Privacy Policy - EN - AREX Markets

(Updated 23.03.2021)

AREX European Market Limited (“AREX” or “we” from here on) respects the privacy of the users of its services and is committed to the proper processing and protection of users’ personal information. In this AREX Privacy Policy we describe how AREX handles the personal information of users of the AREX Invoice Finance Service and its other online services (the “Services” from here on). By using the Services, you acknowledge that you have read this Privacy Policy.

1. Name and contact details of the registrar

For personal data collected through the Services, the registrar is AREX European Markets Limited, located at The Black Church, St. Mary’s Place, Dublin 7, Ireland.

For personal data related matters, AREX’s contact person is Airto Vienola (CEO), [email protected]

2. For what purposes do we process personal data?

AREX, and in certain situations companies and partners belonging to the same group, handle personal data obtained through the Services, in particular:
– Customer registration, relations and management, such as customer communication, electronically and otherwise, invoicing and collection, etc.
– Production, development and analysis of Services and transactions relating to the services;
– Direct marketing (including electronically, if the user has given his or her consent to the extent that consent is a condition of personal data legislation), profiling, personalization of services, marketing and advertising (including targeting);
– For the prevention and investigation of fraud;
– AREX business planning and development.

In the AREX invoice financing service, we may provide personal information to other users of the Service to the extent necessary to carry out transactions in the Service.

AREX websites can be browsed without providing any personal information. However, AREX can collect user information through cookies and other similar technologies as described in our Cookie Policy.

Check out here our Cookie Policy

We may also anonymize the personal information we collect and use the information in an anonymized form to develop and analyze the Business and the Service, and to prevent and investigate fraud and other misconduct.

In addition, AREX and the companies belonging to the same group at a given moment, have the right to use and disclose the information in the register for legitimate purposes (such as direct marketing, distance selling and market research) subject to permission and prohibition in accordance with personal data legislation.

Personal data may be processed in companies belonging to the same group as AREX in accordance with the applicable personal data legislation.

3. On what grounds do we process personal data?

AREX ensures that it always has the basis required for the processing of personal data required by personal data legislation. The processing of personal data collected in connection with the Services is based in particular on:
– The contractual relationship between AREX and the Service User regarding the use of the Service;
– Consent given by the Service User when he or she has given his consent to electronic direct marketing;
– The legitimate interest of AREX or a company or partner belonging to the same group\, in particular when personal data is processed on the basis of a customer relationship or for direct marketing purposes;
– A statutory obligation when personal data is processed to detect fraud or other misuse.

4. What personal information do we collect

We may collect the following personal information from users of the AREX Invoice Financing Service:
– Name
– Personal identification number
– Date of birth
– Place of birth
– Nationality
– Home address
– Email address
– Telephone number
– Position in company
– Copy of an identity document

The above personal information is required to enter into an agreement to use the AREX Invoice Financing Service. If the user does not provide the above information, AREX cannot enter into an agreement with the user regarding the use of the service.

In addition, the following information about the users of the AREX Invoice Financing Service is stored:
– Information related to the customer relationship and the contractual relationship, such as user names and passwords, payment information, customer communication information between AREX and the user, etc.
– Any direct marketing permits and prohibitions;
– Analytical data obtained from the use of the service and segmentation data derived from it for personalization.

We also collect what is available through cookies and other similar technologies which observe information based on your use of the Services. We may combine this perceived information about you with other personal information we collect, such as your customer information, and use that combined information in accordance with this Privacy Policy. In collecting and processing the observed data, AREX also utilizes its partners involved in the production of the Services (such as providers of analytics and automation services).

Read more here about AREX's Cookie Policy

5. Where do we receive the personal data we process?

We obtain personal data primarily from the user itself in connection with the use of the Services, for example when the user registers as a user of the AREX invoice financing service. We may also obtain your personal information from our Partners and other parties involved in the provision of the Services to the extent that they have the right to disclose this information to AREX. Information is also obtained in connection with the use of the Services by means of cookies and other similar technologies.

6. Disclosure and transfer of data outside the EU or the EEA

AREX may disclose your personal information to AREX’s selected partners for direct marketing and other legitimate uses, such as opinion and market research and distance selling. You can always prohibit the use of your personal information for these purposes, in which case we will not disclose the information. However, we may always disclose your personal information to the authorities in accordance with applicable law or any other instruction or regulation of an authority under which AREX is bound.

We may also disclose your personal information to the transferee company in connection with a business transfer or other business arrangement.

As a general rule, we do not transfer personal data outside the EU/EEA. The servers used to provide the Services are located in the EU. However, we may transfer the user’s personal data outside the EU / EEA, for example if the technical implementation of the Services so requires. In doing so, we will ensure that such transfers are carried out only in accordance with the requirements of data protection law, for example by using service providers that retain personal data in countries identified by the European Commission as providing adequate data protection, using European Commission model clauses or EU-US Privacy Shield, in the case of a transfer to the United States.

7. How long do we retain the personal data of a user?

As a general rule, user data is obtained for as long as the agreement between the User and AREX on the AREX Invoice Finance Service is valid. Personal data will be deleted or anonymized at the end of the agreement, after 1 year, the repayment of an invoice receivable sold or finally, the settlement of an investment. AREX will also delete or anonymize the user’s personal data if the user’s account has not been active for 3 years. Information pursuant to the Act on the Prevention of Money Laundering and Terrorist Financing shall be stored in a reliable manner for 10 years from the end of the regular customer relationship or the completion of the last transaction.

After this period, the user’s name, telephone number and e-mail address may be retained for direct marketing purposes, unless the user has objected to the direct marketing, in which case AREX will delete or anonymize the data from the register. However, the necessary personal data may always be kept to the extent and for as long as is necessary to comply with the legislation binding on AREX or the decisions of the authorities.

8. Privacy policy addition for the UK market operations

The GBP payment accounts that allow AREX investors to operate in the UK market are provisioned by Transact Payments Limited, licensed by the Gibraltar Financial Services Commission with its registered office at 6.20 World Trade Center, 6 Bayside Road, Gibraltar, GX11 1AA and company registration number 108217, who will also receive your personal data as data controller for that purpose. For more information on their use of your personal data, please see their Privacy Policy.

9. User rights

AREX respects the rights of users of its Services based regarding personal data legislation. The user has the right, in accordance with the applicable personal data legislation to:
– Gain access to his or her personal data processed by AREX and to check what data has been stored about him or her;
– Require the correction, supplementation or deletion of their personal data if the data is incorrect, unnecessary, incomplete or out of date; or change, supplement or delete their own data on the Service;
– Prohibit the use of their data for direct marketing or profiling, and require the restriction of processing and the transfer of their data from one system to another; and
– Withdrawal of the consents given to AREX in so far as the processing of personal data has been based in part on the consent, without prejudice to the lawfulness of the actions taken before the withdrawal of the consent.

Requests related to the above rights should be submitted by email to [email protected]

The user has the right to lodge a complaint with the authority if he or she considers that his or her data has been processed in breach of this data protection statement or the data protection legislation in force at the time.

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Telephone: (+44) (0)303 123 1113

Fax: (+44) (0)1625 524510

Ireland

Data Protection Commissioner

Postal address: Canal House, Station Road, Portarlington, R32 AP23 Co. Laois, Ireland

Telephone: (+353) 57 8684800 / (+353) (0) 761 104 800

Fax: (+353) 57 868 4757

Email: [email protected]

Finland

Data Protection Ombudsman’s office

Visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki

Postal address: PO Box 800, FI-00521 Helsinki

Tel: (+358) (0)29 56 66700

Fax: (+358) (0)29 56 66735

E-mail: [email protected]

Netherlands

Autoriteit Persoonsgegevens

PO Box 93374

2509 AJ DEN HAAG

Telephone: (+31) – (0)70 – 888 85 00

Fax: (+31) – (0)70 – 888 85 01

Spain

Agencia Española de Protección de Datos

C/ Jorge Juan, 6

28001-Madrid

Telephone: (+34) 901 100 099 / (+34) 91 266 35 17

Email: [email protected]

Cookie	Type	Duration	Description
cookielawinfo-checkbox-necessary	third party	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies are used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	Third-party	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies are used to store the user consent for the cookies in the category "Non-necessary".
pll_language	third party	1 year	This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.
SL_C_*_KEY	Third party	13 months	This cookie is set by Smartlook, it identifies our project key, specific to each project that we have in Smartlook.
SL_C_*_SID	Third party	13 months	This cookie is set by Smartlook, this is the session ID, that is assigned to each new session.
SL_C_*_VID	Third party	13 months	This cookie is set by Smartlook, this is the visitor ID, assigned to each new visitor
viewed_cookie_policy	third party	1 year	This primary cookie records the user consent for the usage of the cookies upon ‘accept’ and ‘reject’. It does not track any personal data and is set only upon user action (accept/reject).
_ga	third party	2 years	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
_gat	third party	1 day	Used by Google Analytics to throttle request rate.
_gid	third party	1 day	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
__cfduid	third party	1 month	The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.

1. Name and contact details of the registrar

2. For what purposes do we process personal data?

3. On what grounds do we process personal data?

4. What personal information do we collect

5. Where do we receive the personal data we process?

6. Disclosure and transfer of data outside the EU or the EEA

7. How long do we retain the personal data of a user?

8. Privacy policy addition for the UK market operations

9. User rights

[email protected]

AREX European Market Limited