.: Self-service :.

Terms of use

1.Terms used

1.1. GS Core – OÜ GS Core, registration number 16183586, legal address: Jõe 2a, Tallinn, 10151, customer service phone number 6047777, e-mail address:[email protected].

1.2. Environment - GS Core self-service environment https://GSCore.ee,

which allows the user to:

check if there are active claims in the GS Core database;
review your claims and their status;
monitor the payment schedule and make payments;
update and correct your contact details.

1.3. Authentication - an electronic process during which the electronic identification service provider checks the electronic personal data of a natural person to ensure the electronic identification of that person;

1.4. Means of electronic identification - tangible and intangible elements that contain a person's electronic identification data and are used for identification in electronic services;

1.5. User - any person who visits or uses the self-service environment in accordance with these terms.

2. General information

2.1. The portal is managed by GS Core.

2.2. The environment is a self-service system where the User can identify himself, check whether there are active claims in the GS Core database, review their statuses, monitor the payment schedule and make payments, update and correct his contact information.

2.3. These rules determine the conditions and limitations of using the environment and the information available on it and are binding on all Users. GS Core reserves the right to change or issue new Terms of Use at any time, and such changes shall be effective upon posting.

2.4. The environment is owned by GS Core. All information contained in the environment (including design, texts and software code) is the property of GS Core, unless it contains references to other sources and owners, and its use is permitted only according to its purpose and conditions. Unless otherwise noted, all copyrights and information and content posted belong to GS Core.

You can pay securely using the following payment methods:

• Estonian bank payments: Swedbank, SEB, Luminor, LHV, Coop Pank, Citadele, Pocopay

• Visa/Mastercard card payments NB! After paying by bank link, click the "Back to the merchant" button on the bank's page.

Maksekeskus AS mediates payments. Payment is made outside the environment of OÜ GS Core in a secure environment - when paying with a bank link, in the protected environment of the respective bank, and in the safe environment of Maksekeskus AS when paying with a credit card. The OÜ GS Core cannot access the customer's bank and credit card data. The contract enters into force from the receipt of the amount to be paid to OÜ GS Core current account.

The website's owner is the responsible personal data processor and forwards the personal data necessary for making payments to the authorized processor Maksekeskus AS.

3. Obligations and rights of the portal user:

3.1. The user undertakes:

3.1.1. keep safe and not disclose information about the User's identification means to third parties and prevent third parties from finding out about it;

3.1.2. update his personal contact information, including:

3.1.2.1. enter only true data;

3.1.2.2. update outdated data;

3.1.3. not to perform actions that would be contrary to the security, stability and speed of the environment;

3.2. It is the responsibility of the User to choose secure Internet service providers, including those Wi-Fi access points, which ensure the security of the User's data and do not pose a risk of third parties accessing the data without reason.

3.3. The user is responsible for all actions performed using his identification means, incl. for damage caused to GS Core if it was caused by the user's intent, negligence and/or carelessness of the user.

3.4. In case of confusion, the user has the right to contact the administrator of the environment by sending a question to e-mail [email protected].

4. Duties and rights of the environmental manager:

4.1. GS Core:

4.1.1. gives the User access to the environment using bank authentication tools available in the environment.

4.1.2. has the right to set restrictions on the technological solutions (versions of access protocols, operating systems and browsers) with which the given service can be used in order to ensure the safe use and availability of the service.

4.1.3. has the right to unilaterally determine the selection of services available in the environment and the procedure for their provision, to change it at any time, as well as to change these terms and conditions, the functional and visual solution of the environment, by publishing the corresponding changes on the website. https://GSCore.ee

4.1.4. is not responsible for damages that occur to the User when a third party connects and/or uses the environment using the electronic means of identification available to the User.

4.1.5. may limit or terminate the User's access to the environment if the User violates the terms of use or the laws in force in the Republic of Estonia or there is a reasonable suspicion of this.

4.1.6. is not responsible for damages or malfunctions in the operation of the environment, if they are caused by damage or malfunction of the User's equipment, use of unsuitable or unlicensed equipment or software, or interruption of the power supply.

4.2. Using the services available in the environment, incl. when visiting it, the processing of the User's personal data is carried out with the aim of providing the User with the relevant service before the corresponding User is identified, in order to avoid the disclosure of information, including personal data, to a third party (a person who does not have the right to receive the relevant information/personal data). Information about the processing and protection of personal data is given to the User in the privacy policy of the GS Core environment.

5. Final questions

5.1. The terms of use of the environment come into force upon the start of the use of the environment and are valid for the entire period of use of the environment.

5.2. All disputes arising between GS Core and the User in connection with these terms and conditions shall be resolved through mutual negotiations. If disputes cannot be resolved through negotiations, they will be resolved in accordance with the legislation in force in the Republic of Estonia.

Privacy policy

The purpose of OÜ GS Core's self-service environment privacy policy (hereinafter Privacy Policy) is to provide the user of OÜ GS Core's self-service environment with information about the purpose, scope, protection, processing time and rights of the data subject when collecting and processing data.

Manager and his contact details

The administrator of personal data processing is OÜ GS Core (hereinafter - GS Core), reg. Nr. 16183586, legal address: Jõe 2a, Tallinn, 10151.
OÜ GS Core's data protection specialist can be contacted by writing to the e-mail address: [email protected] or by sending a letter to the registered address of OÜ GS Core.

Scope of the Privacy Policy

The privacy policy applies to the processing of personal data in the customer environment.
Personal data is any information related to an identified or identifiable natural person (hereinafter - data subject). An identifiable natural person is a person who can be directly or indirectly identified on the basis of, for example, name, surname, personal identification number. The categories of data processed in the customer's self-service environment and examples of processed data are available in the section "Categories of data processed in the customer's environment" of the privacy policy.

OÜ GS Core ensures privacy and personal data protection of data subjects when processing personal data, respects the data subject's right to the legality of personal data processing in accordance with Regulation 2016/679 of the European Parliament and the Council of April 27. 2016 on the protection of natural persons in the processing of personal data and the free circulation of such data (hereinafter - the regulation) and on the basis of other valid legislation that ensures the protection of personal data.

Additional specific rules may be established for specific types of data processing (for example, cookie processing), which the data subject will be informed about at the time of transmission of the relevant personal data to OÜ GS Core.

Categories of data processed in the customer environment

Nr.	Data category	Näited
1.	Personal identification data	Name, surname, personal code
2.	Personal contact information	Telephone, e-mail address, actual residential address, stated residential address
3.	Data on the person's active duties	Claim No., Claim Type, current creditor information, original creditor information, claim status information, liability type information, balance information.
4.	Personal payment schedule information	Payment date, payment amount, status.
5.	Billing data	bank account number, claim number, personal identification number, payment amount, payment history.
6.	Contacts	Attached data, correspondence history and content, e-mail address.

Purposes of personal data processing

OÜ GS Core personal data processing purposes:

debt collection;
identification of the data subject;
location;
communication;
review and processing of objections;
ensuring service quality;
auditing, planning, accounting and analysis of business activities;
preparation of business activity reports;
fraud prevention and detection;
fulfillment of law enforcement requests.

For other specific purposes of which the data subject is informed at the time of submission of his/her respective personal data

Legal basis for personal data processing

OÜ GS Core processes the data subject's personal data at the customer portal on the following legal bases:

the data subject has given his consent to the processing of his personal data;
for the conclusion and performance of the contract;
to comply with normative acts (legal obligation) - OÜ GS Core to fulfill obligations determined by normative acts;
for legitimate interests - to realize the legitimate interests of OÜ GS Core arising from legal relationships.

The legitimate and legal interests of OÜ GS Core are:

to carry out business activities in accordance with legislative acts;
to perform and to provide debt collection services;
to manage location data;
to check the identity of the data subject;
to ensure the fulfillment of legal relationships and contractual obligations;
to store information collected in the course of business over the time;
to design and to develop services;
to ensure and to improve the quality of services;
to monitor and to prevent illegal activities, incl. fraud;
to apply to law enforcement bodies and courts for the protection of violated or contested rights or legal interests;
to ensure OÜ GS Core management, financial and business accounting and analysis;
to inform the parent company about the main activities of OÜ GS Core

Processing of personal data

OÜ GS Core processes the personal data of the data subject in the client environment using the possibilities of modern technologies, taking into account the existing privacy risks and the organizational, financial and technical resources reasonably available to OÜ GS Core.

OÜ GS Core's customer environment does not make automated decisions about the data subject, when such decisions are made, the data subject is informed separately about the operations of OÜ GS Core in accordance with the regulation. The customer may object to the adoption of automated decisions in accordance with the regulation, but being informed that in certain cases this may limit the right of the data subject to use the capabilities of the customer environment.

To ensure the functioning of the customer environment, to provide business activities, etc. in order to carry out the processes, OÜ GS Core, by concluding a written contract or other legislation in accordance with the legislation of the European Union or a member state, may involve Marginalen Group companies or other cooperation partners (processors) to provide the necessary services, for example for the operation of the customer environment, ensuring that the processors follow and apply relevant technical and organizational measures to ensure the protection of personal data and the fulfillment of the applicable requirements for the protection of data subjects of the regulation.

OÜ GS Core may disclose personal data to third parties (independent controllers) in the following cases:

data processing is defined in the normative acts applicable to OÜ GS Core;
with the consent of the data subject;
the publication of data is necessary to protect OÜ GS Core's violated or contested rights or legal interests.

Protection of personal data

OÜ GS Core protects the data subject's personal data using modern technological possibilities, taking into account existing privacy risks and available organizational, financial and technical resources, including using the following security measures:

data encryption during data transmission (SSL encryption);
firewall;
programs that detect and exclude unauthorized entry;
other protective measures according to current technical possibilities.

Duration of storage of personal data

OÜ GS Core stores and processes the data subject's personal data in the customer portal until at least one of the following criteria is met:

OÜ GS Core or the data subject can exercise their legitimate interests (for example, submit objections or go to court if the statute of limitations has not expired);
the data is used for its intended purpose;
there is a legal obligation to store personal data;
as long as the data subject's consent to the processing of personal data is valid, if there is no other legal basis for data processing.

After the termination of the circumstances specified in this paragraph, the personal data of the data subject will be deleted. Audit notes are kept for no longer than one year from the date of their completion in accordance with the regulations.

Rights of the data subject

Right to information. At the request of the data subject, OÜ GS Core provides concise, transparent and understandable information about the processing of personal data, using clear and simple language.

Right to rectification of data. On the basis of a justified request of the data subject, OÜ GS Core ensures the correction of the personal data of the data subject if they are insufficient, incomplete or incorrect.

Right to data portability.OÜ GS Core gives the data subject the opportunity to receive his personal data, which the data subject has provided and which is processed on the basis of consent and fulfillment of the contract, in written form or in some commonly used electronic format.

The right to erasure (the right to be "forgotten"). The data subject has the right to demand the deletion of personal data if the data subject has withdrawn his consent to the processing of personal data and there is no other legal basis for processing the data, if the data subject has objected to the processing of personal data and after a reassessment of the legitimate interests, OÜ GS Core acknowledges that there is no legal basis for processing the data, the personal data will be deleted in accordance with the requirements of normative acts.

Right to restrict processing. The data subject has the right to request a temporary restriction of personal data processing in accordance with normative acts, incl. in cases where the data subject has found inaccuracies in his personal data and OÜ GS Core needs time to check the correctness of the data.

The right objects. The data subject has the right to object to the processing of his personal data if the processing is related to profiling for direct marketing purposes or is based on the legitimate interests of the data controller and the data subject questions this legal basis.

The right to automated individual decision-making. The data subject has the right not to be subjected to fully automated decision-making, including profiling, if such decision-making has legal consequences or significantly affects him.

The right to receive information about a breach of personal data protection.OÜ GS Core immediately informs the data subject of a data protection violation detected during the processing of personal data, if the violation may pose a major threat to the data subject's rights and freedoms.

The customer's consent to data processing and the right to withdraw it

The data subject has the right to withdraw the consent given for data processing at any time by notifying OÜ GS Core'I electronically to [email protected], submitting a digitally signed application or sending a handwritten application to the legal address: Jõe 2a, Tallinn, 10151.

The withdrawal of consent does not affect the data processing carried out during the validity of the data subject's consent.

Withdrawal of consent does not stop data processing that takes place on other legal bases.

Access to personal data

The customer can exercise the right of access by submitting a digitally signed application to the e-mail address[email protected],or by sending a handwritten submission to the registred address: Jõe 2a, Tallinn, 10151.

After receiving the request, it will be evaluated and an answer will be given in accordance with the legislation. The reply will be sent by registered mail.

In case of objection, OÜ GS Core will take all reasonable measures to resolve it. If this fails, the data subject has the right to contact the supervisory authority - Data Protection Inspectorate, contact details can be found here:https://www.aki.ee/et/inspektsioon-kontaktid/tootajate-kontaktid .