AS IUTECREDIT EUROPE

PRIVACY POLICY

Effective as of: 08.07.2021

We, AS IuteCredit Europe, Registry Code 11551447, seat and registered address: Maakri tn 19/1, Tallinn, 10145, Estonia; e-mail: [email protected] and the Group companies (“IuteCredit” or “Company” or “Controller” or “we” or “us”), collect and Process personal data of individuals, contracting parties or other contacts on the market we provide our services (“You”). We are aware of the responsibility that we have to take care of and protect Your Personal data, to comply with the applicable legislation in the field of privacy and protection of Personal data.

With this Privacy Policy (“Policy” or “Privacy Policy”), we would like to introduce to You the way we collect and use Your personal information. The Policy describes what methods are used and for what purposes the Company, respectively our service providers, process the information collected from and about You while offering our services and concluding agreements or when You are visiting or using our services through our website and/or through customer service or any other channels as we may make available, including providing services of the Company through third parties (hereinafter jointly referred to as “Available Channels”). We also explain what data subjects’ rights are and our obligations and liability.

Important!
Read this Policy carefully. It provides important information about how we process Personal data and explains Your legal rights. This Policy is not intended to change the terms and conditions of any agreement entered into with us, nor the rights that You have under the applicable data protection laws.

We do not provide services to people under the age of 18.
If You are under the age of 18, please do not provide us with any of Your Personal data.
We ask for Your assistance to keep Your Personal data up to date by informing us of any changes to Your Personal data.

By providing Your Personal data or using the Available Channels, You trust us and voluntarily accept the terms and conditions of this Privacy Policy.

If You provide information about another person on their behalf, You shall ensure that that person has been provided with this Privacy Policy and that the requirements of the applicable laws have been complied with before providing the information.

1. DATA PROTECTION OFFICER

The joint Data Controllers are AS IuteCredit Europe and IuteCredit Finance S.à.r.l. (hereinafter jointly referred to as “Data Controller”).

Contact person (our data protection officer) for any comments, questions or concerns:

Sander Zoova
e-mail: [email protected]

2. TERMS AND DEFINITIONS USED

There are a total of 26 definitions listed within the Regulation and it is not appropriate to reproduce them all here. However, the most fundamental definitions with respect to this Policy are as follows:

“Group” – AS IuteCredit Europe and its affiliated companies, including IuteCredit Finance S.a.r.l.

“Data Controller” – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Your Personal data.

“Personal data” – any information that concerns You, including information obtained from public databases and public channels and information lawfully obtained from third parties, through which You can be identified directly or indirectly, in particular by an identifier such as names, Personal ID No., location data, phone, e-mail or one or more markers specific to Your identity.

“Processing of Personal data” – any action or set of actions that can be performed on Your Personal data by automatic or other means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or transmission, dissemination, update or combination, blocking, erasure or destruction of data.

“Pseudonymization of Personal data” or “Anonymization of Personal data” – pseudonymization and anonymization are operations that are alternatives to erasure or destruction of Your Personal data. These operations remove all elements that directly or indirectly identify You. Pseudonymized or anonymized data does not constitute Personal data.

“Regulation” – General Data Protection Regulation (EU) 2016/679.

3. GENERAL PRINCIPLES OF PROCESSING PERSONAL DATA

3.1 We Process Your Personal data pursuant to effective law, including the Personal Data Protection Act, the Money Laundering and Terrorist Financing Prevention Act, this Policy and the terms and conditions of the agreements entered into with You.

3.2 We process Your Personal data in a reliable and confidential way. We respect each person’s right to the protection of their Personal data, and we shall do our best to ensure that Personal data collected by us is well protected. We regularly evaluate the risks associated with the Processing of Personal data and shall apply appropriate mitigation strategies to hedge risks.

3.3 Data protection is an integral part of our services and is overseen by our data protection officer. We ensure that our employees know and comply with the requirements of data protection. We expect, instruct and train our employees to respect our privacy requirements.

3.4 We process Your Personal data lawfully and purposefully. We set clear goals for the Processing of Personal data and process Personal data for these purposes only. We do not collect or process the data that we do not need. We have the right to delete/blur or use other ways to make data/documents presented to us unreadable that are not necessary for the provision of our services.

3.5 We process Your Personal data in a transparent and fair way. We ensure an appropriate secure, honest and lawful manner of processing Your Personal data to prevent the unauthorized disclosure or inappropriate use of Your Personal data.

3.6 We shall store Your Personal data only for as long as the retention of data is required by law or the agreement or is necessary for the provision of our services and/or our legitimate interest. At the end of the retention period, we shall permanently erase Your Personal data or anonymize it.

3.7 We do our best to make sure that Your Personal data we process is accurate and limited to what is necessary.

4. HOW WE COLLECT YOUR PERSONAL DATA

We may collect and process Your Personal data in the following cases:

  • If You contact us via any Available Channels to request information about our products and services;
  • If You provide Your or Your contact persons´ or representatives´ details through any of our Available Channels;
  • If for certain data a written consent is required by law, You ticking the appropriate box(es), in which case the consent is considered equivalent to written consent;
  • Through inquiries in public registers such as nasdaqcsd.com;
  • If Your data is available during and on the occasion of an agreement for provision of services by the Controller;
  • If You respond to our direct marketing campaigns, for example by filling out a questionnaire or submitting data electronically;
  • If other legal entities, including partners, make a permitted transfer of Your Personal data to us.
5. WHAT PERSONAL DATA WE COLLECT

5.1 We process Personal data regarding Your identity and other necessary data for the purposes of concluding and performing any agreements with You, for fulfillment of Your requests, petitions, applications, complaints, as well as for the purpose of fulfilling our legal obligations, this processing is mandatory to meet these objectives. Without this data, we would not be able to provide the relevant services. If You do not provide us with identification data, we would not be able to enter into any respective agreement with You.

5.2 We also process Personal data for marketing, safety and/or analytical purposes, to provide first-class products and services to You now and in the future.

5.3 The following categories of personal data may be collected from and of You or your representative or contact person depending on whether You are our potential c or existing contracting party and which of our services You use:

Personal information Your name, sex, personal identification code, date of birth, legal capacity, nationality and citizenship, as well as Your historic data that may have been stored with us during previous interactions within the retention periods. The name of Your contact person as indicated by You, who is not a guarantor, including the data obtained about the contact person during our inspection, if such data has been collected in a database of related persons. The name, personal identification code, address, telephone number and other data of Your representative specified in the power of attorney, in case You authorize a third person to represent Yourself before the Company
Document details Your or Your representatives document type, issuing country, number, expiry date, information embedded to document barcodes (may vary depending on the document) and security features
Facial recognition data Photos, videos and sound recordings, photographs taken from You or Your representative and Your or Your representatives document and video and sound recording of the verification process
Contact details Your or Your representatives´ address, e-mail address, telephone (contact) numbers. Your contact persons´ contact number.
Technical data Your or Your representatives´ device signature data, including but not limited to information about the date, time and Your or Your representatives´ activity on our Available Channels, Your or Your representatives´ IP address, cookies You or Your representative have accepted and domain name, Your or Your representatives´ software and hardware attributes as well as Your or Your representatives´ general geographic location (e.g. city, country).
Publicly available data E.g. information about You or Your representative being a politically exposed person (PEP) and checks in public Sanctions and Watch lists
Economic identity data Your unique reference number generated by the Company; the unique agreement(s) or an agreement number generated upon conclusion of any agreement; data collected within the ongoing monitoring as per Know Your Customer and Know Your Partner requirements; bank account number or other bank and payment information related to the transactions made in connection with the Company.
Communication data Data related to Your visits to our website and communication via any other of our Available Channels, the visual and/or audio recordings collected when You visit Our office and other places where we may provide services and when You communicate with us by telephone, as well as any other data collected via email, messages, social media and other manners of communication
6. WHY AND ON WHAT GROUNDS ARE WE PROCESSING YOUR PERSONAL DATA

6.1 The main purposes for which we Process Your or Your representatives´ data are the establishment of contractual relationships, performance of the due diligence obligation stipulated by law, providing better service to You, making offers to You, analysing the usability of services and development of new services.

6.2 We process Personal data for the following purposes and on the following grounds:

Purposes of Processing Legal grounds for processing
We decide whether and on what conditions to establish a contractual relationship or enter into specific agreements and on which conditions to provide our services. Performance of an agreement or implementation of precontractual measures or performance of a legal obligation.

Art. 6 (1) (b), (c) and (f) of the Regulation

We will identify You and/or Your representative upon the establishment of the contractual relationship and/or during the contractual relationship in order to comply with the anti-money laundering and counter-terrorist financing requirements and Know Your Customer principles, incl. identify Your beneficial owner(s), whether You or Your beneficial owner(s) are politically exposed person(s), whether You or Your beneficial owner(s) are subjects of financial sanctions. Performance of an agreement or implementation of precontractual measures, performance of a legal obligation or our legitimate interest in risk management.

Art. 6 (1) (b) and (c) of the Regulation

We are performing an agreement entered into with Your or guarantee the performance of the respective agreement and realise, waive and protect our rights. Performance of an agreement or implementation of precontractual measures, performance of a legal obligation or Our legitimate interest in the exercise of legal claims.

Art. 6 (1) (a), (b) and (c) of the Regulation

We prevent money laundering and terrorist financing and perform the obligations arising from effective international and national law. This includes the monitoring of Your transactions and behaviour as such. Performance of legal obligations.

Art. 6 (1) (c) of the Regulation

We reduce or prevent risks and damage to You as well as us and protect Your and our interests, study the quality of our services, and collect proof of business transactions or other business communication. This may include video surveillance for other purposes than the verification of Your identity as well as audio recordings of phone calls, chat and online, chat sessions for other purposes than the provision of services.

– We may need your consent

Your consent, performance of an agreement or implementation of precontractual measures, performance of a legal obligation or our legitimate interest to prevent, restrict and investigate the misuse or unlawful use of our services and products or disruptions of service in order to guarantee the quality of the services.

Art. 6 (1) (a) and (f)of the Regulation

We allow access to, and the use of, our website. Performance of an agreement or implementation of precontractual measures or Our legitimate interest to prevent unauthorised access to our website.

Art. 6 (1) (b) and (c) of the Regulation

We develop our systems. Our legitimate interest in the functioning and improvement of systems.

Art. 6 (1) (f) of the Regulation

We carry out statistical research and analyses of the market shares of customer groups, products and services, reporting and risk management, etc. Our legitimate interest to improve our services, improve the user experience offered to You, develop new services, manage risks or perform legal obligations.

Art. 6 (1) (c) and (f) of the Regulation

We develop our existing services and new services. Our legitimate interest to perfect our services, improve the user experience and develop new services.

Art. 6 (1) (f) of the Regulation

We check and, if necessary, improve or update Your Personal data, manage contractual relationships, keep data up-to-date and correct by checking and updating data via external and internal sources, and also request updating of data from You. Performance of an agreement, implementation of pre-contractual measures or performance of a legal obligation.

Art. 6 (1) (b) and (c) of the Regulation

We send You advertisements and offers, incl. personal offers, of the products and services of our partners.

– We may need your consent.

Your consent or our legitimate interest to provide additional services.

Art. 6 (1) (a) and (f) of the Regulation

We organise consumer games and campaigns.

– We may need your consent.

Your consent or our legitimate interest to provide additional services.

Art. 6 (1) (a) and (f) of the Regulation

We want to understand Your expectations better (e.g. analysis of website visits, customer surveys, etc.). For our business goals, such as data analysis, certifications, developing new models, identifying trends in browsing the website, developing a custom environment on the website by introducing products and offers that are customized for Your personal needs or measure the effectiveness of our promotional campaigns.

– We may need your consent.

Your consent or our legitimate interest to perfect our Services, improve the user experience offered to You, develop new products and services.

Art. 6 (1) (a) and (f) of the Regulation

7. PRE-FILLING OF FIELDS

7.1 We may use pre-filling of the fields of Your contact details in our digital Available Channels and other systems in order to make the service more convenient. The fields are pre-filled, provided that Your Personal data have been entered in the application fields of our digital channels and other systems, and You are our contractual counterparty. We will pre-fill the contact details fields with the data You submitted to us when You entered into the last agreement with us. You must always check whether the information in the pre-filled fields is correct.

7.2 If You do not want the contacts details fields to be prefilled in our digital Available Channels and other systems, You can waive this option. Contact us via our contact details in order to do this.

8. PERSONAL DATA PROCESSING IN MARKETING

8.1 We process Personal data for marketing purposes. If such processing is based on Your consent, You have the right to withdraw the consent at any time. If such processing is not based on a consent, You may refuse to receive such Data processing at any time as well. In order to withdraw Your consent or refuse to receive marketing materials, please send the respective message to our contact details or manage Your consents via our Available Channels. The guidelines for withdrawal of consent are also included with all marketing communication.

8.2 The general information about our services and introductory or supplementary information or notices about changes in the terms and conditions or the price list, or information related to the performance of an agreement entered into with You (e.g. notifications about due dates of payments, debts, termination of agreements, etc.) are not deemed marketing. In general, You cannot refuse to receive such information.

9. TRANSMISSION OF PERSONAL DATA TO THIRD PARTIES

9.1 We will disclose and/or transmit Your Personal data:

9.1.1 to persons and organisations related to the provision of our services and performance of the agreement entered into with You (e.g. sureties, guarantors, collateral owners; payment intermediaries, credit institutions, international card organisations, translation, communication, IT and postal service providers, call centre service providers);

9.1.2 to the registrars of various registers (e.g. population registers, commercial registers, credit registers, traffic registers, central securities depository) to whom we transmit and from whom we request Your Personal data in order to check and guarantee the correctness and integrity of Your Personal data or for the implementation of pre-contractual measures or for the performance of an agreement entered into with You;

9.1.3 to the third parties that receive Your Personal data as a part of the service requested by You;

9.1.4 to the service providers to whom we have outsourced activities in part or in full on the terms and conditions stipulated by effective law, provided that such persons comply with the organisational, physical and information technology requirements set by us in respect of the confidentiality and protection of the Personal data;

9.1.5 to other third parties if You have breached the agreement (e.g. provider of debt collection services, courts, trustees in bankruptcy or insolvency trustees).

9.2 In some cases, we may be obliged to disclose and transmit Your Personal data for the performance of the obligations arising from effective law – government and other bodies, institutions and departments, insurance companies, insurance brokers, banks and institutions within the scope of their competence and in compliance with the provisions of the Regulation, the Personal Data Protection Act and the other norms of the applicable legislation. (e.g. transmit data to law enforcement authorities, notaries, trustees in bankruptcy, the Tax and Customs Board, the Financial Supervision Authority or equivalent).

9.3 We may use third parties (e.g. payment service providers) upon the performance of an agreement entered into with You and make Your Personal data accessible to them. These persons process Your Personal data according to their rules and at their responsibility. We may also use third parties from outside Estonia upon the performance of an agreement entered into with You, who process Your Personal data according to the law of their country of location.

10. HOW WE PROTECT YOUR PERSONAL DATA

10.1 We protect Personal data in strict compliance with the effective Estonian legislation and the principles of the framework directives of the European Union on protection of information and Personal data (including Regulation (EU) 2016/679).

10.2 Your information is stored on our secure servers or on secure servers of our subcontractors or business partners (or in certain cases the information is also stored on paper, subject to the necessary protections). The information is available and used in accordance with our security policies and standards (or those of our subcontractors or business partners), always in compliance with the effective legislation and the necessary protection measures.

10.3 Although we cannot guarantee that the transmission of data over the Internet, website or any other Available Channels is free from the risk of cyber-attacks, we and our business partners work hard to maintain measures for physical, personal and documentary protection and protection of automated information systems with regard to Your data in compliance with the effective legislation. For example, we apply the following measures:

10.4 strictly limited access of our employees and subcontractors to Your data, provided only on a need-to-know basis and in order to achieve the purposes for which it is processed and, on a need-to-know basis;

10.5 Personal data is stored electronically in databases or in shared folders protected by passwords or with different degrees of authorization; monitoring and protection against viruses are carried out; copies and backups are created for recovery purposes; the systems also store history logs of document operations;

10.6 at the sites of the Controller, where processing of Personal data is performed, technical security is carried out (through alarm and security equipment and video surveillance); fire protection; physical access control procedures have been introduced;

10.7 the staff of the Controller who processes Personal data is familiar with the requirements of the effective legislation, the policies of the Controller, and the existing risks and the scenarios for their occurrence;

10.8 Data processing information systems, including personal ones, are based on regularly audited software. For the purposed of full traceability and timely response, records with information about each access and operations performed in relation to Personal data are maintained by the Controller. The filling of the records is fully automated and is an integral part of the Data processing. The Controller, through explicit internal rules, has established technical and organizational measures consisting of terms and conditions and procedure for collection, processing and storage on paper of Personal data of its contractual counterparties, as well as strict rules for monitoring their compliance, said monitoring ensuring the most comprehensive protection against unwanted access;

10.9 contractual protection under the agreements with third-party data processors who act on behalf of the Controller has also been envisaged;

10.10 when we provide You (or choose to provide You) with a password that gives You access to certain parts of the website or another portal or service that we manage, You are responsible for keeping that password confidential and for complying with any other security procedures of which we notify You. Please do not share Your password with anyone.

12. COOKIES

12.1 Processing of cookies:

Cookies are small text files that some websites store on Your computer or mobile device when you visit that page. They allow a website to remember your actions and settings (such as login, language, font size, and other settings on the screen), so you don’t have to enter settings every time you visit that page or browse different pages.

Cookies on the Internet browser

Our site may use cookies to improve the user experience. Your Internet browser stores cookies on Your computer for the purpose of storing data on page visits. You can choose to decline cookies in Your online browser settings or receive a warning each time cookies are sent. If You select this option, some parts of the website may not work as intended.

Google, Facebook and AdForm cookies

We use cookies for online advertising on the Google AdWords Remarketing Platform. This includes the use of third parties, including Google, to show You ads after visiting our site. This can be in the form of an advertisement on the Google Search page or on the Google Display Network. We and third-party vendors, including Google, share cookies (such as Google Analytics) to analyze the extent to which impressions on our advertising, other uses of advertising services, and interactions with these impressions and advertising services are associated with visits to our site. You can adjust the way Google displays your ads in your ad settings.

We use cookies for online advertising on the AdForm Remarketing Platform. This includes the use of third parties to show You ads after visiting our site. This can be in the form of an advertisement on the on the AdForm Display Network. We and third-party vendors share cookies to analyze the extent to which impressions on our advertising, other uses of advertising services, and interactions with these impressions and advertising services are associated with visits to our site. You can adjust the way AdForm displays your ads in your ad settings.

We use the Facebook marketing and remarketing platform, which involves the use of data, our and third parties, including Facebook, to show You advertisements after Your visit or interaction with our site. This can take the form of advertising on the Facebook platform. We and third-party vendors, including Facebook, share cookies to analyze the extent to which impressions on our advertising, other uses of advertising services, and interactions with these impressions and advertising services are related to visits to our site.

We use cookies from the Google Analytics platform to collect statistics on demographics and interests, where reports on this data show aggregation of data rather than identifying individual users. These statistics are used to optimize and create targeted ads for specific groups, and to optimize the content on our site. Visitors may disable Google Analytics from displaying ads and custom ads on the Google Display Network.

Google Analytics cookies allow Us to collect anonymous information about user behavior on Our site. The information is anonymous and does not contain personal data. The information collected from Google Analytics cookies on Our website is transmitted and stored on Google software in accordance with Google’s privacy policy.

We use tools for tracking Google AdWords and Facebook results and optimizing advertising tools. Their use allows Us to take into account the interactions between ads and related conversions on our site.

You can turn off the remarketing option by visiting the links below:

For Google: https://support.google.com/google-ads/answer/2375362?co=ADWORDS.IsAWNCustomer%3Dfalse&hl=en

For Facebook: https://www.facebook.com/ads/website_custom_audiences/

For AdForm: https://site.adform.com/privacy-center/platform-privacy/opt-out/

12.2 Managing and deleting cookies:

You may accept or decline cookies by changing Your browser settings. If cookies are disabled, You may be unable to use all interactive features of our website.

Most current browsers allow You to control cookies through the saved browser settings.

12.3 Cookies help us:

12.3.1 To make our website work according to Your expectations;

12.3.2 To remember Your settings during visits;

12.3.3 To constantly improve our website for You;

12.3.4 To improve our advertising efficiency.

12.4 We do not use cookies for:

12.4.1 the collection of identifiable Personal data – we will always ask for Your explicit permission if we ever want to collect such information;

12.4.2 the collection of Your sensitive Personal data without Your explicit consent.

12.5 The use of cookies falls into several categories:

12.5.1 Cookies for website features:

We use cookies to make our website work better. For example, we store information once You log in to the website so that You do not have to log in again every time You visit a different page / menu during Your session.

After You log out or close the browser, the session cookies will be deleted.

12.5.2 Analytical cookies:

Analytics programs use cookies to collect statistical data that help us improve our website. Unless You provide us with explicit information by filling out a form or calling us, all data collected by analytics programs is stored anonymously and we see only general values and not specific individual data.

Examples include:

  • How You got to our website (e.g. from a search engine, advertising, etc.);
  • The actions that You perform on the website, such as the number of pages viewed, the time spent on a page, on which page visitors left the website;
  • How often You return to our website;
  • Technology used by visitors (e.g. browser, operating system, device, etc.).

12.6 To learn more about cookies in general and how to manage them, please visit www.aboutcookies.org.

13. YOUR RIGHTS TO PERSONAL DATA PROTECTION

13.1 You have certain rights regarding Your Personal data, such as the right to:

(a) ask us to provide You with additional details on how Your data is used;

(b) ask us to give You access to Your Personal data and to provide You with a copy of it;

(c) receive Personal data that concerns You and that You have provided to us in a structured, widely used and machine-readable format and – where technically possible – to transfer this data to another controller without hindrance if the processing of Your data is based on Your consent or agreement and is performed by automated means;

(d) ask us to update any inaccuracies in the data that we store and to correct / update the same;

(e) ask us to erase or anonymize all data about You for which we no longer have a legal basis to process;

(f) when the processing is based on consent and in connection with direct marketing, You may withdraw Your consent in order for us to stop that particular processing henceforth;

(g) object to any processing for the purpose of automated individual decision-making (including profiling) when it significantly affects You, while You have the opportunity to exercise Your right to request human intervention by the controller, the right to express Your views and to challenge the decision;

(h) ask us to limit the processing of Your data, e.g. while a complaint is being investigated.

13.2 Procedure for exercising the rights:

13.2.1 You may submit a request for exercising Your rights to the Contact Person in one of the following ways: on site, by mail (including e-mail), phone or fax, as referred to in item 1 above.

13.2.2 Each one of Your applications, inquiries or requests is accepted with an incoming number, it is reviewed, we verify Your identity and the right that You want to exercise, and we answer within one month of receipt. In more complex cases or during the receipt of numerous requests, this period may be extended by another two months, of which we will inform You. In the event that there are reasons to reject the request, we will state these reasons to the applicant in writing.

13.2.3 The exercise of these rights is subject to certain exceptions, for example when the public interest must be protected (e.g. in preventing or detecting crimes), or our interests, or the rights and freedoms of others.

If You have any questions on the processing of Your data, please contact us via the contact details provided in item 1 above (Monday through Friday from 09:00 a.m. to 06:00 p.m.).

If You are not satisfied with the processing of Your data or with our response in exercising these rights, You have the right to file a complaint to the Data Protection Inspectorate at: Tatari 39, Tallinn, 10134 website: https://www.aki.ee/en. Please try to resolve the issue with us beforehand, although You have the right to contact the Data Protection Inspectorate at any time.

14. AMENDMENT OF PERSONAL DATA AND TERMINATION OF PERSONAL DATA PROCESSING

14.1 Inform Us immediately of any changes and inaccuracies in Your Personal data submitted to us. At our request, submit to us a document that proves the changes in Your Personal data (e.g. name change certificate).

14.2 We endeavour to do our best to regularly check that Your Personal data is complete and correct.

15. POLICY UPDATE

We may make changes to this Policy from time to time. Changes to this Policy will take effect when the revised Policy is published on the website, and an update notification will be posted on the Website.