O Nubank is warning customers that the credit card and digital account contracts (formerly called NuConta) have been updated. Fintech does not make it clear in the email, but this was done to add the Personal Data Treatment clause because of LGPD (General Law on Protection of Personal Data), which started to take effect last Friday (18).
With the law in force, companies like Nubank are obliged to:
In the case of Nubank, this is done by contacting me via the Help channel on the app or by email [email protected] This will be passed on to the DPO (Data Protection Officer), or head of data protection.
Nubank lists reasons for collecting personal data
In addition, the LGPD requires companies to explain what personal data is collected from customers, and for what purpose. In the case of Nubank, this includes:
- personal data informed by the holder, such as name, address, telephone and e-mail, to provide services, conduct market research and meet legal requirements;
- biometric data, like a photo of your face and ID, for fraud prevention;
- data collected from third parties, such as a score generated by credit bureaus and financial restrictions (denials and amounts due) to grant credit, increase the limit and reevaluate the eligibility of being a Nubank customer;
- navigation and device datasuch as IP address and attributes of the mobile device, interactions carried out on the Nubank websites and app, cookies and geolocation data to identify improper purchases, generate usage statistics, and display ads on the Nubank website, social networks or on third party websites;
- personal data originating from the use of products and services, such as transactions and financial transactions in the digital account, credit operations (personal loan, installment of invoice) and contact list (if authorized by the user) to authenticate transactions, improve services and develop new products;
- public data, as testimonials related to Nubank posted on social networks, to publicize products and services.
There is no need to confirm acceptance of these new terms: just continue using fintech’s services. All banks and other financial institutions will have to adapt their contracts in the same way to comply with the LGPD.