We understand the special importance of the protection of your personal data, therefore, we collect and process only such data that is necessary for the performance of our activities. We process personal data lawfully, transparently and fairly, for pre-determined purposes and only to the extent necessary to achieve the purposes of the processing. When we process personal data, we strive to ensure that it is accurate, secure, confidential, and is properly stored and protected.
When processing your personal data, we comply with the General Personal Data Protection Regulation (EU) 2016/679 (hereinafter referred to as GDPR) adopted on 27 April 2016, the Personal Data Protection Act in Estonia, as well as other requirements for the processing of personal data established by other legal acts and/or controlling authorities in Estonia.
- WHAT IS THIS DOCUMENT?
- WHO ARE WE?
2.1. 2.1. Numai Estonia OÜ, with business address at Rottermanni 6, Tallinn, company registry code: 16328145, phone +372 6631103, e-mail: [email protected].
- WHAT PRINCIPLES DO WE FOLLOW?
3.1 When processing your personal data, we:
(a) comply with the requirements of valid and applicable legal acts, including the GDPR;
(b) process your personal data in a lawful, fair and transparent manner;
(c) will collect your personal data for specified, clearly defined and legitimate purposes and will not continue to process it in a way incompatible with those purposes, except to the extent permitted by law;
(d) take all appropriate steps to ensure that inaccurate or incomplete personal data is rectified, supplemented, suspended or destroyed without delay;
(e) will keep them in such a form that your identity can be established for no longer than is necessary for the purposes for which the personal data are processed;
(g) will ensure that your personal data are processed in such a way as to ensure the appropriate security of personal data through appropriate technical or organisational measures, including protection against unauthorized or unlawful processing of data and against accidental loss, destruction or damage.
- HOW DO WE COLLECT YOUR PERSONAL DATA?
4.1. We process your personal data obtained in the following ways:
(a) When you provide them to us. You provide us with your personal data and other information through the Website, such as by registering your account, completing and sending us an inquiry or application, contacting us by telephone, in writing or by e-mail.
- FOR WHAT PURPOSES AND HOW DO WE PROCESS YOUR PERSONAL DATA?
5.1. Our services are intended for natural persons and legal entities, therefore, we usually process your personal data if you are the manager, representative and/or contact person of a legal entity (our potential or existing customer). We may also process your data when you are acting as the ultimate beneficial owners, persons securing customer obligations and other persons involved in the provision of services.
• contact details (address of the place of residence, e-mail, telephone number, etc.);
• data on the data subject's relations with legal persons (positions, workplace address, number of shares, etc.);
• data of the self-service profile on the website (login, password, etc.);
• financial data (available financial liabilities, income, credit rating, etc.);
• absence of adverse circumstances (debts, seizures, insolvency, etc.);
• data on available movable and immovable property to be registered, property rights, securities, and their restrictions, etc.;
• information on marital status,
• other information you provide (including through inquiries and / or complaints) or that we collect to provide our services.
• our legitimate interests;
• to perform the contract or to take pre-contractual measures at the request of the data subject;
• The legal obligation applicable to the controller in relation to money laundering and terrorist financing prevention requirements and other activities related to the "Know your customer" requirement.
• If the NUMAI offer is sent but the contract is not concluded, the data shall be stored for 2 months from the date of sending the offer;
• In the case of concluding a contract, during its validity and for 10 years from the end of the contract, unless the (legal) dispute lasts longer (in which case – until the date of the final decision of the competent authority).
5.2. The exact amount of personal data and how we process it depends on the specific relationship between you and us. We may process your personal data for the following independent purposes:
(a) For the purposes of creditworthiness assessment, contract conclusion and the provision of NUMAI services.
When you, in person or as a manager or representative of a legal entity, contact us by completing a Rent to Buy application through our Website or apply for NUMAI services by e-mail or otherwise, the following data may be processed for this purpose:
(b) Created individual profiles for the purpose of administration, identification, proper provision of services in the Self-Service Customer Area of the Website. You provide us with your personal data when you use the Website through your personal account (which provides a convenient and quick way to perform electronically the functions permitted by the system accessible through the Customer Area option on the Website). We also process your personal data if you register on the Website or use it as a representative and/or contact person of a legal entity. Each account holder can view, edit and delete their personal data at any time (except for the login). The following personal data may be processed for this purpose:
• On the basis of a legitimate interest, namely in the proper administration of the Website and our related activities.
• If the loan agreement is not concluded – for 1 year from the last login of the user.
(c) In order to improve the Website, offer better services personalized to you. We use your personal data, including the personal data we receive from you when using our Website, to improve and develop the Website and to offer better and more personalized services to you. For this purpose, we receive the data from you (by cookies when you are using the Website) and/or from third parties.
(d) for the purpose of ensuring communication, administration, quality control of our activities (handling of complaints and/or inquiries as well as communication submitted by you, including – retention). When you contact us (or we contact you upon receipt of your request), we process information received in writing, by e-mail, through the Website or otherwise, which may include personal data:
• our legitimate interest in evaluating our customers' feedback with a view to improve the quality of our operations and the services we provide.
• when executing a request or analysing a complaint, we may collect personal data ourselves (for example, upon receipt of your complaint, we will contact our employees regarding the actual circumstances of the complaint and record them, etc.).
• third parties: distributors, compliance service providers, or other persons involved in the performance of the activity.
(e) for other purposes specified in our Personal Data Processing Rules and/or other internal documents, when we are obliged to process your personal data by legal acts or there is a legitimate interest or other grounds for lawful processing of personal data provided by legal acts.
5.4. Do not provide excessive personal data that is not necessary to achieve the stated purposes.
5.5. Our authorized processors process personal data only in accordance with our instructions and only to the extent necessary to achieve the set objectives.
6.1. We collect information about you using cookies and similar technologies. Cookies are small files that are temporarily stored on your device’s hard drive and allow us to identify you during other visits to the Website, save a person’s browsing history, options, customize content, speed up searches, create a convenient and friendly environment, and make it more efficient and reliable. Usage of cookies is a common web browsing practice that makes it easier to use websites.
6.3. We use the information obtained from cookies:
(a) to ensure the functionality of the Website;
(b) to enable us to improve and develop the Website to better meet your needs;
(c) for the development of services and analysis of the use of the Website;
(d) for targeted promotional solutions.
(a) necessary (technical) cookies – cookies that are necessary for the operation of websites. These cookies cannot be disabled;
(b) functional cookies – cookies, which, although not necessary for the operation of websites, significantly improve their operation, quality and visitor experience. These cookies store information about your preferences and allow us to customize your experience of using the Website according to your needs;
(c) analytical (statistical) cookies – cookies used for the preparation of statistical analysis of the navigation methods of the website by visitors; the data collected by these cookies is used anonymously;
(d) targeted or promotional cookies – cookies that are used to display offers or other information that may be of interest to you.
6.6. Information about the cookies used on the Website, their purpose, validity and data used can be found here.
6.9. In some cases, especially disabling, opting-out or deleting technical, functional cookies may slow down the speed of Internet browsing, restrict the operation of certain functions of the Website, block access to the Website.
- WHO DO WE PROVIDE YOUR PERSONAL DATA TO?
7.2. We may transfer your personal data to partners who help us conduct business. We require such entities to process your data only in accordance with the instructions given by us and the applicable data protection legislation. We enter into agreements with these persons, which impose strict adherence to personal data protection requirements.
7.3. The use of your data by the abovementioned service providers is limited – they may not use this data for purposes other than providing services to us.
- HOW LONG DO WE STORE YOUR PERSONAL DATA?
8.1. We store your personal data for no longer than required by the purposes of the processing or as required by law, if it provides for a longer retention period.
8.2. We strive not to store outdated, out-of-date personal data, so only up-to-date information is stored after it is updated (e.g. upon its revision, changing, etc.). Historical information is stored if it is required by law or for the performance of our activities.
- HOW DO WE STORE YOUR PERSONAL DATA?
9.2. Unfortunately, the transfer of information over the Internet is not completely secure. Although we make every effort to protect your personal data, we cannot guarantee the security of your data when you transfer data to the Website – you assume the risks associated with the transfer of data to the Website. When we receive your data, we will apply statutory procedures and security measures to protect your data from unauthorized access, unauthorized processing or disclosure, accidental loss, deletion, or destruction.
9.3. If unlikely circumstances arise and we become aware of a personal data breach that could seriously jeopardize your rights or freedoms, we shall notify you immediately as soon as we become aware of it and determine what information has been accessed.
9.4. The Website uses a Letsencrypt.org SSL certificate
(a) Verified website identity (you are visiting the real domain owner’s website and you are not redirected to a hacked server)
(b) All data transferred between the server and the browser is encrypted (network hackers can no longer read it).
- c) Data integrity and originality are ensured (routers on the route cannot correct or censor the transferred information).
(d) More information is available at https://letsencrypt.org.
- EXTERNAL WEBSITES
10.1. The Website may contain links to external websites, such as our business partner websites or websites where we have accounts and which are used to promote our services. By following such links to any of the websites, please note that these websites and the services accessed through them have their own separate privacy policies and we do not accept any responsibility or liability for these policies or for personal data collected on or through these websites, such as contact or location details. We encourage you to review these policies before submitting personal data on such websites or using any services provided therein.
- WHAT RIGHTS DO YOU HAVE?
11.1. When processing personal data, we ensure your rights in accordance with GDPR and the Republic of Lithuania Law on Legal Protection of Personal Data. As a personal data subject, you have the following rights:
(a) to know (be informed) about the processing of your personal data;
(b) to access your personal data that we process;
(c) to demand the correction or supplementation, revision of incorrect, inaccurate, incomplete personal data;
(d) request the deletion of personal data if you withdraw your consent or if they are no longer needed for the purposes for which they were collected;
(e) restrict the processing of personal data;
(f) object to the processing of your personal data;
(g) require, where technically possible, the provision to you or the transfer to another controller of personal data collected in a readable format for the purpose of consent or for the purpose of performing the contract;
(h) submit a complaint to the Data Protection Inspectorate.
11.2. We will endeavour to guarantee the exercise of your rights as a personal data subject and to create all conditions for the effective exercise of these rights, but we reserve the right not to comply with your requirements when it is necessary to ensure:
(a) the performance of the legal obligations imposed on us;
(b) national security or defence;
(c) public order, the prevention, investigation, detection or prosecution of criminal offenses;
(d) important economic or financial interests of the State;
(e) prevention, investigation and detection of violations of official or professional ethics;
(f) protection of your or others’ rights and freedoms.
11.4. Upon receipt of your request, we shall respond to you no later than within 30 calendar days from the receipt of your request and the date of submission of all documents required for the response.
11.6. If we refuse to comply with your request, we shall clearly state the grounds for such refusal.
11.7. If you do not agree with our actions or the response to your request, you may appeal against our actions and decisions to the competent public authority.
- HOW CAN YOU FILE A COMPLAINT?
12.1. If you wish to file a complaint about our processing of data, please provide it in writing, providing as much information as possible, using the contact details provided at the end of this policy. We shall cooperate with you and try to resolve any issues immediately.
188.8.131.52. If you think that your rights have been violated in accordance with the GDPR / other applicable personal data protection legislation, you can file a complaint with our supervisory authority – the State Data Protection Inspectorate of the Republic of Lithuania, more information and contact details can be found on the Inspectorate’s website (https://vdai.lrv.lt/). Although, above all, we seek to resolve all disputes with you promptly and amicably.
- HOW CAN YOU CONTACT US?
a) by post: Numai Estonia OÜ, postal address Rottermanni 6 Tallinn, Estonia;
b) e-mail address: [email protected];
(c) contact telephone number: +3726631103