bankomo is a brand of ReiseBank AG. The bank in charge of the account and card-issuing bank is Wirecard Bank AG, which provides this product on behalf of ReiseBank AG.

Wirecard Bank AG Serviceteam | Postfach 31 05 44 | 04163 Leipzig | Telefon +49 (0) 30 / 300 111 555* | hallo@bankomo.de | www.bankomo.deVorstand: Alexander von Knoop, Daniel Heuser, Rainer Wexeler | Aufsichtsratsvorsitzender: Wulf Matthias | HRB 161178 (Amtsgericht München) USt-ID.: DE 207567674 | IBAN DE75 7004 0041 0512 4805 00 | BIC COBADEFF700

* You will be charged by your telephone company for a call in the German landline.

bankomo is a service provided by Wirecard Bank AG, Einsteinring 35, D-85609 Aschheim (hereinafter referred to as “bank”).The bank and its subsidiaries (Wirecard Group) offer their customers products and services in the field of electronic payment transactions. The objective is to allow companies and consumers worldwide to process electronic payments in a way which is secure and unobstructed. The security and protection of personal data is one of the most important aspects of executing and processing payments, which is why the Wirecard Group ensures particular attention is paid to high data privacy standards.

1. Scope of application This data privacy declaration describes how the bank uses and, where applicable, transmits to third parties the personal data which is collected when the bankomo app and bankomo web site are used. As soon as the bank has concluded a corresponding account contract with the customer, it sets up a bankomo payment account and a bankomo e-money account for the customer (bankomo payment account and bankomo e-money account, hereinafter referred to jointly as “accounts”). In principle, the customer uses the bankomo accounts and other functions via an app provided by the bank for current mobile communication devices (herein after referred to as “bankomo app”) or via a web site which may be accessed via a current web browser, on which there is a closed area set up which is only accessible following registration (hereinafter referred to as “bankomo web site”, and as “bankomo front-end” together with the bankomo app”). This data privacy declaration shall apply in addition to the conditions of the account contract, the “Terms and conditions and schedule of services and fees for bankomo” (hereinafter referred to as “account contract conditions”). For all other content which is generally accessible to anyone within the scope of the bank’s internet presence without registration, the bank’s general data privacy notice shall apply (even if it concerns “bankomo”). This may be accessed via https://www.wirecardbank.de/datenschutz/.

2. Responsible body

The bank is the “responsibly body” in relation to customer data which is collected, saved and processed when an account contract is concluded and bankomo is used, as defined by the Bundesdatenschutzgesetz [German Federal Data Protection Act] (BDSG) and in relation to the availability of the bankomo web site service provider as defined by the Telemediengesetz [German Telemedia Act] (TMG).

3. Use of personal data When a registration with bankomo takes place, the bank collects from the customer the personal data necessary for bankomo to be used in accordance with the contract, such as the name, address, mobile telephone number and date of birth of the customer. The bank primarily uses this data to process requests, mandates and to execute the account contract. The bank uses this data in order to make bankomo available to the customer in accordance with the account contract conditions, to guarantee the security of bankomo and associated systems, to comply with the statutory provisions in connection with the execution of the account contract, such as identity verification, and to improve bankomo. When the app is downloaded, the information which is required for this purpose is transferred to the app store, therefore the user name, e-mail address and customer number of your account, download date, payment information and individual device identifier in particular. We do not have any influence on this gathering of data, however, and are not responsible for it. The bank collects and uses the personal customer data which is required for logging in to the bankomo front-end, such as user name/handle and password/PIN.

4. Security measures The bank takes appropriate technical and organisation measures to ensure the protection, confidentiality and integrity of the personal data and to protect it from accidental, illegal or unauthorised damages, loss, alterations, access or use. The bank uses appropriate encryption procedures to secure data transmission between the bankomo front-end and the bank’s systems.

Data privacy declaration from Wirecard Bank AG regarding bankomo

Vers

ion:

1.0

.0 S

tatu

s 09/

03/2

018

bankomo is a brand of ReiseBank AG. The bank in charge of the account and card-issuing bank is Wirecard Bank AG, which provides this product on behalf of ReiseBank AG.

Wirecard Bank AG Serviceteam | Postfach 31 05 44 | 04163 Leipzig | Telefon +49 (0) 30 / 300 111 555* | hallo@bankomo.de | www.bankomo.deVorstand: Alexander von Knoop, Daniel Heuser, Rainer Wexeler | Aufsichtsratsvorsitzender: Wulf Matthias | HRB 161178 (Amtsgericht München) USt-ID.: DE 207567674 | IBAN DE75 7004 0041 0512 4805 00 | BIC COBADEFF700

* You will be charged by your telephone company for a call in the German landline.

When credit card information and account data are processed, personal data is archived in accordance with the strict PCI-DSS regulations (the “Payment Card Industry Data Security Standard”) in encrypted form only and only in a database to which authorised personnel alone have access. The bank uses firewalls in order to prevent unauthorised server access and the servers are situated in a secure location to which only authorised personnel have access. All bank employees and all persons involved in the processing of data are obliged to comply with data privacy laws and the confidential handling of personal data.

5. Customer responsibility Customers themselves are responsible for ensuring that all PINs and passwords sent to or set up for them with which customers access the bankomo front-end remain confidential. Customers must also ensure that no unauthorised access to their end devices with the bankomo app or bankomo web site is possible.

6. Forwarding of personal data to third parties The personal data which is collected is only used in accordance with the statutory provisions regarding data privacy. If it is forwarded to third parties at all, this is only within the scope of the statutory provisions, in particular if it is necessary in order for the bank to fulfil its contractual obligations within the framework of bankomo. This includes the collection, storage and processing of contractual data, executing payment and card transactions as well as carrying out other instructions issued by the customer, and all cases whereby this kind of collection, storage or processing is legally permissible or required. Personal data is only transmitted to state institutions and authorities within the framework of obligatory statutory provisions or if it is necessary to forward the data for the pursuit of legal rights or criminal prosecution in the event of misuse or fraudulent actions. Any other forwarding of the data, in particular for the purposes of address trading, is ruled out.

7. Cooperation with ReiseBank AG In order to make bankomo available, the bank cooperates with ReiseBank AG, Eschborner Landstraße 42-50, D-60489 Frankfurt (hereinafter referred to as “ReiseBank AG”). If there is any exchange of personal data between the bank and ReiseBank AG, it is only if customers issue their consent to it or if it is permissible according to the statutory provisions. The bank has entrusted ReiseBank AG with identifying customers for the purposes of concluding account contracts in accordance with the statutory provisions and providing individual services for the bank as a sub-contractor in the execution of the account contract. If ReiseBank AG collects for the bank or receives from the bank personal data in the process, this is only on the basis of the statutory provisions stipulated for this purpose, in particular mandate data processing, and under the management and control of the bank.

8. Sub-contractors The bank may employ sub-contractors from time to time in order to make available individual components of bankomo, such as support in the event of customer requests, preventing cases of fraud and accepting incoming payments. For this purpose, the bank or sub-contractor may forward the customer’s personal data to locations outside of Germany and also to locations outside of the EU/the EEA, where there is no data privacy level which is comparable to that of EU states/EEA states. In all of these cases, the bank will take appropriate legal precautions and corresponding technical and organisational measures to ensure that personal data is protected in accordance with the applicable statutory provisions.

9. Cookies The bank may use cookies within the framework of bankomo front-end use in order to record personal data regarding use of the bankomo front-end, for example to obtain information as to which functions are used and how frequently. Cookies are small text files which are saved on customers’ hard drives, assigned to the browser which they use, via which certain information is transmitted to the bank. Cookies cannot run programs or transmit viruses. They help to make the web site more user-friendly and effective overall. Cookies may also be used to identify the customer as an authorised user of protected areas of the bankomo web site. Data such as this is processed in aggregate form as much as possible after it has been collected, which means it is not possible to assign it to a certain person. The bank’s general data privacy provisions, which can be accessed via https://www.wirecardbank.de/datenschutz/, apply for the use of cookies on the bank’s publicly accessible web sites, even if they relate to bankomo.

bankomo is a brand of ReiseBank AG. The bank in charge of the account and card-issuing bank is Wirecard Bank AG, which provides this product on behalf of ReiseBank AG.

Wirecard Bank AG Serviceteam | Postfach 31 05 44 | 04163 Leipzig | Telefon +49 (0) 30 / 300 111 555* | hallo@bankomo.de | www.bankomo.deVorstand: Alexander von Knoop, Daniel Heuser, Rainer Wexeler | Aufsichtsratsvorsitzender: Wulf Matthias | HRB 161178 (Amtsgericht München) USt-ID.: DE 207567674 | IBAN DE75 7004 0041 0512 4805 00 | BIC COBADEFF700

* You will be charged by your telephone company for a call in the German landline.

10. Right to information and rectification Upon request, the bank shall issue the customer with information concerning the data it has saved regarding the customer’s personal details, its origins and recipients, as well as the purpose for which it was saved. In the event that the personal data is incorrect, customers shall be entitled to have it rectified by the bank. Customers may use the following contact details for this purpose. If customers object to the collection, processing and use of personal data with future effect, which is possible at any time (cf. Section 13 Paragraph 2 No. 4 Telemediengesetz), the bank may cease to provide the desired services under certain circumstances. Customers recognise that this kind of objection will not affect their performance obligations under the terms of the account contract, in particular the obligation to pay fees, and a suspension of services by the bank which is triggered by the objection shall not entitle customers to extra ordinary termination.

11. Amendments to data privacy provisions The bank reserves the right to amend or adjust its security and/or data privacy measures as far as necessary based on technical developments or as a consequence of amendments to the legislation. If necessary, the bank shall also adjust this information in accordance with the provisions in the account contract. A reduction in data privacy for personal data which has already been collected to levels below the extent agreed with the customer when the contract was concluded shall only occur if this is provided for by the legislation.

12. Questions regarding data privacy Customers may contact the e-mail address data.privacy (at) wirecard.com for any concerns or questions regarding the processing of their personal data or data privacy at the bank. Customers may also send suggestions, complaints, information requests, blocking demands and rectifications to this address.