GENERAL PROVISIONS

1.1  These Principles of Processing Client Data (hereinafter “Privacy Policy”) describe how We processes Your data. Specific details on the processing of Your data might be also described in Client agreements with You or in other documents related to the Services.

1.2  This Data Policy shall apply if You enter into Client agreement with us, use the Services provided by us, submit a Request to us, gave Your consent to process Your Data or visit our Website. 

1.3  We shall have the right to amend the Data Policy unilaterally at any time, based on applicable legislation. We shall inform You of the amendment of the Data Policy via our website www.magrat.eu.

DEFINITIONS

Client (You) refers to any natural or legal person or representative of the legal or natural person, who uses, has used or expressed a wish to use our services or submit a Request to us or visit our website. 

Data refers to any information about Client and other person who has contacted us, the data about the Client’s representative, including data collected from public databases and public channels. 

Data Controller (us) Magrat OÜ, register code 11730730, address F.R.Kreutzwaldi 4-7, office 408, Tallinn, Estonia 10124

Data Processor refers to anyone who processes Client data on behalf of the data Controller.

Recipient refers to a natural or legal person, public authority, agency or another body, to which the personal data are disclosed. 

Processing (Client Data) means any operation executed with Your Data, including the collection, recording, organisation, storing, alteration, publication, grant of access to, making enquiries and statements, use, transmission, deletion, etc. of Your Data.

Services refers to any services, provided by us to You via any channel. 

Client agreement legal relationships between You and us entered into in order to perform any Services to You.

Request means any request from You to us in order to get conclusion, enter into agreement, amendment, termination or cancellation of Service. GDPR Regulation EU nr 2016/679 of the European Parlament and of the council of 27 April 2016 n the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)

GENERAL PRINCIPLES OF PROCESSING DATA

3.1. We process Your Data under the terms and conditions of this Privacy Policy and in accordance with the procedure laid down in the legislation, including the GDPR, Estonian Personal Data Protection Act, Money Laundering and Terrorist Financing Prevention Act, this Privacy Policy and agreements entered into with You

3.2. We ensure, within the framework of data protection legislation, the confidentiality of client data and implements appropriate technical and organisational measures to safeguard Your Data from unauthorized access, unlawful disclosure, accidental loss, modification, destruction or any other unlawful processing.

3.4. We will take all steps reasonably necessary to ensure that Your Data is treated securely and in accordance with this Privacy Policy and no transfer of Your personal information will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

WHAT DATA DO WE COLLECT?

4.1. The categories of Your Data to be Processed shall be as follows:

Personal data:  name, personal identification code or date of birth, signature.

Contact data:
address, phone number, e-mail address.

Financial data: bank account, transactions, liabilities, online payments and money transfers.
Data about the contracts entered into with You transactions and agreements, including data about agreements entered into, amended or terminated, data about the performance of agreements, data about violations of the contract, notices, service fees, enquiries and complaints, submitted Requests.
Data connected with money laundering, terrorist financing or organised crime country of birth, country of residence, data of identity document and copy of identity document, e-resident of Estonia, the source of funds, assets, the origin of assets, data about member of the management board, power of attorney and authority to represent the Client, place of work, position, work, data about beneficial owners, data about belonging to a politically exposed person, data about belonging to a local politically exposed person,  data about family member of the, politically exposed person or of the  local politically exposed, person (name, surname, date of birth, personal code, place of residence or seat, position, institution).

Data concerning communication: requests, data related to communication via any channel, including communication by phone, e-mail, messages and other manners of communication.
Other Data data obtained while performing obligations arising from the law, including data arising from the enquiries made by investigative bodies, notaries, tax authorities, bailiffs courts and other state institutions.


HOW DO WE PROCESS YOUR DATA?

5.1.  We process Your Data in order to perform Services to You or establish a Client relationship with You, also to respond on You Request or perform the due diligence obligations arising from law. 

5.2. We process Your Personal data and your Contact Data in order to conclude a Client agreement with You and this data is statutory to enter into a Client agreement. If You fail to provide such data, we cannot perform Services to You. 

5.3. We process Your Personal Data, Contact Data, Financial Data, Data concerning communication, other Data and Data about the Contacts with You, execute and terminate a Client agreement, as well as protect our interest in the court arising from a Client agreement.  

5.4. We process Data connected with money laundering, terrorist financing or organised crime in order to check and verify Your identity and to keep Your data updated and correct, to prevent, discover, investigate and report money laundering, terrorist financing and also to comply with rules and regulations related to money laundering, accounting and tax information. 

5.5. We process Data about Your name and e-mail on the basis of Your consent in order to send You information about our services and direct marketing messages. The consent will contain information on that specific processing activity. You can withdraw Your consent at any time by e-mail office@magrat.eu and We will stop process Your Data given on the base of consent. 

DO WE USE “COOKIES”?

6.1. Yes. We use cookies whenever You visit Our Website. The cookies used are listed in our cookie policy available on website  www.magrat.eu

6.2. You can choose to have Your computer warn You each time a cookie is being sent, or You can choose to turn off all cookies.

THIRD PARTY DISCLOSURES 

7.1. We do not trade, sell, or otherwise transfer to other parties Your Data unless Your give use consent to transfer such Data. 

7.2. We disclose Data to Recipients such as:

  — website hosting partners and other parties who assist us in operating our Website;

— payment services providers;

— partners, who provide us with accountant services in order to prepare the invoices;

— financial and legal consultants, auditors or any other data processors of the Data Controller; 

— data related to violation of a Client agreement to debt collectors in order to collect the debt.

7.3. We may also release Your information to public authorities and state institution, such as law enforcement agencies, bailiffs, notaries, tax authorities, supervisory authorities, Police and Financial Intelligence Unit when We believe release is appropriate to comply with the law or protect ours or others’ rights, property, or safety.

7.4. We will not disclose more Data than necessary for the purpose of disclosure and with respect to regulatory legislation and data protection legislation.

RETENTION OF YOUR DATA 

8.1. We will retain Your Data only for as long as is necessary for the purposes set out in this Privacy Policy or as required by regulatory legislation or data protection legislation. 

8.2. We retain Your data processed for the performance of a Client contract seven years as of the end of our Client agreement. We retain your data related to money laundering, terrorist financing or organised crime five years as of the date of termination of the business relationship. 

8.3. We will retain and use Your information to the extent necessary to comply with our legal obligations, for example, if We are required to retain Your data to comply with applicable laws, resolve disputes, and enforce our agreements and policies.

YOUR DATA PROTECTION RIGHTS 

9.1.   The Client who is a private person has the following rights regarding data protection:

9.1.1. to apply for the correction of incorrect or incomplete Your Data;

9.1.2. to obtain information on whether we process Your Data and examine Your Data and

receive a copy thereof;

9.1.3. to provide objections to the Processing of Data if the use of the Data is based on legitimate interest;

9.1.4. to apply for the deletion of Data, for example if You have withdrawn Your consent. The aforementioned right shall not apply if the Client Data that are asked to be deleted are also Processed on other legal grounds;

9.1.5. to restrict processing the Data, for example at the time when We assess whether You have the right to the deletion of Your data;

9.1.6. to withdraw Your consent for Processing the Data if the Processing takes place on the basis of consent. In such an event the withdrawal of the consent shall not affect the legality of the Processing that took place before the consent was withdrawn;

9.1.7. to file complaints about the use of the Data with the Estonian Data Protection Inspectorate (www.aki.ee ) if You find that Processing Your Data infringes Your rights and interests. 

CONTACT DETAILS 

10.1. You  can contact us with any requests to exercise data subject rights and complaints regarding the processing of client data by e-mail: office@magrat.eu or by post: F.R.Kreutzwaldi 4-7, office 408, Tallinn, Estonia 10120