PRIVACY STATEMENT & POLICY

PERSONAL DATA

As a result of the European Union’s General Data Protection Regulation (“GDPR”) as enacted in Austria and the EU (as amended) and the enabling regulations, “Personal Data” is any information relating to an identified or identifiable living individual by reference to an identifier such as a name, an identification number, location data or an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.

DATA CONTROLLER and PROCESSOR

A Data Controller is defined as the individual or legal person who controls and is responsible for keeping and using personal data in paper or electronic files.

A Data Processor means any person who processes personal data on behalf of the controller (other than a person who is an employee of the controller).

Avyana is the Data Controller, as defined by relevant data protection laws and regulation.

LAWFUL PROCESSING

Processing is broadly defined to include obtaining, recording, holding, using, disclosing or erasing data.

The necessary conditions for lawful processing are set out in Article 6 of the GDPR, and the relevant Austrian legislation.

One or more of the following six conditions must apply, each and every time personal data is to be processed:

1. The processing has been done with the “freely given, specific, informed and unambiguous” consent of the data subject for one or more specific purposes. In this instance, you will have given Avyana your informed consent for your personal data to be processed for a specific purpose.
2. It is necessary for entering or the performance of a contract to which the data subject is party. In this instance, the processing is necessary for a contract you have with Avyana, or Avyana has asked you to take specific steps before entering into a contract.
3. It is necessary for compliance with a legal obligation to which the controller is subject. This would mean that the processing is necessary for Avyana to comply with the law; though not including contractual obligations, which are dealt with at paragraph 2, above.
4. Is necessary for protecting the vital interests of the data. This would occur where processing is necessary to protect your vital interests, such as your life.
5. Is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data is disclosed.
6. Is necessary for the purposes of the legitimate interests pursued by the controller or a third party except where those interests are overridden by the interests or fundamental rights and freedoms of the data. In such circumstances, the processing is necessary for Avyana’s legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.

THE PERSONAL DATA THAT CAN BE COLLECTED

We may collect and process various types of personal data about you including, but not limited to: Personal information, such as name and address, telephone number, passport number, email and Internet Protocol address; your password for password protected platforms or services used by us; gender and family details; employment and education and training data; information collected from publicly available resources, integrity data bases and credit agencies; financial information, including bank details; criminal record checks, contractual information (for example, goods and services provided to or by you, as the data subject) and information about relevant and significant litigation or other legal proceedings brought by or against you or a third party related to you (corporate or individual) and any relevant connection with you.

HOW WE OBTAIN YOUR PERSONAL DATA

We may collect personal data about you in a number of circumstances, including (but not limited to) when your firm, company or organisation:

1. seeks funding for your firm, company or organisation;
2. are a party to a litigation case being considered for funding, or are funded, by Avyana;
3. are a guarantor of any application being considered for funding, or is funded, by Avyana;
4. browse, make an enquiry or otherwise interact with us, on our website;
5. attend any Avyana conference or seminar;
6. sign up to receive any information from Avyana;
7. offer to provide services to Avyana.

In some circumstances, we may collect personal data about you from a third-party source. For example, we may collect personal data from your firm, company or organisation, other firms, companies or organisations with whom you have dealings, government agencies, credit reporting agencies, and an information or service provider or from publicly available records.

WHY WE COLLECT PERSONAL DATA

The information we collect helps us to better understand your needs and requirements and provide you with a better service, in particular for the following reasons:

1. to inform decisions about future business strategies;
2. to advise and inform funding decisions;
3. to assist in managing funding;
4. for internal record keeping;
5. to generally improve our products and services;
6. to meet our regulatory and legal obligations, such as knowing you as our client or potential client (including as a partner, director, employee or other representative of our client), GDPR, anti-money laundering and fraud prevention;
7. to send emails, texts and letters to you about our products/services, events or other information which we think you may find interesting, using the contact details you will have provided to us.  You can change your mind on how you receive these messages or choose to stop receiving them at any time.  Even if you tell us to not use a particular method of communication, we will continue to use your other contact details to provide you with important information about our funding and or we need to tell you something to comply with our regulatory obligations.

THE PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

We may use your personal data for the following purposes only (“Permitted Purposes”):

1. to evaluate, supervise and manage our funding of your firm, company or organisation and any litigation cases;
2. to evaluate and manage our funding;
3. to aid in managing our investor relationships;
4. to provide any services requested by you or your firm, company or organisation;
5. to manage and administer your or your firm’s, company’s or organisation’s business relationship with Avyana, including administering payments, accounting, auditing, invoicing, compliance and all collection and necessary support services;
6. to comply with investigation and screening or recording obligations (e.g. anti-money laundering, fraud and crime prevention purposes), which may include automated checks of personal data or other information you provide about your identity against applicable sanction lists, whilst conducting business;
7. to analyse and improve our services and communications;
8. to protect the security of, and administer access to, our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious or wrongful activities;
9. to identify persons authorised to instruct Avyana and sign any relevant documentation;
10. compliance with our legal and regulatory obligations and requests, domestically and anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
11. compliance with court orders and applications and/or so as to uphold or defend our legal obligations and rights;
12. keeping you up to date on the latest announcements, events and other new information which we feel might be of interest to you;
13. any customer surveys and marketing campaigns or other promotional activities or events;
14. collecting information about your preferences to create a user profile to personalise our communication and interaction with you.

YOUR RIGHTS WHICH ARISE IN RESPECT OF YOUR PERSONAL DATA

1. The right to request subject access. You, as the data subject, shall have the right to obtain from us, as the data controller, confirmation as to whether or not personal data concerning you is being processed. Where such data is being processed, you have the right to be provided with the following information:
   1. The purposes of the processing.
   2. The categories of personal data concerned.
   3. The recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations.
   4. Where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period.
   5. The existence of the right to request from us, as the data controller, rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing.
   6. The right to lodge a complaint.
   7. Where the personal data is not collected from you, the data subject, any available information as to its source.
   8. The existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you as the data subject.
2. The right to rectification. This is the right to accuracy. This means that you will be able to request us, as the controller, to correct inaccurate personal data, and to obtain completion of incomplete personal data.
3. The right to erasure or right to be forgotten. We, as the controller, shall communicate any rectification or erasure of personal data carried out in accordance with the legislation to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
4. The right to restriction of processing. We, as the controller, shall communicate any restriction of processing carried out in accordance with the legislation to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
5. The right to be informed. We, as the controller, shall inform you, as the data subject, about those recipients if the data subject requests it, in accordance with the legislation.
6. The right to data portability. You have the right to have provided to you or other controllers, free of charge, a copy of your personal data in an electronic and structured format that allows for further use by the data subject. The statute states that the right only applies in the following circumstances:
   1. Where you have provided the data to the controller.
   2. That you, as the data subject, have given your consent to the processing, or the processing is based on the performance of a contract.
   3. The processing is carried out by automated means.

Where technically feasible, you as the data subject can request to have the data transmitted directly from one controller to another. The right of data portability shall not adversely affect the rights and freedoms of others. We, as controller, will respond without undue delay and at the latest within one month, although this can be extended to two months where the request is complex.

1. The right to object. You have a right to object, based on grounds relating to your particular situation, to our data processing activities (including profiling): (i) carried out in the public interest or in the exercise of official authority vested in the controller, and (ii) carried out on the basis of a legitimate interest of the controller. We, as the controller, must stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you, as the data subject, or for the establishment, exercise or defence of legal claims.

You also have the right to object to processing for direct marketing purposes and you are not required to indicate specified justifications.

1. The right not to be subject to a decision based solely on automated processing. The legislation includes rights in relation to processing that involves automated decision-making. At any time by written notice, you may require us, as the data controller, to ensure that no decision significantly affecting you is based solely on the automated processing of your personal data for the purpose of evaluating matters relating to you (such as creditworthiness or employment or business status). This right will not, however, apply where the decision concerns entering into or performing a contract with the individual and the decision has the effect of granting a request of the individual (for example, the individual is granted the loan applied for) or steps have been taken to safeguard his legitimate interests (for example, the individual is given the opportunity to make representations).

In certain circumstances, you, as the data subject, have the right to an explanation as to how any automated decisions taken about you have been made. This right arises where any automated processing is the sole basis for a decision which significantly affects you. In this case, you will have the right to be informed by us, as the data controller, that the decision was made on that basis and to require us to reconsider or take a new decision on another basis.

RIGHT OF ACCESS TO YOUR PERSONAL DATA

Information is stored by Avyana on its computers, which are located in Austria and on cloud services that are based in the EU. Avyana has security policies in place to manage and record your data privacy lawfully, and to ensure that your data is stored securely to protect against its loss, misuse and alteration.

In addition, Avyana takes all practicable steps to ensure that any businesses with which we share your data will have compliant security policies in place to lawfully manage and record your data privacy and that your data will be properly stored, in accordance with the legislation.

THE RIGHT TO DISCLOSURE OF YOUR PERSONAL INFORMATION

As a financial service provider, we may disclose client details to other organisations as part of our operations, including credit reference agencies. Although an individual’s financial information is not classified as sensitive personal data, it will be considered personal data and as such it will be processed in compliance with the legislation and the eight data protection principles, as set out above. Accordingly, we may exchange your personal information with certain third parties to assist in managing, administering and executing services including, but not limited to:

1. That which is required by law or in the public interest.
2. That which is required by our interests as the lender.
3. That which is made with your express or implied consent.
4. Our accountants, solicitors, actuaries, valuers and insurers.
5. Businesses who are upgrading and maintaining our information technology system and providing information technology services.
6. Authorised financial service institutions, such as banks and building societies.
7. Businesses undertaking verification services.
8. Businesses undertaking reviews of the accuracy of our information.

We may disclose your Personal Data to third parties (outside of Avyana) if, but only when, we have a legal basis to do so. Such recipients include, but are not limited to: legal counsel, solicitors/barristers/experts/foreign law firms who may be instructed on your behalf; Avyana’s insurance brokers and underwriters; Avyana’s bank, auditors and accountants; Avyana’s outsourced IT providers and other suppliers; and any Austrian or EU authority lawfully entitled to request such information.

WHERE WILL MY PERSONAL DATA BE PROCESSED

As a data controller, Avyana will retain all your information inside the European Economic Area (EEA). In circumstances where Avyana may transfer your data to a third party, we will seek to ensure that the third party processes your data inside the EEA, or has been allocated an “adequacy” rating by the European Commission.

THE LENGTH OF TIME WE WILL KEEP YOUR PERSONAL DATA

We will not retain your personal data for longer than necessary and we will hold it only for the purposes for which it was obtained. The length of time we retain your personal data will depend on the purposes for which we use it and/or for as long as is necessary to comply with applicable laws and to establish, exercise or defend our legal rights.

HOW YOU MAY OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA

Where permitted by applicable law or regulation, you have the right to object to us processing your personal data or to tell us to stop processing it (including for purposes of direct marketing). Once we have received this request, we shall no longer process your personal data unless permitted by applicable laws and regulations.

Email: office@avyana.net

REVIEWING AND UPDATING THIS PRIVACY STATEMENT AND POLICY

We may review and update this privacy statement and policy from time to time by publishing the amended version on our website. We may change our Privacy & Cookie Policy at any time without giving notice and we, therefore, suggest that you check this policy each time you visit our website. We will ensure the most recent version is available on our website www.avyana.net and we will tell you directly when there’s an important change that may impact you. It will be your responsibility to view the revised privacy statement and policy on the above website.

LAST UPDATING

This privacy statement and policy was last updated in October 2021.

HOW TO CONTACT US

If you have any enquiries or questions about how we obtain or use your personal data, you can write to us at the address below or contact us by email:

Avyana Litigation Funding GmbH, Registered Address: Graben 12/1-3, 1010 Wien, Austria

Email: office@avyana.net