Bondora Terms of Use

1. DEFINITIONS

1.1. Borrower – User who has submitted a Loan Application and/or has entered into a Loan Agreement as a borrower.

1.2. Banking Day – a business day, i.e. any day, except Saturday, Sunday and a national or a public holiday of the Republic of Estonia and the Republic of Finland.

1.3. Claim – a monetary claim deriving from the Loan Agreement against the Borrower.

1.4. Fees – applicable charges for the Users as provided in the Price List made available in the Portal.

1.5. General Conditions – general conditions of the Loan Agreement made available in the Portal.

1.6. Lender – Bondora AS Finnish branch, Business ID: 2694508-8. Postal address: Lautatarhankatu 6, 100580 Helsinki, Finland

1.7. Lender’s webpage – www.bondora.fi

1.8. Lender’s e-mail address – [email protected]

1.9. Loan Amount – the amount payable by the Lender to the Borrower under the Loan Agreement, i.e. the principal under the Loan Agreement.

1.10. Loan or Loan Agreement - a loan agreement concluded through the Portal between the Borrower and the Lender.

1.11. Loan Application – an application submitted by the User through the Portal together with all information (and documents) presented by the User to the Lender to receive an offer to conclude the Loan Agreement.

1.12. Interest - the fee rate for using the Loan Amount.

1.13. Maximum Loan Amount – the principal amount up to which extent the Borrower agrees to enter into the Loan Agreement.

1.14. Lender – the Lender.

1.15. Portal – an e-service environment located at www.bondora.fi on the Internet and administered by the Lender, through which the Users can borrow money.

1.16. Reference Number – a personalised number for each User by which a User can be identified.

1.17. Special Conditions – special conditions of the Loan Agreement.

1.18. Terms of Use – these Bondora’s Terms of Use.

1.19. User – a party to the current User Agreement in the capacity of a user.

1.20. User Agreement – an agreement concluded between the User and the Lender which enables the User to use functionalities of the Portal and under which the Lender is providing services to the User through the Portal.

2. GENERAL PART

2.1. The Terms of Use shall determine the main terms and conditions of: 1) the communication between the Lender and the User; and 2) the services provided by the Lender to the User.

2.2 These Terms of Use shall form an integral part of all User Agreements and other agreements concluded between the User and the Lender when using the Portal. The Terms of Use shall become applicable when the User Agreement is deemed to have been concluded in accordance with Section 3.4.

2.3 In addition to the Terms of Use, the relationship between the Lender and the User shall be regulated by the applicable law and the Loan Agreement(s) concluded between the Lender and the User. If the Terms of Use are in conflict with the Loan Agreement, the Loan Agreement shall have a priority.

2.4 Terms of Use, General Terms of the Loan Agreement, Price List and other relevant information and documents shall be made available to the User at any time free of charge on the Lender’s webpage and/or in the Portal.

3. BECOMING A USER

3.1. Only by becoming a User, a person shall obtain a right to use the User’s functionalities of the Portal, including:

• 3.1.1. a right to submit Loan Applications;
• 3.1.2. a right to conclude Loan Agreements;
• 3.1.3. a right to apply for using other services offered by the Lender and to conclude respective agreements;
• 3.1.4. an opportunity to communicate with the Lender.

3.2 . In order to become a User of the Portal, a person must:

• 3.2.1. register his/her e-mail address on the webpage of the Lender;
• 3.2.2. confirm that he/she accepts the terms and conditions of the Terms of Use;
• 3.2.3. confirm that he/she accepts that his/her personal data shall be processed by the Lender in accordance with Section 10; and
• 3.2.4. verify his/her e-mail address by logging in the Portal by using temporary password created by the Portal.

3.3. By confirming acceptance with the terms and conditions of the Terms of Use, the User represents and warrants:

• 3.3.1. he/she is a natural person;
• 3.3.2. he/she is at least 18 years of age;
• 3.3.3. he/she has full passive and active legal capacity;
• 3.3.4. he/she is a citizen of the European Union or Switzerland;
• 3.3.5. he/she is a permanent resident of the European Union or Switzerland;
• 3.3.6. he/she is not a Politically Exposed Person;
• 3.3.7. he/she is not a subject to an International Financial Sanction;
• 3.3.8. he/she is not under the influence of a relevant mistake, an unlawful threat or violence or other condition which may have unpropitiously influenced his/her judgement.

3.4. A User Agreement shall be deemed to have been concluded between the Lender and the User on the terms and conditions set forth herein immediately after fulfilment of all conditions provided in Section 3.2 and shall be valid for an unlimited period or until terminated in accordance with Section 12.

3.5. The User shall not receive a notification confirming that the User Agreement has been concluded between the parties, but instead, shall gain an access to the User functionalities of the Portal. The User Agreement, including the Terms of Use, shall be sent to User’s e-mail address without delay and shall be made available to the User at any time free of charge in the Portal.

4. USER IDENTIFICATION

4.1. For logging in the Portal, the User has to enter his/her Portal user name and password.

4.2. Before conclusion of the first Loan Agreement, the User shall identify himself/herself by:

• 4.2.1. making a bank transfer from a bank account opened on his/her name in a credit institution which has its place of business in a contracting state of the European Economic Area either directly from such bank account or by using any of the alternatives accepted by the Lender;
• 4.2.2. submitting any and all documents requested by the Lender for the purposes of identifying the User and for complying with applicable money laundering and terrorist financing prevention regulations.

4.3. If identification in accordance with Section 4.2 is not required by the applicable law, the User shall be identified before any action or transaction which has legal consequences (e.g. before conclusion of a Loan Agreement or submitting withdrawal application) by using one of the following identification methods chosen by the User:

• 4.3.1. unique user name and password of the Portal chosen by the User;
• 4.3.2. mobile approval by using unique PIN-code sent to the User’s mobile number; or
• 4.3.3. approval by any other means which are compliant with the applicable legislation and considered sufficient by the Lender.

4.4. Upon identifying a User, the Lender shall not be limited by Sections 4.1 to 4.3 and shall have the right at any time to unilaterally alter the identification process, including use other legally permitted methods for identification.

4.5. Information, received through the identification process, such as name, personal ID code, bank account number, residential address etc. will be collected at the end of the registration process and stored as personal data.

4.6. Any person logging in the Portal with User’s tools (e.g. user name and password) are deemed to be the User, unless the User has informed the Lender that a third person has gained access to the tools.

5. GENERAL OBLIGATIONS OF USER

5.1. The User shall:

5.1.1. not use the Portal for illegal transactions or operations, including for fraud, money laundering, terrorist financing etc.;

5.1.2. submit to the Lender true, accurate and not misleading information and shall not withhold from the Lender any information which might be relevant to the Lender;

5.1.3. inform the Lender immediately but not later than within five (5) Banking Days about any and all changes in the information and/or documents he/she has submitted to the Lender;

5.1.4. inform the Lender immediately but not later than within five (5) Banking Days about any circumstances which affect or may affect User’s ability to fulfil his/her obligations arising from any agreements concluded between the Lender and the User, above all, from the Loan Agreements;

5.1.5. keep the data and tools required for logging in the Portal, including ID-card, passwords and usernames in such a manner that third parties do not gain possession of such data or tools;

5.1.6. inform the Lender immediately, but not later than within five (5) days if third party has gained possession of the data or tools specified in Section 5.1.5;

5.1.7. act politely and respectfully when communicating with the Lender.

5.2. If the User fails to fulfil its obligations under Section 5.1.3, the Lender shall have a right to assume that the information and documents previously submitted by the User are correct until otherwise notified by the User.

6. EXCHANGE OF INFORMATION

6.1. Communication between the User and the Lender shall be in the language of the Terms of Use and shall be sent to the receiving party through the Portal, unless otherwise agreed herein and/or required by the law.

6.2. If a communication between the User and the Lender shall be sent to the receiving party by an e-mail or mail, then it shall be sent by using contact data notified by the receiving party to the other party through the Portal, by e-mail or mail. The party shall bear the risk of not notifying the other party about the change in his contact data.

6.3. Communication sent to the other party by using correct contact data shall be deemed to have been received by the receiving party: 1) if delivered personally, when delivered against the signature; 2) if sent through the Portal or by e-mail, three (3) days after being sent; 3) if sent by mail to a destination within the country of dispatch, five (5) days after being deposited by registered mail; and 4) if sent by mail to a destination outside the country of dispatch, seven (7) days after being deposited by registered mail.

6.4. If the User has not received a communication the receipt of which he/she can anticipate or the receipt of which has been agreed between the parties, the User shall notify the Lender immediately, but not later than within three (3) Banking Days after the deadline during which one could expect receipt of the notification has passed.

6.5. The User shall be obliged to immediately verify the correctness of the information included in the communication received from the Lender and lodge his/her complaints immediately after receipt of the communication.

7. APPLYING FOR A LOAN

7.1. It is only possible to apply for Loans by submitting a Loan Application through the Portal.

7.2. The User shall disclose and determine in the Loan Application:

• 7.2.1. contact data, including his/her name, personal ID-code, address, phone number;
• 7.2.2. general information, including information about his/her home ownership, education, relationship status, dependants, employment status;
• 7.2.3. information about his/her income;
• 7.2.4. information about his/her liabilities;
• 7.2.5. information about his/her payment defaults;
• 7.2.6. preferred Loan Amount;
• 7.2.7. purpose of the Loan;
• 7.2.8. due date of Monthly Repayments; and
• 7.2.9. other information that may be requested by the Lender (including but not limited to documents to verify the income and liabilities of the User).

7.3. By submitting a Loan Application, the User confirms that:

• 7.3.1. the data and documents submitted by him/her to the Lender are true, accurate and not misleading and he/she has not withhold from the Lender any information which is or might be relevant to it;
• 7.3.2. the data and documents submitted by him/her to the Lender may be handed over to the Lender and the Lender may use them in accordance with the data protection rules set forth in Section 10;
• 7.3.3. he/she has thoroughly examined the terms and conditions of the Terms of Use and the Loan Agreement, fully understands their contents and confirms that they are fully coherent with his/her will; and
• 7.3.4. representations and warranties made pursuant to the Terms of Use and the Loan Agreement, are correct.

7.4. Before submitting a Loan Application, the User must identify himself/herself in accordance with Section 4.

7.5. The Loan Application is not binding to the User, i.e. he/she may withdraw the Loan Application without declaring the reason at any time before conclusion of the respective Loan Agreement.

8. CREDITWORTHINESS ASSESSMENT AND CREDIT DECISION

8.1 . The Lender shall assess the creditworthiness of the User and shall make a credit decision based on the data and documents submitted by the User and made available to the Lender in the public databases or otherwise.

8.2. The Lender shall have a right to make one of the following credit decisions:

• 8.2.1. accept the Loan Application;
• 8.2.2. reject the Loan Application; or
• 8.2.3. make a counteroffer and accept the amended Loan Application.

8.3. The Lender shall make the credit decision and inform the User about it immediately, but not later than within two (2) Banking Day as of receiving all required data and documents from the User. The Lender shall not be obliged to substantiate the credit decision, unless it rejects the Loan Application based on information it has received from the public databases, in which case it shall inform the User about the results of such inquiries.

9. CONCLUSION OF LOAN AGREEMENT

9.1. The Loan Agreement shall be considered legally binding and concluded between the Lender and the Borrower as of the date it has been electronically or digitally signed or approved by both parties.

9.2. The Loan Agreement and other required information and documents shall be made available to the User through the Portal immediately after the Loan Agreement shall be deemed to have been concluded between the parties and shall be made available at any time during the term of the Loan Agreement free of charge in the Portal.

10. RESTRICTION OF A RIGHT TO USE PORTAL AND CONDUCT IN CASE OF PAYMENT DEFAULT

10.1. The Lender has the right to restrict or cancel User’s right to use the Portal, reject Loan Applications and as far as permitted by the applicable law, refuse to perform its obligations under the User Agreement and/or any Loan Agreement and/or any other agreement concluded between the Lender and the User if the User is in a breach of the User Agreement and/or, the Loan Agreement any other agreement concluded with the Lender.

10.2. The Lender shall have a right to contact the User regarding any arrears using all contact details disclosed by the Borrower to the Lender.

10.3. If the User has entered into more than one Loan Agreement and the funds transferred to the Lender are insufficient for satisfying all Claims due and payable, the funds shall be divided by the Lender proportionally.

11. TERMINATION OF THE USER AGREEMENT

11.1. The User shall have a right to withdraw from the User Agreement without providing a reason within fourteen (14) days as of the date of entry into the User Agreement by submitting a withdrawal application which can be reproduced in writing through the Portal or via e-mail. To exercise the right to withdraw from the User Agreement, an application for withdrawal must be submitted to the Lender before the expiry of the term specified herein. In order to validly withdraw from the User Agreement, the User must fulfil immediately, but not later than within thirty (30) days after submitting an application for withdrawal, fulfil all his/her outstanding financial obligations towards the Lender under any agreement. Should the User fail to fulfil his/her obligations within the term set forth herein, the User shall be deemed to not have validly withdrawn from the User Agreement.

11.2. The User may terminate the User Agreement by submitting to the Lender a relevant application which can be reproduced in writing through the Portal or by e-mail only if all his/her financial obligations towards the Lender under any agreement have been completely fulfilled.

11.3. The Lender may terminate the User Agreement and disable or restrict access to the Portal[, in each case subject to Sections 3.3 and 13.3, as applicable, of the General Conditions, including the grace periods set out therein,] if:

• 11.3.1. the User violates the terms and conditions of the User Agreement;
• 11.3.2. the User has used or is using without the Lender’s written consent any automated means (which access means are not provided by the Lender) to access the Portal and collect any data from the Portal through automated means (included harvesting bots, robots, spiders, scrapers or any other automatic devices or programs) or if the User is using framing techniques to enclose any of the data or content to the Portal or otherwise affect the Portal.

12. FEES, COSTS, COMPENSATION

12.1. The Lender shall have a right to receive and the User shall be obliged to pay a Fee for the rendered services pursuant to the Price List, Loan Agreement and/or other agreements he/she has concluded with the Lender.

12.2. In addition to the Fees specified in the Price List and in the agreements concluded between the Lender and the User, the User shall cover all Lenders cost which arise from the operations performed in the interest of the User and the costs relating to the collection of claims which have become collective (including legal expenses, debt collection expenses, court expenses etc.) up to the maximum amount permitted by applicable law.

12.3. All Fees and costs shall be paid by the User to the Lender in accordance with the relevant notification made available to the User in the Portal by the end of the reasonable payment term indicated on the notification.

12.4. The User shall pay all Fees and costs without any deductions and/or set-off.

13. LIABILITY

13.1. The User shall be liable for the damage and loss caused to the Lender due to the fact that the User failed to duly fulfil any of his/her notification obligations deriving from the Terms of Use or other agreements concluded between the User and the Lender, including (but not only), unless the User has duly fulfilled his/her notification obligation under Section 5.1.6, the User shall be liable for the damage and loss caused to the Lender due to the fact that a third party has gained possession of the data and tools specified in Section 5.1.5.

13.2. The User shall enter into transactions through the Portal directly and at his/her own liability, being a party to the transactions themselves; the agreement forms suggested in the Portal can be used by Users at their own liability and risk. The Lender is not liable for possible obligations that may arise for the User according to the law as a result of concluding or executing a Loan Agreement using the Portal.

13.3. Nothing in this Agreement limits the liability in case of wilful breach of obligations.

14. AMENDMENTS

14.1. The Lender shall have a right to unilaterally amend the Terms of Use if the applicable legislation or standards regulating the relations arising from the Terms of Use change and amendment of the Terms of Use is required to comply with the new legislation and/or standards. The User shall be notified of such amendments through the Portal. The amendments shall enter into force as of the disclosure of the relevant notification in the Portal.

14.2. The Lender shall have a right to unilaterally amend the Terms of Use provided that such amendments are not unfair with regard to the User, the User shall be given a minimum of thirty (30)-day advance notice and the User shall be given a right to immediately terminate the User Agreement and all other agreements concluded between the Lender and the User. The User shall be notified of such amendments through the Portal without delay. For the avoidance of doubt, should the User choose to terminate the User Agreement and all other agreements concluded between the Lender and the User, then he/she shall submit a relevant application to the Lender through the Portal or by e-mail address within thirty (30) days as of receipt of relevant advance notification and must fulfil all his/her financial liabilities arising from the any of the agreements concluded with the Lender within the same term. For the avoidance of doubt, if the User fails to fulfil all his/her financial liabilities within such term, the User shall be deemed to not have validly terminated the User Agreement or any other agreement concluded with the Lender. The amended Terms of Use shall enter into force within thirty (30) days as of the disclosure of the notification or when the User accepts the amended Terms of Use by clicking the respective field (e.g. box, button or similar) when logging in the Portal, whichever occurs earlier.

14.3 . The Lender shall have a right to unilaterally amend the Price List, in which case the User shall be given an advance notice of at least thirty (30) days and the right to immediately terminate the User Agreement and all other agreements concluded between the Lender and the User. The amended Price List shall enter into force as of the disclosure of the notification, provided that the User has not chosen to terminate the User Agreement in accordance with this Section.

15. GOVERNING LAW AND DISPUTE RESOLUTION

15.1. The Terms of Use and the User Agreement shall be governed by the laws of the Republic of Estonia.

15.2. Any disputes between the Lender and the User arising out of or in connection with the Terms of Use or User Agreement shall be resolved by way of negotiations, taking into account the Procedure for Processing Consumer Complaints in force at the time and made available on the webpage of the Lender. The User shall additionally have a right to address competent pre-trial bodies, e.g. the Finnish Consumer Disputes Board (in Finnish: kuluttajariitalautakunta), the Estonian Consumer Protection Board, the Estonian Financial Supervision Authority and/or the Estonian Data Protection Inspectorate. A dispute which the parties fail to resolve within reasonable time through amicable negotiations shall be settled (i) in the appropriate courts of the Republic of Estonia, also (but not only) if the User takes up residence abroad following the entry into force of the User Agreement or if the place of residence of the User at the time of filing an action is unknown and (ii) in respect of Users having domicile in Finland, in the competent district court of Finland as first instance.

16. MISCALLENEOUS

16.1. In the event of the Lender’s insolvency, entry into new Loan Agreements shall be terminated immediately. The insolvency of the Lender shall not affect the validity of the Loan Agreements.

16.2. The Portal, the website of the Lender and the copyright of the contents thereof belong to the Lender. The User does not have the right to save, copy, change, transfer, forward and/or disclose the pages of the Portal for a purpose other than for personal use.

16.3. The Lender is supervised by the Estonian Financial Supervision Authority (address: Sakala 4, 15030 Tallinn, Estonia; email: [email protected]; webpage: [email protected]).

These Terms of Use shall be applicable to all User Agreements and Loan Agreements concluded after 23.03.2017 and before the entry into force of the next redaction of the Terms of Use.

Introduction

Any conflicts of interest, which may arise in relation to Bondora, shall be identified and managed by the company. We will maintain and manage all arrangements necessary to prevent a conflict from escalating to causing material damage to the interests of our clients. The given document states our conflicts of interest policy (here and further “Conflicts Policy”) inasmuch as it applies to the operation of our activities.

We are fully committed to complying with our regulatory and legal obligations and maintaining the ethical standards. We require that all of our employees are contractually bound to comply with our Conflicts Policy and any breach of such may lead to disciplinary proceedings, not excluding discharge of services.

Potential or Actual Conflicts Indication

A conflict of interest may take place if any of Bondora directors, employees, outsource partners or otherwise “relevant persons” linked to the company by control is providing a service to Bondora clients or engaging in activities on their own account, which may cause a material risk or damage to Bondora clients’ interests, for example where any of the mentioned above persons:

• could either make a financial gain or avoid a financial loss, on the account of a Bondora client;
• has an interest in the outcome of a rendered service, which is different from the interest of a Bondora client;
• is incentivized to offer privilege to one of Bondora clients on the account of another Bondora client;
• receives an incentive in any form (financial / goods / services) other than the standard commission fee, from a person other than the Bondora client for a service rendered to a Bondora client.

Potential or Actual conflicts of interest we have identified

Borrowers are subject to a borrowing fee for receiving access to our platform, as stated in their Loan Agreement and any other contracts. This fee includes the amount, which we estimate to reflect the possibility of their default, viewed against their Credit Rating and in relation to their Loan Agreement.

We may as well make payments to the third parties for referring clients to us; however an appropriate disclosure shall be made for such instances.

Employees

A conflict of interest may occur if a Bondora employee (or the employee’s family) is somehow associated to the other party of any given transaction, especially if such party is a Bondora client. This association may include being a director, significant shareholder or a consultant to any Bondora client. Bondora employees are required to disclose any connection, which could compromise their judgment, or involve any material interests.

Managing Conflicts of Interest and Disclosure

Bondora will make all possible and reasonable efforts to mediate any conflict of interest.

Should there be a considerable risk of damage to any Bondora client, we will issue an appropriate disclosure.

We will carry out all necessary procedures, including employee training, to ensure that circumstances at which conflict of interest may arise are identified and properly managed.

All conflicts, which may arise, shall be closely monitored.

Further Information

The given document shall be reviewed and updated as necessary. In case of any questions in regards to this policy, please send an email to [email protected].

Capitalized terms bear the meaning outlined in Bondora Terms and Conditions, unless defined otherwise.

This Privacy Policy provides an overview of what personal data of the bondora.ee Portal User (hereinafter also you) the Lender (hereinafter Bondora or us) processes when providing services via the Portal, how and for which purposes it does this, and what your rights are regarding your personal data.

We follow very strict rules established for the processing of your personal data, which derives from the European Union and Estonian legislation on the protection of personal data, including the European Union General Data Protection Regulation (hereinafter General Regulation). The terms contained in this Privacy Policy have the same meaning as described in the Bondora.ee Terms of Use and General Regulation.

Controller and Contact Details

The controller of your personal data is Bondora AS (Estonian register code 11483929; postal address A.H. Tammsaare tee 56, Tallinn 11316, Estonia). You can find the form required to contact us here.

Collection of Personal Data

We generally collect personal information necessary to enter into an Agreement with you and perform it. Given our field of activity, it also includes collecting various background information to fulfill our various obligations deriving from the law.

We collect personal data from the following sources:

• yourself (e.g., data submitted and shared by you); and
• third parties (e.g., public sources, state registers (such as the population and pension register), credit rating agencies, cooperation partners, and companies belonging to the same group as us).

We collect personal data from third parties that allow us to assess your creditworthiness and apply due diligence measures to prevent money laundering and terrorism financing, including to verify the information you provide to us.

We may also collect personal data automatically (e.g., the way you use the Platform, digital devices you use, and cookies) for statistical purposes.

Use of Your Personal Data

To provide services to you through the Platform, you may be required to provide our partners or us with the information necessary to provide the services. If you do not provide this information, we are not able to provide services to you. Such information is always marked accordingly.

We use your personal data for the following purposes and on legal grounds:

We do not process your special categories of personal data or data about criminal convictions and offenses.

We may also process your personal data for other purposes under your consent. The purpose of the processing and other details, in this case, is described in the consent.

If the legal basis for the processing of your personal data is our or a third party's legitimate interest, you have the right to obtain additional information and to object to such processing at any time. To do so, please contact us using the contact details mentioned above.

Automated Decisions and Profile Analysis

We use an automated process to decide whether to approve or reject your loan application. As part of our automated process, all categories of data we have collected about you for creditworthiness purposes are assessed separately (see above). The system calculates your credit rating based on the risks associated with the different data categories and the coefficients assigned to them. Based on this, you will be offered a loan on the terms you have requested or other terms (e.g., with a smaller loan amount or a different repayment term than wanted), or your application will be rejected. The purpose of creditworthiness assessment is to make fair and responsible loan decisions and fulfill our legal obligation to assess your creditworthiness before granting a loan.

In addition to automated credit assessments, we may automatically determine that there are grounds for believing that you may be committing fraud, money laundering, or terrorism financing.

Automated decisions and profiling allow us to improve the fairness of our decision-making process (reducing the potential human error, discrimination, and abuse of power), reduce the risk that you will not pay back the loan, and allow us to make decisions in less time and improve efficiency.

Automated decisions and profile analysis are necessary for concluding a loan agreement between us and are also permitted by law. Creditworthiness assessment is a largely standardized and mandatory procedure for creditors built on the applicable principles of responsible lending and based on mathematical formulas. The automated creditworthiness assessment ensures a fairer result as it eliminates the human subjective factor and treats all credit applicants equally. Using the same or a similar model manually would take a disproportionate amount of time to assess each borrower's creditworthiness and thus becomes significantly more costly for us. Our human resource needs would significantly increase if we were to ensure that the quality of service is maintained when assessing creditworthiness manually. To prevent money laundering and terrorism financing, we use automated processes for monitoring transaction data. It would not be possible to process the relevant data manually (i.e., without automated solutions) due to the large volume.

Our automated processes are regularly tested, evaluated, and inspected to ensure fairness, efficiency, and impartiality. For them to work, it is also necessary that the information you provide to us is accurate and up-to-date.

You have the right to have direct personal contact, the right to express your views, the right to be heard on a decision taken following such an assessment, and the right to challenge that decision. To do so, please contact us using the contact details mentioned above.

Transfer of Personal Data

When we process your personal data, we also transfer your personal data to our processors or third parties. Such transmission shall take place only under the following conditions:

Processors. We use carefully selected service providers (processors) to process your personal data. In doing so, we remain fully responsible for processing your personal data.

We use, among other things, the following processors: Marketing and survey service providers and tools, money laundering and terrorism financing risk mitigation searching service providers, creditworthiness assessment service providers, customer support service providers, accounting service providers, server management, and server hosting providers, IT service providers, and other companies belonging to the same group as us, who provides services to us.

If you would like more detailed information about our processors (e.g., their names and locations), please contact us using the contact details mentioned above.

Third Parties. We will only share your personal data with third parties if set out in this privacy policy if required by applicable law (e.g., if we are required to share personal data with authorities) or under your consent or order.

We may share your personal data with the following third parties:

• to perform agreements with payment service providers. In this case, the legal basis for the transfer of personal data is the performance of an agreement between us (Article 6 (1) (b) of the General Regulation);
• to assess your creditworthiness with credit agencies. In this case, the legal basis for the transfer of personal data is our legal obligation to assess your creditworthiness (Article 6 (1) (c) of the General Regulation);
• to test the quality of the creditworthiness assessment with credit assessment service providers. In this case, the legal basis for the transfer of personal data is our legitimate interest (Article 6(1)(f) of the General Regulation);
• for the purposes of our internal administration with companies belonging to the same group as us. In this case, the legal basis for the transfer of personal data is our legitimate interest in sharing the data with companies belonging to the same group as us for internal administration purposes (Article 6 (1) (f) of the General Regulation);
• for the purposes of direct marketing with companies belonging to the same group as us. In this case, the legal basis for the transfer of personal data is your consent (Article 6 (1) (a) of the General Regulation);
• potential or actual buyers and pledges of claims. In this case, the legal basis for the transfer of personal data is our legitimate interest in transferring the data and documents related to the claim to the buyer and/or pledgee upon assignment of the Claim (Article 6 (1) (f) of the General Regulation);
• potential or actual investors and/or creditors of the Lender. In this case, the legal basis for the transfer of personal data is our legitimate interest in transferring the data and documents related to the claim to the Creditor regarding the investor's or creditor's claim (Article 6 (1) (f) of the General Regulation);
• to fulfill our legal obligations deriving from the law with authorities and law enforcement agencies. In such a case, the legal basis for the transfer of personal data is fulfilling our legal obligation deriving from the law (Article 6 (1) (c) of the General Regulation);
• payment default registers, credit bureaus and other third parties where we are disclosing information about outstanding debts; In this case, the legal basis for the transfer of personal data is our and third parties' legitimate interest in implementing responsible lending principles; (GDPR Art. 6(1)(f)).
• to protect our rights and interests with collection agencies, attorneys, bailiffs, and other persons concerned. In this case, the legal basis for the transfer of personal data is our legitimate interest in protecting our rights and interests (Article 6 (1) (f) of the General Regulation). We will only process your personal data if we are sure that our legitimate interests do not outweigh your interests or fundamental rights and freedoms for which personal data must be protected. As we generally process your personal data only when it is essential to protect our rights and interests (i.e., if there has been a breach or a suspected breach by you), we consider it justified.
• to perform our statutory obligations with auditors. In such a case, the legal basis for the transfer of personal data is our legal obligations deriving from the law Article 6 (1) (c) of the General Regulation and the Auditors Activities Act);
• to fulfill our legal obligations deriving from the law or in the legitimate interests of us or our counterparty, if such transfer is necessary to transfer our activities or assets due to the transaction or to assess the perspectiveless of such a transaction. In this case, the legal basis for the transfer of personal data is the fulfillment of our legal obligations (Article 6 (1) (c) of the General Regulation and the Law of Obligations Act), or our or our counterparty's legitimate interest in concluding the transaction or assessing its perspectiveless (Article 6 (1) (f) of the General Regulation). We will only transfer your personal data if we are sure that our or our counterparty's legitimate interests do not outweigh your interests or fundamental rights and freedoms for which personal data must be protected.

If the legal basis for the processing of your personal data is our or a third party's legitimate interest, you will have the right to obtain additional information and to object to such processing at any time. To do so, please contact us using the contact details mentioned above.

Transfer of Personal Data Outside the European Union

In general, we do not transfer your personal data outside the European Union, but our processors and third parties, to whom we transfer the personal data, may process your personal data outside the European Union. Where necessary, the transfer will only take place if we have a legal basis for such action, including, in particular, if the recipient: (i) is located in a country that the European Commission considers having an adequate level of protection of personal data, or (ii) is acting under an agreement that meets the requirements of the European Union for the transfer of personal data to processors outside the European Union.

If you would like more detailed information about the transfer of your personal data outside the European Union (e.g., the names of the recipients and the legal basis for the transfer), please contact us using the contact details mentioned above.

Retention of Personal Data

We retain your personal data for as long as we are required by law to do so. (e.g., under the Creditors and Credit Intermediaries Act , we must retain all information and documents relating to the providing and servicing of credit for the duration of our legal relationship and three years after that; under the Money Laundering and Terrorist Financing Prevention Act, we must retain your personal data and various documents five years after the end of the business relationship with you; under the Accounting Act we must retain accounting source documents seven years from the end of the respective financial year) or until we have a legitimate interest in doing so (e.g., until the limitation period of the claims to protect our interests and rights).

Security of Personal Data

We ensure that users' personal data is only available to such employees who, due to their duties, need to have access to such data. All Bondora employees are required to maintain the confidentiality of the data and may not share the information with third parties, except for the purposes set forth above.

Personal data is stored and archived on a secure server that only a few people have access to. Security is guaranteed by strict privacy standards met by conscientious third-party partners.

We use several Internet security measures to ensure the secure processing, transmission, and archiving of personal data.

The servers are located in a data center in Frankfurt, Germany, and is operated by Telehouse, one of the world's 200 leading companies. A separate agreement has been concluded with Virtion GmbH for server management. These companies allow us to offer better availability and growth potential of our IT resources and greater flexibility.

All their activities comply with a number of standards, including ISO 27001:2005 (Information security management systems), BS25999-2:2007 (Business continuity management), PCI-DSS (Payment card industry), ISO 9001:2008 (quality standards), and ISO 14001:2004 (Environmental management system standard).

Companies have established round-the-clock physical and virtual surveillance of the system. All data center movements are monitored by short-range card readers and infrared sensors that detect unauthorized persons. In Bondora, security breaches are detected, monitored, and repelled by software and hardware security walls.

Your Rights

You have all the rights of the data subject with regard to your personal data to the extent required by the applicable data protection legislation, including:

• the right to receive relevant information on the processing of personal data;
• the right to receive confirmation whether personal data is being processed;
• the right to receive a copy of personal data;
• the right to request that we rectify inaccurate personal data or supplement incomplete personal data;
• the right to request deletionof personal data if: (i) the personal data is no longer necessary for the purpose for which it was collected or otherwise processed; (ii) you withdraw your consent for processing your personal data, and there is no other legal basis for processing the personal data; (iii) you object to the processing of personal data, and there are no overriding legitimate reasons for the processing; (iv) you object to the processing of your personal data for direct marketing purposes; (v) personal data has been processed unlawfully; or (vi) personal data must be deleted to fulfill our legal obligation deriving from the law. Notwithstanding the preceding, you do not have the right to request the deletion of personal data if the processing is necessary: (a) to fulfill an obligation under our law; or (b) to formulate, file, or defend legal Claims;
• the right to request a restrictionon the processing of personal data if: (i) you challenge the accuracy of the personal data for a period of time that allows us to verify the accuracy of the personal data; (ii) the processing of personal data is unlawful, whereas you do not request the deletion of personal data, but the restriction of use; (iii) we no longer need personal data for processing purposes, but they are necessary for you to make, file or defend legal claims; or (iv) you have objected to the processing of your personal data while we check that our legitimate reasons outweigh your reasons. If the processing of personal data is restricted, we may nevertheless process it: (a) with your consent; (b) to formulate, file , or defend legal claims; (c) to protect the rights of another natural or legal person; or (d) in the overriding public interest;
• the right to portability the data, i.e., the right to receive personal data that you have provided to us in a structured, publicly available format and machine-readable form, and the right to transfer this data to another controller if: (i) the processing is with your consent or for contract or performance purposes; and (ii) processed automatically. If technically feasible, you have the right to request that we transfer the data directly to another controller. In exercising your right, we cannot infringe on the rights and freedoms of others;
• the right to object at any time to the processing of personal data in the legitimate interest of us or a third party, depending on our specific situation. In such a case, we will not further process personal data unless we prove that the processing is for a valid legitimate reason that outweighs your interests, rights, and freedoms or to make, file, or defend legal claims. If your objection concerns the processing of your personal data for the purposes of direct marketing, we do not have the right to process your personal data further;
• the right to withdraw consent at any time. To do so, you may contact us using the contact details mentioned above or use other options described in obtaining consent.

To exercise your rights, please contact us using the contact details mentioned above. We will respond to your request within one month at the latest. In some instances (taking into account the complexity and number of the requests), we have the right to extend the due date for replying by two months. In this case, we will notify you.

If you believe that your rights have been violated, please contact our Data Protection Officer via [email protected] immediately to resolve the situation. However, you have the right to complain to the Member State's supervisory authority where you have your permanent residence or place of work, or to the Data Protection Inspectorate ( www.aki.ee; [email protected]; Tatari 39, 10134 Tallinn).

Cookies

We use cookies, which are small text files that a website server stores on your hard drive. This allows us to collect certain information from your web browser. You can find more information on our cookie policy here.

Links to Third-Party Websites

Links to third-party websites from the Platform or any other Bondora website, or vice versa, are only quick links to services or topics useful to our Platform users. Please note that third party websites may have different privacy policies and/or security standards, which we recommend you review.

Amendments to the Privacy Policy

Suppose our personal data processing practices are changed, or we need to amend this Privacy Policy due to applicable law, judicial or competent supervisory authorities' practices, or competent supervisory authorities' guidelines, we have the right to change this Privacy Policy at any time unilaterally. In this case, we will notify you via the Portal or email at a reasonable time before the changes take effect.

Applicable Law

As Bondora is a company registered in the Republic of Estonia, Estonian law applies to the processing of your personal data.

This Privacy Policy was last updated as at September 27, 2023.

What is a cookie?

A cookie is a small morsel of text that a website asks your browser to store. All cookies have expiration dates in them that determine how long they stay in your browser. Cookies can be removed in two ways: automatically, when they expire, or when you manually delete them. We've included more details below to help you understand what kinds of cookies we use.

Please remember that by deleting existing cookies or disabling future cookies you may not be able to access certain areas or features of our website.

What cookies does Bondora use?

We use cookies across our website to improve the performance and enhance the user experience. Please be advised that when you visit our website you agree that we use the following cookies:

• Essential cookies that are only set or retrieved by the website while you are visiting which allow us to identify you as a subscriber and ensure that you can access the subscription only pages. We can ensure that no one is making changes to your profile, applying for loans or making loans on your behalf.
• Functionality cookies are used to allow us to remember your preferences on the website, such as language or username to customize your user experience.
• Performance cookies allow us to collect information how you use the website. All of the information collected is anonymous and is only used to help us improve the way our website works and measure the effectiveness of our advertising campaigns.
• Third party cookies are behaviorally targeted advertising cookies (e.g. Google Analytics) that allow us to record pages that are visited and the links that are followed. The information collected in non-identified.
• Secure cookies are used to ensure that any data in the cookie will be encrypted as it passes between the website and the browser. It helps us to protect the security of your account.

How to change cookies settings?

In case you want to change your preferences about the cookies that we use, please change your browser settings. For more information you may wish to visit http://www.aboutcookies.org/

We want you to be happy with the services Bondora provides. However, if this is not the case and you are dissatisfied with the service requested by or provided to you, or its terms and conditions or quality, we want to know about it. Before filing a complaint, please review the Complaints procedure laid out below, so we can process your complaint as quickly and efficiently as possible. Kuidas esitada kaebust?

How do I file a complaint?

Bondora's customer service is 100% digital. This means we can handle and solve complaints quickly and securely. You can file a complaint with Bondora by using the form under the "FAQ " section on Bondora's website.

What information should I provide in my complaint?

You must provide all the relevant facts so we can solve your complaint as efficiently as possible. Please describe and explain the basis of your complaint in as much detail as possible. You should also state the claim or request you want Bondora to settle.

Please include any relevant documents in your complaint if they are not easily available to Bondora.

If your representative files a complaint in your name, please attach a document that certifies their right of representation. This document must be signed in a digital format.

How does Bondora process complaints?

Bondora treats all customers with respect and without prejudice. We will establish your complaint's specific circumstances and analyze the problem to the core to settle it in the best way possible. If necessary, we may ask you for additional information or documents related to the complaint.

If the arguments in your complaint are justified, we will quickly restore any wrongdoings or propose another solution acceptable to you. But if we do not partly or wholly agree with your complaint, we will justify our decision in our reply to you.

When can I expect a reply?

We will email you an automatic notification when we receive your complaint (Usually within one business day).

Generally, we settle complaints within five business days after receiving it, but it may take up to 15 days. If we can't settle your complaint within 15 days, we will inform you why it's taking longer and set a new date when you can expect a reply.

What should I do if I'm not happy with the proposed solution?

We will do our best to provide the best solution for your complaint. But if you are unhappy with our suggestion, you are welcome to contact us again and contest our decision.

If you are still unhappy with our solution, you can protect your rights by contacting the following authorities:

• The Consumer Disputes Board ( https://www.kuluttajariita.fi/fi , addresse: Hämeentie 3, PL 306, 00532 Helsinki; email: [email protected]; phone number: 029 566 5200)
• Finnish Competition and Consumer Authority. Consumer Ombudsman ( https://www.kkv.fi/kuluttaja-asiat/kuluttajaneuvonta/ address: Lintulahdenkuja 2, PL 005, 00531 Helsinki; phone number: 029 505 3000). Complaints arising from distance contracts can also be filed with the Consumer Disputes Committee through an online dispute resolution environment at the address http://ec.europa.eu/odr
• Office of the Data Protection Ombudsman ( https://tietosuoja.fi/yksityishenkilot , address: Lintulahdenkuja 4, PL 800, 00531 Helsinki; e-mail: [email protected]; phone number: 029 566 6700)
• Financial Supervision and Resolution Authority (www.fi.ee, address: Sakala 4, 15030 Tallinn; email: [email protected]; phone number: 668 0500)

Pre-contractual information is available here.

B Secure terms are available here.

B Secure+ terms are available here.