Privacy policy


This Privacy Policy describes the principles and rules that Mogo OÜ (hereinafter also the Creditor) follows when processing the personal data of its customers (ie when performing any action associated with personal data, eg upon the documenting or storing of personal data). The purpose of the Privacy Policy is to clarify what personal data and for what purposes the Creditor collects and what the rights does the customer have in relation to the processing of such personal data by the Creditor.

    Personal Data - For the purposes of this Privacy Policy, personal data is any data that allows the identification of a natural person, such as the contact details of a natural person.
    Processing - any operation or set of operations on personal data, which may include the collection, documentation, organization, structuring, storage, modification and similar activities.
    Customer - a natural person who uses or has used Mogo services.
    Creditor - Mogo OÜ (the controller) who has a valid activity license for giving out credit issued by the Financial Inspection.
    Credit application - the Customer's application together with all information and documents submitted by the Customer to the Creditor for the purpose of using the Mogo service and concluding the Credit Agreement.
    Credit Agreement - a credit Agreement entered into between the Borrower (Customer) and the Creditor.
    Mogo Group - Mogo Finance S.A., a private limited company registered in the Grand Duchy of Luxembourg and all Mogo Finance S.A. legal persons (subsidiaries) that are directly or indirectly controlled by it.

    Mogo OÜ, address Pärnu mnt 102B Tallinn 11312, registry code 12401448, is the controller of customers' personal data being the Creditor. The Creditor can be contacted via following channels:
    phone: 6 888 200

    The Creditor is the controller for all personal data processing activities related to the provision of the Mogo service. The Creditor is also the controller when sending offers, advertisements and newsletters related to the Mogo service to the Customers.
    This means that the Creditor is the controller of the Customer's data when it is processed in order to evaluate and analyze the submitted personal data in order to enable the Customer to enter into a Credit Agreement.
    As a Creditor, we ensure that the personal data of our Customers is not accessed by persons who do not need it, using the necessary technical and organizational measures. To realize and exercise their rights, Customers may turn to the Creditor.

    In the course of providing the service, Creditor may process the Customer’s personal data in connection with third parties and transfer the Customer’s personal data to them. An "authorized processor" of personal data is a natural or legal person, public authority, authority or other body which processes personal data on behalf of the controller. The list of Creditors' authorized processors is available at

    The protection of the Customer's personal data is important for Mogo and Mogo makes every effort to protect the Customer's personal data in the best possible way and to apply the best practices in the field of personal data processing. To this end, the Creditor processes the Customer’s personal data in accordance with the principles set out in this Privacy Policy:

    4.1 Transparency - Creditor processes Customer’s personal data in a fair and transparent manner and only in a way that is permitted by law. The Creditor shall make every effort to ensure that the processing of personal data is as transparent and comprehensible as possible.

    4.2 Purpose limitation - Creditor collects Customer’s personal data for precisely and clearly defined and legitimate purposes. Mogo will not subsequently process the Customer's personal data in a manner that would be contrary to the original processing purposes, unless it is based on legal bases arising from law or the Customer's permission.

    4.3 Collection of as little data as possible - Personal data processed by the Creditor is relevant and limited to what is necessary for processing.

    The creditor shall use his best endeavors to ensure that the purposes for which the data are processed are adequate,

    4.4 Accuracy - The purpose of the Creditor is to ensure that the Customer’s personal data is correct and, if necessary, relevant.

    Mogo will make every effort to ensure that the incorrect personal information is deleted or corrected immediately.

    4.5 Limit for Retention - we store the Customer's personal data in a form that allows us to identify the Customer only as long as it is necessary to fulfill the purpose of processing the personal data for which the Customer's personal data was collected. If the Customer’s personal data is no longer needed and there is no legal basis for its further processing, such data will be anonymised, deleted or destroyed. Mogo generally retains the Customer's personal data until the expiry of any claims arising from the customer relationship, unless the legislation imposes a direct obligation to retain the Customer's personal data for another term.

    4.6 Reliability - we ensure that Customer’s personal data is processed in a manner that ensures the appropriate security of the personal data. Among other things, Mogo makes every effort to protect the Customer's personal data against unauthorized or illegal processing and against accidental loss, destruction or damage.

    4.7 Integrated and default data protection - when developing, selecting and using applications, services and products for processing personal data, the Creditor takes into account the need for the protection of such data.


    The following personal data about the Customers is processed by the Creditor:

    5.1 Personal data (including name, date of birth, personal ID code, language of communication, marital status and data of identity documents);

    5.2 Contact details (including postal address, residential address, email address and telephone number);

    5.3 Data on the job and education (including level of education, educational institution, employer, position and specialty);

    5.4 Information on the economic and financial situation (including Income, assets, liabilities, origin of assets, current account transactions);

    5.5 Data on reliability and creditworthiness (including Data on the Customer's payment behavior and breach of obligations, the Customer's relations with other persons);

    5.6 Data on consumption habits, preferences and satisfaction of Mogo services;

    5.7 Data on participation in consumer games and campaigns organized by the Creditor (eg data on points collected and prizes won);

    5.8 Information obtained during the performance of the obligations arising from law;

    5.9 Personal data collected by IP address and cookies.


    The Creditor processes Data for the following purposes:

    6.1 Conclusion, amendment and performance of credit Agreements, including the performance of the Creditor’s obligations;

    6.2 Processing of the Customer’s loan application;

    6.3 Making a loan offer;

    6.4 Calculation of the loan burden suitable for the Customer;

    6.5 Preparation for concluding loan Agreements;

    6.6 Operations related to loan Agreements in order to give out a loan;

    6.7 Communication with Customers;

    6.8 Customer’s identification in order to use the service and conclude the contract;

    6.9 Development of the Creditor's IT systems and services, products and services;

    6.10 Performing statistical and financial analysis;

    6.11 Fulfillment of other obligations arising from the law.


    Definitions for determining the legal bases for the processing of personal data:

    7.1 Legal obligation - the Creditor processes Customer’s personal data in order to fulfill the legal obligations arising from various legal acts (e.g. obligations arising from the legislation regulating the prevention of money laundering and terrorism).

    7.2 Agreement - Creditor processes Customer’s personal data for the performance of the concluded credit Agreements, as well as for taking measures prior to the conclusion of the Agreement.

    7.3 Consent - In order to send advertisements and offers, Creditor processes Customer’s personal data on the basis of the consent. Consent is voluntary and can be withdrawn at any time by notifying the Creditor.

    7.4 Legitimate interest - The Creditor may process the Customer’s personal data on the basis of a legitimate interest (for example, to ensure the security of data and information, service development, fraud prevention) to ensure the security of the service if the Customer’s interests and rights do not prevail.

    Types of personal data / Purpose of processing / Legal basis

    Personal data (name, personal ID code, date of birth, identity document data) / Identification / in the Money Laundering and Terrorist Financing Prevention Act

    Contact information (phone number, address, email, language of communication) / Customer communication / Preparation, monitoring and fulfillment of the Agreement

    Data on family and field of activity (marital status, number of dependents, occupation and specialty, education) / Creditworthiness assessment / Creditors and Intermediaries Act, Law of Obligations Act, Guidelines of the Financial Inspection

    Financial data (income, liabilities, previous payment behavior, debts, concluded and terminated contracts, submitted applications, breach of a contract, credit score) / Creditworthiness assessment, risk management and risk mitigation / Creditors and Intermediaries Act, Law of Obligations Act

    Data on the Client's reliability and the origin of assets (money laundering, terrorist financing, organized crime, payment behavior, previous penalties, ongoing proceedings; data on the workplace, actual beneficiaries of counterparties; sources of income, related parties, Customer’s national background). / Implementation of due diligence measures / Money Laundering and Terrorist Financing Prevention Act.

    Customer affiliation (age, participation in previous consumer games, product-based interest expressed) / Direct marketing, campaigns / Legitimate interest in developing business and product offers.

    Technical data on the use of the Mogo website (IP address, content of the operation, time taken for the operation) / User-friendliness analysis / Legitimate interest in developing the website and increasing the user-friendliness.

    Pension data with additional data (contributions to the second pension pillar, number of children) / Customer creditworthiness assessment, risk management / Consent

    Debt data (history of payment behavior, outstanding debts) / Debt management / Legitimate interest for payment of debts; credit risk management.

    Voice recording (call, date) / Protection of the rights in processing of personal data / Consent


    The Creditor may release personal data in the following cases:

    8.1 To the companies belonging to the same group as the Creditor;

    8.2 To auditors and legal advisers related to the activities of the Creditor;

    8.3 To the person compiling the credit ratings or assessments;

    8.4 To the third party service providers (e.g. car dealers) in connection with the sale and the identification of Mogo services;

    8.5 To the authorized data processors;

    8.6 To the persons related to the performance of the concluded contract and to the services to the Customer, including sureties, guarantors, owners of collateral, pledgees, providers of translation, communication, IT and postal services);

    8.7 To the database keepers and administrators (payment default register) to which Mogo transmits information for the purpose of implementing the principle of responsible lending under the legislation or an Agreement;

    8.8 To a new Creditor in case of the assignment of the right of the claim;

    8.9 To other third parties (e,g. debt collection service providers) if the Customer has breached the Agreement.


    In order to make a loan offer to a Customer and enter into a Credit Agreement, the Creditor may, in addition to the information provided in the application, collect data from other sources mentioned below. This is done to implement the principle of responsible lending, including the assessment of the Customer's reliability and creditworthiness and the assessment of a person's credit risk.

    9.1 Among other things, Creditor may additionally collect data from the following sources:

    9.1.1 Third parties (for example, other credit and financial institutions, companies belonging to the same group as the creditor);

    9.1.2 Legally accessible and public databases and registers of the Creditor (including the Population register, credit and payment default registers, pension register (Estonian CSD), Commercial Register, Land Register, Web portal of Official Announcements, lists of financial sanctions, etc.);

    9.1.3 Public sources (eg search results from Internet search engines, etc.).

    9.2 From the above-mentioned sources, Creditor processes the following data as well:

    9.2.1 Information on the Customer’s economic and financial situation, e.g. assets, liabilities;

    9.2.2 Data on the Customer's reliability and creditworthiness, e.g. data on the Customer's payment behavior and breach of obligations;

    9.2.3 The Customer can find more detailed information on what data and from which sources is collected by the Creditor in the Privacy Policy published on the Creditor’s website.


    10.1 The Customer has the right to receive information on the scope and use of the processing of his or her personal data and to examine the data concerning him or her at any time. In order to do this, the Customer must submit a handwritten or digitally signed application. The Creditor shall establish the identity before issuing the personal data in order to prevent the personal data from falling into the hands of unauthorized persons.

    10.2 The Customer has the right to correct personal data. If the Customer finds that Mogo processes incorrect or incomplete personal data about him, the Customer has the right to request the correction or supplementation of this data.

    10.3 If Mogo no longer has a legal basis for the use of the Customer's personal data, the Customer has the right to demand the termination or deletion of the use of such data. The Customer has also got the right to object to the personal data processing operations concerning him or her. In certain cases, the Customer has the right to prohibit or restrict the processing of his or her personal data for a certain period of time (e.g. if the Customer has submitted an objection to the data processing).

    10.4 The Customer has the right to ask the Creditor which third parties his or her personal data has been transferred to.

    10.5 The Customer has the right to view the information about the authorized processors on the Creditor’s website

    10.6 The Customer has the right to ask the Creditor to transfer his or her personal data to another personal data controller, if this is technically possible.

    10.7 If the Customer suspects that the requirements of legislation have not been complied with in the processing of his or her personal data, he or she has the right to submit a complaint to the state supervisory authority, which is the Data Protection Inspectorate in Estonia (Väike-Ameerika 19, 10129 Tallinn).

    10.8 If Mogo processes the Customer's personal data on the basis of consent, the Customer has the right to withdraw at any time by notifying the Creditor that he or she does not wish to receive personal offers or advertisements, let his or her data be processed for consumer research and / or direct marketing and / or let his or her data be transferred to third parties.


    11.1 Profiling means the automated processing of personal data in any form, which involves the use of personal data to assess certain personal aspects related to the Customer. The Creditor uses profiling, for example, to analyze the use of the service by the Customers for marketing and sales purposes via the website. Also in assessing potential risks in compliance with anti-money laundering and terrorist financing requirements.

    11.2 Automated decisions are used by the Creditor to assess the probability of insolvency and to make limited credit decisions. The described data processing takes place in accordance with Mogo's legitimate interest, the Money Laundering and Terrorist Financing Prevention Act, as well as the fulfillment of obligations arising from other legislation, concluding or fulfilling a contract, implementing pre-contractual measures at the Customer’s request or fulfilling the Creditor’s obligations arising from legislation. The decision to grant or refuse credit is indispensable for the conclusion of the agreement between Mogo and the Customer.

    11.3 Profiling and automatic decision-making enables the Creditor to offer services to the Customers more efficiently, thus avoiding possible mistakes. For automatic data processing, the Creditor does not collect additional customer data, but uses data that exists about the Customer or what data the Creditor must collect about the Customer due to legal requirements, including payment defaults, penalty register, list of international sanctions and other information known to the Creditor.

    11.4 In order to protect the rights of the Customers, Mogo has left the Customers with the opportunity to express a wish for the decision to be reviewed manually instead of making automatic decisions.

    11.5 On the other hand, as a result of profiling, Creditor makes offers and displays such advertisements to Customers that he believes may be of interest. The Customer may object to profiling at any time or disable the storage of cookies in their browser by setting their browser accordingly.


    12.1 Cookies are small text files that are stored on the Customer's computer or device by the browser when visiting the website. Cookies help make the web service easier and more convenient to use. With the help of cookies, it is possible to analyze the usability of the website and offer the Customer a better service that corresponds to his / her preference. Mogo will ask the Customer for consent to the use of cookies that are not essential for the use or operation of the website.

    12.2 Cookies used on the Mogo website. There are different types of cookies and they are generally classified according to their installation time (temporary or session cookies and permanent cookies) and affiliation (author's or first party's cookies and third party's cookies). Mogo uses Google Analytics services to collect the following cookies on the website:

    12.2.1 First party cookies - cookies from the Mogo website. They are used to store the information that can be reused next time the Customer visits the website.

    12.2.2 Third party cookies - come from the advertisements on other websites located on the website visited by the Customer.

    12.2.3 Temporary or session cookies - cookies that the computer deletes after closing the browser. Temporary cookies are used to provide the Customer with a more convenient way to use the browser.

    12.2.4 Persistent cookies - are cookies that are stored on the Customer’s computer even after closing the browser and to which they have access and which can be used by the owners of specific cookies.

    •    Internet Explorer:

    •    Chrome:

    •    Firefox:

    •    Opera:

    •    Safari:

    12.3 Blocking and deleting of the cookies. Customer can block or delete stored cookies or withdraw consent to save cookies on their computer or device. Depending on your browser, here are some tips on how to configure the most common browsers for cookies and security settings:

    • Internet Explorer:

    • Chrome:

    • Firefox:

    • Opera:

    • Safari:


    Taking into account the developments in the field of personal data protection and the potential changes and innovations related to the best practices related to the technologies ensuring a high level of personal data protection, Mogo OÜ reserves the right to make changes in this Privacy Policy.

    This Privacy Policy has been approved as of March 2020.

Go to product form