For personal data collected through the Services, the registrar is AREX European Markets Limited, located at The Black Church, St. Mary’s Place, Dublin 7, Ireland.
For personal data related matters, AREX’s contact person is Airto Vienola (CEO), [email protected]
AREX, and in certain situations companies and partners belonging to the same group, handle personal data obtained through the Services, in particular:
– Customer registration, relations and management, such as customer communication, electronically and otherwise, invoicing and collection, etc.
– Production, development and analysis of Services and transactions relating to the services;
– Direct marketing (including electronically, if the user has given his or her consent to the extent that consent is a condition of personal data legislation), profiling, personalization of services, marketing and advertising (including targeting);
– For the prevention and investigation of fraud;
– AREX business planning and development.
In the AREX invoice financing service, we may provide personal information to other users of the Service to the extent necessary to carry out transactions in the Service.
We may also anonymize the personal information we collect and use the information in an anonymized form to develop and analyze the Business and the Service, and to prevent and investigate fraud and other misconduct.
In addition, AREX and the companies belonging to the same group at a given moment, have the right to use and disclose the information in the register for legitimate purposes (such as direct marketing, distance selling and market research) subject to permission and prohibition in accordance with personal data legislation.
Personal data may be processed in companies belonging to the same group as AREX in accordance with the applicable personal data legislation.
AREX ensures that it always has the basis required for the processing of personal data required by personal data legislation. The processing of personal data collected in connection with the Services is based in particular on:
– The contractual relationship between AREX and the Service User regarding the use of the Service;
– Consent given by the Service User when he or she has given his consent to electronic direct marketing;
– The legitimate interest of AREX or a company or partner belonging to the same group\, in particular when personal data is processed on the basis of a customer relationship or for direct marketing purposes;
– A statutory obligation when personal data is processed to detect fraud or other misuse.
We may collect the following personal information from users of the AREX Invoice Financing Service:
– Personal identification number
– Date of birth
– Place of birth
– Home address
– Email address
– Telephone number
– Position in company
– Copy of an identity document
The above personal information is required to enter into an agreement to use the AREX Invoice Financing Service. If the user does not provide the above information, AREX cannot enter into an agreement with the user regarding the use of the service.
In addition, the following information about the users of the AREX Invoice Financing Service is stored:
– Information related to the customer relationship and the contractual relationship, such as user names and passwords, payment information, customer communication information between AREX and the user, etc.
– Any direct marketing permits and prohibitions;
– Analytical data obtained from the use of the service and segmentation data derived from it for personalization.
We obtain personal data primarily from the user itself in connection with the use of the Services, for example when the user registers as a user of the AREX invoice financing service. We may also obtain your personal information from our Partners and other parties involved in the provision of the Services to the extent that they have the right to disclose this information to AREX. Information is also obtained in connection with the use of the Services by means of cookies and other similar technologies.
AREX may disclose your personal information to AREX’s selected partners for direct marketing and other legitimate uses, such as opinion and market research and distance selling. You can always prohibit the use of your personal information for these purposes, in which case we will not disclose the information. However, we may always disclose your personal information to the authorities in accordance with applicable law or any other instruction or regulation of an authority under which AREX is bound.
We may also disclose your personal information to the transferee company in connection with a business transfer or other business arrangement.
As a general rule, we do not transfer personal data outside the EU/EEA. The servers used to provide the Services are located in the EU. However, we may transfer the user’s personal data outside the EU / EEA, for example if the technical implementation of the Services so requires. In doing so, we will ensure that such transfers are carried out only in accordance with the requirements of data protection law, for example by using service providers that retain personal data in countries identified by the European Commission as providing adequate data protection, using European Commission model clauses or EU-US Privacy Shield, in the case of a transfer to the United States.
As a general rule, user data is obtained for as long as the agreement between the User and AREX on the AREX Invoice Finance Service is valid. Personal data will be deleted or anonymized at the end of the agreement, after 1 year, the repayment of an invoice receivable sold or finally, the settlement of an investment. AREX will also delete or anonymize the user’s personal data if the user’s account has not been active for 3 years. Information pursuant to the Act on the Prevention of Money Laundering and Terrorist Financing shall be stored in a reliable manner for 10 years from the end of the regular customer relationship or the completion of the last transaction.
After this period, the user’s name, telephone number and e-mail address may be retained for direct marketing purposes, unless the user has objected to the direct marketing, in which case AREX will delete or anonymize the data from the register. However, the necessary personal data may always be kept to the extent and for as long as is necessary to comply with the legislation binding on AREX or the decisions of the authorities.
AREX respects the rights of users of its Services based regarding personal data legislation. The user has the right, in accordance with the applicable personal data legislation to:
– Gain access to his or her personal data processed by AREX and to check what data has been stored about him or her;
– Require the correction, supplementation or deletion of their personal data if the data is incorrect, unnecessary, incomplete or out of date; or change, supplement or delete their own data on the Service;
– Prohibit the use of their data for direct marketing or profiling, and require the restriction of processing and the transfer of their data from one system to another; and
– Withdrawal of the consents given to AREX in so far as the processing of personal data has been based in part on the consent, without prejudice to the lawfulness of the actions taken before the withdrawal of the consent.