Posted on: 20.04.2021
1. Company information
Fairown Finance OÜ (a company duly incorporated and validly existing under the laws of the Republic of Estonia with registry number 14469114, VAT number EE102066450 and a registered seat at Laeva 2, TALLINN 10111, ESTONIA; hereinafter referred to as “Fairown” or "we", "us", "our") is a business providing a subscription financing platform and related services. Fairown enables merchants to sell their products offering subscription financing for consumers.
2. How to contact us?
You can contact us by email or telephone. Our contact details are provided on the "Contact" page of our Website.
3. What is Personal Information?
Personal information is any information about you as an identifiable individual. The personal information that we collect and process includes:
· basic information – such as first and last name, your company name and your title in the company
· contact information – such as your contact email address and phone number;
· business information – such as your business industry you are in, type of business, average transaction size,
· preferences – such as your clients prefer to replace the existing products
· technical information – such as information about the device you use to interact with us;
· correspondence – when you contact us, such as to send an inquiry or make a request, any correspondence or
· application may be kept and added to your personal information.
We collect the following personal information:
· Information we receive from cookies when you are using our website (non-personal).
· We perform automated processing decisions (including profile analysis).
We use this personal information for the following purposes:
· to contact you for possible cooperation and provide services;
· to analyze customer trends;
· to operate our business, including for internal purposes such as auditing, data analysis and statistical;
· purposes and troubleshooting to help us improve our services;
· to confirm prior transactions and reconcile statements or invoices.
Sharing collected personal data:
We share your personal data with our service providers and other third parties in accordance with applicable law. We may share your Personal Data with our corporate affiliates and outside accountants, legal counsels and auditors.
We also may be in a situation where we are legally obliged to disclose some or all of your Personal Data or where we reasonably believe that we are so obliged. This may be the case if we receive a request from an authority or there is a law or regulation that requires disclosure. We also may be compelled to disclose your Personal Data by a judicial, arbitral, administrative, or otherwise mandatory order or judgment. Where any of the abovementioned applies, we shall make the disclosure, and we may not be permitted to tell you that your Personal Data have been disclosed.
There may also be situations where we find the disclosure of your Personal Data to be necessary in order to exercise, enforce or defend our rights, freedoms, or legitimate interests.
In case we share your data with the above parties, we will ensure the protection of your data with our data-processing agreement between the third party and us.
When you visit our Website or retrieve resources (e.g. files or other information) that for part of a Website, certain pieces of data known as cookies (small text files) are sent to the device you are using and will be stored there. Your web browser stores them either at our request or the request of a third party whose services we use. Each cookie distinguishes you from other users and Website visitors.
· Analysis of how the website is used by its visitors
· Tailoring of content based on how users use the website
Example of data we might collect:
· Browser Information
· Operating System Information
· IP Address
· Pixel tags and other technologies
· Page Accessed
· Geographic Location
· Demographic information
· Time of Visit
· Behavior of visit
· Referring Site, Application, or Service
· Aggregated information
This website utilizes third-party cookies (as listed above). If you don’t want the cookies to be saved in your web browser it is possible to partially or completely block cookies. It is also possible to remove cookies after they have already been saved to your web browser.
Both actions are accessible through the settings in your web browser and exactly how you do it depends on which web browser you use.
You can use the browser’s help function or read more on http://www.aboutcookies.org/ for more detailed information on how this is done in the web browser you are using.
As a visitor to a website, you should be aware that some parts of the website may not function if you choose not to save, or to remove cookies.
Instructions for changing cookie settings for most common browsers:
Internet Explorer: http://support.microsoft.com/kb/278835
Please be aware when blocking cookies, some of the web page functionalities might not be available for the Website visitor anymore.
Duration of Personal Data Storage
We only store your Personal Data for as long as necessary in the light of, or compatible with, the purposes for which the data were collected (e.g. enjoying our rights and performing our obligations under the contract you have, if that was the sole purpose) and such additional period as may be required by law.
Legal retention periods vary depending on the type of personal information concerned, and they can be quite long. For instance, Personal Data relevant to our accounting or taxation (Billing information category) must be retained for at least seven years after the primary purpose for their processing ceases to apply (e.g. seven years following financial year when our business relationship with you terminated and the last transaction between us occurred).
Your Rights as a Data subject
“Data subjects” in the EEA have certain statutory rights under the GDPR concerning the Personal Data that we have on them.
Right to access /GDPR Article 15
You have the right to enquire and get confirmation from us as to whether or not we process any of your Personal Data. Where we do, you may request access of those data and have us give you a copy of them.
Right to withdraw consent / GDPR subsection 13 (2)(c)
If your personal data is processed on the basis of you consent, you have the right to withdraw your consent at any time you choose and on your own initiative if the request is in accordance with the law. You can do so by sending us e-mail with this request to email@example.com.
Right to review, and rectify your data / GDPR Article 16
You have the right to, review, and rectify your personal data. You may be entitled to ask us for a copy of your information, to review or correct it if you wish to review or rectify any information like your name, email address and/or any other preferences, you can easily do so by sending an email to firstname.lastname@example.org. You may also request a copy of the personal data processed as described herein by sending an email to email@example.com.
Right to erasure / GDPR ARTICLE 17
You have the right to erasure all the personal data processed as described herein in case it is no longer needed for the purposes for which the personal data was initially collected or processed.
Right to object or restriction of processing / GDPR Article 21
under certain circumstances, you may ask for a restriction of processing or object to the processing of your personal data. Where your personal data is processed for direct marketing purposes, you may object to such processing.
Right to data portability / GDPR Article 20
You have the right to receive the Personal Data processed in a format that is structured, commonly used and machine-readable and to transmit this data to another service provider.
These rights may be limited, for example, if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have.
We aim to respond to any legitimate request within a month of its receipt but it may take us longer if your request is particularly complex or you have made several requests. We shall let you know and keep you updated.
Appropriate technical measures are implemented in order to ensure an appropriate level of security of your personal data, including but without limitation:
Application log files shall not contain any data with which a natural person
can be identified without additional access to other resources.
All data transfers (including personal data) between the server and client browser
is encrypted by TLS protocol with an RSA 2048 bit key.
Server backups are encrypted by the Server Service Provider.
Measures to ensure the confidentiality of personal data
Our databases have strict access control. Databases can be accessed only
from the specified list of IPs by whitelisted users with key access.
Measures to ensure the integrity of the personal data
Our systems have audit trails in place to be able to verify all the data modifications.
Measures to ensure availability of the personal data
Regular backups are done from the database by the Server Service Provider.
Measures to ensure the resilience of processing systems and services
Our system has regular Disaster Recovery Testing events in place to ensure minimized downtime and data loss in case of any disastrous event.
In the event personal information is compromised as a result of a security breach and where the breach is likely to result in a high risk to the rights and freedoms, we will make the necessary notifications immediately.
Changes to this Policy
We may revise this Policy from time to time to reflect changes to the Service, Websites, applicable laws, regulations or standards, or other changes that may occur in our business. We shall post the revised/new Policy on the same webpage where we published this Policy. We also may use email or other means for notifying Users of such policy changes. The revised or new Policy will be effective when posted as described.
How to contact us
Our data protection specialist is Hendrik Roosna whom you can contact via email firstname.lastname@example.org.