As a virtual currency license holder, BlueData OU (the: “Company“) must identify, assess and understand the risks related to money laundering and terrorist financing. In addition, the Company reviews and examines each of its activities and applies measures to mitigate these risks. The applied measures by the Company are proportionate to the degree of identified risk. In the course of a risk-based approach, BlueData OU assess the probability of the risks becoming real and the consequences of such an event. When assessing the probability, the possibility of the occurrence of the relevant circumstances must be taken into account, including the possibility of potential risks that may affect the activities of both the customer and the Company, and the possibility that the probability of the occurrence of this risk increases.

BlueData OU is obligated to prepare a risk assessment in order to identify, assess and analyze the risks related to its clients activity in regard to money laundering and terrorist financing and financial sanctions.

This model for the identification and management of risks relating to the customer and its activities is prepared to apply the obligations arising from clauses § 14 1) (2) and (6) of the RahaPTS in accordance with the general regulation provided by the Money Laundering and Terrorist Financing Prevention Act, the International Sanctions Act and the Directive (EU) 2015/849 of the European Parliament and of the Council and includes:

• the model for the identification and management of the risks arising from the customer and their activities and the determination of the risk profile of the customer;
• the model for the identification and management of the risks arising from the activities of BlueData OU, including the procedure of identification and management of the risks related to new and available technologies and services and products, including new or nontraditional sale channels and new or developing technologies.

BlueData OU examines and classifies its customers based on the following three categories:

A – Low risk (1 risk point)

No influential risk factors exist in any risk category, the customer itself and the customer’s activities are transparent and do not deviate from the usual activities, i.e. the activities of a reasonable and average person, in that field of activity, and there is no suspicion that the risk factors as a whole could lead to the realisation of the risk of money laundering or terrorist financing.

B – Usual risk (2 risk points)

One or several risk factors exist in the risk category that deviate from the usual activities of a person acting in that field of activity, but the activity is still transparent and there is no suspicion that the risk factors as a whole could lead to the realisation of the risk of money laundering or terrorist financing.

C – High risk (3 risk points)

One or several risk factors exist in the risk category that as a whole grows suspicion of the transparency of the person and their activities, which causes the person to deviate from persons usually acting in that field of activity and it is at least possible that money laundering or terrorist financing is taking place.

As part of its on-going monitoring activities, BlueData OU performs all due diligence measures required by the regulatory authorities by which it is licensed by. The extent of the implementation of the measures depends on the nature of the specific business relationship or transaction or the level of risk of the person or customer participating in the transaction or act, i.e. the “know your customer” principle must be followed. When determining and defining the risk levels of the customer or a person participating in the transaction, the BlueData OU shall take into account, inter alia, the following risk categories:

1. CUSTOMER-RELATED RISK

1.1 RISK RELATED TO LEGAL NATURE OF CUSTOMER AND IDENTIFICATION OF BENEFICIAL OWNERS

A. Low risk is when the customer is:

• • • a company listed on a regulated market, which is subject to disclosure obligations that establish requirements for ensuring sufficient transparency regarding the beneficial owner;
    • a legal person governed by public law established in Estonia;
    • a governmental authority or another authority performing public functions in Estonia or a contracting state of the European Economic Area;
    • an institution of the European Union;
    • a credit institution or financial institution acting on its own behalf or a credit institution or financial institution located in a contracting state of the European Economic Area or a third country, which in its country of location is subject to requirements equal to those established in Directive (EU) 2015/849 of the European Parliament and of the Council and subject to state supervision;

B. Usual risk is when the customer is:

• • • a natural person;
    • a company with a firm and transparent structure and data of management bodies and beneficial owners (OÜ, AS, UÜ, TÜ, TÜH, incl. the foreign versions of these forms of companies) that are not listed on a market;
    • a non-profit association (MTÜ);

C. High risk is when:

• • • the beneficial owner of the natural person is some third person;
    • the customer is a legal entity of any form whose structure of the management bodies and/or beneficial owners is confusing and the relevant data is verified on the basis of the statement of the customer’s representative and/or internal or non-public documents provided by the customer;
    • the customer company, or the company related to the customer, has shareholders acting as a front or bearer shares;
    • the ownership structure of the customer company seems, when considering the activities of the company, unusual or too complicated;
    • the customer is a foundation, civil law partnership, trust, or common fund;
    • the customer is a person registered in a low tax territory. The list of countries not considered a low tax territory is available at: https://www.emta.ee/et/ariklient/tulud-kulud-kaive-kasum/mitteresidendi-eesti-tulu-maksustamine/nimekiri-territooriumidest;
    • the customer is a subject of European Union or UN sanctions, the list of which can be accessed on the home page of the Financial Intelligence Unit at: https://www.politsei.ee/et/organisatsioon/rahapesu/finantssanktsiooni-subjekti-otsing-ja-muudatused-sanktsioonide-nimekirjas/

1.2 RISK RELATED TO THE COUNTRIES OR GEOGRAPHIC TERRITORIES OR JURISDICTIONS

A. Low risk is when:

• • • the customer is from or their place of residence or location (hereinafter location) is in the Republic of Estonia;
    • the location of the customer is in another country of the European Union or the European Economic Area;
    • the location of the customer is in a third equivalent country which is provided by the common position adopted by the European Union (Appendix 16), which include Australia, Brazil, Canada, Hong Kong, India, Japan, South Korea, Mexico, Singapore, Switzerland, the Republic of South Africa, USA;

B. Usual risk is when the location of the customer is in a third country not listed above, excluding a third high-risk country;

C. High risk is considered in circumstances where the risk is primarily increased in such an event where the customer, person participating in a transaction or the transaction itself is related to a country or jurisdiction which, based on the trustworthy sources in the country like mutual assessments, detailed assessment reports or published follow-up reports, has no valid and efficient systems of the prevention of money laundering and terrorist financing. According to the Commission Delegated Regulation (EU) 2016/1675 (Appendix 13), the third high-risk countries include Afghanistan, Bosnia and Herzegovina, Guyana, Iraq, Lao PDR , Syria, Uganda, Vanuatu, Yemen, Iran, and DPR Korea. The list of countries as determined by the FATF belonging to third high-risk countries is disclosed on the following webpage: http://www.fatf-gafi.org/countries/#high-risk. Additionally, the following countries or jurisdictions indicate of a high risk customer, person participating in a transaction or transaction itself:

• • • That, according to credible sources, have significant levels of corruption or other criminal activity. To assess this, the data of annual Corruption Perceptions Index (CPI), published by the Transparency International (TI), is used and high risk is indicated by the CPI result of 39 or lower. The published CPI data is available online: https://en.wikipedia.org/wiki/Corruption_Perceptions_Index;
    • That are subject to sanctions, embargos or similar measures issued by, for example, the European Union or the United Nations. The list of EU sanctions for countries is available online: https://sanctionsmap.eu; the list of UN sanctions is available online https://www.un.org/sc/suborg/en/sanctions/un-sc-consolidated-list;
    • That provide funding or support for terrorist activities. These countries include DPR Korea, Syria, Sudan and Iran and they are primarily defined by the data of the United States State Department which is available online https://www.state.gov/j/ct/list/c14151.htm;
    • That have designated terrorist organizations operating within their territory, as identified by the European Union or the United Nations. These countries primarily include Syria, Iraq, Libya, Sudan, Somalia, Nigeria, Pakistan, India, Lebanon, Palestine, Sri Lanka, Philippines, Tajikistan, Uzbekistan, Yemen. The list of terrorist groups determined by the EU and UN is available online: https://en.wikipedia.org/wiki/List_of_designated_terrorist_groups.

1.3 RISK RELATED TO CUSTOMER’S ACTIVITY AND TO PROVIDED PRODUCTS OR SERVICES

A. Low risk is when the customer is a person performing usual and normal economic and professional activities and the turnover of the financial instruments of the customer, or the planned turnover of the financial instruments, is significantly small and does not exceed 40 000 euros per one year;

B. Usual risk is when the customer is a person performing usual and normal economic and professional activities and the turnover of the financial instruments of the customer, or the planned turnover of the financial instruments, exceeds 40 000 euros per one year;

C. High risk is when the business relationship takes place under unusual circumstances, including when the transactions are complicated and have unusually large scale, when the transaction patterns are unusual, or when the customer is a legal entity or another association of persons that does not have the status of a legal entity, if their economic activity does not have a reasonable and clear economic or lawful objective or it is not characteristic of a specific business field or if the customer’s activity includes any of the following, regardless of the amount of the turnover:

• • • private or personal banking;
    • providing or intermediating a product or service which may promote anonymity;
    • personal asset holding;
    • undertaking handling large amounts of cash;
    • currency exchange, conversion transactions;
    • providing a service of exchanging a virtual currency against a fiat currency or a virtual currency wallet service;
    • providing gambling services (in a casino, on the internet or at sports events);
    • purchasing and selling gold (incl. scrap gold), other precious metals or gemstones;
    • purchasing and selling luxury goods;
    • providing internet advertising;
    • providing innovative services;
    • establishing, selling and managing companies;
    • other activities with a higher than usual risk of money laundering or terrorist financing;
    • customer is providing services via untraditional sales channels;
    • there is a constant change of customers;
    • the person’s customer base has grown rapidly;

1.4 RISK RELATED TO BILLING AND TRANSACTIONS

A. Low risk is when:

• • • a long-term contract is entered into with the customer that is in a written or electronic format or in a format that can be reproduced in writing;
    • the client receives payments within the scope of the business relationship only via an account located in a credit institution entered in the Commercial Register in Estonia or in a branch of a foreign credit institution or in a credit institution that has been established or whose place of business is in a contracting state of the European Economic Area or in a state where requirements equal to those established in the Directive (ELU) 2015/849 of the European Parliament and of the Council are implemented;
    • the total value of the incoming or outgoing payments of transactions made in the business relationship does not exceed 15 000 euros per year.

B. Usual risk is when the customer uses the following during transactions with the Company

• • • a limited amount of cash that does not exceed 32 000 euros or the equal amount in another currency, regardless of whether the transaction is made as one payment or as several connected payments within a period of up to one year;
    • a credit institution, financial institution, payment institution or a payment system that is not located in a high-risk third country or promoting anonymity and that is, according to its own experience or independent sources, reliable, and performs controls against money laundering and terrorist financing;

C. High risk is when the customer uses the following during transactions with the Company:

• • • credit institution, financial institution, paying institution or tax system that promotes anonymity;
    • credit institution, financial institution, paying institution or tax system that is located in a high-risk third country;
    • settlement channels and accounts belonging to unknown or unrelated third persons;
    • settlement channels and accounts belonging to third persons who are unknown or unrelated;
    • large amounts of cash that exceeds 32 000 euros or the equivalent sum in another currency, regardless of whether the transaction is made as one payment or as several connected payments within a period of up to one year;

1.5 RISK ARISING FROM POLITICALLY EXPOSED PERSON

A. Low risk is when the customer is not a politically exposed person, the family member of the politically exposed person or a person known to be the close associate of the customer who is a politically exposed person;

B. Usual risk is when the customer is a politically exposed person, the family member of the politically exposed person or a person known to be the close associate of the customer. In such a case, the due diligence measures provided for in section 41 of the RahaPTS are applied in addition to the usual due diligence measures. The background of the customer is verified primarily by:

• • • the customer providing the information and their statement;
    • using the Google search engine, searching by the Latin name of the customer with their birth date;
    • using the information available at the web page of the Financial Intelligence Unit: https://www.politsei.ee/et/organisatsioon/rahapesu/kasulikku/

C. High risk is when the customer is a politically exposed person, the family member of the politically exposed person or a person known to be the close associate of the customer. In such a case, the due diligence measures provided for in section 41 of the RahaPTS are applied in addition to the usual due diligence measures. The background of the customer is verified primarily by:

• • • the information and statements received from the customer;
    • using the NameScan database at: https://namescan.io/FreePEPCheck.aspx, which is open access, and, if possible, any of the paid databases (e.g. Thomson Reuters, MemberCheck etc.);
    • using Google and the local search engine of the customer’s country of origin, if any, by entering the customer’s name in both Latin and local alphabet with the customer’s date of birth.
    • using the local politically exposed persons database, if it exists. For example, the local politically exposed persons of Ukraine are available at: https://pep.org.ua/en/.

1.6 RISK RELATED TO IDENTIFICATION OF CUSTOMER.

A. Low risk is when:

• • • the natural person who is the resident of the Republic of Estonia is identified face-to-face on the basis of documents provided for in subsection § 21 (3) of the RahaPTS;
    • the customer who is a legal entity entered in the commercial register of the Republic of Estonia, or the register of non-profit associations and foundations, is identified on the basis of original documents provided for in subsection § 22 (3) of the RahaPTS or on the basis of the public information of the commercial register, or the register of non-profit associations and foundations face-to-face with the customer or the representative of the customer by identifying the representative on the basis of documents provided for in subsection § 21 (3) of the RahaPTS, and in the case of an authorized person, on the basis of a notarized or equivalent document certifying their authority, which has been legalized or certified by a certificate (apostille) replacing legalization, unless otherwise provided for in an international agreement.

B. Usual risk is when:

• • • the foreign natural person customer is identified face-to-face on the basis of documents provided for in subsection § 21 (3) of the RahaPTS;
    • the foreign customer who is a legal entity is identified on the basis of original documents provided for in subsection § 22 (3) of the RahaPTS or on the basis of the public information of the commercial register, or the register of non-profit associations and foundations face-to-face with the customer or the representative of the customer by identifying the representative on the basis of documents provided for in subsection § 21 (3) of the RahaPTS, and in the case of an authorized person, on the basis of a notarized or equivalent document certifying their authority, which has been legalized or certified by a certificate (apostille) replacing legalization, unless otherwise provided for in an international agreement.
    • The identity of a natural person or legal entity is verified by a notarised or officially certified copy of the documents provided for in § 21 (3) of the RahaPTS or § 22 (3) of the RahaPTS.

C. High risk is when:

• • • during establishing the identity or verifying the information provided, suspicion has arisen as to the reality of the information provided or the authenticity of the documents or the identification of the beneficial owner;
    • a business relationship or transaction that is established or initiated in a manner whereby the customer, the customer’s representative or party to the transaction is not met physically in the same place and whereby § 31 of the RahaPTS is not applied as a safeguard measure;
    • the person is identified on the basis of other information originating from a credible and independent source, including means of electronic identification and trust services for electronic transactions, thereby using at least two different sources for verification of data in such an event.
    • the representative of the customer is a legal entity.

1.7 RISK RELATED TO CHANNELS OF COMMUNICATION OR TRANSMISSION BETWEEN THE THE COMPANY AND THE CUSTOMER.

A. Low risk is when:

• • • the customer is communicated through a communication or mediation channel that is agreed upon at the start of the business relationship or transaction or reliably changed during the course of the business relationship;
    • products or services are delivered to the customer through a reliably modified delivery channel during the business relationship or at the initiative of the transaction.

B. Usual risk is when:

• • • at the start of the business relationship or transaction, the customer is communicated with through a temporary communication or mediation channel;
    • the products or services are delivered to the customer through another temporary product or service delivery channel transmitted through an agreed communication or intermediation channel initiated by the business relationship or transaction.

C. High risk is when:

• • • the customer is communicated through an accidental, unreliable or unusual communication or mediation channel;
    • products or services are delivered to the customer through an accidental, unreliable or unusual delivery channel;
    • the existence and nature of a risk factor associated with the service provider used to deliver the service or product being sold;
    • the distance between the location of the customer and the service provided or product offered is significantly high;

Taking into account the above risk categories, BlueData OU determines the risk level of the person involved in the transaction or the customer, for example whether the customer’s money laundering or terrorist financing risk is low, normal or high or corresponds to other risk levels specified and used by the Company.

In order to determine the impact of each risk category, BlueData OU assesses the probability of the occurrence of risk factors in that risk category. To determine the impact of a particular risk category, a qualifying amount of the presence of risk factors that characterize it can be used to consider a particular risk factor as having “impact” or “no impact” for a given person when a certain threshold is exceeded.

Instructions for defining low level of risk:

• Generally, the customer’s level of risk is low if there is no influential risk factor in any of the risk categories so it can be concluded that the customer and their activities do not have different characteristics from normal and transparent activities, and there is no doubt that the customer’s activities may increase money laundering and terrorism financing.
• In the situations where due diligence is required by legal acts, and the information about the customer and its beneficial owner is publicly available, where the person’s activities and transactions are consistent with their usual economic activity and do not differ from other similar customers’ payments practices and behavior, or where there are quantitative or other absolute restrictions, the Company may consider the customer ‘s expected risk of money laundering or terrorist financing to be low.
• In the situation where at least one risk category qualifies as high, the risk of money laundering or terrorist financing cannot generally be low. On the contrary, low risk does not necessarily mean that the customer’s activities cannot be linked to money laundering or terrorist financing.
• If the risk arising from the business relationship, the customer or the party to the transaction or the transaction is low, based on the risk levels assigned to the party or customer and other conditions provided for in RahaPTS are met, the Company may apply simplified due diligence measures.

Instructions for defining high level of risk:

• Generally, the customer’s risk level can be considered high if, when assessing the risk categories as a whole, there is a suspicion that the customer’s activities are not usual or transparent, incl. there are influential risk factors and it can be assumed the risk of money laundering or terrorist financing is high or significantly increased. The customer’s risk level is also high if it is indicated by some separate feature of the risk factor. However, high risk does not necessarily mean that the customer is engaged in money laundering or terrorist financing.
• If the Company considers the risk of the customer or the person involved in the transaction to be high, the Company must apply enhanced due diligence measures in order to properly manage the respective risks. The due diligence measures must be applied in accordance with the provisions of the RahaPTS.

BlueData OU shall document, update and disclose the determination of the level of risk to the competent authorities if necessary.

BlueData OU’s services are primarily related to the handling and storage of currencies ​​presented in a digital form. The provision of a service of exchanging a virtual currency against a fiat currency and a virtual currency wallet service primarily requires the use of new and evolving technologies, which may involve the implementation of new or non-traditional sales channels within the economic activities of the Company. The vast majority of virtual currencies are comprised of different cryptocurrencies and related tokens, built on a new and rapidly evolving blockchain technology and a distributed database that is updated through a mathematical consensus algorithm.

This assessment is mainly the result of the following factors:

1. Block-chain technology is new and evolving, so the mechanisms and algorithms for its occurrence, existence, transfer and trading are not constant and may be too complex to understand. This encourages the involvement and use of virtual currencies, including cryptocurrency, in various fraudulent schemes and scams;
2. Block-chain technology promotes anonymity (cryptocurrency wallet addresses are not personalized and exist usually in large quantities), which may involve the use of virtual currencies, including cryptocurrency, in money laundering, tax evasion, terrorist financing or criminal schemes;
3. Block-chain technology is based on a P2P network and is not regulated by any central organizations which may facilitate the manipulation of the value of virtual currencies, including cryptocurrency.

This risk analysis, risk mitigation method and the definition of risk appetite defined by BlueData OU as a provider of service of exchanging a virtual currency against a fiat currency and a virtual currency wallet service have been prepared in order to fulfil the obligation arising from the RahaPTS in view of the general risk associated with the Company’s activities.

BlueData OU is obliged to inform the employees of the company on an ongoing basis about changes in the risk assessment arising from the Company’s activities and changes in the company’s long-term and short-term doctrine and separate viewpoints and instructions (according to the market situation, the political and economic situation, the arrangements of the supervisory authorities, etc) in order to comply with the provisions of the RahaPTS. This information and these notices do not necessarily have to be in the form of appendices to these guidelines and may be provided at meetings, through the heads of structural units, via e-mail or orally, but regardless of the method of transmission, it is mandatory to comply with and follow this information and these notices.

1. RISK RELATED TO ACTIVITIES OF THE COMPANY AND NATURE OF SERVICES PROVIDED

The folloWing lists the risk factors and circumstances related to the customer’s degree of risk arising from the nature and volume of services provided by BlueData OU to the customer.

A. Low risk is when:

• • BlueData OU sells any virtual currency to the customer and the customer pays for it through a payment account located in a credit institution, electronic money institution or payment institution established in Estonia.
  • BlueData OU provides the customer with a virtual currency wallet service and the customer keeps in BlueData OU’s virtual currency wallet his/her own virtual currency, which was purchased from the Company does not transfer these virtual currencies to third parties or receive virtual currency transfers from third parties;
  • the total value of incoming or outgoing payments for business transactions does not exceed 15 000 euros per year.

B. Usual risk is when:

• • BlueData OU sells any virtual currency to the customer and the customer pays for it through a payment account located in a credit institution, electronic money institution or payment institution established in Estonia or in a contractual state of the European Economic Area.
  • BlueData OU provides the customer with a virtual currency wallet service and the customer keeps their virtual currency in the virtual currency wallet and makes virtual currency transfers to virtual currency wallets opened in an institution subject to requirements equivalent to RahaPTS;
  • the total amount of incoming or outgoing payments related to business transactions or service contract in one calendar month does not exceed 15 000 euros for a natural person and 25 000 euros for a legal entity.

C. High risk is when:

• • BlueData OU sells any virtual currency to the customer and the customer pays for it through a payment account located in a credit institution, electronic money institution or payment institution established outside of a contractual state of the European Economic Area.
  • the customer sells virtual currency for money which promotes anonymity;
  • BlueData OU provides the customer with a virtual currency wallet service and the customer keeps their virtual currency in the virtual currency wallet and transfers virtual currencies to virtual currency wallets opened in an institution for which no requirements equivalent to RahaPTS have been established;
  • BlueData OU provides the customer with a virtual currency wallet service and the customer keeps the virtual currency of third parties in the virtual currency wallet;
  • the total amount of incoming or outgoing payments related to business transactions or service contract in one calendar month exceeds 15 000 euros for a natural person and 25 000 euros for a legal entity.

   2. MITIGATION OF RISKS

Given that money laundering, terrorist financing and support for criminal activities generally has a cause and is effective when dealing with larger amounts of money than usual, BlueData OU shall, in addition to the due diligence measures set out in these guidelines, impose the following restrictions on the volume of business transactions:

• If the results of a customer risk analysis allows for the application of simplified customer due diligence measures, they may be applied to a customer whose total value of incoming or outgoing payments does not exceed 1000 euros per year, and the value of monthly payments does not exceed 500 euros;
• If the results of a customer risk analysis allows for the application of usual customer due diligence measures, they may be applied to a customer whose total value of incoming or outgoing payments does not exceed 15 000 euros per year, and the value of monthly payments does not exceed 5000 euros;
• If the total value of incoming or outgoing payments in the course of a customer’s business relationship exceeds 15 000 euros per year, that customer shall always be subject to enhanced due diligence measures.
• If the total value of incoming or outgoing payments in the course of a customer’s business relationship exceeds 100 000 euros per year, BlueData OU’s compliance officer shall decide on the establishment or continuation of this customer’s business relationship.

  3. RISK APPETITE

BlueData OU shall not enter into business relations with persons who are prohibited by these guidelines and its appendices or laws and/or who are suspected by the Company of using the its services for money laundering, tax evasion, terrorist financing or criminal schemes, but shall not create additional barriers to the use of services by customers for whom there are no such doubts.  

BlueData OU shall avoid business relations in particular with the following categories of customers:

• It is not possible to identify the customer;
• It is not possible to apply the due diligence measures arising from RahaPTS to the customer for any reason;
• The customer is located in a high-risk third country as referred to in Directive (EU) 2015/849 of the European Parliament and of the Council;
• The customer is a subject of the European Union or UN sanctions;
• The customer is a legal entity of any form whose structure of the management bodies and/or beneficial owners is confusing and the relevant data cannot be verified, including on the basis of the statement of the customer’s representative and/or internal or non-public documents provided by the customer;
• The customer has previously been convicted of money laundering, tax evasion, terrorist financing or criminal activities that may be directly or indirectly linked to virtual currencies or is under criminal proceedings and the Company has information in this regard.

  4. CUSTOMER IDENTIFICATION SPECIFICATIONS

BlueData OU has established numerous measures in order to identify the identity of a customer, in addition to the provisions provided for in § 21 (3) or § 22 (3) of the RahaPTS which require meeting the customer face-to-face, in such a way that enables identification of the customer without being in the same place. In such a case, the customer shall deliver the original identity document to BlueData OU in the form that is authenticated by a notary or certified by a notary or officially.

Alternatively, the possibility provided for in § 21 (4) or § 22 (4) of the RahaPTS shall be used to identify the customer on the basis of other information originating from a credible and independent source, including means of electronic identification and trust services for electronic transactions, thereby using at least two different sources for verification of data in such an event.

BlueData OU shall mainly use two sources from the following list:

• The customer shall be interviewed by means of an information technology device established and implemented by the Company which is secure and does not allow data processing and which allows the transmission of a synchronized audio and video stream, in which the customer demonstrates their identity document and face in such a way that all the data is legible and a high quality photograph of the customer’s document and face can be taken. The aforementioned interview and the photos taken are recorded and kept under the conditions set forth by the provisions of RahaPTS;
• The customer makes a trial payment (for example in the amount of 1 euro) to the Company’s account from an account located in a credit institution registered in Estonia or a branch of a foreign credit institution that is established or the seat of which is in a contracting state of the European Economic Area or in a country applying requirements equivalent to the Directive (EU) 2015/849 of the European Parliament and of the Council;
• The customer shall transmit to the Company, through an information technology device established and put into use by it which is secure and does not allow data processing, images of their identity document and face in such a way that all the data is legible and a high quality photograph of the customer’s document and face can be taken. The aforementioned photos taken are recorded and kept under the conditions set forth by the provisions of RahaPTS;
• The customer delivers to the Company in a digital form a picture of the customer’s rent, utilities, gas, electricity, telephone or internet bill that has been paid for, through which it is possible to identify the customer’s personal data along with the address of residence;
• The customer delivers to the Company in a digital form a statement of their bank account, which is confirmed by the bank and from which the customer’s personal data with the address of residence can be seen;

The procedures containing additional details for the customer identification based on the information from other reliable and independent sources shall be established in the rules of procedure.