The Credix platform and the Credix website (www.credix.finance) (together referred to as the Platform) is operated and managed by Credix Finance bv, a private limited company incorporated, organized and existing under the laws of Belgium, with its registered office at Riemstraat 35 box 101, 2000 Antwerp, Belgium, and registered with the Crossroads Bank for Enterprises (‘Kruispuntbank van Ondernemingen’) under enterprise number 0777.287.031. Credix Finance bv controls the collection and processing of any personal data that you provide to us in relation to the Credix Platform. Where services are provided to you by any affiliate of Credix Finance bv, the entity providing the service will be responsible for the processing of your personal data. This privacy policy applies to all such entities. Credix Finance bv and any such entities are jointly is referred to in this privacy policy as “Credix”, “we” or “us”.

Credix collects personal data when you use the Platform, register as a user, contact us and enter into an agreement with us. Personal data is any information that relates to you or any identified or identifiable individual and that identifies you or that individual either directly from that information, or indirectly, by reference to other information that we have access to.

Credix is committed to respecting and protecting the privacy of the individuals on whom it holds information. All your personal data will be processed in accordance with applicable data protection laws, including the European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation or GDPR), as amended from time to time, if and to the extent applicable.

This privacy policy describes the personal data that we collect from you, the purposes of our processing of your personal data, the legal basis for our processing of your personal data, whether any third parties may access your personal data, the retention period applicable in respect of your personal data, and your rights regarding your personal data. This privacy policy applies to the relationship between you and Credix, together with the relevant provision of the Cookie Policy.

Contact Details

If you have any question regarding this privacy policy or our processing of your personal data, or if you want to exercise your rights with regard to your personal data, you may contact us at:

Credix Finance bv Riemstraat 35, box 101, 2000 Antwerp, Belgium [email protected]

Collected Personal Data

When you use the Platform, we collect the following categories of personal data:

identification data such as user account information (if any), name, e-mail address; technical data such as your IP address, your operating system, your browser type; behavioural data such as the manner in which you use the Platform and how you interact with the Platform; financial data such as amount of USDC deposited in the protocol, amount of LP and underwriter tokens received.

When you register for a user account, we collect the following categories of personal data:

contact information such as e-mail address, name, surname, telephone number and address; biographical information such as employer and job title; communication preferences such as preferred language; technical data such as your IP address, your wallet address and your operating system

When you contact us to inform us of any queries you may have, we collect the following categories of personal data:

identification and contact information such as your user account (if any), e-mail address or telephone number; the content of your correspondence with us.

When you register for our newsletter, we collect the following categories of personal data:

identification data and contact information such as your user account (if any), e-mail address and telephone number; behavioural data such as links opened, click-throughs; communication preferences.

Purposes of Processing

We collect your personal data for the following purposes:

a) to allow you to access and use the Platform;

b) to set up and maintain your user account and your access to your account;

c) to communicate with you and provide you with appropriate support;

d) to improve, effectively present and personalize our services by using the analytical services of third parties, to evaluate your use of the website, create reports on the activity, collect demographic data, analyze performance data, and collect other data on our website and internet usage. These third parties use cookies and other technology to help analyze the data and to provide data to us. Please consult our Cookie Policy for more information;

e) for fraud and money laundering prevention and detection and to comply with applicable laws and regulations;

f) to match borrowers on the Platform to the underwriters and liquidity providers, on behalf of whom of an investment is effectuated, and in order to ensure that such underwriter or liquidity provider is entitled to effectuate that investment.

We are committed to safeguarding and protecting your personal data and using it lawfully, fairly and in a transparent manner, in compliance with the applicable data protection laws, and we will only collect and process your personal data for the specified and explicit purposes listed above.

Legal Basis

We are allowed to process your personal data if a legally permitted reason applies. These include the following:

a) Performance of the agreement: we are allowed to process your personal data to communicate with you before entering into our business relationship, to deliver our services and to fulfil a contract with you. For instance, we need your contact details in order to create a user account.

b) Legitimate interest: we are allowed to process your personal data when it is in our legitimate interest to do so. For instance, we collect your behavioural data to improve our services and the Platform, and we can collect and share your personal data as part of a due diligence in which Credix is involved.

c) Consent: we are allowed process your personal data when we obtain your express consent. For instance, when you register for a newsletter or when you agree to the use of specific cookies.

d) Legal obligation: we are allowed to process your personal data to comply with our legal and regulatory obligations, such as anti-money laundering, fraud and crime prevention.

Retention and Deletion

We are allowed to retain your personal data when necessary for internal analytical purposes, or to provide you with services that you have requested, comply with our legal obligations, resolve disputes or enforce agreements (for instance, settlements). The criteria used to determine the retention period include:

how long the personal data is needed to provide the services and operate the business; the type of personal data collected; and whether we are subject to a legal, contractual or similar obligation to retain the data (for instance, mandatory retention laws, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes).

If you would like to obtain more information about applicable retention policies, please contact us via the contact details set out in Section 1 of this privacy policy.

Data Subject Rights

Under the applicable data protection laws, you are entitled to exercise certain rights related to how we use and retain your personal data. You can exercise your rights by contacting us via the contact details set out in Section 1 of this privacy policy.

Your rights are the following:

a) Right to information and access

You are always entitled to know what personal data we hold about you and how, where and for how long your personal data are processed. Therefore, you have the right to request information regarding the personal data that we process and hold concerning you and to access such personal data. Upon your request, we will provide you with information and/or access to the personal data that is being processed and the source of such personal data.

Please note that we may request you to provide satisfactory proof of your identity before complying with your request for information or access.

b) Right of rectification and right of erasure

You have the right to require us, free of charge, to rectify any inaccurate or incorrect personal data concerning you. In certain circumstances, you also have the right to require us, free of charge, to erase your personal data, without undue delay.

c) Right to object to data processing

You always have the right to object to the processing of your personal data on grounds relating to your particular situation. If you object, we will no longer process your personal data, unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

In case we process your personal data for direct marketing purposes (for instance, our newsletter) and you do not wish to receive advertising, you have the right to object to this at any time. If we receive such objection from you, we will stop processing your data for direct marketing purposes.

d) Right to withdraw your consent

You always have the right to withdraw the consent that you have given us to process your personal data. Please note that if you withdraw your consent, this does not make the data processing carried out by us prior to the receipt of your request unlawful.

e) Right to restriction

You have the right to restrict our use of your personal data where: (i) you contest the accuracy of the personal data; (ii) the processing is unlawful and you request us to restrict our use of your personal data rather than to erase it; (iii) we no longer need the personal data for the original purpose of the processing but you require them for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing and an assessment is made of whether our legitimate grounds can outweigh yours.

f) Right to data portability

Within the limits set out in the applicable data protection laws, you may request the portability of your personal data i.e., obtain that the personal data you have provided to us are returned to you or transferred to someone else of your choice, in a structured, commonly used and machine-readable format.

g) Right to lodge a complaint with the competent authority

If you are not satisfied with the way we process your personal data, please contact us via the contact details provided in Section 1 of this privacy policy so we can investigate your concern. You also have the right to lodge a complaint with a supervisory authority. In Belgium, the supervisory authority is the Gegevensbeschermingsautoriteit (address: Drukpersstraat 35, 1000 Brussel, Belgium; website: www.gegevensbeschermingsautoriteit.be/burger).

Disclosures to Third Parties and Transfers to Non-EU Countries

Disclosures to third parties

Credix will not sell or otherwise disclose your personal data to third parties without obtaining your prior explicit consent, unless otherwise set out in this privacy policy, i.e., if necessary for the relevant purpose set out in this privacy policy or if we are required to do so by law.

We may share personal data with third party cloud providers and service providers who help us to provide, understand, commercialize and improve the Platform and our services. We do not authorize these third party service providers to use or disclose your personal data unless this is strictly necessary to perform any services under our supervision or to comply with applicable laws. We seek to provide such third party service providers only with the personal data they need to perform their specific function.

We put in place contractual (including data protection, confidentiality and security provisions) and other organizational safeguards with third party service providers who have access to your personal data to ensure an adequate level of protection of your personal data.

At the date of this privacy policy, we use the following third party providers:

Google Analytics

Transfers to non-EU countries

If a recipient of your personal data is located in a non-EEA country and this country is not recognized by the European Commission as offering an adequate level of data protection, we will put in place appropriate safeguards to protect your personal data in accordance with the applicable data protection laws, including the GDPR, such as the Standard Contractual Clauses adopted by the European Commission, if necessary with additional measures (if and to the extent applicable).

Changes to This Privacy Policy

We reserve the right to change this privacy policy at any time and from time to time in order to reflect changes in the services provided on the Platform and/or changes in the applicable laws. If we decide to change this privacy policy in the future, we will post an appropriate notice at the top of this privacy policy and give you reasonable advance notice through the Platform. Any non-material change (for instance, clarifications) to this privacy policy will become effective on the date the change is posted on the Platform and any material changes will become effective once you accept the amended privacy policy by clicking the ‘accept’ button incorporated in the notice on the Platform. The date at which this privacy policy was last revised appears at the top of this document.