AREX European Market Limited (“AREX” or “we”) respects the privacy of users of its services and is committed to the proper processing and protection of users ’personal information. In this AREX Privacy Policy, we describe how AREX handles the personal information of users of the AREX Invoice Finance Service and its other online services (the “Services”). By using the Services, you acknowledge that you have read this Privacy Policy. 


  • Name and contact details of the registrar

For personal data collected through the Services, the registrar is AREX European Markets Limited, located at The Black Church, St. Mary’s Place, Dublin 7, Ireland.


In personal data matters, AREX’s contact person is Airto Vienola (CEO), [email protected] 

  • For what purposes do we process personal data

AREX, and in certain situations companies and partners belonging to the same group, handle personal data obtained through the Services in particular:

  • Customer registration, relations and management, such as customer communication electronically and otherwise, invoicing and collection, etc.);
  • Production, development and analysis of Services and transactions relating to the services;  
  • Direct marketing (including electronically, if the user has given his consent to the extent that consent is a condition of personal data legislation), profiling, personalization of services and marketing and advertising (including targeting);
  • For the prevention and investigation of fraud;
  • AREX business planning and development.

In the AREX invoice financing service, we may provide personal information to other users of the Service to the extent necessary to carry out transactions in the Service.

AREX websites can be browsed without providing any personal information about yourself. However, AREX can collect user information through cookies and other similar technologies as described in our Cookie Policy (https: //

We may also anonymize the personal information we collect and use the information in an anonymized form to develop and analyze the Business and the Service, and to prevent and investigate fraud and other misconduct.

In addition, AREX and the companies belonging to the same group in a given moment, have the right to use and disclose the information in the register for legitimate purposes (such as direct marketing, distance selling and market research) subject to permission and prohibition in accordance with personal data legislation. 

Personal data may be processed in companies belonging to the same group as AREX in accordance with the applicable personal data legislation. 

  • On what grounds do we process personal data?

AREX ensures that it always has the basis required for the processing of personal data required by personal data legislation. The processing of personal data collected in connection with the Services is based in particular on:

  • the contractual relationship between AREX and the Service User regarding the use of the Service;
  • Consent given by the Service User when he has given his consent to electronic direct marketing;
  • The legitimate interest of AREX or a company or partner belonging to the same group as it, in particular when personal data are processed on the basis of a customer relationship or for direct marketing purposes;
  • A statutory obligation when personal data are processed to detect fraud or other misuse.
  • What Personal Information We Collect

We may collect the following personal information from users of the AREX Invoice Financing Service:

  • Name
  • Personal identification number
  • Date of birth
  • Place of birth
  • Nationality
  • Home address
  • Email address
  • Telephone number
  • Position in company
  • Copy of an identity document

The above personal information is required to enter into an agreement to use the AREX Invoice Financing Service. If the user does not provide the above information, AREX cannot enter into an agreement with the user regarding the use of the service.

In addition, the following information about the users of the AREX Invoice Financing Service is stored:

  • Information related to the customer relationship and the contractual relationship, such as user names and passwords, payment information, customer communication information between AREX and the user, etc .;
  • Any direct marketing permits and prohibitions;
  • Analytical data obtained from the use of the service and segmentation data derived from it for personalization.

We also collect what is available through cookies and other similar technologies. observed information based on your use of the Services. We may combine this perceived information about you with other personal information we collect, such as your customer information, and use that combined information in accordance with this Privacy Policy. In collecting and processing the observed data, AREX also utilizes its partners involved in the production of the Services (such as providers of analytics and automation services). Read more about AREX’s cookie policy ( 

  • Where do we get the personal data we processreceive the personal data

We obtain personal data primarily from the user itself in connection with the use of the Services, for example when the user registers as a user of the AREX invoice financing service. We may also obtain your personal information from our Partners and other parties involved in the provision of the Services to the extent that they have the right to disclose this information to AREX. Information is also obtained in connection with the use of the Services by means of cookies and other similar technologies. 

  • Disclosure and Transfer of Data Outside the EU or the EEA

AREX may disclose your personal information to AREX’s selected partners for direct marketing and other legitimate uses, such as opinion and market research and distance selling. You can always prohibit the use of your personal information for these purposes, in which case we will also not disclose the information. However, we may always disclose your personal information to the authorities in accordance with applicable law or any other instruction or regulation of an authority that is bound by AREX.

We may also disclose your personal information to the transferee company in connection with a business transfer or other business arrangement.

As a general rule, we do not transfer personal data outside the EU / EEA, but the servers used to provide the Services are located in the EU. However, we may transfer the user’s personal data outside the EU / EEA, for example if the technical implementation of the Services so requires. In doing so, we will ensure that such transfers are carried out only in accordance with the requirements of data protection law, for example by using service providers that retain personal data in countries identified by the European Commission as providing adequate data protection, using European Commission model clauses or EU-US Privacy Shield, in the case of a transfer to the United States.

  • How long do we retain the personal data of an user

As a general rule, user data is obtained for as long as the agreement between the User and AREX on the AREX Invoice Finance Service is valid. Personal data will be deleted or anonymised at the end of the agreement after 1 year the repayment of an invoice receivable sold or last the settlement of an investment. AREX will also delete or anonymize the user’s personal data if the user’s account has not been active for 3 years. Information pursuant to the Act on the Prevention of Money Laundering and Terrorist Financing shall be stored in a reliable manner for 5 years from the end of the regular customer relationship or the completion of the last transaction. 

After this period, the user’s name, telephone number and e-mail address may be retained for direct marketing purposes, unless the user has objected to the direct marketing, in which case AREX will delete or anonymise the data from the register. However, the necessary personal data may always be kept to the extent and for as long as is necessary to comply with the legislation binding on AREX or the decisions of the authorities.

  • User rights

AREX respects the rights of users of its Services based on personal data legislation. The user has the right, in accordance with the applicable personal data legislation: to

  • gain access to his personal data processed by AREX and to check what data has been stored about him;
  • Require the correction, supplementation or deletion of their personal data if the data is incorrect, unnecessary, incomplete or out of date, or change, supplement or delete their own data on the Service; 
  • Prohibit the use of their data for direct marketing or profiling, and require the restriction of processing and the transfer of their data from one system to another; and
  • Withdrawal of the consents given to AREX in so far as the processing of personal data has been based in part on the consent, without prejudice to the lawfulness of the actions taken before the withdrawal of the consent.

Requests related to the above rights should be submitted by email to [email protected]

The user has the right to lodge a complaint with the authority if he or she considers that his or her data has been processed in breach of this data protection statement or the data protection legislation in force at the time. 

Data Protection Ombudsman’s office

Visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki

Postal address: PO Box 800, FI-00521 Helsinki

Tel: 029 56 66700 

Fax: 029 56 66735 

E-mail: [email protected] 


Data Protection Commissioner

Postal address: Canal House, Station Road, Portarlington, R32 AP23 Co. Laois, Ireland

Telephone: +353 57 8684800 / +353 (0) 761 104 800 

Fax: +353 57 868 4757  

Email: [email protected]