Bondora Terms of Use

1. TERMS AND DEFINITIONS

1.1. Special Conditions – Special Terms and Conditions of the Loan Agreement.

1.2. Interest – fee paid by the Borrower to the Lender for the use of the Loan Amount.

1.3. User – a natural person who is a party to a valid User Agreement or other agreement concluded with the Lender.

1.4. User Agreement – an agreement concluded between the User and the Lender under the Terms of Use, on the basis of which the User can use the Portal and on the basis of which the Lender provides services to the User through the Portal. The User Agreement is deemed concluded between the User and the Lender at the moment of accepting the Terms of Use.

1.5. Terms of Use - these Bondora Terms of Use.

1.6. Loan or Loan Agreement – a Loan Agreement concluded between the Borrower and the Lender via the Portal.

1.7. Lender or Bondora – Bondora AS, Estonian registry code 11483929, postal address A.H. Tammsaare tee 56, 11316 Tallinn, Estonia.

1.8. Lender's Webpage – www.bondora.nl

1.9. Loan Amount – the amount that the Lender makes available to the Borrower under the Loan Agreement.

1.10. Loan Application – a Borrower's application with all the information and documents that the Borrower has submitted to the Lender on the Portal to receive an offer to enter into a Loan Agreement.

1.11. Borrower – a User who has submitted a Loan Application to the Lender and/or who has entered into a Loan Agreement with the Lender.

1.12. Maximum Loan Amount – the maximum value of the principal amount of the Loan Agreement, to the extent of which the Lender can enter into a Loan Agreement with the Borrower.

1.13. Claim – a financial claim against the Borrower arising from the Loan Agreement.

1.14. Banking Day – a working day, i.e., a day that is not a Saturday, Sunday, national holiday or public holiday in the Republic of Estonia.

1.15. Portal – an e-service environment located on the Internet at www.bondora.nl and managed by the Lender, via which Users can request or use the services provided by the Lender.

1.16. Portal Account – a virtual account created for the User on the Portal and managed by the Lender, which is linked to the User's individual Reference Number and through which the User makes payments to the Lender. The Portal Account keeps records of transactions made on the User's Portal, including Claims and liabilities.

1.17. Fees – service fees applicable to Users, which are presented in the Price List published on the Portal and on the Lender's Webpage.

1.18. Reference Number – a personalized number to identify the User when making payments to the Portal Account.

1.19. General Conditions – General Conditions of the Loan Agreement, which are published on the Portal.

2. GENERAL PART

2.1. The Terms of Use determine the relationship between the Lender and the User in relation to the services provided by the Lender to the User and the basic conditions of the provision of the services.

2.2. The Terms of Use are an integral part of all User and other agreements concluded between the User and the Lender via the Portal. The Terms of Use become binding on the User after concluding the User Agreement in accordance with Clause 3.4.

2.3. In addition to the Terms of Use, the relationship between the Lender and the User is regulated by the applicable legislation and the Loan Agreement(s) or other agreements concluded between the Lender and the User. In the event of a conflict between the Terms of Use and the Loan Agreement or any other agreement, the Loan Agreement or any other agreement concluded between the Lender and the User shall prevail.

2.4. The Terms of Use, the General Conditions of the Loan Agreement, the Price List and other relevant information and documents are available to the User at any time free of charge on the Lender's Webpage and/or the Portal.

3. USER REGISTRATION

3.1. In order to enter the Portal and use the services provided by the Lender through the Portal, a person must register as a User of the Portal. Upon registration as a User of the Portal, a person becomes entitled, inter alia, to submit Loan Applications and enter into Loan Agreements and to apply for the use of other services offered by the Lender and to enter into relevant agreements.

3.2. To use the Portal, a person must register his/her email address on the Lender's Webpage. To confirm the email address, the person must log into the Portal using the temporary password created by the Portal.

3.3. By agreeing to the Terms of Use when registering as a User of the Portal, the User represents and warrants that:

• 3.3.1. he/she has examined, understood and undertakes to comply with the Terms of Use when using the services provided through the Portal;
• 3.3.2. he/she agrees that the Lender will process his/her personal data in accordance with the Privacy Policy;
• 3.3.3. he/she is a natural person with passive and active legal capacity and at least 18 years of age;
• 3.3.4. his/her permanent or primary place of residence is the Republic of Estonia;
• 3.3.5. he/she is not a politically exposed person or a family member or close associate of a politically exposed person;
• 3.3.6. he/she is not subject to an international financial sanction;
• 3.3.7. his/her judgment has not been adversely affected by a material error, unlawful threat, violence or other circumstance.

3.4. The User Agreement between the Lender and the User shall be deemed concluded under the Terms of Use immediately after all the conditions set forth in Clauses 3.2 and 3.3 have been met. The User Agreement is concluded for an unspecified term.

3.5. As a confirmation of the conclusion of the User Agreement, the User will have access to the Portal. The concluded User Agreement is available to the User free of charge on the Portal at any time.

4. USER IDENTIFICATION

4.1. To log into the Portal, the User must enter his/her Portal username and password.

4.2. Prior to the conclusion of the first Loan Agreement, the User must identify himself/herself as follows:

• 4.2.1. by making a bank transfer from a bank account opened in his/her name with a credit institution which has its place of business in a contracting state of the European Economic Area, either directly from that bank account or using any other alternative accepted by the Lender (e.g., identification via ID card or Mobile ID); and
• 4.2.2. by submitting all documents required by the Lender to identify the User in accordance with the requirements for the prevention of money laundering and terrorist financing.

4.3. If the applicable law does not require identification in accordance with Clause 4.2, the User shall be identified prior to any act or transaction having legal consequences (e.g. before concluding a Loan Agreement or making a withdrawal application) by one of the following identification methods, at the User's choice:

• 4.3.1. the unique username and password of the Portal chosen by the User;
• 4.3.2. mobile identification by means of a unique PIN code sent to the User's mobile number; or
• 4.3.3. identification in another manner which is consistent with the applicable legislation and deemed sufficient by the Lender.

4.4. Upon identification of the User, the Lender is not limited to Clauses 4.1 to 4.3 and the Lender has the right to unilaterally change the identification procedure at any time, including the use of other identification methods permitted by law. If the Lender has doubts about the accuracy of the User's data, the Lender may ask the User to clarify the data, provide additional information or documents, or repeat the identification process if necessary. The Lender considers the refusal to identify or submit additional documents by the User to be a material breach of the User Agreement and this is the basis for cancellation of the User or other agreement in accordance with Clause 11.3.1.

4.5. Data obtained during the identification process, such as name, personal identification code, bank account number, residential address etc., are stored as personal data in accordance with the Lender's Privacy Policy.

4.6. Any person who logs into the Portal with the User's data (e.g., username and password) or uses the User's registered email address or telephone number to confirm operations via the Portal is deemed by the Lender to be the User, unless the Lender has been notified that such data or means (e.g., mobile phone) have come into the possession of a third party and this fact has been proven by the User.

5. GENERAL OBLIGATIONS OF USER

5.1. The User undertakes:

• 5.1.1. not to use the Portal for illegal transactions or acts, including fraud, money laundering, terrorist financing, etc.;
• 5.1.2. to provide the Lender only with true, complete and non-misleading information and not to conceal any information that may be relevant to the Lender;
• 5.1.3. notify the Lender immediately, but no later than within five (5) Banking Days, of any changes in the information and/or documents provided to the Lender;
• 5.1.4. notify the Lender immediately, but no later than within five (5) Banking Days, of any circumstances that affect or may affect the User's ability to perform the obligations arising from the agreements concluded between the Lender and the User, in particular the Loan Agreements;
• 5.1.5. keep the data and means (e.g., mobile phone) required necessary for logging into the Portal or for identification, including ID card, passwords and usernames, so that they do not fall into the possession of any third parties;
• 5.1.6. notify the Lender immediately, but no later than within five (5) days, if the data or means specified in Clause 5.1.5 fall into the possession of a third party;
• 5.1.7. respect the Lender's intellectual property rights. The Lender's Webpage and the Portal and its contents are the personal property of the Lender, which the User is entitled to use only for personal purposes in connection with the use of the Portal's services;
• 5.1.8. provide additional documents and information at the request of the Lender if it is necessary for performance of the agreements concluded with the client and/or for compliance with the Lender's legal obligations (e.g., compliance with the "Know Your Customer" principle under the Money Laundering and Terrorist Financing Prevention Act, or information on the origin of the property of the client and/or the person making repayments of the Loan, etc.);
• 5.1.9. behave prudently and respectfully when using the Portal.

5.2. If the User fails to fulfill the obligation specified in Clause 5.1.3, the Lender has the right to assume that the information and documents previously provided by the User are correct, unless the User notifies otherwise.

6. EXCHANGE OF INFORMATION

6.1. The contact details and methods for sending notices to the Lender are published on the Lender's Webpage. The Lender is not obliged to give a separate notice to the User of any changes in the contact details, unless otherwise agreed in the Terms of Use or other concluded agreements and/or required by law.

6.2. Notices between the User and the Lender shall be sent in the same language as the Terms of Use and shall be sent to the recipient via the Portal, unless otherwise agreed in the Terms of Use or other concluded agreements and/or required by law. The Lender is not limited to using the Portal to transmit notices.

6.3. If a notice between the User and the Lender has to be sent to the recipient by email or post, it will be sent to the contact details communicated by the recipient to the other Party via the Portal, by email or post.

6.4. The User undertakes to update his/her contact details immediately on the Portal or, if it is not possible to change the respective contact details on the Portal, to notify the Lender immediately of any changes in the contact details. The Lender has the right to proceed from the data of the population register, commercial register or other official register regarding the data of the User's residential address. This does not release the User from the notification obligations to the Lender in accordance with Clause 5.1.3 if his/her residential address has changed. If the User fails to notify the Lender of any change in his/her contact details, he/she shall bear the associated risks.

6.5. A notice sent to the correct contact details of the other Party is considered received:

• 6.5.1. in the case of personal delivery against signature, when delivered;
• 6.5.2. in the case of sending via the Portal, by email or in another format which can be reproduced in writing, three (3) days after the sending;
• 6.5.3. in the case of postage to a destination in the country of dispatch, five (5) days after the posting of the registered letter; and
• 6.5.4. in the case of postage to a destination outside the country of dispatch, seven (7) days after the posting of the registered letter.

6.6. If a notice sent by the Lender, which the User can expect to receive or which the User and the Lender have agreed to send, does not reach the User, the User shall notify the Lender thereof immediately, but no later than within three (3) Banking Days after the expected date of receipt.

6.7. The User undertakes to immediately check the accuracy of the information contained in the notice received from the Lender and to notify of any objections immediately upon receipt of the notice.

7. LOAN APPLICATION AND CREDITWORTHINESS ASSESSMENT

7.1. The Borrower may submit a Loan Application to the Lender only via the Portal, having previously identified himself/herself in accordance with Section 4 of the Terms of Use.

7.2. In order to apply for a Loan, the Borrower fills in a Loan Application on the Portal, where he/she discloses the information required by the Lender on his/her creditworthiness and other circumstances affecting the creditworthiness.

7.3. The Lender assesses the Borrower's creditworthiness on the basis of the submitted data and documents and the data obtained from public databases or other sources.

7.4. The Loan Application is not binding on the Borrower, i.e., he/she can withdraw the Loan Application at any time prior to concluding the Loan Agreement without giving reasons.

8. CREDIT DECISION

8.1. The Lender has the right to make one of the following credit decisions:

• 8.1.1. accept the Loan Application;
• 8.1.2. reject the Loan Application; or
• 8.1.3. make a counteroffer and accept the amended Loan Application.

8.2. The Lender makes a credit decision and notifies the Borrower thereof immediately, but no later than within two (2) Banking Days after the receipt of all the required information and documents. The Lender is not obliged to justify the credit decision, unless it rejects the Loan Application on the basis of information obtained from a public database. In this case, the Lender must inform the Borrower of the results of such inquiries.

9. CONCLUSION OF LOAN AGREEMENT

9.1. If the Borrower accepts the loan offer made by the Lender, a Loan Agreement is concluded between the Lender and the Borrower via the Portal.

9.2. Prior to concluding the Loan Agreement (i.e., before the Loan Agreement becomes binding on the Borrower and the Lender), the Lender makes the information and documents that are a prerequisite for concluding the Loan Agreement (e.g., pre-contractual information, Standard European Consumer Credit Information sheet, etc.) available to the Borrower via the Portal. The relevant data and documents are available to the Borrower free of charge on the Portal at any time during the term of the Loan Agreement.

9.3. The Loan Agreement shall be deemed to be legally binding and concluded between the Lender and the Borrower as of the moment it is electronically or digitally signed or approved by both Parties.

10. RESTRICTION OF RIGHT TO USE PORTAL AND CONDUCT IN EVENT OF PAYMENT DEFAULT

10.1. The Lender has the right to restrict or cancel the right to use the Portal by the User, reject Loan Applications and, to the extent permitted by law, refuse to perform the obligations arising from the User Agreement and/or Loan Agreement and/or other agreements concluded between the Lender and the User if the User violates the User Agreement and/or Loan Agreement and/or any other agreement concluded with the Lender.

10.2. If the Borrower has entered into several Loan Agreements and the Portal Account does not have sufficient funds to satisfy the Claims that have become due (i.e., the funds transferred to the Lender are not sufficient), the Lender shall distribute the funds proportionally.

11. WITHDRAWAL FROM AND TERMINATION OF USER AGREEMENT

11.1. The User has the right to withdraw from the User Agreement without giving a reason within fourteen (14) days from the conclusion of the User Agreement by submitting via the Portal a withdrawal application in a format which can be reproduced in writing. In order to exercise the right to withdraw from the User Agreement, the withdrawal application must be submitted to the Lender before the expiry of the term specified in the Terms of Use. In order to withdraw from the User Agreement, the User must immediately, but no later than within thirty (30) days from the submission of the withdrawal application, fulfill all his/her outstanding financial obligations to the Lender under any agreement. If the User fails to fulfill his/her obligations within the term specified in the Terms of Use, it shall be deemed that the User has not withdrawn from the User Agreement.

11.2. The User may regularly cancel the User Agreement by submitting an application to the Lender via the Portal in a format which can be reproduced in writing. In this case, all the financial obligations of the User to the Lender under any agreement must be fully fulfilled in advance.

11.3. The Lender may terminate the User Agreement without prior notice on exceptional grounds and cancel or restrict access to the Portal (always under Clause 10.1.1 or 14.2 of the General Conditions, including granting the additional term specified in the General Conditions), if:

• 11.3.1. the User violates the User Agreement, other conditions established by the Lender or the concluded agreement or does not consent to the processing of his/her personal data in accordance with the Privacy Policy;
• 11.3.2. the User has implemented or implements automated means (not approved by the Lender) for the use of the Portal and for the automated collection of data from the Portal (such means may include, inter alia, data harvesting bots, spider robots, scrapers and other automated tools or programs) or if the User implements framing methods to delimit the Portal data or content or otherwise influence the Portal.

11.4. Upon termination of the User Agreement, the Lender terminates the User's access to the Portal and the Lender has no obligation to store, maintain or release to the User information related to the transactions and acts performed by the User on the Portal, unless such obligation arises from law.

11.5. Termination of the User Agreement shall not affect the validity of other agreements entered into by the User via the Portal and the validity of any created obligations.

12. FEES, COSTS, COMPENSATION

12.1. The Lender has the right to receive and the User is obliged to pay a Fee for the rendered services on the basis of the Price List, Loan Agreement and/or other agreements concluded with the Lender. The Lender's Price List is available on the Lender's Webpage.

12.2. In addition to the Fees specified in the Price List and in the agreements concluded between the Lender and the User, the User must pay all the costs of the Lender arising from any acts performed in the interest of the User and the costs relating to the recovery of the Claims which have fallen due (including legal costs, debt collection costs, court expenses, etc.).

12.3. The User shall pay all Fees and costs to the Lender via the Portal Account on the basis of the notice sent to the User on the Portal by the due date indicated in the notice, using the personalized Reference Number assigned to the User when making the payment. The User is obliged to ensure the availability of funds in his/her Portal Account on the due date. The Lender shall not be liable for any damage resulting from the use of an erroneous Reference Number, as a result of which the payment made does not reach the Lender in a timely manner.

12.4. The User is obliged to immediately notify the Lender if the payment made has not reached the User's Portal Account, as well as if an unfamiliar payment has reached the User's Portal Account. The User is prohibited from disposing of funds received on his/her Portal Account, in respect of which a third party may have a right of recovery (e.g., incorrectly made payments).

12.5. The User shall pay all Fees and costs without deductions and/or set-offs.

13. LIABILITY

13.1. The User shall be liable for:

• 13.1.1. the legality of the transactions made by him/her on the Portal;
• 13.1.2. any possible obligations in accordance with law that may arise from the conclusion or performance of the Loan Agreement via the Portal;
• 13.1.3. thoroughly examining the Terms of Use and the provisions of other agreements to be concluded between the User and the Lender. After approving the Terms of Use and other agreements the User cannot rely on the fact that he/she was not aware of or that he/she did not agree with the contents of the document;
• 13.1.4. making transactions on the Portal as a party to the transaction. The User uses the agreement forms offered on the Portal at his/her own liability and risk.

13.2. In the event of a breach of obligations, including breach of the notification obligation under Clause 5.1.6 and submission of incorrect information or failure to submit relevant information, the User shall be fully liable to the Lender or third parties for any damage caused by the breach.

13.3. The Lender shall be liable for direct patrimonial damage caused by the breach of its obligations if the breach has occurred due to intent or gross negligence. The Lender shall not be liable for any loss of income.

13.4. The Lender may restrict the User's access to the Portal for doing maintenance and repairs. The Lender shall not be liable for any potential damage resulting from the restriction of access and consequent interruptions to the services.

13.5. The Lender and the User shall not be liable for the breach of obligations if it is caused by force majeure, i.e., circumstances beyond the control of the Party (e.g. interruptions, natural forces, activities of state authorities, etc.).

13.6. Nothing in the User Agreement limits the liability in case of willful breach of obligations.

14. AMENDMENTS

14.1. The Lender has the right to unilaterally amend the Terms of Use under the conditions provided by law or if necessary:

• 14.1.1. due to changes in the legislation, standards or practices;
• 14.1.2. to develop or improve Portal services;
• 14.1.3. to take into account a decision, precept or other published position of a court or other authority or person;
• 14.1.4. to specify the circumstances relating to the provision or use of the service, inter alia, to improve user-friendliness;
• 14.1.5. in other circumstances, provided that such changes are not unfair to the User.

14.2. The Lender has the right to unilaterally amend the Terms of Use without prior notice to the User if the legislation, standards or practices governing the relationship arising from the Terms of Use change and the amendment of the Terms of Use is necessary to ensure immediate compliance with the new legislation, standards and/or practices. Such amendments shall be published on the Portal and shall take effect upon publication of the relevant notice on the Portal.

14.3. The Lender has the right to amend its Price List at its own discretion. The Lender will not notify the User of amendment of the Price List if it becomes more favorable for the User.

14.4. In cases other than those specified in Clauses 14.2 and 14.3 of the Terms of Use, the User shall be notified of amendments to the Terms of Use and/or Price List via the Portal at least thirty (30) days in advance. If the User does not agree with the amendments made by the Lender, he/she has the right to immediately terminate the User Agreement and all other agreements concluded between the Lender and the User. If the User terminates the User Agreement and all other agreements concluded between the Lender and the User, he/she must submit a relevant application to the Lender via the Portal within thirty (30) days after receiving the relevant notice and, within the same period, fulfill all his/her financial obligations arising from the agreements concluded with the Lender. For the avoidance of doubt, if the User fails to fulfill all his/her financial obligations within that period, the User shall be deemed not to have terminated the User Agreement or other agreements concluded with the Lender. The amended Terms of Use and/or Price List enter into force thirty (30) days after the publication of the notice or when the User agrees to the amended Terms of Use and/or Price List by clicking on the relevant field (e.g., box, button, etc.) upon logging into the Portal, whichever occurs earlier.

14.5. The Lender shall not notify the User of amendment of the Terms of Use if the amendment of the Terms of Use does not change the rights and obligations of the Parties (especially, for example, grammatical changes or corrections).

15. GOVERNING LAW AND DISPUTE RESOLUTION

15.1. The legislation in force in the Republic of Estonia applies to the Terms of Use, Loan Agreements and other agreements entered into between the Lender and the User.

15.2. Any disputes between the Lender and the User arising out of or in connection with the Terms of Use, Loan Agreements or other agreements concluded between the Lender and the User shall be settled by negotiations, taking into account the Procedure for Handling Consumer Complaints in force at that time and published on the Lender's Webpage. In addition, the User has the right to apply to a competent out-of-court body or to the authority supervising the Lender. A dispute that the Parties are unable to resolve through amicable negotiations within a reasonable period of time shall be settled in the competent court of the Republic of Estonia, including if the User takes up residence abroad following the entry into force of the User Agreement or if the place of residence of the User is unknown at the time of filing an action.

16. MISCELLANEOUS

16.1. In the event of insolvency of the Lender, the conclusion of new Loan Agreements is terminated immediately. Insolvency of the Lender shall not affect the validity of the Loan Agreements already concluded.

16.2. The Lender is supervised by:

• 16.2.1. The Estonian Financial Supervision and Resolution Authority (Finantsinspektsioon) (address: Sakala 4, 15030 Tallinn, email: info@fi.ee, webpage: www.fi.ee);
• 16.2.2. The Consumer Protection and Technical Regulatory Authority (address: Endla 10a, 10142 Tallinn, email: info@ttja.ee, webpage: www.ttja.ee);
• 16.2.3. Data Protection Inspectorate (address: Tatari 39, 10134 Tallinn, email: info@aki.ee, webpage: www.aki.ee).

This version of the Terms of Use was last updated as at August 17, 2022.

Introduction

All conflicts of interest that may arise in connection with Bondora's loan platform shall be identified and resolved by Bondora. We shall take all necessary measures to prevent further evolution of the conflict and the potentially resulting damage to the interests of our clients. This document describes our conflict of interest policy (the "Conflict Policy") that applies to the operation of our Portal.

We are fully committed to complying with our regulatory and legal obligations and ethical standards. All of our employees are contractually committed to complying with our Conflict Policy. Violation of the Conflict Policy may result in a penalty, including termination of the employment contract.

Signs of potential or realized conflicts of interest

A conflict of interest may arise when a member of the management board of Bondora, its employee, an employee of its affiliate or other related party provides services to Bondora's clients or independently engages in other activities that may harm the interests of Bondora's clients, such as in a situation where one of the above persons:

• could benefit financially or avoid financial loss at the expense of a Bondora's client;
• has an economic interest in the result of the service provided, which interest is different from that of a Bondora's client;
• receives any benefit for favoring a Bondora's client over another Bondora's client;
• receives any benefit (money/goods/services) from any person other than the usual commission for the service provided to Bondora's client.

Potential or realized conflicts of interest we have identified

Borrowers are charged management fee for using our platform in accordance with their Loan Agreements and other agreements.

In addition, we may pay third parties to direct clients to us, and such transactions are properly disclosed.

Employees

A conflict of interest may arise if an employee of Bondora (or a member of the employee's family) is in any way related to another party to a transaction, especially if that party is a Bondora's client. Related parties include members of the management board of Bondora's clients, persons with significant holdings and consultants. Bondora's employees are required to disclose any relationship that may influence their decisions or involve an economic interest.

Resolution and disclosure of conflicts of interest

Bondora will take all possible and reasonable steps to resolve potential conflicts of interest.

If there is a significant risk of loss to a Bondora's client, we will disclose it.

We will implement all necessary procedures, including staff training, to ensure that situations that may give rise to conflicts of interest are identified and properly addressed.

All potential conflict situations are closely monitored.

Additional information

This document will be regularly reviewed and updated as necessary. If you have any questions about this Policy, please contact us using the contact information provided on Bondora's Webpage. The terms have the same meaning as in the Bondora User Agreement, unless otherwise defined herein.

This Privacy Policy provides an overview of what personal data of the bondora.nl Portal User (hereinafter also you) the Lender (hereinafter Bondora or us) processes when providing services via the Portal, how and for which purposes it does this, and what your rights are regarding your personal data.

We follow very strict rules established for the processing of your personal data, which derives from the European Union and Estonian legislation on the protection of personal data, including the European Union General Data Protection Regulation (hereinafter General Regulation). The terms contained in this Privacy Policy have the same meaning as described in the bondora.nl Terms of Use and General Regulation.

Controller and Contact Details

The controller of your personal data is Bondora AS (Estonian register code 11483929; postal address A.H. Tammsaare tee 56, Tallinn 11316, Estonia). You can find the form required to contact us here .

Collection of Personal Data

We generally collect personal information necessary to enter into an Agreement with you and perform it. Given our field of activity, it also includes collecting various background information to fulfill our various obligations deriving from the law.

We collect personal data from the following sources:

• yourself (e.g., data submitted and shared by you); and
• third parties (e.g., public sources, state registers (such as the population and pension register), credit rating agencies, cooperation partners, and companies belonging to the same group as us).

We collect personal data from third parties that allow us to assess your creditworthiness and apply due diligence measures to prevent money laundering and terrorism financing, including to verify the information you provide to us.

We may also collect personal data automatically (e.g., the way you use the Platform, digital devices you use, and cookies) for statistical purposes.

Use of Your Personal Data

To provide services to you through the Platform, you may be required to provide our partners or us with the information necessary to provide the services. If you do not provide this information, we are not able to provide services to you. Such information is always marked accordingly.

We use your personal data for the following purposes and on legal grounds:

We do not process your special categories of personal data or data about criminal convictions and offenses.

We may also process your personal data for other purposes under your consent. The purpose of the processing and other details, in this case, is described in the consent.

If the legal basis for the processing of your personal data is our or a third party's legitimate interest, you have the right to obtain additional information and to object to such processing at any time. To do so, please contact us using the contact details mentioned above.

Automated Decisions and Profile Analysis

We use an automated process to decide whether to approve or reject your loan application. As part of our automated process, all categories of data we have collected about you for creditworthiness purposes are assessed separately (see above). The system calculates your credit rating based on the risks associated with the different data categories and the coefficients assigned to them. Based on this, you will be offered a loan on the terms you have requested or other terms (e.g., with a smaller loan amount or a different repayment term than wanted), or your application will be rejected. The purpose of creditworthiness assessment is to make fair and responsible loan decisions and fulfill our legal obligation to assess your creditworthiness before granting a loan.

In addition to automated credit assessments, we may automatically determine that there are grounds for believing that you may be committing fraud, money laundering, or terrorism financing.

Automated decisions and profiling allow us to improve the fairness of our decision-making process (reducing the potential human error, discrimination, and abuse of power), reduce the risk that you will not pay back the loan, and allow us to make decisions in less time and improve efficiency.

Automated decisions and profile analysis are necessary for concluding a loan agreement between us and are also permitted by law. Creditworthiness assessment is a largely standardized and mandatory procedure for creditors built on the applicable principles of responsible lending and based on mathematical formulas. The automated creditworthiness assessment ensures a fairer result as it eliminates the human subjective factor and treats all credit applicants equally. Using the same or a similar model manually would take a disproportionate amount of time to assess each borrower's creditworthiness and thus becomes significantly more costly for us. Our human resource needs would significantly increase if we were to ensure that the quality of service is maintained when assessing creditworthiness manually. To prevent money laundering and terrorism financing, we use automated processes for monitoring transaction data. It would not be possible to process the relevant data manually (i.e., without automated solutions) due to the large volume.

Our automated processes are regularly tested, evaluated, and inspected to ensure fairness, efficiency, and impartiality. For them to work, it is also necessary that the information you provide to us is accurate and up-to-date.

You have the right to have direct personal contact, the right to express your views, the right to be heard on a decision taken following such an assessment, and the right to challenge that decision. To do so, please contact us using the contact details mentioned above.

Transfer of Personal Data

When we process your personal data, we also transfer your personal data to our processors or third parties. Such transmission shall take place only under the following conditions:

Processors. We use carefully selected service providers (processors) to process your personal data. In doing so, we remain fully responsible for processing your personal data.

We use, among other things, the following processors: Marketing and survey service providers and tools, money laundering and terrorism financing risk mitigation searching service providers, creditworthiness assessment service providers, customer support service providers, accounting service providers, server management, and server hosting providers, IT service providers, and other companies belonging to the same group as us, who provides services to us.

If you would like more detailed information about our processors (e.g., their names and locations), please contact us using the contact details mentioned above.

Third Parties. We will only share your personal data with third parties if set out in this privacy policy if required by applicable law (e.g., if we are required to share personal data with authorities) or under your consent or order.

We may share your personal data with the following third parties:

• to perform agreements with payment service providers. In this case, the legal basis for the transfer of personal data is the performance of an agreement between us (Article 6 (1) (b) of the General Regulation);
• to assess your creditworthiness with credit agencies. In this case, the legal basis for the transfer of personal data is our legal obligation to assess your creditworthiness (Article 6 (1) (c) of the General Regulation);
• to test the quality of the creditworthiness assessment with credit assessment service providers. In this case, the legal basis for the transfer of personal data is our legitimate interest (Article 6(1)(f) of the General Regulation);
• for the purposes of our internal administration with companies belonging to the same group as us. In this case, the legal basis for the transfer of personal data is our legitimate interest in sharing the data with companies belonging to the same group as us for internal administration purposes (Article 6 (1) (f) of the General Regulation);
• for the purposes of direct marketing with companies belonging to the same group as us. In this case, the legal basis for the transfer of personal data is your consent (Article 6 (1) (a) of the General Regulation);
• to other credit and financial institutions and insurance providers to provide the service requested by the Client or to assess the reliability and risk associated with him (Article 6, subsection 1, point b of the General Regulation);
• potential or actual buyers and pledges of claims. In this case, the legal basis for the transfer of personal data is our legitimate interest in transferring the data and documents related to the claim to the buyer and/or pledgee upon assignment of the Claim (Article 6 (1) (f) of the General Regulation);
• potential or actual investors and/or creditors of the Lender. In this case, the legal basis for the transfer of personal data is our legitimate interest in transferring the data and documents related to the claim to the Creditor regarding the investor's or creditor's claim (Article 6 (1) (f) of the General Regulation);
• to fulfill our legal obligations deriving from the law with authorities and law enforcement agencies. In such a case, the legal basis for the transfer of personal data is fulfilling our legal obligation deriving from the law (Article 6 (1) (c) of the General Regulation);
• payment default registers, credit bureaus and other third parties where we are disclosing information about outstanding debts; In this case, the legal basis for the transfer of personal data is our and third parties' legitimate interest in implementing responsible lending principles; (GDPR Art. 6(1)(f)).
• to protect our rights and interests with collection agencies, attorneys, bailiffs, and other persons concerned. In this case, the legal basis for the transfer of personal data is our legitimate interest in protecting our rights and interests (Article 6 (1) (f) of the General Regulation). We will only process your personal data if we are sure that our legitimate interests do not outweigh your interests or fundamental rights and freedoms for which personal data must be protected. As we generally process your personal data only when it is essential to protect our rights and interests (i.e., if there has been a breach or a suspected breach by you), we consider it justified.
• to perform our statutory obligations with auditors. In such a case, the legal basis for the transfer of personal data is our legal obligations deriving from the law Article 6 (1) (c) of the General Regulation and the Auditors Activities Act);
• to fulfill our legal obligations deriving from the law or in the legitimate interests of us or our counterparty, if such transfer is necessary to transfer our activities or assets due to the transaction or to assess the perspectiveless of such a transaction. In this case, the legal basis for the transfer of personal data is the fulfillment of our legal obligations (Article 6 (1) (c) of the General Regulation and the Law of Obligations Act), or our or our counterparty's legitimate interest in concluding the transaction or assessing its perspectiveless (Article 6 (1) (f) of the General Regulation). We will only transfer your personal data if we are sure that our or our counterparty's legitimate interests do not outweigh your interests or fundamental rights and freedoms for which personal data must be protected.

If the legal basis for the processing of your personal data is our or a third party's legitimate interest, you will have the right to obtain additional information and to object to such processing at any time. To do so, please contact us using the contact details mentioned above.

Transfer of Personal Data Outside the European Union

In general, we do not transfer your personal data outside the European Union, but our processors and third parties, to whom we transfer the personal data, may process your personal data outside the European Union. Where necessary, the transfer will only take place if we have a legal basis for such action, including, in particular, if the recipient: (i) is located in a country that the European Commission considers having an adequate level of protection of personal data, or (ii) is acting under an agreement that meets the requirements of the European Union for the transfer of personal data to processors outside the European Union.

If you would like more detailed information about the transfer of your personal data outside the European Union (e.g., the names of the recipients and the legal basis for the transfer), please contact us using the contact details mentioned above.

Retention of Personal Data

We retain your personal data for as long as we are required by law to do so. (e.g., under the Creditors and Credit Intermediaries Act , we must retain all information and documents relating to the providing and servicing of credit for the duration of our legal relationship and three years after that; under the Money Laundering and Terrorist Financing Prevention Act, we must retain your personal data and various documents five years after the end of the business relationship with you; under the Accounting Act we must retain accounting source documents seven years from the end of the respective financial year) or until we have a legitimate interest in doing so (e.g., until the limitation period of the claims to protect our interests and rights).

Security of Personal Data

We ensure that users' personal data is only available to such employees who, due to their duties, need to have access to such data. All Bondora employees are required to maintain the confidentiality of the data and may not share the information with third parties, except for the purposes set forth above.

Personal data is stored and archived on a secure server that only a few people have access to. Security is guaranteed by strict privacy standards met by conscientious third-party partners.

We use several Internet security measures to ensure the secure processing, transmission, and archiving of personal data.

The servers are located in a data center in Frankfurt, Germany, and is operated by Telehouse, one of the world's 200 leading companies. A separate agreement has been concluded with Virtion GmbH for server management. These companies allow us to offer better availability and growth potential of our IT resources and greater flexibility.

All their activities comply with a number of standards, including ISO 27001:2005 (Information security management systems), BS25999-2:2007 (Business continuity management), PCI-DSS (Payment card industry), ISO 9001:2008 (quality standards), and ISO 14001:2004 (Environmental management system standard).

Companies have established round-the-clock physical and virtual surveillance of the system. All data center movements are monitored by short-range card readers and infrared sensors that detect unauthorized persons. In Bondora, security breaches are detected, monitored, and repelled by software and hardware security walls.

Your Rights

You have all the rights of the data subject with regard to your personal data to the extent required by the applicable data protection legislation, including:

• the right to receive relevant information on the processing of personal data;
• the right to receive confirmation whether personal data is being processed;
• the right to receive a copy of personal data;
• the right to request that we rectify inaccurate personal data or supplement incomplete personal data;
• the right to request deletionof personal data if: (i) the personal data is no longer necessary for the purpose for which it was collected or otherwise processed; (ii) you withdraw your consent for processing your personal data, and there is no other legal basis for processing the personal data; (iii) you object to the processing of personal data, and there are no overriding legitimate reasons for the processing; (iv) you object to the processing of your personal data for direct marketing purposes; (v) personal data has been processed unlawfully; or (vi) personal data must be deleted to fulfill our legal obligation deriving from the law. Notwithstanding the preceding, you do not have the right to request the deletion of personal data if the processing is necessary: (a) to fulfill an obligation under our law; or (b) to formulate, file, or defend legal Claims;
• the right to request a restrictionon the processing of personal data if: (i) you challenge the accuracy of the personal data for a period of time that allows us to verify the accuracy of the personal data; (ii) the processing of personal data is unlawful, whereas you do not request the deletion of personal data, but the restriction of use; (iii) we no longer need personal data for processing purposes, but they are necessary for you to make, file or defend legal claims; or (iv) you have objected to the processing of your personal data while we check that our legitimate reasons outweigh your reasons. If the processing of personal data is restricted, we may nevertheless process it: (a) with your consent; (b) to formulate, file , or defend legal claims; (c) to protect the rights of another natural or legal person; or (d) in the overriding public interest;
• the right to portability the data, i.e., the right to receive personal data that you have provided to us in a structured, publicly available format and machine-readable form, and the right to transfer this data to another controller if: (i) the processing is with your consent or for contract or performance purposes; and (ii) processed automatically. If technically feasible, you have the right to request that we transfer the data directly to another controller. In exercising your right, we cannot infringe on the rights and freedoms of others;
• the right to object at any time to the processing of personal data in the legitimate interest of us or a third party, depending on our specific situation. In such a case, we will not further process personal data unless we prove that the processing is for a valid legitimate reason that outweighs your interests, rights, and freedoms or to make, file, or defend legal claims. If your objection concerns the processing of your personal data for the purposes of direct marketing, we do not have the right to process your personal data further;
• the right to withdraw consent at any time. To do so, you may contact us using the contact details mentioned above or use other options described in obtaining consent.

To exercise your rights, please contact us using the contact details mentioned above. We will respond to your request within one month at the latest. In some instances (taking into account the complexity and number of the requests), we have the right to extend the due date for replying by two months. In this case, we will notify you.

If you believe that your rights have been violated, please contact our Data Protection Officer via dpo@bondora.com immediately to resolve the situation. However, you have the right to complain to the Member State's supervisory authority where you have your permanent residence or place of work, or to the Data Protection Inspectorate ( www.aki.ee; info@aki.ee; Tatari 39, 10134 Tallinn).

Cookies

We use cookies, which are small text files that a website server stores on your hard drive. This allows us to collect certain information from your web browser. You can find more information on our cookie policy here.

Links to Third-Party Websites

Links to third-party websites from the Platform or any other Bondora website, or vice versa, are only quick links to services or topics useful to our Platform users. Please note that third party websites may have different privacy policies and/or security standards, which we recommend you review.

Amendments to the Privacy Policy

Suppose our personal data processing practices are changed, or we need to amend this Privacy Policy due to applicable law, judicial or competent supervisory authorities' practices, or competent supervisory authorities' guidelines, we have the right to change this Privacy Policy at any time unilaterally. In this case, we will notify you via the Portal or email at a reasonable time before the changes take effect.

Applicable Law

As Bondora is a company registered in the Republic of Estonia, Estonian law applies to the processing of your personal data.

This Privacy Policy was last updated as at September 27, 2023.

What is a cookie?

A cookie is a small morsel of text that a website asks your browser to store. All cookies have expiration dates in them that determine how long they stay in your browser. Cookies can be removed in two ways: automatically, when they expire, or when you manually delete them. We've included more details below to help you understand what kinds of cookies we use.

Please remember that by deleting existing cookies or disabling future cookies you may not be able to access certain areas or features of our website.

What cookies does Bondora use?

We use cookies across our website to improve the performance and enhance the user experience. Please be advised that when you visit our website you agree that we use the following cookies:

• Essential cookies that are only set or retrieved by the website while you are visiting which allow us to identify you as a subscriber and ensure that you can access the subscription only pages. We can ensure that no one is making changes to your profile, applying for loans or making loans on your behalf.
• Functionality cookies are used to allow us to remember your preferences on the website, such as language or username to customize your user experience.
• Performance cookies allow us to collect information how you use the website. All of the information collected is anonymous and is only used to help us improve the way our website works and measure the effectiveness of our advertising campaigns.
• Third party cookies are behaviorally targeted advertising cookies (e.g. Google Analytics) that allow us to record pages that are visited and the links that are followed. The information collected is non-identified.
• Secure cookies are used to ensure that any data in the cookie will be encrypted as it passes between the website and the browser. It helps us to protect the security of your account.

How to change cookies settings?

In case you want to change your preferences about the cookies that we use, please change your browser settings. For more information you may wish to visit http://www.aboutcookies.org/

We want you to be happy with the services Bondora provides. However, if this is not the case and you are dissatisfied with the service requested by or provided to you, or its terms and conditions or quality, we want to know about it. Before filing a complaint, please review the Complaints procedure laid out below, so we can process your complaint as quickly and efficiently as possible.

How do I file a complaint?

Bondora's customer service is 100% digital. This means we can handle and solve complaints quickly and securely. You can file a complaint with Bondora by using the form under the "FAQ " section on Bondora's website.

What information should I provide in my complaint?

You must provide all the relevant facts so we can solve your complaint as efficiently as possible. Please describe and explain the basis of your complaint in as much detail as possible. You should also state the claim or request you want Bondora to settle.

Please include any relevant documents in your complaint if they are not easily available to Bondora.

If your representative files a complaint in your name, please attach a document that certifies their right of representation. This document must be signed in a digital format.

How does Bondora process complaints?

Bondora treats all customers with respect and without prejudice. We will establish your complaint's specific circumstances and analyze the problem to the core to settle it in the best way possible. If necessary, we may ask you for additional information or documents related to the complaint.

If the arguments in your complaint are justified, we will quickly restore any wrongdoings or propose another solution acceptable to you. But if we do not partly or wholly agree with your complaint, we will justify our decision in our reply to you.

When can I expect a reply?

We will email you an automatic notification when we receive your complaint (Usually within one business day).

Generally, we settle complaints within five business days after receiving it, but it may take up to 15 days. If we can't settle your complaint within 15 days, we will inform you why it's taking longer and set a new date when you can expect a reply.

What should I do if I'm not happy with the proposed solution?

We will do our best to provide the best solution for your complaint. But if you are unhappy with our suggestion, you are welcome to contact us again and contest our decision.

If you are still unhappy with our solution, you can protect your rights by contacting the following authorities:

• Consumer Protection and Technical Regulatory Authority (www.ttja.ee, address: Endla 10a, 10142 Tallinn; email: info@ttja.ee; phone number: 620 1707)
• Financial Supervision and Resolution Authority (www.fi.ee, address: Sakala 4, 15030 Tallinn; email: info@fi.ee; phone number: 668 0500)
• Court (www.kohus.ee, contact details according to jurisdiction)
• Consumer Disputes Committee (www.komisjon.ee, address: Endla 10A, 10142 Tallinn; email: avaldus@komisjon.ee; phone number: 620 1707). Complaints arising from distance contracts can also be filed with the Consumer Disputes Committee through an online dispute resolution environment at the address http://ec.europa.eu/odr
• Data Protection Inspectorate (complaints related to personal data, www.aki.ee; address: Tatari 39, 10134 Tallinn; email: info@aki.ee; phone number: 627 4135)
• Dutch Data Protection Authority (https://autoriteitpersoonsgegevens.nl; address: Hoge Nieuwstraat 8, 2514 EL Den Haag; portal to file a complaint: https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/gebruik-uw-privacyrechten/klacht-melden-bij-de-ap; phone number: 070-8888 500)

Pre-contractual information is available here.

B Secure terms are available here.

B Secure+ terms are available here.