Article 1 General

1. Fundion collects and uses certain personal data. Fundion has a responsibility to ensure that personal data is used in accordance with data protection laws.
2. At Fundion, we respect your privacy and are committed to protecting your personal information.
3. This privacy policy is aimed at individuals whose personal data we process in the course of our commercial activities. These may be customers or potential customers or their representatives, agents or persons appointed by them, or an employee, director, officer or representative of another organization with which we have a business relationship. The privacy policy is also directed at visitors to our websites.

Article 2: Definitions
In this Privacy Policy, the following definitions apply:

1. Data Subject, Third Party, Personal Data, Processor, Processor, Processing of Personal Data and Processing Responsible: the terms as defined in Article 4 of the GTC.
2. Asset manager: the company that wishes to provide loans to Entrepreneurs for the purpose of managing the fund from which Financiers wishes to grant loans and has entered into an Agreement to that end with Fundion.
3. AVG: the General Data Protection Regulation.
4. Cookie: A quantity of data that a server sends to the browser so that it is stored and returned to the server on a subsequent visit. This allows the server to recognize the browser again and keep track of what the user, or actually the web browser, has done in the past.
5. Data breach: an infringement in connection with Personal Data, as referred to in Article 4(12) of the GCA.
6. Service: the service called Fundion servicing that is provided to the Customer and is further described in the Agreement.
7. Financier: the company that provides loans to Entrepreneurs and that has entered into an Agreement to this end with Fundion or uses the services offered by Asset Manager for this purpose.
8. Fundion: the private company Fundion Servicing B.V., established at Mediarena 2 in (1114 BC) Amsterdam, registered in the Chamber of Commerce Oost Nederland under number 69779694.
9. Fyndoo: the software program that Fundion uses in the context of the performance of the Service.
10. Personal Data: all data (including documents) that the Customer makes available or enters when using the Service, as well as all data (including documents) that are processed and created when using the Service and can be traced back to an identified or identifiable natural person (the Complainant).
11. Entrepreneur: the natural person (in connection with a sole proprietorship or a V.O.F.) or the director-shareholder of a legal entity wishing to take out a loan with Financier, whether or not provided from the fund managed by the Asset Manager, and whose Personal Data are Processed by Fundion in the context of the Service it provides to the Client.
12. Client: the Asset Manager or Financier that has entered into an Agreement with Fundion in the context of the Service.
13. Agreement: the Agreement concluded between Fundion and the Client, which is also the contractual basis for the provision of the Service.
14. Parties: Fundion and Client.
15. Privacy Policy: these rules of Fundion that describes how Fundion fulfills the protection of Personal Data in accordance with the legal provisions as included in the GTC.

Article 3: Subject matter and division of roles

1. These Privacy Regulations apply to the Processing of Personal Data in the context of the purposes referred to in Article 6 and form part of the Agreement. These Privacy Regulations will be accepted by the Client upon entering into the Agreement and made available to the Client.
2. Fundion is the Processing Manager in the Processing of Personal Data of the employees of the Client. Fundion is also the Processing Responsible for the Processing of the Personal Data of the Entrepreneurs.
3. Besides Fundion is also the Customer Processing Responsible for the Processing of the Personal Data of Entrepreneurs and (if applicable) Financiers.
4. By using the Service, the Client expressly consents to the Processing by Fundion of the Personal Data of its employees as well as the Personal Data of the Entrepreneurs and (if applicable) Financiers, all this as described in this Privacy Policy and the Agreement.

Article 4: Basis for Processing Personal data of (employees of) Asset manager and/or Financier

1.  Fundion Processes the Personal Data of (employees of) Asset Manager and/or Financier for the purpose of concluding the Agreement, the performance of the Service, within the framework of a legal obligation and within the framework of the legitimate interest of the Client and/or itself.
2. The Personal Data referred to in paragraph 1 concerns all Personal Data entered and information provided by the Customer when using the Service. The following Personal Data are processed by Fundion:
   1. the name, function and business contact details of the natural person (or persons) using the Service on behalf of the Customer;
   2. technical information, such as the computer of the person referred to under a., the operating system, the browser, the statistics regarding pages viewed within the software used by Fundion, the geographical location, the referring URL and IP address;
   3. information that Fundion (or its subcontractor on its behalf) collects using cookies and web beacons.
3. In addition to the Processing referred to in paragraphs 1 and 2, Fundion processes the Personal Data relating to Asset Manager or Financier in the context of compliance with the Money Laundering and Terrorist Financing (Prevention) Act (Wwft). This is the case here:
   1. the identity details (such as names, sex, date, place and country of birth, nationality, marital status, information about and on the proof of identity and other (contact) data);
   2. (if applicable) information on the residence status;
   3. information concerning the profession and the company of the Financier;
   4. financial information, including:
      • (if applicable) details of the Financier’s business (including trade name, VAT and Chamber of Commerce number, sector, annual accounts, directors and shareholders);
      • bank and payment details.
4. By entering into the Agreement, the Client agrees that Fundion will process the Personal Data referred to in this article. Fundion is responsible for the Processing of the Personal Data referred to in this article and therefore has independent control over the purpose and means of the Processing of these Personal Data.
5. The Client itself meets its information obligations from the GTC towards the Data Subjects referred to in this article, whereby the Client will in any case report the Processing to be carried out by Fundion.
6. The Client indemnifies Fundion against any claims of third parties, which in any case includes the Involved Parties referred to in this article and the supervisory authority, which are related to the Processing of Personal Data that occurs in the context of the performance of the Service by Fundion, unless there is an Infringing Processing for which Fundion is responsible.

Article 5: Basis of the Processing of Personal Data of Entrepreneurs

1. In addition to the Processing referred to in Article 3, Fundion processes the Entrepreneur’s Personal Data for the purposes of the performance of the Service, under a legal obligation and in the context of the legitimate interest of the Client and / or itself.
2. The Personal Data referred to in paragraph 1 concern – depending on whether this is necessary for the execution of the Agreement concluded between the Parties:
   1. the identity data (such as names, sex, date, place and country of birth, nationality, marital status, data about and on the proof of identity and other (contact) data);
   2. (if applicable) information on the residence status;
   3. details of the Entrepreneur’s profession and business;
   4. financial information, including:
      • turnover data;
      • data concerning the company (including trade name, VAT and Chamber of Commerce number, branch of industry, annual accounts, directors and shareholders);
      • WOZ value of any real estate;
      • income of a possible spouse, registered partner or tax partner;
      • data about the assets;
      • data on any liabilities (such as current loans and mortgages);
      • creditworthiness data;
      • bank and payment details.
   5. interest, premiums, terms and conditions of the products requested by the Entrepreneur and of the agreement entered into by the Entrepreneur.
3. By concluding the Agreement, the Client agrees that Fundion proceeds to the Processing of the Personal Data referred to in this article. Fundion is responsible for the Processing of the Personal Data referred to in this article and therefore has independent control over the purpose and means of the Processing of this Personal Data.
4. The Customer itself meets its information obligations towards the Entrepreneurs from the GTC, whereby the Customer shall in any case report the Processing to be carried out by Fundion.
5. The Client indemnifies Fundion against any claims of third parties, which in any case includes the Involved Parties referred to in this article and the supervisory authority, that are related to the Processing of Personal Data that occurs in the context of the performance of the Service by Fundion, unless there is an Infringing Processing for which Fundion is responsible.

Article 6: Basis of the Processing of Personal Data of Interested Website Visitors

1. Fundion processes the Personal Data of interested parties who wish to use our services by leaving personal data on www.fundion.nl for information and contacting Fundion.
2. The Personal Data referred to in paragraph 1 concerns all data filled in by the Interested Party that can be filled in on the contact form. The following Personal Data will be processed by Fundion:
   1. The e-mail address which is filled in by the interested party, which may be personal data;
   2. The telephone number of the interested party which may be personal data;
   3. The content of the message that is filled in by the interested party.
3. The above information is requested for the purpose of providing you with the requested information and maintaining contact with you.

Article 7: Purposes of Processing Personal Data

1. Fundion Processes the Personal Data referred to in Articles 3 and 4 for the following purposes:
   1. the provision of its Services, consisting of facilitating the process concerning the application for a loan, including checking the creditworthiness, drawing up loan documentation, monitoring, revising and managing the loans;
   2. if applicable: the verification of identity and reliability in the context of the Money Laundering and Terrorist Financing Prevention Act (Wwft);
   3. the promotion of safe trading via the Service and the follow-up of complaints and/or reports regarding unlawful trading via the Service;
   4. answering questions from the (employees of) the Asset Manager, Financiers or Entrepreneurs;
   5. compliance with these Privacy Regulations and the Agreement;
   6. measuring the interest in its Service and improving or promoting the Service;
   7. improving risk models;
   8. maintaining and expanding the (commercial) relationship with the Customer and the Entrepreneur (for example by offering other services to the Customer or offering an alternative product to an Entrepreneur);
   9. the performance of market research;
   10. the conversion of the Personal Data into statistical data, the result of which can no longer be traced back to persons;
   11. the execution of applicable laws or regulations concerning the Processing of Personal Data;
   12. any other purposes as specifically described when collecting the information.

Article 8: Secrecy and transfer of Personal Data to third parties

1. The Parties shall ensure that everyone, including employees, representatives and/or any Processors, involved in the Processing of the Personal Data, shall keep this data confidential. Fundion shall ensure that a confidentiality agreement or clause has been concluded for everyone involved in the Processing of the Personal Data.
2. The obligation of confidentiality referred to in paragraph 1 does not apply insofar as the Customer has explicitly consented to the provision of the Personal Data to a third party, if the provision of this Personal Data to a third party results from the nature of the purposes as set out in article 5 or if there is a legal obligation or a court ruling to provide the Personal Data to a third party.
3. Within the framework of the execution of the Service, Fundion is authorized to provide the Personal Data to the following categories of parties:
   • Processors, such as the software supplier (Topicus.Finance B.V.) or a hosting party engaged by Fundion;
   • Credit registration agencies (such as Graydon, Focum and BKR);
   • Know your customer (KYC) service providers (such as Lexus Nexus)
   • Wwft testing agencies (such as Graydon); and
   • Funders.
4. If Fundion proceeds to provide the Personal Data to categories of parties other than those referred to in paragraph 3, Fundion will inform the Client separately.

Article 9: Modification of Personal Data, rights of Data Subjects and cooperation

1. Customer can view the Personal Data of the Entrepreneurs within Fyndoo.
2. To view the Personal Data stored and not directly accessible through the Service, the Customer can contact Fundion, unless Fundion is not obliged to provide this access under the GTC.
3. If the Personal Data processed by Fundion are factually incorrect or incomplete or irrelevant for the purposes for which Fundion processes the Personal Data, the Client may request Fundion to correct, supplement, delete or block the Personal Data. Such requests will be handled in accordance with the applicable laws and regulations in the area of Personal Data (including the GTC, the GTC Implementing Act and the Wft).
4. A complaint or request from an Entrepreneur or Financier regarding the Processing of his Personal Data will be handled by Fundion in consultation with the Client.
5. Parties will cooperate with each other – as far as reasonably possible and necessary:
   1. to comply within the statutory deadlines with the obligations under the applicable laws and regulations in the field of personal data (including the GCA, the GSA and the Wft), more specifically the information obligation towards and the rights of the Data Subjects, such as a request to inspect, correct, supplement, destroy or block their Personal Data;
   2. in the context of controls or audits;
   3. in carrying out the Data Protection Impact Assessment (DPIA) and a subsequent consultation of the Personal Data Authority;
   4. in responding to requests from the Authority Personal Data or any other public authority;
   5. in the preparation, assessment and reporting of Data Leaks.

Article 10: Retention period and destruction

1. The Personal Data will not be stored longer than necessary for the purposes as described in Article 5. Personal data that Fundion is required by applicable (tax) laws and regulations to keep longer will not be stored for more than 7 years after termination of the Agreement.
2. Upon termination of the Agreement, the arrangements set forth in Article 8 of the Agreement with respect to the return and deletion of the Personal Data will apply.
3. The information related to the Customer and/or Entrepreneurs and derived from the use of the Service will only be stored for longer than the period referred to in paragraph 1, in a form that no longer makes it possible to identify the Complainant.

Article 11: Security and control

1. Fundion and its suppliers take various technical and organizational measures (including encryption, passwords, physical security) to protect and protect Personal Data against unauthorized or unlawful processing and against accidental loss, destruction or civilization.
2. All Personal Data is stored on multiple servers in secure data centers which are monitored and monitored 24 hours, 7 days a week.
3. The Service is secured with an encrypted connection (SSL – shown by the lock symbol in the browser) to guarantee the security between the computer of the Client and the servers of (the suppliers of) Fundion.
4. The measures referred to in the preceding paragraphs guarantee, taking into account the state of the art and the costs of implementation, an appropriate level of security in view of the risks involved in the Processing and the nature of the Personal Data to be protected. The measures are also aimed at preventing unnecessary collection and further Processing of Personal Data. The Personal Data will not be transferred outside the European Economic Area.
5. The security of the Personal Data is regularly tested by prominent external parties and according to internationally recognized test procedures.

Article 12: Exchange of Information and Data Leaks

1. Parties will inform each other about facts that they can reasonably expect to have an effect on the Processing of Personal Data by the other Party. If a change occurs in the Service that affects the Processing and/or security of the Personal Data, Fundion will inform the Customer immediately.
2. Parties will inform each other as soon as possible of each Data Leak. Parties will immediately to the best of their ability take all reasonable measures necessary to secure Personal Data, restore security and prevent further unauthorized access, modification and disclosure of the Personal Data. Parties will take these measures at their own expense, unless it appears that the Data Leak can be attributed to one of the Parties in which case the costs will be borne by that Party. In such cases, the Parties will cooperate upon request in informing the competent authorities and the Parties concerned.
3. Insofar as a Party is required to inform the Parties concerned about one or more Data Leaks as referred to in the previous paragraphs, the Parties will provide each other with all necessary cooperation. Parties are entitled to charge each other for any reasonable costs involved, depending on who can be considered responsible for the Data Leak.

Article 13: Cookies

1. The Fundion website uses cookies. A cookie is a small text file that is sent along with a page of the website and is stored on the hard disk of your computer, tablet or phone via your browser. This allows us, among other things, to combine various page requests from the website and analyse the behaviour of users.
2. We use functional cookies to remember your chosen settings and entered data so that your use of the website on your next visit is facilitated.
3. The Fundion website uses Google Analytics, a service provided by Google Inc. Google Analytics is a web analysis service that uses cookies to analyse how you use the website. The cookies are used to store visitor information, such as the time when the visit to the website took place, whether the visitor has visited the site before and through which site the visitor has ended up on the web page. Google can provide this information to third parties if Google is legally obliged to do so, or insofar as third parties process the information on behalf of Google.
4. The information generated about your use of the website will be transmitted to servers in the United States and stored there by Google. We use the option to anonymise the IP address, i.e. your IP address will be shortened by Google. This makes tracking on an individual level technically impossible.
5. More information about Google Analytics can be found here and here.

Article 14: Third party websites

1. Our website includes buttons to share, ‘like’ or promote web pages on social networks such as Facebook, LinkedIn and Twitter. These buttons work by means of pieces of code that originate from the social media providers themselves. Cookies are placed by means of this code.
2. This Statement does not apply to websites of third parties that are linked to this website. For the conditions of use and the privacy and cookie policy of third parties, we refer you to the websites concerned.
3. Fundion is not responsible or liable for the way in which these third parties handle your (personal) data.

Article 15: Refusing and deleting cookies

1. You can decide for yourself whether you want to accept or refuse cookies or whether you want your browser to notify you when a cookie is being placed. To do this, you need to adjust the settings in your browser.
2. You always have the option to delete cookies already placed on the hard disk of your computer, tablet or phone.
3. In addition to refusing cookies via your browser, you can also install the Google Analytics Opt-out Add-on in your browser. This prevents Google Analytics from collecting information about your website visits.

Article 16: Amendment of the Privacy Policy

1. Fundion is at all times entitled to unilaterally change and/or supplement the Privacy Policy made available to the Client when registering for the Service. The most recent version will be available in the customer environment of Customer in Fyndoo. Changes will also be brought to the attention during the use of the Service and Customer will be given the opportunity to download the new version of the Privacy Policy.
2. . If the use of the Service is continued after this Privacy Policy has been amended or supplemented, these will be deemed to have been accepted by the Customer, unless the Customer has objected to this within seven days of the notification. If the Customer does not agree with the amended or supplemented Privacy Regulations, it is entitled to terminate the use of the Service with immediate effect.
3. Parties are entitled to renegotiate the amendment of these Privacy Policy if this is necessary as a result of changes in the Processed Personal Data, the applicable security requirements and/or an amendment is necessary for compliance with the applicable laws and regulations.
4. This Privacy Policy was last amended on 12 December 2018.

Article 17: Supervision

1. Fundion uses the services of a privacy officer. The privacy officer supervises compliance with the privacy legislation and advises Fundion on the privacy legislation. For requests regarding the exercise of any of the above rights, please contact Fundion by e-mail at info@fundion.nl.
2. Pursuant to the privacy laws and regulations, you can also submit complaints to the national supervisory authority, the Personal Data Authority. You can find the contact details on the website of the Personal Data Authority (www.autoriteitpersoonsgegevens.nl).

Final provision
This Privacy Policy has been approved by the management of Fundion and is effective as of 12 December 2018.