This Policy applies if a Customer uses, has used or has expressed an intention to use the services provided by DMC, or is in other way related to the services provided by DMC, including in relations with the Customer established prior to the Policy entered into force.
Processing means any activity or set of operations performed with or without an automated means, such as collecting, recording, registering, organizing, structuring, storing, adapting or modifying, recovering, viewing, using, disclosing, sending distributing or otherwise making them available, matching or combining, limiting, erasing or destroying.
DMC means Joint Stock Company Direct Mortgage Capital, unified registration number: 40103968207, legal address: Ganibu dambis 3/1-8A, Riga, LV-1045, actual address: Pulkveža Brieža iela 15, 5th floor, Riga, LV-1010 as well as any legal entity or branch belonging to the Direct Mortgage Capital Group whose registered office is in Latvia and who is acting as a controller of Personal data;
Customer means any natural person who uses, has used, or has expressed a wish to use any services provided by DMC or in any other way related to any services provided by DMC;
Personal data means any information directly or indirectly related to the Customer which is known to DMC.
2. GENERAL PROVISIONS
2.1. This Policy provides general information on how DMC processes Personal Data. Specific details un the Processing of Personal Data might be also provided to Customers in agreements or other service related documents as well as in DMC online Web Application.
2.2. DMC ensures, within the framework of applicable law, the confidentiality of Personal data and has implemented appropriate technical and organisational measures to safeguard Personal data from unauthorized access, unlawful Processing or disclosure, accidental loss, modification or destruction.
2.3. DMC may use processors for Processing Personal data. In such cases, DMC takes necessary steps to ensure that such data processors Process Personal data under the instructions of DMC and in compliance with applicable law and requires adequate security measures.
3. PERSONAL DATA CATEGORIES
Personal data may be collected from the Customer, from the Customer’s use of the services and from external sources such as public and private registers or other third parties. Personal data categories which DMC primarily, but not only, collects and processes are:
Identification data, such as name, surname, personal identity code, date of birth, data regarding the identification document (copy of passport, ID card).
Contact data, such as address, telephone number, email address, communication language.
Family data, such as information about the Customer’s family, heirs, dependents and other related persons.
Insurance services related data such as Family data, beneficiaries, insured persons, injured third parties, real estate data
Data about the relationships with legal entities, such as data submitted by the Customer or obtained from public registers or through third party for the execution of transactions on behalf of the legal entity in question.
Professional data such as education, professional career, work place.
Financial data such as accounts, ownership, transactions, loans, income, liabilities, provisions, financial experience of the Customer.
Data on the source of assets or wealth, such as data on the Customer’s business partners and business activities.
Data about trustworthiness and due diligence such as data about payment behaviour, credit history, data that enables DMC to perform its due diligence measures regarding money laundering and terrorism financing prevention and to ensure the compliance with international sanctions, including the purpose of the business relationship and whether the Customer is/not a politically exposed person.
Data obtained and/or created while performing an obligation arising from law, such as data resulting from enquiries made by investigative bodies, details of income, credit commitments, property holdings, remarks, historical remarks and debt balances.
Data on the Customer’s tax residence, such as country of residence, taxpayer number, citizenship.
Communication data collected when the Customer visits DMC website or DMC online web application or contacts DMC using phone or other communication channels (call audio recordings, emails and other communication channels such as social media).
Service-related data, such as using of DMC web application, performance or non-performance of the agreements, executed transactions performed and expired agreements (including agreements executed with third parties as a result of using DMC services), submitted applications, requests and complaints.
Data about habits and satisfaction such as spending and travel habits, responses to questionnaires, Customer’s satisfaction rate.
4. PURPOSES AND BASIS OF PROCESSING PERSONAL DATA
DMC processes Personal data primarily to:
4.1. Manage customer relations in general and provide and administrate access to products and services
To conclude and execute an agreement with the Customer; to provide Customer with DMC services; to ensure the accuracy of the data by verifying and enriching data through external and internal sources. The basis of processing: 1) execution and performance of an agreement with the Customer; 2) in order to take steps at the request of the Customer prior to entering into an agreement; 3) to comply with DMC’s statutory and contractual obligations.
4.2. Perform credit and risk assessments
To perform internal creditworthiness and risk assessments in order to determine the conditions under which the products can be offered to the Customer; to manage Customer’s debt and to comply with applicable law relating to credit- and other risk assessments when providing loans and mortgage intermediary services, risk hedging, internal calculations and analyses. The basis of processing: 1) execution and performance of the agreement with the Customer; 2) in order to take steps at the request of the Customer prior to entering into an agreement; 3) to comply with DMC’s statutory and contractual obligations; 4) DMC legitimate interest to ensure the accuracy of Personal Data and the quality of DMC services.
4.3. Protect interests of the Customer and/or DMC
To protect the interests of the Customer and / or DMC and to examine the quality of services provided by DMC and for the purpose of providing proof of commercial transactions and other commercial communication (conversation recording). The basis of processing: 1) execution and performance of an agreement with the Customer; 2) in order to take steps at the request of the Customer prior to entering into an agreement; 3) to comply with DMC’s statutory and contractual obligations; 4) Customer’s consent; 5) DMC’s legitimate interest in preventing, restricting, and investigating any misuse or unlawful use of DMC services; internal training or service quality assurance.
4.4. Provide additional services, perform customer surveys, market analyses and statistics
Offer to the Customer the services of DMC or carefully selected cooperation partners. The basis of processing: 1) Customer’s consent.
To perform Customer surveys, market analyzes, aggregate statistics. The basis of processing: 1) DMC’s legitimate interest to improve DMC services, improve the Customer’s user experience of services and to develop new service delivery solutions; 2) Customer’s consent.
4.5. Comply legal obligations and verification of identity
To comply with applicable laws and international agreements, for example related to implementing the principles of responsible lending, customer due diligence and “know your client”, publishing the details of executed investment related transaction to fulfil market transparency requirements and reporting those to competent authorities, prevent, discover, investigate and report potential money laundering, terrorist financing, if the Customer is subject to financial sanctions or is a politically exposed person and to verify identity. The basis of processing: 1) execution and performance of an agreement with the Customer; 2) in order to take steps at the request of the Customer prior to entering into an agreement; 3) to comply with DMC’s statutory and contractual obligations; 4) DMC’s legitimate interest in ensuring sound risk management and corporate governance.
4.6. To prevent misuse of services and ensure adequate provision of services
To authorize and control access to and functioning of digital channels, to provide services to DMC web application users, to prevent unauthorized access and misuse of those, and to ensure information security. The basis of processing: 1) execution and performance of an agreement with the Customer; 2) in order to take steps at the request of the Customer prior to entering into an agreement; 3) to comply with DMC’s statutory and contractual obligations; 4) Customer’s consent; 5) DMC’s legitimate interest to control the authorization, access, and operation of DMC digital services.
Improve technical systems, IT-infrastructure, customizing the display of the service to the device and to develop
DMC services such as by testing and improving technical systems and IT-infrastructure. The basis of processing: 1) DMC’s legitimate interest to improve technical systems and IT infrastructure.
4.7. Establishing, exercising and defending legal claims
To establish, exercise, assign and defend legal claims. The basis of processing: 1) execution and performance of an agreement with the Customer; 2) in order to take steps at the request of the Customer prior to entering into an agreement; 3) to comply with DMC’s statutory and contractual obligations; 4) DMC’s legitimate interest to exercising legal claims.
4.8. Performance of DMC economic activity and for the performance of contractual obligations
In order to carry out DMC’s business activities, performance of contractual obligations, implement DMC’s “originate to sell” operating model and attract investments. The basis of processing: 1) execution and performance of an agreement with the Customer; 2) in order to take steps at the request of the Customer prior to entering into an agreement; 3) DMC’s legitimate interest to carry out business activities and perform contractual obligations.
4.9. Providing and offering to the Customer real estate and / or financial services
To find and offer real estate and / or financial services suitable for the Customer. The basis of processing: 1) Customer’s consent.
4.10. Providing and offering to the Customer an opportunity to attract financing from other finance institutions.
To find and offer opportunities suitable for the Customer to attract financing from other finance institutions. The basis of processing: 1) execution and performance of an agreement with the Customer; 2) in order to take steps at the request of the Customer prior to entering into an agreement; 3) DMC’s legitimate interest to carry out business activities and perform contractual obligations.
5. PROFILING AND AUTOMATED DECISION MAKING
5.1 Profiling refers to the automatic Processing of Personal data used to assess certain personal characteristics of a Customer. Profiling is used for analysis, marketing research, sales support, automated decision making, creditworthiness assessment. The basis of processing: 1) DMC’s legitimate interests; 2) Customer’s consent.
5.2 DMC may also collect statistics on the Customer, such as typical behavior, lifestyle, expenses, usage of financial services on the basis of data of Customer’s current accounts.
5.3. If the Customer has only received an automated decision, the Customer has the right to request review of this decision without the application of automated decision tools.
6. RECIPIENTS OF PERSONAL DATA
Personal data is shared with other recipients, such as:
6.1. Authorities (such as law enforcement authorities, bailiffs, notary offices, tax authorities, supervision authorities and financial intelligence units).
6.2. Credit and financial institutions, insurance service providers and third parties involved in real estate transactions (such as real estate developers and brokers).
6.3. Auditors, legal advisers, financial advisers or other processors authorized by DMC.
6.4. Third parties maintaining registers (such as credit registers, credit information offices, population registers, commercial registers and other registers that contain or transmit Personal data).
6.5. Debt collectors upon assignment of claims, court, out-of-court dispute resolution authorities, bankruptcy or insolvency process administrators.
6.6. Rating agencies.
6.7. Other persons involved in the provision of DMC services, incl. archiving, postal service providers.
6.8. Existing and potential investors and partners.
6.9. Third parties with whom DMC concludes or plans to conclude any kind of assignment, participation, loan sale or other types of finance lease agreements.
6.10 Third parties with whom DMC has a cooperation agreement, according to which DMC delivers the marketing data collected by analyzing the Customer’s Personal Data in order to offer the Customer the real estate and / or the opportunity to use financial services.
6.11. Third parties with whom DMC has a cooperation agreement on providing mortgage broker services.
7. GEOGRAPHICAL AREA OF PROCESSING
7.1 As a general rule the Personal data is processed within the European Union/European Economic Area (EU/EEA) but in some cases transferred and processed to countries outside the EU/EEA.
7.2 Transfer and Processing of Personal data outside the EU/EEA can take place provided there is a legal ground, i.e. legal requirement conclusion or performance of an agreement or Customer’s consent and appropriate safeguards are in place. Appropriate safeguards, such as:
– There is an agreement in place including the EU Standard Contractual Clauses or other approved clauses code of conducts, certifications etc., approved in accordance with the General Data Protection Regulation;
– The country outside of the EU/EEA where the recipient is located has adequate level of data protection as decided by the EU Commission;
– The recipient is certified under the Privacy shield (applies to recipients located in the United States).
7.3 Upon request the Customer can receive further details on Personal data transfers to countries outside the EU/EEA.
8. RETENTION PERIOD
8.1 Personal data will be processed no longer than necessary. The retention period may be based on agreements with the Customer, the legitimate interest of DMC or applicable law (such as laws related to bookkeeping, anti-money laundering, statute of limitations, civil law, etc.).
9. CUSTOMER’S RIGHTS AS A DATA SUBJECT
A Customer (data subject) has rights regarding his/her data Processing that is classified as Personal data under applicable law. Such rights are in general to:
9.1. Require his/her Personal data to be corrected if it is inadequate, incomplete or incorrect.
9.2. Object to Processing of his/her Personal data, if the use of Personal Data is based on a legitimate interests, including profiling for direct marketing purposes (such as receiving marketing offers or participating in surveys).
9.3 Require the erasure of his/her Personal data, for example, that is being processed based on the consent, if he/she has withdrawn the consent. Such right does not apply if Personal data requested to be erased is being processed also based on other legal grounds such as agreement or obligations based on applicable law.
9.4. Restrict the Processing of his/her Personal data under applicable law, e.g. during the time when DMC assesses whether the Customer is entitled to have his/her data erased.
9.5. Receive information if his/her Personal data is being processed by DMC and if so then to access it.
9.6. Receive his/her Personal data that is provided by him-/herself and is being processed based on consent or in order to perform an agreement in written or commonly used electronical format and were feasible transmit such data to another service provider (data portability).
9.7. Withdraw his/her consent to process his/her Personal data.
9.8. Not to be subject to fully automated decision-making, including profiling, if such decision-making has legal effects or similarly significantly affects the Customer. This right does not apply if the decision-making is necessary in order to enter into or to perform an agreement with the Customer, if the decision-making is permitted under applicable law or if the Customer has provided his/her explicit consent.
9.9. To request ant receive information from DMC about which DMC cooperation partners had received Customer’s personal data.
9.10. Lodge complaints pertaining to the use of Personal data to the Data Protection Authority at www.dvi.gov.lv if he/she considers that Processing of his/her Personal data infringes his/her rights and interests under applicable law.
10. CONTACT INFORMATION
10.1 Customers may contact DMC with any enquiries, withdrawal of consents, requests to exercise data subject rights and complaints regarding the use of Personal data.
10.2 Contact details of DMC are available on DMC website: www.dmcbonds.com.
10.3 Contact details of the appointed Data Protection Officer: firstname.lastname@example.org or Ganību Dambis 3 / 1-8A, Riga, LV-1045, marked “Data Protection Officer”.
11. VALIDITY AND AMENDMENTS OF THE POLICY
11.1 This Policy is available for Customers at the DMC office and on DMC website at www.dmcbonds.com.
11.2 DMC is entitled to unilaterally amend the Policy at any time, in compliance with the applicable law, by notifying the Customer of any amendments at the DMC office, via DMC website, by post, via e-mails or in another manner (for example through mass media), not later than one month prior to the amendments entering into force.