Request Finance (hereinafter "Request", “we”, or “Request Finance”) is the one who collects and processes Your Data.
Request reserves the right to modify this policy at any time and without prior notice, in particular in order to meet all its operational, legal, and regulatory constraints. Please check this page regularly to stay up-to-date on the latest version.
This policy does not govern the processing of personal data carried out on Your behalf, as a data controller, by Request Finance, as a data processor. To learn more about it, please refer to the DPA attached to our Terms & Conditions.
“Data controller” means the person collecting and processing the Data. The Data controller is Request Finance.
“Data processor” means a natural or legal person, public authority, agency, or other body which processes personal Data on behalf of the Data controller.
“Data” means all information, facts, and statistics collected together.
“Personal Data” means any information that directly, indirectly, or in connection with other information allows for the identification or identifiability of a natural person.
“You” or “Your” means You as a natural person or professional and the company, organization, and/or entity electronically accessing our Services.
“Website” means all the Request Websites (including their subdomains), apps and Services.
“Device” means Your computer, mobile, or any Device You use to access our Website.
“DPO” means Data protection officer.
To sum up the previous table, Request uses Your Data for the following purposes:
- To conclude and manage our contracts,
- To provide our services,
- To manage client files,
- To manage prospect files,
- To create statistics,
- To carry out satisfaction surveys,
- To manage complaints, customer support and disputes,
- To personalize, maintain and improve our Services and features,
- To improve the security of our Services,
- To make research & development and train our teams,
- To comply with our regulatory obligations and in particular the fight against fraud, money laundering and the financing of terrorism,
- To manage requests to exercise rights under regulations applicable to the processing of personal Data.
Request does not sell or share Your personal information with third parties for direct marketing purposes.
- Authenticate Users,
- Remember User preferences and settings,
- Establish the popularity of the content,
- Deliver and measure the effectiveness of advertising campaigns,
- Analyze site traffic and trends, and generally understand the online behaviors and interests of people who interact with our Services.
To operate its Services, Request may share Your Data with its service providers and business partners, who are expressly bound not to disclose or use them to any other end. This may concern, for example:
- payment institutions or electronic money institutions;
- cloud storage providers;
- marketing partners and marketing platform providers;
- data analytics providers;
- consultants, lawyers, accountants, and other professional services providers.
Request may release Your Data if a law, regulation, operating agreement, legal process, or government request requires it.
This involves the communication of Your Data to the authorities or governmental institutions to protect the rights of Request, or the rights, safety, or property of third parties, or in the event of a claim or dispute relating to Your use of our Services.
If Request sells, merges, or transfers any part of its business, it may be required to share Your Data. If so, You will be asked if You'd like to stop receiving promotional information following any change of control.
Other than as stated above, Request will provide You with prior notice and the opportunity to choose when Your Data may be shared with other third parties.
Your Data are stored in Belgium and Netherlands, but we might have to transfer them to countries outside the European Economic Area to provide You with our services.
We only share Your Data with companies and partners established in a country recognized as offering an adequate level of protection, or with which we have signed standard contractual clauses, or that commit to applying a code of conduct or a certification mechanism validated by the competent authorities.
Please, refer to the previous table.
- Financial Data (e.g., payments, refunds, etc.) are kept for the duration required by applicable tax and accounting laws;
- For legal reasons, the content created when You use our Services (such as invoicing, payments, etc.) remains visible by the payer or beneficiary;
- For technical reasons, everything that is stored on the blockchain remains unalterable.
- If Your account has been suspended or blocked, Your Data may be retained to avoid any circumvention on Your part of the rules in force on our platforms and to prevent fraud and improve security. For example, if Request archives a user's account because he behaves dangerously, Request may keep specific Data about this account in order to prevent this user from opening another one later.
- In terms of litigation management:
- The Data processed to manage a pre-litigation will be deleted as soon as the dispute is settled amicably or, failing that, as soon as the corresponding legal action expires
- The Data processed to manage a dispute will be deleted when appeals are no longer possible against the decision rendered to have it executed,
- At the end of these periods, the Data is securely deleted or archived in accordance with applicable law.
- Decisions rendered may be retained by Request as a definitive archive due to historical interest.
- In terms of managing requests to exercise the rights granted to Personal Data:
- The Data processed are kept for the duration of the examination of Your request, then archived in accordance with the limitation periods in force (5 years);
- Data relating to identity documents will be kept for one (1) year in compliance with the applicable legal deadlines;
- In the event of opposition, the Data will be kept for a minimum period of three (3) years to guarantee the effectiveness of Your right of opposition.
Depending on Your location and subject to applicable law, You may have the following rights described here with regard to the Data we control about You:
- The right to request confirmation of whether Request processes Personal Data relating to You, and if so, to request a copy of that Personal Data;
- The right to request that Request rectifies or updates Your Personal Data that is inaccurate, incomplete or outdated;
- The right to request that Request erases Your Personal Data in certain circumstances provided by law;
- The right to request that Request restricts the use of Your Personal Data in certain circumstances;
- The right to request that Request exports Your Personal Data that we hold to another company, where technically feasible;
- Where the processing of Your Personal Data is based on Your previously given consent, You have the right to withdraw Your consent at any time; and/or
- Where Request processes Your Personal Data based on our legitimate interests, You may also have the right to object to the processing.
To exercise these rights, You can send an e-mail to the address [email protected]. All requests must specify, in the subject line, the reason for the request (exercise of the right of access, opposition, etc.), the address to which the response must be sent, and the company concerned by the request.
To exercise Your rights, You must prove Your identity by any means. Where Request has reasonable doubts about Your identity, You may be asked to provide additional information necessary to confirm Your identity.
Request will send You its response within a maximum period of one (1) month from the date of receipt of Your request. However, this period may be extended by two (2) months due to the complexity and number of requests.
Finally, You can contact the competent supervisory authority for Data protection in Your region. For example, the CNIL for France: www.cnil.fr.
To summarize the previous table, Request processes Data under the following legal basis:
- execution of a contract. For the most part, the Data that Request collects are those that are necessary for the execution of the contract and our Services concluded between You and Request;
- legal obligations. Certain Data must necessarily be collected by Request in order to comply with our legal obligations;
- Your consent. Request will be able to process certain Data after obtaining Your consent, for example, for prospecting operations. Mandatory Data are marked with an asterisk;
- our legitimate interest. Finally, some Data collected are necessary for the legitimate purposes that Request pursues, in particular and without limitation, the management of the Services, the research, the development and the improvement of our Services (in particular via surveys), personalization of Your customer experience, fraud prevention, network security.
Request implements all technical and organizational measures it deems necessary to safeguard Your Data at an appropriate level of security, including:
- An awareness program and employee training,
- Encryption during exchanges and storage,
- Regular audits of Data hosting companies,
- Data redundancy for more resilience in the event of a catastrophe,
- Role-based authentication,
- Two-factor authentication for our authorised contributors,
- Continuous monitoring of the system,
- Security assessments in line with industry standards,
- Bug bounty program,
- Security tests and intrusion tests by independent third parties,
- Administrative access to our servers is limited to certain people duly identified with our hosting provider.
To assess the appropriate security level, Request takes into account, among other things, the nature of the Data and the risks its processing presents. Although we strive to ensure optimal Data protection, we would remind You that transmitting information on the Internet is not entirely secure.
To help us protect Your Data, Request encourages You to use a strong password and never share it with anyone or use the same password with other sites or accounts. If You have reason to believe that Your interaction with our Services is no longer secure (e.g., You feel that the security of Your account has been compromised), please contact Request at [email protected] immediately.