Principles of Processing Personal Data

Effective as of 27.07.2021

The following is an overview of the principles governing the processing of personal data by Moneyzen OÜ (hereinafter MoneyZen) and the rights of data subjects.

The overview uses vocabulary that is familiar from MoneyZen's general terms and conditions and data protection legislation (Personal Data Protection Act and General Data Protection Regulation or GDPR).

The contacts of MoneyZen as data controller are available on the MoneyZen portal at www.moneyzen.eu.

A list of authorized processors is available here.

1. COLLECTION OF PERSONAL DATA

Providing personal information to MoneyZen is optional, but required to use the MoneyZen portal and services. In the absence of data, it may become impossible to use the MoneyZen portal and services to the desired extent.

MoneyZen collects personal information in the following ways:

1.1 MoneyZen obtains data independently for the provision of services by collecting publicly available data from the Internet or by making inquiries into external databases (eg a request to the default register to assess solvency or a request to verify the data to the population or pension register);

1.2. Data is disclosed to MoneyZen by the user or his / her representative for the purpose of using or obtaining additional information about the MoneyZen portal and services, the data is provided via electronic channels (eg via the portal or e-mail) or by direct communication (eg by telephone);

1.3. Data is transmitted to MoneyZen by a third party (eg collection company, guarantor, guarantee agent, bank, public authority).

2. COMPOSITION OF PERSONAL DATA

In the course of its activities MoneyZen may process the following personal data:

2.1. General data of the user such as name, personal identification code / date of birth, sex, citizenship, country of origin, nationality, residence, education, marital status, number of dependents, data on representation rights;

2.2. Contact information of the user such as email, phone number and residence information;

2.3. Data about the document of the user, such as data related to or displayed on an identity document;

2.4. Data about the status of the user, which necessary to understand the nature of the business relationship and to prevent money laundering and terrorism (eg field of activity, national background, application of sanctions, relation to legal entities);

2.5. Digital data left by the user, which is generally data on the use of the portal (logs), IP address, cookies and marketing preferences, data on electronic identification, data on the use of social media;

2.6. Data reflecting the property and financial situation of the user, such as income, bank account data, liabilities, information related to the profession or work, real estate owned by the user or related to his investment interests, guarantees / pledges associated with the user;

2.7. Data characterizing the user's behavior, such as the size of the investment, previous payment behavior and investment experience, investment interests, data of the investor's risk appetite questionnaire;

2.8. Information collected in the course of providing services, including data collected in the course of day-to-day customer interactions, information related to contracts and services, and information available from public databases.

3. BASIS AND PURPOSES OF THE PROCESSING OF PERSONAL DATA

MoneyZen may process personal data on the following grounds and for the following purposes:

3.1. To meet MoneyZen's legal obligations:

3.1.1. To prevent money laundering and terrorist financing (eg to establish identity or right of representation, to verify the information provided, to monitor business relationships and transactions, to apply the "know your customer" principle);

3.1.2. To meet the requirements related to responsible lending (eg to assess solvency, to perform credit checks, to keep a credit file);

3.1.3. To fulfill the obligation to store personal data.

3.2. To conclude and perform the agreement/contract:

3.2.1. To provide a service to the user (to introduce and define the terms and conditions, to analyze the solvency of the user and the guarantor);

3.2.2. To provide the service and ensure the fulfillment of the concluded agreements (eg to send notifications related to the agreement to the user or the guarantor, to make payments, to manage or amend the agreement, to collect debts, to realize the guarantee, to resolve disputes arising from the agreement).

3.3. On the basis of consent:

3.3.1. MoneyZen processes personal data on the basis of consent if the consent has been given voluntarily and in a form that can be reproduced in writing, and the purpose of the processing is specified in the consent (eg for sending newsletters and advertisements). If the user's data is processed on the basis of consent, the user has the right to withdraw his consent at any time and free of charge.

3.4. On the basis of the legitimate interest of MoneyZen:

3.4.1. To ensure the quality and sustainability of services and customer service (eg auditing, operational risk management, product development, development of digital e-channels and solutions, handling of complaints, storage of correspondence, data analysis, automated decision making and profiling);

3.4.2. For marketing activities (based on a previous customer relationship);

3.4.3. To comply with the due diligence required of MoneyZen (eg to comply with supervisory instructions).

4. TRANSFER OF PERSONAL DATA

Based on the grounds and purposes of data processing described above, MoneyZen may transfer personal data to the following persons:

4.1. Companies belonging to the same consolidation group as MoneyZen;

4.2. Guarantors (for example, sureties) and agents involved in the performance of the contract;

4.3. Authorized processors who provide services to MoneyZen or are otherwise involved in the provision of services and the performance of the contract: for example, banks and payment institutions, notaries, bailiffs, providers of communications, archives, IT, postal and verification services, collection, legal or mass mailing services ( a list of authorized processors is available on the MoneyZen portal);

4.4. Providing the investor's general data (name, personal identification code, place of residence, etc.) to the business borrower;

4.5. Persons or bodies who are entitled to receive data under the law or whose information is necessary in the event of a breach of contract or damage (eg supervisory and law enforcement bodies, bankruptcy trustees, courts, tax authorities);

4.6. Potential creditors to whom MoneyZen assigns the claim or with whom the assignment of claims should be negotiated;

4.7. Representatives of the data subject, if the relevant right arises from a power of attorney, law or a court decision accepted by MoneyZen;

4.8. Registrars who manage data on the payment behavior of individuals (eg default or credit register) or to whom MoneyZen makes inquiries to verify the accuracy of the client data and to fulfill obligations arising from contracts or legislation (eg population register, pension register).

MoneyZen guarantees the protection of personal data for an indefinite period of time and does not process or transfer them under conditions and to persons (including countries outside the European Economic Area) not mentioned in this document. If MoneyZen has the right to disclose data to its contractual partners (eg authorized data processors), the agreement with the partner must include a requirement to keep personal data confidential.

5. RETENTION OF PERSONAL DATA

5.1. MoneyZen will retain the collected the personal data for as long as it is necessary to fulfill the purposes described above or for any other period specified by law.

5.2. At the end of the retention period for personal data, MoneyZen guarantees that the data will be deleted or will be anonymous.

5.3. The retention period of personal data is determined depending on the type of personal data and the purpose of the processing, based on MoneyZen's legitimate interest and legal requirements.

6. AUTOMATIC PROCESSING OF PERSONAL DATA

For the purposes described above, MoneyZen may use the collected personal data for profile analysis or for making the automated decisions based on this data.

6.1. Profile analysis means the automatic processing of personal data by MoneyZen for the purpose of analyzing the user's preferences, behavior and financial position and making decisions or marketing offers based on it. Profile analysis enables the provision of more appropriate services and the prevention and detection of risk behavior, while it may affect the user's rights and opportunities when using the MoneyZen portal or services.

6.2. Automated decisions are made using IT tools (without the intervention of a MoneyZen employee) and based on profile analysis. This allows for more efficient decision making and thus provides a faster service.

6.3. Automated decisions are made when assessing the solvency and reliability of a client (for example, when assessing creditworthiness). This may affect the rights and capabilities of the user when using the MoneyZen services, but the user has the right to request a revision of the automatic decision by the MoneyZen employee. If MoneyZen automatically makes decisions for other purposes, there will be no legal or other significant consequences for the user.

6.4. MoneyZen may use pre-filled fields on its portal to make the service faster and more convenient. In this case, pre-filled data known to MoneyZen and related to the user (eg name and contact details) will automatically appear in the data fields, but the user must nevertheless check them before each confirmation or submission of the data.

7. RIGHTS OF THE DATA SUBJECT

The data subject has the following rights in relation to the processing of his or her personal data:

7.1. The right to receive free information about whether MoneyZen processes his or her data, what are the data processing conditions and the types of personal data processed.

7.2. The right to request the transfer of data to another controller (MoneyZen will endeavor to resolve the request within one month and ensure that the data is transferred in a publicly available digital format that is technically possible).

7.3. Right to update data – If a data subject finds that his or her data is incorrect or insufficient, he or she may request MoneyZen to correct or supplement his or her data. MoneyZen will review and update the information, provided that it has received the relevant evidence on which the change is based. MoneyZen makes every effort to ensure the accuracy and timeliness of the data and expects the data subject to keep the data submitted to MoneyZen up to date. For this purpose, MoneyZen may from time to time invite the data subject to revise or update their data.

7.4. The right to withdraw consent if the data subject has given his or her consent to the processing of data for a specific purpose.

7.5. The right to request the deletion of data if, in the opinion of the data subject, there are no grounds for further processing of his or her data, or the restriction of data processing(for example, during the processing of the request about reassessing the circumstances that led to the change or deletion of data).

7.6. Right to object. The data subject can object to decisions affecting his or her rights and opportunities based on the automatic processing of his or her data, including requesting a review of such an automatic decision. The same right applies if MoneyZen has used the data on the basis of its legitimate interest (eg marketing activities based on profile analysis).

7.7. When exercising the rights described above, MoneyZen requires to take into account the following conditions:

7.7.1. To send requests, you must use the contact information available on the MoneyZen portal. To speed up the processing of the application, a request with a digital signature should be sent to the email address of MoneyZen Data Protection Officer (Jana Loemaa) jana@moneyzen.eu.

7.7.2. A person applying to MoneyZen must be prepared to identify himself in a manner acceptable to MoneyZen and, if necessary, provide the information requested by MoneyZen.

7.7.3. MoneyZen will review the request and provide feedback within 30 days of receiving it. If the request cannot be resolved within the aforementioned deadline, MoneyZen will notify the reasons for the extension and the new deadline.

7.7.4. MoneyZen may claim reimbursement of the reasonable costs of resolving the request or waive the processing of the request if the request is manifestly unfounded or malicious.

7.7.5. MoneyZen may restrict the exercise of the rights of the data subject if this would jeopardize compliance with legal requirements or MoneyZen's general diligence duty, or if it would be contrary to the freedoms and rights of MoneyZen or third parties. The exercise of the rights of data subjects does not affect the legality of previous data processing.

8. OTHER IMPORTANT INFORMATION

8.1. MoneyZen may make changes to its customer data processing policies (Principles of Processing Personal Data) and the list of authorized data processors to ensure that the information is up-to-date, transparent and in compliance with the law, and that data subjects are immediately informed. The current version of the Principles of Processing Personal Data and the list of MoneyZen authorized data processors are available on the MoneyZen portal.

8.2. MoneyZen's activities are subject to supervision by the Data Protection Inspectorate (Tatari 39, 10134 Tallinn; phone 627 4135; email info@aki.ee; website www.aki.ee) in matters related to protection and processing personal data.