Skip to content
Login
Login

Principles of Customer Data Processing


1. About

Mifundo OÜ (“Mifundo”, “We” or “Us”) provides Verified Passportable Financial Identity solutions. This Privacy Notice (“Notice”) describes the use and collection of personal data carried out by Mifundo as a data controller with regard to the provision of its respective services.


Please note that Mifundo and the third parties (“Company”) who make the corresponding inquiry are acting in the roles of joint controllers in relation to the data processing of applicants’ personal data. Mifundo is acting as an independent data controller when providing the Verified and Passportable Financial Identity service.


The terms “you” or “your” refer to applicants that have submitted an application to a Company and have opted to use Mifundo’s services to support the decision-making process of the Company. This notice informs you of our commitment to protecting your personal information, as well as your rights to privacy and the options and controls you have as a data subject.


When processing your personal data, Mifundo abides by applicable data protection related legal acts, especially the Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”).


If you have any questions about how we handle your personal data, please contact our Data Protection Officer via email at dpo@mifundo.com.


2. What personal data is being processed?

This section informs you of what personal data is processed by Mifundo. We collect and process your personal data from the following sources:


  • data provided by you to Us;
  • data collected from external registers (including population registers, credit bureaus, LexisNexis register for AML/CTF screening (including PEP, sanctions and terrorism screening));
  • data collected from national authorities and account information service providers.


The following list sets forth the different categories of personal data that We process:


Categories of personal data


Personal Details and Contact Data: We process your personal data when We receive a request from the Company and when you activate your Verified Passportable Financial Identity through Mifundo’s platform, including your:


  • full name
  • personal identification number
  • date of birth
  • email address
  • login information
  • phone number
  • preferences and settings related to the account


Identification and Verification Data: We process identity documents and other relevant verification data (such as the document number, validity period and biometric data). Please note that biometric data includes facial image data and facial scans. Your biometric data constitutes as special categories of personal data according to GDPR Art. 9(1).


Credit History: We process both “positive” credit history (such as positive payment behaviour and timely payment of previous loans) and “negative” credit history (such as payment defaults).


Other Data Related to Creditworthiness: We process other personal data related to your finances and financial history (such as a statement of account) and other relevant data and factors that can be used to assess creditworthiness.


Communication Data: We process your communication data and personal details when you contact Us via email or engage with our customer support.


3. Purposes of the processing and legal basis

The following list sets forth our purposes of processing your personal data, as well as the relevant legal basis for each processing operation and which categories of data are being processed.


To help you understand the list better, here is a general overview and description of the different legal bases that Mifundo relies on for processing your personal data:


  • Performance of a contract (GDPR Art. 6(1)(b)): When the processing is necessary for Mifundo to provide you with the services and perform the obligations undertaken before you in accordance with our Terms and Conditions. Where the legal basis for the processing is performance of a contract and you choose to not provide Us with your personal data, We may be unable to perform our services.
  • Legitimate interest (GDPR Art. 6(1)(f)): When the processing relies on our legitimate interest, provided that our interest is not overridden by your interests or fundamental rights and freedoms. We have further explained the specific legitimate interests in the table.
  • Consent (GDPR Art. 6(1)(a)): When you have given Us your respective and freely given consent for the processing of personal data for one or more specified purposes. You can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Compliance with Legal Obligations (GDPR Art. 6(1)(c)): When the processing is necessary for Us to comply with applicable laws and regulations. We have further explained in the table the specific legal obligations that We are subject to and rely on when processing your personal data.


We process your personal data for the following purposes and on the following legal grounds:


Initiating the provision of services by receiving your email address from the Company 


Categories of personal data:

  • Personal Details and Contact Data (email address only)) 


Legal Basis: 

  • Legitimate interest: The legitimate interest of engaging in verifying the reliability of a future contractual partner 
  • Compliance with Legal Obligations: The legal obligation of the Company to collect data on the applicant is stipulated in the Article 403⁴ (1) of the Law of Obligations Act. The email address is forwarded to Us to initiate the collection of data


Verifying your identity and creating your account 


Categories of personal data:

  • Personal Details and Contact Data
  • Identification and Verification Data)


Legal Basis: 

  • Performance of a contract and given Consent (for use of biometric data for verification)


Collection of Credit History and Other Data Related to Creditworthiness from foreign credit bureaus and other external registries 


Categories of personal data:

  • Credit History
  • Other Data Related to Creditworthiness). 


Legal Basis: 

  • Consent


Collection and standardization of data and the creation of a credit score according to Mifundo’s own model 


Categories of personal data:

  • Personal Details and Contact Data
  • Credit History
  • Other Data Related to Creditworthiness 


Legal Basis:

  • Performance of a contract
  • Consent (for collection of data from foreign registers and credit bureaus)
  • Consent (for any assessment of creditworthiness that is carried out in an automated manner)


Displaying the collected and processed data/results related to a specific loan application, including the credit score


Categories of personal data:

  • Personal Details and Contact Data
  • Credit History
  • Other Data Related to Creditworthiness


Legal Basis:

  • Performance of a contract


Creation of the Verified Passportable Financial Identity


Categories of personal data:

  • Personal Details and Contact Data
  • Credit History
  • Other Data Related to Creditworthiness


Legal Basis:

  • Performance of a contract


Transmission of the data and scores to the Company


Categories of personal data:

  • Personal Details and Contact Data
  • Credit History
  • Other Data Related to Creditworthiness


Legal Basis:

  • Legitimate interests (for the transmission of “negative” credit data): Legitimate interests for the disclosure of payment defaults that are not subject to banking secrecy, as per § 88(2)(4) of the Credit Institutions Act, that have been extended to Mifundo by the Company.
  • Consent (for the transmission of “positive” credit data, which is subject to banking secrecy in accordance with § 88(3)(2) of the Credit Institutions Act)


Using the data reported back by the Company for Mifundo’s own purposes (such as development of credit score modelling)


Categories of personal data:

  • Personal Details and Contact Data
  • Credit History
  • Other Data Related to Creditworthiness


Legal Basis:

  • Legitimate interest (for the use of “negative” credit data): Legitimate interests of Mifundo for credit score modelling using the credit information, which as per § 88(2)(4) of the Credit Institutions Act, is not subject to banking secrecy
  • Consent (for the use of positive payment-behaviour, which is subject to banking secrecy in accordance with § 88(3)(2) of the Credit Institutions Act)


Providing you with customer support


Categories of personal data:

  • Personal Details and Contact Data
  • Communication Data


Legal Basis:

  • Performance of a contract
  • Legitimate interests: It is in the legitimate interests of Mifundo to provide you with sufficient customer support in relation to our services


4. Who do we share your personal data with?

Mifundo shares your personal data with Companies to whom you have submitted an application in accordance with the purposes of the processing. Mifundo also shares your personal data with third-party service providers that help Us provide our services (such as Sumsub). In addition, We are obliged to share your personal data where there is a legal obligation to do so (for example, to disclose personal data to public authorities at their lawful request).


Mifundo discloses your personal data to its data processors only if Mifundo and the data processor have signed a data processing agreement pursuant to Art. 28(3) in the GDPR.


Mifundo operates internationally, which means that in certain cases your personal data may be transferred to third countries. In those cases, Mifundo will make sure to utilize appropriate safeguards in order to protect the processing of your personal data. With respect to the foregoing, We will rely on the adequacy decisions of the European Commission and implement standard contractual clauses approved by the European Commission.


5. How long do we retain your personal data?

Mifundo retains your personal data only as long as this is necessary for achieving the purposes specified in section 3 above. In certain cases, Mifundo must follow the deadlines for storing personal data according to applicable legal acts.


6. Existence of automated decision making

Mifundo uses your personal data to calculate a credit score. The calculation of the credit score is based on a conversion based on predetermined inputs and outputs and its purpose is to provide the data subject with information about their financial behaviour and the likelihood of correct payment of possible obligations.


7. What are your rights?

As a data subject, you have the following rights, taking into account restrictions stipulated in applicable data protection related legal acts:


  • Right of access: you have the right to be informed about the processing of your personal data and the right to access your personal data and request copies.
  • Right to rectification: you have the right to request Us to correct, amend or update incorrect and/or incomplete personal data about you.
  • Right to erasure: under certain conditions (for example, in the case of withdrawing consent), you have the right to request that We erase your personal data. Requests to erase personal data may not be granted if the processing is required by a legal obligation or if there is an overriding legitimate interest or other excluding grounds.
  • Right to restriction: under certain conditions (for example, in the case of withdrawing consent), you have the right to request that We restrict the processing of your personal data. Requests to restrict the processing of your personal data may not be granted if the processing is required by a legal obligation or if there is an overriding legitimate interest or other excluding grounds.
  • Right to data portability: under certain conditions, you have the right to ask Us to transmit your personal data directly to you or another organisation in a machine-readable format. This right only applies to the data that you have provided to Us.
  • Right to object: you have the right to object to the processing of your personal data under certain conditions (for example, when the processing relies on legitimate interests).
  • Right to object to automated decision-making: You have the right to not be subject to solely automated processing that has a legal or significant effect. Please note that there are exceptions to the applicability of this right (for example, if the processing relies on your consent, is necessary for the performance of the contract or is permitted by law).
  • Right to withdraw your consent: You can withdraw your consent at any time (if the processing relies on it), without affecting the lawfulness of processing prior to the withdrawal.
  • Right to file a complaint: You have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for data protection in Estonia is the Estonian Data Protection Inspectorate. You also have the right to file a claim with the court.


Should you wish to exercise any of the rights listed above, please contact our Data Protection Officer via email at dpo@mifundo.com.

Mifundo reserves the right to make changes to this Notice. An updated version of the Notice is always available on Mifundo’s website.

EAS logo

Building the prototype for the Cross-Border lending Project was supported by European Union through European Regional Development Fund and Enterprise Estonia. Grant was in the sum of 35 000 euros and total cost of the project was 52 560 euros. 

Cross-Border lending powered by Artificial Intelligence is supported by European Union through European Regional Development Fund and Enterprise Estonia (project number 2014-2020.4.02.21-0372). Project period is 12.02.2021 - 31.12.2023. Grant is in the sum of 691 260,05 euros and total cost of the project is 1 069 189 euros. 

Mifundo is funded by European Innovation Council (EIC) Accelerator through blended finance scheme, containing a grant component in the sum of 2 499 999 euros and equity funding of 6 300 000 euros.