Subject:	Advanced Training of Anti-Money Laundering and Countering Terrorism Financing (AML/CFT) for Virtual Currency Service Providers
Target Group:	Members of the Board, Money Laundering Reporting Officers for the Financial Intelligence Unit, Anti-Money Laundering service providers and employees who are responsible and/or manage and/or organize the prevention of money laundering and terrorist financing in virtual currency service providing companies.
Objective:	To ensure that the virtual currency service provider is prepared to implement anti-money laundering requirements, to map its risks (i.e. “vulnerability” in the context of money laundering), determine its risk appetite, prepare a risk assessment, develop a risk management methodology and approve risk mitigation rules. In addition, to prepare the Rules of Procedure, implement the due diligence measures and monitor its compliance according to the Internal Control Rules.   The aim of this advanced training is to provide additional knowledge from the perspective of the regulator, to present essential nuances in legal regulation of money laundering prevention, documentation requirements and solutions to most common problems in the application of procedural rules. Also, to introduce the most common problems related to the due diligence, the nuances of KYC and KYT procedures and relevant case studies.
Description of the Subject Content:	1.      A more in-depth overview of the legal regulations preventing money laundering. Expectations from the regulator. What lies behind the field terms and definitions. Requirements for identification of persons.   2.      Responsibility of the Member of the Board for preventing money laundering; obligations of the MLRO.   3.      Risk assessment and Risk Appetite (exercises based on a specific company’s business plan).   4.      Mitigating KYC and KYT risks regarding persons, documents, transactions and implementation of proper due diligence measures.   5.      Case analysis.	3 h         1 h       4 h     6 h       3 h
Learning Outcome:	Learner who has completed the training: –          knows the professional legal space, –          knows the established requirements for virtual currency handlers, –          knows the tasks and responsibilities of the: 1st line of defense, of the 2nd line of defense and of the 3rd line of defense, –          can adapt and implement due diligence measures to prevent money laundering in the company, if necessary, –          knows and is able to recognize possible frauds when carrying out KYC and KYT procedures.
Study form:	Online lecture and independent exercises.
Requirements for graduation	Passing the exam
Evaluation method	The exam threshold is 70% correct answers in the written test.	1 h
Document to be issued	Certificate.
Volume of study:	Total 18 hours.

 

The preparation and implementation of the training is based on the principles of adult education. Complium OÜ is registered as an adult educator in the Estonian Education Information System with licence number 221622.

PRIVACY POLICY OF COMPLIUM OÜ

 

 

INTRODUCTION

Complium OÜ is a legal entity with registry code 14996517, registered office at Narva mnt 7d, Tallinn 10117, Republic of Estonia. Complium OÜ was founded in Tallinn in 2020 and has developed into a recognised company in Estonia in the field of preventing money laundering and terrorist financing.

In the course of our activities, we collect and use your personal data in order to provide you with the best service, advice, and solutions, and to fulfil our contracts with you.

We protect your data and privacy in all ways provided by applicable law.

In order to ensure the secure processing of the aforementioned personal data, Complium OÜ has established processing rules, administrative regulations and other organisational, IT and physical data protection measures.

Secure personal data processing measures extend to all information systems and human activity processes used, including employees, suppliers, customers, service providers and other third parties who have access to personal data processed by Complium OÜ.

The information contained in this Privacy Policy applies to the personal data of natural persons, but not to the data of companies or other legal entities or institutions. The information also applies to the personal data of all natural persons engaged in vocational and professional activities (e.g. employees of a company or organisation). If you communicate with us as a person related to a Business Customer, we will also register and use your personal data.

 

WHY DO WE COLLECT AND USE YOUR PERSONAL DATA?

We collect and use your data to provide you with the best advice and solutions, to fulfil our agreements with you, and to comply with our legal obligations regarding the collection and retention of personal data.

This means that we collect and use your personal data if:

• You have concluded a contract with us or are considering concluding one;
• You have given us your consent to use your personal data;
• This is our legal obligation, which may arise from, for example, the following legal acts:
  • Law of Obligations Act;
  • Taxation Act;
  • Tax Information Exchange Act;
  • Accounting Act;
  • Money Laundering and Terrorist Financing Prevention Act;
• It is necessary for the legitimate interests of Complium OÜ, including to prevent legal violations or damage, to strengthen the security of IT systems or payments, or for direct marketing purposes. We will only do this if our respective interest clearly outweighs your interest not to process your personal data;
• If you communicate with us as a person related to our Business Customer, then depending on the content and scope of our communication, we may process your personal data for the following purposes:
  • to perform our contractual obligations and to provide services to the Customers;
  • to comply with the applicable legislation;
  • for administrative purposes, including securing, supporting and maintaining our systems, platforms and other digital applications;
  • to ensure adequate security while visiting our premises;
  • to carry out the necessary checks to prevent crimes.

 

WHAT PERSONAL DATA DO WE COLLECT AND USE?

In its daily business, Complium OÜ processes various personal data, including:

• employee data (data of existing, past and future employees);
• customer data;
• website visitor data;
• subscriber data;
• shareholder data.

If we are obliged to verify the correctness of personal data pursuant to the anti-money laundering regulations, Complium OÜ will check the personal data received from the Data Subject from state registers and other reliable sources. If necessary, the personal data received from the Data Subject will be supplemented and amended.

If Complium OÜ is an obligated person according to the anti-money laundering regulation, Complium OÜ is required to assess the risk of money laundering and terrorist financing. In this case, we process the personal data of the Data Subject (taking into account, for example, the Data Subject’s place of residence, field of activity, whether the Data Subject is a politically exposed person; in the case of a legal person represented by the Data Subject – its location, field of activity, management bodies and ownership structure) and the nature of the transaction. Based on the above, Complium OÜ applies due diligence measures either in a simplified or enhanced manner.

Special categories of personal data

In its economic activities, Complium OÜ does not collect personal data such as racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic data, biometric data used for the unique identification of a natural person, health data or data about a natural person’s sexual life and sexual orientation.

Complium OÜ collects special categories of personal data in its economic activities only if we need them in order to provide you with service-related advice or to provide you with a service. For the processing of special categories of personal data, we will ask for your explicit consent, unless the law gives us the right to process special categories of personal data without your consent (e.g. to legally enforce our claims).

We may also collect other personal information if it is necessary to provide you with specific services or if required to do so by law.

Our ability to advise you and provide you with the best solutions depends to a large extent on how well we know you. Therefore, it is important that you provide us with correct and accurate information and keep us informed of any changes.

 

WHAT DO WE COLLECT AND USE YOUR PERSONAL DATA FOR?

Complium OÜ processes personal data in order to:

• enter into contracts, provide services to persons and ensure the fulfilment of obligations;
• clarify under which conditions to provide services and sell goods;
• make Customer-oriented offers;
• conduct customer satisfaction surveys;
• provide convenience services to the customer and deliver announcements;
• comply with legal obligations;
• to ensure the realisation of a legitimate interest that complies with the data protection rules established in the European Union (EU).

We also collect and use data for other activities related to the provision of services, including the following activities:

• customer management, consulting and administration;
• assessment of creditworthiness;
• development and management of our services and operations;
• marketing of services;
• identification and verification of identity;
• debt collection;
• protecting you and Complium OÜ against fraud;
• responding to the legal requirements of third parties and complying with them.

We collect data directly from you or by monitoring your activities, such as when you:

• fill out applications or other forms to receive services;
• submit documents to us on paper or via electronic correspondence.

We will only retain your data for as long as it is necessary for the purpose for which we collected and used your data, unless otherwise provided by applicable law, or as follows:

• We retain the personal data for up to three years from the beginning of the year following the end of your communication thread;
• We retain accounting data for up to 7 years from the end of the financial year when the transaction was recorded in our accounting system.

After the expiry of the Personal Data retention period, we may retain your Personal Data for longer than is necessary to comply with a legal obligation or requirement, to resolve legal disputes, or to ensure the performance of a contract with us.

At the end of the personal data retention period or if the legal basis related to the purpose of processing personal data ceases to exist, we may retain materials containing your Personal Data in backup systems, from which they will be deleted at the end of the backup cycle. During the backup period, we implement appropriate measures to ensure the security of backed up materials. Backed up materials are decommissioned, not processed for any purpose, and erased as soon as possible, i.e. at the end of the backup cycle.

 

THIRD PARTIES AND YOUR PERSONAL DATA

Personal data received from third parties

We register and use personal data obtained from third parties, such as:

• from a national register, such as the business register, the population register or another public source or register. We collect and use this data, for example, to verify the accuracy of the data;
• from credit agencies and payment default registers. We collect and use this data to assess creditworthiness. We update the data regularly;
• From the business partners of Complium OÜ, if we have your consent or if it is permitted by legislation.

Third parties to whom we disclose your personal data

In certain cases, we may disclose your personal data to third parties if:

• you have asked us to do so;
• it is required or permitted by law;
• you have given your prior consent;
• we disclose your personal data to credit rating agencies and registries after you fail to fulfil your obligations to Complium OÜ;
• it is necessary for the development, maintenance and continuity of IT systems.

With your consent, when transferring personal data to data processors located in third countries (i.e. outside the European Union and the European Economic Area), we ensure the protection of your rights and that, in the event of such data transfer, your personal data is maintained at a level of protection that meets the conditions approved by the European Commission.

 

PROFILING AND AUTOMATED DECISIONS

Profiling

Complium OÜ does not perform automated processing of your personal data, the purpose of which would be to evaluate, analyse and forecast certain personal aspects related to a natural person, in particular such aspects related to the relevant natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.

Automated decision-making

Complium OÜ does not perform automated processing of your personal data, the purpose of which would be to evaluate your personal data in order to take decisions that may restrict your rights and freedoms.

 

YOUR RIGHTS

Accessing your personal data

You can access the personal data collected and used about you, the sources thereof and the purposes of their use. You will be able to obtain information about how long we retain your data and to whom and to what extent we transmit it. Your right to access your personal data may be limited by applicable legislation, the rights of others to ensure their privacy, and the needs of our operations. Our know-how, trade secrets, internal assessments and materials may also be part of the information that cannot be accessed.

Right to state objections

You have the right to raise objections to the processing of your personal data, including if we rely on our legitimate interests in processing the data.

You also have the right to object to the use of your personal data for direct marketing.

Rectification or erasure of data

If your data is incorrect, incomplete or irrelevant, you have the right to request the rectification or erasure of the data, taking into account the restrictions arising from applicable legislation and the rights related to data processing.

Restriction of data use

If you find that the information we have collected about you is incorrect, or if you have objected to the use of the data, you may request that we restrict the use of the data to retention only. The use is limited to retention only until it is possible to establish the accuracy of the data or to verify that our legitimate interests outweigh your interests.

If you have the right to request the erasure of data, you can instead request that we limit our use of the data to the retention only. If we need the data we collect about you only to enforce or defend legal claims, you may request that the data not be used for purposes other than retaining. However, we may have the right to use the data in a different way if this is necessary to enforce the claims or if you have given your consent.

Withdrawal of consent

If the use of data requires your consent, you can withdraw this consent at any time. Please note that if you withdraw your consent, we may not be able to provide you with certain services. We will also continue to use your personal data, for example, to perform a contract with you or in accordance with legal requirements.

Data portability

If we use the data on the basis of your consent or agreement and the data processing is automated, you have the right to receive a copy of the data you have provided in an electronic machine-readable format.

Time of realisation of the rights, summarised in a table

 

Rights	Realisation
Right to consent to data processing	Consent is requested immediately upon data collection (if the data is collected directly from you) or within one month (if the data is collected from a third party)
Right to withdraw consent to data processing	Instantly, without unreasonable delay
Right to access data	Within one month of the application
Right to rectification of data	Within one month of the application
Right to erasure of data, “to be forgotten”	Instantly, without unreasonable delay
Right to restriction of data processing	Instantly, without unreasonable delay
Right to data portability	According to the submitted application
Right to state objections	Proceedings shall be initiated on receipt of an objection
Rights related to automated processing or profiling.	According to the submitted application

 

USE OF COOKIES

Complium OÜ uses cookies on its websites. Cookies are small text files that are downloaded to your device when you visit our website.

By continuing to use our website, you consent to the use of cookies in accordance with the rules of these terms and conditions.

If you do not agree to the use of cookies, you have the option to configure your browser so that your computer does not store cookies. In this case, however, we cannot guarantee that all functions on our site will work correctly for you. More information on managing and disabling cookies can be found on the website http://www.allaboutcookies.org/

With the help of cookies, we can improve the quality of services. We use cookies to collect statistical data, to remember the preferences of the visitor of the page, to serve advertisements.

When visiting Complium OÜ websites, our data analysis and advertising partners (Google Analytics, Facebook, YouTube, etc.) can also store cookies on your device.

 

SECURITY OF PERSONAL DATA PROCESSING

Complium OÜ stores personal data only for the strictly minimum necessary time. Personal data with an expired retention period will be destroyed using best practices.

Complium OÜ ensures the protection and appropriate security of personal data, including against unauthorised or illegal processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Access to personal data is granted only to processors who have the necessary right to do so and only to the extent necessary to achieve the purpose arising from the legitimate interest.

Complium OÜ confirms that it complies with the requirements in force in the EU regarding the protection of personal data. Complium OÜ makes every effort to protect personal data. We process personal data only for specific and legitimate purposes and only to the extent necessary for such purpose. We also demand the same values and adherence to our personal data processing rules from our cooperation partners.

In the event of any incident involving personal data, Complium OÜ will take all necessary measures to alleviate the consequences and to mitigate similar risks in the future.

 

TERMS OF USE OF NOTIFICATIONS

Notifications are offers sent to the subscribers through communication channels that, in the opinion of Complium OÜ, may be of interest to the subscribers.

You can opt out of notifications at any time. To unsubscribe from the newsletter, you can click on the link at the end of the letter. To opt out of other notifications, please contact office@complium.eu.

By subscribing to the newsletter, you consent to the retention and processing of your personal data in accordance with our rules. Personal data will not be shared with third parties.

Complium OÜ processes your personal data in accordance with EU data protection and other personal data protection legislation.

If you have any questions, please contact office@complium.eu.

 

CONTACT INFORMATION AND SUBMISSION OF COMPLAINTS

If you have any questions regarding your rights in relation to the processing of your personal data, or if you have any questions about how we collect and use personal data or if you are not satisfied with the way we process your personal data, please contact us:

 

Complium OÜ

Address: Narva mnt 7d, Tallinn 10117, Republic of Estonia

Phone: +372 587 46 380

Email: office@complium.eu

 

If your data protection contact with Complium OÜ has not produced a satisfactory result, you have the right to submit a relevant dispute with Complium OÜ or file a complaint with a supervisory authority:

 

Data Protection Inspectorate

Tatari 39, Tallinn 10134

phone: +372 5620 2341

Email: info@aki.ee

website: www.aki.ee

 

 

Last updated 05.01.2023