Home/Privacy Policy

Privacy Policy

How we collect, use, and protect your personal data.

Last updated: January 15, 2025 — UFIPAR, 24 Rue Jean Goujon, 75008 Paris, France

1. Introduction and Data Controller

UFIPAR ("we", "us", "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, share, and protect information about you when you visit our website or use our loan intermediation services.

UFIPAR is the data controller responsible for your personal data. Our contact details are: 24 Rue Jean Goujon, 75008 Paris, Franceservice@ufipar.finance.

2. Personal Data We Collect

We collect the following categories of personal data:

  • Identity data: full name, date of birth, nationality, passport or ID details
  • Contact data: email address, telephone number, residential address, country of residence
  • Financial data: annual income, employment status, bank account details, credit history
  • Application data: loan type, amount, term, currency, purpose, and any additional notes submitted
  • Technical data: IP address, browser type and version, device identifiers, pages visited, referral source, cookies
  • Communication data: records of correspondence between you and UFIPAR

3. How We Collect Your Data

We collect personal data through the following means:

  • Directly from you when you complete and submit a loan application form
  • Through your use of our website (technical data collected via cookies and analytics tools)
  • From third parties such as credit reference agencies, identity verification providers, and lending partners

4. Purposes and Legal Basis for Processing

We process your personal data for the following purposes and on the following legal grounds under the General Data Protection Regulation (GDPR):

  • To process your loan application — Legal basis: performance of a contract or pre-contractual steps (Art. 6(1)(b) GDPR)
  • To verify your identity and assess creditworthiness — Legal basis: legal obligation and legitimate interest (Art. 6(1)(c) and (f) GDPR)
  • To transmit your application to lending partners — Legal basis: your consent and/or contractual necessity (Art. 6(1)(a) and (b) GDPR)
  • To send you application status updates and communications — Legal basis: legitimate interest (Art. 6(1)(f) GDPR)
  • To comply with legal and regulatory obligations — Legal basis: legal obligation (Art. 6(1)(c) GDPR)
  • To improve our website and services — Legal basis: legitimate interest (Art. 6(1)(f) GDPR)

5. Data Sharing and Recipients

We may share your personal data with the following categories of recipients:

  • Licensed lending partners and financial institutions — to assess and process your loan application
  • Credit reference and identity verification agencies — to perform required checks
  • IT and hosting service providers — to operate our website and data infrastructure securely
  • Legal and compliance advisors — where required to fulfil regulatory obligations
  • Public authorities — where required by law, court order, or regulatory authority

We do not sell your personal data to third parties for marketing purposes.

6. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place in accordance with GDPR, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected. In general:

  • Application data is retained for a minimum of 5 years following the conclusion of a loan, in compliance with applicable financial regulations
  • Technical and website usage data is retained for up to 24 months
  • Marketing consent records are retained until you withdraw your consent

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include SSL/TLS encryption, access controls, regular security assessments, and staff training. However, no method of internet transmission is 100% secure.

9. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

  • Right of access: You may request a copy of the personal data we hold about you
  • Right to rectification: You may request correction of inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): You may request deletion of your data where no legal basis for retention exists
  • Right to restriction of processing: You may request that we limit how we use your data in certain circumstances
  • Right to data portability: You may request a copy of your data in a structured, machine-readable format
  • Right to object: You may object to processing based on legitimate interest or for direct marketing purposes
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at: service@ufipar.finance. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your national data protection supervisory authority.

10. Cookies

We use cookies and similar tracking technologies on our website. For full details, please refer to our Cookie Policy.

11. Amendments to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by posting the updated policy on this page with a revised date. Your continued use of our services following any updates constitutes your acceptance of the revised policy.

12. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at:

UFIPAR
24 Rue Jean Goujon, 75008 Paris, France
Email: service@ufipar.finance