LAST UPDATED: 11th of June 2018
COSTS.EE OÜ (“COSTS“, “us” or “we“) takes Your privacy seriously and is committed to respecting and protecting any and all issues related to Your privacy.
This Policy is an integral part of our End User License Agreement (www.costs.ee/eula) and it sets out the basic principles and describes our practices according to which we may collect (or You provide us with), store, use and disclose any information in connection with information that we collect from You via COSTS.
Except as specifically provided below, this Policy does not apply to information collected by COSTS by or through any other means, such as information collected offline. By using COSTS or submitting information via COSTS, You agree to be bound by the terms and conditions of this Policy.
By using COSTS, You represent and warrant that (a) You are 16 years of age or older. If You are under 16 years of age, You must obtain verifiable consent from a parent or legal guardian for processing Your Personal Data.
The privacy notice:
• explains what we do to protect and respect the privacy of Your Personal Data;
• explains how we collect, use and protect Your Personal Data;
• helps You understand how Your Personal Data is collected and used and what Your rights are regarding Your Personal Data.
When processing Your Personal Data, we comply with Estonian and European Union legislation.
We use this data for the purpose for which we collected the data and to the extent necessary to achieve that purpose. Once the objective has been attained, we delete the Personal Data.
– End User License Agreement (EULA) – means a legal agreement between COSTS.EE OÜ and the End User of the Application which specifies detail terms, rights and restrictions with respect to the Application. (App)
– End User – means a person who downloads and uses COSTS and holds Financial Account that is accessible online.
– Service(s) – means the services, features, and content available to End User’s in the COSTS.
– COSTS or App – means a mobile or web multi-platform application COSTS which runs on Android and iOS devices and is available for download in Google Play, App Store, Amazon and others and has been developed for managing personal finances, analyzing incomes and expenses.
– Personal Data – means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Data includes without limitation Registration Information, Financial Account Data and Financial Account Credentials, but excludes Anonymized Data, Anonymized Aggregate Data, and publicly available business information.
– Non-Personal Data – means any information which does not identify a specific individual, such as:
User Content, namely all data entering by the End User into COSTS, such as transactions data entering manually or being downloaded from the bank card, photos, images, video, files, text comments and descriptions, bank transaction geolocation. Information collected through different technologies (such as cookies, log files and our back-end servers collect usage data transmitted from our App), namely operating system version, IP address, device model, country, language, etc.;
Any other, except Personal Data, the information provided by the End User;
Anonymized Aggregated Information, namely any statistic data collected automatically about the End Users that may be combined without identifying the End Users.
1. How we collect Personal Data
1.1. We collect minimum Personal Data which is reasonably needed for the provision of COSTS services, improvement of them and for communication with You.
1.2. We may collect Personal Data when You sign up to COSTS and later when appropriate, name, email, user name, photo of Your profile, location, photos, documents and files, voice tags, texts.
1.3. You may voluntarily choose to provide Your Personal Data to us when You choose to use our App and other Services. Because we change our offerings and features from time to time, the options You have to provide us with information also may change. The following are some examples of situations in which You may provide information to us:
• Creating an account to use COSTS;
• Purchasing something from us or otherwise engaging in a transaction with us;
• Contacting us for any reason, such as by email, including for technical support or customer service.
1.4. We may collect Personal Data only by Your voluntary consent for such collection.
1.5. You are not obliged to provide COSTS with any other Personal Data except needed for Your registration with COSTS.
1.6. You may be required, in case of Your use the option “BankSync”, to inform Your personalized security credentials to Salt Edge for the purpose of providing the Bank Transactions through COSTS.
1.7. We may process Your Personal Data when necessary to comply with legal obligations or for purposes of pursuing legitimate interests, if doing so is consistent with Your rights and appropriate to the context, such as providing services, fixing bugs, performing internal analytics, and conducting reasonable monitoring of Your use of our services to prevent misuse of our services and fraud. Additionally, we may, in certain cases, ask You for Your consent for certain processing of Your Personal Data.
2. How we use Data
2.1. How we use Personal Data
2.1.1. We may use Personal Data that is provided to us for the only following purposes:
(a) to provide, maintain, administer, support, protect and improve the Services;
(b) for the purposes for which You specifically provided it, namely, to enable us to respond to Your inquiries and fulfill Your requests;
(c) to inform You about COSTS services, programs, and offers that we believe may be interested in You via email or in-App notification;
(d) to personalize Your experience on COSTS including by presenting products and offers tailored to You;
(e) to send You information about Your relationship or bank transactions with us;
(f) to allow You to use data synchronization with other users (accounts) using the “Multi-User” feature;
(g) for our internal business purposes, such as data analysis, audits, developing new products, enhancing our Application, improving our services, identifying usage trends;
(h) to provide You with support;
(i) to investigate any illegal activity or wrongdoing in connection with the Services;
(j) for analysis and monitoring of COSTS efficiency and improvement of COSTS Services.
2.1.2. BY INSTALLING AND USE COSTS, YOU CONFIRM THAT YOU UNDERSTAND AND AGREE TO YOUR PERSONAL DATA PROCESSING FOR THE ABOVEMENTIONED PURPOSES.
2.1.3. Your Personal Data will be collected and processed by COSTS.EE OÜ with its registered address: Harju Maakond, Tallinn, Kesklinna Linnaosa, Roosikrantsi tn 11-256, 10119, 14398029
Issues related to the protection and security of your data, please forward to COSTS data protection officer at
2.1.4. We do NOT process, share, transfer, sell or otherwise distribute and disclose Your Personal Data to advertisers or other third parties.
2.1.5. In exceptional circumstances we may disclose Your Personal Data:
(a) under requirements of the applicable law, including laws outside Your country of residence;
(b) to comply with legal process;
(c) to respond to requests from public and government authorities including public and government authorities outside Your country of residence, in the cases provided by law;
(d) to enforce our End User License Agreement;
(e) to protect our operations or those of any of our affiliates, distributors, resellers;
(f) to protect our rights, privacy, safety or property, and/or that of our affiliates, distributors, resellers You or others; and
(g) to allow us to pursue available remedies or limit the damages that we may sustain.
2.1.6. We retain Your Personal Data for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or allowed by law.
2.2. Correction and deletion of Personal Data
2.2.1. You are entitled to have access to Your Personal Data for the purpose to review, to correct, to update and/or to delete all or any part of it.
2.2.2. You have the right to request that Your Personal Data be deleted from our server. Anytime You wish Your Personal Data be removed from our system You may request us in written form to delete Your account from our servers. As a result, Your Personal Data will be deleted permanently from our server and further access to Your account will be impossible. Your aggregated data is stored in our servers indefinitely. We reserve the right to use any aggregated data derived from or incorporating Your Personal Data.
2.3. How we use Non-personal Data
2.3.1 Because of Non-Personal Data, except User Content, does not personally identify You, we may collect, use and disclose Non-Personal Data for any purpose.
3.1. In case of Your use of BankSync feature of COSTS, as described in our EULA in section 11, Your bank details will be collected and processed by the Salt Edge Inc. which is a processor of Personal Data and has its registered address at 40 King Street West, Suite 2100, Toronto, Ontario M5H 3C2, Canada
3.3. COSTS never saves the login and/or the password of Your bank account. You have access to Your bank account by entering login and/or password into the window in the protected mode of the Salt Edge service.
4.1. Please note that with respect to the service feature referred to as “Multi-User” in our End User License Agreement, by adding other End Users to the Multi-User section or acceptance to be connected with the Multi-User section You are giving them a right to see and make acquaintance with Your certain uploaded data, except Personal Data.
5. How we protect Your Personal Data
5.1. We implement the necessary organizational and info-technological security measures to ensure the integrity, availability, and confidentiality of the Personal Data. The purpose of information security activities is to implement the appropriate level of protection of information, risk mitigation, and risk prevention.
5.2. We guarantee the protection of Your Personal Data. All servers where Personal Data processed under this Policy are located within the European Union. We keep Your Personal Data in encrypted form and transfer it by secured encrypted channels. We also keep Your password in encrypted form, in such a way that it may be reset through the standard procedure of password reset using e-mail address. We use all the most modern organizational, technical and administrative measures to protect Personal Data.
5.3. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If You have reason to believe that Your interaction with us is no longer secure (for example, if You feel that the security of any account You might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contact us” section below.
5.4. If You suspect that Your data are using by third persons, please immediately change Your password. We are not responsible for the fact of the use of Your account by third persons.
6. What can You do to protect Your data?
6.1. Even though we at COSTS put a lot of emphasis on keeping Your Personal Data safe and secure, You Yourself also have an important role in ensuring the success of those aims. Prior to disclosing Your Personal Data to third partied or entering it somewhere, consider who will receive the data and how securely it will be stored. Disclosing usernames, passwords, and other sensitive information and tools and sharing those with others is neither a permissible step nor a reasonable decision. In the case of communication and internet services, it must be taken into account that by enabling access to Your Personal Data (e.g., on our self-service), either due to Your own negligence or any other reason), You will be providing access to logs, service details, invoicing information and data of associated persons.
6.2. If You suspect that Your Personal Data has been processed contrary to our privacy notice or that Your information has been disclosed to strangers, be sure to inform us as soon as possible. This way we can solve the situations as quickly as possible and help minimize potential losses. You can always check and change Your data and access to it.
7. What are Your rights in relation to Your Personal Data?
7.1. The right of access to Your data
You have the right to access Your Personal Data that COSTS has at any time. Additionally, You have the right to be informed of the objectives of data processing and the storage terms of the data. Access to the data is possible through the App.
7.2. The right to amend Personal Data
If You have discovered incorrect data when reviewing Your data or if Your Personal data has changed, You can always change it by Yourself at our App or write to us directly email@example.com
7.3. The right to be forgotten
In certain cases, You have the right to have Your Personal Data deleted. This applies especially to the processing of data on the grounds of consent and legitimate interest. This includes, for example, marketing profiles and the like. However, the complete deletion of Personal Data is often not possible, as we use data for other purposes as well, in relation to which the early deletion of such data is not allowed due to contractual or legal reasons.
7.4. The right to submit objections
You have the right to object, at any time, to any activity regarding the processing of Your Personal Data that is conducted on the grounds of legitimate interest. When submitting an objection, we will consider legitimate interests and, if possible, will stop processing the relevant data. This right cannot be used in a situation where we are required to compile, submit or defend a legal claim (e.g., we believe that a person has breached the Agreement (EULA) and therefore have to turn to a court or other law enforcement agency to protect our rights).
7.5. The right to restrict the processing of Your Personal Data
In certain cases, You have the option of restricting the processing of Personal Data by explicitly informing us directly firstname.lastname@example.org. This right can only be exercised in the following cases:
• to verify the accuracy of Personal Data when You have challenged their accuracy;
• to record illegal data processing;
You need Personal Data for compiling, submitting or defending a legal claim;
when You file an objection to consider the legitimate interest and You wish to limit the processing of the data in question until a decision has been made.
However, You should take into account that this right requires a very precise formulation of the objective and may, in some cases, result in the temporary suspension of Services.
7.6. The right to transfer data
The right to transfer data gives You additional control over Your Personal Data. We enable You to access Your Personal Data or have it transferred directly to another service provider, in a machine-readable format (provided that the other service provider has the capacity of receiving the data in such format). Please note that we cannot guarantee this and are not responsible for the capacity of another service provider to receive Your Personal Data.
Unlike the right to access Your data, Your right to transfer data is limited by a number of features:
• You have the right to receive Personal Data that You have submitted to us in a structured, commonly used and machine-readable format;
• the right to transfer applies only to the data that we use for the performance of the EULA or on the basis of consent, and only by automated means;
• when exercising this right, we must also take into account the privacy rights of third parties.
In order to provide more convenient service to You, we have solved the exercising of this right in the same way as access to Personal Data on the self-service.
8. Private Spheres
8.1. COSTS, being installed on Your smartphone, contains an option of effected expense(s) encrypting in the form of Your numeric password, fingerprint or Face ID in section “Private sphere”. It means, that You can make any of the Spheres private in the Sphere options. All data, which was added to the Private sphere is stored on Your smartphone only and this Sphere does not synchronize with the server.
8.2. In case of loss or breakage of Your electronic device or in case of Your failure to access the Private spheres for any other reasons, COSTS will be unable to restore access to such encrypted data and shall not be liable for any damages resulting from an inability to use the above-encrypted data.
9. Cross-border transfer
9.1. Your Personal and Non-Personal Data may be stored and processed in countries outside of European Union, including Russian Federation, the United States and China, and in any country where we have operations, and which can change from time to time. By interacting with us and providing us with any Personal Data, You consent to the transfer of information to countries outside of European Union, including Russian Federation, the United States, and China, which may provide for different data protection rules than in Your country
11.1. We may change this Policy from time to time at our sole discretion. Please take a look at the “LAST UPDATED” legend at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we post the revised Policy on the Application. Your continued interaction with us following these changes means that You accept and affirm the revised Policy.
Harju maakond, Tallinn, Kesklinna linnaosa, Roosikrantsi tn 11-256, 10119
Registry code: 14398029