1. Introduction This document outlines the principles and procedures BeKeeny OÜ ("Company") follows in processing personal data and fulfilling Anti-Money Laundering (AML) and Know Your Customer (KYC) obligations in accordance with Estonian and EU law.
2. Data Controller BeKeeny OÜ, a private limited company incorporated in Estonia, with a registered address at Harju maakond, Tallinn, Kesklinna linnaosa, Ravi tn 2, 10134, Estonia, registration code 16788993.
3. Categories of Personal Data The Company may collect the following categories of personal data:

• Identification data (e.g., full name, date of birth);
• Contact details (e.g., email, phone, address);
• Financial data (e.g., transaction details, account number);
• AML/KYC documents (e.g., passport/ID copy, proof of address);
• Device and technical data (e.g., IP address, browser type).

4. Legal Basis for Processing Processing is carried out on the following grounds:

• Contractual necessity (Art. 6(1)(b) GDPR);
• Legal obligation (Art. 6(1)(c) GDPR);
• Legitimate interest (Art. 6(1)(f) GDPR);
• Consent, when applicable (Art. 6(1)(a) GDPR).

5. Purpose of Processing

• Providing and managing services;
• Client verification (AML/KYC);
• Compliance with legal and regulatory obligations;
• Risk management and fraud prevention;
• Internal administrative purposes.
• 6. AML/KYC Obligations The Company implements measures in accordance with the Estonian Money Laundering and Terrorist Financing Prevention Act, including:
• Identification and verification of clients and beneficial owners;
• Risk-based due diligence procedures;
• Ongoing monitoring of client relationships;
• Reporting of suspicious transactions to the Financial Intelligence Unit (FIU).

7. Data Retention Personal data is retained:

• For as long as required by applicable legislation (typically 5–7 years);
• For longer periods where required for legal proceedings or regulatory inquiries.

8. Data Transfers Data may be transferred to third-party service providers or authorities, including:

• Hosting and payment processing partners;
• AML/KYC compliance vendors;
• Estonian or EU supervisory authorities.
• Transfers outside the EEA are permitted only with appropriate safeguards in accordance with GDPR.

9. Data Subject Rights You have the right to:

• Access your data;
• Request rectification or erasure;
• Restrict or object to processing;
• Lodge a complaint with a data protection authority.

Requests can be submitted via email to info@webmk.org.
10. Policy Updates This policy may be updated from time to time. The latest version will always be published on our website.

Last updated: April 4, 2025