General Information Regarding Data Protection
In relation to the GDPR provisions, the personal data is the personal information of our clients that we gather for the purpose of our lawful business activities and legitimate interests in connection to the operation of the platform and our relevant AML and KYC policies.
We gather and process the following information:
- Identification data of our Clients, including name, Id number, date of birth, occupation, valid address, etc
- Personal information of individuals acting as representatives of legal persons.
- Other personal data that is required for the operation of the platform.
For the purpose of data control, CoinLoan OÜ formed a separate body within the structure of the company, made up of company officials, lawyers and supporting personnel, to act as a Data Controller.
You may contact Data Controller at firstname.lastname@example.org.
Data Controller shall provide information only to the data subject or his legal representative and may demand information and documentation that allow to identify the data subject prior to disclosure of information or providing access to the information.
CoinLoan OÜ gathers and processes data for the following purposes:
- The execution of the AML and KYC policies in accordance with the money laundering prevention legislation, including the procedure of risk assessment for the purpose of money laundering prevention;
- Conclusion of an agreement with the Client;
- Regular control of the provided information;
- Marketing purposes.
Processing shall be lawful only if and to the extent that at least one of the following applies:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another physical person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
For the fulfillment of the data collection purposes the gathered data may be provided to the following data recipients:
- Our partners and affiliates, for the purpose of marketing or data processing. We ensure that our partners and affiliates have the valid Privacy Policies drawn up in accordance with the GDPR.
- State regulatory authorities, including the Financial Inspection of Estonia and the Estonian Police and Customs board.
The gathered data is processed for the period that is reasonably necessary for the set purpose for which it was initially obtained. The overall processing period is determined by the length of the relationship with the Clients, the specifics of the provided data, the presence of any specific circumstance or obligations or whether the relation with the client is possible in light of the applicable legislation.
NB! Any persons, whose data was gathered and processed has the right to request access to their personal data, the right for rectification, erasure or restriction of processing of such data, the right to object to data processing in the events and cases as stated by GDPR and the right to form and present a complaint to the state supervisory authority.
Any client understands, that should he demand the restriction of his personal data processing, CoinLoan OÜ may terminate any cooperation with the agreement if such a demand makes it impossible for CoinLoan OÜ to carry out its legal obligations, including obligations in the field of money laundering prevention.
Any client who gave his consent to data gathering and processing may withdraw his consent at any time by sending the message with the withdrawal at email@example.com.
Any data processing that was carried out prior to the withdrawal shall be deemed lawful.