1. INTRODUCTION

This customer privacy notice is given by Lexim SIA, a company registered in the Republic of Latvia, with registration number 40203287072, registered office address at Lielirbes Street 17A-23, Riga, LV-1046, Latvia, and Lexim Legal Ltd., a company registered in the United Kingdom, company number SC790784, registered office address at 2/1 18 Quentin Street, Glasgow, Scotland, G41 3TX. Lexim SIA and Lexim Legal Ltd. are collectively referred below to as “Lexim”, “we”, “us” or “our”.

This customer privacy notice (hereinafter the “Notice”) applies to all natural persons including authorised representatives of a legal entity or arrangement from whom or regarding whom Lexim collects or receives personal data in the course of providing its services or otherwise performing its economic activities (hereinafter “data subject” or “you”) to the extent that Lexim processes personal data. This Notice describes how Lexim collects, uses and otherwise processes your personal data.

Lexim processes your personal data in accordance with the applicable data protection legislation, including the General Data Protection Regulation (Regulation (EU) 2016/679) (hereinafter the “GDPR”) and any other applicable normative acts and on generally accepted standards of international practice on personal data protection.

In the UK, Lexim processes your personal data in accordance with the Data Protection Act 2018 (Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR)), Privacy and Electronic Communications Regulations (PECR), other applicable normative acts of the United Kingdom and on generally accepted standards of international practice on personal data protection.

You have many rights that you can use to control your privacy. Lexim respects those rights and wants to help you exercise your rights, and below you will find information on how to do it.

2. DATA CONTROLLER

Lexim is your data controller. Lexim is responsible for the processing of your personal data in accordance with this Notice and applicable data protection laws.

3. PERSONAL DATA WE PROCESS

We may collect, store, use, transfer and process in any other way the following categories of personal data about you:

  • identification data (name, surname, personal identification code, date and place of birth, nationality, identification document data and copy, photo etc),

  • contact data (address, telephone number, e-mail etc),

  • employment and shareholding data (shareholding/ownership, directorship, employer, position, etc),

  • financial data (income, property, obligations, securities, etc),

  • data concerning the contract and its performance (current and previous contracts with us, payment history and payment defaults, transactions, applications, etc),

  • data related to your economic activities, e.g. details of related entities from the commercial register,

  • your IP address and data related to your access to our systems (assigned usernames and passwords etc),

  • criminal records, or other essential records, for eg., whether you are a politically exposed person, etc.

Depending on the type of personal data in question and the grounds on which Lexim is processing it, Lexim may not be able to fulfil its contractual obligations or may not be able to continue with the contractual relationship if you refuse to disclose certain personal data.

4. WHERE IS YOUR PERSONAL DATA COLLECTED FROM

We collect your personal data from the following sources:

  • you – some of the personal data may be given by you to us on your financial license application, residence or citizenship application or other type of application or services, by phone, e-mail, online self-service or in any other way when you communicate with us;

  • entities of the group to which Lexim belongs;

  • third persons, including publicly available sources such as electronic databases (such as Commercial Register, Register of invalid documents, etc.) and search engines, public authorities (courts, bailiffs, bankruptcy trustees) and other persons.

5. PURPOSES OF PROCESSING YOUR PERSONAL DATA

Lexim processes your personal data in accordance with the applicable data protection legislation. Where appropriate and in accordance with the applicable laws and legal requirements, we generally use customer data for the following purposes:

  • to evaluate the customer’s appropriateness and suitability of the product and services offered to the customer,

  • to evaluate the appropriateness and suitability of related persons;

  • to prepare, conclude and draft the contract,

  • to monitor the performance of the contract by the customer,

  • to help us to establish, exercise or defend legal claims,

  • for compliance with due diligence and other regulatory requirements,

  • for accounting and reporting purposes,

  • to provide you with new offers.

6. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

There are a number of different grounds, which allow Lexim to lawfully process your personal data. These are the following:

  • if you have given your consent to such processing;

  • to prepare to enter into a contract with you;

  • to fulfil the obligations under our contract with you and to ensure that you are properly fulfilling your obligations to Lexim;

  • to carry out our legal obligations, such as the obligations stemming from laws and normative acts (such as the Law on the Prevention of Money Laundering and

Terrorism and Proliferation Financing, Law on International Sanctions and National Sanctions of the Republic of Latvia, Consumer Rights Protection Law, Law On Taxes and Duties, The Proceeds of Crime Act 2002 (POCA), Terrorism Act 2000 (TACT), Sanctions and Anti-Money Laundering Act 2018 (SAMLA), Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the Regulations), Money Laundering and Terrorist Financing (Amendment) Regulations 2019, Money Laundering and Terrorist Financing (Amendment) (No. 2) Regulations 2022, and other);

  • when processing is within our legitimate interests, mainly where:

  1. processing of your personal data is necessary for us to establish, exercise or defend legal claims;

  2. processing of your personal data is necessary for scoring potential customers, guarantors and collateral providers, to the extent that such processing is not required by applicable law;

  3. processing of your personal data is necessary for providing you with new offers.

7. SHARING YOUR PERSONAL DATA

In order for us to meet the purposes of processing described in this Notice, your personal data may be transferred to the following categories of recipients:

  • entities of the group to which Lexim belongs;

  • government authorities such as the State Revenue Service, HM Revenue & Customs, Data State Inspectorate, the Financial Intelligence Unit, Consumer Rights Protection Centre, controllers of databases (population registers, commercial registers etc.);

  • persons who guarantee the proper performance of the customer's obligations to Lexim (guarantors, owners of collateral etc.);

  • customer support centre service providers;

  • companies providing fraud prevention and financial crime prevention services;

  • to cloud-based storage providers;

  • to other third parties, such as courier and postal service providers, payment default registers, debt collection service providers, auditors, legal service providers, courts, bailiffs, bankruptcy trustees, credit and financial institutions, etc.

We require our third-party service providers to keep your information secure and to process this information based on our instructions and requirements consistent with this Notice, the GDPR and applicable law.

8. TRANSFERS OUTSIDE THE UK AND EEA

We transfer data outside of the European Economic Area (EEA, i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) and the UK only where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data. With respect to transfers to countries not providing an adequate level of protection, we base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or approved certification mechanisms together with binding and enforceable commitments of the recipient.

9. STORING AND SECURITY OF YOUR PERSONAL DATA

We will not store your personal data longer than necessary for the purposes of processing. The criteria used to determine the period of storage of your personal data are:

  • the nature of the purpose, why personal data was collected;

  • the length of time while Lexim has an ongoing relationship with you;

  • existence of a legal obligation under the applicable law;

  • necessity in the light of Lexim’s legal position (such as applicable statutes of limitations, litigation or regulatory investigations).

Once we have determined that we no longer need to hold your personal data, we will delete it from Lexim systems.

We have implemented generally accepted standards of technology and operational security to protect your personal data from loss, misuse, alteration or destruction. We require all personnel to keep personal data confidential and only authorized personnel have access to this data.

10. YOUR RIGHTS

You have various rights in relation to your personal data which we process about you:

  • Right to request access: you may ask us to confirm what information we process about you at any time.

  • Right to rectification: you may request that we rectify any inaccurate or incomplete personal data that we process about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort.

  • Right to erasure: you have the right to request that we erase your personal data in certain circumstances.

  • Right to restrict processing: you have the right to restrict processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities. Where we are legally required to do so, we may refuse your request. If we refuse your request we will tell you the reasons for doing so.

  • Right to object: in certain circumstances, you have the right to object to us processing your personal data.

  • Right of data portability: you have the right to transfer your personal data between data controllers, subject to possible limitations from applicable law. This means that you are able to transfer the data we process about you to another service provider or a third party. We will provide you with your data in a commonly used machine-readable format so that you can transfer the data to another service provider.

  • Right not to be subject to a decision based solely on automated processing: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly affects you. This right is subject to limitations from applicable law.

  • Right to lodge a complaint with the supervisory authority: if you have any concerns about the way we handle your personal data, you can contact

  1. the Data State Inspectorate of Latvia - https://www.dvi.gov.lv/en;

  2. in the United Kingdom the Information Commissioner’s Office - https://ico.org.uk/.

Where we are legally required to do so, we may refuse your request. If we refuse your request we will tell you the reasons for doing so.

11. MODIFICATIONS

If Lexim changes the categories of personal data processed or purposes of personal data processing, we will make respective amendments to this Notice and inform you thereof.

12. FURTHER ASSISTANCE

If you have any questions about this Notice or about your personal data, please contact us

e-mail: legal@leximglobal.net.