AS IuteCredit Europe (ICE) privacy policy for the processing of personal data collected through the web page.

I General provisions

1.1. The privacy policy for the processing of personal data (the Privacy Policy) regulates the principles of collection, use and storage of personal data, establishes the purposes and means of processing of personal data and describes who and for what purpose may access the personal data collected through the web page of ICE.

1.2. All personal data provided during communication with ICE will be used only for the mentioned purposes and to review messages and administer and manage the communication flows. ICE will not use personal data without express consent in any publications in such a way that would allow identifying the user.

1.3. Except in cases provided in this Privacy Policy, ICE does not transfer personal data to any third parties.

1.4. Except in cases presented in this Privacy Policy, personal data will not be transferred to third countries and/or international organisations.

1.5. Electronic messages will be stored for 1 (one) year as of the receipt of the message except for the information that must be stored for other terms under the Privacy Policy or legal acts.

II Principles of processing of personal data

2.1. Personal data will be processed under the following principles: – only for the implementation of lawful purposes defined in this Privacy Policy; – in an accurate, fair and lawful manner, under the requirements set out in the General Data Protection Regulation (the ‘GDPR’), Personal Data Protection Act of Estonia and other legal acts regulating the processing of personal data; – in a manner ensuring their accuracy and regularly updated when there are any changes to them; – only to the extent required for the implementation of purposes of the processing of personal data; – stored in form and for terms, they can be used only for the period required for the implementation of purposes of collection and storage of that data.

III Security of personal data

3.1. Personal data will be processed under the requirements set out in the GDPR, Personal Data Protection Act of Estonia and other legal acts. While processing of personal data, ICE implements organisational and technical measures which ensure the protection of personal data from accidental or unlawful destruction, alteration, disclosure, and any other illegal processing.

IV Data subject’s rights

4.1. Right to withdraw the consent – if the personal data is processed by consent, the data subject has the right to withdraw consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

4.2. Right to access – right to request from ICE confirmation as to whether or not personal data are processed and access to the personal data concerning them.

4.3. Right to rectification – right to request from ICE the rectification of inaccurate data concerning them.

4.4. Right to erasure – right to request from ICE the erasure of data concerning them.

4.5. Right to restriction – right to request from ICE the restriction of processing of personal data where: – during the period required to verify the accuracy of personal data when claims concerning data accuracy were submitted; – in cases of unlawful collection, storage or use of personal data where the data subject decided not to request the erasure of data; – when ICE does not need personal data anymore, but the data subject needs them for the establishment, exercise or defense of legal claims; – during the period required to determine if ICE has an overriding lawful basis to continue processing personal data if the data subject exercises the right to object to the processing of personal data.

4.6. Right to data portability – right to receive the personal data processed on basis of a consent or agreement in a structured, commonly used, and machine-readable format and/or transmit that data to another data controller.

4.7. Right to object – right to object the processing of personal data by ICE.

V Cookies

5.1. A “Cookie” is a piece of information that is placed into the ICE website user’s computer. A cookie includes other technologies with similar purposes, such as tags and identifiers.

5.2. ICE use of cookies:

5.2.1. Necessary cookies enable core functionality such as security, network management and accessibility. User may disable necessary cookies by changing browser settings, but this may affect the website functionality. No longer necessary cookies are deleted after the session.

5.2.2. Analytics cookies help ICE improve the website by collecting and reporting information on how users use it. Analytics cookies are placed only by the consent of the user. Analytics cookies are maintained for 6 (six) months, after which they are deleted.

5.3. ICE does not use third-party cookies and cookies for marketing purposes.

5.4. The cookies collect information in a way that does not identify anyone.

5.5. More information about cookies, including how to see what cookies have been set, is available at www.aboutcookies.org.

VI Complaints

6.1. The data subject has a right to file a complaint if they find that their rights as a data subject have been violated. The complaint must be sent to the data protection officer of ICE at dpo@iutecredit.com. ICE will respond as soon as possible, but no later than one month after receipt of the claim.

6.2. If the handling results are unsatisfactory to the user, they have a right to submit a claim to the supervisory authority, Andmekaitse Inspektsioon (Data Protection Inspectorate of Republic of Estonia), at info@aki.ee.