Principles of Customer Data Processing

Definitions

Data Protection Officer – an employee or representative of MoneyZen who is responsible for co-ordinating the implementation of the General Data Protection Regulation (GDPR) and the security measures of the information security system in MoneyZen and assisting MoneyZen employees who process the customer data to comply with the Regulation.

Personal data – means any information relating to an identified or identifiable natural person ("data subject"). MoneyZen's data subject is the customer or the user.

Personal Data Processing – an automated or non-automated process involving customer data, including collecting, documenting, saving, organizing, storing, modifying, disclosing, granting access, querying, and extracting, using, transmitting, viewing, cross-using, deleting.

Client / User – a borrower or investor registered in the MoneyZen Portal.

MoneyZen – legal entity / independent credit intermediary registered in Estonia with the business name Moneyzen OÜ, registry code 12541882, location Rävala pst 5 Tallinn 10143; info@moneyzen.eu, +372 58 855 553.

Portal - an online service environment on the Internet at www.moneyzen.eu managed by MoneyZen, where users can lend or borrow money from other clients.

Responsible processor – MoneyZen is responsible for processing users' personal data.

Authorized processor - is a person who processes or has access to personal data on behalf of MoneyZen. The list of authorized processors and contact details are published on the MoneyZen website or in other ways convenient for users. The list shall be updated and / or amended within a reasonable time, but not later than 30 days from the change of the processor.

Purposes, bases and sources of processing of personal data

1. MoneyZen processes personal data, including sensitive personal data, only for legitimate purposes and only to the extent necessary to carry out its core business.

2. Moneyzen processes personal data for the purpose of concluding and executing a contract with the client (loan agreement with a borrower and investment agreement with an investor).

  1. 1. For a borrower this includes identifying a customer, conducting credit and risk controls to reduce or prevent risks and losses to both the customer and other customers (eg investors financing loan transactions with borrowers) and protecting MoneyZen's interests.
  2. 2. In the case of an investor, this includes identifying the customer and carrying out risk controls.

3. In order to identify a person, MoneyZen asks the user to provide a copy of their ID and to transfer € 0.01 from user’s personal bank account into the user's virtual account in MoneyZen. The user will find the required bank details when logging in to their profile. The transferred money remains the property of the user until such time as the obligations to MoneyZen are incurred and the obligations become collectible (in the case of the borrower). When paying out a payment, the user must take into consideration that the payment service fee will be charged by MoneyZen according to the price list.

4. MoneyZen processes the personal data of users as well as the personal data of persons guaranteeing their obligations under the Terms of Use and the Law of Obligations Act. Information about guarantors is usually provided by the person applying for the loan. The borrower agrees that MoneyZen will transmit the information about the borrower, including the loan agreement for review, to the third party who guarantees the loan Agreement.

5. The processing of personal data by MoneyZen is based on the following principles:

  1. Principle of legality - personal data are collected only in a fair and lawful manner (applicable laws are Personal Data Protection Act, Creditors and Credit Intermediaries Act, Money Laundering and Terrorist Financing Prevention Act);
  2. purpose-oriented approach - personal data must be collected for the specified, legitimate purpose and not further processed in a way incompatible with the purposes of the processing;
  3. the principle of minimization - personal data shall be collected only to the extent necessary to achieve the defined objectives;
  4. limited use principle - personal data shall be used for other purposes only with the consent of the user or with the consent of the competent authority;
  5. data quality principle - personal data must be up-to-date, complete and necessary to achieve the purpose for which they were processed;
  6. security principle - means the protection of personal data against unintentional or unauthorized processing, disclosure or destruction of personal data;
  7. the principle of individual participation - the data subject is informed about the data collected about him / her, has access to the data concerning him / her and has the right to request correction of inaccurate or misleading data.

6. The sources of the processing of personal data shall be:

  1. The application completed by the user
  2. User identity document
  3. Data received from the user by telephone or email
  4. User bank statement
  5. User transfer to MoneyZen current account
  6. RIHA (population register)
  7. Creditinfo AS (credit default register)
  8. Other public sources, networks or registers (eg Google, Facebook, Land Register), from which information may be relevant in assessing a client's creditworthiness and which may affect the proper performance of the borrower's obligations.

7. The processing of personal data shall be based on:

  1. The application completed by the user
  2. User identity document
  3. Data received from the user by telephone or email
  4. User bank statement
  5. User transfer to MoneyZen current account
  6. RIHA (population register)
  7. Creditinfo AS (credit default register)
  8. Other public sources, networks or registers (eg Google, Facebook, Land Register), from which information may be relevant in assessing a client's creditworthiness and which may affect the proper performance of the borrower's obligations.

Personal data, its processing, saving, storing, completing of processing

8. MoneyZen processes the following personal data:

  1. Personal data to identify the user, including first and last name, personal identification code / date of birth, gender, identity document data, residency, field of activity
  2. Contact details: address, telephone number, email address
  3. Data on the user's property and financial position:
    Borrower: Income, expenses, liabilities (creditor, outstanding balance, monthly payment, maturity), residence and property ownership information, bank account details / statement
    Investor: volume of investments, type of income, previous investment experience, risk appraisal questionnaire, bank account information
  4. Behavioral data: Information on the borrower's past payment behavior and credibility - absence and existence of valid payment defaults or past payment defaults.
  5. Family information of the borrower - marital status, number of dependent children and their age.
  6. Education and employment of the borrower: level of education, name of employer, website address and economic sector, existence of employer tax debt, duration of employment.
  7. Borrower's Facebook account
  8. Customer advisor check query data, remarks, and information received from the interaction with the user and public databases

9. Users' personal data are stored in accordance with the requirements of contracts, laws and regulations.

10. To the fullest extent permitted by law, the user has the right to access the contracts with MoneyZen. The user has the right to receive information and to change personal data concerning him.

11. The user has the right to demand the termination of the processing of his / her personal data, the termination of the disclosure of or access to personal data or the deletion or closure of personal data collected, if permitted by law. However, it should be borne in mind that the retention period for personal data is based on the contract with the user, MoneyZen's legitimate interest or applicable law (for example, MoneyZen is obliged to retain the data for at least 5 years after the contract expires).

12. The user undertakes to report any changes in personal data and any inaccuracies discovered (eg change of name). A document proving the change in personal data must also be provided upon request.

Processing of personal data in case of payment difficulties

13. MoneyZen shall have the right to settle users' debts.

14. MoneyZen will notify each borrower of upcoming loan repayment dates. The purpose of the notice is to prevent the borrower from forgetting to repay his loan. It is not possible to refuse to receive reminders related to the performance of the loan agreement.

15. The debtor shall be informed of the debt due by email, sms, letter and telephone and the purpose of the communication shall be to ensure payment of the debt. In the event of a default by the borrower, the borrower shall pay additional costs and fees arising from the Loan Agreement and the price list, including legal costs, debt costs (collection letters) and penalty interest.

16. MoneyZen shall have the right to transfer the personal data of users to the credit default register (Creditinfo AS) in the event that the borrower has an outstanding financial obligation to MoneyZen and the borrower has more than 45 days overdue. Typically, a payment default is initiated when the overdue balance is over 90 days, or 4 monthly payments. Upon reaching such a status, MoneyZen will send a warning to the debtor to register a payment default. The letter is forwarded by AS Creditinfo and if the debtor fails to comply with the obligation within seven days, a public payment default shall be registered. The payment default register shall disclose information about the payment default of the user, and the personal data of the user transmitted to the registrar may be processed by any person who is a member of, or otherwise has access to, such register. The information about the personal data, conditions, scope and extent of data processing can be accessed at the website https://www.creditinfo.ee/

17. Following the registration of a payment default, MoneyZen will warn the debtor of the early termination of the loan agreement and if the debtor cannot be contacted and he or she will not start reducing the debt, MoneyZen will terminate the loan early.

18. When the loan agreement has been terminated, the court documents are prepared or an out-of-court settlement is concluded. MoneyZen will also send you a reminder of your outstanding commitment even after termination of the agreement.

19. The action is usually brought in court between 22 and 35 day after termination of the contract. For a total debt of up to 6 400,00 euros, the application is forwarded to the expedited procedure (Payment Order Department of Pärnu County Court), and if the debt is over 6 400,00 euros the claim is forwarded to the county court of the consumer's place of residence.

20. MoneyZen transmits the judgment to the bailiff for enforcement purposes, whose task is to collect the debt from the debtor. As a result of the bailiff's activities, it is possible to seize and lien the borrower's assets or to make a payment schedule with the borrower.

21. The courts and bailiffs process personal data in accordance with the rules and laws applicable to them and under their own responsibility.

22. In certain cases (for example, MoneyZen does not have the relevant experience or knowledge / resources), MoneyZen may assign the claim to a collection company that processes personal data in accordance with its own rules and to the extent necessary to carry out its core business.

Transmission of personal data of users outside the European Economic Area

23. In some exceptional cases MoneyZen may transfer personal data of users to authorities outside the European Economic Area. This is the case when it comes to user behavior that resulted in the borrower moving to another country and not fulfilling his obligation to MoneyZen. The transfer of personal data is based on the performance of the loan agreement. In this case, the recipients / processors of personal data are usually the authorities and persons (courts, bailiffs) of other countries with whom MoneyZen intends to recover the debt from the debtor. In such a case, MoneyZen may transfer personal data documents to a translation agency for translation, provided that the recipient of such personal data processes and is responsible for the protection of personal data properly. For this purpose, MoneyZen shall enter into a mutual confidentiality agreement with the respective service provider.

Processing of personal data for marketing purposes

24. MoneyZen processes users' personal data for marketing purposes. MoneyZen may use the user's personal information for informing and advertising purposes

25. If the user does not wish to receive the newsletter, he / she may refuse by logging in to his / her profile, unchecking the appropriate box in the "My data" menu and then saving the data.

26. General and promotional information about MoneyZen services, notification of changes to the terms or price list, or information related to the performance of a contract entered into by the user is not considered as marketing. The user cannot refuse to receive such information.

27. MoneyZen may use the non-personalized data from contracts to publicly provide general statistics. In this case, the personal details of the borrower will not be disclosed.

Transmission of personal data to third parties

28. The data collected by MoneyZen are confidential and may not be disclosed to third parties except to the extent and in the manner agreed upon in the Terms of Use. MoneyZen discloses and / or communicates personal information to third parties only by law or regulation

29. MoneyZen has the right to transfer user personal data to the following third parties and to the extent necessary to achieve the purposes of the user personal data processing: legal and other advisors, email and messaging service providers, communications service providers, identification and certification service providers, debt collection companies, courts and bailiffs, payment service providers, guarantors, default payment register, other financial service providers, regulators. The list of processors / recipients of user personal data will be made public by MoneyZen on its website and updated as necessary.

Responsible persons and contact details

30. The personal data of the users is processed by customer advisors and a lawyer whose details are available on the MoneyZen website.

31. MoneyZen has appointed Jana Loemaa as data protection specialist, jana@moneyzen.eu.

32. If you have any questions regarding your personal data processing, please contact MoneyZen customer support at info@moneyzen.eu or +372 58 855 553

33. In the event of a difference of opinion and in order to protect the rights, the user may seek further independent assessment from the Data Protection Inspectorate.

Estonian Data Protection Inspectorate postal address: Tatari 39, Tallinn 10134; contact: 627 4135, advisory 5620 2341; e-mail: info@aki.ee; Website: www.aki.ee