Privacy Policy and terms of data protection

Privacy Policy and terms of data protection

Principles of data processing

We are Business Research and analytics company, with a mission to optimize the Lead-to-Cash business process for B2B sales-oriented companies. We are working to ensure that users of the next generation of CRM and ERP solutions receive the maximum of their tools, so that sales and credit management are done smartly and that specialists can devote themselves to activities thatle are important to business . We offer our clients fresh data, high quality relesi and top teadmust-class research to help businesses stand out from their competitors.

We collect data from national registers and databases of Estonian companies and companies, we clean, and we deserve them for both credit, sales and other analytics. Every week we pick up a myriad of data from which we allocate the factID of Estonian companies. We use high performance clusters to process big data.

In cooperation with the University of Tartu and Stacc OÜ, we have created a model for assessing the credit risks of companies. Customers are using the model in credit management. The model is created using machine learning methods, and its input uses thousands of parameters.

We have implemented application programming interfaces for both real-time economy and traditional economy services to transfer data to our clients. These services are used in mission-critical POS, CRM and ERP solutions, and therefore we offer them with our high availability private cloud solution.

1. Definitions used in the principles

1 CONTACT OÜ (Registry code 11375045, address Tähe 129b, Tartu) belongs to the Kreedix group, which processes personal data pursuant to article 6 (1) (f) of the GDPR as controller under these data protection conditions

1.1. Companies belonging to the Kreedix group and their Web pages (hereinafter: Kreedix Group):

1.1.1. Register oü , which is managed by the Web environment pages www.inforegister.ee and dataport Register API Register oü is a founding member of the Estonian Association of creditors. The Union (www.evul.ee) providessupport and protectionto its members (CA 2000) for the successful operation of the business, raises the credit awareness of creditors and contributes to the fairer and more transparent business environment.

1.1.2. Storybook OÜ , whose managed Web environment, www.scorestorybook.ee, www.scorestorybook.ee is a Business Media channel with newsfeeds.

1.1.3. 1 Contact OÜ , whose managed web environment is www.1contact.net

1.1.2. kreedix OÜ , which provides credit toiAdministrative Services such as pre-litigation debt management, representation of the client in judicial and enforcementproceedings.

1.1.3. Kreedix insurance broker OÜ , which operates credit risk management, by providinggaCredit Insurance Brokerage services to companies. Kreedix kindlustusbroker OÜ owns an activity licence of the Financial Supervision Authority

1.2. Data subject – identified or identifiable natural person

1.2.1. Data subjects whose personal data are processed by Kreedix Group are:

1.2.1.1. Customers who are natural personsfor the services of Kreedix Group, users of applications, or natural persons using the Informa, Scorestorybook, Register API, 1contact solutions.

1.2.1.2. Natural persons whose personal data (first and last name, personal identification code and links with the companies) originate in public information from public authorities (public databases) and who are the representatives of the companies in the following roles:

1.2.1.2.1. Interim Trustee in bankruptcy in the functions of the liquidator; Depositary Of documents; Special regime Trustee Special regime Trustee A limited partner authorised to represent them; Branch Manager; Self-employed person; Member of the Administrative Board; Member of the Management Board; Liquidator of the management board; Supervisory trustee in Bankruptcy; Liquidator Member of association with additional liability; The person competent to receive the procedural documents; Moratorium Administrator Pledgee Insolvency practitioner Procurator A full partner; Evidenced Member of the Cooperative; Shareholder Founder The founder (in-payment); Auditor Person authorised to represent them; A limited partner authorised to represent them; person (s) entitled to represent them; Undertaking Member of the Building Association; Member of the Management Board; Chairman of the Management Board; Member of the Management Board (manager); Member of the Local Government Association; Member congregation; The auditor who assessed the non-monetary contribution; Chairman of the supervisory Board; Member of the supervisory board; Shareholder Member of the bankruptcy Committee; Member of the audit Committee; The acquiring natural person; Legal representative of the company

2. Personal data and the means of their collection

2.1. Personal data are collected upon entry into the agreement,in the provision of a serviceand in any other manner by the user when using the website as follows:

2.1.1. The user himself transfers the personal data of the Kreedix group to the company (for example, enter his name, contact information, user name, password, posts a comment, uses various website functions and services);

2.1.2 The Kreedix group’s websites collect data about the user’s behaviour and activities when using the services and the website. Anformation on the conditions of use of cookies is available here.

2.1.3. The Kreedix group receives confirmation of the identity of the user from a third party who provides the relevant service. For example, a user can identify themselves through an ID card, mobile ID, Bank link, Facebook, and LinkedIn account. Kreedix Group does not see PIN 1 or PIN 2 codes. Thus, he also can not somehow savetheda them. By authenticating through ID-card and mobile-ID and signing declarations of intent or confirmations, the user is required to comply with the security requirements and recommendations established by the respective developers and the Kreedix group. We recommendyou to access the additional information provided in the web addressdel http://mobiil.id.ee and http://www.id.ee .

2.2. Kreedix group processes the following personal data:

2.2.1. Identification details (name, date of birth, gender, personal Identification code);

2.2.2. Contact information (telephone, e-mail), IP addresses and Cookies Cookie) data;

2.2.3. In the case of contractual payments, the bank details (user’s bank account, bank name);

2.2.4. Data from national registers and data collections (name, surname, personal identification code, country of residence, related roles in companies, start and end dates of the participation, size of the holding in euro.

3. Purposes and legal basis for the processing of personal data

3.1. The Kreedix group processes the user’s personal data for the following purposes and legal bases:

3.1.1. For the conclusion and performance of the agreement to be concluded or concluded with the user. For Example:

3.1.1.1. To assist and advise the user who has entered into a contract if the user has submitted a corresponding request;

3.1.1.2. To the contracting user for the transmission of invoices or other important notices concerning the service;

3.1.1.3. To the contracting user for the provision of contractual services,including access to the content of the website.

3.1.1.4.based on the user’s consentäiteks , as the Kreedix group considers the display of an advertisement of interest to the user if the user has consented to the installation of the respective cookies in their Web browser;

3.1.1.5. Send notifications to the user of Kreedix group’s partners ‘ services and benefits if the user has given the relevant consent;

3.1.1.6. Sending a newsletter to the user if the user has forwarded his or her e-mail address to the Kreedix group for this purpose;

3.1.1.7. To contact the user for direct marketing purposes where it is possible to assume, under a previously concluded contract with a customer, or on the basis of a service provided to him, that he is interested in the respective offer and that the user has not expressed dissatisfaction or raised objections to receiving such notices;

3.1.1.8. To ensure the performance of a contract entered into with the user, including the detection of breaches of the contract or legislation by and for verifying the users (for example, to submit claims against the user). In this case, the legal basis for the processing is the legitimate interest of the Kreedix group to protect its rights. In a situation in which the user has violated the agreement or the legislation, the interests and rights of the user are not weighed up by the legitimate interest of the Kreedix group;

3.1.1.9. To gather the website’s availability, service statistics, and other non-personalised technical information about the use of the website in order to complement the site and services.

3.1.2. To perform the duties arising from the Kreedix group’s statutory obligations. For Example:

3.1.2.1. Statutory obligation to maintain accounting records;

3.1.2.2. Obligation to transmit the personal data of users to the competent authorities on the basis of relevant legal requests;

3.1.2.3. The legal obligation of the Kreedix group to respond to the query or order submitted by the user.

3.2. The user’s personal data may also be processed if this is necessary in a specific case for the legitimate interests of the Kreedix group or a third party, unless such interest is raised by the interests or fundamental rights and freedoms of the user, for which personal data must be protected. It is necessary to protect the vital interests of the user or other natural person.

3.3. If the processing of personal data is based on the legitimate interest of the Kreedix group, the user shall have the right to object at any time.

4. Transfer of personal data to service providers (processors)

4.1. The Kreedix group uses service providers (authorised processors within the meaning of the GDPR) when processing user’s personal data. The Kreedix Group is convinced of the reliability of such service providers, entered into employment contracts with them, and is responsible for their activities.

4.2. The Kreedix group uses the authorised processors belonging to the following categories: companies belonging to the Kreedix group, server and cloud service providers, Kreedix group cooperation partner companies – IT developers.

4.3. The employees of the Kreedix group are obliged to keep the personal data entrusted to them in the course of their duties, in accordance with their contracts and valid legislation konfidentsiaalsOJ. Theonfidential retention of data is an le indeterminate for the Kreedix Group’s employeesle and formerle employees.

5. Transfer of personal data to third parties

5.1. The Kreedix group shall transmit the personal data of the user to third parties only if the Kreedix group is required to do so by law, if this is necessary for the performance of the Agreement entered into with the user, if the Kreedix group has a legitimate interest in it or if the user has given his or her consent.

5.2. The Kreedix group shall transmit the user’s personal data to the following third parties:

5.2.1. To enable companies belonging to the Kreedix group to provide the customer with the benefits of the undertakings in the Kreedix group. In this case, the legal basis for the transfer is the legitimate interest of the Kreedix group to provide the service;

5.2.2. To supervisory, investigation and enforcement authorities on the bases provided by legislation. In this case, the legal basis for the transfer is the fulfilment of the obligation of the Kreedix group (ne);

5.2.3. To auditors, legal and other counsellors, where necessary to fulfil their obligations in front of the Kreedix group and provided that they keep the relevant data confidential. In this case, the legal basis for the transfer is thenfulfilment of the requirement of the Kreedix group(e) (e.g. auditors) or the legitimate interest of the Kreedix group to protect its rights;

5.2.4. The person engaged in the collection of debts, if the user has received debts to the Kreedix group. In this case, the legal basis for the transfer is the legitimate interest of the Kreedix group in defending its rights. In circumstances where the user has violated the agreement or otherwise violated the rights of the Kreedix group, the interests and rights of the user shall not outweigh the legitimate interest of the Kreedix group.

6. Profiling

6.1. Prosizing shall be carried out only in respect of natural persons acting in the representative roles of companies, which shall enable the undertakings concerned to assess the solvency of those undertakings and the likelihood of the receipt of the money before and after the sale transaction. Information about the history of the companies involved in the natural persons is necessary to identify patterns of payment patterns and to make projections in related companies. Such data processing and analysis shall be carried out on the basis of the legitimate interest of the Kreedix group.

7. Storage of personal data

7.1. The Kreedix group retains the user’s personal data until it is necessary to fulfill the purpose of their collection, to protect the rights of the Kreedix group or until it is required by law.

7.2. According to the type of personal data, Kreedix retains the user’s personal data as follows:

7.2.1. Accounting Documents: 7 years from the end of the relevant financial year, due to the requirement of law;

7.2.2. Personal data relating to the contract and/or registered in the applications: 5 years from the end of the contract and/or 5 years after the last login to the software applications;

7.2.3. Natural persons in the roles of the representatives of the companies if the person has completely ceased business and 5 years have passed since the last role (in accordance with paragraph 37 (4) of the Cys, according to which the limitation period for the claim to be lodged against the appointee of the legal person is five years).

7.2.4. Cookie data: According to the conditions of use of cookies .

8. Security

8.1. The Kreedix group implements the principle of minimum processing of personal data and has introduced the necessary organisational, physical and information-technical security measures to ensure the security of the user’s personal data.

8.2. The user who created the account on the website undertakes to keep the username and password required to enter the website and in such a way that it is not received by third parties unless he or she has authorized the third party to use his/her user ID and password for the use of the services.

8.3. The user who created the account on the website must immediately inform the Kreedix group if his or her user ID or password has disappeared or fallen into possession of third parties, so that the Kreedix group can take appropriate measures to ensure the security of the personal data.

8.4. The Kreedix group shall not be liable for any breaches of security requirements due to the user’s own activities.

9. User rights and obligations

9.1. To the extent regulated by the relevant legislation (in particular, the GDPR), the user has the right to exercise the following rights with regard to personal data processed by the Kreedix group:

9.1.1. Request access to personal data;

9.1.2. Request the rectification of personal data;

9.1.3. Require erasure of personal data;

9.1.4. Raise objections to the processing of personal data, in particular where the Kreedix group does not process them on the basis of a legitimate interest;

9.1.5. Require the transfer of personal data;

9.1.6 submit complaints about the processing of your personal data;

9.1.7. Withdraw your consent to the processing of personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing on the basis of prior consent.

9.2. In order to exercise his or her rights, the user must contact the contact details of the principles set out in clause 13 of the policies of Kreedix. The user who created the account on the webpage can also perform certain permissions through their user account.

9.3. The Kreedix group has the right to request the submission of additional information necessary for the identification of the user.

9.4. The Kreedix group will respond to the user’s request within 30 days and inform the users whether and what measures have been taken to resolve the request of the Kreedix group user. If the application is complex or capacit, the time limit for answering the Kreedix group may be extended by 60 days. If the Kreedix group does not act in accordance with the user’s request, it shall inform the user of the reasons for not taking action and explain the possibility of submitting a complaint to the Data Protection Inspectorate or to contact the Court for Protection of its rights.

9.5. If the user’s requests are manifestly unfounded or excessive, in particular because of their repetitive character, the Kreedix group may either:

9.5.1. charge a reasonable fee; Or

9.5.2. Refuse to accept the measures requested.

9.6. The user may demand deletion of personal data only if one of the following mounts is present:

9.6.1. Personal data is no longer required for the purposes for which they were collected or otherwise processed;

9.6.2. The user withdraws the consent for processing personal data and there is no other legal basis for processing personal data;

9.6.3. The user submits an objection to the processing of personal data based on the legitimate interest of the Kreedix group and there are no overriding legitimate reasons for processing;

9.6.4. The user submits an objection to the processing of personal data for direct marketing purposes;

9.6.5. The personal data have been unlawfully processed;

9.6.6. Personal data must be erased for the purpose of fulfilling the legal obligation of the Kreedix Group;

9.6.7. Natural persons in the roles of companies ‘ representatives in cases where a person has completely ceased business and the last role has been over 5 years.

9.6.8. The personal data of a child under 13 years of treatment which is processed on the basis of consent.

9.7. If the user requires the deletion of personal data, he/she shall justify in his/her application the principles of which he or she requires it on the basis referred to in paragraph 9. The Kreedix group is not obliged to delete personal data if there is no basis for this, or if the processing of personal data is necessary for the following reasons:

9.7.1. Exercising the right to freedom of expression and information;

9.7.2. In order to comply with the law obligation of the Kreedix Group;

9.7.3. In order to draw up, present or defend legal claims;

9.7.4. The Kreedix group has other legal bases for processing personal data.

9.8. If the user’s personal data processing is based upon the consent of the user, the user has the right to withdraw the consent for processing the personal data at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to withdrawal.

9.9. If the user’s personal data are subject to an infringement and the Kreedix group considers that it is likely to pose a high risk to the user’s rights and freedoms, the Kreedix group entity shall inform the user without undue delay of the contact information provided by the user to the Kreedix group or, if this is not possible, publicly.

9.10. In order to keep user’s personal data up-to-date, the user has the obligation to inform the Kreedix group of changes in their personal data.

9.11. If the rights of the user have been violated, the user has the right to file a complaint with the Data Protection Inspectorate or to enforce his or her rights in court.

10. Profiling for marketing purposes

10.1. The Kreedix group performs proediting for users for marketing purposes in the browser of users ‘ web browsers, or of text files or cookies (including Cookies). Profiling is a data processing aimed at making predictions about the demographic characteristics (gender, age) and interests of the user and, accordingly, displaying advertisements and offers to the user that the Kreedix group thinks might be of interest to the user.

10.2. Profiling for marketing purposes does not result in any legal decisions taken against the user.

10.3. The Kreedix group uses profiling for marketing purposes on the basis of a legitimate interest. The user may, at any time, object to the Kreedix group on profiled for marketing purposes or to prohibit the storage of cookies in their browser by setting up their browser accordingly. For more information on the cookies used by the Kreedix group, including how to set up your own v-browser cookies, please refer to the terms of use of the Kreedix group cookies.

10.4. The Kreedix group does not use personal data for procreation that the user who created the account on the website has submitted to the Kreedix group for the purpose of creating the account or concluding the contract.

11. Change the Principles

11.1. Kreedix Grtupil may need to change these principles due to changes in legislation, the processes of processing personal data of the Kreedix group or the instructions given by supervisory authorities or courts. In this case, the Kreedix group will notify the user of a reasonable time before the respective changes are applied.

12. Procedures relating to personal data breaches

12.1. Kreedix Group shall document any personal data breaches, including circumstances, effects and corrective actions. taThe Data Protection Inspectorate shall notify the breaches within 72 hours (except if the violation does not constitute a danger to a person).

12.2. The Kreedix group shall inform the person promptly of any breach of its data if it presents a high risk (unless the data has been rendered illegible or other mitigating measures have been taken or if the notification requires unreasonable effort – in the latter case the communication of the person with a public announcement is replaced).

13. Contact

13.1. In order to exercise their rights, withdraw their consent, as well as to obtain further explanations and submit a complaint against the Kreedix group, the user may contact the Kreedix group in the following contacts:
Data protection officer, whose contact details are: e-mail address andmekaitse@ir.ee; Mailing Address Tähe 129B, Tartu