Modena Logo

Privacy Policy (including Cookie Policy)

The notice was last updated in January 2025.
In this privacy notice, Modena Estonia OÜ (hereinafter referred to as Modena) describes how it processes customer personal data (hereinafter referred to as data) and the rights of the customer as a data subject. An overview of the use of cookies (Cookie Policy) on our website is also provided.
Modena processes customer data in accordance with the General Data Protection Regulation (hereinafter GDPR) and laws such as the Money Laundering and Terrorist Financing Prevention Act (hereinafter MLTFPA) and the Creditors and Credit Intermediaries Act (hereinafter CAA).
Data Controller Details:
Modena Estonia OÜ (registration code 14820592)
Email: info@modena.ee
Phone: +372 660 4144
We have appointed a data protection officer, who can be contacted at info@modena.ee.

1. Types of Data Collected

We process the following customer data for the stated purposes and on the stated grounds:
1.1 Identification and Contact Data: Name, personal identification code/date of birth, nationality, document details, email address, phone number, residence, etc.
Purpose of Processing:
  • To identify the person (GDPR Art 6(1)(b) and (c));
  • To fulfill pre-contractual obligations and contractual obligations, and to comply with legal obligations, including fraud detection (GDPR Art 6(1)(b) and (c), MLTFPA § 20);
  • To communicate with the customer for contractual notifications (GDPR Art 6(1)(b));
  • To send direct marketing communications and feedback surveys to improve service quality (GDPR Art 6(1)(a) and (f)).
1.2 Consumer Behavior, Digital Data, and Self-Service Transactions: Payment behavior and consumer habits data, data on the use of Modena's website, data on services used and contracts entered into, cookies, IP address, purchase invoices, etc.
Purpose of Processing:
  • To develop offered services and products, improve the usability of the website, and make the website more user-friendly (GDPR Art 6(1)(f));
  • To fulfill the contract with the merchant (GDPR Art 6(1)(b) and (f)).
1.3 Financial and Personal Data: Income and liabilities data, payment default registers, income sources and bank account data, number of dependents.
Purpose of Processing: To assess the customer's creditworthiness and determine the customer's credit limit, as well as the ability to meet financial obligations under the contract. Creditworthiness assessment may be based on automated processing (GDPR Art 6(1)(b) and (c), Art 22(2)(a), CAA § 49).

2. How We Collect Data

We collect customer data by asking for data directly from the customer (including data provided by the customer to Modena), as well as from the following sources:
  • Relevant merchant about the goods or services being purchased;
  • Our internal database based on previous purchase data, if we are entitled to retain such data;
  • Queries from various external databases and registers (e.g., data on incomes, bank account data, payment default registers, population register, connections with third parties), necessary for service provision.

3. How Long We Retain Data

We retain data to fulfill statutory retention obligations and for the maximum period specified by law. Generally, we retain data for 3 years from the end of the contract (e.g., data and documents related to credit issuance and credit servicing throughout the legal relationship and for three years after the termination of the contract). In some cases, the retention period may be longer, for example, accounting source documents are retained for 7 years, and data collected under the MLTFPA is retained for 5 years.

4. To Whom We Disclose Data

Depending on the purpose of data processing, we may disclose data to the following persons:
  • Authorized processors (e.g., IT service providers for server management and cloud services, identity verification service providers, service providers used for creditworthiness assessment, and service providers involved in anti-money laundering and terrorist financing prevention);
  • Registers (e.g., population register);
  • Merchant from whom you have purchased goods or services (GDPR Art 6(1)(a) and (b));
  • Payment behavior databases (payment default registers, GDPR Art 6(1)(c) and (f));
  • Companies within the same group as Modena that process data in accordance with these terms (GDPR Art 6(1)(a) and (f));
  • Advisors, auditors, and service providers, provided that client data confidentiality is ensured. We disclose data only to the extent and form necessary to achieve the goals (GDPR Art 6(1)(c), Auditing Act);
  • Bailiffs, attorneys, etc. (GDPR Art 6(1)(f));
  • Supervisory authorities, etc. (GDPR Art 6(1)(c)).
Occasionally, we may collect and process data with the customer's consent. Consent is voluntary and is requested for relevant data processing operations for the following purposes:
  • Receiving our marketing offers;
  • Receiving marketing offers from other companies by us.
You may withdraw your consent at any time free of charge by notifying customer service.

5. Customer Rights

The customer has the following rights:
Right to Access Data: The customer has the right to know what data we have collected about them, the purposes, types, and sources of their use, recipients, retention times, and their rights regarding data processing, as well as to receive a copy of the processed data. Information about our authorized processors can be found on the website https://modena.ee/tingimused/volitatud-tootlejad/.
Right to Data Portability: The customer has the right to transfer their data provided to us in connection with the contract conclusion and processed automatically. The customer may also request the transfer of their data to another data controller when technically feasible.
Right to Rectify Data: The customer has the right to request the correction of incorrect data and the completion of incomplete data. To comply with legal requirements, we need to update customer data by asking the customer to review and update them from time to time.
Right to Restrict Data Processing: The customer has the right to restrict data processing if:
  • The customer has disputed the accuracy of the data or objected to the data processing;
  • Data processing is illegal, but the customer does not request data deletion;
  • We no longer need customer data, but the data is necessary for the customer to prepare, submit or defend legal claims;
  • The customer has given consent;
  • For preparing, submitting, or defending legal claims;
  • For protecting the rights of another person;
  • For public interest.
In such cases, we will save the customer's data but will not use them for any other purpose unless permitted by law.
Right to Data Deletion: The customer has the right to request the deletion of their data in the following cases:
  • The data is no longer necessary or has exceeded the specified retention time;
  • Data is processed based on the customer's consent, and the customer has withdrawn the consent;
  • Data deletion obligation arises from legal acts;
  • Data processing is illegal.
Right to Object: The customer has the right to object to the processing of their data, which we process based on our legitimate interest, including profiling based on this basis. In the event of an objection, we will not process the data further unless we demonstrate that the data processing is lawful and outweighs the customer's interests, rights, and freedoms, or if processing is necessary for the preparation, submission, or defense of legal claims.
The customer has the right to object to data processing for direct marketing purposes. In the event of an objection, we will stop using the data for direct marketing.
Right to Withdraw Consent: If the customer's data is processed based on their consent (e.g., for direct marketing), they have the right to withdraw their consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to File a Complaint with a Supervisory Authority: If the customer believes that their data protection rights have been violated, they have the right to contact the Data Protection Inspectorate (Tatari 39, 10134 Tallinn, www.aki.ee).
The customer has the right to contact us at any time if they believe that we have violated their data protection rights. We will respond to the customer's inquiry within 1 month.

6. Automated Decision-Making and Profiling

Profiling means the automated processing of data used to evaluate personal aspects related to the customer, including their financial data, preferences, reliability, financial behavior, etc. Automated impartial decisions result from profiling.
We use profiling to fulfill our legal obligations:
  • Credit decisions (creditworthiness assessment under CAA): Automated profiling is fair, transparent, and fast. Credit decisions are made automatically using IT tools based on customer data. Automated creditworthiness assessment ensures a fair outcome, as all credit applicants are treated equally. Fair outcomes are also based on honest, up-todate, and accurate customer data. The customer has the right to receive information about the data used for creditworthiness assessment and to object to credit decisions. The customer’s request will be answered within 1 month;
  • Anti-money laundering and terrorist financing prevention (risk assessment under MLTFPA): Automated analysis helps to prevent and detect fraud, monitor transactions to prevent money laundering or terrorist financing.
We also use profiling for direct marketing purposes to send direct marketing messages (GDPR Art 6(1)(a)).

7. Cookie Policy

We use cookies to improve the experience of visitors to our website. To disable cookies, you can change the settings of your device to notify you of receiving cookies or restrict or block cookies through settings. Cookies are small files consisting of letters and numbers placed on a device by the website server. They allow the website owner to distinguish between website users.
The data generated through cookies on our website can be used for the following purposes:
  • Strictly Necessary: These cookies are essential to enable the customer to navigate the website and use its features, such as accessing secure areas of the website and saving items in the shopping cart.
  • Performance: These cookies collect information about how visitors use the website, such as which pages are visited most often and whether visitors receive error messages. They are used to improve the functioning of future versions of the website.
  • Functionality: These cookies allow the website to remember the choices made by the customer, such as username, language, or region, and provide a better website experience.
  • Targeting or Advertising: These cookies are used to deliver more relevant content. We do not allow third parties to advertise on our website, but we cannot control the advertisers that internet service providers allow to advertise while browsing the internet.
By law, Modena is required to obtain the customer’s consent for the use of all types of cookies that we place, except those that are strictly necessary.
Further information about managing cookies can be found in your browser’s help feature, mobile device settings, or the website www.aboutcookies.org, which provides detailed information about managing cookies in popular browsers. Note that some parts of our website may not function properly if cookies are disabled.
If the customer believes their rights have been violated by the data processing, they have the right to contact the Data Protection Inspectorate (location Tatari 39, 10134 Tallinn; www.aki.ee) or the court.

8. Updates

This privacy notice is reviewed periodically and may be unilaterally amended (primarily due to changes in laws and Modena’s data protection processes). The updated version is published on our website.
So funktioniert es Statistik Team Hilfe
Folgen Sie uns auf
Kontakt
info@modena.capital +372 5804 2366
Bürozeiten
Mo–Fr, 10:00–17:00 MEZ
Modena Estonia OÜ – Registernummer 14820592
Geschäftsbedingungen Datenschutzerklärung
© 2025 Modena
Die Dienstleistungen, die dieses Portal anbietet, sind nicht als Investitionsdienstleistungen im Sinne des Gesetzes über Märkte für Finanzinstrumente, des Wertpapiermarktgesetzes oder anderer Rechtsakte zu verstehen, welche die Aktivitäten von Anlagevermittlern oder öffentlichen Anlageangeboten regeln. Die über das Portal investierten Gelder sind keine Einlagen und unterliegen daher nicht dem Einlagensicherungsgesetz.