Confidentiality Policy

This confidentiality policy (“policy”) governs processing of information by FCMlab OÜ, registered as Private limited company (PLC) on 14.02.2019 under number 14662130 at Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Randla tn 13-201, 10315 (“FCMLab”, “we”, “us”, “by us”), including personal data relating to data subjects (“you”, “user”, “client”, “partner”) of the company’s website (the “website”), mobile application (the “App”) and other functionalities and services we provide, including, but not limited to, wallet and prepaid card services (hereinafter collectively referred to as the “Service”). This policy applies to the website, application, all products and services offered by the company.

Information we may process, legal basis and purposes of processing

Personal data

We may process users’ personal information in a number of ways, including when users visit our website, use the app or any of our services, register on the website, fill out any form, provide information for anti-money laundering procedures, or take any action that is expressly provided for by the features of the website or the app.

We may collect information about you from third-party sources such as public databases, credit bureaus, identity verification agents, resellers and partners, joint marketing partners and social media platforms for identity verification. We receive information from third parties in order to comply with legal obligations, such as anti-money laundering laws, and to fulfill contractual obligations.

From time to time, we may process these and additional types of user data to ensure that our services are not used fraudulently or for the purpose of performing any illegal activity. In such cases, we may ask you to provide additional documents or information if it is necessary to comply with our legal obligations and other legitimate interests, such as fraud prevention, money laundering and counter-terrorism.

Users can always refuse to provide personal identification information. However, this may prevent them from using certain services or carrying out related activities. Thus, in some cases, we will be unable to provide services to you if you do not provide us with your personal identification information in connection with the requirements of anti-money laundering laws and other legal acts.

Automatically collected information

We may collect information about users when they interact with our services, e.g. through cookies. Such information may include browser name, computer type and technical information about users, parameters for access to our website, such as IP-address, location, connection date and time, operating system used and Internet service providers, and other similar information.

Web browser cookies

Our website may use cookies to improve user experience. The user’s web browser places cookies on their hard drive to keep records and sometimes to track information about them. User can configure his/her web browser to disable cookies or to warn him/her about the use of such cookie files. Please, note that in this case, some website modules may not work properly or may not be available at all. Full details of how our website may use cookies are included in our Cookies Policy.

How we use information

We process the above information on the basis of the following legal grounds:

  • When it is necessary to conclude a contract with you for the provision of our services;

  • When it is necessary to comply with our legal obligations in different jurisdictions with respect to the provision of financial services, as provided in accounting, tax and other legislation, as well as to prevent criminal activity, fraud and money laundering;

  • Where it is necessary to protect our legitimate interests in order to prevent fraud, money laundering or unauthorized use of your account, as well as to analyze the activity of your account, to be able to provide you with adequate and reliable services and to offer you the best possible options suitable for your needs;

  • If we have obtained your express consent as required by the applicable law;

As well as for the following purposes:

  • To identify you as a customer and to distinguish you from other users of our service;

  • To be able to provide you with a functional, safe, efficient and personalized service at all times;

  • To improve and develop our service;

  • To prevent losses and fraud;

  • To comply with legal and regulatory requirements, including anti-money laundering (AML) and Know Your Customer (KYC) requirements;

  • To provide you with customer and technical support;

  • To inform you of our offers, special offers, products and other marketing activities when we have received your consent.

We may also process personal data, including your email address and mobile phone number, to send you updates and notifications about the company’s services, newsletters, marketing communications and other notices, if we have your express consent lawfully obtained in one way or another. You can change your preferences later and opt out of receiving such notifications at any time by simply clicking on the link which is placed in each email from FCMLab or through your email client settings.

We will ask for user’s consent before processing the above information for other purposes. When such consents are collected, we inform the data subject of the relevant processing purposes, and such processing is carried out only subject to receipt of the relevant consent.

How long we store information

We store information we collect as long as necessary to fulfill our contractual obligations to provide you with products and services. If you opt to delete your account, do not use the services or decide to terminate your agreement with us, we will retain your data and information on your transactions for three years after the deletion of your account in accordance with the requirements of anti-money laundering laws and other legal acts. However, information may be retained, in full or in part, for a longer or a shorter period of time if it is required by applicable law or if there are other compelling reasons for storage or deletion of such data.

Please note that the retention period may vary depending on legal and regulatory requirements.

How we share the information we collect.

Sometimes it is necessary to transfer personal data which we store and process to third parties. Where there are legal requirements or where necessary, we may share information with authorities, other group companies for internal administrative purposes, companies which the group of companies cooperates with or other third parties, such as third-party service providers used in connection with our services (e.g., various analytical services and financial institutions with which we cooperate to jointly create and offer the best product). Legal basis for data transfer is execution of the contract between the company and the data subject, as well as our legitimate interests and legal obligations.

We may share information we collect with:

  • Credit history agencies;

  • KYC providers;

  • Debt collection and tracking agencies, and other companies in the same group of companies;

  • (Analytical, financial, etc.) service providers and consumers;

  • Government agencies and other recipients to comply with the applicable laws;

  • Courts and tribunals.

How we store and protect the information we collect

We use the appropriate data collection, storage and processing methods and security measures to protect your personal data, username, password, information on transactions and data stored on our website against unauthorized access, alteration, disclosure or destruction. We use encryption to protect information and to provide access to information to our employees and third parties only when they need to process the above information and subject to the existence of reasonable grounds.

However, transmission of such data via the Internet using personal computers or mobile devices is not completely safe. Thus, we cannot guarantee the absolute safety of documents. Any transfer of such documents must be carried out by data subject who fully observes the precautions and understands the risk arising from such transfer. Once we receive your information, we apply the most stringent security measures and procedures to avoid unauthorized access by third parties.

User rights

You have the right to familiarize with the stored data about you and if you believe that this data is inaccurate or incomplete, you can contact us to update the data.

If you believe that the data we hold about you is inaccurate or that we no longer have the right to use it and wish to request its correction, deletion or wish to object to its processing, please contact us and express your requirements in writing.

Please, note that the above is governed by the relevant data protection law. You can exercise the above rights by sending a request to the e-mail address specified in the “Contacts” section. Please, provide us with your account login in your application and we will respond to you shortly for further discussion.

If the processing is based on your consent, you have the right to withdraw such consent at any time. However, we may continue to process information if we have reasonable legal grounds to do so.

We do not store outdated or deleted information if there is no legal basis for such storage.

Changes in the policy

FCMLab may update this confidentiality policy at any time in its sole discretion. In this case, we update the revision date in the document header. We may also post notices on the home page of our website and notify you by other available means (e.g., by email). We encourage users to regularly check the page for changes. You acknowledge and agree that you are required to review this confidentiality policy from time to time and to learn about any changes in it.

What if I don’t want to accept the policy?

By using our Services, you confirm that we process data in the ways described in the policy. If you do not agree with this policy, please, do not use our services. Your continued use of the services upon publication of changes to this policy will be deemed as your acceptance of such changes.

If you have already registered an account on the website but do not agree with the policy, you should not continue to use your account. You can learn how to terminate or delete your account by contacting the company’s specialists using one of the ways specified in the “Contacts” section.

Contact information

If you have any questions about this policy or if you wish to exercise any of your rights, please contact our staff member at

If you are concerned about how we process your personal data, you have the right to file a complaint in accordance with the procedure established by the applicable law.