Our comprehensive IT security concept is constantly questioned, tested and checked by us and our partners. This includes, among other things, only commissioning subcontractors who have appropriate IT security certificates. As one example, all data centers used by figo are certified according to ISO 27001.
Our data protection concept, which is continuously maintained and developed by our external data privacy officer with extensive experience in the financial services industry, ensures that the data of our business partners, and particularly user data, is in safe hands with us. As figo attaches great importance to compliance, we implement extensive measures to ensure compliance with the general data protection regulation (GDPR) at all times. For this reason and because we believe in the principle of data sovereignty, as just one example, we develop our software in accordance with privacy-by-design and privacy-by-default principles. In addition, we ensure transparency at all times when it comes to the purpose and scope of the processing of personal data and only collect data that is actually necessary.
Regulation and Financial Supervision
In order to be able to offer payment initiation and account information services, figo processes online banking data and account information. The EU has placed companies that access payment accounts for this purpose under the control of the financial supervisory authority – in Germany, the BaFin. The implementation of the second Payment Service Directive (PSD2) is intended to increase security for consumers. As a payment institution, figo is authorised and regulated by the Federal Financial Supervisory Authority (BaFin) and is therefore obliged to carry out regular internal audits and controls.
With the help of figo, our partners can offer payment initiation and account information services to their users. Typical figo partners are peer-to-peer credit portals, where one can quickly and easily assess the creditworthiness of the customer through figo, or accounting apps which automate bookkeeping. figo focuses on the availability of the connection to the banks – technically and by means of its licence as a payment institution. The partner can therefore fully focus on value-added services for his customers.
We live a code of conduct and ethics which, among other things, defines handling of any possible conflict of interest or gifts and ensures that all employees are informed about confidentiality obligations. We regulate detailed requirements for our structural and procedural organisation in our further guidelines, policies and procedural descriptions.