For SCORIA when the Financial Report is requested by an individual.

Effective Date: 01.10.2024.

Thank you for using SCORIA , a financial health assessment service (hereinafter:

”SCORIA”, or ”Service”) provided by CYGNUS Account Information Service

Provider UAB (Registered address: Girulių g. 20, Vilnius, 12123, Lithuania; Legal

entity code: 306852237; referred to as "CYGNUS," "we," "our," or "us"). At CYGNUS,

we are committed to protecting your personal data. This Privacy Policy (hereinafter the

"Policy") outlines how we collect, process, and protect your personal information when

you directly request a financial health assessment through our SCORIA service, for

example, to prove your solvency to a landlord. In this case, CYGNUS acts as both the

Data Controller and the Data Processor, meaning we are responsible for both deciding

how your personal data is handled and conducting the data processing.

Please read this Privacy Policy carefully to understand how we collect, use, protect,

and disclose your personal information.

1. General Provisions

1.1. Contact Details of CYGNUS as Data Controller and Data Processor

Name: CYGNUS Account Information Service Provider UAB

Headquarters: Girulių g. 20, Vilnius, 12123, Lithuania

Legal entity code: 306852237

Email: support@cygnus-aisp.com

Website / CYGNUS AISP UAB: https://cygnus-aisp.com

Website / Scoria: https://scoria.world

Data Protection Officer (DPO): dataprotection@cygnus-aisp.com

1.2. Related Legislation

We process personal data in accordance with applicable data protection regulations,

including but not limited to:

 Regulation (EU) 2016/679: General Data Protection Regulation (GDPR);

 Directive (EU) 2015/2366: The Second Payment Services Directive (PSD2);

 Other applicable national and international laws on privacy and data protection.

2. Key Information about CYGNUS’s Data Management

2.1 Purpose of Data Processing

The purpose of data processing is to conduct a solvency assessment based on your

bank account data. This assessment is typically requested by you (the Data Subject)

to prove your financial health or solvency, such as for a rental application where a

landlord may require proof of your ability to pay.

2.2 Legal Basis for Processing

According to Article 6(1)(b) of the GDPR, the processing is necessary for the

performance of a contract or to take steps at your request prior to entering into a

contract. For example, we process your data to generate a financial health assessment

to support your rental application.

2.3 Scope of Personal Data Processed

We process the following personal data:

 Bank Account Information: Transaction history, account balances, outgoing and

incoming cash flows, fraud patterns, and potential solvency issues from the last

90 days or any other period agreed upon.

 Personal Identification Data: Name, bank account number, email, phone

number, address.

 Risk Rating (Score): Based on your financial transactions, a solvency score is

calculated using profiling techniques.

2.4 Duration of Data Processing

We process your personal data for as long as necessary to fulfil the purpose of the

financial health assessment and in accordance with legal and regulatory requirements.

Once the purpose of the data processing is complete, your data will be securely deleted

unless retention is required for legal obligations.

2.5 Transfer of Personal Data

We do not transfer your personal data to third countries or international organizations.

Your data remains within the European Economic Area (EEA), and we ensure it is

protected by strong data privacy measures.

2.6 Automated Decision-Making and Profiling

The SCORIA service uses automated decision-making, including profiling, to evaluate

your financial health. This involves analyzing your banking data using algorithms to

provide a solvency score. This process allows us to assess your financial ability to

meet obligations like paying rent. You have the right to request human intervention or

object to the automated decision-making as described in Section 3.

3. Your Data Protection Rights

As the Data Subject, you have several rights under the GDPR in relation to your

personal data. These rights include:

3.1 Right to Access

You have the right to request access to your personal data and receive a copy of it, as

well as information about how and why your data is being processed.

3.2 Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to request that it

be corrected or completed without undue delay.

3.3 Right to Erasure ("Right to be Forgotten")

You have the right to request the deletion of your personal data under certain

circumstances, including when:

 The data is no longer necessary for the purpose for which it was collected.

 You withdraw consent and no other legal basis for processing exists.

 You object to the processing and there are no overriding legitimate grounds for

continuing the processing.

 The data has been unlawfully processed.

CYGNUS may refuse the request to erase your data if the processing is required for

compliance with legal obligations or for the establishment, exercise, or defence of legal

claims.

3.4 Right to Restriction of Processing

You can request the restriction of processing under certain circumstances, such as

when the accuracy of the data is contested, the processing is unlawful, or you need

the data for legal claims while CYGNUS no longer requires it for processing.

3.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and

machine-readable format, and to transmit those data to another controller where

technically feasible.

3.6 Right to Object

You can object to the processing of your personal data if it is based on legitimate

interest grounds. If CYGNUS cannot demonstrate compelling legitimate reasons that

override your rights and freedoms, we will stop processing your personal data.

3.7 Right to Withdraw Consent

If the processing is based on your consent, you can withdraw that consent at any time

by contacting us via the details provided. Withdrawal of consent does not affect the

lawfulness of the processing carried out before its withdrawal.

4. Security Measures

CYGNUS takes all necessary security, technical, and organizational measures to

ensure that your personal data is protected against unauthorized access, alteration,

disclosure, or destruction. These measures include:

 Encryption: All data is encrypted both in transit and at rest.

 Access Controls: Strict access controls are in place to ensure that only

authorized personnel have access to your data.

 Audits: Regular security audits and monitoring are conducted to maintain

compliance with industry standards.

5. Automated Decision-Making and Profiling

When you use the SCORIA service, automated decision-making and profiling are

applied to assess your solvency. This means that your bank account information (e.g.,

transactions, income, and expenses) is processed using algorithms to generate a

solvency score. This score reflects your ability to meet financial obligations, such as

rent.

You have the right to:

 Request human intervention in any decision made by automated means.

 Express your views on the outcome of the automated decision.

 Object to the automated decision if it significantly affects you.

6. Changes to the Privacy Policy

CYGNUS reserves the right to update this Privacy Policy from time to time to reflect

changes in our data processing practices or legal requirements. When we make

changes, we will notify you through our website or by direct communication.

7. Contact Information

If you have any questions or concerns regarding this Privacy Policy or your personal

data, or if you wish to exercise any of your data protection rights, please contact us:

CYGNUS Account Information Service Provider UAB

Email: dataprotection@cygnus-aisp.com, support@cygnus-aisp.com

Website: https://cygnus-aisp.com

If you are dissatisfied with our response, you also have the right to lodge a complaint

with the relevant data protection authority in your country of residence.

By using the SCORIA service, you acknowledge that you have read and understood

this Privacy Policy and agree to the processing of your personal data in accordance

with it.---------------------------------------------------------------------------------------------------------