Viacurrent's Privacy Policy

Viacurrent OÜ ("Viacurrent", "we", "us", “our”) is an e-service provider through which employers (hereinafter referred to as the “Client”, “Clients”) can provide flexible salary payouts to their employees (hereinafter referred to as the "User" or "Users", "You") to increase their financial well-being. We highly value your privacy and will do everything to protect your personal data and comply with data protection and privacy regulations. Access to personal data is governed by the Public Information Act, the Data Protection Act, and the European Parliament and Council Regulation (EU) 2016/679 of April 27, 2016, known as the "General Data Protection Regulation" (hereinafter referred to as "GDPR"). Unless otherwise specified in this Privacy Policy (hereinafter referred to as the "Notice"), the terms used in the Notice are used in the sense of Article 4 of the GDPR.


The purpose of the Notice is to clearly and accurately describe the collection and processing of Personal Data related to our managed website https://viacurrent.com/, its subdomains (hereinafter referred to as the “Website”), mobile application (hereinafter referred to as the “Application”) and the various components used therein (hereinafter referred to collectively as the "Platform").

  1. Processor of Personal Data

1.1. Name and contact

Name: Viacurrent OÜ

Registration number: 16798201

Address: Õnne 39-3, Tartu, 50106, Estonia

Email: team@viacurrent.com

1.2. Data Protection Officer

Our designated Data Protection Officer ("DPO") oversees inquiries related to the Notice. If you have any questions or wish to exercise your legal rights, you can contact our Data Protection Officer via the application or website inquiry form, or by email at legal@viacurrent.com.

  1. Handled Personal Data

Personal Data refers to all information related to an identified or identifiable natural person, expressing the individual's physical, mental, physiological, economic, cultural, or social characteristics, relationships, and affiliations. Therefore, all data that can be associated with a natural person, even indirectly, must be treated as Personal Data.

2.1. Identity data – full name (surname and first name), gender, date of birth;

2.2. Contact data – email address and mobile phone number;

2.3. Employment data – employment status, employer’s name, income, work hours, and shifts;

2.4. Transaction data – details about payments made by you and to you through our Platform;

2.5. Financial data – account number (IBAN), account holder's name, bank name;

2.6. Device data – information about the device you use to access the Viacurrent Platform, including device model, name or other identifier, IP address, and device language preference;

2.7. Preference data – your preferences on the Viacurrent Platform;

2.8. Customer Support data – communication between Viacurrent and you (inquiries made through the web, email, social media, or chat);

2.9. Marketing and Communications data – preferences regarding our or third-party marketing and your chosen communication channels, feedback, and survey responses;

2.10. Usage data – data related to your interactions on the Viacurrent Platform;

2.11. Background data – data that is collected to evaluate information from public sources about the Client's reputation;

Although we need to process the above-mentioned data to provide a convenient and comprehensive solution, not all of this data is stored in our database. When possible, some data is fetched and processed only at the time of using the Application, provided you have given permission for this.

  1. Purposes and Legal Bases for Processing Personal Data

The processing of your personal data adheres to specific, lawful, and clearly defined purposes based on Article 6 of the GDPR. Viacurrent processes your personal data for the following purposes and legal bases:

Purpose of Processing

Processed Data

Legal Base for Processing

Creating a user account and enabling the use of the Platform

2.1. Identity data; 2.2. Contact data; 2.3. Employment data; 2.4. Transaction data; 2.5. Financial data

  1. Data subject has given consent for processing their Personal Data (GDPR Article 6, para 1(a)).

  2. Processing is necessary for the performance of/or entering into a contract (GDPR Article 6, para 1(b)).

  3. On the basis of legitimate interests (GDPR Article 6, para 1(f)).

Ensuring communication between us and the Client and/or User, including 

(a) Notification of changes to our Terms or Notice

(b) Gathering feedback and participation in surveys

(c) Provision of technical support

2.1. Identity data; 2.2. Contact data; 2.6. Device data; 2.8. Customer Support data; 2.9. Marketing and Communications data; 2.10. Usage data

  1. Data subject has given consent for processing their Personal Data (GDPR Article 6, para 1(a)).

  2. Processing is necessary for the performance of/or entering into a contract (GDPR Article 6, para 1(b)).

  3. On the basis of legitimate interests (GDPR Article 6, para 1(f)).

Payment for services and processing of payments

2.3. Employment data; 2.4. Transaction data; 2.5. Financial data

  1. Compliance with legal obligations (GDPR Article 6, para 1(c)).

Collecting analytical data to enhance our Platform's products/services, marketing, customer relationships, and experiences

2.6. Device data; 2.7. Preference data; 2.10. Usage data

  1. On the basis of legitimate interests (GDPR Article 6, para 1(f)).

Providing relevant marketing information and assessing its effectiveness

2.1. Identity data; 2.2. Contact data; 2.6. Device data; 2.9. Marketing and Communications data; 2.10. Usage data

  1. Data subject has given consent for processing their Personal Data (GDPR Article 6, para 1(a)).

Additional consent is requested.

Personalisation of the user experience

2.6. Device data; 2.7. Preference data; 2.10. Usage data

  1. On the basis of legitimate interests (GDPR Article 6, para 1(f)).

Verification of compliance, ensuring Platform safety and security, and meeting regulatory requirements

2.11. Background data

  1. Compliance with legal obligations (GDPR Article 6, para 1(c)).

  2. On the basis of legitimate interests (GDPR Article 6,

For example, we require Personal Data so that we can partially pay you before payday. To do this, we need your identity and contact data for your initial identification, as well as your employment, payment and financial data to process and confirm the transfer.


Various device, preference, and usage data can be used to enhance the user experience and make using the Application smoother and more straightforward. For instance, based on device data, we can automate language selection within the Application.


Using marketing and communication data, we can provide you with personalised and relevant information about our services and offers. This ensures that you receive only notifications that genuinely interest you. Through different feedback channels, we can further improve the Platform to make it even more beneficial for you.

  1. Methods of Data Collection

4.1. Integrations – data necessary for the provision of the service is collected through integrations with the Client's or Clients' payroll systems, provided you have given permission for this (2.1. Identity data, 2.2. Contact data, 2.3. Employment data, 2.5. Financial data);

4.2. Direct Collection – data is collected through in-app chats, forms, or correspondence across channels; through feedback and requests for marketing materials (2.8. Customer Support data, 2.9. Marketing and Communications data);

4.3. Product Interactions – data is automatically collected when you use our Platform services (2.4. Transaction data, 2.6. Device data, 2.7. Preference data, and 2.10. Usage data);

4.4. Third-Party Sources – data is collected, for example, from databases of individuals subject to financial sanctions and international financial sanctions, as well as from databases of individuals with a national background (2.11. Background data);

  1. Transmission of personal data

All third parties with whom your Personal Data are shared are obliged to ensure the security and confidentiality of your Personal Data and to handle it in accordance with the law. They are not allowed to use your Personal Data for their own purposes. In the event that the aforementioned third parties are located outside the European Economic Area (“EEA”), Viacurrent undertakes to implement appropriate security measures to ensure the security of Personal Data (including protection against misuse, unauthorised access, disclosure, alteration or destruction).

Your Personal Data may be disclosed to:

  1. legal authorities and regulatory authorities (e.g., business registers, tax and customs authorities), to whom we are legally obligated to disclose Personal Data;

  2. the User's Personal Data may be shared with the Client who engaged us to provide the service;

  3. IT and system administration service providers and server hosts who manage Viacurrent's servers and databases;

  4. identity verification service providers who assist in verifying your identity;

  5. communication service providers who facilitate e-mails, phone calls, SMS messages and other communications between parties;

  6. professional advisers, such as consultants, financial advisors, legal advisors, and accountants;

  7. potential business partners or buyers in the event of a company sale or merger, where the new entity may continue to use your Personal Data as described in this Notice;

  8. customer support and customer management service providers;

  9. marketing service providers;

  10. our payment service providers;

We always ask for your explicit consent before sharing your Personal Data with any third party for marketing purposes.

6. Security of Personal Data

The data centres used by us are located in the territories of countries in the European Economic Area (“EEA”).

Viacurrent implements the necessary legal, organisational, operational and technical measures to safeguard your Personal Data against loss, misuse or unauthorised access. Access to your data is limited to those who have a legitimate business need for it and with whom a data processing agreement has been concluded.

Viacurrent grants access to Personal Data only to those employees for whom such access is necessary to perform their job functions. These individuals are bound by confidentiality agreements and they have been introduced to the Personal Data Protection requirements.

More detailed information about the security of our Platform can be found in our Security Statement.

7. Integrity and Retention of Personal Data

7.1. Data Completeness

Viacurrent retains your Personal Data to the extent necessary for their use in accordance with the purpose and legal basis of their processing. We implement various measures to ensure the reliability, accuracy and integrity of the processed Personal Data.

7.2. Retention Period

Unless otherwise stipulated by legal requirements or permissions, we retain Personal Data for as long as there is a contractual relationship with your employer or until you exercise your right to stop the processing of your Personal Data.

Removing the Application does not result in the deletion of your Personal Data. If the Application has not been used within three years, we will contact you and ask you to confirm whether you want to keep your account active. If a response is not received within a reasonable period of time, the account will be closed and the related Personal Data will be deleted, unless it is necessary to retain the data for the purposes mentioned above in the Notice.

8. Use of Cookies

The Website uses cookies and other similar technologies to provide certain services and functions and to enhance the online experience. Cookies allow the website to remember certain preferences that you have made (e.g., language preference). Information about the cookies that we use can be found in our Cookie Policy.

It is possible to delete or block cookies at any time through your browser settings, but doing so may impair the functionality and usability of the Website. More general information about cookies can be found at https://www.allaboutcookies.org.

9. Marketing Communications and Opting Out

In accordance with the GDPR, you have the option to opt out of receiving marketing content at any time by sending an email to the address provided in Section 1.1. of this Notice or by using the unsubscribe links included in marketing emails. Opting out of marketing content does not affect transactional or service messages.

Settings related to the nature and frequency of promotional messages you receive from us can be changed in the “Settings” subsection of the Application. Changes may take up to five (5) business days to be processed in our systems.

10. Referral to Third Parties on the Platform

Our Platform may contain links to third-party websites and applications (such as the Ministry of Finance). Clicking on these links will take you to their website or application. In such cases, you may enable third parties to collect or share your Personal Data. We do not monitor and are not responsible for the privacy practices of third-party websites to which we link to. We recommend that you review the privacy notices of these websites and applications, when applicable.

11. Your Rights

In accordance with the law, you have several rights concerning the processing of your Personal Data by us.

11.1. Right of Access – you have the right to access and receive information about the Personal Data processed by us. You can request a copy of your Personal Data from us using the email address provided in Section 1.1. of this Notice.

11.2. Right to Withdraw Consent – if data is processed based on your consent, you have the right to withdraw it at any time, but this may result in limited functionality of our Platform.

11.3. Right to Rectification – you have the right to request the correction or completion of inaccurate or incomplete Personal Data held about you.

11.4. Right to Erasure – you have the right to request the deletion of your Personal Data from our systems. We will comply with such a request unless we have a legal basis for not deleting the data, but this may result in limited or non-existent functionality for you on our Platform.

11.5. Right to Object – you have the right to object to the processing of your Personal Data when it is processed for purposes other than providing the service or fulfilling a legal obligation. For example, you can request that we stop processing data for direct marketing purposes, but this may result in limited functionality of the service.

11.6. Right to Restrict Processing – you have the right to request the restriction of the processing of your Personal Data, for example, when the deletion, correction, or objection to the data is pending, and/or when there is no legal basis for processing your data. In such cases, the data is saved but not further processed. For example, in a situation where you dispute the correctness of your Personal Data, the processing of the data is restricted until its correctness is ensured. This may result in limited functionality of the service.

11.7. Right to Data Portability – you have the right to receive the Personal Data you have provided to us in a structured, publicly available, and machine-readable format and to independently transmit it to third parties.

12. Exercising your Rights and Filing Complaints

In the event that our actions or inaction cause you concern and you believe that the Notice or legal requirements may not be complied with, you can contact us in a way that suits you, including reaching out to our Data Protection Officer at the email address provided in Section 1.2. of this Notice.

When exercising the rights outlined in Section 11 of this Notice, it is mandatory to prove your identity. To speed up the process, we recommend digitally signing the complaint, which allows you to be identified immediately. Please include your first and last name, email address and phone number in the complaint. If we are unable to verify your identity, we may request additional information. Generally, we do not charge a fee for access to your Personal Data, but we may refuse to process a complaint if the claim is unfounded or unreasonably repetitive.

13. Children's Privacy

We do not knowingly collect Personal Data from individuals under the age of 13 through our Platform. If you believe that someone under the age of 13 has provided us with Personal Data, please contact us at the email address provided in Section 1.1. of this Notice, and we will work to delete the information.

14. Changes to the Notice

We reserve the right to update the Notice periodically and without prior notice to reflect changes in our Personal Data processing practices. We will publish a prominent notice on our Platform to inform you of such changes. We will also inform you about the new conditions by email. If the new terms refer to the processing of your Personal Data for any purpose for which your consent is necessary, we will not process them for this new purpose until we have obtained your consent.

We will not send you emails for minor changes (e.g., language corrections), but we will always provide access to archived versions of the Notice. At the end of the Notice, we display the date of the most recent version.

15. Confirmation in the Application

By accepting this Notice within the Application, you confirm that you have read and understood it, agree to its terms, and know how to reach out to us if you have any questions or concerns.


Last Updated: 4th of December, 2023

Let's talk about your
frontline employees

If your organisation wants to see how the financial security of your employees improves recruitment, retention and productivity, we’d love to hear from you.

Let's talk about your
frontline employees

If your organisation wants to see how the financial security of your employees improves recruitment, retention and productivity, we’d love to hear from you.

Let's talk about your
frontline employees

If your organisation wants to see how the financial security of your employees improves recruitment, retention and productivity, we’d love to hear from you.