Credix collects personal data when you use the Platform, register as a user, contact us and enter into an agreement with us. Personal data is any information that relates to you or any identified or identifiable individual and that identifies you or that individual either directly from that information, or indirectly, by reference to other information that we have access to.
Credix is committed to respecting and protecting the privacy of the individuals on whom it holds information. All your personal data will be processed in accordance with applicable data protection laws, including the European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation or GDPR), as amended from time to time, if and to the extent applicable.
When you use the Platform, we collect the following categories of personal data:
identification data such as user account information (if any), name, e-mail address; technical data such as your IP address, your operating system, your browser type; behavioural data such as the manner in which you use the Platform and how you interact with the Platform; financial data such as amount of USDC deposited in the protocol, amount of LP and underwriter tokens received.
When you register for a user account, we collect the following categories of personal data:
contact information such as e-mail address, name, surname, telephone number and address; biographical information such as employer and job title; communication preferences such as preferred language; technical data such as your IP address, your wallet address and your operating system
When you contact us to inform us of any queries you may have, we collect the following categories of personal data:
identification and contact information such as your user account (if any), e-mail address or telephone number; the content of your correspondence with us.
When you register for our newsletter, we collect the following categories of personal data:
identification data and contact information such as your user account (if any), e-mail address and telephone number; behavioural data such as links opened, click-throughs; communication preferences.
We collect your personal data for the following purposes:
a) to allow you to access and use the Platform;
b) to set up and maintain your user account and your access to your account;
c) to communicate with you and provide you with appropriate support;
e) for fraud and money laundering prevention and detection and to comply with applicable laws and regulations;
f) to match borrowers on the Platform to the underwriters and liquidity providers, on behalf of whom of an investment is effectuated, and in order to ensure that such underwriter or liquidity provider is entitled to effectuate that investment.
We are committed to safeguarding and protecting your personal data and using it lawfully, fairly and in a transparent manner, in compliance with the applicable data protection laws, and we will only collect and process your personal data for the specified and explicit purposes listed above.
We are allowed to process your personal data if a legally permitted reason applies. These include the following:
a) Performance of the agreement: we are allowed to process your personal data to communicate with you before entering into our business relationship, to deliver our services and to fulfil a contract with you. For instance, we need your contact details in order to create a user account.
b) Legitimate interest: we are allowed to process your personal data when it is in our legitimate interest to do so. For instance, we collect your behavioural data to improve our services and the Platform, and we can collect and share your personal data as part of a due diligence in which Credix is involved.
c) Consent: we are allowed process your personal data when we obtain your express consent. For instance, when you register for a newsletter or when you agree to the use of specific cookies.
d) Legal obligation: we are allowed to process your personal data to comply with our legal and regulatory obligations, such as anti-money laundering, fraud and crime prevention.
We are allowed to retain your personal data when necessary for internal analytical purposes, or to provide you with services that you have requested, comply with our legal obligations, resolve disputes or enforce agreements (for instance, settlements). The criteria used to determine the retention period include:
how long the personal data is needed to provide the services and operate the business; the type of personal data collected; and whether we are subject to a legal, contractual or similar obligation to retain the data (for instance, mandatory retention laws, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes).
Your rights are the following:
a) Right to information and access
You are always entitled to know what personal data we hold about you and how, where and for how long your personal data are processed. Therefore, you have the right to request information regarding the personal data that we process and hold concerning you and to access such personal data. Upon your request, we will provide you with information and/or access to the personal data that is being processed and the source of such personal data.
Please note that we may request you to provide satisfactory proof of your identity before complying with your request for information or access.
b) Right of rectification and right of erasure
You have the right to require us, free of charge, to rectify any inaccurate or incorrect personal data concerning you. In certain circumstances, you also have the right to require us, free of charge, to erase your personal data, without undue delay.
c) Right to object to data processing
You always have the right to object to the processing of your personal data on grounds relating to your particular situation. If you object, we will no longer process your personal data, unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
In case we process your personal data for direct marketing purposes (for instance, our newsletter) and you do not wish to receive advertising, you have the right to object to this at any time. If we receive such objection from you, we will stop processing your data for direct marketing purposes.
d) Right to withdraw your consent
You always have the right to withdraw the consent that you have given us to process your personal data. Please note that if you withdraw your consent, this does not make the data processing carried out by us prior to the receipt of your request unlawful.
e) Right to restriction
You have the right to restrict our use of your personal data where: (i) you contest the accuracy of the personal data; (ii) the processing is unlawful and you request us to restrict our use of your personal data rather than to erase it; (iii) we no longer need the personal data for the original purpose of the processing but you require them for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing and an assessment is made of whether our legitimate grounds can outweigh yours.
f) Right to data portability
Within the limits set out in the applicable data protection laws, you may request the portability of your personal data i.e., obtain that the personal data you have provided to us are returned to you or transferred to someone else of your choice, in a structured, commonly used and machine-readable format.
g) Right to lodge a complaint with the competent authority
Disclosures to third parties
We may share personal data with third party cloud providers and service providers who help us to provide, understand, commercialize and improve the Platform and our services. We do not authorize these third party service providers to use or disclose your personal data unless this is strictly necessary to perform any services under our supervision or to comply with applicable laws. We seek to provide such third party service providers only with the personal data they need to perform their specific function.
We put in place contractual (including data protection, confidentiality and security provisions) and other organizational safeguards with third party service providers who have access to your personal data to ensure an adequate level of protection of your personal data.
Transfers to non-EU countries
If a recipient of your personal data is located in a non-EEA country and this country is not recognized by the European Commission as offering an adequate level of data protection, we will put in place appropriate safeguards to protect your personal data in accordance with the applicable data protection laws, including the GDPR, such as the Standard Contractual Clauses adopted by the European Commission, if necessary with additional measures (if and to the extent applicable).