- The principles of processing client data of Evergreen Capital OÜ (hereafter referred to as the Principles) set out the terms and conditions of and procedure for the processing of client data by Evergreen Capital OÜ. The Principles apply to the processing of the data of all Evergreen Capital OÜ clients, including client relationships that arose prior to the Principles entering into force.
- Additional or more detailed requirements for the processing of client data may be agreed upon in the contract entered into with the Client.
- Evergreen Capital OÜ processes client data in order to fulfil its legal obligations arising from legislation (national laws, supervision guidelines, regulations and European Union legislation), to fulfil the contract entered into with the Client and to make preparations for entry into the contract, for example for the processing of the application submitted by the Client, on the basis of the consent of the Client and to protect the justified interests of the Lender.
- In entering into a client relationship with the Lender or expressing a desire to do so, the Client grants their consent to the Lender for the processing of their client data in accordance with the terms and conditions and procedure set out in the Principles.
- Evergreen Capital OÜ ensures the confidentiality of client data by implementing the necessary organisational, physical and information-technology security measures. Evergreen Capital OÜ requires Authorised Processors to do the same.
- Evergreen Capital OÜ collects data in the following ways: data are provided by the Client; Evergreen Capital OÜ runs checks in public registers; and data amass in the course of fulfilment of the contract.
- Should the Client refuse to present Evergreen Capital OÜ with client data prior to entering into a contract, Evergreen Capital OÜ may refuse to enter into a contract with the Client.
Client data are any information which becomes known to the Lender in the course of the client relationship (such as personal, contact and transaction details), including information the Lender has lawfully collected from public databases and channels or obtained from third parties.
The Client (the data subject) is an individual who has expressed their desire to use the services of Evergreen Capital OÜ (e.g. by submitting an application to enter into a contract) or who uses or has used the services of Evergreen Capital OÜ or who is connected to the services provided by Evergreen Capital OÜ in another way (e.g. as a guarantor or the owner of collateral in a loan contract).
Processing is any act involving client data (collection, retention, use and transfer).
The Lender is Evergreen Capital OÜ.
The Responsible Processor is Evergreen Capital OÜ.
A third party is an individual who or a legal entity which is not the Client, the Lender, the Responsible Processor or an individual with the right to process client data who is subordinate to the Responsible Processor or Authorised Processor.
The Principles apply to the extent that they do not contradict the Terms and Conditions of Service.
GENERAL PRINCIPLES OF PROCESSING DATA
- Personal data are processed in Evergreen Capital OÜ in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation), the Personal Data Protection Act, other relevant legislation and the requirements set out in these Principles. The terms and conditions of the processing of client data may also be set out in contracts and other documents connected to the services offered by the Lender.
- The Lender implements organisational, physical and information-technology security measures to ensure that client data are protected and to monitor the processing of client data.
- The Lender processes client data, including making them available to Authorised Processors and third parties, on the basis of the law or other legislation without the Client’s consent or with the Client’s consent.
- The Lender collects and processes client data only to the extent necessary for the achievement of the objectives set out in the Principles.
- The Lender and its employees are obliged by the requirements of legislation and in accordance with their employment or other similar contracts to maintain the confidentiality of client data without any time limit and are liable for any breach of these obligations. The Lender provides access to client data only to employees with the relevant training. An employee has the right to process client data only to the extent necessary for the fulfilment of the duties appointed to them.
CONTENT OF CLIENT DATA AND OBJECTIVES OF PROCESSING
- The main purposes of processing client data in Evergreen Capital OÜ are as follows:
- personal details (name, personal identification code, identity document data, etc.) are processed in order to identify an individual;
- contact details (telephone number, address, e-mail address, etc.) are processed in order to forward information and offers of financial services to the Client;
- data pertaining to the work, studies or activities of the Client (education, educational institution, occupation, military service, pension status, etc.) are processed in order to assess the creditworthiness of the Client and to offer a suitable service to the Client;
- data pertaining to the activities of the Client and the origins of their assets (data about their employer, business activities, etc.) are processed in order to prevent money laundering and terrorist financing;
- financial details (income, assets, obligations, payment history, debt, information on the fulfilment of contracts entered into with the Client, etc.) are processed in order to determine the solvency of the Client, study their consumption habits, assess the suitability or appropriateness of the product being offered to the Client and offer them suitable financial services;
- data obtained in the fulfilment of obligations arising from law (data obtained from enquiries made with investigative bodies, notaries, bailiffs and other agencies and individuals, data on the Client’s connections to money laundering, terrorist financing or organised crime, etc.) are processed in order to assess the trustworthiness of the Client.
- The main objectives of processing client data are set out in the points of the Principles. In addition thereto, Evergreen Capital OÜ may process client data for the following purposes:
- if required in order to fulfil the contract entered into between the Lender and the Client, to ensure the fulfilment of the contract or otherwise in the justified interest of the Lender;
- in order to manage and fulfil a contract that has been entered into. To this end Evergreen Capital OÜ may check transactions made and action taken on the basis of the contract, update the data collected from the Client, demand the repayment of debts, etc.;
- in order to organise statistical studies and analyses of client groups, product and service market share and other financial indicators;
- in order to add to and check the data submitted by the Client, to establish a contractual relationship or to make decisions pertaining to it or to fulfil potential due diligence obligations, for which the Lender has the right to collect data about the Client from third parties (such as checking that a working relationship exists or existed with an employer indicated by the Client) and from databases and public sources that can be legally accessed by the Lender (AS Creditinfo Eesti, the Land Register database, Ametlikud Teadaanded, etc.).
MAKING CLIENT DATA AVAILABLE TO THIRD PARTIES
- The Lender has the right to forward client data (with the exception of specific types of personal details) to the following third parties and the Client shall not consider this a breach of the requirement to maintain the confidentiality of their data:
- individuals and organisations connected to the provision of services and fulfilment of the contract entered into with the Client (such as guarantors, surety providers and collateral owners, co-borrowers and providers of translation, communications, IT and postal services);
- database operators, such as those of the Credit Register (e.g. Creditinfo), for the purpose of implementing the principle of responsible lending as well as to make it possible for third parties to assess the payment history and creditworthiness of the Client;
- when transferring claims to a new creditor;
- when responding to enquiries made by Estonian or foreign credit and financing institutions for the purpose of collecting information about the Client in order to assess the Client’s trustworthiness and to prevent money laundering and terrorist financing;
- if the Client breaches their obligations before the Lender as arising from their contract, the Lender has the right to make the details of the breach (amount of debt, number of days’ delay in payment, etc.) available to third parties in accordance with legislation for the assessment of creditworthiness or for similar purposes, as well as to the operators of the Credit Register in order for the details of the breach of contract to be recorded in the relevant registers. The operator of the Credit Register is AS Creditinfo Eesti (registry code 10256137).
RETENTION OF PERSONAL DETAILS OF CLIENT
- The Lender does not process the personal details of the Client for longer than is necessary to fulfil the objectives of processing such data, including to fulfil the obligation to retain data set out in legislation and to protect the Lender’s own rights in resolving a dispute arising from the contract entered into with the Client or to resolve a potential dispute.
- Generally, the Lender retains the personal details of the Client until the deadline for the expiration of potential claims arising from the client relationship has passed, unless a direct obligation to retain the personal details of the Client for another period arises from legislation.
- Client data which are collected with the appropriate consent of the Client are retained until a relevant application is submitted by the Client to have the date deleted and the Lender has no justified interest in the further retention of the data.
RIGHTS OF CLIENT IN PROCESSING OF DATA
- The Client may ask Evergreen Capital OÜ to provide them with any and all data pertaining to themselves and request that the data be amended if they have changed or are inaccurate in any other way. The Client must submit such an application (in a format that can be reproduced in writing, where required) to Evergreen Capital OÜ;
- Evergreen Capital OÜ shall respond to the application within the timeframe set out in legislation, but no later than within one month of the date of receipt of the application. Should circumstances need to be checked or explained in more detail before the response can be drafted, Evergreen Capital OÜ may extend this deadline;
- The Client has the right to obtain from the Lender information regarding the third parties to whom the Client’s data have been made available or to whom such data is permitted to be made available;
- The Client has the right to request that the Lender amend their data;
- The Client may request that Evergreen Capital OÜ terminate the processing of their data and delete their data, except in cases where the right and obligation to process data arises from legislation or is required in order to fulfil the contract entered into with the Client or to ensure its fulfilment;
- The Client has the right to request that the Lender terminate the processing of their data;
- The Client may restrict the processing of their data by Evergreen Capital OÜ in the cases set out in article 18 of Directive 95/46/EC (General Data Protection Regulation);
- The Client may contact the Lender’s data protection specialist by e-mailing info.evergreencapital [at] gmail.com in order to obtain explanations regarding the processing of client data or to submit complaints;
- In the event of their rights being breached, the Client has the right, at any time, to take the issue up with the Estonian Data Protection Inspectorate or a court;
- If it is determined that the Client’s rights were breached in the processing of client data, the Client has the right to request compensation for the damage they have incurred as a result of the breach on the basis and in accordance with the procedure established in law.
AMENDMENT OF PRINCIPLES OF PROCESSING OF CLIENT DATA
- The Lender has the right to unilaterally amend the Principles at any time, taking into account that which is set out in legislation;
- The Lender shall inform the Client of the amendment of the Principles by posting information to this effect in a visible place in the Lender’s office or in another way (e.g. by e-mail) at least 15 (fifteen) days prior to the amendments entering into force.