Privacy Policy

Introduction

LucidHarbor B.V. ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our consumer finance services.

Data Controller Information

LucidHarbor B.V. is the data controller for the personal information we collect. We are registered in the Netherlands with company registration number KvK68214579 and our registered address is Beukenlaan 241, 3054 MM Rotterdam, South Holland, Netherlands.

Data Collection

The data we collect includes personal information that you voluntarily provide to us when you:

• Contact us through our website forms or email
• Request information about our services
• Apply for financial services
• Subscribe to our communications
• Visit our website (through cookies and tracking technologies)

This may include your name, email address, phone number, postal address, date of birth, financial information, and any other information you choose to provide.

How We Use Your Information

We use of your data for the following purposes:

• To provide and maintain our financial services
• To process your applications and requests
• To communicate with you about our services
• To comply with legal and regulatory requirements
• To improve our website and services
• To conduct credit assessments and risk analysis
• To prevent fraud and ensure security

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Consent: Where you have given clear consent for us to process your personal data for specific purposes
• Contract: Where processing is necessary for the performance of a contract with you
• Legal obligation: Where we need to comply with legal or regulatory requirements
• Legitimate interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For more detailed information about our use of cookies, please see our Cookie Policy.

Data Sharing and Disclosure

We may share your personal information in the following circumstances:

• With service providers who assist us in operating our business
• With regulatory authorities when required by law
• With credit reference agencies for credit assessment purposes
• In connection with a business transaction, such as a merger or acquisition
• To protect our rights, property, or safety, or that of our users or others

Data Retention

We retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Typically, we retain customer data for seven years after the end of our relationship, in accordance with financial services regulations. Data retention periods may vary depending on the type of information and the purpose for which it was collected.

Your Rights

Under GDPR and Dutch data protection law, you have the following rights regarding your personal data:

• Right of access: You can request copies of your personal data
• Right to rectification: You can request correction of inaccurate or incomplete data
• Right to erasure: You can request deletion of your personal data in certain circumstances
• Right to restrict processing: You can request limitation of how we process your data
• Right to data portability: You can request transfer of your data to another organisation
• Right to object: You can object to our processing of your personal data
• Right to withdraw consent: You can withdraw consent at any time where processing is based on consent

International Data Transfers

We primarily process your data within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions by the European Commission or standard contractual clauses.

Security Measures

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Supervisory Authority

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data in accordance with data protection law.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of any material changes by posting the updated policy on our website and updating the "last updated" date at the top of this policy.