Personal data means any information related to an identified or identifiable natural person. Personal information can be information such as name, address and phone number. Other kind of information, such as your IP address can also be classified as personal information.
Processing of personal data means all processing of personal data like the collection, analysis, modification and storage of personal data.
Controller means the entity that defines the purposes and means of processing personal data. The controller is also responsible for ensuring that personal data is being processed in accordance with applicable law.
Registered person means the user that has registered as a user for Fixura services.
- 1. In charge of the register
Fixura Ab Oy
Business ID 2246639-7
Hovioikeudenpuistikko 15 C 29, 65100 Vaasa, Finland
Telephone +358-(0)20 7344 530
- 2. Contact in register matters
Inquiries and request for verification of personal data is sent to the address email@example.com.
- 3. The name of the register
The customer register of Fixura Ab Oy.
- 4. The objective of the handling of personal data
The objective of handling of personal data is to take care of and to develop assignments and services regarding the Fixura Ab Oy register and for example to determine loan classification, to administrate contact data, make risk assessments that cover for example activities against money laundering, direct marketing and to serve customers and to take care of duties according to law such as storing, reporting and taking care of enquiries according to authority directives and instructions.
Furthermore, personal data is handled according to what the law allows and obliges to handle customer contacts, for administration and development, analysis, statistics and to produce and offer information services.
Fixura Ab Oy and the companies of the same group have the right to use and to distribute data of the register for certain purposes, for example for marketing purposes according to the Personal Data Act. During the registration process the person may accept the use of personal data for marketing purposes.
- 5. Data contents of the register
The register may contain data about groups of the following kind:
- The registered person has or has had a customer relationship, made an application to start a customer relationship, registered a customer relationship or some other personal contact with the holder of the register.
- The registered person is or has been a party in a customer relationship, has or has had an obligation or some other entitlement to agreement with or to service from the holder of the register or an entitlement to give an assignment to the holder of the register.
- Registration of data is based on an obligation according to law.
Basic personal data such as
- Name, address, postal code, postal address, municipality of residence, phone number, banking data, e-mail address
- The date when the customer relationship started and ended
- Date of birth and personal identity code/business ID
- Language, nationality
- Country of taxation
- Information about the financial situation of the customer (for example education, profession, income data)
- Consent to or prohibition of direct marketing
- Borrower data (username, loan applications, loan agreements, invoicing, debt collection, payment defaults)
- Investor data (username, agreements, data about the investor, such as investment experience, basic data about company users such as company name, business ID, contact person)
- Legal engagements and commitments (for example politically influential person)
The customer consent is specifically given to obtain following data:
- Bank account information
- Information obtained from the Consumer Credit Inquiry System (CCIS) maintained by Suomen Asiakastieto Oy
With the specific consent from the customer, the customer's bank account transactions for the last 12 months are stored in the customer register for analysis in connection with the credit application.
Information on the customers previous credits is stored in the customer register. The information is obtained during the credit application process from other credit grantors in the CCIS maintained by Suomen Asiakastieto Oy.”
- 6. Storing of personal data
Data that has been collected about the registered person is stored in the customer register for five years after the loans or investments have been repaid in full. Upon request the user account can be inactivated during the data retention period and the account can then no longer be used. However, specific information i.e. transaction details, will be stored from the minimum of 10 years according to Accounting Act.
If the registered person does not have an active loan or active investments the data will be kept for two years after the last registration, log in, application or other activity.
- 7. Regular sources of information
Data is collected about the user at registration as well as during the whole duration of the customer relationship. Personal data can be collected and/or verified from the following sources:
- From the customer at registration or later when they complement or change their data
- Bisnode Finland Oy (credit defaults)
- Suomen Asiakastieto Oy (credit defaults, bank account information, CCIS)
- From authority registers (address, social security number)
- Broker and affiliate pages (loan application information)
- Signicat Ab (identification)
- Onfido (identification)
- Tink (bank account information)
- 8. Regular distribution of data
Data can be distributed to outsiders such as credit information companies, collection agencies, other possible cooperation partners and authorities. The data required for credit analysis based on analysis of the borrower's online banking transactions can be collected and disclosed to current partners for data analysis, evaluation, service development as improving the performance of the data entry recognition, categorization, sorting and behavior factor generation functionality.
Information on credits and payment behaviour can be disclosed to other credit grantors on the basis of the customer’s assignment and consent. Information is disclosed by means of an inquiry system (CCIS) maintained by Suomen Asiakastieto Oy.”
If the customer has given their consent, data can be used and distributed for marketing or research purposes.
Data is regularly distributed to the company´s own marketing where e-mail addresses and first and last name are used. This information is not distributed to external parties.
- 9. Distribution of information outside the EU or the EEA
- 10. Profiling and automated individual decision making
Automatic decision making related and profiling are being applied to the processing of personal data. This is an essential part of the credit decision making.
Profiling refers to analyzing or forecasting features and characteristics related for example to the customers economic situation, behavior, location or movements.
Automatic decision-making means that the credit decision is made automatically without any human interaction or manual handling. The loan decision is based on profiling together with analyzes of information from various sources like payment defaults, income, expenditure, debts and other similar information.
When the credit decision is negative, the borrower has the right to request for manual handling of the loan application. However, this right cannot be exercised for credit decisions that have been denied based on the applicant´s credit default or other similar reasons.
- 11. Principles for protection of the Register
The customer data in writing is being kept in a locked and monitored space. The customer register data is in a database behind a firewall, protected usernames and by other technical solutions. Only the staff of Fixura Ab Oy or authorized partners have access to the data. The staff of Fixura Ab Oy and partners are bound by confidentiality.
- 12. The right of inspection
According to law each registered person has the right to inspect all entries made about themselves in the personal register. The inspection application should be submitted in writing and be addressed to the holder of the register to the address firstname.lastname@example.org.
- 13. The right to require correction of data
The registered person has the right to require that incorrect data is corrected or removed. Part of the data that the user has submitted can be changed through the personal user profile in the system. The data that the registered user may change immediately has to be corrected on the user´s own initiative when the data is no longer correct. If the user cannot change their data, the user should contact Fixura customer support to change the data.
- 14. Right to erasure and right to restriction of processing
Handling of the personal data of a registered person is based on an agreement. It means that these persons do not have the right to remove their own data.
The registered person is entitled to deny the use of their data for marketing purposes by contacting the Fixura customer support in writing or by logging in to the personal user profile.
- 15. Other rights in connection with handling of personal data