Privacy Policy

Effective Date: 03/05/2025
This privacy policy applies to all processing of personal data by Capital Grow BV, a Belgian investment company with its registered office at [insert full address], registered in the Crossroads Bank for Enterprises under number [insert company number]. Capital Grow provides short-term loans and credit to self-employed individuals, entrepreneurs, and SMEs, and acts as the data controller within the meaning of the General Data Protection Regulation (Regulation EU 2016/679, hereinafter “GDPR”).

The protection of personal data is essential to the trust between Capital Grow and its clients. We take all reasonable technical and organizational measures to ensure the security, integrity, and confidentiality of the personal data we process. By using our services or website, you agree to this policy.

Processing of Personal Data

Capital Grow processes only the personal data necessary for the execution of its business activities. This data may relate to natural persons acting in the capacity of self-employed individuals, directors, or representatives of a company, or to private individuals when, for example, they provide a personal guarantee.

The personal data we process includes, but is not limited to, your identity (such as name, first name, date of birth, and national identification number), contact information (such as address, telephone number, and email), and financial information (such as bank account number, payment behavior, creditworthiness, outstanding debts, and income data). We also process company-related data such as company number, legal form, VAT number, business history, and any involvement in legal proceedings.

This data may be provided by you directly, for instance via an application form, by phone, by email, or during a personal conversation. We may also collect data from external sources, including public registers such as the Crossroads Bank for Enterprises, Graydon, Trends Top, and other credit information agencies.

Purposes and Legal Basis for Processing

Capital Grow processes your personal data for the purpose of assessing, accepting, and monitoring credit applications, as well as for risk management, the execution of loan agreements, accounting, fraud and anti-money laundering compliance, and the fulfillment of legal obligations.

Processing is based on at least one of the following legal grounds: the necessity of processing for the performance of a contract or pre-contractual measures at your request, compliance with a legal obligation to which Capital Grow is subject (such as the anti-money laundering legislation of 18 September 2017), our legitimate interests (such as credit risk analysis and dispute management), or your explicit consent if required (e.g., for electronic direct marketing).

Sharing of Data with Third Parties

Capital Grow shares your personal data with third parties only to the extent necessary for the performance of our services or based on a legal obligation. Your data may be shared with external service providers such as lawyers, bailiffs, debt collection agencies, insurers, compliance advisors, IT service providers, and accountants, as well as with competent government authorities such as the tax authorities, the National Bank of Belgium, or the Financial Intelligence Processing Unit (CFI) for anti-money laundering purposes.

In all cases, Capital Grow enters into a data processing agreement with its processors, ensuring proper and secure handling of your data in accordance with Article 28 of the GDPR. Your data will not be transferred outside the European Economic Area unless necessary and subject to appropriate safeguards.

Data Retention Periods

Your personal data will not be retained longer than strictly necessary for the purposes for which it was collected. As a general rule, we retain your data for a maximum of ten (10) years after the end of the contractual relationship, mainly to comply with accounting, tax, and anti-money laundering obligations. In the event of a dispute, data may be retained longer until the claim expires or is settled.

Rights of Data Subjects

Under the GDPR, you have the right to access your personal data at any time free of charge, as well as the right to rectify it if it is incorrect or incomplete. In certain cases, you may request the erasure of your data (“right to be forgotten”) or restriction of processing. You may also object to the processing, particularly when it is based on a legitimate interest or for marketing purposes.

You also have the right to data portability, meaning you can obtain the personal data you have provided to us in a structured, commonly used, and machine-readable format, or request its transfer to another data controller.

To exercise any of these rights, you may send a written request to privacy@capitalgrow.be or a registered letter to our registered office. Your identity may be verified using a copy of your ID card to prevent abuse.

If you believe we are violating your rights or are processing your data unlawfully, you have the right to file a complaint with the Data Protection Authority (www.gegevensbeschermingsautoriteit.be).

Changes to this Privacy Policy

Capital Grow reserves the right to unilaterally amend this privacy policy if changes in legislation or our data processing practices require it. In such cases, a new version will be published on our website with the effective date. We recommend reviewing this policy regularly.

For questions about this policy, you can contact us at info@capitalgrow.be.