I wanted to share a recent experience I had with Finom Payments B.V. - a Dutch fintech and EMI offering business accounts - in case anyone here is considering using them.
Long story short: I wouldn’t recommend them. Here’s why.
After opening an account and paying for their rather expensive annual subscription (live and learn), I was later hit with a string of compliance demands that, in my opinion, should’ve been part of the onboarding process. Despite providing everything they asked for , both during onboarding and in follow-up - they kept shifting the goalposts and eventually shut the account down without a clear explanation.
Additionally they:
Overall, the experience felt amateurish, rigid, and at times deliberately obstructive. I've since escalated the matter through the appropriate channels.
Based on my understanding of GDPR (Article 4(1) and Article 15, along with EDPB guidelines), internal profiling or decision-making notes do count as personal data if used to assess an identifiable person.
I’ve filed with the Dutch DPA and raised the case via a consumer dispute body - but if anyone has dealt with a similar situation, especially successfully challenging a GDPR refusal, I’d appreciate any advice or pointers (case law, tactics, etc.).
Feel free to message me directly if you prefer.
Long story short: I wouldn’t recommend them. Here’s why.
After opening an account and paying for their rather expensive annual subscription (live and learn), I was later hit with a string of compliance demands that, in my opinion, should’ve been part of the onboarding process. Despite providing everything they asked for , both during onboarding and in follow-up - they kept shifting the goalposts and eventually shut the account down without a clear explanation.
Additionally they:
- Refused to refund the full subscription, even though the account was effectively unusable for a large part of the term.
- Ignored my GDPR Subject Access Request for over a week, then replied with a questionable take on what counts as personal data.
- No escalation route, no named complaints contact, no real-time support.
- Conflicting info from different agents, and they dodged key questions - particularly around whether any reputational flags had been raised.
Overall, the experience felt amateurish, rigid, and at times deliberately obstructive. I've since escalated the matter through the appropriate channels.
Based on my understanding of GDPR (Article 4(1) and Article 15, along with EDPB guidelines), internal profiling or decision-making notes do count as personal data if used to assess an identifiable person.
I’ve filed with the Dutch DPA and raised the case via a consumer dispute body - but if anyone has dealt with a similar situation, especially successfully challenging a GDPR refusal, I’d appreciate any advice or pointers (case law, tactics, etc.).
Feel free to message me directly if you prefer.
Last edited by a moderator:
