Bizcap Website Privacy Notice

Privacy Notice
Controller
Your Data Subject Rights
Processing of Personal Data on the Website
Processing of Personal Data of Customers

Privacy Notice

This privacy notice gives you information about how Bizcap S.a.r.l. (hereinafter referred to as: Bizcap) processes your personal data through your use of this website (under A.) and as a customer (under B.), including any data you may provide when you apply for a product and service, make ongoing payments, visit our website or contact us by phone and email.

This website and our services is intended for adults of 18 years or older. Should we become aware of a person under this age using the website, we will delete his or her data, unless we are required by law to retain said data.

Controller

Bizcap is the controller and responsible for your personal data (collectively referred to as "COMPANY", "we", "us" or "our " in this privacy notice). To reach us, please contact info@bizcap.eu

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact info@bizcap.eu

• Right of access (Art. 15 GDPR)
• Right to rectification of data (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
‍

Your Data Subject Rights

A key aspect of data protection includes comprehensive regulations regarding the rights of data subjects. While some rights, such as the right to information, directly impose obligations on the data-processing entity, other rights must be asserted through a request.

The following data subjects rights apply:

Please note that these rights are not absolute and apply only if the legal requirements are met. For example, we may have to reject a request for to erase if we are legally required to retain the affected data due to statutory retention obligations.
‍
If you have given us consent to process your data, you may withdraw it at any time without providing reasons. However, the withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal.
‍
Right to object (Art. 21 GDPR)
‍
If we process your data based on an overriding legitimate interest, you have the right to object to this processing at any time, provided there are reasons arising from your particular situation. This also applies to profiling based on such a legitimate interest. If processing is based on an overriding legitimate interest, you can find this information in the processing-specific details in the second part of this privacy policy.
‍
If you object, we will no longer process your data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.
‍
However, if your objection relates to data processing for direct marketing purposes, you may object at any time and without providing reasons. In this case, we will immediately cease processing your data for these purposes. This also applies to profiling, insofar as it is related to direct marketing.

Right to Lodge a Complaint with a Supervisory Authority
‍
You have the right to lodge a complaint with a data protection supervisory authority at any time if you believe that the processing of your personal data violates the GDPR.

Processing of Personal Data on the Website

Accessing our Website
‍
When accessing our website, your internet browser automatically transmits information necessary for establishing a connection, displaying, and using the site as well as protection against brute force attacks. This includes data such as referrer information, details about the browser (type and version), and device (e.g., desktop or mobile device). Additionally, the visitor’s IP address is necessarily transmitted when a page is accessed. However, the IP address is immediately anonymized after transmission and processed without any personal reference.
‍
The data is collected by our web hosting provider and stored for 24 hours in anonymized form. The provider and host of the website is Webflow, Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter: Webflow). When you visit our website, Webflow collects various log files including your IP address. IP addresses are anonymized and afterwards stored for 24 hours. At the end of this period, the IP address is deleted.

The legal basis for processing is our legitimate interest in ensuring the security and stability of our website and providing visitors with the highest possible level of quality.

Contact

If you contact us via email or phone, the necessary data processing is based on our legitimate interest in facilitating easy communication. In certain cases, processing may also serve to carry out pre-contractual measures. We will process all necessary personal data provided to us.

The data received will be deleted once it is no longer necessary for achieving the underlying purpose, provided that the contact remains a simple inquiry. This is the case when the conversation has ended, and it is clear from the circumstances that the matter has been fully resolved.

If a contractual relationship arises, we are subject to statutory retention periods and will delete the data after six or ten years. For details, see the section on how we process personal data from our customers.

Apply for a Loan

You can find more information about the processing of your data when applying for a loan in the section on how we process personal data from our customers.

Social Media Presence

To present our business to a broad audience and engage with interested parties, we use various social media platforms. The associated data processing is based on our legitimate interest in these purposes. If processing occurs on the respective platform by us, it is subject to the applicable terms of use set by the platform provider.
‍
Further Information on Social Media Platforms:
‍
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
‍
If you are a member of LinkedIn, the platform may associate your visit to our profile's content and features with your LinkedIn user profile. For more information, please refer to LinkedIn's privacy policy:
‍
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

Meta (Facebook): Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
‍
If you are a member of Facebook, the platform may associate your visit to our profile's content and features with your Meta user profile. For more information, please refer to Meta’s privacy policy:
‍
https://www.facebook.com/about/privacy
‍
Instagram: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
‍
If you are a member of Instagram, the platform may associate your visit to our profile's content and features with your Meta user profile. For more information, please refer to Instagram’s privacy policy:
‍
https://help.instagram.com/155833707900388
‍
X (Twitter): Twitter International Unlimited Company; Fenian Street; Dublin 2, D02 AX07 Ireland
‍
If you are a member of X, the platform may associate your visit to our profile's content and features with your X user profile. For more information, please refer to X’s privacy policy:
‍
https://x.com/de/privacy

Like most websites, ours also relies on cookies and similar technologies. Cookies are small text files stored on your device that help websites function properly, enhance user experience, and analyze site usage. Some cookies are essential for website operation, while all others require user consent as they track preferences or support marketing efforts. If these are technically necessary for providing the website, explicit consent is not required and the legal basis is our legitimate interest in providing an operational website. However, if they are not strictly necessary, we request your consent upon your first visit to our website and provide information about their type and purpose.
‍
We are using the following types of cookies:
‍
Strictly necessary cookies
‍
These are cookies that are required for the operation of our website. These essential cookies are always enabled because our website won’t work properly without them. You can switch off these cookies in your browser settings, but you may then not be able to access all or parts of our website.
‍
Analytical or performance cookies
‍
These allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
‍
Functionality cookies
‍
These are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choices of language or region).
‍
Targeting cookies
‍
Targeting cookies (also known as marketing cookies) are cookies used to track user behavior across different websites. They enable advertisers to display personalized ads based on users' interests and online behavior. They do not store directly personal information but are based on the unique identification of your browser and device.
‍
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

You can usually adjust your browser settings to accept or reject cookies. Please be aware that disabling cookies may affect the functionality of certain areas of our website. Depending on your browser provider, you can find the necessary information at the following links:
‍
Google Chrome: https://support.google.com/chrome/answer/95647
‍
Firefox: https://support.mozilla.org/de/kb/Cookies-blockieren
‍
Safari: https://support.apple.com/guide/safari/sfri11471/mac
‍
Edge: https://support.microsoft.com/de-de/windows/verwalten-von-cookies-in-microsoft-edge-anzeigen-zulassen-blockieren-l%C3%B6schen-und-verwenden-168dab11-0753-043d-7c16-ede5947fc64d

To manage our cookies and give you full control, we use a Cookie-Consent-Management-Tool. There, you can change your preferences or withdraw your consent for non-essential cookies.

International Data Transfers

To be able to provide you with the services on our website, your data may be transferred to countries within and outside the EU or the European Economic Area (EEA), including Australia, the United States, and the United Kingdom.
‍
For some of these countries, the European Commission has determined an adequate level of data protection through an adequacy decision (e.g., United Kingdom). For transfers that are not based on such a decision, we ensure an appropriate level of data protection through suitable safeguards, primarily EU Standard Contractual Clauses (SCCs), supplemented by additional measures where necessary.
‍
The provider hosting the website (Webflow), is certified under the EU-U.S. Data Privacy Framework.
‍
For more information about these safeguards, please contact us.

Automated Decision-Making, Including Profiling

‍For the use of our website, we do not carry out any form of automated decision-making, including profiling, as defined in Article 22 GDPR.

Miscellaneous

Provision of Personal Data
‍
In principle, you are not obliged to provide us with your personal data on our website. However, if you choose to use specific functions, this is sometimes only possible if we receive the necessary data from you.
‍
Third-party Links
‍
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Processing of Personal Data of Customers

Purposes of Processing, Types of Processed Data, and Legal Basis

We process personal data for the following purposes and based on the legal basis specified:

Contract Initiation

‍During the contract initiation process, we process personal data provided by loan applicants or intermediaries. The processing serves to assess general creditworthiness and determine whether a loan can be granted. This includes processing identity and contact details, financial situation information, and company data. The legal basis for this processing are Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in a well-founded credit assessment and assisting the lending entity).

Creditworthiness and Credit Rating Assessment
‍
To make a credit decision, we assess the creditworthiness of the applicant and any guarantors. External credit agencies such as Schufa, Creditreform, Experian, or CreditSafe are used to obtain information on past financial history, existing liabilities, and potential payment defaults. Additionally, we conduct internal risk assessments based on the information provided to us.
‍
For this purpose, we transmit personal data to credit agencies to obtain credit information. This includes name, address, date of birth, and financial and business information necessary for assessing creditworthiness. The obtained credit data is incorporated into our lending decision.
‍
This processing is based on Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in risk assessment and assisting the lending entity).

Contract Execution and Performance
‍
After a loan contract is executed, we process personal data to fulfill contractual rights and obligations. This includes managing the loan account, processing payments, collecting receivables, accessing your bank balances and accounts receivables, and maintaining ongoing communication with our customers including borrowers and guarantors. We also document all relevant contract transactions to ensure transparent and legally compliant processing. This processing is based on Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in assisting lending entity).

Compliance with Legal Obligations
‍
We are legally required to store and disclose certain data. This particularly concerns compliance with commercial and tax law, which requires processing identity and contact details, financial situation information, and company data. Additionally, we conduct checks in accordance with anti-money laundering regulations. This processing is based on Art. 6(1)(c) GDPR (legal obligation) and applicable local and European laws.

Customer Support and Communication
‍
As part of the business relationship, we communicate with our customers and guarantors to respond to inquiries, provide information, or process complaints. This also includes notifying them of changes to contract terms or privacy policies. The legal basis for this processing is Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in efficient customer service).

Reporting Payment Defaults to Credit Agencies
‍
If a borrower or guarantor fails to meet their payment obligations, we reserve the right to report the relevant information to credit agencies. This includes information on outstanding claims, the date of payment default, and collection or legal enforcement actions. This data is incorporated into future credit assessments of the affected individual or company and may impact their creditworthiness.
‍
The processing and transmission of this data are based on Art. 6(1)(f) GDPR (legitimate interest in safeguarding our economic interests and protecting against payment defaults).

Assertion, Exercise, or Defense of Legal Claims
‍
We process personal data to protect our legal interests, particularly in asserting, enforcing, or defending claims in contractual or legal disputes. This includes enforcing payment claims, defending against unjustified claims, and legal proceedings.
‍
Processing may also be required if a governmental or judicial order necessitates it or if we must comply with legal reviews and inquiries. Relevant data includes contract and transaction data, correspondence, payment obligations, and, where applicable, creditworthiness information.
‍
This processing is based on Art. 6(1)(f) GDPR (legitimate interest in asserting and defending legal claims) and Art. 6(1)(c) GDPR, where there is a legal obligation to provide or retain data.

Recording of Phone Calls
‍
To enhance service quality, document communications, protect against fraud, and for employee training purposes, we record phone calls with customers and potential customers. Recording occurs only with your explicit consent, which is requested at the beginning of each call. You have the right to refuse recording or withdraw your consent at any time without affecting your relationship with us. The legal basis for recording these calls is your consent according to Art. 6(1)(a) GDPR.
‍
Recordings are stored for as long as necessary to fulfill the stated purposes, typically for a maximum of six months. Recordings may be retained longer if required for fraud prevention, legal claims, or compliance with legal obligations.

Marketing and Advertising
‍
We process personal data of existing customers and interested parties for direct marketing purposes via email, phone, and mail, providing relevant information about similar products, services, and special offers. For email marketing, we rely on the "soft opt-in" principle, allowing us to send promotional emails without explicit prior consent to existing customers or individuals who have previously shown interest in our loan products or services. This processing is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR.
‍
Additionally, we may transfer your contact details and marketing preferences to third-party providers, including advertising networks, data analytics services, and affiliated companies within our corporate group, for their own marketing purposes, provided you have given explicit consent under Art. 6(1)(a) GDPR.
‍
You have the right to object to receiving marketing communications at any time or withdraw previously given consent by clicking the unsubscribe link provided in each email or by contacting us directly.
‍
Your personal data used for marketing purposes will be retained until you object, withdraw consent, or the underlying customer or interested party relationship ends. Afterward, the data will be deleted or anonymized according to applicable legal requirements

Sources of Personal Data
‍
We collect personal data from the following sources:

•
•
•
•

Directly from the customer or guarantor (e.g., via application forms, emails)
Credit agencies (e.g., Schufa, Creditreform, Experian, CreditSafe)
Public registers (e.g., commercial register, land register)
Business partners and intermediaries

Providing personal data is generally not mandatory. However, entering into a contractual relationship with us is only possible if we can process the required personal data.

Recipients of Personal Data
‍
Personal data may be disclosed to the following recipients:

3.1.

Corporate Affiliates and Data Transfer to Third Countries

Bizcap is part of a corporate group with affiliated companies in the United Kingdom, the USA, Australia, and other countries. To (i) evaluate potential borrowers, (ii) approve loans, (iii) restructure loans; or (iv) amend terms of agreements with our customers, we transfer personal data to these companies, which are independently responsible for processing:

•
•
•

Bizcap Ltd. (United Kingdom)
Newco Capital Group LLC (United States of America)
Bizcap Australia Pty Ltd. (Australia)

Transfers are based on the following data protection mechanisms:

•

•

•

United Kingdom: The European Commission has recognized the UK as a country with an adequate level of data protection (Adequacy Decision under Art. 45 GDPR). Additionally, EU Standard Contractual Clauses under Art. 46(2)(c) GDPR have been implemented in case the Adequacy Decision becomes invalid.
USA: Transfers are based on EU Standard Contractual Clauses under Art. 46(2)(c) GDPR, supplemented by additional security measures.
Australia: Transfers are also based on EU Standard Contractual Clauses under Art. 46(2), supplemented by additional security measures.

These companies are solely responsible for processing transferred data.
‍
In addition, your data is transferred to Bizcap S.a.r.l., 18, Rue du Village L - 6240 Graulinster, Luxembourg, which acts solely as the funding entity and contractual partner for loan agreements. Bizcap S.a.r.l. processes only the personal data necessary for the conclusion and execution of loan agreements, based on Art. 6(1)(b) GDPR and for legal obligations based on Art. 6(1)(c) GDPR and applicable local and European laws. This data will be retained for the duration of the contractual relationship and in accordance with applicable statutory retention obligations. Once these periods have expired, the data will be deleted or anonymized in compliance with legal requirements. All other data processing activities, including credit assessments, customer relationship management, and direct marketing, are carried out by Bizcap EU S.a.r.l., acting as an independent controller.
‍
Contact details, data subject rights and the right to lodge a complaint with a supervisory authority are identical to those set out in this privacy notice.

3.2.

External Recipients and Data Transfer to Third Countries

•
•
•
•
•

•

Credit agencies for credit assessment and reporting payment defaults
IT service providers for technical infrastructure
Legal and tax advisors for legal compliance and legal consultation
Collection and legal service providers for enforcing outstanding claims
External third parties for marketing purposes (advertising networks, data analytics services, business partners) with prior consent
Courts, authorities, and enforcement bodies as required by law or for legal claims

To be able to provide you with our services, your data may be transferred to countries within and outside the EU or the European Economic Area (EEA). For some of these countries, the European Commission has determined an adequate level of data protection through an adequacy decision. For transfers that are not based on such a decision, we ensure an appropriate level of data protection through suitable safeguards, primarily EU Standard Contractual Clauses (SCCs), supplemented by additional measures where necessary. For more information about the transfer and safeguards, please contact us.

Retention Period
‍
If the retention period is not stated with the respected processing activity, the following applies:

We store personal data only as long as necessary for the respective processing purposes and as required by legal or contractual retention obligations. The retention period is determined primarily by legal requirements, such as commercial and tax law, as well as by the necessity of asserting, exercising, or defending legal claims.
‍
Once the data is no longer required for the specified purposes, it will be deleted or—if deletion is not possible—blocked or anonymized.
‍
Examples of typical retention periods:
‍
Credit-related data is generally stored for up to 7 years after contract termination.
‍
Commercial and tax-related data are subject to legal retention periods of 6 to 10 years.

Credit assessment data and reports on payment defaults are stored and deleted in accordance with the respective credit agencies’ regulations.

Automated Decision-Making, Including Profiling
‍
In the context of credit assessment, we use automated decision-making processes, including profiling, to evaluate the creditworthiness of potential borrowers or guarantors. This involves calculating the probability of payment default based on mathematical-statistical models (scoring). The decision to grant credit may be made fully automatically based on this score.
‍
The logic of the scoring process considers various data points (such as financial information, credit history, payment behavior) and calculates a probability value used to make lending decisions. If such an automated decision has legal or similarly significant effects on you, you have the right to request human intervention, express your point of view, and contest the decision. You can exercise these rights by contacting us.
‍
‍

Privacy Policy Updates

We may revise this Privacy Policy occasionally. Any updates will be published on this page. We recommend checking this page regularly to stay informed about any changes.

Last updated: April 1, 2025

Small business loans, approved in as little as two days, funding in three days

Useful Links

Get in Touch