As a personal data controller, we are committed to protecting our users' privacy. Keeping the information you share with us secure and ensuring your understanding of how we collect, use and maintain your personal information is important to us at Kredium. Therefore, we treat your personal data in line with the applicable data protection laws and highest international standards of personal data protection. We also continually assess new technology for protecting information and, when appropriate, we upgrade our information security systems accordingly.
“Personal Data” or “Personal Identifiable Information” (PII) means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Sensitive Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, data concerning health, sex life or sexual orientation.
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, access, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Data Subject” means an identified or identifiable natural person to which the Personal Data pertain (Data Subjects)
“Data Controller” means the entity which, alone or jointly with others, determines the purposes of the Processing of Personal Data;
“Data Processor” means the entity which processes Personal Data on behalf of the Data Controller;
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not
“Data Security Measures” means technical and organizational measures that are aimed at ensuring a level of security of Personal Data that is appropriate to the risk of the Processing, including protecting Personal Data against accidental or unlawful loss, misuse, unauthorized access, disclosure, alteration, destruction, and all other forms of unlawful data Processing, including measures to ensure the confidentiality of Personal Data;
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
We are Kredium, a corporation organized and existing under the laws of the State of Delaware, registered at 3500 S DuPont Hwy, Dover DE, 19901 under the file number 6018194, with its principal office located at 902 Broadway, Floor 6, New York, NY 10010 (“Kredium” or “Company”).
The Company has appointed its Data Protection Officer (DPO) whom you may contact for all the inquiries related to personal data processing, as well as forexercising your privacy rights. You may contact our DPO by one of the following means:
In order to provide our services, we collect and process the following types of data:
a) Directly from clients:
i. Usage Data
ii. Location Data
We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, to improve and customize our Service. You can enable or disable location services when you use our Service at any time, through your device settings.
iii. Tracking & Cookies Data
iv. Job application data
We may process your information like your contact details, your CV and your cover letter ("job application data"). Depending on the personal data you provide to us, the job application data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details.
The application data may be processed for the following purposes: to assess your skills, qualifications, and suitability for the role, to communicate with you about the recruitment process, and to keep records related to our hiring processes.
The legal basis for processing Job application data is your consent. We may retain personal data from your CV for as long as it is necessary for our recruitment process but not longer than one year. You may withdraw your consent at any time via firstname.lastname@example.org.
v. Other Data
We may process any of your personal data identified in this Policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings, or in an administrative or out-of-court procedure. The legal basis for processing this data is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may process any of your personal data identified in this Policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for processing this data is our legitimate interests, namely the proper protection of our business against risks.
In addition to the specific purposes for which we may process your personal data set out in this section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Please do not supply any other person's personal data to us, unless we ask you to do so.
Kredium may process your personal data for one of the following purposes, based on the specific legal basis:
Subject to the following paragraph, and as already mentioned above, we may use your Personal Data for marketing purposes, in particular to display to you or present you with advertisements and promotional materials, or to provide you information about our new products and other such information which we believe may be of interest to you, based on your use of and your interests in our Services, always provided that such use complies with applicable law.
Depending on the jurisdiction you reside in and in accordance with applicable law in your country, we will ask you to expressly consent to receiving marketing material or product information before we send you any marketing or promotional material.
The Company has the right to disclose personal data and documentation related to a client, as well as data related to concluded Contracts with a client, to third parties, as follows:
The Company will never share your personal information with any third party that intends to use it for direct marketing, unless we have previously notified you and you have given us explicit consent to do so.
Your Personal Data will be processed by Kredium that is located in Delaware, United States. In addition, when we share your Personal Data with other entities for purposes of providing you services, (as described in the section above on Sharing of Your Personal Data with Third Parties), such companies may be located outside the United States.
Before transferring your Personal Data outside the United States, we will take steps to ensure that such data will be afforded the same level of protection as under applicable data protection laws in the United States. For data transfers outside of these territories, the Company uses applicable safeguards, including the standard contractual clauses adopted by the European Commission, where appropriate, and will make available a copy to you upon request.
Your Personal Data will be retained only for so long as reasonably necessary for the purposes set out above, in accordance with applicable laws, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. If a deletion of your Personal Data would only be possible with unreasonable efforts, we will anonymise it instead of deletion. We will not collect Personal Data about you that is not necessary for the purposes it is collected for.
All processing of personal data presented in this document refers exclusively to persons aged at least 18 years. The use of the system, as well as the results of processing, is prohibited for children under this age without the consent of their parents / guardians. In the event that, despite our reasonable efforts to prevent this, such processing occurs, we will discontinue it after noticing the fact that the users are younger than the stated age.
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
The personal data referred to herein may be subject to automated decision making, including profiling. Based on the data you provide to Kredium and upon your consent, your profile will be provided to a Lender. The purpose of this type of processing is to provide you with the most suitable loan offer, based on your consent for data processing. In this case, the Data Subject has the right to challenge the decision made in the automated decision-making process, explained in section XII of this Policy.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Within the context of processing of your personal data, you have the following rights:
a. The right to access your data
The right of access implies that the Data Subject may obtain from the Company information on whether his or her personal data are being processed and, if so, permission to access his or her personal data and obtain information on the processing. Upon request, the Company will provide a copy of the personal data it processes. For additional requests, the Company may charge a reasonable fee for administrative costs. If the request is submitted electronically and unless otherwise requested, the Company will submit the information in electronic form.
b. The right to request the rectification or erasure of personal data
At the request of the Data Subject, the Company will correct the personal data that are inaccurate or supplement the incomplete data. At the request of the Data Subject, the Company will delete his/her personal data if the conditions prescribed by the Law are met (e.g., if the purpose for which they were collected was met, if the consent for processing was withdrawn and there is no legal basis for processing). The Company may not delete personal data: if the obligation to process them is prescribed by law or the processing is mandatory for reasons of public interest protection (e.g., acting on behalf of a state body) or is necessary to protect the Company's interests such as initiating, filing or defending a legal request (e.g., filing a lawsuit, etc.).
c. The right to request the restriction of processing
At the request of the Data Subject, the Company will restrict the processing of his/her personal data in cases prescribed by law.
d. The right to data portability
At the request of the Data Subject, the Company shall provide personal data in a structured, commonly used, and machine-readable form (e.g., on a computer) and allow it to be transmitted to another controller without interference by the Company if the following conditions are met: (a) processing is based on consent or is necessary for the execution of the contract and (b) processing is performed automatically. This right includes the possibility to require the Company to transfer personal data directly to another controller if technically feasible.
e. The right to withdraw your consent for processing
You have the right to revoke your consent for processing of personal data at any time, however, please note that the revocation of consent does not affect the admissibility of processing on the basis of consent prior to your revocation.
You can revoke your consent by submitting a request to revoke the consent via the Company's email, by sending a letter to the address of the Company's registered office or by submitting the letter directly to the Company's premises with the reference "for Personal Data Protection Officer".
If you revoke your consent for processing of personal data that are necessary for the performance of our services, we will not be able to provide you with the desired service.
f. The right to object to the data processing
At any time, the Data Subject may file an objection to the processing of personal data based on a legitimate interest or which is necessary for the purpose of performing activities in the public interest or exercising the statutory powers of the Company. Upon filing an objection, the Company will suspend further processing of such data, unless there is a legal basis for processing that overrides the interests or freedoms of Data Subjects, or if the processing is performed for the purpose of initiating, filing or defending a legal claim (e.g., filing a lawsuit or counterclaims, etc).
g. The right not to be subject to a decision based solely on automated processing,
Within the business relationship between the Company and the Data Subject, and in order to exercise the rights and obligations arising from it, the Company may process client’s data in whole or in part in an automated manner, in order to offer and provide services that meet the specific needs of the Data Subject, as well as in order to improve the Company's business relationship with clients.
If he/she considers that his/her rights have been violated by a decision made in an automated decision-making process, the Data Subject has the right to challenge such a decision, express his/her position and request that the decision be reviewed with the participation of an authorized employee of the Company.
h. The right to file a complaint with the Data Protection Authority(the Commissioner for Free Access to Information of Public Importance and Personal Data Protection) and the right to address to the competent courts of law.
The data subject has the right to file a complaint with the competent Data Protection Authority or similar body handling data protection complaints if he/she considers that the processing of his/her personal data is carried out contrary to the provisions of the Law or other applicable regulations. Also, Data Subjects can address the courts in order to exercise their data protection rights.
However, before addressing these institutions, we encourage you to contact us and send a written request, dated and signed in printed format, to the following mailing address: 902 Broadway, Floor 6, New York, NY 10010, or via email to our Data Protection Officer at email@example.com, or by submitting the letter directly at the premises of the Company with the reference "For the Data Protection Officer."
The exercise of these rights is possible at any time.
Likewise, in case you want to withdraw your consent given for direct marketing purposes, you may use the “withdrawal” option offered in every marketing communication.
Providing your personal information allows us to perform the service for which you hired us. However, if you refuse to provide us with any requested information - we will not be able to perform the service for which you hired us, nor will we establish a contractual relationship with you, i.e. we will have to terminate the already established contractual relationship.
Any questions regarding this document can be addressed to the Company’s Data
Protection Officer, via the following contact information: firstname.lastname@example.org.
Updated on 23/12/2021