag flag-cz" width="16" height="11" alt="cs"> Čeština</a></li> <li><a href="https://www.iban.si/" title="Slovenščina" data-lang-id="sv"><img src="/images/icon/blank.png" class="flag flag-si" width="16" height="11" alt="sl"> Slovenščina</a></li> <li><a href="https://www.iban.hr/" title="Hrvatski" data-lang-id="hr_HR"><img src="/images/icon/blank.png" class="flag flag-hr" width="16" height="11" alt="hr"> Hrvatski</a></li> <li><a href="https://www.iban.sk/" title="Slovenský" data-lang-id="sk"><img src="/images/icon/blank.png" class="flag flag-sk" width="16" height="11" alt="sk"> Slovenský</a></li> <li><a href="https://www.iban.lv/" title="Latviešu" data-lang-id="lv"><img src="/images/icon/blank.png" class="flag flag-lv" width="16" height="11" alt="lv"> Latviešu</a></li> <li><a href="https://www.iban.lt/" title="Lietuvių" data-lang-id="lt"><img src="/images/icon/blank.png" class="flag flag-lt" width="16" height="11" alt="lt"> Lietuvių</a></li> <li><a href="https://www.iban.ee/" title="Eesti" data-lang-id="et"><img src="/images/icon/blank.png" class="flag flag-ee" width="16" height="11" alt="et"> Eesti</a></li> <li><a href="https://www.iban.rs/" title="Srpski" data-lang-id="sr"><img src="/images/icon/blank.png" class="flag flag-rs" width="16" height="11" alt="sr"> Srpski</a></li> <li><a href="https://www.ibankodu.com.tr/" title="Türkçe" data-lang-id="tr"><img src="/images/icon/blank.png" class="flag flag-tr" width="16" height="11" alt="tr"> Türkçe</a></li> <li><a href="https://www.iban.ru/" title="Русский" data-lang-id="ru_RU"><img src="/images/icon/blank.png" class="flag flag-ru" width="16" height="11" alt="ru"> Русский</a></li> <li><a href="https://www.iban.bg/" title=" Български" data-lang-id="bg"><img src="/images/icon/blank.png" class="flag flag-bg" width="16" height="11" alt="bg"> Български</a></li> <li><a href="https://www.iban.com.ua/" title="Українська" data-lang-id="uk"><img src="/images/icon/blank.png" class="flag flag-ua" width="16" height="11" alt="uk"> Українська</a></li> <li><a href="https://www.iban.ma/" title="العربية" data-lang-id="ar"><img src="/images/icon/blank.png" class="flag flag-ma" width="16" height="11" alt="ar"> العربية</a></li> <li><a href="https://www.iban.co.il/" title="עברית" data-lang-id="he"><img src="/images/icon/blank.png" class="flag flag-il" width="16" height="11" alt="he"> עברית</a></li> <li><a href="https://www.iban.jp/" title="日本語" data-lang-id="ja"><img src="/images/icon/blank.png" class="flag flag-jp" width="16" height="11" alt="ja"> 日本語</a></li> <li><a href="https://www.iban.kr/" title="한국어" data-lang-id="ko"><img src="/images/icon/blank.png" class="flag flag-kr" width="16" height="11" alt="ko"> 한국어</a></li> <li><a href="https://www.iban.hk/" title="繁體中文" data-lang-id="zh-TW"><img src="/images/icon/blank.png" class="flag flag-hk" width="16" height="11" alt="zh-TW"> 繁體中文</a></li>  </ul> </li> <li></li> <li><a href="https://clients.iban.com/login" title="Member Login" class="login"><i class="fa fa-lock no-border" aria-hidden="true"></i>Login</a></li> <li><a href="https://clients.iban.com/register" title="Request a trial account" class="requesttrial d-none d-sm-inline-block">Register</a></li> </ul> </div> </div> </div> </div> </div> <header id="header" class="header clearfix"> <div class="header-wrap clearfix"> <div class="container"> <div class="row"> <div class="col-md-12"> <div id="logo" class="logo"> <a href="/" title="IBAN Home"> <img src="/images/logo.png" alt="IBAN Logo" width="170" height="75"> </a> </div> <div class="btn-menu"> <span></span> </div> <div class="nav-wrap"> <nav id="mainnav" class="mainnav navbar-right"> <ul class="menu"> <li><a href="/iban-checker" title="Check IBAN Number"><i class="fa fa-check"></i> <div class="atitle">Validate IBAN</div></a></li> <li><a href="/calculate-iban" title="IBAN Calculator"><i class="fa fa-retweet"></i> <div class="atitle">Calculate IBAN</div></a></li> <li><a href="/products" title="Products and services"><i class="fa fa-th-large" ></i> <div class="atitle">Products</div></a></li> <li><a href="/why-iban" title="Why choose IBAN Services"><i class="fa fa-question-circle" aria-hidden="true"></i> <div class="atitle">Why IBAN</div></a></li> <li><a href="/developers" title="Developers Documentation"><i class="fa fa-cogs"></i> <div class="atitle">Developers</div></a></li> <li><a href="/pricing" title="Order products and services"><i class="fa fa-tasks"></i> <div class="atitle">Pricing</div></a></li> </ul> </nav> </div> </div> </div> </div> </div> </header> <div class="flat-row pad-bottom70px"> <div class="container"> <div class="row"> <div class="flat-services"> <div class="services-title"><h1 class="title no-margin-top pad-bottom40px">Data Processing Agreement (GDPR compliant)</h1></div><br> <div class="flat-wrapper"> Effective on May 1, 2018<br> <div class="title-section style2 pad-top0px"> <h4 class="title"><span>1. Scope and subject matter of the agreement</span></h4> </div> This Data Processing (“DPA”) reflects the parties’ agreement with respect to the terms governing the processing of Personal Data under IBANCOM’s Terms of Service (the “TOS”). This DPA is an amendment to the TOS and is effective upon its incorporation into the TOS, which incorporation may be specified in an Order or an executed amendment to the TOS. Upon its incorporation into the TOS, the DPA will form a part of the TOS. <br> <div class="title-section style2 pad-top0px"> <h4 class="title"><span>2. Definitions</span></h4> </div> In this agreement:<br> <br> (a) « Services » means the services provided to the Customer under the TOS ;<br> (b) « Personal data » means any information relating to an identified or identifiable natural person (‘data subject’);<br> (c) « Customer », « controller » or « you » means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;<br> (d) « Processor », « IBANCOM » or « we » means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;<br> (e) « Process/processing » means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction ;<br> (f) « Sub-processor » or « Sub-contractor » means a third party subcontractor engaged by the processor which, as part of the subcontractor’s role of delivering the Services, Processes Personal Data of the Customer ;<br> (g) « Technical and organisational security measures » means those measures aimed to ensure a level of security appropriate to the risk including inter alias the pseudonymisation and encryption of personal data, the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.<br> (h) “Data Protection Laws” means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their Member states, applicable to the Processing of Personal Data under the Agreement.<br> <div class="title-section style2 pad-top0px"> <h4 class="title"><span>3. Application of this agreement</span></h4> </div> This agreement shall apply to:<br> a) all Data sent from the date of this agreement by the Customer to IBANCOM for Processing;<br> b) all Data accessed by the IBANCOM on the authority of the Customer for Processing from the date of this agreement; and<br> c) all Data otherwise received by IBANCOM for Processing on the Customer's behalf;<br> in relation to the Services.<br> <div class="title-section style2 pad-top0px"> <h4 class="title"><span>4. Categories of Personal Data and purpose of the Personal Data Processing</span></h4> </div> In order to execute the Agreement, and in particular to perform the Services on behalf of Customer, Customer authorizes and requests that IBANCOM Process the following Personal Data: Customer Information : information that we may collect from your use of the IBANCOM web sites and your interactions with us offline such as :<br> <br> • Contact information : name, home address, telephone or mobile number, email address, and passwords.<br> • Financial information : credit card’s number and billing information (tax id, number of the payer VAT, billing address, billing email, where invoices are sent) ; Credit card number are handled by Avangate (our payment gateway), by Paypal, or other types of payment ; IBANCOM only charges your credit card for payments.<br> • Employment contact details, including : employer name, job title and function, business contact details; IBANCOM deal with customer information according to the terms of our general privacy policy.<br> <br> Services Data : data that resides on IBANCOM, customer or third-party systems to which IBANCOM has provided access to perform services.<br> <br> • Data stored and processed by users, such as: data sent for processing, the history of operations performed by users.<br> • Log File Information: Three types of logs are saved by IBANCOM’s system : Connection logs which are essentially logs from each request to each application. These connection logs may include information such as the web request, Internet Protocol ("IP") address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed and other such information. The second type of logs are application logs, which are produced by our software during data processing. Application logs logs are a record of all input data sent for processing to our servers that can help IBANCOM to identify and diagnose the source of current system problems and help predict future problems.<br> IBANCOM processes Customer information according to the terms of its Privacy policy, and treats services data as confidential in accordance with the terms of your order for services<br><br> Categories of Data Subjects: Data subjects include Customer’s representatives and end users, such as employees, job applicants, contractors, collaborators, partners, and customers of the Customer. Data subjects also may include individuals attempting to communicate or transfer Personal Data to users of the Services.<br> <div class="title-section style2 pad-top0px"> <h4 class="title"><span>5. Responsibility of IBANCOM</span></h4> </div> IBANCOM shall Process Personal Data solely for the provision of the Services, and agrees to :<br> <br> • (a) Process and use Personal Data for the purposes set forth in this Agreement or only on documented instructions from the Customer and for no other purpose except with the express prior written consent of the Customer, or<br> • (b) Not divulge Data to third parties except to those of its employees, agents and subcontractors who are engaged in the Processing of the Data and are subject to the binding obligations or except as may be required by any law or regulation;<br> • (c) Implement appropriate technical and organizational measures to safeguard the Data from unauthorized or unlawful Processing or accidental loss, destruction or damage, and that having regard to the state of technological development and the cost of implementing any measures, such measures shall ensure a level of security appropriate to the harm that might result from unauthorized or unlawful processing or accidental loss, destruction or damage and to the nature of the Data to be protected;<br> • (d) Inform the Customer as soon as possible in the event of the exercise by Data Subjects of any of their rights under the data protection laws in relation to the Data, and, if necessary, assists the Customer in complying with the obligation to respond to those requests in consideration of the undertakings provided in article 7 ;<br> • (e) Not Process or transfer the Data outside of the European Union except with the express prior written authority of the Customer and ensure that such transfers are made in compliance with appropriate EU laws.<br> <div class="title-section style2 pad-top0px"> <h4 class="title"><span>6. Responsibility of the Customer</span></h4> </div> The Service Customer, as Data controller, must accept responsibility for abiding by the applicable data protection legislation. Notably, the Customer has an obligation to assess the lawfulness of the processing of personal data stored on the Platform.<br> <br> The Customer agrees that it shall ensure compliance at all times with the applicable data protection law, and, in particular, the Customer shall ensure that any disclosure of Personal Data made by it to IBANCOM is made with the data subject's consent or is otherwise lawful. The control of Personal Data remains with the Customer, and as between the Customer and IBANCOM, the Customer will at all times remain the Data controller for the purposes of the Services, the TOS, and this Data Processing Agreement. The Customer is responsible for compliance with its obligations as Data controller under the applicable data protection Law, in particular for justification of any transmission of Personal Data to IBANCOM (including providing any required notices and obtaining any required consents), and for its decisions concerning the Processing and use of the data.<br> <div class="title-section style2 pad-top0px"> <h4 class="title"><span>7. Rights of Data Subject</span></h4> </div> IBANCOM will grant Customer electronic access to the Platform environment that holds Personal Data to permit Customer to delete, release, correct or block access to specific Personal Data or, if that is not practicable and to the extent permitted by applicable law, follow Customer’s detailed written instructions to delete, release, correct or block access to Personal Data.<br><br> IBANCOM shall pass on to the Customer any requests of an individual data subject to delete, release, correct or block Personal Data Processed under the Agreement.<br> <div class="title-section style2 pad-top0px"> <h4 class="title"><span>8. Cross Border and Onward Data Transfer</span></h4> </div> IBANCOM treats all Personal Data in a manner consistent with the requirements of the applicable data protection Law and this Data Processing Agreement in all locations globally.<br><br> Data is stored by IBANCOM in data centers located in Germany managed by its subcontractor Google Cloud.<br> <br> Google Cloud Data Center Location<br> FRANKFURT<br> Google Cloud service is fully GDPR compliant. You may find out more about their data processing compliancy at:<br> https://cloud.google.com/security/gdpr<br> <br><br> With respect to Personal Data stored by IBANCOM in data centers in the EEA shall ensure compliance its Subprocessors with the requirements of the applicable data protection law as follows:<br> • (i) IBANCOM has entered into contracts with Subprocessors which provide that the Subprocessor will undertake data protection and confidentiality obligations consistent with applicable data protection laws;<br> • (ii) further, where a Subprocessor processes Personal Data in or from a country that has not received an “adequacy” finding, IBANCOM will require the Subprocessor to execute Model Clauses incorporating security requirements consistent with those of this DPA.<br> <div class="title-section style2 pad-top0px"> <h4 class="title"><span>9. Subprocessing</span></h4> </div> IBANCOM shall not subcontract any of its processing operations performed on behalf of the Customer under the Agreement and the TOS without the prior written consent of the Customer.<br> <br> Where IBANCOM subcontracts its obligations under the Agreement, with the consent of the Customer, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on IBANCOM under the Agreement. Where the subprocessor fails to fulfill its data protection obligations under such written agreement IBANCOM shall remain fully liable to the Customer for the performance of the subprocessor’s obligations under such agreement.<br> <br> The Customer as Data controller may request that IBANCOM audit the Subprocessor or provide confirmation that such an audit has occurred (or, where available, obtain or assist Data Controller in obtaining a third-party audit report concerning Subprocessor’s operations) to ensure compliance with such obligations. The Controller also will be entitled, upon written request, to receive copies of the relevant terms of IBANCOM’s agreement with Subprocessors that may process Personal Data, unless the agreement contains confidential information, in which case the IBANCOM may provide a redacted version of the agreement.<br> <br> The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the Customer is established.<br> <div class="title-section style2 pad-top0px"> <h4 class="title"><span>10. Technical and Organizational Measures</span></h4> </div> When Processing Personal Data on behalf of Customer in connection with the Services, IBANCOM shall ensure that it implements and maintains compliance with appropriate technical and organizational security measures for the Processing of such data. Accordingly, IBANCOM will implement the following measures:<br> <br> • a) To prevent unauthorized persons from gaining access to data processing systems in which Personal Data are Processed (physical access control), IBANCOM shall take measures to prevent physical access, such as security personnel and secured buildings and factory premises.<br> • b) To prevent data processing systems from being used without authorization (system access control), the following may, among other controls, be applied depending upon the particular Services ordered: authentication via passwords and logging of access on several levels.<br> For API Services hosted at the IBANCOM: (i) logical access to the data centers is restricted and protected by firewall/VLAN; and (ii) the following security processes are applied: centralized logging and alerting, and (iii) firewalls.<br> • c) To ensure that persons entitled to use a data processing system only have access to the Personal Data to which they have privilege of access, and that Personal Data cannot be read, copied, modified or removed without authorization in the course of Processing and/or after storage (data access control), Personal Data is accessible and manageable only by properly authorized staff, direct database query access is restricted, and application access rights are established and enforced.<br> <br> In addition to the access control rules set forth above, IBANCOM implements an access policy under which Data Controller controls access to its API Services environment and to Personal Data and other data by its authorized personnel.<br> <br> • d) To ensure that Personal Data cannot be read, copied, modified or removed without authorization during electronic transmission or transport, and that it is possible to check and establish to which entities the transfer of Personal Data by means of data transmission facilities is envisaged (transmission control), IBANCOM will comply with the following requirements: Except as otherwise specified for the API Services, transfers of data outside the Service environment are encrypted (HTTPS). The content of communications (including sender and recipient addresses) sent through some email or messaging services may not be encrypted once received through such services. Data Controller is solely responsible for the results of its decision to use non-encrypted communications or transmissions.<br> • e) To ensure that it is possible to check and establish whether and by whom Personal Data have been entered into data processing systems, modified or removed (input control), IBANCOM will comply with the following requirements: Personal Data source is under the control of the Customer, and Personal Data integration into the system is managed by secured file transfer (i.e., via web services or entered into the application) from the Customer.<br> • f) To ensure that Personal Data is protected against accidental destruction or loss: back- ups are taken on a regular basis; back-ups are encrypted and are secured.<br> • g) To ensure that Personal Data which is collected for different purposes may be Processed separately, data from different Data Controllers’ environments is logically segregated on IBANCOM’s systems.<br> • h) To provide the option to disable logging of input data sent to the service. This feature is available in our Client Area -> Account -> Settings -> Security and Privacy section and is labeled "Query Logging". When disabled, IBANCOM servers will not store the input information sent to our API and web applications by the Customer. <div class="title-section style2 pad-top0px"> <h4 class="title"><span>11. Audit Rights</span></h4> </div> The Customer may audit IBANCOM’s compliance with the terms of the Agreement and this Data Processing Agreement up to once per year.<br> <br> The Customer may perform more frequent audits of the Service computer systems that Process Personal Data to the extent required by laws applicable to the Customer. If a third party is to conduct the audit, the third party must be mutually agreed to by both parties and must execute a written confidentiality agreement acceptable to IBANCOM before conducting the audit.<br> <br> To request an audit, the Customer must submit a detailed audit plan at least 4 weeks in advance of the proposed audit date describing the proposed scope, duration, and start date of the audit. IBANCOM will review the audit plan and provide Data Controller with any concerns or questions (for example, any request for information that could compromise IBANCOM’s security, privacy, or employment policies).<br> <br> The audit reports are Confidential Information of the parties under the terms of the Agreement. Any audits are at the Data Controller's expense.<br> <br> Any request for IBANCOM to provide assistance with an audit is considered a separate service if such audit assistance requires the use of different or additional resources. IBANCOM will seek the Data Controller's written approval and agreement to pay any related fees before performing such audit assistance.<br> <div class="title-section style2 pad-top0px"> <h4 class="title"><span>12. Incident Management and Breach Notification</span></h4> </div> IBANCOM evaluates and responds to incidents that create suspicion of unauthorized access to or handling of Personal Data.<br> <br> The Customer is informed of such incidents and, depending on the nature of the activity, defines escalation paths and response teams to address those incidents. IBANCOM will work with the Customer, with the appropriate technical teams and, where necessary, with outside law enforcement to respond to the incident. The goal of the incident response will be to restore the confidentiality, integrity, and availability of the Services environment, and to establish root causes and remediation steps.<br> <br> IBANCOM operations staff is instructed on responding to incidents where handling of personal data may have been unauthorized.<br> <br> IBANCOM shall notify the Customer without undue delay after becoming aware of a personal data breach. IBANCOM shall promptly investigate any security breach and take reasonable measures to identify its root cause(s) and prevent a recurrence. As information is collected or otherwise becomes available, unless prohibited by law, IBANCOM will provide Data Controller with a description of the security breach, the type of data that was the subject of the breach, and other information Data Controller may reasonably request concerning the affected persons. The parties agree to coordinate in good faith on developing the content of any related public statements or any required notices for the affected persons.<br> <div class="title-section style2 pad-top0px"> <h4 class="title"><span>13. Legally Required Disclosures</span></h4> </div> Except as otherwise required by law, IBANCOM will promptly notify the Customer of any subpoena, judicial, administrative or arbitral order of an executive or administrative agency or other governmental authority (“demand”) that it receives and which relates to the Personal Data IBANCOM is Processing on Customer’s behalf. At Customer’s request, IBANCOM will provide reasonable information in its possession that may be responsive to the demand and any assistance reasonably required for the Customer to respond to the demand in a timely manner. The Customer acknowledges that IBANCOM has no responsibility to interact directly with the entity making the demand.<br> <div class="title-section style2 pad-top0px"> <h4 class="title"><span>14. Obligation after the termination of personal data processing services</span></h4> </div> The parties agree that on the termination of the provision of data processing services, IBANCOM will make available for retrieval or otherwise will return Customer’s Personal Data stored in the Platform environment, unless legislation imposed upon the parties prevents it from returning or destroying all or part of the personal data transferred. In that case, the parties warrant that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.<br> <div class="title-section style2 pad-top0px"> <h4 class="title"><span>15. Governing law</span></h4> </div> This agreement will be governed by the laws of Republic of Bulgaria.<br> </div></div></div></div></div> </div> <footer class="footer" > <div class="footer-widgets"> <div class="container"> <div class="row"> <div class="col-lg-3 col-md-6 col-sm-6 col-xs-6"> <div class="widget widget_nav_menu"> <div class="menu-footer-menu-container"> <div class="footermenutitle">Web Tools</div> <ul class="ft-menu"> <li><a href="/iban-checker">IBAN Checker</a></li> <li><a href="/calculate-iban">IBAN Calculator</a></li> <li><a href="/search-bic">Search BIC</a></li> <li><a href="/vat-checker">VAT Checker</a></li> <li><a href="/currency-converter">Currency Convert</a></li> <li><a href="/exchange-rates">Currency Exchange rates</a></li> </ul> </div> </div> </div> <div class="col-lg-3 col-md-6 col-sm-6 col-xs-6"> <div class="widget widget_nav_menu"> <div class="menu-footer-menu-container"> <div class="footermenutitle"><a href="/developers">Products</a></div> <ul class="ft-menu"> <li><a href="/iban-suite">IBAN Suite: Validation & Calculation</a></li> <li><a href="/bank-suite">Bank Suite: Global Banking Validation</a></li> <li><a href="/bic-validation-service">BIC Validation Service</a></li> <li><a href="/sortware">SortWare: Web Portal & Rest API</a></li> <li><a href="/forex-reference-suite">Forex Reference Suite</a></li> </ul> </div> </div> </div> <div class="col-lg-3 col-md-6 col-sm-6 col-xs-6"> <div class="widget widget_nav_menu"> <div class="menu-footer-menu-container"> <div class="footermenutitle"><a href="/developers">Developers</a></div> <ul class="ft-menu"> <li><a href="/validation-api">IBAN Validation API</a></li> <li><a href="/calculation-api">IBAN Calculation API</a></li> <li><a href="/bank-suite-api">Bank Suite API</a></li> <li><a href="/bic-validation-api">BIC Validation API</a></li> <li><a href="/sortware-api">SortWare Rest API</a></li>  </ul> </div> </div> </div> <div class="col-lg-3 col-md-6 col-sm-6 col-xs-6"> <div class="widget widget_nav_menu"> <div class="menu-footer-menu-container"> <div class="footermenutitle"><a href="/about">About</a></div> <ul class="ft-menu"> <li><a href="/why-iban">Why IBAN</a></li> <li><a href="/security">Security</a></li> <li><a href="/customers">Customers</a></li> <li><a href="/our-data">Our Data</a></li> <li><a href="/news">News & Updates</a></li> </ul> </div> </div> </div> </div></div></div> <div class="content-bottom-widgets"> <div class="container"> <div class="ft-wrapper"> <div class="col-md-12 text-center footermenutitle">Partners</div></div> </div> </div> <div class="content-bottom-widgets"> <div class="container"> <div class="row"> <div class="col-md-4 text-left"> <span style="clear:both;">BIC data used with permission of S.W.I.F.T. SCRL. Database Rights Reserved, 2025. <br> IBAN.com is an authorized VocaLink™ Distributor</span> </div> <div class="col-md-2 col-sm-6 text-center"> <span><img src="/images/logos/swiftref.png" alt="S.W.I.F.T. SCRL" width="155" height="178" >  </span> </div> <div class="col-md-2 col-sm-6 text-center"> <span><img src="/images/logos/deutsche_bundesbank.png" alt="Deutsche Bundesbank" width="155" height="178">  </span> </div> <div class="col-md-2 col-sm-6 text-center"> <span><img src="/images/logos/banque_de_france.png" alt="La Banque de France Eurosisteme" width="155" height="178"></span> </div> <div class="col-md-2 col-sm-6 text-center"> <span><img src="/images/logos/vocalink_mastercard.png" alt="Vocalink LTD (Mastercard)" width="155" height="178">  </span> </div> </div> </div> </div> <div class="footer-content"> <div class="copyright"> <div class="container"> <div class="row"> <div class="col-md-3 col-sm-12 col-xs-12"> Copyright © 2025 IBAN.COM </div> <div class="col-md-8 col-sm-12 col-xs-12"> <a href="/privacy">Privacy</a> <a href="/terms">Terms</a> <a href="/dpa">DPA</a> <a href="/sla" class="d-none d-sm-inline-block">SLA</a> <a href="/security" class="d-none d-sm-inline-block">Security</a> <a href="/contact">Contact</a> <a href="/sitemap" class="d-none d-sm-inline-block" >Sitemap</a> </div> </div> </div> </div> </div> </footer> <a href="#" class="go-top" aria-label="go to top"><i class="fa fa-chevron-up"></i></a> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js" integrity="sha512-bLT0Qm9VnAYZDflyKcBaQ2gg0hSYNQrJ8RilYldYQ1FxQYoCLtUjuuRuZo+fjqhx/qtq/1itJ0C2ejDxltZVFg==" crossorigin="anonymous"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.5.3/js/bootstrap.min.js" integrity="sha512-8qmis31OQi6hIRgvkht0s6mCOittjMa9GMqtK9hes5iEQBQE/Ca6yGE5FsW36vyipGoWQswBj/QBm2JR086Rkw==" crossorigin="anonymous"></script> <script type="text/javascript" src="/javascript/main.js"></script> <link href="https://fonts.googleapis.com/css2?family=Hind+Siliguri:wght@400;700&display=swap" rel="stylesheet">   <script> //divascookies $.DivasCookies({ bannerText : "This website uses cookies in order to improve your web experience. ", // text for the Divas Cookies banner cookiePolicyLink : "/privacy", // link to the extended cookie policy cookiePolicyLinkText : "Privacy policy", // text for the link to the extended cookie policy thirdPartyPolicyWidget : "", // if set to "iubenda" tries to use the Iubenda widget acceptButtonText : "Accept", // text for the close button acceptButtonSrc : "", // source for the close button image openEffect : "", // opening effect for Divas Cookies banner ["fade", "slideUp", "slideDown", "slideLeft", "slideRight"] openEffectDuration : 600, // duration of the opening effect (msec) openEffectEasing : "", // easing for the opening effect closeEffect : "", // closing effect for Divas Cookies banner ["fade", "slideUp", "slideDown", "slideLeft", "slideRight"] closeEffectDuration : 600, // duration of the closing effect (msec) closeEffectEasing : "", // easing for the closing effect debugMode : false, // if true, the options are checked and warnings are shown saveUserPreferences : true, // if true, sets a cookie after the Divas Cookies is closed the first time and never shows it again cookieDuration : 30, // number of days after which the Divas Cookie technical cookie will expire (default 365 days) blockScripts : false, // set this to true if you blocked scripts by wrapping them with if($.DivasCookies.optedIn()){**script to be blocked**} (default false) pageReload : false, // if true reloads the actual page after opt-in to show the previuosly blocked scripts (default false) acceptOnScroll : false, // if true sets the Divas Cookie technical cookie on page scroll for cookies agreement (default false) acceptOnClick : true, // if true sets the Divas Cookie technical cookie on click on any <a> in the page except that on Divas Cookies banner for cookies agreement (default false) excludePolicyPage : true // if true excludes the cookie policy page from acceptOnScroll and acceptOnClick (default false) }); </script>   <script disable-devtool-auto src='https://cdn.jsdelivr.net/npm/disable-devtool@latest'></script> </body> </html>