Privacy Policy – Fundament

1.   Introduction

1.1.  This Privacy Policy provides you with the information regarding the processing of personal data of the natural persons (hereinafter referred to as you) visiting and using the services provided on the website www.fundament.trade and its subpages (hereinafter the Website) by Fundament OÜ (registry code 999999999, located at ADDRESS Tallinn, Estonia, e-mail info@fundament.trade; hereinafter also we and the Fundament) as the controller of the personal data.

1.2.  The definitions and names with a capital first letter are used in this Privacy Policy in the meaning given to them in the “Fundament General Terms of Purchasing Claims and Using the Website” regulating the use of the Website (hereinafter the Terms), unless otherwise defined in the Privacy Policy.

1.3.  The personal data includes any information about you (e.g. name, contact details, details related to using the Website, etc.) that we may process for our established purposes. The Processing of the personal data involves any and all operations we may perform with the personal data (incl. collection, storage, use, disclosure, etc.).

1.4.  We process personal data pursuant to our obligations arising from the relevant legislation applicable in the European Union and in the Republic of Estonia and observe the principles of legitimate and secure processing of personal data.

1.5.  By submitting any of your personal data to Fundament upon registering as a User of the Website or otherwise, you confirm having read and understood this Privacy Policy.

1.6.  The personal data requested from you in the process of registering as a User and using the services provided on the Website is necessary for using the services provided on the Website and, if you choose not to submit the personal data, the use of the Website is respectively restricted or impossible. By submitting the data to the Website or providing it to Fundament in any other manner, you confirm the accuracy of the submitted data.

2.   Categories of the personal data

2.1.  We process the personal data that you provide to us upon registering as a User of the Website and by using the Website and services provided on it. We may also process your personal data received from third parties such as governmental bodies, public registers.  

2.2.  The personal data processed by Fundament may include the following categories of personal data:

2.2.1.  personal details (such as first name and surname, personal identification code, date of birth, representation rights);

2.2.2.  documents and data obtained for verifying the identity of the User (image of their identity document, a picture or video of their face, metadata of and machine-readable data in the images, timestamps, biometric data from facial images);

2.2.3.  contact details (such as phone, e-mail address);

2.2.4.  data relating to the use of the Website (such as User Profile details, User ID, password, language, information and details regarding your visits and interactions and the way you use the Website, communication with Fundament, correspondence via the Website, necessary information regarding the User’s Bank Account);

2.2.5.  details of the transactions performed in the Website (e.g. declarations of intention, orders for transactions and contractual documents, the details and balance of the User’s Virtual Account).

3.   Purposes of and legal basis for the processing

3.1.  The performance of the operations required prior to entry into the contract and for the performance of the contract concluded with you for using the Website is the legal ground for processing the personal data for the following purposes:

3.1.1.  the creation of the User Profile and linking it with a specific and duly identified person, administration of the User Profile and enabling the secure logging into the User Profile;

3.1.2.  provision of services via the Website and enabling the use of the Website for its intended purposes (e.g. fulfilling orders for transactions and verification in connection therewith, preparing and retaining documents of transactions, making payments on the User’s Virtual Accounts, displaying reports and overviews to the user, sending e-mails related to the use the Website and contacting you in connection with using the Website, if necessary).

3.2.  The legitimate interest of Fundament to carry out and develop our economic activities is the legal ground for processing the personal data for the following purposes:

3.2.1.  improving the user experience of the Website (including troubleshooting, data analysis, testing, research and service improvement and notifying you about the changes of the services provided on the Website);

3.2.2.  activities relating to the marketing and promotion of the Website and services provided on it, including relevant messaging;

3.2.3.  performance of financial and statistical analysis;

3.2.4.  identification and due diligence measures for the prevention of fraud, money laundering and terrorist financing;

3.2.5.  if and as necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

3.3.  On the basis of your explicit consent we process the biometric data from the facial images for the first-time identity verification of the Users. The biometric data is processed by MangoPay (as a processor of personal data authorized by Fundament) as described in PangoPay’s Privacy Policy:https://www.mangopay.com/privacy/ The consent can be withdrawn at any time by contacting us as specified in Clause 9 of the Privacy Policy, but the withdrawal will not affect the legality of the processing performed before the withdrawal.

Please be informed that without the consent for processing the biometrical data it is impossible to complete the online registration. In that case, you have the option to complete the registration in person at the Fundament’s office (address specified in Clause 9 of the Privacy Policy).

3.4.  We shall retain the personal data for as long as required by applicable legislation, or as necessary for the purposes of the processing stated in this Privacy Policy. For more detailed information regarding the data retention periods, please contact us as specified in Clause 9 of the Privacy Policy.

4.   Recipients of the personal data

4.1.  Fundament discloses your personal data to any third party only in accordance with applicable legislation.

4.2.  We may disclose your personal information to the following categories of recipients:

4.2.1.  to the authorised personnel of the Fundament and of entities belonging to the same group as the Fundament for the purposes and in a manner described in this Privacy Policy;

4.2.2.  to processors, who process your personal data on our behalf in the context of the services they provide to Fundament and are authorised by us to process personal data only for the purposes and in a manner established in this Privacy Policy (e.g. identity, data storage and IT service providers);

4.2.3.  to third party controllers if and to the extent which they are legally entitled to receive certain personal data under applicable legislation (banks, government bodies, law enforcement and supervisory authorities, research institutions) or in the context of the services they provide to Fundament and have undertaken to maintain the confidentiality of the personal data (e.g. advisors) or if it is necessary for defending our legitimate interests or claims;

4.2.4.  to the other party of any contract you have entered into via the Website and, if relevant, to the person acquiring the claim deriving from such contract, as well as, if necessary, to the security agent.

4.3.  We transfer your personal data outside of the European Union or the European Economic Area only in cases specified in article 49 of the General Data Protection Regulation.

5.   Exercising your rights regarding data processing

5.1.  If you would like:

5.1.1.  to receive information on whether and which personal data and how are processed by us within the services provided on the Website;

5.1.2.  to request the rectification, amendment, or complementation of your personal data if they are incorrect, incomplete, or insufficient;

5.1.3.  to request the deletion of your personal data (deletion is above all possible if, for example, we no longer require your personal data for the purposes described in this Privacy Policy in connection with which the data were collected or processed in another manner, your personal data are processed by Fundament based on your consent and you have withdrawn the consent, you have submitted objections against the processing of personal data and there are no significant lawful reasons for the processing, or your data has been processed unlawfully);

5.1.4.  to submit objections against the processing of your personal data for the purposes of direct marketing or for processing your personal data based on a specific situation, if such processing is based on Fundament’s legitimate interest;

5.1.5.  to restrict the processing of your personal data (if you have disputed the accuracy of the data, we do not need your data for the purposes of the processing, and you are not interested in the deletion of your data or if you have submitted an objection against the processing of your personal data);

5.1.6.  to request the transfer of your personal data to another data controller in compliance with the applicable legislation;

5.1.7.  to withdraw your consent given to the processing of your personal data for specific purposes (the withdrawal does not affect the lawfulness of the processing based on the consent before its withdrawal); or

5.1.8.  to express other wishes or submit other statements or requests related to the processing of your personal data or if you require further information about the processing, please contact us as specified in Clause 9 of the Privacy Policy.

5.2.  Please be informed that the above-mentioned rights are not unlimited and, in certain cases, the rights of other persons or the legitimate interests and/or obligations of Fundament may restrict the execution of your rights. We strive to ensure lawful and transparent processing of personal data, respecting the rights of the data subject. Should you find, however, that we have processed your personal data unlawfully or have violated your rights in connection with processing the personal data, please notify us thereof by sending an e-mail to the address specified in Clause 9. You may also file a complaint with the Estonian Data Protection Inspectorate (e-mail address: info@aki.ee).

5.3.  The Website may, from time to time, contain links to and from third-party websites. Please note that these websites and any services that may be accessible through them have their own privacy policies and we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. Please check these policies before you submit any personal data to these websites or use these services.

6.   Security

6.1.  We maintain adequate administrative, technical and physical security measures to protect your personal data against accidental, unlawful or unauthorized destruction, loss, change, access, disclosure, or use and other unlawful uses.

6.2.  Only our personnel and the personnel of our service providers who need the personal data to fulfil their duties related to the purposes established in this Privacy Policy and who are bound to observe the confidentiality obligation, the provisions of applicable legislation regulating data protection and this Privacy Policy in the processing of personal data have access to the personal data processed by us and our service providers.

6.3.  We test our systems regularly to make sure our security mechanisms are up to date. The security measures in place will, from time to time, be reviewed in line with legal and technical developments.

6.4.  The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to the Website. Once we have received the data, we will use strict procedures and security features to try to prevent unauthorized access.

7.   The use of cookies and other online technologies

7.1.  A cookie is a small data file that is saved automatically in your device through the browser when you are using the browser. Cookies include the specific details of the specific user of a website and the specific website. Cookies help you identify yourself on a website and enable you to use various functions on a specific website – for example, a website use your cookies to remember your preferences, settings, user habits, to collect data about visits to the website, etc. Fundament also uses Local Storage Objects for the same purpose.

7.2.  Upon visiting the Website, a pop-up window is opened on the website that notifies you of the use of cookies asks for your acceptance. If you refuse to accept the cookies, then only the technical cookies, strictly necessary for using the Website, shall be used.

7.3.  Refusing to accept the cookies may reduce the quality of your user experience and you may not have access to some of the services provided by us.

8.   Changes to the privacy policy

This Privacy Policy is valid from July 23, 2021. In the case of amendment of the Privacy Policy, the amendments and additions will enter into force when the new version is published on our website. Therefore, to find out the latest information regarding the processing of your data by Fundament we recommend visiting this website regularly.

9.   Contact

Questions, comments and requests regarding this Privacy Policy and processing of personal data by Fundament are welcome and should be addressed to Fundament OÜ, ADDRESS Tallinn, Estonia or e-mailed to info@fundament.trade.