How long can EMI hold your personal information and documents if your application was declined?

[bringiton]

I tried onboarding to bankera.

No bank ever asked me for so much information and documents before, which i provided ( and all of them are legit and straightforward).
After ping pong of requests and replies with my entire financial life information, they declined.

Since i was not approved i asked them to delete my data as there is no reason that my entire life will stay in their databases (knowing that i have no way to check even if they say they will), but officially i don't want it there.
So their reply was that i have an account with them that is not active
So they can't delete a non active account.

But on the other hand because there is still AN account that i can log into but not use, they can't delete the data that is related to it.

What does the dry law say about this?

 

[JohnnyDoe]

Welcome to the club.

I suggest you send them a request of information based on GDPR. They will have 30 days to answer and risk hefty fines if they don’t.

 

[bringiton]

Welcome to the club.

I suggest you send them a request of information based on GDPR. They will have 30 days to answer and risk hefty fines if they don’t.

where can i find a template of such letter?

 

[JohnnyDoe]

where can i find a template of such letter?

https://www.datarequests.org/blog/sample-letter-gdpr-access-request/

 

[Sols]

The law doesn't really specify. GDPR says they can only hold it for the shortest possible period of time. The shortest possible period of time can be intercepted by AML laws, if any are applicable.

Generally speaking, data is deleted quickly after a decline. But it can depend on the reason for the decline. If you were declined for reasons related to fraud, money laundering, sanctions, or other serious crime, some or all of the data may be kept for years to assist any investigations that may occur.

 

[GPT]

Interesting. You have an account but they declined you the account. Sounds like a theoretical loop you ended up in based on their processes or workflow.

My guess is that in order to “process” you (kyc cdd edd etc) they “need” to allocate an account to keep track. Now that they declined you all data is at least in one place for them to manage according to whichever legislation applicable. Many financial institutions have chosen to work like this since GDPR as they now are able to demonstrate accountability and track things whereas before they couldn’t show anything as there was no official process.

Sent the registered GDPR letter and in a month to 6 weeks you know more. Registration is important. Too many institutions otherwise claim to have never received it.