Privacy Policy
How Credizen protects your personal data and respects your privacy
Last Updated: January 15, 2025 | Effective Date: January 1, 2025
1. Introduction
Credizen ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our loan comparison platform across Romania, Colombia, Mexico, Poland, South Africa, Vietnam, and Kazakhstan.
We comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), Romania's Law 190/2018, South Africa's POPIA, and other local privacy regulations in the countries we operate.
2. Information We Collect
2.1 Personal Information You Provide
When you use our loan comparison service, we collect:
- Identity Data: Full name, date of birth, citizenship, ID/passport number
- Contact Data: Email address, phone number, residential address
- Financial Data: Loan amount requested, loan purpose, monthly income, employment status, existing debts
- Loan Preferences: Repayment term, preferred lender type, urgency level
2.2 Automatically Collected Information
- Technical Data: IP address, browser type, device information, operating system
- Usage Data: Pages visited, time spent, click behavior, search queries
- Location Data: Country, city, and region (based on IP address)
- Cookies: See our Cookie Policy for details
2.3 Data from Third Parties
We may receive information from credit bureaus (with your consent), lender partners, fraud prevention services, and analytics providers to enhance our matching algorithm and protect against fraud.
3. How We Use Your Information
We process your personal data for the following purposes:
3.1 Loan Matching Service (Legal Basis: Contract & Consent)
- Match you with suitable lenders based on your profile
- Send your loan application to selected lenders
- Facilitate communication between you and lenders
- Track application status and outcomes
3.2 Platform Improvement (Legal Basis: Legitimate Interest)
- Enhance our AI matching algorithm
- Analyze user behavior to improve UX
- Conduct market research and trend analysis
- Test new features and services
3.3 Security & Fraud Prevention (Legal Basis: Legitimate Interest & Legal Obligation)
- Detect and prevent fraudulent applications
- Verify user identity to prevent identity theft
- Comply with anti-money laundering (AML) regulations
- Monitor for suspicious activity
3.4 Marketing Communications (Legal Basis: Consent)
- Send personalized loan offers via email/SMS (opt-in only)
- Notify you about new lenders and rates
- Share financial tips and educational content
- Conduct customer satisfaction surveys
Note: You can opt out of marketing communications at any time by clicking "unsubscribe" in our emails or contacting us directly.
4. How We Share Your Information
We never sell your personal data. We only share information in the following circumstances:
4.1 Lender Partners (With Your Consent)
When you submit a loan request, we share your application details with lenders you've selected. Each lender has its own privacy policy governing how they use your data.
4.2 Service Providers (Processors)
We work with trusted third-party vendors who process data on our behalf:
- Cloud Hosting: Microsoft Azure (servers in EU & local regions)
- Email Service: SendGrid (transactional emails)
- Analytics: Google Analytics (anonymized IP tracking)
- Fraud Prevention: Sift Science (fraud detection)
- Customer Support: Zendesk (support tickets)
All processors are bound by strict data processing agreements (DPAs) compliant with GDPR Article 28.
4.3 Legal Obligations
We may disclose your data if required by law, court order, or to comply with regulatory investigations (e.g., National Bank of Romania, South Africa's NCR, Mexico's CNBV).
4.4 Business Transfers
If Credizen is acquired or merges with another company, your data may be transferred to the new entity. You will be notified of any such change.
5. International Data Transfers
Credizen operates across 7 countries. Your data may be transferred and processed in:
- EU (Romania, Poland): Data stored on Azure EU-West servers
- Non-EU Countries: Colombia, Mexico, South Africa, Vietnam, Kazakhstan
For transfers outside the EU, we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate data protection safeguards.
6. Data Retention
We retain your personal data only as long as necessary for the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Loan application data | 7 years (regulatory requirement) |
| Marketing consent records | Until consent is withdrawn + 1 year |
| Website analytics (anonymized) | 26 months (Google Analytics default) |
| Support tickets | 3 years after case closure |
| Inactive accounts | Deleted after 5 years of inactivity |
7. Your Privacy Rights
Under GDPR and local data protection laws, you have the following rights:
? Right to Access
Request a copy of all personal data we hold about you (free of charge, once per year).
?? Right to Rectification
Correct inaccurate or incomplete personal information.
??? Right to Erasure
Request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
?? Right to Restriction
Limit how we process your data while we investigate a complaint.
?? Right to Data Portability
Receive your data in a machine-readable format (CSV/JSON) to transfer to another service.
?? Right to Object
Opt out of direct marketing or processing based on legitimate interest.
How to Exercise Your Rights: Email us at privacy@credizen.net with "GDPR Request" in the subject line. We will respond within 30 days (or 60 days for complex requests).
8. Data Security
We implement industry-standard security measures to protect your data:
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Access Controls: Role-based access, multi-factor authentication for staff
- Regular Audits: Annual penetration testing by third-party security firms
- Incident Response: 72-hour breach notification protocol (GDPR Article 33)
- Staff Training: Mandatory data protection training for all employees
Note: No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. Please use strong passwords and never share your account credentials.
9. Children's Privacy
Credizen is not intended for individuals under 18 years old (or local age of majority). We do not knowingly collect data from minors. If you believe we have inadvertently collected data from a child, contact us immediately at privacy@credizen.net.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email (if you're a registered user) or by posting a prominent notice on our website. Continued use of our services after such changes constitutes acceptance of the updated policy.
11. Contact Us & File a Complaint
Data Controller Contact:
Company: Credizen Technologies SRL
Address: Str. Aviatorilor 10, Bucure?ti, Romania
Email: privacy@credizen.net
Data Protection Officer: Rostislav Sikora (dpo@credizen.net)
File a Complaint with Supervisory Authorities:
- Romania: ANSPDCP (www.dataprotection.ro)
- EU General: European Data Protection Board (edpb.europa.eu)
- South Africa: Information Regulator (justice.gov.za/inforeg)
This Privacy Policy is effective as of January 15, 2025. For previous versions, contact privacy@credizen.net.