TERMS AND CONDITIONS FOR PERSONAL DATA PROCESSING
DEFINITIONS
‘GDPR’ Regulation (Eu) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
‘Personal Data’ Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Applicable Law’ All valid European Union legal acts and all valid legal acts of the Republic of Estonia, including however not limited to the national implementation acts for GDPR and the Personal Data Protection Act, applicable in Estonia.
‘Service Provider’ or ‘Accountscoring’ OÜ Krediidiregister, registry code 12400621, street address Harju County, Tallinn, Kesklinna city district, Toompuiestee 35, 10149, authorisation of a payment institution 4.1-1/170 issued by the Estonian Financial Supervision Authority, telephone number + 372 67 55 555; e-mail info@accountscoring.ee
‘Data Subject’ or ‘Client’ A natural person who uses the services of Accountscoring and whose Personal Data is processed by the Service Provider.
‘Partner’ A company, to which the Client has given its consent for providing the account information service by the Service Provider.
‘Consent’ The consent given by the Client with a term of up to 90 days for requesting the Client’s current account statements by the Service Provider from the Partner or from the Partners and for forwarding the analyses prepared on the basis of the data obtained under the consent to the Partner or the Partners.
‘Website’ The website https://accountscoring.com/ and its sub-domains and the related pages.
‘Portal’ Portal, offered via the Website, through which the Service Provider provides the account information service.
‘Account Information Service’ A service, provided by the Service Provider via the Portal, covering current account statement inquiries based on the Client’s Consent, processing and analysis of the obtained data.
‘Terms and Conditions’ Terms and conditions of the Account Information Service Agreement of the Service Provider, which are available here
1. GENERAL PROVISIONS
1.1. The Terms and Conditions for Personal Data Processing apply if you use the services of Accountscoring, including the Account Information Service, the Website or the Portal.
1.2. The Terms and Conditions for Personal Data Processing describe the general principles of the Service Provider for processing Personal Data.
2. WHAT KIND OF PERSONAL DATA, WHEN AND FOR WHAT PURPOSES DO WE PROCESS?
2.1. The Service Provider processes the Personal Data only for the defined purposes under Applicable Law.
2.2. If you use the Account Information Service and the Portal, the Service Provider shall process the Personal Data for the purposes of providing the service and in conformity with the Terms and Conditions of the Account Information Service (legal basis – GDPR, Article 6(1)b)).
2.3. The Service Provider shall process the Personal Data provided in the Consent on the basis of the consent given by the Client, for the purposes defined in the Consent, within the extent given in the Consent and during the validity of the Consent (up to 90 days) (legal basis – GDPR, Article 6(1)a)). If you have given your Consent to the Service Provider for processing your Personal Data, you have a right to withdraw your Consent at any time by contacting the Service Provider.
2.4. Data processing carried out for the purposes of providing the Account Information Service and based on the Consent includes data analysis. The Personal Data, processed by the Service Provider, includes the following information about the Data Subject:
2.4.1. Client’s contact details (name, ID code or, if not available, the date of birth, e-mail address);
2.4.2. Client’s current account information (incl., payments made by the Client, payment dates, persons to whom the payments were made, information on the Client’s incoming payments, etc.);
2.4.3. Processing of the Client’s current account data, incl. aggregation, classification of the obtained data and analysing of the Client’s behaviour based on the obtained data and drawing conclusions on the Client’s behaviour. Data analysis involves processing of Personal Data by automated means. The purpose of analysing the Client’s current account information is to assess the Client’s creditworthiness and payment history. The Service Provider shall perform the data analysis in conformity with the Terms and Conditions of the Account Information Service.
2.5. Based on the Applicable Law, the Service Provider may process the Personal Data on the basis of legitimate interest of the Service Provider provided that the Service Provider has performed the interest balancing exercise and the such interests are not overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data (legal basis – GDPR, Article 6(1)f)).
3. TRANSFER OF PERSONAL DATA AND USE OF PROCESSORS
3.1. In conformity with the Terms and Conditions of the Account Information Service, the Service Provider shall transfer the Client’s Personal Data and the aggregated data obtained as a result of processing and analysing the Client’s Personal Data to a Partyer or Partners, to whom the Client has given its Consent for transferring its Personal Data.
3.2. Under the Applicable Law, the Service Provider has the right to use data processors in processing the Personal Data. The processors of the Service Provider include for example the IT-service providers of the Service Provider (such as the server service providers, IT software developers) or the providers of other services, used by the Service Provider.
4. RETENTION OF PERSONAL DATA
4.1. The Service Provider shall retain the Personal Data gathered during the Account Information Service within one (1) year as of performing the data analysis, after which the data gathered on the Client will be deleted. In the event that the Client requests the Service Provider to delete the information gathered on them earlier, the Client may submit to the Service Provider a relevant request by contacting using the contact details specified in the section “Contact”.
4.2. The Service Provider has a right to retain anonymised data indefinitely. When retaining the anonymised data, the Service Provider shall ensure that the anonymised data cannot be associated with or attributed to any specific Data Subject.
4.3. If you wish to get more detailed information on the limitation periods of the Personal Data pertaining to you, please turn to the Service Provider using the contact details provided in the section “Contact” below.
5. RIGHTS OF THE DATA SUBJECT
5.1. In the processing of the Client’s Personal Data, the Client shall have all the rights arising to a Data Subject from Applicable Law. Inter alia, the Client has the following rights.
5.1.1. right of access: the right to ask at any time whether the Service Provider holds any Personal Data about the Client or not and receive information about which Personal Data the Service Provider is processing about the Client;
5.1.2. right to rectification: the right to request from the Service Provider the supplementation or rectification of their Personal Data if these are insufficient, incomplete or inaccurate;
5.1.3. right to object: the right to object to the Service Provider processing your Personal Data;
5.1.4. "right to be forgotten": right to request the deletion of Personal Data;
5.1.5. right to restriction of processing: the right to request that Service Provider restricts the processing of the Personal Data, for example, if the Service Provider no longer needs the Personal Data for the purposes of processing or if the Client has objected to the processing of Personal Data;
5.1.6. right to withdraw the consent for processing Personal Data: if the processing of the Personal Data is based on the Client’s Consent, the Client shall have the right to withdraw the consent given by them at any time;
5.1.7. right to data portability: The Client has the right to receive from the Service Provider the Personal Data that the Client has provided to the Service provider by themselves and which are processed under the Client’s Consent or for the performance of a contract entered into with the Client, in writing or in a generally used electronic format and, if technically possible, request that the Service Provider transfers these data to a third-party service provider;
5.1.8. right to lodge a complaint: the right to file a claim or complaint with the Data Protection Inspectorate or a court.
5.2. The Client’s rights listed in this chapter regarding the processing of Personal Data are not absolute rights. In certain cases, the rights of other Data Subjects or the legal obligations of the Service Provider or legitimate interest may limit the rights of the Data Subject.
5.3. In order to exercise the rights pertaining to the processing of Personal Data or to submit requests concerning the processing of Personal Data, please contact the Service Provider at the contact details provided in the section “Contact” below.
6. USE OF COOKIES
6.1. The Service Provider uses cookies on the Platform and the Website. Cookies are small text files that contain information stored in the Client’s computer and which are used for monitoring or identifying the Client.
6.2. The Client has a right to disable cookies at any time, by changing the settings of its web browser. In this case, however, the Client must bear in mind that not all of the functions of the Platform or the Website may operate properly. Cookies can be disabled by following the instructions of the web browser’s “help” function.
6.3. For more information about how cookies work or how to disable cookies, please be referred to www.allaboutcookies.org.
7. SECURITY OF PERSONAL DATA
7.1. The Service Provider undertakes to keep the data analysed and gathered on the Client confidential and secure.
7.2. The Service Provider shall implement security measures for ensuring the security of the data. For that, the Service Provider shall apply relevant technical and organisational measures and updated the applicable security measures, if necessary.
8. CONTACT
8.1. In matters relating to the processing of Personal Data or, for submitting requests concerning the processing of Personal Data, please contact the Service Provider or the data protection specialist of the Service Provider by phone, e-mail or post.
Contact details of the Service Provider:
Business name: Krediidiregister OÜ + 372 67 55 555
Address: Toompuiestee 35, 10149 Tallinn;
Phone number: + 372 67 55 555
E-mail: info@accountscoring.ee
Data protection specialist of the Service Provider:
Name: Art Andresson
E-mail: art@taust.ee