We will use your Data only for the purposes and in the manner set forth below, which describes the steps we take to ensure the processing of your Data is in compliance with the European Union Law including Regulation (EU) 2016/679, known as the General Data Protection Regulation or GDPR, and any other applicable legislation, including Data Protection Act 2018, the Swiss Federal Act on Data Protection (FADP) and any subsequent data protection and privacy legislation and any subsequent amendments thereto (collectively referred to as “Data Protection Legislation”).
3. IDENTITY OF THE CONTROLLER OF THE DATA
For the purposes of the Data Protection Legislation, the Data Controller of the Site is Monefit Card OÜ, having its registered office a Lõõtsa tn 5, 11415, Tallinn, Estonia. Lõõtsa tn 5, 11415, Tallinn, Estonia.
4. CONTACT DETAILS OF THE DATA PROTECTION OFFICER
The contact details of our DPO are as follows: Ulla UgastEmail address: [email protected]
5. WHAT DATA DO WE COLLECT ABOUT YOU
We collect your Data from a number of sources. The Data we collect about you may include the following:
Personal information for individuals: first name, last name, country, country of tax residence, national identity number, birthdate, contact details, bank details;
Information about investing entities: [name, country, registration number, legal address, tax residency, bank details]; information about representative: [first name, last name, national identity number, country of tax residence, birthdate, contact details]; details of beneficial owners owning more than 25% of the shares of the legal entity.
Transactional information: records of payments made to and received from and in connection to the services provided by Monefit, records of invested funds, investments, net annual return, available funds;
Information provided voluntarily by filling in forms on our Site, by registering an account, by contacting us through “contact us” section on our Site (which may from time to time include requesting information from us or submitting comments) and/or when you meet with us.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.
6. WHY DO WE COLLECT YOUR DATA
We collect and process information about you for the purposes of complying with our legal duties and for other legitimate purposes. We may use your Data, collected from direct interaction, automated forms and third parties to:
Ensure that content from our Site is presented in the most effective, responsive and compatible manner for you and for your computer or device;
Respond to your requests for information and other communication or correspondence you may submit to us;
Provide you with general information on our Site and to provide you with personalised services;
Provide marketing information and special offers with your consent;
Enable you to login to the Site and our web platform, using your email address, username and the password that you have chosen;
Provide you with information about your registration or accounts;
Provide you with the information or services that you request from us;
Carry out statistical analysis, customer surveys and market research;
Allow you to participate in interactive features of our Site, when you choose to do so;
Carry out activities necessary to the running of Monefit, including systems testing, network monitoring, staff training, improving technical systems and IT infrastructure, and quality control;
Notify you about changes to our Site, services or policies;
Legal obligations and identity checks in order to comply with the applicable laws and international agreements;
In order to conclude and execute a contract with the Client; ensuring the accuracy of the data by checking and updating internal and external data sources and to be able to fulfil the obligations of the contract between the User and Monefit;
For the interests of the client and/or Monefit; and to know the quality of the services provided; and to provide evidence of commercial transactions and other commercial communication;
To prevent the abuse of dishonest use of services and to provide proper provision of services. To sanction and control the access to digital channels, to prevent unauthorised access and to ensure information security.
7. BASIS OF PROCESSING
For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstances. The following are the basis for the processing of your personal data:
It is necessary for the purposes of our contract with you or to take steps for entering into our contract with you;
It is necessary to comply with our legal obligations;
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
Consent, where the personal data relates to the person supplying it to Monefit and has been supplied to Monefit voluntarily.
8. DISCLOSURE OF YOUR DATA
We consider your Data to be private and confidential. From time to time, we may collect and share your Data with third parties, including third party service providers or other entities within our group (i.e. Lendermarket Limited and Creditstar Group AS). We may access and/or disclose your Data if required to do so by law or in good faith and belief that such action is necessary to: (a) conform with the law or comply with legal process served on us; (b) protect and defend our rights or property including, without limitation the security and integrity of our network and systems; or (c) act under exigent circumstances to protect the personal safety of users of our services or members of the public. Service Providers:
We use third party service providers who work for us in the provision of our services, for example, communications, marketing, IT service providers, verification agencies and other business support companies. In providing the services, your Data will, where applicable, be processed by the service provider on our behalf. We will check any third party that we use to ensure that they can provide sufficient guarantees regarding the confidentiality and security of your Data. We will have written contracts with them which provide assurances regarding the protections that they will give to your Data and their compliance with our data security standards and international transfer restrictions. Disclosure to Third Parties:
In certain circumstances, we may share and/or are obliged to share your Data with third parties for the purposes described above and in accordance with Data Protection Legislation. These organisations will also use your Data as a “Data Controller” – they will have their own privacy notices which you should read, and they have their own responsibilities to comply with applicable Data Protection Legislation.
9. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA
Your Data may be transferred, stored and processed in one or more countries outside the European Economic Area (“EEA”), for example, when one of our service providers use employees or equipment based outside the EEA. For transfers of your personal data to third parties outside of the EEA, we take additional steps in line with Data Protection Legislation. We have put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we establish an adequate level of data protection through EU Standard Contractual Clauses based on the EU commission’s model clauses.
If you would like to see a copy of any relevant provisions, please contact the DPO (see “Contact Details of the Data Protection Officer” section above).
10. HOW LONG WILL WE USE YOUR DATA FOR?
We keep your personal data for as long as it is necessary to do so to fulfil the purposes for which it was collected as described above, including for the purposes of satisfying any legal, accounting, or reporting requirements. This may mean that some information is held for longer than other information, for example, we may need to retain some Data for up to ten years. The criteria we use to determine data retention periods for personal data includes the following:
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
11. LINKS TO OTHER WEBSITES
The Site contains links to and from other websites and web platforms. In addition, third parties websites may also provide links to the Site. If you follow a link to any of those websites or web platforms, please note that those websites and web platforms have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
We will use appropriate technical and physical security measures to protect your personal data which is transmitted, stored or otherwise processed by us, from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access.
Access is only granted to Data on a need-to-know basis to those people whose roles require them to process your personal data. In addition, our service providers are also selected carefully and required to use appropriate protective measures.
As effective as modern security practices are, no physical or electronic security system is entirely secure. The transmission of information via the internet is not completely secure. Although we will do our best to protect your Data, we cannot guarantee the security of your Data transmitted to the Site. Any transmission of Data is at your own risk. Once we receive your Data, we will use appropriate security measures to seek to prevent unauthorised access. We will continue to revise policies and implement additional security features as new technologies become available.
13. YOUR RIGHTS
You may have various rights under Data Protection Legislation. However, in certain circumstances, these rights may be restricted. In particular, your rights may be restricted where this is necessary: (i) for the prevention, detection, investigation and prosecution of criminal offences, and/or (ii) in contemplation of or for the establishment, exercise or defence of a legal claim or legal proceedings (whether before a court, tribunal, statutory body or an administrative or out-of-court procedure). Subject to the above, your rights under Data Protection Legislation may include (as relevant) the right to:
Request access to your data (commonly known as a "data subject access request"). this enables you to receive information about the data we hold about you.
Request correction of the data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your data. this enables you to ask us to delete or remove data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (in certain circumstances).
Object to processing of your data where we are relying on a legitimate interest for processing (or a legitimate interest of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for direct marketing purposes.
Request the restriction of processing of your data. This enables you to ask us to suspend the processing of data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your data to another party.
If you want to review, verify, correct or request erasure of your Data, object to its Processing, or request that we transfer a copy of your Data to another party, please contact the DPO (see “Contact Details of the Data Protection Officer” section above).
If you are unhappy about any aspect of the way we collect, share or use your Data, please let us know by contacting our DPO: Email address of DPO: [email protected] You also have a right to complain to the Data Protection Inspectorate (www.aki.ee).