Section 19 of the Personal Data Protection Act provides for the right of the data subject to receive information from the personal data controller concerning him/her, including information for what purpose personal data is processed, to whom the data can be transferred, etc. Similar rights of the data subject arise from the European General Personal Data Regulation (EU 2016/679) which enters into force on 25 May 2018.

Monestro provides this information to data subjects in the following manner:

· General information related to the processing of personal data is published in the Monestro Privacy and Cookie Policy and also in the List of Authorised Data Processors (available at www.monestro.com);

· As a registered user of the portal you are able to receive information on processing of your personal data electronically in the portal’s online self-service, where necessary information security measures are in place to protect your data. After log-in to the self-service, you can access all of your personal data, including the data and documents related to the loans you have provided or applied for in the portal, as well as to download the data and documents on your own device at no charge.

As a rule, Monestro does not provide information on personal data by any other means (e-mail, ordinary mail, etc.), in order to ensure the security of your personal data and to protect it from accidental or malicious leakage to unauthorized persons.

If you are not a registered user of the portal, but just a visitor of Monestro’s website, then your personal data is not processed by Monestro in a way that would allow personalisation.