Bondora Terms of Use

2.1. The Terms of Use shall determine the main terms and conditions of: 1) the communication between the Lender and the User; and 2) the services provided by the Lender to the User.

2.2 These Terms of Use shall form an integral part of all User Agreements and other agreements concluded between the User and the Lender when using the Portal. The Terms of Use shall become applicable when the User Agreement is deemed to have been concluded in accordance with Section 3.4.

2.3 In addition to the Terms of Use, the relationship between the Lender and the User shall be regulated by the applicable law and the Loan Agreement(s) concluded between the Lender and the User. If the Terms of Use are in conflict with the Loan Agreement, the Loan Agreement shall have a priority.

2.4 Terms of Use, General Terms of the Loan Agreement, Price List and other relevant information and documents shall be made available to the User at any time free of charge on the Lender’s webpage and/or in the Portal.

3.1. Only by becoming a User, a person shall obtain a right to use the User’s functionalities of the Portal, including:

• 3.1.1. a right to submit Loan Applications;
• 3.1.2. a right to conclude Loan Agreements;
• 3.1.3. a right to apply for using other services offered by the Lender and to conclude respective agreements;
• 3.1.4. an opportunity to communicate with the Lender.

3.2. In order to become a User of the Portal, a person must:

• 3.2.1. register his/her e-mail address on the webpage of the Lender;
• 3.2.2. confirm that he/she accepts the terms and conditions of the Terms of Use;
• 3.2.3. confirm that he/she accepts that his/her personal data shall be processed by the Lender in accordance with Section 10; and
• 3.2.4. verify his/her e-mail address by logging in the Portal by using temporary password created by the Portal.

3.3. By confirming acceptance with the terms and conditions of the Terms of Use, the User represents and warrants:

• 3.3.1. he/she is a natural person;
• 3.3.2. he/she is at least 18 years of age;
• 3.3.3. he/she has full passive and active legal capacity;
• 3.3.4. he/she is a citizen of the European Union or Switzerland;
• 3.3.5. he/she is a permanent resident of the European Union or Switzerland;
• 3.3.6. he/she is not a Politically Exposed Person;
• 3.3.7. he/she is not a subject to an International Financial Sanction;
• 3.3.8. he/she is not under the influence of a relevant mistake, an unlawful threat or violence or other condition which may have unpropitiously influenced his/her judgement.

3.4. A User Agreement shall be deemed to have been concluded between the Lender and the User on the terms and conditions set forth herein immediately after fulfilment of all conditions provided in Section 3.2 and shall be valid for an unlimited period or until terminated in accordance with Section 12.

3.5. The User shall not receive a notification confirming that the User Agreement has been concluded between the parties, but instead, shall gain an access to the User functionalities of the Portal. The User Agreement, including the Terms of Use, shall be sent to User’s e-mail address without delay and shall be made available to the User at any time free of charge in the Portal.

4.1. For logging in the Portal, the User has to enter his/her Portal user name and password.

4.2. Before conclusion of the first Loan Agreement, the User shall identify himself/herself by:

• 4.2.1. making a bank transfer from a bank account opened on his/her name in a credit institution which has its place of business in a contracting state of the European Economic Area either directly from such bank account or by using any of the alternatives accepted by the Lender;
• 4.2.2. submitting any and all documents requested by the Lender for the purposes of identifying the User and for complying with applicable money laundering and terrorist financing prevention regulations.

4.3. If identification in accordance with Section 4.2 is not required by the applicable law, the User shall be identified before any action or transaction which has legal consequences (e.g. before conclusion of a Loan Agreement or submitting withdrawal application) by using one of the following identification methods chosen by the User:

• 4.3.1. unique user name and password of the Portal chosen by the User;
• 4.3.2. mobile approval by using unique PIN-code sent to the User’s mobile number; or
• 4.3.3. approval by any other means which are compliant with the applicable legislation and considered sufficient by the Lender.

4.4. Upon identifying a User, the Lender shall not be limited by Sections 4.1 to 4.3 and shall have the right at any time to unilaterally alter the identification process, including use other legally permitted methods for identification.

4.5. Information, received through the identification process, such as name, personal ID code, bank account number, residential address etc. will be collected at the end of the registration process and stored as personal data.

4.6. Any person logging in the Portal with User’s tools (e.g. user name and password) are deemed to be the User, unless the User has informed the Lender that a third person has gained access to the tools.

5.1. The User shall:

• 5.1.1. not use the Portal for illegal transactions or operations, including for fraud, money laundering, terrorist financing etc.;
• 5.1.2. submit to the Lender true, accurate and not misleading information and shall not withhold from the Lender any information which might be relevant to the Lender;
• 5.1.3. inform the Lender immediately but not later than within five (5) Banking Days about any and all changes in the information and/or documents he/she has submitted to the Lender;
• 5.1.4. inform the Lender immediately but not later than within five (5) Banking Days about any circumstances which affect or may affect User’s ability to fulfil his/her obligations arising from any agreements concluded between the Lender and the User, above all, from the Loan Agreements;
• 5.1.5. keep the data and tools required for logging in the Portal, including ID-card, passwords and usernames in such a manner that third parties do not gain possession of such data or tools;
• 5.1.6. inform the Lender immediately, but not later than within five (5) days if third party has gained possession of the data or tools specified in Section 5.1.5;
• 5.1.7. act politely and respectfully when communicating with the Lender.

5.2. If the User fails to fulfil its obligations under Section 5.1.3, the Lender shall have a right to assume that the information and documents previously submitted by the User are correct until otherwise notified by the User.

6.1. Communication between the User and the Lender shall be in the language of the Terms of Use and shall be sent to the receiving party through the Portal, unless otherwise agreed herein and/or required by the law.

6.2. If a communication between the User and the Lender shall be sent to the receiving party by an e-mail or mail, then it shall be sent by using contact data notified by the receiving party to the other party through the Portal, by e-mail or mail. The party shall bear the risk of not notifying the other party about the change in his contact data.

6.3. Communication sent to the other party by using correct contact data shall be deemed to have been received by the receiving party: 1) if delivered personally, when delivered against the signature; 2) if sent through the Portal or by e-mail, three (3) days after being sent; 3) if sent by mail to a destination within the country of dispatch, five (5) days after being deposited by registered mail; and 4) if sent by mail to a destination outside the country of dispatch, seven (7) days after being deposited by registered mail.

6.4. If the User has not received a communication the receipt of which he/she can anticipate or the receipt of which has been agreed between the parties, the User shall notify the Lender immediately, but not later than within three (3) Banking Days after the deadline during which one could expect receipt of the notification has passed.

6.5. The User shall be obliged to immediately verify the correctness of the information included in the communication received from the Lender and lodge his/her complaints immediately after receipt of the communication.

7.1. It is only possible to apply for Loans by submitting a Loan Application through the Portal.

7.2. The User shall disclose and determine in the Loan Application:

• 7.2.1. contact data, including his/her name, personal ID-code, address, phone number;
• 7.2.2. general information, including information about his/her home ownership, education, relationship status, dependants, employment status;
• 7.2.3. information about his/her income;
• 7.2.4. information about his/her liabilities;
• 7.2.5. information about his/her payment defaults;
• 7.2.6. preferred Loan Amount;
• 7.2.7. purpose of the Loan;
• 7.2.8. due date of Monthly Repayments; and
• 7.2.9. other information that may be requested by the Lender (including but not limited to documents to verify the income and liabilities of the User).

7.3. By submitting a Loan Application, the User confirms that:

• 7.3.1. the data and documents submitted by him/her to the Lender are true, accurate and not misleading and he/she has not withhold from the Lender any information which is or might be relevant to it;
• 7.3.2. the data and documents submitted by him/her to the Lender may be handed over to the Lender and the Lender may use them in accordance with the data protection rules set forth in Section 10;
• 7.3.3. he/she has thoroughly examined the terms and conditions of the Terms of Use and the Loan Agreement, fully understands their contents and confirms that they are fully coherent with his/her will; and
• 7.3.4. representations and warranties made pursuant to the Terms of Use and the Loan Agreement, are correct.

7.4. Before submitting a Loan Application, the User must identify himself/herself in accordance with Section 4.

7.5. The Loan Application is not binding to the User, i.e. he/she may withdraw the Loan Application without declaring the reason at any time before conclusion of the respective Loan Agreement.

8.1. The Lender shall assess the creditworthiness of the User and shall make a credit decision based on the data and documents submitted by the User and made available to the Lender in the public databases or otherwise.

8.2. The Lender shall have a right to make one of the following credit decisions:

• 8.2.1. accept the Loan Application;
• 8.2.2. reject the Loan Application; or
• 8.2.3. make a counteroffer and accept the amended Loan Application.

8.3. The Lender shall make the credit decision and inform the User about it immediately, but not later than within two (2) Banking Day as of receiving all required data and documents from the User. The Lender shall not be obliged to substantiate the credit decision, unless it rejects the Loan Application based on information it has received from the public databases, in which case it shall inform the User about the results of such inquiries.

9.1. The Loan Agreement shall be considered legally binding and concluded between the Lender and the Borrower as of the date it has been electronically or digitally signed or approved by both parties.

9.2. The Loan Agreement and other required information and documents shall be made available to the User through the Portal immediately after the Loan Agreement shall be deemed to have been concluded between the parties and shall be made available at any time during the term of the Loan Agreement free of charge in the Portal.

10.1. User’s consent and general principles

• 10.1.1. Upon entry into the User Agreement, submitting the Loan Applications and entry into Loan Agreement, the User gives his/her consent to the Lender to process his/her personal data in accordance with the provisions of the Terms of Use and especially according to this Section 10.
• 10.1.2. User shall present only correct, accurate and up to date data to the Lender. Deliberate submission of false and incomplete information is forbidden and is deemed to be a breach of the User Agreement.
• 10.1.3. The Lender shall process User’s data as long this is reasonably required for the business purposes of the Lender and performance of any obligation under User Agreement, Loan Agreements or legislation applicable, unless otherwise provided in the Terms of Use.
• 10.1.4. User has, at all times, the right to:
  • a) ask from the Lender which data it has collected with respect to the User;
  • b) ask from the Lender to which third persons the personal data of the User has been transferred;
  • c) review the data about the authorised processors at the Lender’s website (www.bondora.ee);
  • d) notify the Operator that he/she does not wish: 1) to receive personal offers or advertisements; 2) that his/her data is processed for the purposes of researching consumer habits and/or direct marketing; and/or 3) that his/her data is communicated to third person for the same purposeswithdraw his/her consent to process his/her personal data, and
  • e) demand that: 1) processing of his/her personal data shall be terminated; 2) personal data collected with respect to him/her is deleted or sealed; 3) his/her User account is closed; provided that the User has no valid agreements with the Lender, the Lender has no obligation arising from legislation to preserve or process the data and the Lender has no other legal basis for processing User’s data.
• 10.1.5. The Lender shall inform the Borrower if the Loan Application is rejected due to the data gathered from third parties and shall disclose such data to the Borrower.

10.2. Purpose of data processing

The Lender shall use the User’s personal data for:

• 10.2.1. concluding, amending and performing User Agreement and other agreements, including but not limited to performing Lender’s obligations, assessing credit-worthiness of the User, determining the maximum credit limit of the User, ensuring and managing the performance, and enforcement of Loan Agreements;
• 10.2.2. enforcement and protection of the Lender’s rights under the User Agreement and other agreements, including but not limited to forwarding data to debt collection companies and legal councillors;
• 10.2.3. communicating with User;
• 10.2.4. advertising services to the User, inter alia the Lender may forward offers of the Lender’s cooperation partners;
• 10.2.5. developing and maintaining the Lender’s IT-systems and services, products and services;
• 10.2.6. performing statistical and financial analysis;
• 10.2.7. forwarding information to the (potential) investors, creditors and cooperation partners; and
• 10.2.8. performing other legal obligations.

10.3. Data processed

The Lender is entitled to process all data disclosed by the User to the Lender. The Lender is also entitled to search for, collect and process data about the User from publicly accessible sources or sources with limited access in the course of providing services to the User under the User Agreement or Loan Agreement or for processing Loan Application. The Lender shall process mainly (but not only) the following User’s data:

• 10.3.1. User’s personal data, e.g. name, date of birth, personal identification code, language of communication, family status and data of identification documents;
• 10.3.2. User’s contact data, e.g. postal address, residential address, e-mail address and telephone number;
• 10.3.3. data about User’s employment and educational status and relations, e.g. education, educational institution, employer, position and profession;
• 10.3.4. data about User’s economical and financial situation and relations, e.g. income, assets, liabilities, origin of assets, and transactions on the bank account;
• 10.3.5. data about User’s transactions and legal relationships related to these, e.g. contractual partners, business activities, transactions conducted via the Portal, and performance of obligations;
• 10.3.6. data about User’s habits, preferences and satisfaction when using services of the Portal;
• 10.3.7. data about participation in consumer games and campaigns organised by the Lender, e.g. data about points granted and prizes won;
• 10.3.8. data about the trust- and creditworthiness of the User, e.g. data about User’s payment behaviour and default of obligations; and
• 10.3.9. data obtained when performing an obligation required by the law.

10.4. Disclosure of User’s data to third parties

The Lender is entitled to disclose User’s data (to the extent reasonably necessary considering the objectives listed in Section 10.2) to:

• 10.4.1. any legal entity within the same group with the Lender;
• 10.4.2. any person related to the conclusion and/or amendment of User Agreement and/or any other agreements concluded between the Lender and the User and performance of the Lender’s obligations therefrom (e.g. providers of communications and printing services, payment intermediaries, credit institutions and IT service providers);
• 10.4.3. any service provider to whom the Lender has outsourced its activities necessary for or related with the provision of services under the User Agreement or Loan Agreement (either in part or in full) on terms and conditions provided by the applicable law;
• 10.4.4. any person maintaining databases about data necessary for the assessment of the creditworthiness (e.g. Suomen Asiakastieto Oy) and registers of defaulted payments (e.g. Creditreform, group of companies);
• 10.4.5. any service provider used by the Lender for performing activities described above under Section 10.2 – for the data about authorised processors please see Lender’s website (www.bondora.ee);
• 10.4.6. authorised processors, i.e. persons who process data on behalf of the Lender based on an agreement;
• 10.4.7. actual or potential buyer of Claims;
• 10.4.8. any person acquiring a Claim;
• 10.4.9. actual or potential holder of pledge over a Claim;
• 10.4.10. actual and potential investors and/or creditors of the Lender;
• 10.4.11. other third persons if necessary in the course of enforcement of Claims against the User (e.g. debt collectors, lawyers, courts, bailiffs and bankruptcy administrators);
• 10.4.12. any person providing the Lender with legal services, accounting or auditing services, provided that the provider of the respective service has undertaken an obligation concerning the Lender to not disclose the respective personal data to third parties; and
• 10.4.13. any other person (not mentioned above) as far the obligation derives from applicable legislation.

10.5. Giving notice of any changes in the data

• 10.5.1. the User shall immediately notify the Lender about any changes in their personal data in accordance with the Section 5.1.3 and Section 6;
• 10.5.2. failure to provide notification of any changes in the data shall constitute a fundamental breach of the User Agreement.

11.1. The Lender has the right to restrict or cancel User’s right to use the Portal, reject Loan Applications and as far as permitted by the applicable law, refuse to perform its obligations under the User Agreement and/or any Loan Agreement and/or any other agreement concluded between the Lender and the User if the User is in a breach of the User Agreement and/or, the Loan Agreement any other agreement concluded with the Lender.

11.2. The Lender shall have a right to contact the User regarding any arrears using all contact details disclosed by the Borrower to the Lender.

11.3. If the User has entered into more than one Loan Agreement and the funds transferred to the Lender are insufficient for satisfying all Claims due and payable, the funds shall be divided by the Lender proportionally.

12.1. The User shall have a right to withdraw from the User Agreement without providing a reason within fourteen (14) days as of the date of entry into the User Agreement by submitting a withdrawal application which can be reproduced in writing through the Portal or via e-mail. To exercise the right to withdraw from the User Agreement, an application for withdrawal must be submitted to the Lender before the expiry of the term specified herein. In order to validly withdraw from the User Agreement, the User must fulfil immediately, but not later than within thirty (30) days after submitting an application for withdrawal, fulfil all his/her outstanding financial obligations towards the Lender under any agreement. Should the User fail to fulfil his/her obligations within the term set forth herein, the User shall be deemed to not have validly withdrawn from the User Agreement.

12.2. The User may terminate the User Agreement by submitting to the Lender a relevant application which can be reproduced in writing through the Portal or by e-mail only if all his/her financial obligations towards the Lender under any agreement have been completely fulfilled.

12.3. The Lender may terminate the User Agreement and disable or restrict access to the Portal[, in each case subject to Sections 3.3 and 13.3, as applicable, of the General Conditions, including the grace periods set out therein,] if:

• 12.3.1. the User violates the terms and conditions of the User Agreement;
• 12.3.2. the User has used or is using without the Lender’s written consent any automated means (which access means are not provided by the Lender) to access the Portal and collect any data from the Portal through automated means (included harvesting bots, robots, spiders, scrapers or any other automatic devices or programs) or if the User is using framing techniques to enclose any of the data or content to the Portal or otherwise affect the Portal.

13.1. The Lender shall have a right to receive and the User shall be obliged to pay a Fee for the rendered services pursuant to the Price List, Loan Agreement and/or other agreements he/she has concluded with the Lender.

13.2. In addition to the Fees specified in the Price List and in the agreements concluded between the Lender and the User, the User shall cover all Lenders cost which arise from the operations performed in the interest of the User and the costs relating to the collection of claims which have become collective (including legal expenses, debt collection expenses, court expenses etc.) up to the maximum amount permitted by applicable law.

13.3. All Fees and costs shall be paid by the User to the Lender in accordance with the relevant notification made available to the User in the Portal by the end of the reasonable payment term indicated on the notification.

13.4. The User shall pay all Fees and costs without any deductions and/or set-off.

14.1. The User shall be liable for the damage and loss caused to the Lender due to the fact that the User failed to duly fulfil any of his/her notification obligations deriving from the Terms of Use or other agreements concluded between the User and the Lender, including (but not only), unless the User has duly fulfilled his/her notification obligation under Section 5.1.6, the User shall be liable for the damage and loss caused to the Lender due to the fact that a third party has gained possession of the data and tools specified in Section 5.1.5.

14.2. The User shall enter into transactions through the Portal directly and at his/her own liability, being a party to the transactions themselves; the agreement forms suggested in the Portal can be used by Users at their own liability and risk. The Lender is not liable for possible obligations that may arise for the User according to the law as a result of concluding or executing a Loan Agreement using the Portal.

14.3. Nothing in this Agreement limits the liability in case of wilful breach of obligations.

15.1. The Lender shall have a right to unilaterally amend the Terms of Use if the applicable legislation or standards regulating the relations arising from the Terms of Use change and amendment of the Terms of Use is required to comply with the new legislation and/or standards. The User shall be notified of such amendments through the Portal. The amendments shall enter into force as of the disclosure of the relevant notification in the Portal.

15.2. The Lender shall have a right to unilaterally amend the Terms of Use provided that such amendments are not unfair with regard to the User, the User shall be given a minimum of thirty (30)-day advance notice and the User shall be given a right to immediately terminate the User Agreement and all other agreements concluded between the Lender and the User. The User shall be notified of such amendments through the Portal without delay. For the avoidance of doubt, should the User choose to terminate the User Agreement and all other agreements concluded between the Lender and the User, then he/she shall submit a relevant application to the Lender through the Portal or by e-mail address within thirty (30) days as of receipt of relevant advance notification and must fulfil all his/her financial liabilities arising from the any of the agreements concluded with the Lender within the same term. For the avoidance of doubt, if the User fails to fulfil all his/her financial liabilities within such term, the User shall be deemed to not have validly terminated the User Agreement or any other agreement concluded with the Lender. The amended Terms of Use shall enter into force within thirty (30) days as of the disclosure of the notification or when the User accepts the amended Terms of Use by clicking the respective field (e.g. box, button or similar) when logging in the Portal, whichever occurs earlier.

15.3. The Lender shall have a right to unilaterally amend the Price List, in which case the User shall be given an advance notice of at least thirty (30) days and the right to immediately terminate the User Agreement and all other agreements concluded between the Lender and the User. The amended Price List shall enter into force as of the disclosure of the notification, provided that the User has not chosen to terminate the User Agreement in accordance with this Section.

16.1. The Terms of Use and the User Agreement shall be governed by the laws of the Republic of Estonia.

16.2. Any disputes between the Lender and the User arising out of or in connection with the Terms of Use or User Agreement shall be resolved by way of negotiations, taking into account the Procedure for Processing Consumer Complaints in force at the time and made available on the webpage of the Lender. The User shall additionally have a right to address competent pre-trial bodies, e.g. the Finnish Consumer Disputes Board (in Finnish: kuluttajariitalautakunta), the Estonian Consumer Protection Board, the Estonian Financial Supervision Authority and/or the Estonian Data Protection Inspectorate. A dispute which the parties fail to resolve within reasonable time through amicable negotiations shall be settled (i) in the appropriate courts of the Republic of Estonia, also (but not only) if the User takes up residence abroad following the entry into force of the User Agreement or if the place of residence of the User at the time of filing an action is unknown and (ii) in respect of Users having domicile in Finland, in the competent district court of Finland as first instance.

17.1. In the event of the Lender’s insolvency, entry into new Loan Agreements shall be terminated immediately. The insolvency of the Lender shall not affect the validity of the Loan Agreements.

17.2. The Portal, the website of the Lender and the copyright of the contents thereof belong to the Lender. The User does not have the right to save, copy, change, transfer, forward and/or disclose the pages of the Portal for a purpose other than for personal use.

17.3. The Lender is supervised by the Estonian Financial Supervision Authority (address: Rahukohtu 2, 10130 Tallinn, Estonia; email: [email protected]; webpage: www.fi.ee).

These Terms of Use shall be applicable to all User Agreements and Loan Agreements concluded after 23.03.2017 and before the entry into force of the next redaction of the Terms of Use.

This Privacy Policy provides an overview of what personal data of the bondora.ee Portal User (hereinafter also you) the Lender (hereinafter Bondora or us) processes when providing services via the Portal, how and for which purposes it does this, and what your rights are regarding your personal data.

We follow very strict rules established for the processing of your personal data, which derives from the European Union and Estonian legislation on the protection of personal data, including the European Union General Data Protection Regulation (hereinafter General Regulation). The terms contained in this Privacy Policy have the same meaning as described in the Bondora.ee Terms of Use and General Regulation.

Controller and Contact Details

The controller of your personal data is Bondora AS (Estonian register code 11483929; postal address A.H. Tammsaare tee 56, Tallinn 11316, Estonia). You can find the form required to contact us here .

Collection of Personal Data

We generally collect personal information necessary to enter into an Agreement with you and perform it. Given our field of activity, it also includes collecting various background information to fulfill our various obligations deriving from the law.

We collect personal data from the following sources:

• yourself (e.g., data submitted and shared by you); and
• third parties (e.g., public sources, state registers (such as the population and pension register), credit rating agencies, cooperation partners, and companies belonging to the same group as us).

We collect personal data from third parties that allow us to assess your creditworthiness and apply due diligence measures to prevent money laundering and terrorism financing, including to verify the information you provide to us.

We may also collect personal data automatically (e.g., the way you use the Platform, digital devices you use, and cookies) for statistical purposes.

Use of Your Personal Data

To provide services to you through the Platform, you may be required to provide our partners or us with the information necessary to provide the services. If you do not provide this information, we are not able to provide services to you. Such information is always marked accordingly.

We use your personal data for the following purposes and on legal grounds:

We do not process your special categories of personal data or data about criminal convictions and offenses.

We may also process your personal data for other purposes under your consent. The purpose of the processing and other details, in this case, is described in the consent.

If the legal basis for the processing of your personal data is our or a third party's legitimate interest, you have the right to obtain additional information and to object to such processing at any time. To do so, please contact us using the contact details mentioned above.

Automated Decisions and Profile Analysis

We use an automated process to decide whether to approve or reject your loan application. As part of our automated process, all categories of data we have collected about you for creditworthiness purposes are assessed separately (see above). The system calculates your credit rating based on the risks associated with the different data categories and the coefficients assigned to them. Based on this, you will be offered a loan on the terms you have requested or other terms (e.g., with a smaller loan amount or a different repayment term than wanted), or your application will be rejected. The purpose of creditworthiness assessment is to make fair and responsible loan decisions and fulfill our legal obligation to assess your creditworthiness before granting a loan.

In addition to automated credit assessments, we may automatically determine that there are grounds for believing that you may be committing fraud, money laundering, or terrorism financing.

Additionally, we use automated decision-making in the process of adjusting loan payment schedules.

Automated decisions and profiling allow us to improve the fairness of our decision-making process (reducing the potential human error, discrimination, and abuse of power), reduce the risk that you will not pay back the loan, and allow us to make decisions in less time and improve efficiency.

Automated decisions and profile analysis are necessary for concluding a loan agreement between us and are also permitted by law. Creditworthiness assessment is a largely standardized and mandatory procedure for creditors built on the applicable principles of responsible lending and based on mathematical formulas. The automated creditworthiness assessment ensures a fairer result as it eliminates the human subjective factor and treats all credit applicants equally. Using the same or a similar model manually would take a disproportionate amount of time to assess each borrower's creditworthiness and thus becomes significantly more costly for us. Our human resource needs would significantly increase if we were to ensure that the quality of service is maintained when assessing creditworthiness manually. To prevent money laundering and terrorism financing, we use automated processes for monitoring transaction data. It would not be possible to process the relevant data manually (i.e., without automated solutions) due to the large volume.

Our automated processes are regularly tested, evaluated, and inspected to ensure fairness, efficiency, and impartiality. For them to work, it is also necessary that the information you provide to us is accurate and up-to-date.

You have the right to have direct personal contact, the right to express your views, the right to be heard on a decision taken following such an assessment, and the right to challenge that decision. To do so, please contact us using the contact details mentioned above.

Transfer of Personal Data

When we process your personal data, we also transfer your personal data to our processors or third parties. Such transmission shall take place only under the following conditions:

Processors. We use carefully selected service providers (processors) to process your personal data. In doing so, we remain fully responsible for processing your personal data.

We use, among other things, the following processors: Marketing and survey service providers and tools, money laundering and terrorism financing risk mitigation searching service providers, creditworthiness assessment service providers, customer support service providers, accounting service providers, server management, and server hosting providers, IT service providers, and other companies belonging to the same group as us, who provides services to us.

If you would like more detailed information about our processors (e.g., their names and locations), please contact us using the contact details mentioned above.

Third Parties. We will only share your personal data with third parties if set out in this privacy policy if required by applicable law (e.g., if we are required to share personal data with authorities) or under your consent or order.

We may share your personal data with the following third parties:

• to perform agreements with payment service providers. In this case, the legal basis for the transfer of personal data is the performance of an agreement between us (Article 6 (1) (b) of the General Regulation);
• to assess your creditworthiness with credit agencies. In this case, the legal basis for the transfer of personal data is our legal obligation to assess your creditworthiness (Article 6 (1) (c) of the General Regulation);
• to test the quality of the creditworthiness assessment with credit assessment service providers. In this case, the legal basis for the transfer of personal data is our legitimate interest (Article 6(1)(f) of the General Regulation);
• for the purposes of our internal administration with companies belonging to the same group as us. In this case, the legal basis for the transfer of personal data is our legitimate interest in sharing the data with companies belonging to the same group as us for internal administration purposes (Article 6 (1) (f) of the General Regulation);
• for the purposes of direct marketing with companies belonging to the same group as us. In this case, the legal basis for the transfer of personal data is your consent (Article 6 (1) (a) of the General Regulation);
• to other credit and financial institutions and insurance providers to provide the service requested by the Client or to assess the reliability and risk associated with him (Article 6, subsection 1, point b of the General Regulation);
• potential or actual buyers and pledges of claims. In this case, the legal basis for the transfer of personal data is our legitimate interest in transferring the data and documents related to the claim to the buyer and/or pledgee upon assignment of the Claim (Article 6 (1) (f) of the General Regulation);
• potential or actual investors and/or creditors of the Lender. In this case, the legal basis for the transfer of personal data is our legitimate interest in transferring the data and documents related to the claim to the Creditor regarding the investor's or creditor's claim (Article 6 (1) (f) of the General Regulation);
• to fulfill our legal obligations deriving from the law with authorities and law enforcement agencies. In such a case, the legal basis for the transfer of personal data is fulfilling our legal obligation deriving from the law (Article 6 (1) (c) of the General Regulation);
• payment default registers, credit bureaus and other third parties where we are disclosing information about outstanding debts; In this case, the legal basis for the transfer of personal data is our and third parties' legitimate interest in implementing responsible lending principles; (GDPR Art. 6(1)(f)).
• to protect our rights and interests with collection agencies, attorneys, bailiffs, and other persons concerned. In this case, the legal basis for the transfer of personal data is our legitimate interest in protecting our rights and interests (Article 6 (1) (f) of the General Regulation). We will only process your personal data if we are sure that our legitimate interests do not outweigh your interests or fundamental rights and freedoms for which personal data must be protected. As we generally process your personal data only when it is essential to protect our rights and interests (i.e., if there has been a breach or a suspected breach by you), we consider it justified.
• to perform our statutory obligations with auditors. In such a case, the legal basis for the transfer of personal data is our legal obligations deriving from the law Article 6 (1) (c) of the General Regulation and the Auditors Activities Act);
• to fulfill our legal obligations deriving from the law or in the legitimate interests of us or our counterparty, if such transfer is necessary to transfer our activities or assets due to the transaction or to assess the perspectiveless of such a transaction. In this case, the legal basis for the transfer of personal data is the fulfillment of our legal obligations (Article 6 (1) (c) of the General Regulation and the Law of Obligations Act), or our or our counterparty's legitimate interest in concluding the transaction or assessing its perspectiveless (Article 6 (1) (f) of the General Regulation). We will only transfer your personal data if we are sure that our or our counterparty's legitimate interests do not outweigh your interests or fundamental rights and freedoms for which personal data must be protected.

If the legal basis for the processing of your personal data is our or a third party's legitimate interest, you will have the right to obtain additional information and to object to such processing at any time. To do so, please contact us using the contact details mentioned above.

Transfer of Personal Data Outside the European Union

In general, we do not transfer your personal data outside the European Union, but our processors and third parties, to whom we transfer the personal data, may process your personal data outside the European Union. Where necessary, the transfer will only take place if we have a legal basis for such action, including, in particular, if the recipient: (i) is located in a country that the European Commission considers having an adequate level of protection of personal data, or (ii) is acting under an agreement that meets the requirements of the European Union for the transfer of personal data to processors outside the European Union.

If you would like more detailed information about the transfer of your personal data outside the European Union (e.g., the names of the recipients and the legal basis for the transfer), please contact us using the contact details mentioned above.

Retention of Personal Data

We retain your personal data for as long as we are required by law to do so. (e.g., under the Creditors and Credit Intermediaries Act , we must retain all information and documents relating to the providing and servicing of credit for the duration of our legal relationship and three years after that; under the Money Laundering and Terrorist Financing Prevention Act, we must retain your personal data and various documents five years after the end of the business relationship with you; under the Accounting Act we must retain accounting source documents seven years from the end of the respective financial year) or until we have a legitimate interest in doing so (e.g., until the limitation period of the claims to protect our interests and rights).

Security of Personal Data

We ensure that users' personal data is only available to such employees who, due to their duties, need to have access to such data. All Bondora employees are required to maintain the confidentiality of the data and may not share the information with third parties, except for the purposes set forth above.

Personal data is stored and archived on a secure server that only a few people have access to. Security is guaranteed by strict privacy standards met by conscientious third-party partners.

We use several Internet security measures to ensure the secure processing, transmission, and archiving of personal data.

The servers are located in a data center in Frankfurt, Germany, and is operated by Telehouse, one of the world's 200 leading companies. A separate agreement has been concluded with Virtion GmbH for server management. These companies allow us to offer better availability and growth potential of our IT resources and greater flexibility.

All their activities comply with a number of standards, including ISO 27001:2005 (Information security management systems), BS25999-2:2007 (Business continuity management), PCI-DSS (Payment card industry), ISO 9001:2008 (quality standards), and ISO 14001:2004 (Environmental management system standard).

Companies have established round-the-clock physical and virtual surveillance of the system. All data center movements are monitored by short-range card readers and infrared sensors that detect unauthorized persons. In Bondora, security breaches are detected, monitored, and repelled by software and hardware security walls.

Your Rights

You have all the rights of the data subject with regard to your personal data to the extent required by the applicable data protection legislation, including:

• the right to receive relevant information on the processing of personal data;
• the right to receive confirmation whether personal data is being processed;
• the right to receive a copy of personal data;
• the right to request that we rectify inaccurate personal data or supplement incomplete personal data;
• the right to request deletionof personal data if: (i) the personal data is no longer necessary for the purpose for which it was collected or otherwise processed; (ii) you withdraw your consent for processing your personal data, and there is no other legal basis for processing the personal data; (iii) you object to the processing of personal data, and there are no overriding legitimate reasons for the processing; (iv) you object to the processing of your personal data for direct marketing purposes; (v) personal data has been processed unlawfully; or (vi) personal data must be deleted to fulfill our legal obligation deriving from the law. Notwithstanding the preceding, you do not have the right to request the deletion of personal data if the processing is necessary: (a) to fulfill an obligation under our law; or (b) to formulate, file, or defend legal Claims;
• the right to request a restrictionon the processing of personal data if: (i) you challenge the accuracy of the personal data for a period of time that allows us to verify the accuracy of the personal data; (ii) the processing of personal data is unlawful, whereas you do not request the deletion of personal data, but the restriction of use; (iii) we no longer need personal data for processing purposes, but they are necessary for you to make, file or defend legal claims; or (iv) you have objected to the processing of your personal data while we check that our legitimate reasons outweigh your reasons. If the processing of personal data is restricted, we may nevertheless process it: (a) with your consent; (b) to formulate, file , or defend legal claims; (c) to protect the rights of another natural or legal person; or (d) in the overriding public interest;
• the right to portability the data, i.e., the right to receive personal data that you have provided to us in a structured, publicly available format and machine-readable form, and the right to transfer this data to another controller if: (i) the processing is with your consent or for contract or performance purposes; and (ii) processed automatically. If technically feasible, you have the right to request that we transfer the data directly to another controller. In exercising your right, we cannot infringe on the rights and freedoms of others;
• the right to object at any time to the processing of personal data in the legitimate interest of us or a third party, depending on our specific situation. In such a case, we will not further process personal data unless we prove that the processing is for a valid legitimate reason that outweighs your interests, rights, and freedoms or to make, file, or defend legal claims. If your objection concerns the processing of your personal data for the purposes of direct marketing, we do not have the right to process your personal data further;
• the right to withdraw consent at any time. To do so, you may contact us using the contact details mentioned above or use other options described in obtaining consent.

To exercise your rights, please contact us using the contact details mentioned above. We will respond to your request within one month at the latest. In some instances (taking into account the complexity and number of the requests), we have the right to extend the due date for replying by two months. In this case, we will notify you.

If you believe that your rights have been violated, please contact our Data Protection Officer via [email protected] immediately to resolve the situation. However, you have the right to complain to the Member State's supervisory authority where you have your permanent residence or place of work, or to the Data Protection Inspectorate ( www.aki.ee; [email protected]; Tatari 39, 10134 Tallinn).

Cookies

We use cookies, which are small text files that a website server stores on your hard drive. This allows us to collect certain information from your web browser. You can find more information on our cookie policy here.

Links to Third-Party Websites

Links to third-party websites from the Platform or any other Bondora website, or vice versa, are only quick links to services or topics useful to our Platform users. Please note that third party websites may have different privacy policies and/or security standards, which we recommend you review.

Amendments to the Privacy Policy

Suppose our personal data processing practices are changed, or we need to amend this Privacy Policy due to applicable law, judicial or competent supervisory authorities' practices, or competent supervisory authorities' guidelines, we have the right to change this Privacy Policy at any time unilaterally. In this case, we will notify you via the Portal or email at a reasonable time before the changes take effect.

Applicable Law

As Bondora is a company registered in the Republic of Estonia, Estonian law applies to the processing of your personal data.

This Privacy Policy was last updated as at September 27, 2023.

What is a cookie?

A cookie is a small morsel of text that a website asks your browser to store. All cookies have expiration dates in them that determine how long they stay in your browser. Cookies can be removed in two ways: automatically, when they expire, or when you manually delete them. We've included more details below to help you understand what kinds of cookies we use.

Please remember that by deleting existing cookies or disabling future cookies you may not be able to access certain areas or features of our website.

What cookies does Bondora use?

We use cookies across our website to improve the performance and enhance the user experience. Please be advised that when you visit our website you agree that we use the following cookies:

• Essential cookies that are only set or retrieved by the website while you are visiting which allow us to identify you as a subscriber and ensure that you can access the subscription only pages. We can ensure that no one is making changes to your profile, applying for loans or making loans on your behalf.
• Functionality cookies are used to allow us to remember your preferences on the website, such as language or username to customize your user experience.
• Performance cookies allow us to collect information how you use the website. All of the information collected is anonymous and is only used to help us improve the way our website works and measure the effectiveness of our advertising campaigns.
• Third party cookies are behaviorally targeted advertising cookies (e.g. Google Analytics) that allow us to record pages that are visited and the links that are followed. The information collected in non-identified.
• Secure cookies are used to ensure that any data in the cookie will be encrypted as it passes between the website and the browser. It helps us to protect the security of your account.

How to change cookies settings?

In case you want to change your preferences about the cookies that we use, please change your browser settings. For more information you may wish to visit http://www.aboutcookies.org/

We would like to avoid seeing you dissatisfied with our services, but if this happens, we ask to hear from you! Here is how you can do it:

• Email your complaint to our customer support [email protected]
• Once we receive your complaint, you will be emailed an automatic notification (normally within 1 business day)
• From that moment we will start looking into your complaint and will send you an answer within 5 business days.

If you are dissatisfied with our answer, you can appeal the decision by emailing the previously received response to our customer support. Here is what will happen then:

• Our Customer Service Manager will acknowledge the receipt and offer you initial feedback within 5 business days
• Within 4 weeks from receiving your appellation, we will send you a final response or an indication when we will contact you again. Should the final response be negative, we will clearly explain why we are not in the position to satisfy your request.
• Should you still remain dissatisfied with the answer, you can exercise the right to turn to your Financial Ombudsman Service. Please note that you also have the right to turn to the Financial Ombudsman Service right away.

Introduction

Any conflicts of interest, which may arise in relation to Bondora, shall be identified and managed by the company. We will maintain and manage all arrangements necessary to prevent a conflict from escalating to causing material damage to the interests of our clients. The given document states our conflicts of interest policy (here and further “Conflicts Policy”) inasmuch as it applies to the operation of our activities.

We are fully committed to complying with our regulatory and legal obligations and maintaining the ethical standards. We require that all of our employees are contractually bound to comply with our Conflicts Policy and any breach of such may lead to disciplinary proceedings, not excluding discharge of services.

Potential or Actual Conflicts Indication

A conflict of interest may take place if any of Bondora directors, employees, outsource partners or otherwise “relevant persons” linked to the company by control is providing a service to Bondora clients or engaging in activities on their own account, which may cause a material risk or damage to Bondora clients’ interests, for example where any of the mentioned above persons:

• could either make a financial gain or avoid a financial loss, on the account of a Bondora client;
• has an interest in the outcome of a rendered service, which is different from the interest of a Bondora client;
• is incentivized to offer privilege to one of Bondora clients on the account of another Bondora client;
• receives an incentive in any form (financial / goods / services) other than the standard commission fee, from a person other than the Bondora client for a service rendered to a Bondora client.

Potential or Actual conflicts of interest we have identified

Borrowers are subject to a borrowing fee for receiving access to our platform, as stated in their Loan Agreement and any other contracts. This fee includes the amount, which we estimate to reflect the possibility of their default, viewed against their Credit Rating and in relation to their Loan Agreement.

We may as well make payments to the third parties for referring clients to us; however an appropriate disclosure shall be made for such instances.

Employees

A conflict of interest may occur if a Bondora employee (or the employee’s family) is somehow associated to the other party of any given transaction, especially if such party is a Bondora client. This association may include being a director, significant shareholder or a consultant to any Bondora client. Bondora employees are required to disclose any connection, which could compromise their judgment, or involve any material interests.

Managing Conflicts of Interest and Disclosure

Bondora will make all possible and reasonable efforts to mediate any conflict of interest.

Should there be a considerable risk of damage to any Bondora client, we will issue an appropriate disclosure.

We will carry out all necessary procedures, including employee training, to ensure that circumstances at which conflict of interest may arise are identified and properly managed.

All conflicts, which may arise, shall be closely monitored.

Further Information

The given document shall be reviewed and updated as necessary. In case of any questions in regards to this policy, please send an email to [email protected].

Capitalized terms bear the meaning outlined in Bondora Terms and Conditions, unless defined otherwise.