GDPR Compliance

How ConvertBank Statement Converter complies with UK GDPR and protects your data rights

Last updated: November 8, 2025

Our Commitment to Data Protection

ConvertBank Statement Converter is fully compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a UK-based service processing financial data, we take data protection extremely seriously.

This page explains how we comply with GDPR principles and how you can exercise your data rights.

GDPR Principles We Follow

Lawfulness, Fairness & Transparency

We process your data lawfully based on your consent and our legitimate interests. We are transparent about what data we collect and how we use it.

Purpose Limitation

We collect data solely for bank statement conversion and service provision. We do not use your data for any other purposes.

Data Minimization

We only collect the minimum data necessary: email address for account creation. Bank statements are never stored after processing.

Accuracy

You can update your account information at any time. We ensure your personal data is accurate and up-to-date.

Storage Limitation

Bank statements are never stored. Account data is retained only as long as your account is active. You can request deletion at any time.

Integrity & Confidentiality

We use encryption, secure servers, and strict access controls to protect your data from unauthorized access, loss, or damage.

Your Data Rights Under UK GDPR

Right to Access (Article 15)

You have the right to request a copy of all personal data we hold about you. This includes:

•Account information (email, name)
•Subscription details and payment history
•Usage statistics (number of conversions, timestamps)

Note: Bank statements are not included because we do not store them.

How to exercise: Email privacy@convertbank-statement.com with "Subject Access Request" in the subject line. We will respond within 30 days.

Right to Rectification (Article 16)

You have the right to correct any inaccurate or incomplete personal data. You can:

•Update your email address and name through account settings
•Request corrections by contacting us

How to exercise: Log into your account and update information, or email privacy@convertbank-statement.com

Right to Erasure - "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data. Upon your request, we will permanently delete:

•Your account information
•Usage history and metadata
•All personal identifiable information

Exceptions: We may retain payment records for 7 years for tax compliance as required by UK law.

How to exercise: Email privacy@convertbank-statement.com with "Account Deletion Request". Deletion is typically completed within 48 hours.

Right to Restriction of Processing (Article 18)

You have the right to request that we limit how we process your data in certain circumstances:

•If you contest the accuracy of your data
•If processing is unlawful but you don't want erasure
•If we no longer need the data but you need it for legal claims

How to exercise: Email privacy@convertbank-statement.com with details of your restriction request

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, machine-readable format (JSON or CSV) and transfer it to another service.

How to exercise: Email privacy@convertbank-statement.com requesting a data export. We will provide your data within 30 days.

Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Note: We do not use your data for direct marketing. You can object to essential processing by closing your account.

How to exercise: Email privacy@convertbank-statement.com with your objection

Right to Withdraw Consent (Article 7)

Where processing is based on consent, you have the right to withdraw that consent at any time. This includes:

•Marketing communications (if any)
•Optional data collection

How to exercise: Update preferences in account settings or email privacy@convertbank-statement.com

What Data We Process

Personal Data We Store

Email address - for account authentication
Name (optional) - for personalization
Subscription details - tier, status, limits
Usage metadata - conversion count, timestamps
Stripe customer ID - for payment processing

Data We Never Store

✗Bank statements - deleted immediately after processing
✗Transaction details - never logged or stored
✗Account numbers - processed in memory only
✗Card details - handled entirely by Stripe
✗Browsing history - no tracking cookies

Lawful Basis for Processing

Contract Performance (Article 6(1)(b))

We process your account data and usage information to fulfill our contract with you - providing bank statement conversion services.

Legitimate Interests (Article 6(1)(f))

We process usage metadata for fraud prevention, service improvement, and system security - balanced against your privacy rights.

Legal Obligation (Article 6(1)(c))

We retain payment records for 7 years to comply with UK tax law and financial regulations.

Consent (Article 6(1)(a))

We obtain your explicit consent for optional communications and data collection beyond essential service provision.

International Data Transfers

Some of our service providers may process data outside the UK. We ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): Approved by the UK ICO for transfers to countries without adequacy decisions
Adequacy Decisions: We prefer providers in countries recognized as having adequate data protection
Encryption in Transit: All international data transfers use TLS 1.3 encryption

Note: Bank statements are never transferred internationally because they are never stored.

Right to Lodge a Complaint

You have the right to lodge a complaint with the UK supervisory authority if you believe we have not complied with GDPR:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Telephone: 0303 123 1113

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

However, we encourage you to contact us first so we can address your concerns directly.

Contact Our Data Protection Officer

For any questions about GDPR compliance, data protection, or to exercise your rights, please contact our Data Protection Officer:

Email: dpo@convertbank-statement.com

Privacy Team: privacy@convertbank-statement.com

We aim to respond to all GDPR requests within 30 days as required by law.