(Updated 23.03.2021)

AREX European Market Limited (“AREX” or “we” from here on) respects the privacy of the users of its services and is committed to the proper processing and protection of users’ personal information. In this AREX Privacy Policy we describe how AREX handles the personal information of users of the AREX Invoice Finance Service and its other online services (the “Services” from here on). By using the Services, you acknowledge that you have read this Privacy Policy. 

  • 1. Name and contact details of the registrar

For personal data collected through the Services, the registrar is AREX European Markets Limited, located at The Black Church, St. Mary’s Place, Dublin 7, Ireland.

For personal data related matters, AREX’s contact person is Airto Vienola (CEO), [email protected] 

  • 2. For what purposes do we process personal data?

AREX, and in certain situations companies and partners belonging to the same group, handle personal data obtained through the Services, in particular:
– Customer registration, relations and management, such as customer communication, electronically and otherwise, invoicing and collection, etc.
– Production, development and analysis of Services and transactions relating to the services;
– Direct marketing (including electronically, if the user has given his or her consent to the extent that consent is a condition of personal data legislation), profiling, personalization of services, marketing and advertising (including targeting);
– For the prevention and investigation of fraud;
– AREX business planning and development.

In the AREX invoice financing service, we may provide personal information to other users of the Service to the extent necessary to carry out transactions in the Service.

AREX websites can be browsed without providing any personal information. However, AREX can collect user information through cookies and other similar technologies as described in our Cookie Policy.

 Check out here our Cookie Policy

 We may also anonymize the personal information we collect and use the information in an anonymized form to develop and analyze the Business and the Service, and to prevent and investigate fraud and other misconduct.

In addition, AREX and the companies belonging to the same group at a given moment, have the right to use and disclose the information in the register for legitimate purposes (such as direct marketing, distance selling and market research) subject to permission and prohibition in accordance with personal data legislation. 

Personal data may be processed in companies belonging to the same group as AREX in accordance with the applicable personal data legislation. 


  • 3. On what grounds do we process personal data?

AREX ensures that it always has the basis required for the processing of personal data required by personal data legislation. The processing of personal data collected in connection with the Services is based in particular on:
– The contractual relationship between AREX and the Service User regarding the use of the Service;
– Consent given by the Service User when he or she has given his consent to electronic direct marketing;
– The legitimate interest of AREX or a company or partner belonging to the same group\, in particular when personal data is processed on the basis of a customer relationship or for direct marketing purposes;
– A statutory obligation when personal data is processed to detect fraud or other misuse.


  • 4. What personal information do we collect

We may collect the following personal information from users of the AREX Invoice Financing Service:
– Name
– Personal identification number
– Date of birth
– Place of birth
– Nationality
– Home address
– Email address
– Telephone number
– Position in company
– Copy of an identity document

The above personal information is required to enter into an agreement to use the AREX Invoice Financing Service. If the user does not provide the above information, AREX cannot enter into an agreement with the user regarding the use of the service.

In addition, the following information about the users of the AREX Invoice Financing Service is stored:
– Information related to the customer relationship and the contractual relationship, such as user names and passwords, payment information, customer communication information between AREX and the user, etc.
– Any direct marketing permits and prohibitions;
– Analytical data obtained from the use of the service and segmentation data derived from it for personalization.

We also collect what is available through cookies and other similar technologies which observe information based on your use of the Services. We may combine this perceived information about you with other personal information we collect, such as your customer information, and use that combined information in accordance with this Privacy Policy. In collecting and processing the observed data, AREX also utilizes its partners involved in the production of the Services (such as providers of analytics and automation services). 
 Read more here about AREX's Cookie Policy
  • 5. Where do we receive the personal data we process?

We obtain personal data primarily from the user itself in connection with the use of the Services, for example when the user registers as a user of the AREX invoice financing service. We may also obtain your personal information from our Partners and other parties involved in the provision of the Services to the extent that they have the right to disclose this information to AREX. Information is also obtained in connection with the use of the Services by means of cookies and other similar technologies. 


  • 6. Disclosure and transfer of data outside the EU or the EEA

AREX may disclose your personal information to AREX’s selected partners for direct marketing and other legitimate uses, such as opinion and market research and distance selling. You can always prohibit the use of your personal information for these purposes, in which case we will not disclose the information. However, we may always disclose your personal information to the authorities in accordance with applicable law or any other instruction or regulation of an authority under which AREX is bound. 

We may also disclose your personal information to the transferee company in connection with a business transfer or other business arrangement.

As a general rule, we do not transfer personal data outside the EU/EEA. The servers used to provide the Services are located in the EU. However, we may transfer the user’s personal data outside the EU / EEA, for example if the technical implementation of the Services so requires. In doing so, we will ensure that such transfers are carried out only in accordance with the requirements of data protection law, for example by using service providers that retain personal data in countries identified by the European Commission as providing adequate data protection, using European Commission model clauses or EU-US Privacy Shield, in the case of a transfer to the United States.

  • 7. How long do we retain the personal data of a user?

As a general rule, user data is obtained for as long as the agreement between the User and AREX on the AREX Invoice Finance Service is valid. Personal data will be deleted or anonymized at the end of the agreement, after 1 year, the repayment of an invoice receivable sold or finally, the settlement of an investment. AREX will also delete or anonymize the user’s personal data if the user’s account has not been active for 3 years. Information pursuant to the Act on the Prevention of Money Laundering and Terrorist Financing shall be stored in a reliable manner for 10 years from the end of the regular customer relationship or the completion of the last transaction. 

After this period, the user’s name, telephone number and e-mail address may be retained for direct marketing purposes, unless the user has objected to the direct marketing, in which case AREX will delete or anonymize the data from the register. However, the necessary personal data may always be kept to the extent and for as long as is necessary to comply with the legislation binding on AREX or the decisions of the authorities.


  • 8. Privacy policy addition for the UK market operations

The GBP payment accounts that allow AREX investors to operate in the UK market are provisioned by Transact Payments Limited, licensed by the Gibraltar Financial Services Commission with its registered office at 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA and company registration number 108217, who will also receive your personal data as data controller for that purpose. For more information on their use of your personal data, please see their Privacy Policy.


  • 9. User rights

AREX respects the rights of users of its Services based regarding personal data legislation. The user has the right, in accordance with the applicable personal data legislation to:
– Gain access to his or her personal data processed by AREX and to check what data has been stored about him or her;
– Require the correction, supplementation or deletion of their personal data if the data is incorrect, unnecessary, incomplete or out of date; or change, supplement or delete their own data on the Service; 
– Prohibit the use of their data for direct marketing or profiling, and require the restriction of processing and the transfer of their data from one system to another; and
– Withdrawal of the consents given to AREX in so far as the processing of personal data has been based in part on the consent, without prejudice to the lawfulness of the actions taken before the withdrawal of the consent.

Requests related to the above rights should be submitted by email to [email protected].
The user has the right to lodge a complaint with the authority if he or she considers that his or her data has been processed in breach of this data protection statement or the data protection legislation in force at the time. 
Information Commissioner’s Office
Wycliffe House
Water Lane
Telephone: (+44) (0)303 123 1113
Fax: (+44) (0)1625 524510
Data Protection Commissioner
Postal address: Canal House, Station Road, Portarlington, R32 AP23 Co. Laois, Ireland
Telephone: (+353) 57 8684800 / (+353) (0) 761 104 800 
Fax: (+353) 57 868 4757  
Data Protection Ombudsman’s office
Visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki
Postal address: PO Box 800, FI-00521 Helsinki
Tel: (+358) (0)29 56 66700 
Fax: (+358) (0)29 56 66735 
Autoriteit Persoonsgegevens
PO Box 93374
Telephone: (+31) – (0)70 – 888 85 00
Fax: (+31) – (0)70 – 888 85 01
Agencia Española de Protección de Datos  
C/ Jorge Juan, 6 
Telephone: (+34) 901 100 099 / (+34) 91 266 35 17