top of page

Smart Fintech S.R.L. 

Aleea Țibleș, Nr. 26, Attic, Room 3, Sector 6, Bucharest, Romania 

CUI 41251980, J40/7728/11.06.2019

Terms and conditions for Smart Accounts users

Welcome to the Smart Accounts platform!

This page contains information intended for those who use our information services regarding accounts managed by banks in Romania, being referred to below as "USERS OF PAYMENT SERVICES or UPS".


Please read carefully the terms and conditions applicable to the use of the Smart Accounts platform when you allow one of our customer partners to access information about your accounts. Permission to access your account information through the Smart Accounts platform implies your explicit acceptance as UPS of the applicable terms and conditions. By accessing the platform you agree to this policy. If you do not agree with the present terms and conditions, please stop using the platform.


The service provider

The services available through the Smart Accounts platform are provided by the company Smart Fintech SRL, registered at the Trade Register under no. J40/7728/2019, unique registration code 41251980, with headquarters in Aleea Țibleș, No. 26, Mansardă, Room 3, Sector 6, Bucharest, 060233, website , email: .

Smart Fintech is authorized by the National Bank of Romania as a payment institution that can carry out payment initiation services, registered in the Register of payment institutions kept by the National Bank of Romania, respectively in the electronic central register kept by the European Banking Authority under no. IP-RO-0011/02.04.2021. You can check  us out here .

The National Bank of Romania (BNR) ensures the prudential supervision of authorized payment institutions, Romanian legal entities. For any complaints, please contact the BNR:

Address: Strada Lipscani no. 25, sector 3, Bucharest, code 030031

Phone: 021 313 04 10, 021 315 27 50

For written requests, please see


Description of services

The Smart Accounts platform offers information services regarding accounts managed by banks in Romania, in the online environment. Through the Smart Accounts platform, you can allow a service provider, partner client of Smart Fintech, access to information about your bank accounts.

To grant access permission, you were directed to the Smart Accounts service by a partner client of Smart Fintech SRL who has integrated our account information service into their own website and/or mobile application. 

The Account Information Service begins at the time of your acceptance as a UPS of these terms and conditions and ends at the time you revoke this acceptance by writing to or when  you  close your Smart Accounts platform user account. Any dispute subsequent to the conclusion of the relationship between UPS and Smart Fintech will be made through a written address to: .

Smart Fintech SRL does not sell products or services on behalf of partner clients enrolled in the Smart Accounts platform or on behalf of other partners with whom you have entered into a business relationship, but only provides you with the regulated technical means for them to have access to account information your. We will not charge you any fees when, through our platform, you allow a service provider to access or access your accounts.


Customer knowledge and data processing

Smart Fintech SRL will process personal data that are likely to lead to the identification, directly or indirectly, of a natural person when they visit our website and when they use our services - hereinafter referred to as the "INDIVIDUAL CONCERNED" . Data processing will be done in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Law 190/2018 and the relevant decisions adopted by the National Authority for the Supervision of the Processing of Personal Data ("ANSPDCP").

Terms within the meaning of General Regulation (EU) 2016/679:

- "personal data" means any information regarding an identified or identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more many specific elements, specific to his physical, physiological, genetic, psychological, economic, cultural or social identity;

- "processing" means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or modification , extract, consult, use, disclose by transmission, disseminate or otherwise make available, align or combine, restrict, delete or destroy;

- "restriction of processing" means the marking of stored personal data in order to limit their future processing;

- "operator" means the natural or legal person, public authority, agency or other body that, alone or together with others, establishes the purposes and means of personal data processing; when the purposes and means of processing are established by Union law or domestic law, the operator or the specific criteria for its designation may be provided for in Union law or domestic law;

- "person authorized by the operator" means the natural or legal person, public authority, agency or other body that processes personal data on behalf of the operator;

- "third party" means a natural or legal person, public authority, agency or body other than the data subject, the operator, the person authorized by the operator and the persons who, under the direct authority of the operator or the person authorized by the operator, are authorized to process data personal;

- "consent" of the data subject means any manifestation of the data subject's free, specific, informed and unambiguous will by which he accepts, through a statement or an unequivocal action, that the personal data concerning him to be processed;

- "personal data security breach" means a security breach that leads, accidentally or unlawfully, to the destruction, loss, modification, or unauthorized disclosure of personal data transmitted, stored or otherwise processed, or to unauthorized access to them;


In this sense, Smart Fintech SRL will process the following categories of data:

Your contact data: name, surname, e-mail address;

Information about your accounts: information about your bank accounts, their balances and transaction history;

Data regarding the permissions granted: the name and website of our partner clients to whom you granted access, the list of banks and accounts to which you granted access, the level of detail of the information to which you granted access, the validity period of your consent; 

Connection data: location, IP address, device, operating system and Internet browser used;

Transaction history data: data regarding the activity history of using the Smart Accounts services;

Data related to fraudulent / potentially fraudulent activity: carried out through the use of Smart Accounts: data related to suspected fraud or other illegal use of the services we provide;

We process the data obtained for the following purposes:

Provision of account information service: We process and transmit to our partner customers, depending on the access permissions granted by you, information about your bank accounts, their balances and transaction history;

Information regarding the use of the Smart Accounts service: we may contact you via e-mail messages to send you information regarding accessing information regarding your accounts, the validity of the access permissions granted, etc.;

Communications: we can contact you via e-mail messages to send you information about the availability of our services or other elements related to the use of the service (security notices, various legal information, etc.);

Customer support: we use the data we have available to investigate, resolve and respond to notifications or complaints regarding the use of the service;

Our own accounting records: when invoicing the services provided to our partner clients, we must maintain accounting records regarding the transactions processed, based on the fulfillment of legal obligations under financial-accounting and tax legislation;

Fraud Prevention and Security: in the event of potential fraud to prevent and identify it and to maintain the security of our systems;

Service development: We use data, including feedback received through various channels, to carry out research and development activities to improve our services and to reduce the risk of fraud.

We process the data obtained on the basis of the following legal grounds:

  • the execution of contractual obligations towards our customer partners who integrate our services;

  • the performance of our service contract (as a result of your acceptance of the Terms and Conditions of the account information service);

  • complying with our legal obligations (such as customer due diligence legislation, tax and accounting legislation, etc.);

  • our legitimate interest in ensuring the security of our platform, preventing fraud and incidents, monitoring the quality of our services and the technical capacity of our platform.


The rights of data subjects:

Access to data: the data subject can ask us for information about the personal data we hold about him, including information about the categories of data we hold or control, what it is used for, how long it is processed and to whom it is disclosed this data, if applicable. We will provide a copy of your personal data upon request. In certain situations, we may charge a reasonable fee for providing the data, based on our administrative costs.

Rectification of data: the data subject can ask us to correct the information we process about him if it is incorrect or incomplete.

Restriction of processing: the data subject can ask us to stop processing the personal data we hold about him.

Deletion of data ("the right to be forgotten"): the data subject can ask us to delete the personal data we process about him in situations such as:

  • the personal data are no longer necessary to fulfill the purposes for which they were collected or processed;

  • the data subject has withdrawn his consent on the basis of which the processing takes place;

  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

  • personal data were processed illegally.

Data portability: the data subject may request the transfer of his personal data, under certain conditions established by the GDPR, to another service provider.

The right not to be subject to an automated individual decision: the data subject has the right to be informed about the automated decision-making process, to request the review of the automated decision by a person and to contest the automated decision if he has not explicitly accepted the automated decision, with unless the automated decision is based on a law or is based on the execution of a contract.

The right to petition: the data subject can at any time address the National Authority for the Supervision of the Processing of Personal Data ( ANSPDCP ).


Veracity of data provided and Security

When using the Smart Accounts platform, you are responsible for the veracity of the data provided on the platform and are fully responsible for maintaining the security and confidentiality of such data outside of the use of the platform.

If you have a reasonable suspicion that the security or confidentiality of the data you have provided on the Smart Accounts platform has been compromised, please inform us immediately so that we can take all necessary measures to protect this data.



For using the Smart Accounts platform, you represent that you are the rightful owner of all information you enter on the Smart Accounts platform, that it is accurate and will not cause harm to a third party;

The provision of false statements entitles Smart Fintech SRL and its affiliates, as well as our partner clients, to take all measures permitted by law to repair the damage caused and punish the acts causing the damage.


Intellectual property

All rights to the content of Smart Accounts services, such as, but not limited to: text, graphics, logos, images, videos, audio files, belong to Smart Fintech or third parties and are protected by Romanian and international intellectual property legislation. All rights are reserved.

The use of Smart Accounts services does not provide any intellectual property rights over them or over the accessed content. The content of the Smart Accounts services is provided as a service to you and may be used only in accordance with the present terms and conditions. Downloading of material belonging to Smart Accounts is done only with prior permission.

Unauthorized use or distribution of the content of the services may violate copyright and/or other Romanian or international laws and may be subject to legal action.

Brands and trademarks may only be used in accordance with these terms and conditions or with Smart Fintech's written consent. The use of trademarks for the advertising and marketing of Smart Accounts products and services requires the prior written consent of Smart Fintech.

User rights

Your rights, as a user of payment services, are presented clearly and easily by the National Authority for Consumer Protection ( ANPC ) on its website in an electronic prospectus, made by the European Commission in this purpose, based on Law 209/2019 and related legislation.

For more information about the processing of personal data, you can directly access  the website of the National Supervisory Authority for Personal Data Processing (ANSPDCP):

  • detailed  GDPR information and enforcement guidelines/recommendations

  • frequent questions


If you want to file a complaint with ANSPDCP, you can use  the form available  here .

The language governing these Terms and Conditions is Romanian. All communications will be made in Romanian.

Any disagreements will be resolved amicably. If this is not possible, the competent courts will resolve any dispute.



Any request is valid if sent to the address or email mentioned below. If the request is made by post, it will be sent by registered letter with acknowledgment of receipt and is considered received by the addressee on the date indicated by the receiving post office on this acknowledgment. If the notification is made by courier or if it was delivered in person, it is considered received by the recipient on the date of signature of receipt, and if it was sent by email, it is considered received on the first working day immediately following the one on which it was sent.

Address: Aleea Țibleș, No. 26, Mansardă, Room 3, Sector 6, Bucharest, 060233.




Smart Fintech SRL reserves the right to modify and update the terms and conditions of use at any time, without prior notice. Therefore, please visit this page periodically to check the applicable terms.


Date of last update: 21.02.2023.

bottom of page