This policy is applicable to anyone who uses, has used, has expressed interested in using or is in any other way related to services provided by Viventor, including clients that have registered before this policy has come into force.
Processing of data–is any type of activity or a set of activities performed with personal data automatically or manually, for example, collection, registration, organisation, structuring, storage, adaptation or modification, recovering, viewing, using, disclosing, transmitting, distributing or otherwise making them available, matching or combining, limiting, erasing or destroying.
VIVENTOR–SIA “ViVentor”, registration number: 40103920304, address: Audēju iela 14 -3, Rīga, LV-1050, under domain www.viventor.com.
Client–any natural person or legal entity, that has used or has expressed intent in using any of the services provided by Viventor or in any other way connected to Viventor.
Personal data–any information relating to an identified or identifiable natural person (data subject); identifiable natural person is one which can be directly or indirectly identified in particular by referring to an identifier, such as the name, surname, identification number, location data, online identifier or one or more physical, physiological, genetic, mental, economic, cultural or social identity.
2.1. This policy provides general information on how Viventor carries out Personal data processing. A detailed description of personal data processing is provided to clients, including it in their contracts and in other documents related to services provided by Viventor, as well as on the website of Viventor.
2.2. Viventor ensures the confidentiality of personal data within the framework of applicable laws and enforces appropriate technical and organizational measures to protect personal data of clients from unauthorised access, unlawful processing or disclosure, accidental loss, alteration or destruction.
2.3. Viventor personal data processing may be used by personal data processors. In such cases, Viventor shall take the necessary steps to ensure that such Personal Data processors process personal data in accordance with Viventor guidelines and in accordance with the applicable laws and regulations and require appropriate security measures.
3.PERSONAL DATA CATEGORIES
Personal data may be collected from the Customer and from external sources such as public and private registers or third parties. The categories of personal data that Viventor collects and processes most, but no limited to are:
Identification data, such as name, surname, personal identification number, date of birth, gender, passport or ID card details, a copy of utility bill, a copy of personal identification document (copy of passport, copy of ID card).
Contact information, for example, address, telephone number, e-mail address, communication language.
Professional data, for example, information about clients’ occupation and activity area.
Data on reliability and research, such data that allows Viventor to conduct customer research activities, to prevent money laundering and terrorist financing, and to verify compliance with international sanction lists, including the purpose of the cooperation and whether the client is or is not a politically significant person.
Data on the client’s tax residency, such as county of residence, taxpayer number and nationality.
Communication data is obtained by visiting Viventor website through the online web application or by contacting other channels.
Service-related data, such as execution or non-execution of contracts, transactions performed, contract concluded, applications submitted, requests and complaints.
4.REASONING AND BASIS ON PROCESSING OF PERSONAL DATA
Viventor primarily carries out processing of personal data for:
4.1. For General customer relationship management and in order to grant access to services provided by Viventor as well as administration. In order to conclude and execute a contract with the Client; ensuring the accuracy of the data by checking and updating internal and external data sources. Processing is required for: 1) execution of a contract with the client; 2) to take pre-contractual measures at the Customer’s request; 3) in order to fulfil legal commitments imposed by regulating law and contract.
4.2. Client’s and/or Viventor’s interests
To protect the interests of the client and/or Viventor; and to know the quality of the services provided; and to provide evidence of commercial transactions and other commercial communication. Processing is required for: 1) execution of a contract with the Clients; 2) to take pre-contractual measures at the Client’s request; 3) to fulfil the legal commitments imposed by regulating law and contract; 4) customers’ consent; 5) legitimate interests of Viventorto prevent, limit and investigate an unlawful use of services provided by Viventor; 6) internal training or service quality assurance.
4.3. Additional services, customer surveys, market analysis, statistics. In order to offer the Client personalized offers. Processing is required for: 1) Customer’s consent. To conduct customer surveys, market analyses, aggregate statistics:1) legitimate interests of Viventor to improve the services provided, to improve customer experience and to develop new services and improvements; 2) Customer’s consent.
4.4. Legal obligations and identity checks: In order to comply with the applicable laws and international agreements of Viventor. For example, implementation of know-your-customer (KYC),verification of the identity of the client,market transparency requirements and to be able to provide information to competent authorities in order to prevent, detect, investigate and report on potential criminal offenses, money laundering, terrorism financing, whether the client is subject to financial sanctions or is a political significant person and knowledge of client’s activity. Processing is required for: 1) execution of a contract with the client; 2) to take pre-contractual measures at the client’s request; 3) to fulfil the legal commitments imposed by regulating law and contract; 4) legitimate interests of Viventor to ensure well-considered risk management and company management.
4.5. To prevent the abuse of dishonest use of services and to provide proper provision of services. To sanction and control the access to digital channels, to prevent unauthorized access and to ensure information security. Processing is required for: 1) execution of a contract with the client; 2) to take pre-contractual measures at the client’s request; 3) to fulfil the legal commitments imposed by regulating law and contract; 4) Client’s consent; 5) legitimate interests of Viventor to control Viventor’s authorization, access and operations.
4.6. To improve technical systems, IT infrastructure and to develop services provided by Viventor. For example, testing and refining technical systems and IT infrastructure. Processing is required for: 1) legitimate interests of Viventor to improve the technical systems and IT infrastructure.
4.7. Establishment, implementation and defence of a claim to the rights to receivables.
In order to establish, implement, defend and enforce a claim to the rights of receivables.Processing is required for: 1) execution of a contract with the client; 2) to take pre-contractual measures at the client’s request; 3) to fulfil the legal commitments imposed by regulating law and contract; 4) legitimate interests of Viventor to impose and exercise the claim rights to receivables on behalf of investors.
4.8. Fulfilment of economic activities of VIVENTOR and the obligations under the concluded transactions.In order to fulfil Viventor’s economic activity and the obligations under the concluded transactions. Carry out Viventor’s operations according to its business model –allowing registered clients to purchase the rights to receivables of loans listed on Viventor’s online platform (www.viventor.com). Processing is required for: 1) execution of a contract with the client; 2) legitimate interests of Viventor to carry out business activities and fulfill the obligations of the concluded transactions.
5.PROFILING AND AUTOMATIC DECISION MAKING
5.1 Profiling is automatic processing of personal data that is used to evaluate certain clients’ personal characteristics. Profiling is used for analysis, automated decisionmaking and creditworthiness assessment. Processing is required for: 1)Client’s consent; 2) legitimate interests of Viventor to use profiling and automatic decision making.
5.2. Viventor may also collect statistical data about the Customer, including information about typical behavior, usage of services on the basis of transactions concluded by the Client in our intranet www.viventor.com.
5.3. In the event of data subject only receiving an automated decision, the data subject has the right to request a review of the decision without the application of automated decision tools.
6.PERSONAL DATA RECIPIENTS
Personal data may be transferred to other recipients, for example:
6.1. Institutions (e.g. law enforcement agencies, sworn bailiffs, sworn notary offices, tax administrations, supervisors and financial intelligence agencies).
6.2. Auditors, legal advisers or other Viventor related Personal Data processors.
6.3. Other people involved in the provision of Viventor services, including archiving, postal service providers, etc..
6.4. Existing and potential Loan Originators (partners).
7.GEOGRAPHICAL AREA OF PROCESSING
7.1 Personal data is processed in the European Union / European Economic Area (EU / EEA), but in some cases they may be transferred and processed in countries outside the EU / EEA.
7.2 Transfer and processing of personal data outside the EU / EEA can take place if it has a legal basis, that is (for example) to fulfil a legal obligation, sign or execute the contract, or with the consent of the Client and if appropriate security measures have been taken. Appropriate security measures include, for example:
-An agreement has been signed, including standard EU contractual clauses or other approved rules of the EU Treaty, code of conduct, certification, etc. approved under the General Data Protection Regulation;
-In the EU / EEA non-EU country where the recipient is located, an adequate level of data protection is ensured in accordance with the EU Commission Decision;
-The recipient is certified under the Privacy Shield (applies to recipients located in the United States).
7.3 Upon request, the Client may receive additional information on the transfer of Personal Data to countries outside the EU / EEA.
8.1 Personal data will only be processed and stored for as long as necessary for the specific purpose. The period of retention may be based on an agreement with the Client, the legitimate interests of Viventor or applicable regulatory enactments (for example, laws on accounting, anti-money laundering limitation, civil rights, etc.).
9.RIGHTS OF THE DATA SUBJECT
The Client (the data subject) has rights in respect of the processing of his or her data, which is classified as Personal Data in accordance with applicable regulatory enactments. These rights are as follows:
9.1. Request to rectify your Personal Data if it is incomplete or incorrect.
9.2. Ensure the processing of your Personal Data if the Processing is not based on legitimate reasoning, including opposition to personal data profiling.
9.3 Request the deletion of your Personal Data, for example, if the Personal Data is processed based on consent and the Customer has withdrawn his consent. This right shall not be valid if the Personal data is requested, collected and processed on the basis of other legal grounds, such as the contractor obligations arising from the relevant regulatory enactments.
9.4. Restrict Processing of your Personal Data in accordance with the applicable regulatory enactments, for example, at a time when Viventor assesses whether the Client is entitled to the deletion of its data.
9.5 Receive information as to whether Viventor processes the Customer’s Personal Data and, if processes, also gain access to them.
9.6. Receive the Personal Data, which was provided by the Client to Viventor and processed on the basis of the consent and fulfilment of the agreement in writing or in one of the most commonly used electronic formats and, if possible, transfer such data to another provider (data portability).
9.7. Revoke your consent to the processing of your Personal Data.
9.8. Avoid being subjected to fully automated decision making, including profiling, if such decision-making has legal effects or it has a similarly significant effect on the Client.
9.9. Submit complaints regarding the use of Personal Data to the Data State Inspectorate (www.dvi.gov.lv) if the Client suspects that Processing of Personal Data violates his or her rights and interests in accordance with the applicable regulatory enactments.
10.1 The Client may contact Viventor about any questions, withdrawal of consent, requests, the exercise of the rights of data subjects and complaints about the use of Personal Data.
10.2 Viventor contact information is available on the Viventor website at www.viventor.com.
10.3 Contact details of the appointed Data Protection Officer: firstname.lastname@example.org or Audēju iela 14-3, Riga, LV-1050 with a subject line “Data Protection Officer”.
11.POLICY EFFICIENCY AND AMENDMENTS
11.1 This Policy is available on Viventor website: www.viventor.com
11.2 Viventor holds the right to unilaterally amend this Policy in accordance with the applicable regulatory enactments at any time, notifying the Client of the relevant amendments on the Viventor website, by e-mail or in any other way (for example, in the media) no later than one month before the amendments coming into force.