1. General terms
2. Categories of the User’s personal data
Mintos processes several categories of the User’s personal data from the User and other third parties:
- identification data such as - the User’s first name and surname, middle name, gender, date of birth, place of birth, personal identity number, place of tax residence, tax ID, investor’s ID number, information form identity document, copy of an identity document, a photograph of the User's profile and a video recording of the verification session;
- contact data such as - the User’s residence address or address for communication purposes, postal address, country of residence, email address and phone number, language of communication
- financial data such as – monthly salary and other regular or irregular income, financial liabilities, source/origin of income (funds), data about transactions, property, bank account;
- occupation (employment) data such as – data about employer / previous employer, occupation, position grade, area of work, working experience, education;
- correspondence records such as - the User’s communication with Mintos through the Platform via live chat, via email and/or by phone, or other tools which could be introduced, as well as information from surveys and polls (type, date, tracking ID);
- location data such as – IP address, login place, transaction place;
- family data such as marital status, dependants and / or family members;
- special category data (data about criminal convictions, legal capacity (in special cases));
- Other data:
- risk profiling and classification (risk type, risk class) and other information gained from risk assessment-based activities;
- voice and / or video recording data such as phone voice recordings;
- data concerning the applicability of any sanctions, including data regarding any relevant business dealings or activities, including any adverse media coverage that is available;
- data about the participation in companies and other types of legal entities, data about managers and other persons having decisive votes or representatives of the companies using or intending to use Services, as well as their ultimate beneficiary owners’ information and contact details of the representatives of the companies using or intending to use the Services.
- information on the purpose and intended nature of the business relationship, investment objectives;
- information on the User's knowledge and experience in investment services
- Transaction data, including the User’s invested funds, investments, transactions, incoming payments, claimed disbursements of money, information regarding the concluded assignment agreements, net annual return, selected currency, available funds, accountancy accounts;
Mintos does not process sensitive data related to the User’s health, ethnicity, religious or political beliefs unless required by law or in specific circumstances where, for example, the User reveals such data while using the Services (e.g. in payments details).
4. Legal basis and purposes of processing personal data
Mintos must have a legal basis for using the User’s personal data. The legal basis are one of the following:
4.1 Performance of agreements
Mintos must have certain personal data to provide the Services and it cannot provide them without the User’s personal data.
The main purpose of the processing of the User’s data by Mintos is to document, execute and administer agreements with the User.
Examples of purposes for processing include, but are not limited to:
- to take steps at the request of the User prior to entering into an agreement, as well as to conclude, execute and terminate an agreement with the User;
- to conduct national and international transactions via credit institutions, settlement and payment systems;
- for managing client relations, providing and administering access to the Services; to authorize and control access to the Services.
4.2. Legal obligations
In order to fulfil legal obligations under applicable regulations, Mintos is required to process the User’s data in accordance with regulatory legislation and data protection legislation.
Examples of purposes for processing are:
- before the User may use the Services on the Platform and Mintos App and during the cooperation with the User under the Agreement, Mintos performs the due diligence of the User, to verify the User’s identity and to keep the User’s data updated and correct by verifying and enriching data through external and internal registers;
- to prevent, discover, investigate and report money laundering, terrorist financing;
- to comply with rules and regulations related to accounting, tax information exchange and risk management;
- to comply with laws governing investment brokerage services;
4.3. Legitimate interests
Mintos sometimes collects and uses the User’s personal data, or shares it with other organisations, because Mintos has a legitimate reason to use it and this is reasonable when balanced against the User’s right to privacy.
Examples of purposes for processing are:
- to provide to the User additional services, such as creating personalized offers;
- to develop, examine and improve Mintos business, the Services and the User experience by performing surveys, analyses, and/ or statistics;
- to organize campaigns for the User;
- to protect the interests of the User and/or Mintos or its employees;
- to manage the relationships with the User;
- to prevent, limit and investigate any misuse or unlawful use or disturbance of the services;
- to ensure adequate provisions of the Services, the safety of information within the Services, as well as to improve, develop and maintain technical systems and IT infrastructure;
- to establish, exercise and defend legal claims and to handle complaints.
- to send verification reminders to Users, who have not completed the verification process.
If the User signs up to Mintos Services, and where allowed by law, Mintos may contact the User by post, email and SMS text message with information about Mintos and its group products, services, offers and promotions. We may use the personal data we have collected about the User in order to tailor Mintos offers to User.
The User can adjust his/ her preferences, or inform Mintos if the User doesn't want to receive any information regarding service, offer and promotions from Mintos, at any time. Just use the privacy settings in User’ Profile, Mintos App or click on the unsubscribe links on any marketing message Mintos sends the User.
Mintos will not pass the User’s details on to any organisations outside the Mintos group of companies for their marketing purposes without the User’s permission.
5. Manners of information collection
To ensure the provision of information and the Services, as well as to fulfil the obligations under applicable law, Mintos collects information about the User in the following ways:
5.1. Directly from you as User or potential User:
5.1.1. Providing an opportunity to fill an application form on Platform or Mintos app;
5.1.2. By means of online communication by phone, email, chat or other communication channels and/or technical tools;
5.2. In an automated way from you as User or potential User:
5.2.1. Technical information that may contain the IP address, device data, software data and similar data;
5.2.2. Social network information and content that may contain identification and social account data;
5.2.3. Cookies (for more information, please see the Cookies policy);
5.3. About you as the User from third parties:
5.3.1. Publicly available resources (social network, social media, public registers);
5.3.2. Spark and Accuity databases, fraud-prevention agencies or other databases;
5.3.3. Cooperation partners and affiliated companies of Mintos.
Mintos has rights to collect any other information in any other case not mentioned above, when the User has given Mintos the consent or any other legal basis exist for collecting the necessary information.
6. Transfer of information to third parties
As part of Mintos processing, Mintos may share the User data with recipients such as authorities, Mintos group companies, suppliers, payment service providers and business partners. Mintos will not disclose more of the User’s personal data than is necessary for the purpose of disclosure and with respect to regulatory legislation and the data protection legislation.
Recipients may process the User personal data acting as data processors and/or as data controllers. When a recipient is processing the User’s personal data on its own behalf as a data controller, the recipient is responsible for providing information on such processing of the User’s personal data. Mintos undertakes to guarantee appropriate technical and organizational security measures to ensure that the personal data processor upholds security standards that are not lower than the security standards set by Mintos.
Mintos discloses personal data to recipients such as:
- authorities, such as law enforcement agencies, bailiffs, notaries, tax authorities, supervisory authorities and Financial Intelligence Unit and any other authorized person, including administrators, which are involved in any restructuring process of the Lending Companies;
- third party, who is taking debt collection steps to recover debt from the User (such as debt collectors, lawyers, court bailiffs, insolvency administrators, etc.),
- to the parent company of Mintos, its governing enterprise and any enterprises dependent on the governing enterprise, other companies or enterprises, which directly or indirectly have obtained a significant share in the share capital of Mintos or in which Mintos has obtained direct or indirect participation, insofar as such information is necessary for the performance of functions delegated to them;
- credit and financial institutions, correspondent banks, custodian banks, insurance providers and intermediaries of services, third parties participating in the trade execution, settlement and reporting cycle;
- financial and legal consultants, auditors or any other data processors of Mintos , insofar as such information is necessary for the performance of functions delegated to them;
- providers of databases and registers, e.g. to credit registers, population registers, commercial registers, securities registers, or other register holding or intermediating the User’s data, debt collectors and bankruptcy, bailiffs, notaries or insolvency administrators;
- participants and/or parties related to domestic, European and international payments;
- persons and suppliers related to provision of the Services of Mintos, such as providers of IT, telecommunications, payment intermediaries, credit institutions, hosting, archiving, postal services, etc;
- upon handing over (transferring) a Claim or Note.
Please be informed that the User data may be requested by the state authorities located in the countries where Mintos offers its services, including countries outside the EU/ EEA. In all such cases Mintos evaluates the request and assesses whether the provided reasoning for the disclosure of the User’s data is substantiated, the requested data amount is proportional and whether the correct channels have been used to request the disclosure of the User’s data. Unless prohibited by law, Mintos will inform the User about receiving a request to disclose the particular User’s data.
7. Geographical area of processing
Mintos and our cooperation partners mainly process the User’s personal data within the European Union/ European Economic Area (hereinafter – EU/ EEA), but in some cases, personal data is transferred to and processed in countries outside of the EU/EEA. The transfer and Processing of Personal Data outside the EU/EEA can take place provided there is a legal basis and one of the following conditions:
- the country outside the EU/EEA, where the recipient is located, has an adequate level of data protection as decided by the EU Commission;
- the controller or processor has provided appropriate safeguards, for example, the EU Standard Contractual Clauses or other authorized contractual clauses, approved codes of conduct or certification mechanisms;
- there are derogations for specific situations applicable, for example, the User’s explicit consent, performance of a contract with the User, conclusion or performance of a contract concluded in the interest of the User, establishment, exercise or defense of legal claims, important reasons of public interest. Upon request, the User can receive further details on his/ her data transfers to countries outside the EU/EEA.
8. Profiling and Automated decisions about the User
Profiling is the segmentation of a User, by evaluating the personal aspects relating to a natural person, in order to apply a relevant service model or tailored marketing offers or perform risk assessment for anti-money laundering purposes.
Depending on Mintos products or services the User uses, Mintos may make automated decisions about the User.
This means that Mintos may use technology that can evaluate the User’s personal circumstances and other factors to predict risks or outcomes. Mintos does this for the efficient running of our services and to ensure decisions are fair, consistent and based on the right information.
Mintos uses profiling to prepare analyses for direct marketing purposes, profiling supports automated decision-making such as risk management and for transaction monitoring to counter fraud, including automated collection of data from databases and making preliminary assessments and conclusions whether the User is eligible for Mintos Services, taking into account the relevant laws and regulations that apply to Mintos and our internal procedures.
Where Mintos makes an automated decision about the User, he/ she/ it has the right to ask that it is manually reviewed by a person. More information about this can be found in the “User rights” section below.
For example, Mintos may make automated decisions about the User that relate to:
Opening Investment Account:
- anti-money laundering and sanctions checks; and
- identity and address checks.
- monitoring the User’s Profile, including Investment Account, to detect fraud and financial crime.
9. Where and how Mintos stores your information
The data that Mintos collects from the User is transferred to and stored at a destination inside the EEA. All information the User provides to Mintos is stored securely on Mintos servers or servers of its partners. The information is encrypted.
Mintos undertakes to do everything necessary, as far as possible, to protect the User's data in case of sending and receiving, offering to upload documents in a secure way.
The access to the User's personal information within Mintos is limited to only those employees who have a good business reason to access or know this information. This is achieved through both technical solutions and physical access rights, as well as proper training and education of Mintos employees who have built appropriate safeguards.
10. Length of retention of information
All User related information, including information that is stored in the User's Profile/ Investment Account and all communications with Mintos, is stored as evidence confirming the identity of the User, conclusion of the Agreement, transactions made and fulfilment of the Agreement, and, is kept until the fulfilment of the Agreement, the data is no longer necessary to provide Services, the data storage timeframe or limitation period for legal proceedings established by the laws and regulations of the Republic of Latvia expires, or whichever occurs later. Below is a summary of some key considerations on how long each category of information is kept.
Mintos will stop actively using any personal identifiable information about the User within 1 (one) month from the moment after the User’s and Mintos business relationships end in accordance with the Agreement.
Mintos will generally keep the User's personal data for 10 (ten) years after Mintos business relationship with the User ends, in accordance with the Agreement or for such period as may be required by applicable local laws. The personal data must be retained for at least 5 (five) years according to the Law on Prevention of Money Laundering and Terrorist Financing. The personal data is retained for another 5 (five) years on the basis of legal interests of Mintos according to the ordinary limitation period of a potential or ongoing court claim or another legal reason.
11. User rights related to personal data
Mintos respects User’s rights to access, manage and control the personal data that Mintos processes. Once Mintos receives a request from the User’s to exercise any of the rights listed below, Mintos will review the User’s request and provide a response without undue delay and in any event within one month of receipt of the request. According to the data protection legislation this time period may be extended if the User’s request is complex or if due to the amount of received requests Mintos cannot prepare a reply within the previously set time limit. In this case Mintos informs the User about the extension of the time limit for preparing a reply to the User’s request and indicates the specific term for preparing a reply.
If the User wishes to exercise any of the rights listed below, they can submit a request in one of the following ways:
- By email to [email protected];
- By request form;
- By signed request to Skanstes iela 50, Riga, LV-1013, Latvia.
An authorized person can submit a request on behalf of the User, provided that a valid power of attorney is enclosed with the request.
Mintos reserves the right to request additional information from the User in order to verify the identity of the person, who has sent the request, and to protect the User’s data from being disclosed to unauthorized persons, as well as to request signed request with secure e-signature or with handwritten signature for verification and security purposes. If the User or Mintos has terminated the Agreement and is not able to identify data subject via User’s Profile, Mintos has the right to request identification of the person before any personal data disclosure, based on such request.
The User has the right to access the personal data free of charge. However, if the User’s requests are manifestly unfounded or excessive, Mintos retains the right to charge a reasonable fee or to refuse to act on the request.
Below is a summary of User’s specific rights.
11.1. Right of access
The User is entitled to receive information on whether or not Mintos processes the User’s personal data, and, if Mintos processes said personal data, and to request a copy of the User’s personal data undergoing processing.
- The User has the right to obtain the following information:
- purposes of the processing;
- categories of personal data being processed;
- personal data recipients or categories of such recipients;
- length of time the data will be stored (or criteria for determining the period);
- User’s rights in connection to the data processing;
- available information on the data source (if the personal data was not obtained from the User);
- existence of automated decision-making.
11.2. Right to rectification, to the extent possible
The User is entitled to request Mintos to rectify the User’s inaccurate or incorrect personal data, as described in the User Agreement. Mintos also provides the User with the option to rectify data in the Investment Account, however, not all data may be rectified through this channel. Mintos will need to verify that the amended data is true and accurate.
11.3. Right to erasure, to the extent possible
The User is entitled to request Mintos to erase the User’s data. This right can be exercised if one of the following grounds apply:
- purposes of the processing have been reached;
- personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- User withdraws the given consent;
- User objects to the processing;
- personal data has been unlawfully processed;
- personal data has to be erased for compliance with a legal obligation.
Mintos reserves the right to reject the request to erase the User’s personal data if there is a legitimate legal ground for doing so, for example, to comply with a legal obligation which requires processing, to establish, exercise or defend legal claims, or for statistical purposes, providing appropriate technical and organizational security measures.
11.4. Right to the restriction of processing
The User is entitled to request Mintos to restrict processing if one of the following grounds apply:
- the User contests the accuracy of the personal data, for a period that enables Mintos to verify the accuracy of the personal data;
- processing is unlawful, and the User requests restriction opposed to the erasure of the personal data;
- Mintos no longer needs the User’s personal data, but the personal data is necessary for the User to establish, exercise or defend legal claims;
- the User has objected to processing, pending the verification, whether the legitimate grounds for processing of Mintos override those of the User.
Upon restricting the processing of the User’s personal data, Mintos will only process the User’s personal data after receiving consent from the User, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest. This does not apply to storing personal data.
11.5. Right to object to the processing of personal data
The User is entitled to object to the personal data processing activities concerning direct marketing or which are based on Mintos legitimate interests but given the basis of the User’s particular situation they want to object to processing on this ground.
11.6. Right to data portability, to the extent possible
The User is entitled to request Mintos to receive and transfer the User’s personal data to the User or another data controller. The User can exercise this right insofar as the data has been provided by the User based on consent or a contract and the processing is carried out by automated means.
This right also applies to raw data that has been provided by the User, relates to the User’s activities or results from observation of the User, for example but not limited to, activity logs, history of website usage. However, this does not apply to data that Mintos creates, for example but not limited to, User profiles created by analyzing the raw data, risk assessments to comply with anti-money laundering rules.
11.7. Right to withdraw consent
The User is entitled to withdraw previously given consent at any time via the User’s Profile, Mintos App or to unsubscribe from the newsletter. However, this will not affect the lawfulness of any processing carried out before the User withdraws his/ her/ its consent. This right applies to receiving commercial notices and overviews from Mintos.
11.8. Right to submit a complaint to the national personal data protection authority
In case of any uncertainty related to the User's personal data, the User is welcome to contact Mintos and the User will be provided with an answer or to find a solution for his/ her/ its issue. However, if the User believes Mintos cannot find the solution, the User is entitled to submit a complaint to the national personal data protection authority regarding data processing activities conducted by Mintos.
The contact information of the national personal data protection authority of the Republic of Latvia:
Data State Inspectorate, Elijas iela 17, Latgales priekšpilsēta, Rīga, LV-1050, phone: +371 67223131, email: [email protected].
11.9. Right to contact Mintos and obtain additional information on the processing of personal data.
The User is entitled to contact Mintos at any time and obtain additional information regarding personal data processing activities.
12. Mintos is committed to keeping the User's personal data safe and secure
Mintos works diligently to protect the User’s personal data and:
- employs several physical and electronic safeguards to keep the User’s information safe;
- stores all its data on servers in secure facilities, and implements systematic processes and procedures for securing and storing data;
- limits access to User’s personal data to only those employees with authorized access who need to know information in order to perform their jobs;
- requires third parties who perform services for Mintos to agree to keep the User’s personal data confidential;
- continues to protect personal data after the Agreement termination;
- provides its employees with necessary training for data protection and security purposes.
Original version: 13.04.2015
Site updated: 19.08.2021