Contact information in relation to the current Privacy and cookie policy:

Stikcredit is a P2P marketplace platform operated and maintained by Stik Credit AD. If you have any questions regarding the current Privacy policy, please contact us at the contacts below:

• Email: support@stikcredit.eu

You can contact the Data Protection Officer at:

• Email: dpo@stikcredit.bg

If you are not satisfied with the way we have responded to your complaint regarding the protection of personal data, you have the right to lodge a complaint with the Commission for Personal Data Protection. You can contact the supervisory authority as follows:

• Email: kzld@cpdp.bg
• Phone: 02 / 91-53-518
• Or at the following address: Sofia 1592, bul. "Prof. Tsvetan Lazarov ”№ 2

I. Principles of personal data collection and processing

We as a company are committed to the protection of your personal data and we do not use them for any other purpose other than providing, maintaining and improving our services and or as required by law. The main principles applied by the Company in the collection and processing of personal data are:

1. Legality, good faith and transparency.
2. Purpose limitation.
3. Data minimization.
4. Accuracy;
5. Restriction of storage;
6. Integrity and confidentiality;
7. Accountability.

This privacy and cookie policy (or "Policy" for short) describes how and why we process your personal data, how we protect and store it, and what your rights are in relation to your personal data.

II. Individualization of the personal data administrator

1. The administrator of personal data under this Policy is STICK - CREDIT AD, with registered office and address of management at Novi Pazar, 16 Vasil Levski Str., Ent. 4, fl. 4, ap. 8. The address for correspondence is Novi Pazar, 16 Vasil Levski Str., Ent. 4, fl. 8, ap. 8

2. The administrator processes personal data in connection with the provision of access and registration on the Stikcredit P2P marketplace, advertising its services, determining the purposes and means for their processing, in compliance with the applicable regulations.

3. The Personal data shall be processed independently by the personal data controller and by assigning personal data processors.

4. The controller may designate one or more persons to be responsible for coordinating and implementing personal data protection measures.

III. Types of personal data collected, processed and stored

1. When we process your basic personal data and the other data described for the purposes of providing the services for access to the Stikcredit platform, and their fulfillment of your requests / requests / applications, as well as in order to fulfill our regulatory obligations, this processing is mandatory to meet these objectives. Without this data, we would not be able to provide the relevant services or with access to our platform.

2. Your identification data in the context of a contractual relationship:

• Identification data - first name and surname, gender, date of birth, identity number, tax ID, User’s ID number, information form identity document, copy of an identity document, photograph holding the government-issued ID, user’s bank account information.
• KYC and due diligence data, including, but not limited to source of wealth, source of funds, data on employment, annual income, area of work, credit history, etc.
• Transaction data - funds invested, transactions conducted, incoming and outgoing payments, concluded assignment agreements, annual return, available funds, etc;
• Communication data - including electronic correspondence, letters, complaints, requests, signals, and / or requests with troubleshooting and other feedback that Stikcredit receives.

IV. Personal data processing purposes

1. To access to Stikcredit’s P2P marketplace platform, provide the services available on the platform to which you are a party and provide the necessary electronic services and documents for entering into Assignment Agreements. Upon registration with the Platform, the personal data of the User is used for: identifying the User, creating a Virtual Account of the user, and providing the Services according to the relevant agreements with the User.

2. For the purposes of opening and maintaining a Virtual Account of the User. In order to create and maintain the Virtual Account, the User’s personal data, contact information, transaction data and communication data is used. This data is also necessary to ensure money transfers and withdraws, daily summaries and notices about transfers, to provide any related services arising from Agreement.

3. Because the processing is necessary to comply with a legal obligation that applies to Stikcredit; For example, as a registered financial institution whose activity is under the supervision of the Bulgarian National Bank, we have obligations to provide information to the Bulgarian National Bank, the State Agency National Security, the Ministry of Interior and other third parties in accordance with the Consumer Credit Act, the Credit Institutions Act, the Protection Act of consumers, the Law on Measures against Money Laundering, the Law on Provision of Distance Financial Services, Ordinance № 26 on Financial Institutions, adopted by the BNB. The company may provide information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act, to the Personal Data Protection Commission and all other public bodies in accordance with the applicable legislation;

4. For fraud prevention purposes;

5. For the purpose of collection of receivables;

6. In case the processing is necessary for our legitimate interest - to perform a basic analysis of your data in order to adapt our services to your individual needs and to offer you new services to meet them, as well as to notify you of changes in the services and to maintain communication with you in connection with the repayment of our claim against you.

7. Within the scope of your consent - for example for marketing and promotional purposes. If you have given us your consent for the processing of your personal data for marketing purposes, the processing will only be carried out in accordance with the purposes specified in your consent. Any consent to the processing of personal data for marketing purposes may be revoked by you at any time, and this will not affect in any way the Services we provide. To withdraw your consent, you only need to use the contact details on our website.

V. Categories of persons to which Stikcredit discloses personal data

We provide your personal data to certain categories of third parties so that we can offer you quality, fast and comprehensive service and our products and services to meet your expectations. We do not provide your personal data to third parties until we have made sure that all technical and organizational measures have been taken to protect this data, and we exercise strict control over the implementation of this purpose. In this case, we remain responsible Administrator for the confidentiality and security of your data.

1. Persons who, on the basis of a contract with Stikcredit or registration on Stikcredit’s P2P marketplace platform, process your personal data on behalf of the company or have direct / indirect access to the personal data include:

• Enterprises providing electronic communications services;
• Persons who, on assignment of Stikcredit, maintain equipment and software and hardware used for personal data processing and necessary for the maintenance of the company's network, as well as for performing various reporting services, technical support, service support and others.;
• Banks and payment institutions servicing the payments made by / to the company's Users;
• Private and state enforcement agents, Central Credit Register at the Bulgarian National Bank, National Revenue Agency, National Social Security Institute;

2. Other controllers of personal data to whom Stikcredit provides personal data include competent authorities, which by virtue of a normative act have the authority to require the Administrator to provide information, including personal data, such as a Bulgarian court or a court of another country, various supervisory / regulatory bodies - Consumer Protection Commission, Regulatory Commission of communications, bodies with powers for protection of national security and public order and others.

VI. Period of storage of personal data

We process your personal data for the entire duration of the Agreement you have concluded with us and store them for a period of five years after its termination and / or after submitting a loan application, in case you have not concluded an Agreement with us, in order to comply with the applicable anti-money laundering legislation, as well as with the expiration of certain limitation periods for filing claims and obligations to provide information to the court, competent state authorities and other grounds provided for in the current legislation (5 years) .

After the expiration of the above deadlines, the Company will delete or anonymize your personal data, unless they are necessary for pending court, administrative proceedings or proceedings to review your complaint before us.

Anonymization is an alternative to deleting data and is a process in which all personally identifiable data (data that allows you to be identified) is permanently deleted. Anonymized data are not personal and are not subject to regulatory requirements for deletion.

VII. Cookies

Cookies are small text files that are stored on your computer or mobile device when you visit our website. They collect information about how to use the website in order to improve its efficiency and allow us to store your preferences so that you do not have to enter them every time you visit the website or go from one page to another. This way you cannot be personally identified.

VIII. Rights of the users regarding their personal data

You have the following rights in relation with the collection, processing and storage of personal data by Stikcredit:

1. Right to be informed- the right at any time to request from Stikcredit information about the personal data stored by the Company for you, as well as about their origin, recipients or categories of recipients to whom they are transmitted and the purpose of storage.
2. Right of access - the right to receive confirmation whether Stikcredit processes your personal data, the right of access to them, as well as information about their processing.
3. Right of correction - the right to request Stikcredit to promptly correct and / or supplement inaccurate personal data stored by the Company.
4. Right of deletion (the right to be forgotten) - the right to request Stikcredit to delete your personal data, the processing of which does not meet the requirements of the Personal Data Protection Act and the Regulation, as well as to notify the third parties to whom such data has been disclosed of any such deletion, except where this is not possible and / or where there is a substantial basis and / or legal obligation to process them.
5. Right to limit the processing - the right to request from Stikcredit to limit the processing of your personal data when:
   1. you dispute the accuracy of the data;
   2. the processing of your personal data has no legal basis, but instead of Stikcredit deleting the data, you want the data’s limited processing;
   3. you have filed an objection to the processing of your personal data, pending verification of whether the grounds of Stikcredit are legal.
6. Right to data portability - the right to receive your personal data, which you have provided to Stikcredit and which relate to you, in a structured format, suitable for machine reading.
7. Right to object - at any time you have the right to:
   1. Object to the processing of your personal data by Stikcredit if there is a legal basis for the objection. When the objection is justified, the right of Stikcredit to process your personal data is waived;
   2. Object to the processing of your personal data by Stikcredit for the purposes of direct marketing.
   3. The right not to be the subject of a decision based solely on automated processing, including profiling - the right to request human intervention by Stikcredit in the processing of your data.
8. Right of withdrawal of consent - the right to withdraw at any time the consent given by you for the collection, processing and storage of Stikcredit of your personal data (such as for marketing purposes).

The withdrawal of the consent will not affect the legality of the previously given processing based on the given consent before its withdrawal and will not affect the processing and storage of personal data by Stikcredit in cases where the Company has a legal obligation to keep these data, according to the provisions of the Bulgarian legislation and / or the law of the European Union.

9. Right of appeal to a supervisory authority - in case you believe that we are violating the applicable regulations regarding the processing of your personal data, please contact us to clarify the matter. You also have the right to file a complaint with the competent supervisory body, which in the Republic of Bulgaria is the Commission for Personal Data Protection, with address: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2, phone 02 / 91-53-518; e-mail: kzld@cpdp.bg. You can find more about the activities of the Commission at https://www.cpdp.bg/.

IX. Protection of personal data

The security of your personal data is important to us and that is why we apply various organizational and technical measures to ensure that your data is protected and kept strictly private and confidential. We have systems and procedures in place to prevent unauthorized access, improper modification or disclosure, misuse or loss of personal data and other User information. We protect your personal data by maintaining physical, electronic and procedural measures and rules in accordance with applicable laws, regulations and good industry practices. Some of the measures we take to ensure a high level of security with regard to the management of personal data include:

• Pseudomonification - we process your personal data in such a way that it can no longer be linked to a specific person without the use of additional information, which additional information is stored separately and subject to specific technical and organizational measures to ensure that personal data data are not attributed to a specific individual;
• Encryption - we apply cryptographic methods that convert certain information or data into code to make it unreadable to unauthorized users;
• Minimization - the personal data we require from you are relevant and limited only to what is necessary in connection with the purposes for which they are processed;
• Strict internal control over access to personal data - access to your personal data is allowed only to those of our employees who need this information in order to properly perform their professional duties;
• Penetration testing - we apply an authorized simulation attack on a specific computer system, performed to assess the security of this system. Regular scanning and penetration testing is used to identify potential security vulnerabilities and to apply appropriate means to address them;
• Providing ongoing training on personal data protection to all our employees and constant internal control over the implementation of confidentiality measures.

Please note that you also play an important role in protecting your personal data. When registering on our platform, it is important to choose a password of sufficient duration and complexity, not to disclose this password to anyone and to notify us immediately if you find unauthorized access or unauthorized use of your account and / or mail. Given the nature of communication technology and information processing technology, we cannot guarantee that information, during transmission over the Internet or while stored in our systems or otherwise, will be absolutely safe from intrusion.

Our site may contain links to third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and Stikcredit is not responsible for them.

X. Consideration of customers 'complaints

1. General provisions

This item has been developed on the basis of the applicable legislation regulating customer complaints in connection with the activity of Stikcredit. The main goal of this policy is for the complaints of the company’s clients to be resolved fairly and within the pre-established deadlines for response.

2. Consideration of complaints

Our representative accepts customer complaints and submits them no later than the end of the next business day for consideration by the manager. The manager then gets acquainted with the complaint and stops contact with our customer. When the complaint is fully or partially justified, the manager makes every effort to satisfy the client's claims and prevent potential litigation.

3. Categories of complaints according to the order of their receipt

   A complaint, within the meaning of this point, is any oral or written expression of dissatisfaction, suggestion or remark of a client regarding the quality of the provided services. Stikcredit groups the complaints of its clients according to the manner of their receipt as:

   1. customer complaints sent to the official e-mail of Stikcredit;
   2. written complaints submitted to Stikcredit;

   Written complaints of clients forwarded to Stikcredit through supervisory or other administrative and state bodies (Bulgarian National Bank, Consumer Protection Commission, Personal Data Protection Commission, Competition Protection Commission, etc.).

4. Deadlines for responding to customer complaints

Stikcredit prepares answers to complaints within 30 business days from the date of receipt of the complaint, and in case of factual or legal complexity the term may be extended, for which the complainant is explicitly notified.

XI. Changes to this privacy policy

The policy may be amended or supplemented due to amendment of the applicable legislation, at the initiative of Stikcredit, of individuals, personal data subjects and / or of a competent authority (eg the Bulgarian Commission for Personal Data Protection).