Customer Data Policy.

October is a lending platform for SMEs. It is subject to professional secrecy. October ensures the security and confidentiality of the information entrusted to it.

The new EU General Data Protection Regulation (GDPR) became effective on May 25th 2018. We have taken this as an opportunity to update our privacy policy (the “Policy” from now on), which describes the measures implemented by October, as data controller, to ensure compliance with your personal data.

The Policy is an integral part of the Terms and Conditions (T&C), terms starting with capitalized letter have an identical definition to those in the T&C.

Whenever personal information is collected October strives to include a link to this Policy. We may change this policy. The current version is available on the Site and we will notify you of any changes through the Site or by any means.

Also discover our cookie usage policy here.

1. What data do we collect and process?

October collects several types of data through its various online services:

All this data is generally obtained directly from you, whether by telephone, chat or Internet. However, October may have to process data obtained from third parties, in particular in order to meet its regulatory obligations or with your consent in connection with the use of certain services.

The communication and processing of data requested by October is essential to the provision of October products and services and/or to comply with the legal and regulatory requirements to which October is subject. Apart from these cases, we do not collect any data without your prior consent.

Finally, we automatically collect certain information about your browser type and the connection hardware (computer, mobile device). This is used to administer our systems, fight fraud, maintain service quality and provide general usage statistics.

2. The purposes for which these data are processed

The processing of data carried out by October fulfills a purpose which is based on compliance with a legal or regulatory obligation, performance of a contract, consent for services allowing the synchronisation of external documents or the legitimate interest for commercial prospecting.

3. The recipients of your data

October may be required to provide certain data about you to public authorities when they request it, or as part of its regulatory or legal obligations.

October is likely to communicate your personal data to its technical service providers, partners, insurance brokers or legal entities of its Group whose involvement is necessary to achieve one of the aforementioned purposes.

4. Securing your data

We use SSL technologies to ensure the confidentiality of data passing through networks.

5. Time limit and retention of your data

To ensure the proper processing of financial transactions, your personal data must be kept and updated regularly throughout the term where you are party to a loan contract.

In order to meet legal and/or regulatory obligations and/or to respond to requests from authorities authorized to make the request, your personal data will be kept beyond the date of your last activity for a period of 5 years.

Finally, certain data may be kept and made anonymous for statistical purposes.

6. Your rights

In accordance with the General Data Protection Regulations act, you have the right to access, rectify, delete, limit processing, to the portability of your data and to define the fate of your data after your death. These rights may be exercised under the conditions and within the limits set by the regulations in force.

You may exercise your other rights and contact the October Data Protection Officer by sending an e-mail to the following address: [email protected].

All data likely to be recovered during the requests for information made through the website, will not be the object of any treatment or of any conservation by the company.

You have the right to register a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), the supervisory authority in charge of compliance with obligations regarding personal data.

Date of Application of this Policy: December 17, 2021