Privacy Policy

Introduction

Quixa S.L. ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, process, and protect your personal data when you use our services or visit our website.

Data Controller

Quixa S.L. acts as the data controller for the personal information we collect. Our registered office is located at Avenida de España 33, 28405 Madrid, Community of Madrid, Spain. Registration Number: B-66098123.

Data Collection

The data we collect includes personal information you provide when applying for our lending services, using our website, or contacting us. We may collect the following types of information:

• Personal identification information (name, address, date of birth, national ID)
• Contact details (email address, phone number, postal address)
• Financial information (income, employment details, bank account information)
• Credit history and credit score information
• Website usage data and technical information
• Communication records with our customer service team

How We Use Your Information

We use of your data is based on legitimate business interests and legal requirements for providing financial services. We use your information for the following purposes:

• Processing loan applications and making lending decisions
• Conducting credit checks and affordability assessments
• Managing existing loan accounts and customer relationships
• Complying with legal and regulatory requirements
• Preventing fraud and maintaining security
• Improving our services and website functionality
• Marketing our services (with your consent where required)

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For more detailed information, please see our Cookie Policy.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract performance: Processing necessary for loan agreements and services
• Legal obligation: Compliance with financial regulations and anti-money laundering laws
• Legitimate interests: Fraud prevention, risk assessment, and business operations
• Consent: Marketing communications and non-essential cookies

Data Sharing and Disclosure

We may share your personal information with:

• Credit reference agencies for credit checks and reporting
• Regulatory authorities when required by law
• Fraud prevention agencies and law enforcement
• Third-party service providers who assist with our operations
• Legal advisors and professional service providers

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy and comply with legal requirements. Generally, we keep customer data for up to 7 years after the end of our relationship, though some information may be retained longer for regulatory compliance. Data retention periods may vary based on the type of information and applicable legal requirements.

Your Rights

Under GDPR and Spanish data protection law, you have the following rights regarding your personal data:

• Right of access: Request copies of your personal data
• Right to rectification: Correct inaccurate or incomplete information
• Right to erasure: Request deletion of your data in certain circumstances
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a portable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for marketing or cookies

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption, secure data transmission, access controls, and regular security assessments.

International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). If we need to transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website and updating the "last updated" date.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us about data protection matters, please reach out to us:

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos - AEPD) or your local supervisory authority.