Customer Data Processing Principles

CUSTOMER DATA PROCESSING PRINCIPLES OF IPEC INVEST (IPEC OÜ)

1. General provisions
1.1. These customer data processing principles (hereinafter the Principles) describe how Ipec Invest (Ipec OÜ)(hereinafter the Lender) collects and uses customer data and explain the customer’s rights.
1.2. The Principles apply to all customers, including customer relationships established before the
Principles were published or entered into force.
1.3. Customer agreements and service terms may include additional or more detailed data processing provisions. In the event of a conflict, the service terms and the agreement prevail to the extent they comply with applicable law.
1.4. The Lender processes customer data:
• to comply with legal obligations (including national laws, EU legislation and supervisory
guidance);
• to enter into, perform and enforce the contract with the customer;
• on the basis of the customer’s consent;
• on the basis of the Lender’s legitimate interests, in particular to protect its rights and to
provide the service securely.
1.5. By entering into a customer relationship with the Lender or expressing a wish to do so, the customer confirms that they are aware of the data processing described in the Principles.
1.6. Ipec Invest (Ipec OÜ) implements appropriate organisational, physical and IT security measures to protect customer data and requires the same level of protection from any authorised processors.
1.7. Data is collected mainly in the following ways:
• the customer provides the data directly;
• Ipec Invest (Ipec OÜ) makes enquiries to public registers and uses sources permitted by law;
• data is generated in the course of performing the contract.
1.8. If the customer refuses to provide the data necessary prior to entering into the contract, Ipec Invest (Ipec OÜ) may refuse to enter into the contract or provide the service.
2. Definitions
2.1. Customer data means any information about the customer that becomes known to the Lender within the customer relationship, including personal and contact data, transaction data, and information lawfully obtained from public databases/public sources or from third parties.
2.2. Customer (data subject) means a person who applies for, uses or has used Ipec Invest (Ipec OÜ) services, or is otherwise related to the service (e.g., a guarantor or collateral provider).
2.3. Processing means any operation performed on customer data (e.g., collection, storage, use, disclosure, retention, deletion).
2.4. Lender means Ipec Invest (Ipec OÜ).
2.5. Controller means Ipec Invest (Ipec OÜ).
2.6. Third party means any natural or legal person who is not the customer, the Lender or an authorised processor.
7. Customer rights (contact) For explanations or complaints regarding the processing of customer data, the customer may
contact: info@ipecinvest.ee