Backify OÜ is a company incorporated with limited liability in the Republic of Estonia with company number 16044672 and registered address at Tartu mnt 84a-402, Tallinn 10112, Republic of Estonia.
Your privacy is important to us. We are committed to protecting the privacy, confidentiality and security of the personal data we hold by complying with the requirements under applicable laws and regulations. We are equally committed to ensuring that all our employees, any service providers and agents uphold these obligations. This policy explains how we manage personal data within our organisation, including how we process the personal data of the users of our website and on the Backify Platform https://backify.com (the “Backify Services”).
- if you have provided personal data to us relating to any other person, you:
- have a right to provide that information;
- each such person has agreed to those terms.
How we collect personal data
We collect personal data about you in the following ways:
- you provide us your personal data yourself (e.g. by registering for a Backify Account or our newsletter on the website; by submitting a query, a request or an (job) application to us; by responding to our surveys; by using our products and services).
- your personal data is provided to us by third parties who are entitled to disclose that information to us.
In some cases, we may be required by law to collect certain types of personal data about you.
Where we collect personal data from you, we will generally do so ourselves. However, in some cases we may collect personal data from a third party, such as through your representatives, contractors who provide services to us, or third parties who refer you to us because they think you may be interested in our products or services.
Kind of personal data we collect and purposes and legal basis for the processing of personal data
We process your personal data on the following legal bases and for the following purposes:
- Personal identification information (e.g. full name [first, any middle and second first and second last and last], date of birth, gender, ID documentation, passport numbers, Non-Signature IDs, utility bills, nationality, signature, photographs, employer, job title and tax ID number);
- contact details (e.g. e-mail address, phone number, home and work address);
- financial information (e.g. credit and debit card numbers, PANs, IBANs, bank account numbers and details, sort codes and other payment details, payslips);
- communication data (e.g. records of our communications with you, including any messages you send us);
- transaction information (e.g. transactions you make on our platform, including the name of the recipient, the amount of the transaction and the time stamp);
- account log-in and usage data (e.g. emails and passwords that you create when registering for a Backify Account, details of any products or services that we provide to you, survey responses, information provided to our support team, public social networking posts, authentication data, security questions, user IDs, click-stream data and other data collected via cookies and similar technologies);
- online identifiers (e.g. geolocation, IP address, browser fingerprint, browser name and version and OS); and
- other information that may be present on documentation that we may ask you to provide for the purposes of proving your identity.
- Without this information, we may not be able to provide you with our products or services (or with all the features and functionality offered by our products or services) or to respond to queries or requests that you submit to us.
- Processing on the basis of our legal obligation. We may also process your personal data to fulfill our obligations arising from the law, our AML and CTF obligations (e.g. properly identifying you, monitoring your use of our website, products and services, and transmitting data to supervisory authorities).
- Processing based on our legitimate interest. We process the data received from your use of the Backify Services (e.g. information about how you move around on and use our website) to improve the user experience in using the website and the products and services. Improving our website, products and services includes carrying out market analysis and research, education and training programs for our staff and planning and forecasting business activities and other internal business processes. The legal basis for this is our legitimate business interest to improve the Backify Services and the user experience and our business as a result thereof. Considering the nature of the data and that we use the data in an aggregated manner, your interests or fundamental rights and freedoms do not override our legitimate interest.
- We may also process your personal data to safeguard our rights (e.g. establishing, exercising and defending legal claims, debt collection). The legal basis for this is our legitimate interest to protect our legal rights and ensure the performance of the agreement concluded between us. In such cases, your interests or fundamental rights and freedoms do not override our legitimate interests.
- To the extent required by applicable data protection regulation, you have the right to object to the processing of your personal data which is based on legitimate interest (see also section “Your rights” below).
- Processing on the basis of your consent. We may also process your personal data based on your consent (e.g. for direct marketing purposes, including sending you our newsletter). When processing is based on consent, you can withdraw your consent at any time by clicking on the ‘unsubscribe’ link at the end of each email. Please note that withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. For specifications about how we use your personal data for direct marketing purposes, please see section “Direct marketing” below.
Direct marketing and profiling for marketing purposes
If you have given us your consent to provide you with materials about our and our partner's products or services, from time to time we may use your personal data for direct marketing purposes. We send you materials and offerings that, in our opinion, would be of interest to you. You can opt-out of receiving marketing communications from us any time by clicking on the ‘unsubscribe’ link at the bottom of each e-mail or contacting us at [email protected]
In order to find out which offerings would interest you, we draw up your profile based on the following information:
- identifying information, such as your name and date of birth
- contact information, such as your postal address and email address
- products and services portfolio information and demographic data held by us from time to time
People to whom we disclose personal data
We only share your personal data when we have a valid reason for it and when we are legally permitted to do so.
- Data processors. We use carefully selected service providers (data processors) in processing your personal data. We only use service providers that provide sufficient guarantees to implement appropriate technical and organizational security measures to protect your personal data. We have concluded appropriate data processing agreements with the service providers and shall remain responsible for their actions in respect of the processing of your personal data.
- The data processors we use include the following: email service providers, website analytics service providers, liquidity providers and data hosting service providers. Should you require more detailed information as regards the data processors we use (e.g. their names and location) please contact us via the contact details below.
- Third parties. In some circumstances, we also share your personal data with third parties who act as independent data controllers as regards your personal data. We only share your personal data with third parties if stipulated herein, if required under the applicable law (e.g. when we are obliged to share personal data with the authorities), or with your consent.
- We also may need to share your personal data with third persons in relation to our need to protect our legal rights (e.g. attorneys and debt collection agencies). The legal basis for this is our legitimate interest to protect our legal rights and ensure the performance of the agreement. In such cases, your interests or fundamental rights and freedoms do not override our legitimate interests.
- We may disclose your personal data to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets. The legal basis for this is our legitimate interest to exercise our right to business. In such a case, we make sure that your rights and conditions as a data subject shall not be decreased, in which case your interests or fundamental rights and freedoms do not override our legitimate interests.
- Additionally, we may share your personal data with other third persons in order to fulfil our legal obligations (e.g. auditors, authorities). The legal basis for such sharing is compliance with our legal obligations.
- Furthermore, we will share your data with your representatives, advisers and others you have authorised to interact with us on your behalf. Please note, that we consider such authorisation as your consent and therefore your request for such an activity must be present to us in a written form.
- We will never sell your personal data to any third party.
We take the appropriate technical and organisational security measures in protecting your personal data, taking into account (i) the state of the art, (ii) costs of implementation, (iii) nature, scope context and purposes of the processing, and (iv) risks posed to you.
Retention of personal data
We retain your personal data for as long as is necessary for the purposes they were collected for, as long as necessary to safeguard our rights, or as long as required by the applicable law. We may retain your personal data for a number of years after the end of our relationship if it is necessary to safeguard our rights or required under the applicable law. If your personal data is being processed for several different purposes, the longest retention period shall apply.
In general, we store your personal data as follows:
- information on legal transactions between us are retained for as long the agreement between us is valid and for a period of 10 years as of when a claim falls due unless otherwise provided by law, asking you occasionally to update your personal data;
- billing information is retained for 7 years as of the end of the financial year in which the information was provided to us;
- all other data is retained for 5 years.
Access, correction and your other rights
To the extent required by applicable data protection regulations, you have all the rights of a data subject as regards your personal data. Such rights include the following:
- request access to your personal data;
- obtain a copy of your personal data;
- rectify inaccurate or incomplete personal data;
- erase personal data;
- restrict the processing of personal data;
- portability of personal data;
- object to processing of personal data which is based on legitimate interest and personal data which is processed for direct marketing purposes.
Please note that your rights as a data subject are not absolute and are subject to such considerations as allowed under the applicable law.
In order to exercise your rights, please contact us on the contact details below. Please note that you can exercise some rights (e.g. review and update your personal data) already by logging into your account. To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity. In certain cases, provided it is allowed under the applicable law, we may charge you an administration fee for providing you with access to the information you have asked for, but we will inform you of this before proceeding. There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases we will let you know why we cannot comply with your request.
We try to meet the highest standards in order to protect your privacy. However, if you are concerned about the way in which we are managing your personal data and think we may have breached any applicable privacy laws, or any other relevant obligation, please contact our privacy compliance team using the contact details set out below. We will make a record of your complaint and refer it to our internal complaint resolution department for further investigation. We will deal with the matter as soon as we can, and keep you informed of the progress of our investigation.
In addition to the foregoing, you also have the right to lodge a complaint with the Estonian data protection authority (Estonian Data Protection Inspectorate) or the court.
Changes to this policy
We may make changes to this policy from time to time to take into account changes to our standard practices and procedures or where necessary to comply with applicable new laws, regulations, case-law and guidelines issued by competent authorities. Should the changes be material to you, we will notify you by e-mail and pop-up on the website. The latest version of this policy will always be available on our website.
If you are a data subject in the European Union or the processing of your personal data takes place in the context of an agreement you have concluded with Backify OÜ of Estonia, the processing of your personal data shall be governed by the laws of the Republic of Estonia.
If you want any further information from us on privacy matters or you would like to exercise your rights as a data subject, please contact our privacy compliance team at [email protected]
Cookies are small text files that are installed on your device from websites that you visit. Cookies enable you to recognise and distinguish your device when visiting websites.
Types of cookies
The following types of cookies can generally be used:
- Strictly necessary / technical cookies which are essential in order to enable you to move around the website and use the features of the website you have chosen.
- Functionality cookies which allow the website to remember your settings and preferences (such as language) to provide more personal ways to use the website.
- Performance / analytics cookies which collect information about how you use the website, for instance which pages you go to most often and which error messages from web pages you receive. These cookies are used to improve how the website works. In our case, these cookies are limited to aggregated statistical purposes.
- Targeting / advertising / behaviorally targeted advertising cookies which enable you to show you personalised advertisements and conduct market research and analysis by using the data about your behavior and interests received from the website. These cookies can remember that your device has visited a site or service and may also be able to track your device’s browsing activity on other sites or services. The data received may be shared with advertising networks and advertising service providers.
- Multimedia cookies which store the technical information necessary for performing video or audio material.
- Social plug-ins to share content. Many social networks offer social plug-in modules which allow users of social networks to share content. Such plug-ins store cookies in the user's terminal and have access to it for the social network to be able to identify its members who interact with these plug-ins.
First-party and third-party cookies
First-party cookies are cookies that belong to the owner of the website. Third-party cookies are cookies that another party places on your device through the website. Third-party cookies may be placed on your device by someone providing a service for the owner of the website, for example to help them understand how their website is being used. Third-party cookies may also be placed on your device by other third parties so that they can use them to advertise products and services to you elsewhere on the Internet.
Persistent and session cookies
The length of time a cookie will stay on your device depends on whether it is a persistent or session cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your device until they expire or are deleted.
If the cookie is strictly necessary for the service requested by you, your consent for the use of such a cookie is not required.
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
Changing your cookies’ settings
You can change your cookies’ setting and delete cookies through the settings of your web browser (Chrome, Firefox, Safari, etc):