GDPR: how we handle your data

By Yves Bovin
GDPR Privacy Security

Transparency is an important part of Cake’s core values. We call it “lead in the open”. That’s why it goes without saying that we like to explain in all transparency how we deal with your data and how we secure it.

Every day we are all flooded with requests to give permission for cookies and to receive mailings. We are chased by personalized ads and social media posts as we move online. Your data is used everywhere, that is obvious. But it is rarely clear how this happens. Transparency is an important part of one of Cake’s core values. We call it “lead in the open”. That’s why it goes without saying that we like to explain in all transparency how we deal with your data and how we secure it.

Every day we are all flooded with requests to give permission for cookies and to receive mailings. We are chased by personalized ads and social media posts as we move online. Your data is used everywhere, that’s obvious. But it’s rarely clear how this happens.

Let’s explain.

Your data are yours and yours only

You are the sole owner of your bank details thanks to the European PSD2 regulation. Until recently, the banks had the exclusive right on payment transactions. In order to break the dominance of the banks and to encourage innovation in the financial sector, Europe has partly shifted the control of the bank data from the bank to the customer.

So now European consumers can ask their bank to share their data with other companies, like Cake. After all, it’s your data that matters and that’s up to you to decide.

Because it concerns bank data, an extra security has been built in and banks are only allowed to pass on data to companies that have obtained a licence from the financial supervisor. In Belgium this is the National Bank of Belgium (NBB).

After a lot of work, Cake received such a licence from the NBB on 9 July 2019, and so we are also regulated and controlled by them. This means that we have to comply with the financial legislation that applies to payment institutions. This is why we employ a compliance officer and we are periodically audited by an accredited internal auditor and an accredited revisor.

Your share of the cake

Besides building the best banking app in the world and giving you more insights and control over your finances, we want Cake to make your bank account profitable again.

How do we make that happen? Well, we process data from Cake users in completely anonymous statistics that we sell to companies. We find it very important that you get your share of the cake when your data is used. After all, it’s about your data and it has value. That’s why we share the revenue we get from companies with you. (We think that Zuckerberg should learn something from this, but that’s another matter…)

It’s equally important that you get a good understanding of how we do this. There is no better way to illustrate this than by means of an example.

Let’s talk about Sandra Peeters, 38 years old.

Sandra wants cake

Sandra downloads the Cake app and enters her name, first name and date of birth. These data are stored in our secure ID database. This is the database in which we store her identity information.

Sandra then links her current account to the Cake app. This link is established via a secure connection between Cake and Sandra’s bank.

In between is a so-called PSD2-Aggregator. For Belgian accounts such as Sandra’s, this is our partner Ibanity. Ibanity ensures that the transaction details of Sandra’s current account are linked to Cake’s database in a secure manner. These transaction data are stored in a separate database. We call this the transaction database.

So we have 2 different databases: the ID database and the transaction database.

To make a link between the ID database and the transaction database, we use a secure key (this is what we call encrypted). This key is needed to make sure that Sandra’s transactions are only visible to her in the Cake app on her smartphone.

All transactional data in one big pile

Our top priority is to protect your personally identifiable information. How do we do this? Well, the best way to hide a tree is to plant it in a forest with all the same trees. Our transaction database, therefore, contains not only the transaction data of Sandra but also that of all other Cake users, without their identity data.

With all these data together we make statistics that can be interesting for companies. Because in this transactional database the data of all users were combined and there is no identity data stored in it, it is not possible to determine which transactions actually belong to Sandra. We call this anonymised statistics.

An example of such a company is AVA, the expert in festive table decoration, school and office materials and hobby products. For example, they would like to know in which other stores AVA customers usually shop. Through Cake, AVA can find out what percentage of their customers have also recently made purchases in other retail chains. Based on this, AVA can, for example, estimate which other products their customers are also interested in and thus make adjustments to their range of products. So without knowing which persons are behind the statistics, AVA still receives very interesting information. AVA is willing to pay Cake for this because it helps them to offer a better customer experience. And to reward you, we also pay you a piece of that cake.

Give some, get some

Back to Sandra. Sandra made a purchase at AVA 3 months ago. Therefore Sandra’s transaction data are processed in the anonymised statistics of that particular month that are shown to AVA.

AVA pays Cake for these statistics. And because in this case the data of Sandra are processed in these statistics we think that Sandra is entitled to a part of this amount. We therefore automatically transfer a part of the income we receive from AVA for that month to Sandra (and to all other Cake users whose data is also processed in the statistics of that month). Payments to users we call Cake Rewards.

By means of our secure key, we at Cake see how many users have been analyzed, and who should receive money. The commercial partner never gets to see Sandra’s individual data.

Everybody gains

Let’s suppose AVA is also interested in getting everyone who hasn’t shopped at AVA in the past month back to the store by giving them an extra Cake Reward of 10% on their next purchase. Then our IT system again uses the secure key to find out which Cake users are entitled to a possible reward of 10% on their next purchase at AVA.

Sandra is in that target group. She will see this message in the Cake app. As soon as Sandra uses her linked bank card to pay at AVA, this is noticed in our database and we pay Sandra the amount to which she is entitled.

So AVA does not know that Sandra is in the target group. But AVA is happy because a Cake user has been shopping with them again and Sandra is happy because she got 10% of the purchase price refunded on her bank account. So everyone gains!

Paying out rewards

Before we can pay out Sandra’s Rewards we want to make sure that Sandra is who she says she is. That’s why we use the app to ask for a picture of her identity card. We call this identification and acceptance of the user.

After identification, we have to check if Sandra is on a list of terrorists or other criminals. It is not that we do not trust her, but this check is a legal obligation. If Sandra is not on such a list, we can accept her and pay out the Rewards on her linked current account. The next time Sandra earns Rewards, we immediately pay them into her account. The details of Sandra’s identity card are included in the secure ID database.

Had enough cake?

We can hardly imagine, but let’s suppose Sandra doesn’t want Cake anymore. Then she can delete her Cake account at any time. With this removal, the Ibanity link between Sandra’s current account and the Cake app will be broken. This means of course that no new transactions from Sandra will be received by Cake. The secured key of Sandra will also be removed at that moment. This means that we can no longer make a link between data in the transaction database and Sandra’s identity data in the ID database.

Sandra’s transaction data will also be removed immediately from our statistics when her Cake account is deleted. This means that we no longer process Sandra’s transactions in the anonymised statistics for our commercial partners.

The identity data of Sandra are then stored together with a copy of her transaction data in a separate secure archive that is disconnected from all statistics or other databases of Cake. Cake is a payment institution and is subject to the financial legislation. This obliges us to keep this data for 10 years for possible checks by the financial supervisor on money laundering or financial fraud. This is the case for every financial institution, including us. Furthermore, nothing else is done with the data, so it remains immobile for 10 years in our secure archive. After this 10-year period, the data are being destroyed.

In any case, we ensure that companies will never, ever, be able to trace Sandra’s identity. Not during the period that Sandra uses the Cake app, but also not afterwards.

Craving for some cake again?

When Sandra wants to use Cake again and re-registers, we consider her to be a completely new user. After all, we have removed the secure key so we don’t know that it is Sandra. Without the key, we can no longer make a link between her identity and her old transaction details. We create a new key and make a new connection to her account.

Would you like to read all of this in more detail? Feel free to read our terms and conditions and our privacy policy.