Processing of personal data

Legal Agreement

“Personal data”: any information regarding a physical person that identifies it or is deemed to identify it directly or indirectly, with particular reference to information such as the name or date of birth or any other personal characteristic;
“Interested party”: the natural person to whom the personal data relate;
“Holder”: PrestaCap;
“Data Protection Officer” (DPO): is the entity that has the duty of valuing and organizing the protection of the Personal Data.

Privacy Policy

This Privacy Policy represents the legal agreement between the user (also “you”) of the PrestaCap website (also “Website”), and PrestaCap Limited (also “us” or “PrestaCap” or “we”), as the owner of the Website. This privacy policy is intended to regulate the way in which we collect, store and use the information and data provided by you to us via the Website, email or telephone.

Who we are

PrestaCap (also representing the Data Protection Officer) is the trading name of PrestaCap Limited, company number 09289254, and is authorized and regulated by the Financial Conduct Authority (license no. 664197). PrestaCap’s registered office is located at 8 Devonshire Square, London, EC2M 4PL, United Kingdom.

Access to your data

The data provided by you is secured and it is handled by the DPO or a responsible person within the DPO department.

Collecting personal data

We collect data with respect to your identity, address, and other personal details related to you or to your business. We must be able to contact you in order to verify your identity or your business and collect additional information. Other details might include the source from which you were referred to the Website and other information used for marketing purposes.

PrestaCap will use the following data, but not only, on your identity:

  • Data on your business (such as fiscal code, financial data, data related to the company or UBOs);
  • Data related to you visits on PrestaCap.com (our “Website”) (such as IP address and browser).

PrestaCap gathers the following information with the aim of:

  • Verifying your existence and the existence of your business;
  • Offering you a better service and the assistance you might need;
  • Develop and improve our internal processes;
  • Making statistical and processing analysis;
  • Marketing activities, with your consensus;
  • Sharing data with third parties, with your consensus;
  • Fulfil any obligation required by the law;
  • Processes in sharing your personal data;

Processing and sharing your personal data

Data of the customer (art. 13 of the Code on the protection of personal data; art. 5 of the code of ethics on credit information systems): in order to evaluate the granting of a loan, PrestaCap makes use of some data concerning the applicant company. This information is provided directly when registering with the PrestaCap platform (or later) or is obtained by consulting certain databases. Without these data, which are necessary to assess the reliability of the contracting company, its legal representative, the board of directors and any guarantors, financing cannot be granted. This information will be stored by PrestaCap.

Some of this information will be communicated to large databases set up to assess credit risk, managed by private individuals and available for consultation by many parties. This means that other banks or financial institutions that may be asked to provide other financing may be aware that the applicant has submitted a request for financing to PrestaCap, if the request has been accepted or rejected, if the applicant is in the process of obtaining other loans or financing and if the applicant is paying the instalments on a regular basis. In order to better assess the credit risk, some data (personal data, also of the person who may be jointly liable, type of contract, amount of credit, method of repayment) are communicated to the credit information systems, which are governed by the relevant Code of Deontology and Good Conduct (published in the Official Journal of the General Series of 23 December 2004, no. 300; available on the website www.garanteprivacy.it).

The data is also made available to the various participating banking and financial operators, the categories of which are indicated below. The data concerning the financed party are periodically updated with information acquired during the course of the relationship (payment trends, residual debt exposure, status of the relationship). These data are subject to special statistical processing in order to give a summary judgment or score on the degree of reliability and solvency (so-called credit scoring), taking into account the following main types of factors: number and characteristics of existing credit relationships, trend and history of payments of existing or terminated relationships, possible presence and characteristics of new credit requests, history of extinguished credit relationships. Some additional information may be provided if a credit application is not accepted.

The credit information systems to which we adhere are managed by the main Italian Credit Bureaus in which mainly banks and financial intermediaries participate.

The applicant has the right to access at any time the data concerning him (or the company contracting the financing) by contacting directly the operators of credit information systems. In the same way, you may request the correction, updating or integration of inaccurate or incomplete data, or the cancellation or blocking of data processed in violation of the law, or oppose their use for legitimate reasons to be highlighted in the request (art. 7 of the Code; art. 8 of the Code of Conduct).

Data retention times in credit information systems:

  • Financing requests: 6 months, if the investigation requires it, or 1 month in case of rejection of the request or withdrawal from it;
  • Delinquency of two installments or two months then remedied: 12 months from the regularization;
  • Higher delays remedied also on transaction: 24 months from regularization;
  • Negative events (i.e. arrears, serious defaults, bad debts) not remedied: 36 months from the contractual expiry date of the relationship or from the date on which the last update was necessary (in the case of subsequent agreements or other significant events in relation to reimbursement);
  • Reports that were positive (without delays or other negative events): 36 months in the presence of other reports with negative events not regularised;
  • In the remaining cases, the period will be 36 months from the date of termination or expiry of the contract, or from the first update made in the month following those dates.

Responsibility of information providers: CRIF is not liable for damages of any kind in connection with the use of data and information provided by PrestaCap. In particular, CRIF is not responsible for any decision and / or assessment made on the basis of the information received. The legal representative of the company applying for funding, or the person with the necessary powers, once completed the registration on the portal PrestaCap, authorizes PrestaCap to download and retrieve all information regarding the applicant company, the legal representative and any other guarantor in order to assess its creditworthiness through the portal CRIF. It also confirms that it is aware that the request for such information on the CRIF portal itself will be visible to authorised third party institutions.

We may share your personal information with third parties such as, but not limited to, credit rating agencies, debt collection companies (or freelancers), independent asset valuers, fraud control companies and other security controls. We will take reasonable care to ensure that such third parties are obliged to maintain the confidentiality of such information. If requested, we will share your Personal Data with the Financial Conduct Authority (FCA) or the relevant national, state and supra-national legal authorities.

We may use automated systems/processes and a process that does not require any humane processing.

We will use your Personal Data to communicate to you ordinary and extraordinary events related to you, PrestaCap, or your activities within the PrestaCap platform.

Your Personal Data will be used for the following purposes:

  • Customer profiling;
  • Information shared with third parties;
  • Technical communications and information to the person concerned.

Changes of personal data

If you become aware that any of your personal data that you have shared with us including your profile information is incorrect, inaccurate or has changed, you are responsible to make respective changes or corrections on the Website and,if this is not possible, to communicate changes or corrections promptly to us in order for us to update your information.

Cookies

We use cookies which are considered necessary for the main activities of the Website. Some of them will be cancelled when you close the Website, others might be permanent unless you delete them from your browser.

All cookies can be blocked by setting the respective preferences in your browser.

By default, your browser will accept cookies, unless you change the respective settings.

For more details we suggest to follow the guide for your browser in order to be able to delete or change the settings in relation to cookies.

Cookies can be used for:

  • Authentication;
  • Protection;
  • Analysis and research.

Some of these will be cancelled as soon as you will exit our Website, whereas others will remain unless they are cancelled from your browser. With the adherence of this Privacy Policy, you declare to accept the use of cookies and similar technologies for the aims described in this Privacy Policy.

Data Security

We undertake best efforts to take all reasonable steps and organizational measures to protect your personal data aside in cases of “force majeur” whereby we can demonstrate that the DPO or the DPO team cannot be deemed responsible. Your data will be stored within the Microsoft Azure database for a period of 5 years as stated in the Financial Conduct Authority (SYSC 9.1.2). The Microsoft Azure database is based in the EU in compliance with the European Regulation on treatement of personal data.

Communication between you and PrestaCap

For educational, security and future troubleshooting purposes, we may record or monitor your communications with PrestaCap by phone, email or mail. You acknowledge that e-mail communications are not encrypted. In emails to PrestaCap, you do not have to include your security information (e.g. your login password).

Your rights

  • You have the right to request a copy of your information in any moment and to verify their existence;
  • You have the right to request an update or correction of any Personal Data that is not correct or updated;
  • You have the right to request the cancellation of your Personal Data stored by us o by third parties (right to be forgotten), and the right to not receive any notification via mail unless it is deemed strictly necessary by PrestaCap. You have the right to advance this request at any moment. The request will be considered and fulfilled within the terms dictated by the law. In case your request could be fully authorized we will cancel the information with no further due;
  • You have the right to present a complaint in respect of the norms of transparency on the conservation of any Personal Data.

In case your Personal Data would be used for online or offline marketing, you have the right to oppose in any moment.

In case you would like to make a request based on your rights above, we ask you to communicate it to PrestaCap via phone or via email at the following address:privacyt@prestacap.com.

No Waiver

If you or us fail to exercise any right or remedy within this Privacy Policy it does not constitute a waiver (if applicable) by you or us of such right or remedy.

Register of Personal Data

In accordance with the law, we will retain your registration with PrestaCap and the recording of any events connected to you within the PrestaCap platform for a period of 5 years. The minimum retention period may be extended if required by law.

The records kept on the platform contain sufficient evidence to prove the facts or events that have occurred.