Principles of Processing Customer Data
Effective 10 March 2021
We value all of our customers and respect their right to privacy and protection of their data. We would like our customers to be aware of why and how we use their data, what their rights are and how they can exercise their rights. For this purpose, we have updated our Principles for Processing Customer Data, which provide information on the following questions:
- what kind of Customer Data we use in our activity and the main reasons for using the data (clauses 3.6 and 3.7);
- what are the additional purposes for which we also use Customer Data (clause 3.8);
- what are the rights of natural person Customers (clause 8);
- how can our Customers exercise their rights, including whom can they contact if they have questions (clause 9);
- where are we allowed to obtain information about our Customers (clauses 3.1 and 3.2);
- to whom and on what grounds can we send Customer Data (clause 4);
- how do we protect our Customers’ Personal Data when we send them outside the European Economic Area (clause 5).
Terms and definitions. General provisions
- Customer for the purposes of these Principles for Processing Customer Data (“Principles”) is a natural person or a legal person who has expressed a desire to use, who is using or who has used LHV services and who is otherwise connected to services provided by LHV.
- Customer Data is any sort of information, including banking secrets and personal data known by LHV regarding a Customer.
- Processing is any procedure performed with Customer Data, including collection, retention, use and sending of data.
- Personal Data are any information on natural person Customers who have been identified or are being identified.
- Third Party is any person who is not the Customer, LHV or LHV employee and who, either alone or with a second person, defines the purposes and means for Processing of Customer Data.
- LHV is LHV Group, AS LHV Pank, LHV Varahaldus, LHV Finance, LHV Kindlustus and other legal persons in which LHV Group holds, directly or through subsidiaries, over 50% of the shares.
- These Principles shall apply insofar as they do not contradict the Service Conditions.
- By entering into a customer relationship with LHV or expressing the desire to do so, the Customer agrees to the Processing of Customer Data on conditions and in accordance with procedure set forth in these Principles.
General principles
- Processing of Customer Data at LHV takes place in accordance with requirements set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation), the Personal Data Protection Act, other relevant legal acts and the requirements set forth in these Principles. The conditions for Processing of Customer Data may also be described in contracts and other documents related to LHV services.
- Based on the requirements of legal acts, and pursuant to the employment contracts and other agreements entered into on the basis thereof, LHV and its employees are obliged to keep Customer Data confidential indefinitely and are liable for violations of the aforementioned obligations. LHV shall allow access to Customer Data only to employees who have received the relevant training. An employee shall have the right to process Customer Data only in the extent necessary for fulfilling the duties of employment assigned to that employee.
- LHV shall use authorised processors for Processing of Customer Data. LHV shall in this regard ensure that such data processors process Customer Data only in accordance with instructions from LHV and in conformity with the requirements for data protection.
The categories of Customer Data processed by LHV, objectives of Processing and legal basis for Processing
LHV gathers Customer Data mainly from the Customer (e.g. applications and requests, in the course of Customer interaction) and in the course of use of the services by the Customer (e.g. execution of card payments and transfers, forwarding of securities orders, performance of contracts).
LHV also obtains Customer Data from Third Parties, such as:
- parties related to the Customer (e.g. policyholder, person submitting the notice of loss, person submitting the credit application or other parties related to the agreement), upon submission of requests and applications;
- public and private registers (e.g. Population Register, Central Register of Securities, KMAIS information system, register of taxable persons, motor insurance register, register of construction works, Tax and Customs Board, Funded Pension Registry). LHV uses these data mainly for verifying and updating Customer Data, for providing the relevant services to the Customer and for evaluating the Customer’s creditworthiness;
- LHV companies, OÜ Krediidiregister, and Creditinfo Eesti AS. LHV uses these data mainly for verifying and updating the Customer’s creditworthiness and risk management, including compliance with obligations stemming from the accounting standards (IFRS 9);
- correspondent banks, foreign brokers, payment service providers and other financial service providers, insurance undertakings and insurance agents, healthcare providers and other business partners if the Customer has provided consent to our business partner for this purpose or the sending of data is permitted by legal acts. LHV uses these data mainly for enabling provision of service to Customers (e.g. foreign payments, investment services, payment services, insurance services).
LHV process Customer Data for compliance with legal obligations stemming from legal acts (national laws, supervisory guidelines, regulations and EU legal acts), performance of contracts with Customers and preparing for entering into contracts, e.g. for processing applications submitted by Customers, on the basis of Customer consent and for protection of LHV’s own legitimate interests.
LHV’s legitimate interests are expressed, above all, in furtherance of its own operating activity in offering Customers better services and products, developing its own products, ensuring data and information security, managing debt and ensuring protection against legal disputes.
On the basis of consent for Processing Customer Data, LHV shall ask for consent, e.g., on relevant applications and requests, and allow the Customer to provide its consent voluntarily.
Within the framework of its activities, LHV processes the following categories of Customer Data:
CATEGORIES OF CUSTOMER DATA DATA EXAMPLES Personal data name, personal identification code, date of birth, place of birth, age, citizenship, identity document data, facial image, PEP status, residence permit data Contact data e-mail, telephone, address, language of communication Tax residence data TIN code, tax residence, evidence of tax residence Right of representation data birth certificate data, guardianship data, restriction of active legal capacity, authorisation document data Third party relationship data relations with politically exposed persons, relations with successors, relations with other parties involved in the provision of services (e.g. payment counterparty, company, sureties, owners of collateral assets, insured persons and beneficiaries) Payment account data payment transaction data, time of transaction, payment amounts, payment details, account balance, account number, payment counterparties, limits, card transaction data, purpose of account opening, accounts with other banks, data on payments contested, recalled and cancelled, data on payment account operations (e.g. seizure) Deposit data deposited amount, deposit period, customer orders and operations with deposits Family data marital status, number of dependants Professional activity data position, place of work, field of activity, educational background, level of education, employer, length of service, experience in the field Debt data debt amount, debt period, fines for delay, data on debt elimination, data on underlying agreement, payment default data, cause of debt, time of occurrence and elimination of the payment default Financial data incoming payments forecast, income, commitments, previous payment behaviour, transactions effected, agreements concluded and terminated, requests submitted, applications submitted, interest and service fees, breach of agreement, CreditInfo score, data on credit decisions, down payment amount. Asset origin data origin of self-financing, source of funds on the account, documents on transactions on the payment account KredEx surety data study programme, educational institution, duration of the programme, employer's certificate data, data on certificates verifying the status of a veteran of the Defence Forces of Estonia or the National Defence League. Collateral data type of collateral, value of the collateral, description of and technical data on the collateral, location of the collateral, possessor of the collateral Data on the Customer's knowledge and experience investment-related knowledge and experience, investment objective, knowledge of financial instruments, previous experience in financial instruments, investment-related occupation, work experience in the financial sector, planned duration of investment, risk level Securities-related data securities transactions, securities orders, securities data, transaction value, amount, volume, LEI code, securities portfolio data, margin loan collateral data, virtual portfolio data, suspicious transactions Alternative investment data name of investment, amount, purchase price, generated revenue (interest, principal payments), available funds, profit, value Customer habits, preferences and satisfaction data Customer status, activity in the use of services, services and products used, Customer inquiries and complaints, data on campaign conditions (e.g. growth account, income, type of card used) Data on official inquiries data related to inquiries submitted by investigation authorities, notaries, tax authorities, bailiffs, courts, data on claims Data on participation in campaigns prizes won in investment games and other consumer games, participation in LHV campaigns and other LHV consumer games, points collected during campaigns, the alias used for the game, game portfolio data Pension data pension fund data, Customer's pension fund value, applications submitted, pension forecast, retirement age forecast, additional years of pensionable service, pension fund contributions, average yield expected by Customer, 3rd pension pillar data, years of pensionable service, insurance component data Customer device data type of device, device identifier, IP address, location Tax data income based on the income tax return (except for income generated from transfer of assets and taxes paid thereof); payments declared by employer based on TSD; benefits for incapacity for work, unemployment insurance benefits and redundancy benefits, pensions, contributions to the 3rd pension pillar, data on the funded pension based on TSD; dividends and equity-based payments; tax arrears starting from EUR 100 Book borrowing data books borrowed, borrowing date, return date, fines for delay Bank card data type of card, term of validity, card status, card number Charity organisation data name of organisation, donation amounts Data on recordings video recordings, call recordings, ATM photos Data on offences data on offences committed, criminal punishment, data on suspicion of offence Insurance data data on insurance coverage, data on the insured object, insurance period, insurance payment amount, insurance contracts concluded and applications submitted, indemnity decisions Insured event data description of the event, time and place of the event, cause of damage, persons damaged, photos and documents on the damaged object, time and place of the trip, route of the trip Data concerning health description of injuries and diseases, description and duration of treatment, diagnoses Fund unit data investment fund, number of units, data on acquisition, redemption and disposal of units The primary purposes of processing Customer Data, categories of Customer Data and the legal bases for processing Customer Data in LHV have been listed below:
PURPOSES OF DATA PROCESSING CATEGORIES OF CUSTOMER DATA LEGAL BASIS FOR PROCESSING Identification Personal data legal obligation arising from the Money Laundering and Terrorist Financing Prevention Act;
legitimate interest in identifying the customer and hedging risksVerification of the identity document, right of representation and accuracy of data Personal data
Right of representation dataApplication of due diligence measures and monitoring of the business relationship Personal data
Contact data
Right of representation data
Third party relationship data
Payment account data
Professional activity data
Asset origin data
Securities-related data
Data on official inquiries
Data on offences
Customer device data
Data on recordingslegal obligation arising from the Money Laundering and Terrorist Financing Prevention Act Collection and reporting of tax information Personal data
Tax residence data
Contact data
Payment account data
Securities-related data
Deposit datalegal obligation arising from the Tax Information Exchange Act Succession-related acts Personal data
Payment account data
Securities-related data
Debt data
Contact data
Deposit data
Fund unit data
Pension data
Third party relationship dataagreement;
legal obligation arising from the Funded Pensions ActEngagement of deposits Deposit data
Personal dataagreement Customer relationship management, fulfilment of the Customer notification requirement Contact data legal obligations arising from various legal acts (e.g. Securities Market Act, Law of Obligations Act);
legitimate interest in customer relationship management
performance of the agreementDirect marketing, organisation of campaigns, feedback Contact data
Personal data
Data on participation in campaigns
Debt data
Customer habits, preferences and satisfaction dataconsent;
legitimate interest in the sale of similar products and services, and legitimate interest in telephone sales;
legitimate interest in the use of debt data for responsible marketing of credit products to the relevant customer segment (customers of credit products)Provision of credit services (disbursement of loans, credit decisions, verification of the KredEx surety conditions, making indicative offers) Personal data
Contact data
Financial data
KredEx surety data
Collateral data
Third party relationship dataagreement Assessment of the Customer’s creditworthiness and credit risk management Personal data
Family data
Professional activity data
Financial data
Data on offences
Debt data
Payment account data
Collateral data Pension data
Third party relationship data
Asset origin data
Tax datalegal obligation arising from the Creditors and Credit Intermediaries Act and the Law of Obligations Act, and legitimate interest in organising risk management and hedging credit risk
use of tax data - consentAppraisal of collateral assets Personal data
Collateral datalegal obligation arising from the Creditors and Credit Intermediaries Act and the Credit Institutions Act Provision of investment services (execution and transmission of securities orders, enabling access to Baltic analyses, elimination of margin loan positions, pledging of securities, borrowing securities from the Customer, administration of the investment account, enabling use of the virtual portfolio, enabling a more favourable tax rate for US securities transactions, provision of portfolio management services) Personal data
Securities-related data
Contact data
Family dataagreement;
legal obligation arising from the Securities Market ActAssessment of suitability and appropriateness in the provision of securities services to the Customer Personal data
Data on the Customer's knowledge and experience
Professional activity data
Financial data
Securities-related datalegal obligation arising from the Securities Market Act and the Commission Delegated Regulation (EU) 2017/565 Transaction monitoring with regard to characteristics of market abuse and reporting of suspicious transactions Personal data
Securities-related data
Professional activity data
Payment account datalegal obligation arising from Regulation (EU) No 596/2014 of the European Parliament and of the Council (market abuse regulation) Performance of the account administrator function (subscription of securities, cancellations, interest disbursement, acceptance of pension applications, acceptance of funded pension disbursement applications, exchange of information with the central register of securities) Personal data
Contact data
Securities data
Pension datalegal obligation arising from the Securities Register Maintenance Act, Securities Market Act and Funded Pensions Act Provision of the digital pension solution service Personal data
Contact data
Pension dataagreement Provision of specific pension forecasts for users of the digital pension solution service Personal data
Family data
Professional activity data
Pension dataconsent Display of alternative investments in the internet bank Personal data
Alternative investment dataconsent Enabling the use of the Trader and Broker demo version Personal data
Contact dataconsent Organisation of seminars Personal data
Contact dataconsent;
legitimate interest in forwarding seminar materials and inviting previous participants to partake in new seminarsProvision of payment services (acceptance of payment orders, execution and transmission of payment orders, cash deposits and cash withdrawals, ordering of cards, payment recalls and cancellations, contesting of card transactions, ordering of e-invoices, enabling access to mTasku, enabling card payments, transfer of settlement services, enabling use of the virtual ISIC card, enabling use of proxy payments, provision of the payment initiation service) Personal data
Contact data
Payment account data
Professional activity data
Bank card dataagreement;
legal obligation arising from legal acts (e.g. Law of Obligations Act, Regulation (EU) 2015/847 of the European Parliament and of the CouncilIdentification and investigation of tax fraud; ensuring information security Personal data
Payment account data
Customer device datalegal obligations arising from various legal acts (e.g. Commission Delegated Regulation (EU) 2018/389, guidelines of the Financial Supervision Authority);
legitimate interest in ensuring information security and hedging risksEnabling use of services provided by payment service providers (e.g. account information services, payment initiation services) Personal data
Payment account datalegal obligation arising from the Law of Obligations Act and the Commission Delegated Regulation (EU) 2018/389 Enabling use of charity options Personal data
Charity organisation data
Payment account dataagreement;
transmission of data (personal identification code, donation amount) to the chosen charity organisation - the charity organisation's legitimate interest in applying the tax incentiveBorrowing of books Personal data
Contact data
Book borrowing dataagreement Enabling use of Financial Portal Personal data
Contact dataagreement Protection of the property of Customers, staff members and LHV Data on recordings legitimate interest in protecting property and ensuring physical security Debt management Personal data
Contact data
Debt data
Collateral datalegitimate interest in organisation of debt management and ensuring protection against breach of agreement Account seizure, response to inquiries and transmission of payment account information Personal data
Payment account data
Data on official inquiriesfulfilment of legal obligations arising from various legal acts (e.g. Money Laundering and Terrorist Financing Prevention Act, Code of Enforcement Procedure) Management of the fund unit register, organisation of redemption and issue of fund units Personal data
Contact data
Fund unit datalegal obligation arising from various legal acts (e.g. Investment Funds Act, Funded Pensions Act) Provision of management company services Personal data
Contact data
Fund unit dataagreement Provision of insurance services (insurance offers, provision of customer support, provision of insurance services, conclusion of contracts and issue of insurance policies, payment of insurance indemnities) Personal data
Contact data
Insurance data
Bank card dataagreement Ascertaining insurable interest Personal data
Insurance datalegal obligation arising from the Law of Obligations Act, Insurance Activities Act Determining the amount of the insurance premium Insurance data
Data on offences
Personal dataagreement;
legitimate interest in organisation of risk management and risk hedgingLoss adjustment, including recording of loss events, decision-making Personal data
Contact data
Insurance data
Insured event data
Data concerning health
Third party relationship dataagreement;
in processing data concerning health, LHV relies on public interest in accordance with subsection 218 (2) of the Insurance Activities Act.In addition to the objectives set forth in clause 3.7, LHV also processes Customer Data for the following purposes:
- administering the Customer relationship, inspecting and, if necessary, correcting the data submitted by the Customer and enabling access to products and services. Processing takes place for performing the contract or adopting measures prior to conclusion of contract, as well as based on legitimate interest in managing the customer base, improving the services provided to customers, including eliminating technical malfunctions;
- exercise of LHV’s rights in connection with legal requirements, substantiation and defence of rights in court or extra-judicially. Processing takes place on the basis of LHV’s legitimate interest, with the purpose of ensuring protection against legal disputes;
- hedging of risks and risk management, e.g. to evaluate or inspect the credit portfolio or collateral assets of LHV, or to prepare audits, stress tests or analyses that partially or completely cover the activities of LHV. Processing takes place for performance of the legal obligation set forth in Regulation 575/2013 of the European Parliament and of the Council and on the basis of LHV’s legitimate interest for the purpose of organising risk management;
- ensuring physical security and data and information security, and carrying out internal control activities. Processing takes place for performance of a legal obligation set forth in various legal acts, including the Credit Institutions Act, the Financial Supervision Authority’s guidelines and the Creditors and Credit Intermediaries Act, and on the basis of LHV’s legitimate interest for the purpose of organising risk management;
- processing of customer complaints. Processing takes place for performance of a legal obligation set forth in various legal acts, including the Credit Institutions Act, the Financial Supervision Authority’s guidelines and the Creditors and Credit Intermediaries Act, and on the basis of LHV’s legitimate interest;
- conducting Customer surveys, researching consumer habits. Such data processing takes place on the basis of legitimate interest of LHV to receive feedback from Customers about their satisfaction with the services and products offered by LHV and thus developing existing and new products and services.
The use of cookies and the relevant data processing is governed by the terms and conditions for use of cookies, published on LHV’s website.
Forwarding of customer data
- LHV has the right to forward Customer Data to the following Third Parties, and the Customer shall not consider this breach of obligation to maintain confidentiality (including bank secrets):
- other LHV companies, who may process the Customer Data specified in clause 3 of the Principles, e.g. for identifying the Customer, updating Customer Data, evaluating the Customer’s expertise, risk management and hedging of risks, and compliance with fiduciary regulations, including capital and liquidity requirements, and assessing creditworthiness. The data are transmitted for the purpose of fulfilling an obligation imposed by law (e.g. risk management, identification), based on legitimate interest (e.g. ensuring data quality when updating customer data) or based on the Customer’s consent;
- persons and organisations related to provision of service and performance of agreements concluded with the Customer (e.g. sureties, loan co-recipients, guarantors, collateral owners, insured persons and beneficiaries, successors, merchants, international card organisations, payment intermediaries and other payment service providers, insurance providers and intermediaries, e-invoice issuers, credit intermediaries and credit agents, Central Register of Securities, pledgees, correspondent banks, investment service providers, settlement systems, notaries, providers of translation, communication, IT and postal service, Federation of Estonian Student unions, Bank of Lithuania as the proxy payment registrar, cooperation partners for bank cards). Data (e.g. contract data, Personal Data, payment account data, securities data, bank card data, insurance data, insured event data) are transmitted for the purpose of performing the contract concluded with the Customer, as well as based on the legitimate interest of third parties (e.g. transmitting customer due diligence data on the basis of an inquiry submitted by a correspondent bank);
- persons who maintain databases (including Creditinfo Eesti AS or any other person who maintains a register of payment defaults), to whom LHV sends information on the basis of legal acts or concluded contracts for the purpose of applying the principle of responsible lending, as well as to enable Third Parties to evaluate the Customer’s payment history and creditworthiness. The transmitted data consist of data on the customer’s contractual debts in the amount of at least EUR 30 and overdue for at least 45 days. The legal basis for transmission of data is public interest in accordance with section 10 of the Personal Data Protection Act;
- the Society for Worldwide Interbank Financial Telecommunication SWIFT (www.swift.com). SWIFT data processing centres are located in European Union member states and the United States of America, as a result of which bank transaction data are retained, including the personal data of the transaction initiator and recipient, regardless of the place where the transaction is conducted, both in the SWIFT-operated processing centre in an EU member state and the United States of America. When conducting a bank transaction, the bank related to the transaction, payment intermediary or SWIFT may be obliged to disclose transaction data, or Customer Personal Data related thereto, to the competent government authority of the relevant country of location in cases specified in the legal acts of the country of location;
- Third-party service providers to whom LHV has outsourced activities (e.g. companies engaged in sale and trade in connection with sale of LHV services and establishing identity, other LHV companies in connection with marketing of pension products, performance of functions of account manager, marketing of pension products, server and cloud service providers, mail service providers, monitoring tool service providers, ATM operators, tax fraud detection partners, e-invoicing partners, loss adjustment partners, customer support partners, archiving service providers, debt and leased asset collection partners). In such cases, partners serve as LHV’s processors and shall not have a separate right or legal basis for processing Customer Data. Customer Data is processed on behalf of and under the responsibility of LHV;
- LHV consultants or other service providers (e.g. auditors, attorneys). The Customer Data is transmitted to LHV for the purpose of service provision, including for representing LHV in disputes, providing legal advisory services, audit services. The legal basis for transmission of data is LHV’s legitimate interest;
- Assign right of claim to a new creditor. The transmitted data contain data on source contracts and debt data, and the data are transmitted on the basis of LHV’s legitimate interest for the purpose of credit risk management;
- To other Third Parties, based on the Customer’s voluntary consent. In such cases, the Customer is provided with information on the nature of the consent, contents of the data to be transmitted and the purpose of the transmission of data, before requesting the Customer’s consent.
- LHV is obliged to disclose and to convey Customer Data for the purpose of performing obligations arising from legal acts and international and mutual legal assistance (e.g. forwarding data to investigative bodies, notaries, trustees in bankruptcy, the Tax and Customs Board, Financial Intelligence Unit, Financial Supervision Authority, Estonian Motor Insurance Bureau, Estonian Funded Pension Registry).
- LHV has the right to forward Customer Data to the following Third Parties, and the Customer shall not consider this breach of obligation to maintain confidentiality (including bank secrets):
Forwarding Customer Personal Data outside the European Economic Area
- As a general rule at LHV, Customer Personal Data are not sent outside the European Economic Area and if this is done, then before any data is sent, the background of the Third Party is verified thoroughly, and measures are applied to ensure secure data transmission including, if possible, measures to accord equivalent protection to Personal Data as those which exist in the European Economic Area.
- When sending Customer Personal Data outside the European Economic Area, appropriate protection measures are applied, e.g. forwarding data to a country that in the judgment of the European Commission has a sufficient level of data protection, and forwarding of data to a Third Party in the United States of America which has been certified on the basis of Privacy Shield data protection framework and the use of standard data protection clauses developed by the Commission.
- In the absence of appropriate protection measures, LHV is entitled to forward Customer Personal Data outside the European Economic Area in situations where forwarding the data is, for example, necessary for performing a contract between the Customer and LHV or for implementing measures adopted on the basis of Customer’s application (e.g. use of foreign intermediaries for providing investment service, use of correspondent banks for making foreign payments).
- If the conducting of an international bank transaction involves a financial institution located in a country with insufficient level of data protection, e.g. a correspondent bank or other payment intermediary, including SWIFT, LHV cannot ensure that the processor processing Customer Data by financial institutions in such countries would have identical obligations to those of LHV and that the identical rights are guaranteed for the Customer at the same level as in the European Economic Area or other country with sufficient level of data protection.
- For detailed information on sending of Customer Data outside the European Economic Area, the Customer should contact LHV.
Profile analysis and making of automated decisions regarding Customers who are natural persons
- Profile analysis is automatic Processing of Personal Data used for evaluating certain personal traits of the Customer – for example, to analyse or forecast the person’s economic situation, personal preferences and interests. LHV uses profile analysis for the purpose of marketing, risk assessment for compliance with the requirements of prevention of money laundering and terrorism financing, assessing the probability of insolvency, transaction monitoring to counter fraud; and automated decisions are used to assess the probability of insolvency and for making certain credit decisions (e.g. hire-purchase, consumer loans). Such data processing takes place either on the basis of legitimate interest of LHV (e.g. direct marketing), performing legal obligations, including on the basis of the Money Laundering and Terrorism Financing Prevention Act and the Regulation no. 575/2013 of the European Parliament and of the Council or, if necessary, on the basis of Customer’s consent.
- The profile analysis and automated decisions help LHV offer services more efficiently to Customers and avoid potential mistakes. For such Processing, including when creating segments and profiles, LHV does not gather separate data on the Customer and uses data that are on file for the Customer or data which LHV must gather regarding the Customer based on the requirements set forth in legal acts or for risk management (e.g. payment defaults, information on penalties, international sanctions and other negative information known to LHV).
- To prevent infringement of Customer rights, e.g. discrimination in the making of credit decisions, LHV reserves the possibility, when making automated decisions, for Customers to require that the decision made be reviewed in a non-automated manner.
Retention of Customers’ Personal Data
- LHV shall not process Customers’ Personal Data for longer than necessary for performing the objectives of the Processing, including for complying with the duty, set forth in legal acts, to retain data and for resolving disputes arising from contracts entered into with the Customer or for resolving potential disputes.
- In general, LHV shall retain Customers’ Personal Data until the end of the statute of limitations, unless legal acts set forth a direct obligation to retain Customers’ Personal Data for a different term.
Customer’s rights in connection with Processing of their data
- The Customer has the right:
- to receive information on whether LHV will process their Personal Data and if it does process the data, the right to receive a copy of their Personal Data and to demand corrections to their Personal Data if the changes have been made to the data or the data are otherwise inaccurate. The Customer has the opportunity to see their Personal Data e.g. at the bank office of LHV and via Internet bank. The Customer’s right to see their personal data may be limited by legal acts, other persons’ rights to their privacy and LHV’s rights (e.g. protection of business secrets);
- to prohibit use of their contact data for sending out offers. For this purpose, the Customer is guaranteed the right upon receiving a marketing communication to unsubscribe from the relevant list; the Customer can also, before receiving offers, contact the relevant LHV company whose Customer they are;
- rescind the consent given to LHV for Processing of their Personal Data. After the consent is rescinded, LHV shall no longer process the Customer’s Personal Data for the purpose consented to by the Customer;
- to make objections to the Processing of their Personal Data, including performance of profile analysis by LHV, if LHV processes the data on the basis of its legitimate interest. In such a case, LHV has no right to process the Customer’s Personal Data, unless LHV’s interests outweigh the potential restriction of the Customer’s rights (e.g. performance of general legal obligations);
- demand cessation of Processing of their Personal Data if the Processing of Customer Data occurs unlawfully, i.e. if LHV lacks a legal basis for Processing of the data;
- to demand deletion of their Personal Data, e.g. if LHV lacks the right to process such data or processes the data on the basis of the Customer’s consent and the Customer rescinds consent. The deletion cannot be requested in an extent to which LHV has the right or obligation to process Personal Data (e.g. for complying with a legal obligations, performing a contract, exercising its legitimate interest);
- demand restriction of Processing of its Personal Data, e.g. at the time that LHV is evaluating whether the Customer has the right to the deletion of its Personal Data;
- to receive a copy of Personal Data they have submitted to LHV and which are being processed on the basis of consent or for performance of contract, in a universal electronically readable format, and if technically possible, forward the data to another service provider.
- The Customers may exercise their rights by contacting LHV via the details specified in clause 9.3. LHV shall respond to the demand without undue delay, and no later than one month of receiving the demand. If, prior to responding to the demand, it is necessary to ascertain circumstances, ask for additional details or perform checks, LHV may extend the deadline for responding, notifying the Customer thereof in advance.
- The Customer has the right:
Protection of Customer rights
- AS LHV Pank, LHV Finance, LHV Varahaldus, LHV Kindlustus and LHV Group shall be responsible for processing of Customer Data. The contact details for all these companies are available on the LHV website: www.lhv.ee.
- Customers may contact LHV in connection with queries and cancellation of consent, and natural person Customers may, in regard to processing of Personal Data, demand exercise of their rights and lodge complaints in connection with Processing of their Personal Data.
- Details for contacting LHV companies: address Tartu mnt 2, 10145 Tallinn, e-mail info@lhv.ee, telephone number 6 800 400.
- The contact details for the designated data protection specialist for private customers (natural persons): address: Tartu mnt 2, 10145 Tallinn, e-mail compliance@lhv.ee.
- In addition, the Customer has the right to contact the Data Protection Inspectorate (website: www.aki.ee) or a court in their jurisdiction in the event of violation of their rights.
Amendment and application of the Principles
- LHV has the right to unilaterally amend the Principles at any time, based on the valid legal acts.
- LHV shall notify the Customer of amendments to Principles on the website, www.lhv.ee, and/or by communication device agreed on with the Customer at least 1 (one) month in advance, unless the Principles are amended solely on the basis of amendments to legal acts.
- The Principles shall be applied in processing of all Customers’ Customer Data, including customer relationships commenced prior to entry into force of the Principles.