Privacy Policy


Last revised: 29. October 2019.

COUNOS OÜ`s Single Sign On (SSO) (“COUNOS SSO”) respects User’s privacy and is committed to protecting User’s personal information or, as otherwise termed, User’s Personal Data”. In that regard, COUNOS SSO has launched and offers a service which provides COUNOS SSO’s clients (the “Users”)(subject to prior account registration) with access to the website www.counos.com (the “Site”). User agree that User has read, understood and accepted all of the terms and conditions contained in Privacy Policy (the “Policy”), Agreement on Terms of Use and all policies and related notices which have incorporated the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”). As this is a legally binding contract, please carefully read through this Policy and related notices before using any of the services provided by COUNOS SSO or its affiliates (the “Services”). By registering, accessing or using Services, User has agreed to the terms and conditions as laid out in this Policy. If User disagrees to this Policy, please inform COUNOS SSO by all available methods (for existing Users) and stop the usage of COUNOS SSO and any Services.

This Privacy Policy explains how information about User is collected, used, and disclosed by COUNOS SSO and sets out the basis on which COUNOS SSO will process User’s Personal Data when User:

  • visits and uses the Site (regardless of where User visits or uses them from);
  • applies for and opens an account in respect of COUNOS SSO
  • applies for, receives or uses any Services.

This includes any data that User may provide for and in relation to COUNOS SSO’s or its affiliates newsletters, updates, events and other marketing and promotional communications.

This Privacy Policy also informs User about: (i) how COUNOS SSO will handle and look after User’s personal data, (ii) COUNOS SSO’s obligations in regard to processing User’s Personal Data responsibly and securely, (iii) User’s data protection rights as a data subject, and (iv) how the law protects User.

  1. IMPORTANT INFORMATION

Purpose of this Privacy Notice

COUNOS SSO processes User’s Personal Data in an appropriate and lawful manner, in accordance with the GDPR and Estonian legislation.

This Policy aims to give information on how COUNOS SSO collects and processes User’s Personal Data in the scenarios outlined above in the ‘Introduction’ (namely, about User who uses the Site and Services, including any data that User may provide to COUNOS SSO or which COUNOS SSO may receive).

The Site, and Services are not intended for minors and COUNOS SSO does not knowingly collect Personal Data relating to minors.


It is important that User reads this Policy together with Agreement on Terms of Use and other binding COUNOS SSO policies, notices, agreements and documents related to the Services which COUNOS SSO may provide on specific occasions when COUNOS SSO is collecting or processing Personal Data about User so that User is fully aware of how and why COUNOS SSO is using User’s data. This Policy supplements the other notices and is not intended to override them.

Controller

COUNOS SSO as defined above is the controller and responsible for User’s personal data.

If User has any questions or requests, including any requests to exercise User’s legal rights as a data subject, please contact COUNOS SSO using the details set out below.

Contact Details

Full name of legal entity: Counos OÜ

Email address: [email protected]

Postal address: Laki Tn 14a, Tallinn, 10621, Estonia

It is imperative that the Personal Data COUNOS SSO holds about User is accurate and actual at all times. Otherwise, this will impair COUNOS SSO’s ability to provide User with the availability of COUNOS SSO and Services (amongst other potential and salient issues). The User must inform COUNOS SSO if User’s Personal Data changes during User’s relationship with COUNOS SSO.

Third-Party Links

The Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about User. COUNOS SSO does not control these third-party websites and are not responsible for their privacy notices, statements or policies.

COUNOS SSO encourages User to read the privacy policy of every website User visits.

  1. KEY DEFINITIONS

Set out below are key definitions of certain data protection terms which appear in this Policy.

Consent Form” refers to separate documents which COUNOS SSO might from time to time provide User with where COUNOS SSO asks for User’s explicit consent for any processing which is not for purposes set out in this Policy.

Data subjects” means living individuals (i.e. natural persons) about whom COUNOS SSO collects and processes personal data.

Data controller” or “controller” means any entity or individual who determines the purposes for which, and the manner in which, any Personal Data is processed.

Data processor” or “processor” means any entity or individual that processes data on COUNOS SSO’s behalf and with COUNOS SSO’s instructions (COUNOS SSO being the data controller).

Personal data” means data relating to a living individual (i.e. natural person) who can be identified from the data (information) COUNOS SSO holds or possesses. This includes, but is not limited to, User’s name and surname (including maiden name where applicable), address, date of birth, nationality, gender, civil status, tax status, identity card number & passport number, contact details (including mobile and home phone number and personal email address), photographic image, bank account details, emergency contact information as well as online identifiers. The term “personal information”, where and when is used in this Privacy Policy, shall be taken the same meaning as personal data.

Processing means any activity that involves use of personal data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including, organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring Personal Data to third parties.

Sensitive personal data”, “sensitive data” or “special categories of personal data” includes information about a person's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, or about the commission of, or proceedings for, any offence committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in such proceedings. This type of sensitive data can only be processed under strict conditions.

Note that Personal Data does not include information relating to entities (for example, a company or other legal entity’s information). In that regard, information such as company name, its company number, registered address, VAT number and any other any other publicly available information do not amount to Personal Data in terms of the GDPR Act. Therefore, the collection and use of information strictly pertaining to a legal person does not give rise to data controller obligations at law. Naturally, COUNOS SSO will still treat any and all such information in a confidential and secure manner.

  1. THE PERSONAL DATA COUNOS SSO COLLECTS ABOUT USER

Personal data, or personal information, means any information about an individual by which that person can be identified (as stated above). It does not include data where the identity has been removed (anonymous data). In the course of User’s relationship with COUNOS SSO (including during the Account opening stage), COUNOS SSO may collect, use, store and transfer different kinds of Personal Data about User which COUNOS SSO has grouped together.

COUNOS SSO collects information User provide directly to COUNOS SSO. For example, COUNOS SSO collects information when User create an Account, participate in any interactive feature of the Services, fill out a form, participate in a community or forum discussion, complete an exchange transaction, apply for a job, request user support or otherwise communicate with COUNOS SSO. The types of information COUNOS SSO may collect include User’s name, social security number or other government ID number, date of birth, email address, postal address, phone number, certain virtual currency information, and any other information User chooses to provide.

COUNOS SSO shall request this information in order to be able to register User on COUNOS SSO.

  • Identity Data includes User’s first name, maiden name (where applicable), last name, address, username or similar identifier, marital status, title, nationality, date of birth, gender, photograph, identity card and/or passport. This will form part of User’s Account information.
  • Contact Data includes User’s billing address, email address and contact number (telephone and/or mobile).
  • Financial Data includes User’s bank account and payment details.
  • AML / KYC Data includes the following due diligence, KYC information and documentation about User: (i) copy of I.D. card or passport, (ii) proof of residence (e.g. utility bill), (iii) KYC database checks, (iv) fraud database checks and (v) any documentation or information which COUNOS SSO may, from time to time:


  1. be required to collect to ensure compliance with any applicable legislation (including applicable foreign laws) and global AML/KYC practices; and/or
  2. otherwise be mandated to collect by the competent authority or law enforcement agency (local or overseas) or implementing market’s best practices.
    • Marketing and Communications Data includes User’s preferences in receiving marketing from COUNOS SSO and COUNOS SSO’s third parties and User’s communication preferences.

The categories of Personal Data are applicable to User holding a registered Account with COUNOS SSO who make use of COUNOS SSO’s Services.

  • Transaction Data includes details about:
  • Enhanced KYC Data applies in respect to the instances mandated by COUNOS SSO AML/KYC Policy, which would include, amongst other scenarios, situations where a higher risk of money laundering and funding of terrorism has been identified.
  • In all cases, COUNOS SSO collects the following information upon access to COUNOS SSO’s Site:
  • Technical/LOG Data includes the IP address, User’s login data to the COUNOS SSO (username and password), device type, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and other technology on the devices User use to access the Site. This also includes information about User’s use of the Services, including the type of browser User uses, access times, pages viewed, User’s IP address, and the page User visited before navigating to COUNOS SSO Services.
  • Device Data includes information about the computer or mobile device User uses to access COUNOS SSO Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.

COUNOS SSO also collects, uses and shares Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from User’s Personal Data but is not considered Personal Data in law as this data does not directly or indirectly reveal User’s identity. For example, COUNOS SSO may aggregate User’s Usage Data to calculate the percentage of users accessing a specific feature of the Site. However, if COUNOS SSO combines or connects Aggregated Data with User’s Personal Data so that it can directly or indirectly identifies User, COUNOS SSO treats the combined data as Personal Data which will be used in accordance with this Policy.

If User fail to provide Personal Data

Where COUNOS SSO needs to collect Personal Data about User:

  • By law; or
  • under the terms of, or in connection with, the contract that COUNOS SSO has with User (as discussed in Section 1 above); or


  • as part of COUNOS SSO legitimate (business) interests to verify the identity of COUNOS SSO applicants and Users, mitigate against risks (such as potential or suspected fraud) and in particular, to assess and take a decision on whether COUNOS SSO will or should enter into a relationship with User (as subject to User acceptance criteria and policies);

and User either fail to provide that data when requested, or else provide incomplete or insufficient data, COUNOS SSO may not be able to perform or conclude the contract which COUNOS SSO has or is otherwise trying to enter into with User (namely regarding User’s Account provision of COUNOS SSO Services).

In certain instances, particularly where it relates to AML / KYC Data, COUNOS SSO may even need to exercise COUNOS SSO prerogative to terminate COUNOS SSO contract with User, and thus withdraw the availability of COUNOS SSO Services to User, or else, if still at application stage, COUNOS SSO may have to decline to enter into a relationship with User. COUNOS SSO will however notify User if this is the case at that point in time.

Sensitive Personal Data

COUNOS SSO does not knowingly collect Special Categories of Personal Data (or Sensitive Personal Data) about User. Should COUNOS SSO receive sensitive Personal Data about User, COUNOS SSO will only process that data where there is a legitimate reason to do so and, in all circumstances, in accordance with COUNOS SSO obligations at law and under the appropriate safeguards.

As set out below in Section 5, COUNOS SSO collects and processes AML / KYC Data in order to be able to (i) comply with legal and regulatory obligations, as applicable (ii) conduct COUNOS SSO AML and KYC checks, and other due diligence checks, on User, (iii) verify User’s identity or claimed identity and identify and/or verify User’s source of funds and source of wealth, as appropriate (iv) take an informed decision on whether COUNOS SSO wants to enter into a relationship with User, and, if positive, to conduct initial and ongoing screening and monitoring and (iv) to comply with any legal or regulatory obligation that COUNOS SSO may have and/or any Court, regulatory or enforcement order that may be issued upon COUNOS SSO.

  1. HOW IS USER’S PERSONAL DATA COLLECTED?

  1. Account Registration and Opening.

COUNOS SSO will ask User to provide COUNOS SSO with User’s Identity, Contact, Financial and AML/KYC Data when User apply to register and open an Account with COUNOS SSO on COUNOS SSO. User provide these personal details and information to COUNOS SSO, which COUNOS SSO collects and processes, when User fill in and submit COUNOS SSO application form (together with other related forms), and complete COUNOS SSO required application steps.

User’s Account Data will be generated on the basis of User’s application and is also processed and stored by COUNOS SSO.

  1. Service Use.

This may encompass all of the data categories listed in Section 3 (namely, Identity, Contact, AML and KYC Data, Enhanced KYC Data and Transaction Data).

  1. Direct Interactions.

User mays also give COUNOS SSO User’s Identity, Contact, Financial, AML/KYC Data and Transaction Data by filling in COUNOS SSO other forms (i.e. separate to COUNOS SSO account opening and registration form), or by corresponding with COUNOS SSO by post, phone, e-mail or otherwise. This includes Personal Data that User provides when User, as applicable:

  • applies to open an Account;
  • updates or edit User’s Account details;
  • subscribes to COUNOS SSO;
  • contacts COUNOS SSO with complaints or queries;
  • reports issues;
  • submits the (additional or supplementary) AML / KYC Data that COUNOS SSO may request from User;
  • requests marketing to be sent to User;
  • participates in a survey; or
  • provides COUNOS SSO with feedback

(D) Automated Technologies or Interactions.

As User interact with the Site, COUNOS SSO may automatically collect Technical Data about User’s equipment, browsing actions and patterns. COUNOS SSO collects this Personal Data by using cookies, server logs and other similar technologies.

Cookies are small data files stored on User’s hard drive or in device memory that helps COUNOS SSO improve COUNOS SSO Services and User’s experience, see which areas and features of COUNOS SSO Services are popular and count visits, manage the registration process for accounts, remember User’s site preferences, retain certain information to process orders for exchange transactions, and retain information to provide User with support. Web beacons are electronic images that may be used on COUNOS or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness.

Most web browsers are set to accept cookies by default. If User prefer, User could usually choose to set User’s browser to remove or reject browser cookies. Please note that choosing to remove or reject cookies could affect the availability and functionality of COUNOS SSO Services.

Please see COUNOS SSO’s Cookie Policy for further details on website www.counos.com

(E) Third Parties or Publicly Available Sources.

COUNOS SSO may also obtain information from other sources and combine that with information COUNOS SSO collects through COUNOS SSO Services. For example, COUNOS SSO may collect information about User from third parties, including but not limited to social and publicly available sources.

COUNOS SSO may also receive Personal Data about User from various third parties and public sources, as set out below:

  • Technical Data from the following parties:

o analytic providers such as Google Analytics; o advertising networks;

o search information providers.


  • Identity, contact, AML / KYC Data from publicly available sources such as public court documents and the company houses and registers of other jurisdictions, and from electronic data searches, online KYC search tools (which may be subscription or license based), anti- fraud databases and other third party databases, sanctions lists, outsourced third-party KYC providers and from general searches carried out via online search engines (e.g. Google).
  1. HOW COUNOS SSO USES PERSONAL DATA

COUNOS SSO will only use User’s Personal Data when Estonian law and International Acts allow COUNOS SSO to. Most commonly, COUNOS SSO will use User’s Personal Data in the following circumstances:

  • Where COUNOS SSO needs to perform the contract COUNOS SSO is about to enter into or has entered into with User in respect of User’s relationship with COUNOS SSO.
  • Where it is necessary for COUNOS SSO legitimate interests (or those of a third party) and User’s interests and fundamental rights do not override those interests.
  • Where COUNOS SSO needs to comply with a legal or regulatory obligation

Purposes for which COUNOS SSO will use User’s Personal Data

COUNOS SSO has set out below, in a table format, a description of all the ways COUNOS SSO plans to use User’s Personal Data, and which of the legal basis COUNOS SSO relies on to do so. COUNOS SSO has also identified what COUNOS SSO legitimate interests are where appropriate. COUNOS SSO may process User’s Personal Data for more than one lawful ground depending on the specific purpose for which COUNOS SSO is using User’s data. Please contact COUNOS SSO at [email protected] if User needs details about the specific legal ground COUNOS SSO is relying on to process User’s Personal Data where more than one ground has been set out in the table below.

Purpose/Activity

Type of Data

Lawful Basis for Processing (including Basis of Legitimate Interest)

(i) To conduct due diligence checks on User (following User’s application to open and register an account).

( i i ) To d e t e r m i n e i f COUNOS SSO will enter into a relationship with User and, if positive, to register User’s account and on- board new User

  1. Identity;

  1. Contact;

  1. Financial;

  1. AML / Data;

KYC

  1. Performance of a contract with User.

  1. Necessity for compliance with COUNOS SSO legal obligations

  1. Necessity for COUNOS SSO legitimate interests, including to establish and verify:

  • User’s identity and suitability for COUNOS SSO
  • the existence of any risks that User may present as a prospective User,
  • User’s ability to meet financial commitments,
  • and ultimately, to enable COUNOS SSO to take an informed decision on whether COUNOS SSO should enter into a relationship with User.


  1. To establish and verify

User’s identity.

  1. To fulfill COUNOS SSO other internal AML/KYC policies and requirements.

  1. To fulfill any external m a n d a t o r y r e p o r t i n g obligations that COUNOS SSO may have to the Regulator in Estonia, the Police and a n y o t h e r ( i n c l u d i n g overseas) public, regulatory, law enforcement or tax authority.

  1. Identity;

  1. Contact;

  1. AML / KYC Data;

  1. Transaction;

  1. Enhanced KYC Data.

  1. Necessity to comply with a legal obligation.

  1. Necessity for COUNOS SSO legitimate interests (for risk assessment purposes, to prevent and mitigate against fraud, to safeguard the reputation of COUNOS SSO business).

To provide the Services, in particular:

( i ) i n v e s t i g a t e a n y s u s p e c t e d f r a u d u l e n t transactions

  1. Identity

  1. Contact

  1. Financial

  1. Transaction

  1. Portfolio

  1. Performance of a contract with User

  1. Necessity for COUNOS SSO legitimate interest to collect and recover debts and prevent fraudulent transactions

F o r l e g a l , t a x a n d accounting purposes (e.g. reporting to tax authorities, and accounting record requirements).

  1. Financial; and

  1. Transaction.

Necessity to comply with a legal obligation.


To detect, prevent and r e p o r t f r a u d u l e n t transactions.

  1. Identity;

  1. Contact

  1. Applicant

  1. AML / KYC Data

  1. Enhanced KYC Data;

  1. Financial;

  1. Portfolio;

  1. Transaction.

Necessity for COUNOS SSO legitimate interests, including in particular to:

  • protect the reputation of COUNOS SSO business;
  • avoid any complicity or association with fraud;
  • report fraudulent or otherwise suspicious orders that COUNOS SSO receives (or which later came to COUNOS SSO knowledge) to relevant public authorities.


To m a n a g e COUNOS SSO relationship with User, including in particular to:

  1. notify User about changes to COUNOS SSO terms and conditions or privacy notices;

  1. inform User about c h a n g e s t o COUNOS SSO

  1. deal with User’s i n q u i r i e s , r e q u e s t s , complaints or reported issues;

  1. provide User with support and assistance;

  1. contact User in relation to User’s Account, portfolio and other related matters;

  1. ask User to participate in a survey;

  1. request feedback from

User ;

  1. ) advise User of industry and legislative updates;

  1. inform User about

COUNOS SSO events;

  1. provide User with information about COUNOS SSO;

  1. administer User’s Account;

  1. provide User with any o t h e r i n f o r m a t i o n o r materials that User has requested to receive from COUNOS SSO ;

  1. Identity;

  1. Contact;

  1. Financial;

  1. Account;

  1. Portfolio;

  1. Transaction;

  1. Usage;

  1. Profile;

(i) Marketing and Communications.

  1. Performance of a contract with User .

  1. Necessity for COUNOS SSO legitimate interests (for User care and service matters, to study how Users use COUNOS SSO, to assess COUNOS SSO operations, to develop them and grow COUNOS SSO business).


To administer and protect COUNOS SSO b u s i n e s s , including the Site , ( i n c l u d i n g t r o u b l e s h o o t i n g , d a t a analysis, testing, system maintenance, support, safety and security testing, reporting and hosting of data).

  1. Identity;

  1. Contact;

  1. Technical;

  1. Account.
  1. Necessity for COUNOS SSO legitimate interests (for running and administering COUNOS SSO business, network security, to prevent fraud, and in the context of a business reorganization or group restructuring exercise).

  1. Necessity to comply with a legal obligation.

  1. Performance of a contract with User .

To deliver relevant website content and advertisements to User and measure or understand the effectiveness of the advertising which COUNOS SSO serves to User .

To ensure that COUNOS SSO content is presented in the most effective manner to User and User’s computer and devices, and in a user friendly manner.

  1. Identity;

  1. Contact;

  1. Account;

  1. Usage;

  1. Marketing and Communications;

  1. Technical.

Necessity for COUNOS SSO legitimate interests (to study how Users use COUNOS SSO, to develop them, to grow COUNOS SSO business and to inform COUNOS SSO marketing strategy).

To use data analytics to improve the Site, marketing, User r e l a t i o n s h i p s a n d experiences.

  1. Technical;

  1. Usage.

Necessity for COUNOS SSO legitimate interests (to define types of Users that have registered an Account on COUNOS SSO, to keep the Site updated and relevant, to develop COUNOS SSO business and to inform COUNOS SSO marketing strategy).

COUNOS SSO makes sure COUNOS SSO considers and balances any potential impact on User (both positive and negative) and User’s rights before COUNOS SSO processes User’s Personal Data for COUNOS SSO legitimate interests. COUNOS SSO does not use User’s Personal Data for activities where COUNOS SSO interests are overridden by the impact on User (unless COUNOS SSO has User`s consent or is otherwise required or permitted to by Estonian law and International Acts).

Marketing

COUNOS SSO strives to provide User with choices regarding certain Personal Data uses in relation to User’s Account. Through User’s Account, Identity, Contact, Technical, Usage and Marketing and Communications Data, COUNOS SSO can form a view on what COUNOS SSO thinks User may want or need. COUNOS SSO will send details as to how User may enhance User’s trading activity in relation to the User’s Account.

User may receive marketing communications from COUNOS SSO (which may consist of newsletters, industry updates, mailshots, publications, promotional materials and/or information about COUNOS SSO events) where:

  • User provides User’s consent to receiving such marketing material; or
  • User has an ongoing commercial or contractual relationship with COUNOS SSO;
  • And provided User has not opted out of receiving marketing from COUNOS SSO.

Third-Party Marketing

COUNOS SSO will get User’s express opt-in consent before COUNOS SSO shares User’s Personal Data with any third parties (including COUNOS SSO associated or related corporate entities) for marketing purposes.

Opting Out

User can ask COUNOS SSO to stop sending such advertising and marketing communications at any time by:

  • following the opt-out links on any marketing messages sent to User;
  • contacting COUNOS SSO at any time at [email protected]

Where User opt out of receiving such communications, this will not apply to Personal Data processed or provided to COUNOS SSO as a result of User’s entry into relationship with COUNOS SSO.

Change of Purpose

COUNOS SSO will only use User’s Personal Data for the purposes for which COUNOS SSO collected it, unless COUNOS SSO reasonably considers that COUNOS SSO needs to use it for another reason and that reason is compatible with the original purpose, or COUNOS SSO is obliged to process User’s data by Estonian laws or court or other enforceable orders.

Please note that COUNOS SSO may process User’s Personal Data without the need to obtain User’s consent, in compliance with the above rules, where this is required or permitted by Estonian law and International Acts.

  1. DISCLOSURES OF USER’S PERSONAL DATA

COUNOS SSO may have to share User’s Personal Data with the parties set out below for the purposes set out in the table in Section 5 above.

  • External third parties.
  • Suppliers and external agencies that COUNOS SSO engages to process information on COUNOS SSO and/or User’s behalf, including to provide User with the information and/or materials that User has requested.
  • Our subsidiaries, associates and agents where necessary to facilitate User’s relationship with

COUNOS SSO.

  • The regulators, law enforcement agencies and other authorities who require reporting of processing activities, or may request information from COUNOS SSO, in terms of Estonian law and in certain circumstances.
  • Professional advisers such as consultants, bankers, professional indemnity insurers, brokers and auditors.
  • Other organizations where exchange of information is for the purpose of fraud protection or credit risk reduction.
  • Debt recovery agencies who assist COUNOS SSO with the recovery of debts owed to COUNOS SSO.
  • Third parties to whom COUNOS SSO may choose to sell, transfer, or merge parts of COUNOS SSO business or COUNOS SSO assets (successors in title). Alternatively, COUNOS SSO may seek to acquire other businesses or merge with them. If a change happens to COUNOS SSO business, then the new owners may use User’s Personal Data in the same way as set out in this notice.

COUNOS SSO requires all third parties to respect the security of User’s Personal Data and to treat it in accordance with the Estonian law and International Acts (including applicable data protection).COUNOS SSO does not allow COUNOS SSO third party business partners or service providers to use User’s Personal Data for their own purposes and only permit them to process User’s Personal Data for specified purposes and in accordance with COUNOS SSO documented instructions. Furthermore, these third parties access and process User’s Personal Data on the basis of strict confidentiality and subject to the appropriate security measures and safeguards.

COUNOS SSO may also disclose User’s Personal Data:

  • If COUNOS SSO is under a duty to disclose or share User’s Personal Data to comply with any legal obligation, judgment or under an order from a court, tribunal or authority, or
  • If COUNOS SSO believes User’s actions are inconsistent with COUNOS SSO user agreements or policies, or to protect the rights, property and safety of COUNOS SSO or others, or
  • in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of COUNOS SSO business by another company; or
  • if COUNOS SSO has User’s consent or at User’s direction.

COUNOS SSO may also share aggregated or de-identified information, which cannot reasonably be used to identify User.

  1. INTERNATIONAL TRANSFERS (APPLICABLE TO E.U. RESIDENTS ONLY)

User consents to the transfer of data to entities outside the European Economic Area (“EEA”) including, and acknowledges such transfers, which will only take place for the purposes set forth in Section 5, are necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request. Such transfers may take place to countries for which there is no adequate decision pursuant to Article 45 of the GDPR and may lack EU-type privacy protections.

  1. DATA SECURITY

While no online or electronic system is guaranteed to be secure, COUNOS SSO takes reasonable measures to help protect information about User from loss, theft, misuse, and unauthorized access, disclosure, alteration and destruction.

COUNOS SSO has put in place appropriate security measures to prevent User’s Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, COUNOS SSO limits access to User’s Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process User’s Personal Data on COUNOS SSO instructions and they are subject to a duty of confidentiality.

COUNOS SSO has put in place procedures to deal with any suspected Personal Data breach and will notify User and any applicable regulator of a breach where COUNOS SSO is legally required to do so.

GETTING ACQUAINTED AND AGREEING TO THE TERMS OF THIS POLICY, USER ACCEPT ALL RISKS ASSOCIATED WITH DATA LOSS AS A RESULT OF FRAUD BY THIRD PARTIES AND FORCE MAJEURE (NATURAL DISASTERS, TERRORISM, WAR, HACKING, ETC.). IF USER DOES NOT AGREE TO THE TERMS OF THIS POLICY OR DOES NOT ACCEPT RISKS ASSOCIATED WITH DATA LOSS USER SHOULD STOP TO USE ANY COUNOS SSO SERVICES.

Confidential Informationmeans any non-public information of the discloser, whether of a financial, business or other nature (including, but not limited to, trade secrets, and information relating to the Users, business plans, promotional and marketing activities, IT, finances and other business affairs of the discloser) that is disclosed to or obtained by the recipient and that the recipient knows or has reason to know is confidential, proprietary or trade secret information of discloser. Confidential Information also includes any information that has been made available to discloser by third parties that discloser is obligated to keep confidential. Confidential Information does not include any information that:

  1. was known to the recipient before receiving the same from the discloser in connection with this

Policy;

  1. is independently developed by the recipient without reliance on any Confidential Information of the discloser;
  2. is acquired by the recipient from another source without restriction as to use or disclosure; or
  3. is or becomes generally known of the public through no fault or action of the recipient.

Each party guarantees:

  1. use the other's Confidential Information solely for the purposes of performing this Policy,
  2. disclose the other party’s Confidential Information only to those employees and contractors that need to know the same for purposes of performing this Policy, and
  3. inform its employees and contractors with access to the other party’s Confidential Information that such Confidential Information is confidential and proprietary to the other party and is subject to this Policy.

COUNOS SSO and User will preserve and protect each other`s Confidential Information and will not divert or misappropriate any Confidential Information for its own or any third party’s benefit. Without limiting the generality of the foregoing, COUNOS SSO and User will keep Confidential Information confidential and accessible and use restrictions at least as stringent as those applied to protect its own information of similar type.

  1. DATA RETENTION

How long will use my Personal Data for?

Please note that COUNOS SSO considers COUNOS SSO relationship with User to be an ongoing and continuous User relationship, until terminated.

COUNOS SSO will only retain User’s Personal Data for as long as necessary to fulfill the purposes COUNOS SSO collected it for (i.e. the ongoing service provision) and, thereafter, for the purpose of satisfying any legal, accounting, tax and reporting requirements or obligations to which COUNOS SSO may be subject and/or to the extent that COUNOS SSO may also need to retain User’s Personal Data to be able to assert, exercise or defend possible future legal claims against or otherwise involving User.

By and large, COUNOS SSO retention of User’s Personal Data shall not exceed the period of seven (7) years from the date of the termination of User’s relationship with COUNOS SSO (which would typically arise from the closure/de-registration of User’s Account). This period of retention enables COUNOS SSO to use the data in question for the possible filing, exercise or defense of legal claims (taking into account the timeframe of applicable statutes of limitation and prescriptive periods).

In the event that COUNOS SSO’s activities are held by competent legislators and regulators in amount to a ‘relevant activity’ at Estonian law, COUNOS SSO will retain User’s AML and KYC Data for the duration of User’s business relationship with COUNOS SSO and for a further period of seven years following its termination and, in certain instances, for a maximum period of seven (7) years post-termination if mandated by the competent authority. COUNOS SSO may need to revise this AML retention period in the event of applicable legal or regulatory developments, but COUNOS SSO will notify User if this is the case at the time.

In some circumstances, User can ask COUNOS SSO to delete User’s Personal Data. See below for further information.

Kindly, contact COUNOS SSO for further details about the retention periods that COUNOS SSO applies.

Data Minimization

Whenever and to the extent possible, COUNOS SSO anonymous data which COUNOS SSO holds about User when it is no longer necessary to identify User from the data which COUNOS SSO holds about User (anonymous data).

In some circumstances, COUNOS SSO may even anonymize User’s Personal Data (so that it can no longer be associated with User) for research or statistical purposes, in which case COUNOS SSO may use this information indefinitely without further notice.

  1. USER’S LEGAL RIGHTS

Under certain circumstances, User has rights under data protection laws in relation to User’s Personal Data according with Estonian law and International Acts.

  • Request access to User’s Personal Data.
  • Request correction of User’s Personal Data.
  • Request erasure of User’s Personal Data.
  • Object to processing of User’s Personal Data.
  • Request restriction of processing User’s Personal Data.
  • Request transfer of User’s Personal Data.
  • Right to withdraw consent.

If User wish to exercise any of the rights set out above, please contact COUNOS SSO at [email protected]. These rights are explained below.

No Fee usually required

User will not normally have to pay a fee to exercise User’s Personal Data subject rights.

However, COUNOS SSO may charge a reasonable fee if User’s request is clearly unfounded, repetitive or excessive. Alternatively, COUNOS SSO may refuse to comply with User’s request in the above circumstances.

What COUNOS SSO may need from User

COUNOS SSO may need to request specific information from User to help COUNOS SSO confirm User’s identity and ensure User’s right to access User’s Personal Data (or to exercise any of User’s other data subject rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. COUNOS SSO may also contact User to ask for further information in relation to User’s request to speed up COUNOS SSO response.

Time limit to Respond

COUNOS SSO tries to respond to all legitimate requests within the period of one month from receipt of the request.

Occasionally it may take COUNOS SSO longer than a month if User’s request is particularly complex or User has made a number of requests. In this case, COUNOS SSO will notify User and keep User updated.

User’s Legal Rights

User has the right to:

  1. Request access to User’s Personal Data (commonly known as a “data subject access request”). This enables User to receive a copy of the Personal Data COUNOS SSO holds about User and to check that COUNOS SSO is lawfully processing it. User may send an email to [email protected] requesting information how the Personal Data is processed by COUNOS SSO. User shall receive one copy free of charge via email of the Personal Data which is undergoing processing. Any further copies of the information processed may incur a charge of € 35.00.
  2. Right to information when collecting and processing Personal Data about User from publicly accessible or third-party sources. When this take places, COUNOS SSO will inform User, within a reasonable and practicable timeframe, about the third party or publicly accessible source from which COUNOS SSO has collected User’s Personal Data.
  3. Request correction or rectification of the Personal Data that COUNOS SSO holds about User. This enables User to have any incomplete or inaccurate data COUNOS SSO holds about User corrected and/or updated, though COUNOS SSO may need to verify the accuracy of the new data User provide to COUNOS SSO. As mentioned, it is in User’s interest to keep COUNOS SSO informed of any changes or updates to User’s Personal Data which occur during the course of User’s relationship with COUNOS SSO.
  4. Request erasure of User’s Personal Data. This enables User to ask COUNOS SSO to delete or remove Personal Data where:
    • there is no good reason for COUNOS SSO continuing to process it;
    • User has successfully exercised User’s right to object to processing (see below);
    • COUNOS SSO may have processed User’s information unlawfully; or
    • COUNOS SSO is required to erase User’s Personal Data to comply with Estonian law.
  5. comply with a legal or regulatory obligation to which COUNOS SSO is subject; or
  6. file, exercise or defense of legal claims.
    1. Object to processing of User’s Personal Data where COUNOS SSO is relying on a legitimate interest (or those of a third party) and there is something about User’s particular situation which makes User want to object to processing on this ground as User feel it impacts User’s fundamental rights and freedoms. User also has the right to object where COUNOS SSO is processing User’s Personal Data for direct marketing purposes (see Marketing in Section 5 above).
    2. Request restriction of processing of User’s Personal Data. This enables User to ask

    • if User want COUNOS SSO to establish the data's accuracy;
    • where COUNOS SSO uses of the data is unlawful but User do not want COUNOS SSO to erase it;
    • where User needs COUNOS SSO to hold the data even if COUNOS SSO no longer requires it as User need it to establish, exercise or defend legal claims; or
    • User has objected to COUNOS SSO use of User’s data but COUNOS SSO needs to verify whether COUNOS SSO has overriding legitimate grounds to use it.
      1. Request the transfer (data portability) of User’s Personal Data to User or to a third party. COUNOS SSO will provide User, or a third-party User has chosen, with User’s Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which User initially provided consent for COUNOS SSO to use or where COUNOS SSO used the information to perform a contract with User in accordance with Policy together with Agreement on Terms of Use and other binding COUNOS SSO policies, notices, agreements and documents related to the Services.
      2. Withdraw consent at any time where COUNOS SSO is relying on consent to process User’s Personal Data (which will not generally be the case). This will not however affect the lawfulness of any processing which COUNOS SSO carried out before User withdrew User’s consent. Any processing activities that are not based on User’s consent will remain unaffected.

User’s Choices Regarding User’s Account Information

User may update, correct, or delete information about User at any time by logging into User’s COUNOS SSO Account. If User wish to delete or deactivate User’s Account, please send request or question to [email protected], but note that COUNOS SSO may retain certain information as required by Estonian law or for legitimate business purposes, as further highlighted above.

  1. CHANGES TO THIS PRIVACY POLICY

COUNOS SSO may change this Policy or tariffs or another information from time to time, particularly where COUNOS SSO needs to take into account and cater for any (i) business developments. If COUNOS SSO makes changes, COUNOS SSO will notify User by revising the date at the top of the Policy and, in some cases, COUNOS SSO may provide User with additional notice (such as adding a statement to COUNOS SSO homepage or sending User notification). COUNOS SSO encourages User to review the Privacy Policy whenever User access the Services or otherwise interact with COUNOS SSO to stay informed about COUNOS SSO information practices and the ways User can help protect User’s privacy.

The language of the original documents is English.