We use your personal data in various situations. For example, if you visit our website, do an application or log in to My PersonalLoan. You can read in this privacy statement which personal data we collect, use and why we do this.
- You are the owner of your personal data. It's your details, so you decide.
- We do not sell your data for commercial purposes. We are a lender and use your data for management.
- You decide to what extent we can use or share your personal data. We only share at your explicit request, unless we are legally obliged to share your personal data.
- We use your personal data to get to know you better and to see whether our products (still) suit you.
- We always manage your personal data with the greatest possible care and reliability. You always have insight or receive this on request, and can (in a number of cases) update your personal data yourself.
- PersonalLoan secures all data well and protects it at all times against theft and misuse.
When processing your personal data, we adhere to the following:
- General Data Protection Regulation (GDPR)
- General Data Protection Regulation Implementation Act
- E-privacy regulation
- Telecommunications Act
PersonalLoan is responsible as a company for keeping your details. To do this as carefully as possible, we have appointed an internal Data Protection Officer (DPO) (Ms L. Houtman). Do you have a very specific question about data protection and / or privacy that our website cannot answer? Please contact our Data Protection Officer via the customer service department (tel. 817-964-1495, freepost number 13035, 6450 VE 's-Hertogenbosch) or via [email protected] and ask for the DPO.
We like transparency and clarity. That is why we would like to tell you in a simple and clear way how and why we collect, use and protect your personal information.
2. Glossary of terms
Dutch Data Protection Authority (AP): The independent Dutch regulator appointed to supervise the processing of personal data.
AVG - General Data Protection Regulation (also known as GDPR): The European rules and guidelines for the collection, processing and storage of personal data within the European Union (US). The GDPR legislation was passed in April 2016 and took effect on May 25, 2018.
Special Personal Data: Personal details pertaining to particular characteristics, including racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, genetic details, biometric details, health or medical information, sexual orientation. Biometric personal data is also included. This includes the use of your fingerprint when you log in with your mobile phone in the My Directa.nl app. We may only use this personal data if this is provided by law, if you give your consent or if there is a legitimate interest. Otherwise not.
Abroad test: This gives us insight into the current and expired loans that an applicant has abroad.
CKI: Central Credit Information System - This shows which loans you currently have and which loans you have had in the past five years.
Cookies: A small text file that a website puts on the hard drive of your computer when you visit the site. An important function of cookies is to distinguish users from each other.
Data checker: Online verification of identity documents and creditworthiness.
Third parties: External parties who perform services and activities at the request of or on behalf of PersonalLoan, such as our business partners and suppliers.
European Economic Area: All EU countries plus Liechtenstein, Norway and Iceland.
Experian: Commercial database that stores credits, personal details and information about the payment history of consumers.
EVA: External Referral Application - database containing known and potential fraudsters.
Data Protection Officer: The person within an organization who ensures that the processing of personal data in this organization complies with the legal privacy requirements. The Data Protection Officer is registered with the Dutch Data Protection Authority.
MRZ: Machine Readable Zone - These are the two or three lines at the bottom of the passport cover page or on the back of an ID card. These are used for identity verification.
Over-lending: Loan / charges that are too high in relation to the household budget.
Personal data: details that directly or indirectly say something about you or that can be traced back to you. Consider, for example, your name, address, age and telephone number. It also includes your Citizen Service Number (BSN), the IP address of your computer and details of a transfer. A special type of personal data is the special personal data.
Tracking pixel: Electronic file (size normally 1 pixel x 1 pixel) that is placed in an email.
Processing personal data: All actions that can be done with personal data, such as collecting, recording, storing, modifying, organizing, viewing, sharing, transferring and analyzing.
FISH: Verification Information System - checking that ID cards and numbers are not registered as stolen or lost.
Legal basis for processing: There must be a (legal) basis for Personal Loan to process your personal details. These are the six (legal) bases that are laid down in the GDPR:
- Consent - the data subject has given clear consent. For example, to analyze your visit to our website in order to be able to make you personalized offers.
- Agreement - processing is necessary to be able to conclude and execute an agreement. For example, for sending the draft agreement by post or e-mail.
- Legal obligation - processing is necessary to comply with the law. For example, making a copy of your proof of identity in the context of the identification obligation.
- Vital interests - processing is necessary to protect someone's life. For example, to be able to act immediately in an acute medical situation.
- Public interest - processing is necessary to perform a task carried out in the public interest.
- Legitimate interest - processing is necessary for PersonalLoan's legitimate interests or the legitimate interests of a third party, unless there is good reason to protect the individual's details that override those legitimate interests. For example, processing details for direct marketing.
Principles 1, 2, 3 and 6 are the most important principles for the processing of your personal data by PersonalLoan.
3. The use of your personal data
When you request a product or service from PersonalLoan or contact us, you want to be helped quickly and properly. In order to do this, we would like to get to know you better. We use certain personal data for this. PersonalLoan uses your personal data on the basis of the legal bases from the GDPR and we only process your personal data for the purpose for which you provided them. Below you can read what we use your personal data for.
A. Provide our products and services and maintain a good relationship with you
For example, to process your product request and to assess whether the product suits your situation and wishes, to manage your products, to be able to carry out assignments, to contact you and to keep your details or to change them if necessary.
Based on your use and your feedback, we see which products or services are of interest to you and we can further develop our products or services and bring them to your attention. If you do not appreciate this, you can always indicate this (right to object) and we will no longer send you this information.
B. Safeguard the safety of our customers, ourselves and the financial sector, reduce risks and prevent fraud
We are obliged to monitor the security and integrity of the financial sector. For example, we can use personal data to investigate possible criminal activities. But also to ensure that we only provide responsible loans and credits and to protect our customers against risks. We also use data to evaluate and improve how we can prevent financial crime.
PersonalLoan has an internal and an external reference register and participates in the Incident Warning System Financial Institutions. This system contains lists of persons who have committed fraud or are in any other way a risk to the financial sector. We also keep sanction lists, payment patterns and limited location data. And if there is reason to do so, we will check details with, for example, your employer and your bank. We can also consult external sources such as information agencies if fraud is suspected.
C. Comply with legal or legal obligations
There are many rules in the law that we must adhere to. These rules state that we must record your personal data and sometimes give it to others. Some examples of legal obligations that we must comply with:
- According to the Financial Supervision Act (Wft), we have a legal duty of care. An example of this is that we must take measures to prevent over-lending. This means that we must use your personal data to have a good idea of your current and future financial situation.
- We must take measures to prevent and combat fraud, tax evasion, terrorist financing and money laundering. How do you notice this? We ask you to identify yourself so that we know who you are. That is why we keep a copy of your identity document.
- We have obligations under various laws that require us to keep your personal data. For example, the Civil Code (BW), the Money Laundering and Terrorist Financing Act (Wwft) or the Bankruptcy Act (Fw).
In certain cases, we are also obliged to pass on your details to organizations such as the Tax and Customs Administration, Police & Justice (financial fraud) and the Intelligence Service (terrorism). Sometimes we also have to share personal data with supervisory authorities such as the Netherlands Authority for the Financial Markets (AFM) and De Nederlandsche Bank (DNB). This is always done with the utmost care and confidentiality.
D. Improving our services
For example to test new products or to develop new ways of providing services. In this way we can make and improve our services more efficiently. For this we anonymize your personal data so that it can no longer be traced back to you or another individual.
E. Promotional and Marketing Purposes
We will keep you informed with e-mails and postal mailings. We also use (personalized) advertisements on websites of other parties and social media. If you no longer wish this, you can always report this to PersonalLoan using the option provided in each communication. You will then no longer receive commercial communications from PersonalLoan.
F. For research
We investigate possible trends, problems, causes of errors and risks. For example, to check whether new rules are properly observed. This way we can prevent complaints and damage. We can also intervene or warn in time if you can no longer repay your loan.
4. Which personal data does PersonalLoan process?
PersonalLoan can process different types of personal data, depending on our relationship with you and the products you purchase from us.
A. Contact information
details necessary to contact you, such as your name, address, city, telephone number and e-mail address.
B. Contractual Information
details about the products and services we provide to you, such as term, effective date and monthly obligations.
C. Transaction Information
Information about your account balance and payment transactions made, such as withdrawals and refunds.
D. Information Obtained from Chat and Conversation Recordings
We can record and save telephone conversations. We use the recordings for fraud prevention, due to legal obligations or for evidence reasons. We also use these details to improve our services and train our employees.
E. Special personal data
By law, certain sensitive personal information falls under 'special personal data'. For example, information about your health, political beliefs or sexual orientation. PersonalLoan does not specifically collect and use these types of details, except where we have a legal obligation to do so or when it is necessary to provide a product or service to you.
F. Personal Information
details about who you are, such as your gender, date of birth, family situation, occupation and the details on your ID.
G. details about your financial situation and your products
Think of bank account numbers and the products you have with us, details about your financial situation (income and expenses) and the details for Credit such as the amount of your monthly mortgage, pay slips and bank statements.
H. Administrative information
Registration numbers and administrative reports.
I. details we receive from other parties
For example, details from the land register, the trade register of the Chamber of Commerce, the Credit Registration Office (BCR) (CKI, VIS, EVA or Buitenland Toets) or from public sources such as the insolvency register, trade information agencies (e.g. Experian), newspapers or the internet.
J. details about the use of our website and app
This includes cookies, your IP address or information about the devices you use.
5. How do we collect your details?
Most of the personal data that PersonalLoan collects is provided by yourself. For example in one of the situations below.
- You request financial products or services from us.
- We speak to each other in person or by telephone.
- You send us e-mails or letters.
- You will receive an e-mailing from us (for example a newsletter or an iDEAL link sent) in which a tracking pixel has been placed. By using a tracking pixel we can see whether an e-mail is opened and / or read. If you receive an e-mail with an iDEAL link, we can see whether this payment link is opened.
- You participate in financial reviews, interviews, customer surveys, competitions or promotional activities.
We also receive personal data from you that we have obtained from others or from other sources. For example, think of:
- (Public) registers containing your details, such as BCR and the Chamber of Commerce.
- Public sources such as newspapers, the Internet and areas of social media that are not private.
- Files from other parties that have collected personal data about you, such as external marketing agencies or trade information agencies.
- Companies that introduce you to us, including comparison sites.
- Government and law enforcement agencies.
- Your partner, if he also applies for a loan on your behalf. Then we may use the personal data that we request about you and in some cases we are even obliged to do so.
6. Sharing your details with third parties
PersonalLoan treats all your personal details confidentially, securely and in accordance with the law, even if you are no longer a customer with us. We may share your personal data with other organizations, also known as processors. We conclude an agreement with them containing sound and firm agreements about the protection and use of your personal data. By signing these agreements, they agree to use the details solely for the purposes of the
services described in the agreement.
At www.primeline.en you will find an up-to-date overview of organizations with which we share your personal details. Below are the types of companies we work with.
Companies that perform administrative services
Think of sending mail, preparing reports and printing or performing calculations. We exchange contact information, personal details and financial, contractual and administrative information. This allows us to maintain our relationship with you and provide our products and services.
Companies that support in marketing and management activities
Think of taking care of communication with customers. We exchange contact information, personal details and financial and administrative information. In this way we can ensure that you receive the right (commercial) messages from us at the right time, about topics in which you are interested or that are of interest to you.
For example, regulators, such as the Netherlands Authority for the Financial Markets (AFM), De Nederlandsche Bank (DNB) or the Tax Authorities. We exchange all information that we are legally obliged to provide.
Identity checks and credit reference agencies
When you request a product or service, we are required by law to perform certain identity checks on the details you have provided about yourself. We also check and use your credit history and current financial situation to assess risks when accepting your application. For example at the Credit Registration Office (BCR).
PersonalLoan shares personal data that you provide with your application with credit reporting agencies that assist us with these checks. The details we exchange back and forth with the credit reference agencies include:
- contact information and personal details such as name, age and address;
- credit application data (contractual information);
- current financial situation and past;
- transaction data;
- publicly accessible information.
Purposes for which we use these details:
- Assess whether you can meet the repayments and obligations.
- Check whether what you have communicated to us is correct.
- Detection and prevention of fraud and money laundering.
- Management of accounts with us.
- Tracking debts, determining overdrafts and debt collection.
As long as you are a customer with us, we are obligated to share your details with credit reporting agencies about your repayment, closed accounts and whether your loans were paid on time. By checking registrations with BCR monthly, we prevent you from getting too much debt and we can contact you if financial problems threaten to arise.
Fraud prevention agencies
Fraud prevention agencies and law enforcement agencies may have access to your personal information. When fraud is suspected, we share your personal data with these agencies to help detect, investigate, prevent and prosecute financial crime. These agencies can keep your personal data for up to 10 years, depending on their findings and (inter) national legal requirements. Law enforcement agencies can keep criminal records for up to 20 years.
7. Your personal data outside the European Economic Area
Your personal data is also processed outside Europe. At www.primeline.en you will find an overview of the countries where your personal data can be processed. Additional rules apply to the processing of your personal data outside Europe. By using the security measures below, we ensure that the
details receive the same protection as within the EEA.
- Transferring details to organizations in non-EEA countries with privacy laws that offer the same protections as within the EEA.
- Transferring details to organizations belonging to a 'Privacy Shield'. This is an international framework that sets privacy standards
comparable to those of the EEA.
- Enter into a contract with the recipient, ensuring that it processes the details with the same protections as applies within the EEA. Model contracts from the US are used for this.
The next one processing takes place outside the EEA:
- Delivery of details by a customer via online application, application forms or by telephone.
- Sharing, storing, reading out and adjusting personal data for file construction of a customer and a so-called audit trail ('audit trail'). This is the structured recording of transactions and control activities, so that every action can be traced back to the source documents. This allows us to or
supervisors administratively track and control transactions.
- Sharing, storing, reading and modifying personal data for information exchange with companies engaged in fraud detection and fraud monitoring.
8. Your personal data is safe
We store personal data with the greatest possible care and take all necessary physical and technical security measures to protect your privacy. We invest in our systems, procedures and people. We ensure that our way of working matches the sensitivity of your personal data and train our employees to handle your personal data safely. It is precisely for your safety that we cannot go into detail about the exact measures we take. This is to prevent abuse.
9. How long do we keep your personal data?
As long as you are our customer, we will use your details to provide you with the products and services you have requested. Do you decide to leave PersonalLoan? Then we will not keep your details longer than is (legally) necessary for one of the next one reasons:
- Respond to questions or complaints.
- Demonstrate that we have treated you fairly.
- Comply with legal and regulatory obligations.
The General Data Protection Regulation (GDPR) does not contain any concrete retention periods for personal data. Other laws may stipulate minimum retention periods that we must adhere to. For example, the general obligation to keep records for companies as stated in the Civil Code, tax legislation or legislation that applies especially to financial companies (Financial Supervision Act).
We keep all this information for as long as is necessary for the purpose for which we are using your details. We also keep your details for as long as we are required by law. Exactly how long we keep your details varies from a few weeks to several years.
See also the overview below of some of the retention periods used.
You start an application and fill in details for it, but you disconnect the application before sending it. Maximum 3 months after starting application
You have entered details for an application and the application 'sent', only the application will be rejected. Maximum 3 months after application date
All details and documentation from and about you that are part of the customer file. 7 years after termination of Credit
Complaint after termination of 'credit relationship' with PersonalLoan. 7 years after termination of Credit
PersonalLoan uses profiling. According to the GDPR, you can speak of profiling if there is an automated processing of personal data with which personal aspects of persons are evaluated and to make predictions about those persons. The GDPR mentions, among other things, the prediction of someone's economic situation, creditworthiness, personal preferences, interests and (future) behavior as a possible final goal of profiling.
By using these techniques, PersonalLoan can assess a credit application and make a suitable offer based on the result. Public sources such as the Land Registry and the Chamber of Commerce can be consulted for automated decision-making. Details from the BCR test (CKI, VIS, EVA or Abroad Test), MRZ, Experian or DataChecker test and personal data from the credit application are also used for this. Below you can read when we do this and thus use profiling.
A. Fight against fraud
We have a great deal of knowledge and experience in the field of fraud prevention. Unfortunately, we are dealing with increasingly cunning forms of fraud. For the sake of security and prevention, we cannot go into detail about how we combat fraud.
B. Unusual transactions
We must comply with the Money Laundering and Terrorist Financing Prevention Act (Wwft). That is why we pay special attention to unusual transactions and to transactions that by their 'nature' involve a higher risk of money laundering. For this it is necessary to draw up and maintain a risk profile of you. If we suspect a transaction is related to money laundering or terrorist financing, we will report this to the appropriate authorities. That is FIU Netherlands, among others.
C. Duty of Care and Risk Management
We are expected to do as much as possible to avoid over-lending. Or that we intervene more quickly when a customer is in danger of getting into financial difficulties. We have developed specific policy for this. We first make a list of the most common characteristics of customers who have had financial problems. These properties together form the profile. We then check whether there are customers who meet this profile. Finally, we determine what we can do to help these customers.
D. Customer and Product Acceptance
We use profiling in the application and acceptance process. In general terms it looks like this:
- We make a risk analysis. We do this if you are a new customer, but also if you as an existing customer want to purchase other products from us. We know from experience that certain features are an indication whether you can easily repay a Credit. For example, whether you have a job or debt. We assess these characteristics.
- Customers who can normally repay a loan share a number of characteristics. And customers who cannot, too. A profile is drawn up based on your characteristics.
- We compare your profile with our existing profiles. We then estimate the risk of whether you can repay the loan.
11. Automated decision making
When you request a product or service via our website, the decision-making about your application is (largely) automatic. For this we use external providers and systems from PersonalLoan. This helps us to make fast, fair, efficient and correct decisions based on current information. These decisions may affect the products, services or features we offer you now or in the future.
The law allows us to use automated decision-making without human intervention. For example, you have the following rights: to receive an explanation of the automated decision, to let us know your point of view, to contest the decision and the right to human intervention.
We use partial automatic decision making for:
- The application and acceptance process
- Fraud protection
Ad 1. Application and acceptance process
When you apply for a loan or increase your credit limit with us, we check whether the product suits your financial situation, meets your needs and whether you meet our requirements to open a loan or increase your credit limit. This includes checking your identity and personal details, such as age, place of residence, income and expenses, nationality and credit history.
We make a risk assessment to determine whether we can approve your application. This assessment is based on the details you provide, credit information we obtain externally and an analysis to understand your financial situation.
When you have applied for a loan, we make sure that decisions are never based solely on automated systems. There is always personal involvement in making a wise decision.
Ad 2. Fraud protection
We monitor your account to determine if you are a victim of fraud. If there is a risk of fraud, we may suspend the ability to carry out transactions or have transactions executed and temporarily freeze your account while we investigate. In that case, we will contact you and keep you informed of the investigation.
12. We would like to point out your rights
PersonalLoan uses your personal data to be of service to you. We handle this very carefully. Of course you always remain in charge of this information. We would therefore like to point out your rights.
Good to know: before we give you access to your personal data, we check your identity. In this way we protect you against identity theft and financial crime. We may also ask you some questions to make sure we understand your request.
A. The right to access your personal data
Would you like to know which details we use from you? In My PersonalLoan you can see which contact details we have for you. You can also view your transaction history and account details here. In addition, you can request all documentation received from you by PersonalLoan by sending an email or letter.
B. The right to have errors or inaccuracies corrected
It is important that all personal data we use is accurate, up to date and relevant. We therefore ask you to check your details regularly. You therefore always have the right to correct and update your personal data. In My PersonalLoan you will find an overview of the contact details we use. Here you can also change some of these details.
C. The right to delete your personal data
You have the right to ask us to delete your personal data. This is possible in the next one situations:
- Your personal data is no longer necessary for the purpose for which it was collected.
- U trekt uw toestemming in en er is geen wettelijke grond om uw persoonsgegevens te verwerken en behouden.
- U maakt er bezwaar tegen dat we uw persoonsgegevens verwerken voor directe marketingdoeleinden.
- U maakt er bezwaar tegen dat we uw persoonsgegevens verwerken voor het gerechtvaardigd belang van PersonalLoan.
- U meent dat uw persoonsgegevens niet rechtmatig worden verwerkt.
- U meent dat uw persoonsgegevens verwijderd moeten worden om aan de wettelijke eisen te voldoen.
Zodra het kan, verwijderen we uw details definitief. Soms kunnen wij uw persoonsgegevens niet direct uit onze systemen verwijderen. Dit in geval van:
- verplichte of andere persoonsgegevens die we nodig hebben voor de uitvoering van de overeenkomst die u met ons hebt;
- een wettelijke verplichting om de details voor een bepaalde termijn te bewaren, of
- vanwege een ons gerechtvaardigd belang.
D. Het recht van gegevensoverdraagbaarheid
U hebt het recht om uw persoonsgegevens te ontvangen in een gestructureerd, veelgebruikt en machinaal leesbaar formaat. PersonalLoan levert u de details aan in Excel. Ook kunt u ons vragen uw persoonsgegevens rechtstreeks aan een andere organisatie/financiële instelling over te dragen. PersonalLoan zorgt hier dan voor.
E. Het recht op beperking van verwerking
Dit houdt in dat wij de verwerking van de details tijdelijk “bevriezen”. U kunt zich in vier situaties op dit recht beroepen:
- In afwachting van de beoordeling van een correctieverzoek.
- Als uw persoonsgegevens eigenlijk gewist moeten worden en u wilt dit niet.
- Als wij de details niet langer nodig hebben, terwijl u deze nog wel nodig hebt voor (de voorbereiding op) een rechtszaak.
- In afwachting van de beoordeling van een bezwaar.
F. Het recht van bezwaar tegen verwerking
U kunt bezwaar maken tegen het verwerken van uw persoonsgegevens als we uw details gebruiken voor andere doeleinden dan noodzakelijk voor de uitvoering van de overeenkomst of voor het nakomen van een wettelijke verplichting. Wij toetsen uw bezwaar zorgvuldig en als het nodig is, stoppen wij met de verwerking van uw persoonsgegevens.
G. Het recht om een klacht in te dienen
Maakt u zich zorgen over de manier waarop we met uw persoonsgegevens omgaan? Neem dan eerst contact met ons op via afdeling klantenservice via telefoonnummer 073 – 645 99 17 of postadres Antwoordnummer 13035, 6450 VE 'Hawaii. Een postzegel is niet nodig. Op 47722.org/contact vindt u al onze contactgegevens.
U hebt ook het recht om rechtstreeks een klacht in te dienen bij de toezichthouder gegevensbescherming, de Autoriteit Persoonsgegevens. Voor meer informatie over hoe dit in zijn werk gaat, kunt u terecht op de website van de toezichthouder.
13. Gerechtvaardigd belang van PersonalLoan of van anderen
Wij mogen uw persoonsgegevens gebruiken als wij daar zelf een 'gerechtvaardigd belang' bij hebben. Wij moeten dan aantonen dat ons belang om uw persoonsgegevens te gebruiken zwaarder weegt dan uw recht op privacy. Wij wegen alle belangen dus af. Maar wanneer is dit? Wij lichten dit toe met een paar voorbeelden:
- Wij beschermen eigendommen en persoonsgegevens van u, van ons en die van anderen.
- Wij beschermen onze eigen financiële positie. Bijvoorbeeld om te beoordelen of u uw lening kunt terugbetalen en uw belang en het belang van anderen als er sprake is van een faillissement.
- Wij doen aan fraude-opsporing om schade voor u en voor ons te helpen voorkomen.
- Wij houden u op de hoogte van productveranderingen en commerciële aanbiedingen.
- Wij voeren statistisch onderzoek uit.
14. Als u ervoor kiest om geen persoonsgegeven te verstrekken
PersonalLoan is wettelijk verplicht om bepaalde persoonsgegevens te verwerken om haar taken goed uit te kunnen voeren en onze overeenkomst met u na te komen. Als u ervoor kiest om de benodigde persoonsgegevens niet aan ons te verstrekken of de verwerking ervan door ons te beperken, dan kunnen wij misschien niet aan onze verplichtingen voldoen en/of het product dat u hebt aangevraagd niet leveren. Dit kan leiden tot opzegging van onze overeenkomst met u. Als dit het geval is, dan nemen wij contact met u op om dit te bespreken.
15. Wijziging van de privacyverklaring
Deze privacyverklaring kan worden aangepast aan gewijzigde wet- en regelgeving en/of aan de wijze waarop we persoonsgegevens verwerken. Deze versie is van mei 2020. De meest recente versie vindt u altijd op 47722.org/privacyverklaring .
PersonalLoan is een handelsnaam van wander Consumer Finance BV, Postbus 3369, 96814 DJ 'Hawaii, KvK 16082749.
U kunt de Privacyverklaring ook downloaden als PDF-bestand, klikhier .