Privacy Policy

As Remedi Teknoloji Anonim Şirketi, a corporation incorporated and validly operating in the Republic of Türkiye and having the registered address of Mustafa Kemal Mah. Dumlupınar Bul. No:266A İçkapı No:18 Çankaya/Ankara (hereinafter referred to as “Remedi”, the "Company", “we”, and through similar words such as “us”, “our”, etc.), we respect your privacy. We provide a website under the domain name of https://remedifinance.com (the "Website" or the “Platform”) which is an informative platform that introduces the Remedi to the users (each, a “User”, “you” or “your”) and provide access to PayLater service which is defined in more detail in the Terms of PayLater.

This Global Privacy Policy (the “Policy”) describes Remedi’s practises and policies with regards to use and process of personal information while operating the Website and providing the services thereunder (the “Service”). In this regard, this Policy describes the types of personal information we collect through the Website, how we use that information, our legal basis for doing so, with whom we share it, your rights and choices in this regard, and how you can contact us about our privacy practises. This Policy does not apply to third-party sites, products, or services, even if they link to our services or the Website, and you should consider privacy practises of those third-parties carefully.

Capitalised words not defined under this Policy shall be understood as described under our Terms of Use. (the “Terms”).

By accepting this Policy, you are familiaried yourself with this Policy, understood and are agreeing with the terms and practises described in this Policy (including new versions of the Policy when and as they come into effect), and the Terms, which governs this Policy and contains all disclaimers of warranties and limitation of liabilities. 

1. DEFINITIONS

Within the scope of this Policy, following terms shall have the meanings ascribed to them below: 

2. OVERVIEW

Remedi obtains personal information concerning you from various sources to provide the services and to manage the Website. 

a. The Website Users

If you access or visit our Website, we may collect your personal information. For example, we collect Personal Data when you contact us by e-mail or register for an account.

3. APPLICABILITY OF THE POLICY

Remedi PayLater Services

This Policy explains how we process your personal information when you connect with Remedi, engage with our team or use our Platform in any way. This Policy applies to the personal information collected during the course of our relationship with you, through your use of the Platform, or in relation to your registration, login, and usage of our Platform. 

Remedi has prepared separate special information texts (“Privacy Notice”) for employees, employee candidates, suppliers, psychotherapists, and managers. These Privacy Notices have been delivered or made available to each relevant group.

Where applicable, we indicate whether and why you must provide us with your personal information, as well as the consequences of failing to do so. If you do not provide personal information when requested, you may not be able to benefit from our Services if that information is necessary to provide you with the Service or if we are legally required to collect it.

You acknowledge that your ability to access and use the Service is conditioned upon the truthfulness of the information you provide regarding your age and other information relying upon this certification in order to interact with you and provide the Services.

This Policy does not apply to any other sites or apps that you visit before our Platform or any third-party sites that may be accessible through the Remedi Services including credit payment services and CPA services. Please read this Policy carefully so that you understand your rights in relation to personal information, and how we will process that personal information. 

This Policy encompasses the processing of personal information in connection with the utilisation of PayLater services facilitated by Remedi. When engaging with our PayLater services, we may collect and process additional financial data and transactional information in accordance with the requirements for providing the PayLater service.

We may collaborate with trusted third-party payment service providers to facilitate transactions, subject to the terms and conditions specified by the respective payment service providers. Any personal information collected during the course of PayLater transactions will be handled in accordance with the standards outlined in this Policy and any relevant regulations governing financial data privacy and security.

Please be advised that the utilisation of PayLater services is subject to the specific PayLater Terms governing the PayLater agreement, which will be presented and made available to you during the registration and transaction process. Kindly review the terms and conditions associated with the PayLater service to ensure a comprehensive understanding of the data handling practises and privacy measures specific to this service.

If you do not want us to share personal information or feel uncomfortable with the ways we use information in order to deliver our Services, please do not use the Platform and related Services.

Social Media Platforms

Our Platform use plug-ins from the social media platforms. When you access our Platform that contains a plug-in, your browser will create a direct link to the servers of the social media platforms. They may receive information about you, the fact that you have visited our website, your IP address and whether you have interacted with their plug-in at our website. These data will be stored with the social media companies in the countries where they are located, including in the USA. The social media companies will receive the information whether you are a user on their social media platform or not.

You can prevent the social media plug-ins from loading by using a script-blocker add-on, which you can download for your browser. We do not have any influence on the collection or processing of personal data that is carried out by social media platforms.

Third-Party Services

This Policy also does not apply to personal information that is processed when you access Third Party sites, products and services through our Platform. The collection of your information by these Third Parties is governed by the respective Third-Party Services’ privacy policies and terms. This Policy does not apply to Third-Party sites, products, or services, even if they link to our Services, and you should consider the privacy practises of those Third Parties carefully.

In instances where you opt to utilise financial services provided by third-party entities, please be aware that the processing of your personal and financial information is subject to the respective privacy policies and terms implemented by these external service providers. Remedi does not bear responsibility for the data handling practises or privacy measures employed by third-party financial service providers, and the use of such financial services is governed by the specific terms and conditions outlined in their respective privacy policies.

4. TYPES OF DATA WE COLLECT

a. Personal Data that We Collect from You

While using our Website, you may provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include but is not limited to first name and last name, e-mail address, and the Usage Data which will be defined in detail below. 

In particular, when you contact us via e-mail, we collect your name-surname, e-mail address, and any other information you choose to include in the body of your e-mail. 

You may also opt-in to submit information through other methods, including: 

• In response to your e-mail communications.
• Through our social media accounts or online forums.
• By filling out our Waitlist Form to be included into waitlist.

Communications and Interactions

We may collect information through your communications with our customer support unit or other communications that you may send us and their contents which may include email messages, text messages, phone calls that we exchange with you, interactive customer support chat sessions, body of contact messages, reviews, responses, survey answers, comments, feedback, and ratings.

b. Information that We Collect Automatically on the Website and the Services

Our Website uses cookies and other technologies to function effectively. These technologies record information about your usage of the Website, including:

• Browser and Device Data, such as IP address, Device type, internet browser type, screen resolution, operating system’s name and version, Device manufacturer and model, language, plug-ins, add-ons, brand, model, technical specification and operating system information of the Device used, and language version of the Website you are visiting;
• Usage Data, such as time spent on the Website, pages visited, links clicked, language preferences, Website usage time, communication preferences, approaches to in-platform notifications/campaigns, habits, behaviours, preferences, search activities, segments, cookie records, cookie and ad identifiers, Device ID, and the pages that led or referred you to our Website.
• Transactional Data: such as comprehensive details of payments made, encompassing the types of payment methods utilised, specific transaction dates, and transaction amounts.
• Account Information: such as data associated with your accounts, financial institutions, and any other relevant information crucial for the processing of payments and the effective management of financial transactions. 
• Billing Information: such as detailed invoice data, billing addresses, and any other information necessary for the issuance and systematic management of billing and payment records. 
• Financial History: such as the record of your payment history, transactional activities, and any other financial data essential for the complete understanding and management of your past interactions and transactions with Remedi and our partner clinics.
• Payment Preferences: such as preferred payment methods, any established recurring payment arrangements, and specific preferences or instructions concerning the financial aspects of the services provided by Remedi and our partner clinics.
• Third-party sources. We may combine personal information we receive from you with personal information that we obtain from other sources, such as such as public records and other websites. We may include hyperlinks to other websites either managed and owned by us or by a third party. In the event that, we receive your personal information via our other websites which you accessed via Remedi website, we may collect the personal information you shared with us.
• Treatment Preferences and Health Records and Reports Your treatment preferences are respected and prioritised to deliver healthcare solutions aligned with your specific needs; your health records and reports are securely managed to provide a comprehensive overview of your health status and treatment progress, guaranteeing the confidentiality and security of your health-related data.
• User Preferences. such as your user preferences and feedbacks regarding treatments and clinics to enable user-friendly healthcare experience that respects and incorporates your specific preferences and requirements.

c. Interest-based Advertising

When you visit our sites, both certain Third Parties and we collect information about your online activities over time and across different websites to provide you with advertising products and services tailored to your individual interests (this type of advertising is called “Interest-Based Advertising”). These Third Parties may place or recognise a unique cookie or other technology on your browser. Where required by applicable law, we will obtain your consent prior to processing your information for interest-based advertising.

Since we also participate in advertising networks, you may see our ads on other websites or mobile apps. Ad networks allow us to target our messaging to users based on a range of factors, including demographic data, users’ inferred interests, and browsing context (for example, the time and date of your visit to our Platform, the pages that you viewed, and the links that you clicked on). This technology also helps us track the effectiveness of our marketing efforts and understand if you have seen one of our advertisements.

We use Google Analytics, a web analysis service on the Platforms. In other words, when you visit our website, your browsing behaviour can be analysed statistically and especially by using cookies and analysis software. Your browsing behaviour is generally analysed anonymously, and it is not used for tracking. You can object to or avoid such an analysis by not using specific tools. 

To learn more about managing your privacy and storage settings and opting out from receiving Network Advertising Initiative member companies ‘cookies, please visit the Network Advertising Initiative’s opt-out page at here. If you wish to prevent your data from being used by Google Analytics, Google has developed the Google Analytics opt-out browser add-on available at here. If you opt-out from interest-based advertising, you may see advertising that is not relevant to you.

To learn more about managing your privacy and storage settings and opting out from receiving other Third Parties’ cookies, please see our “Exercising of Your UK Privacy Rights” section.

We do not guarantee that all of the Third Parties we work with will honour the elections you make using those options, but we strive to work with Third Parties that do.

We may also collect information about your online activities on the Website and connected Devices over time and across third-party sites, Devices, apps, and other online features and services. We use web log analysis software (Google Analytics etc.) on our Website to help us analyse your use of the Website and diagnose technical issues.

To learn more about the cookies that may be served through our Website and how you can control our use of cookies and third-party analytics, please see our Cookie Policy section.

5. HOW WE USE PERSONAL DATA

a. Our Services

We rely upon several legal grounds to ensure that our use of your Personal Data is compliant with applicable law. We use Personal Data to facilitate the contractual relationships we have with our User, comply with legal obligations, and to pursue our legitimate business interests. 

Contractual and pre-contractual business relationships. We use Personal Data to enter contractual relationships with prospective Users and to perform the contractual obligations under the contacts that we have with Users. Activities that we conduct in this context include:

• We use your email address to communicate with you to provide technical and customer support and to send you updates regarding your account and repayment. We may use your email address to send promotional and other information to you with your permission.
• If you sign-up to receive our marketing emails, we may also use your email address to display targeted advertisements to you on third-party social media platforms such as Facebook, Twitter, Google or LinkedIn and we may provide a hashed version of your email address or other information to the platform provider for such purposes.
• We use information about your device and your use of the Website to better understand who is using our Website and how, and to improve our Website.
• We use your IP address to provide you with appropriate content and to block access to the Website from locations where we do not provide access to our Website.
• We use your financial data to facilitate secure financial transactions, ensuring that repayments for healthcare services are processed accurately and efficiently, in compliance with all applicable financial regulations and standards.
• We utilise your financial data to ensure the secure and timely processing of repayments, enabling the management of your financial obligations related to the healthcare services provided by our partner clinics. 
• We use your profile data, including your medical history, treatment preferences, and health records, is used to personalise and tailor our healthcare services to meet your specific healthcare needs, ensuring that you receive effective and targeted healthcare solutions aligned with your individual requirements.
• We analyse and utilise your usage data and user preferences to continually enhance our service delivery, making necessary adjustments and improvements to provide you with a seamless and user-friendly healthcare experience that reflects your preferences and requirements.
• We use your feedback and correspondence to respond to your requests, feedback, or enquiries, and to continuously improve our products and services.

Legal and regulatory compliance. We use Personal Data to verify identity of our Users in order to comply with laws. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties and submit to third-party verification audits.

Legitimate business interests. We rely on our legitimate business interests to process certain Personal Data concerning you. The following list sets out the business purposes that we have identified as legitimate. In determining the content of this list, we balanced our interests against legitimate interests and rights of the individuals whose Personal Data we process. 

• Mitigating financial loss, claims, liabilities or other harm to Users and Company;
• Responding to enquiries, sending service notices, and providing support;
• Promoting, analysing, modifying and improving our products, systems, and tools, and developing new services;
• Managing, operating and improving performance of our Website by understanding their effectiveness and optimising our digital assets;
• Analysing and advertising our Website;
• Conducting aggregate analysis and developing business intelligence that enables us to operate, protect, make informed decisions, and report on the performance of our Website and the Service;
• Sharing Personal Data with Third-Party Service Providers that provide services on our behalf and business partners who help us to operate and improve our business; and
• Ensuring network and information security throughout the Website.

If we need to use your Personal Data in other ways, we will make a specific notice at the time of collection and we will get your consent if applicable law requires so.

b. Marketing and Events-related Communications

We may send you email marketing communications about Company, the Website, and our future apps and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with the consent requirements that are imposed by applicable laws. 

You can unsubscribe at any time by clicking the “unsubscribe” link included at the bottom of each email. Alternatively, you can opt-out of receiving email marketing communications by contacting us at the contact information provided in the “Contact Us” section below. However, your repayment obligation may remain stable in accordance with PayLater Terms and Payment Schedule.

c. Interest-based Advertising 

When you visit and use our Website, we collect information about your online activities over time and across different websites to provide you with advertising products and services tailored to your individual interests (this type of advertising is called “interest-based advertising”). These third parties may place or recognise a technology on your device. Where required by applicable law, we will obtain your consent prior to processing your information for interest-based advertising.

Since we also participate in advertising networks, you may see our ads on other websites or mobile apps. Ad networks allow us to target our messaging to users based on a range of factors, including demographic data, users’ inferred interests, and browsing context (for example, the time and date of your visit to our App, the pages that you viewed, the keywords that you searched and the links that you clicked). This technology also helps us track the effectiveness of our marketing efforts and understand if you have seen one of our advertisements.

We work with advertising networks (Google AdWords, Facebook, etc.). To learn how to opt-out from behavioural advertising delivered by Network Advertising Initiative member companies, please contact us at clinicsupport@remedifinance.com.You can also manage your privacy settings directly through your account on these third-party platforms, including to opt-out of such targeted advertising.

To learn how to opt-out from behavioural advertising delivered by Network Advertising Initiative member companies, please visit the Network Advertising Initiative and Digital Advertising Alliance. If you opt-out from interest-based advertising, you may see advertising that is not relevant to you.

d. Processing of Health Data

In order to assess and facilitate your treatment requirements, Remedi may collect specific health-related information, including details about your treatment preferences and expectations from healthcare services.

When processing Health Data, which falls under the category of Special Category of Personal Information, we adhere to the special conditions outlined in data protection laws. We rely on explicit consent, as per Article 9(2)(a) of the UK GDPR, which permits the processing of special categories of personal data, including health data, when explicit consent is provided by the data subject for specific purposes, subject to certain exceptions such as instances where processing is necessary for reasons of public interest in the field of public health.

Your Health Data is collected by Remedi and shared solely with contracted clinic partners. Under no circumstances will your Health Data be shared with any other third parties.

Withdrawal of consent:

You reserve the right to withdraw your consent for the processing of your Health Data by Remedi at any time, without providing a reason. Upon receipt of your withdrawal of consent, Remedi will cease processing your data for the stated purposes.

However, it is essential to note that, due to the nature of the healthcare services provided, Remedi and/or the clinic may be unable to continue providing services if explicit consent is withdrawn.

Your withdrawal of consent will not impact the legality of any processing conducted based on your consent before the withdrawal. Remedi will retain the information provided prior to the withdrawal of consent for the period stipulated by the applicable laws.

e. Personal Data Collected by Your Clinics

Your chosen clinic may directly collect personal data from you during the provision of healthcare services. Any personal data collected directly by the clinic remains solely under the control of the relevant clinic. Therefore, Remedi bears no responsibility regarding this personal data.

Your chosen clinic acts as the data controller for the personal data and special categories of personal data processed when you book a treatment, receive treatment, and communicate with the clinic.

Your treatment sessions and interactions with the clinic will not be disclosed in your records. Unless under exceptional circumstances, such as when there is an imminent threat to life or in case of illegal activities, the clinic is legally bound to maintain your confidentiality and refrain from sharing your information with external parties. Details of your treatment and communications with the clinic are strictly confidential and not documented.

6. HOW WE SHARE PERSONAL DATA

Remedi may share your Personal Data to (i) satisfy any applicable law, regulation, legal process, or governmental request; (ii) enforce this Policy and our Terms, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to your requests; or (v) protect our rights, property or safety, our Users and the public. 

We share Personal Data with a limited number of our Service Providers. We have Service Providers that provide services on our behalf, such as website hosting, information technology and related infrastructure. These Service Providers may need to access Personal Data to perform their services properly. We authorise such Service Providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such Service Providers to contractually commit to protecting security and confidentiality of the Personal Data they process on our behalf. Our Service Providers are predominantly located in the Republic of Türkiye, the European Union, the United Kingdom and the United States of America.

We will encourage our service partners to adopt and post transparent privacy policies. However, use of your personal information by our service partners is governed by their privacy policies and is not under our control. You acknowledge that we are not responsible for the violations caused by our service partners.

We share Personal Data with third-party business partners when this is necessary to provide our services to our Users. 

We share data with parties directly authorised by a User to receive Personal Data. The use of Personal Data by an authorised third party is subject to such third party’s privacy policy.

In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganisation, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share Personal Data with third parties for the purpose of facilitating and completing such transaction.

We share Personal Data as we believe necessary: (i) to comply with applicable law; (ii) to protect the rights, privacy, safety and property of Remedi, you or others; and (iii) to respond requests of the courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.

Employees and Authorised Contractors

Other relevant units within Remedi, including technical support, software team and authorised contractors may need to access information about you when they require this information to perform their job. For example, a customer support representative would need access to your account to validate your identity and respond to your question or request; our email communications team would need access to your contact information to ensure this information is sent correctly and any unsubscribe requests are properly managed; and our security staff would need to review information to investigate attempted denial of service attacks, fraudulent account activity, or other attempts to compromise the Services. All our employees and contractors are required to agree to maintain the confidentiality and protect the privacy of your information.

Transfer of Personal Data to a Third Country Where the Clinics is Resident 

Remedi may transfer or disclosure your personal data to your clinic in a the Republic of Türkiye. Such transfer is based on the requirement for the conclusion or performance of a contract concluded in the interest of you between Remedi and clinic in accordance with Article 49 (c) of UK GDPR.

Public Health and Safety 

We may share your medical information for certain situations such as reporting suspected abuse, neglect, or violence; or preventing or reducing a serious threat to anyone’s health or safety.

Client Organisations

Where your employer or an entity has purchased Services on your behalf, we may disclose information about you such as your name and email address, and some usage information including whether a user has logged in to the Service, frequency of login, time spent using the Services, and enrolment and analytics to assist your employer or the entity in managing its use and maximising the value of the Services.

Business Transfers

In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganisation, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share personal information with Third Parties for the purpose of facilitating and completing the transaction. If we do, we will inform such entities of the requirement to handle your information in accordance with this Privacy Policy or inform you that you are covered by a new privacy policy. You will have the opportunity to opt-out of any such transfer if the new entity’s planned processing of your information differs materially from that set forth in this Privacy Policy.

7. UK GDPR AND DPA PRIVACY

Your Rights and Choices Under the UK GDPR

Remedi undertakes to respect confidentiality of your Personal Data and to guarantee you can exercise your rights. In this regard, you have the following rights regarding our use and disclosure of your Personal Data, under this Privacy Policy and by law if you are within the United Kingdom:

Right of Access: You have the right to obtain confirmation from us as to whether or not Personal Data concerning you are processed, and, where that is the case, you have the right to request and get access to such Personal Data.

Right to Rectification: You have the right to request rectification by us of inaccurate Personal Data and you have the right to provide additional Personal Data to complete any incomplete Personal Data.

Right to Erasure (“Right to be Forgotten”): In certain cases, you have the right to request from us erasure of your Personal Data.

Right to Restriction of Process: You have the right to request from us restriction of process, for a certain period and/or for certain situations.

Right to Data Portability: You have the right to receive your Personal Data from us in a structured format and you have the right to (let) transmit such Personal Data to another Data Controller.

Right to Object: In certain cases, you have the right to object process of your Personal Data, including with regards to profiling. You have the right to object to further process of your Personal Data in so far as such data has been collected for direct marketing purposes.

Right to be Not Subject to Automated Individual Decision-Making: You have the right to not be subject to a decision based solely on automated processing.

Right to Filing Complaint: You have the right to file complaints with the applicable data protection authority on our process of your Personal Data.

Right to Compensation of Damages: In case we breach applicable legislation on process of your Personal Data, you have the right to claim damages from us for any damages such breach may cause to you.

Exercising Your Data Protection Rights arising from the UK GDPR 

You may exercise your rights of access, rectification, cancellation and opposition by simply contacting us. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond you as soon as possible.

You have the right to complain to a data protection authority about our process of your Personal Data. For more information, if you are in the European Economic Area (the “EEA”), please contact your local data protection authority in the EEA.

8. SECURITY AND RETENTION

We are making reasonable efforts to provide you with an appropriate level of security for the risks associated with process of your Personal Data. We take organisational, technical, and administrative measures designed to protect your Personal Data against unauthorised access, destruction, loss, alteration, or abuse. Your Personal Data may only be accessed by a limited number of personnel who need access to such information in order to perform their duties properly. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have a reason to believe that your interaction with us is no longer secure, please contact us immediately.

If you are a User of the Website, we retain your Personal Data as long as we are providing the services to you. We retain Personal Data after we cease providing services to you, to the extent necessary to comply with our legal and regulatory obligations. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data due to our contractual commitments to our financial and business partners. Where we retain data, we do so in accordance with any limitation periods and record retention obligations that are imposed by applicable laws.

9. YOUR COMMUNICATION CHOICES

Legal Communications and Service Announcements

By providing Remedi with your email address and/or using the Platform you affirmatively consent to use of your email address for legal and service notifications or Remedi to send you notifications through pop-ups and etc. regarding important service announcements and other legal and administrative communications related to your use of the Platform. We may send the following to you by email or posting them on the Platform; this Policy, our Terms, PayLater Terms, Cookie Notice, including legal disclosures; future changes to this Policy, Terms, and other notices, legal communications or disclosures and information related to the Services. Such communications are part of the Services which you cannot opt out of receiving. However, if you do not wish to receive certain service and other administrative and legal notifications, your only way to opt out of such messages is to stop using the Platform and/or (if any) delete your account on the Platform by emailing us at clinicsupport@remedifinance.com.

Promotional Communications

You may receive marketing and advertising communications (e.g., sending your blog posts, informing you of Service benefits and features, letting you know of new features or developments, letting you know of new subscription plans or add-ons, offering you promo codes or coupons, or presenting you with the opportunity to buy selected session package) about Remedi, Platform and Services, pursuant to your prior explicit and informed consent. To receive marketing and advertising communications from Remedi, you can contact our customer service, support assistant, or give your explicit consent in the applicable areas. Due to our global privacy practises, we provide our Users with the opportunity to “opt-in” and "opt out" of receiving marketing and advertising communications other than those for purposes directly related to your transactions with us and in general legal and administrative communications regarding your account.

If you prefer to opt-in to Promotional Communications, you may receive periodic promotions and other offers or materials that we believe might be of interest to you until you unsubscribe or opt-out. 

10. INTERNATIONAL DATA TRANSFERS

We are a global business. Personal Data may be stored and processed in any country where we have operations or where we engage Service Providers. We may transfer Personal Data that we maintain about you to recipients in countries other than the country in which the Personal Data was originally collected. Those countries may have data protection rules that are different from those of your country. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your Personal Data remains protected to the standards described in this Policy. In certain circumstances; courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Data.

11. USE BY MINORS

The services are not directed to individuals under the age of eighteen (18), and they shall not provide Personal Data through the Website or the Service. If you have a reason to believe that anyone under the age of 18 has provided us with any personal information, please contact us.

12. UPDATES TO THIS POLICY AND NOTIFICATIONS

We may change this Policy from time to time to reflect new services, changes in our Personal Data practises, or relevant laws. The “Last Updated Date” legend at the top of this Policy indicates when this Policy was last revised. Any changes are effective when we post the revised Policy on the Website. We may provide you with disclosures and alerts regarding the Policy or Personal Data collected by posting them on our Website and by contacting you through the e-mail address you provided (if any).

13. LINKS TO OTHER WEBSITES

The services may provide the ability to connect to other sites. These sites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you to review. If any linked website is not owned or controlled by us, we are not responsible for its content, any use of such website, or the privacy practises of the website’s operator.

14. JURISDICTION

Remedi focuses on multinational compliance regulations including but not limited to UK GDPR to make sure privacy is a “go-to” rather than a thing to be worried. You have the right to request further information on our personal data processing activities based on your country's laws. 

15. CONTACT US

For questions, please contact us at info@remedifinance.com. For complaints, please reach out to complaints@remedifinance.com.

You may send us your request on exercising your above-mentioned rights, together with documents providing your identity and the scope of your request through following channels:

• By sending an e-mail to info@remedifinance.com with or without a secured electronic signature; or
• Through delivery by hand, by notary, or by certified mail to the address of 2a The Quadrant, Epsom, Surrey, England, KT17 4RH.
• By calling us on 0791 532 2140

We are committed to answering your request as soon as possible, not more than 30 (thirty) days, and free of charge as long as there is no transaction cost.

16. CREDIT SERVICES — ADDITIONAL PRIVACY INFORMATION

This section applies to you if you have applied for or hold a Remedi Credit Plan. It supplements the rest of this Privacy Policy and should be read alongside it.

a. What additional information we collect for credit purposes

When you apply for a Remedi Credit Plan, we collect and process additional personal data beyond what is described above. This includes:

• your full name, date of birth, current UK address, time at address,monthly income and profession;
• your UK bank account details and payment history with us;
• data returned from identity verification checks; and
• device and browser information used to support fraud detection at the point of application.

b. Hard credit searches and Experian

When you submit an application for a Remedi Credit Plan, we carry out a hard credit search with Experian, one of the UK's primary Credit Reference Agencies (CRAs). A hard search allows us to check information held on your credit file without leaving a footprint that other lenders can see. Hard searches do affect your credit score.

We use the information returned by Experian to:

• verify your identity;
• assess your ability to repay a Remedi Credit Plan (affordability assessment); and
• detect and prevent fraud and financial crime.

Experian
Website: www.experian.co.uk
Tel: 0115 828 6738 (Monday – Friday, 9am – 5pm)
Credit Reference Agency Information Notice (CRAIN): www.experian.co.uk/legal/crain/

The CRAIN describes in detail how Experian collects, uses, and shares personal data in its role as a CRA. We encourage you to read it.

c. Manual review

In some cases, your application may be referred for a manual review by a member of our team rather than being decided solely by an automated process. This may happen where our automated systems are unable to reach a clear decision, or where we wish to verify specific information you have provided. You have the right to request human involvement in any automated decision that significantly affects you - please contact us using the details in Section 15 above.

d. Reporting to Credit Reference Agencies

Once a Remedi Credit Plan is active, we will report information about your account to Experian on an ongoing basis. The information we share includes:

• the amount of credit extended to you;
• your payment history, including on-time payments, late payments, and missed payments;
• the outstanding balance on your account; and
• the date your account was opened and, where applicable, closed or settled.

Late and missed payments will be recorded on your credit file and may negatively affect your credit score and your ability to obtain credit from other lenders in the future.

This information is held by Experian and may be accessed by other lenders when assessing future credit applications you make. It is retained on your credit file in accordance with Experian's own retention policies, as set out in their CRAIN.

e. Lawful bases for credit-related processing

The table below sets out the lawful bases under UK GDPR on which we process your personal data for credit-related purposes:

Purpose: Performing identity verification
Lawful Basis: Contract — necessary to enter into a Remedi Credit Plan with you

Purpose: Assessing affordability and creditworthiness
Lawful Basis: Legitimate interests — to lend responsibly and reduce the risk of financial harm to you and to us

Purpose: Carrying out a soft credit search with Experian
Lawful Basis: Legitimate interests — to assess creditworthiness at the application stage

Purpose: Detecting and preventing fraud
Lawful Basis: Legitimate interests — to protect our business and customers from financial crime

Purpose: Reporting account status to Experian
Lawful Basis: Legitimate interests — to maintain accurate credit records and support responsible lending

Purpose: Complying with anti-money laundering and other legal obligations
Lawful Basis: Legal obligation — we are required to carry out these checks by law

Purpose: Contacting you about missed payments or financial difficulty
Lawful Basis: Contract — to administer your Remedi Credit Plan and fulfil our obligations to you

Where we rely on legitimate interests, we have satisfied ourselves that our interests do not override your rights and interests. You may request further information about our legitimate interests assessments by contacting us at complaints@remedifinance.com.

f. Affordability and responsible lending

We process your personal data, including information returned from Experian and information you provide to us directly, to assess whether a Remedi Credit Plan is affordable for you. This is part of our commitment to responsible lending. If our assessment indicates that a Remedi Credit Plan may not be affordable for you, we may decline your application and will inform you that this is the case.

g. Fraud prevention

We use the information you provide and data returned from Experian and our identity verification provider to detect and prevent fraud. If fraud is detected or suspected, we may share relevant information with law enforcement agencies or other appropriate parties. Records relating to fraud prevention may be retained for up to six years.

h. How long we keep your credit data

Our general policy is that we will only retain your information for as long as we need it to do the relevant job, including to meet legal, accounting or reporting requirements. After that time your personal data will be erased (unless we have the statutory right or obligation to further keep this data).

For example, if you are a customer of Remedi, we will keep your information for the duration of the contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this notice. The criteria to determine the storage period are statutory and contractual requirements, the nature of our relationship with you, the nature of the data concerned, and technical necessities. Laws may require us to hold certain information for specific periods.

i. Your rights in relation to credit data

In addition to the rights described in Section 7 above, you have the following specific rights in relation to credit-related processing:

• Right to rectification: if any information we have shared with Experian is inaccurate, please contact us immediately so we can arrange a correction.
• Right to object: you may object to processing carried out on the basis of legitimate interests. We will consider your objection and respond within one month.
• Right not to be subject to solely automated decisions: if a significant decision about your application has been made solely by automated means, you have the right to request human review of that decision.

To exercise any of these rights, please contact us at support@remedifinance.com, write to us at 2a The Quadrant, Epsom, Surrey, England, KT17 4RH or call us on 0791 532 2140 

You also have the right to contact Experian directly to access, correct, or query information held on your credit file: Website: www.experian.co.uk | Tel: 0115 828 6738

If you remain unhappy with how we have handled your personal data, you have the right to complain to the Information Commissioner's Office (ICO):
Website: www.ico.org.uk | Tel: 0303 123 1113
Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would always welcome the opportunity to address your concerns directly before you escalate to the ICO, so please contact us first at support@remedifinance.com.

‍

‍