novashard

Privacy Policy

Last updated: 15th January 2026

1. Introduction

novashard SARL ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our online lending platform and services.

2. Data Controller Information

The data controller for your personal information is:

  • Company: novashard SARL
  • Registration Number: RCSB842563
  • Address: Avenue de la Porte-Neuve 125, 4976 Esch-sur-Alzette, Luxembourg
  • Email: [email protected]
  • Phone: +352 24289598

3. Data We Collect

We collect and process various types of personal data to provide our online lending services. The data we collect includes:

3.1 Personal Information

  • Name, address, and contact details
  • Date of birth and identification documents
  • Employment and income information
  • Financial information and credit history
  • Business information (for corporate clients)

3.2 Technical Information

  • IP address and device information
  • Browser type and version
  • Usage data and website interactions
  • Cookies and tracking technologies

4. How We Use Your Information

We use your personal data for specific purposes based on legitimate legal grounds. Here's how we use your information:

4.1 Service Provision

  • Processing loan applications and credit assessments
  • Providing customer support and account management
  • Communicating about your applications and services
  • Fraud prevention and security monitoring

4.2 Legal Compliance

  • Meeting regulatory requirements and obligations
  • Anti-money laundering and know-your-customer checks
  • Reporting to regulatory authorities when required
  • Maintaining records as required by law

4.3 Business Operations

  • Improving our services and platform functionality
  • Risk management and credit scoring
  • Analytics and business intelligence
  • Marketing communications (with your consent)

5. Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our cookie usage, please refer to our Cookie Policy.

6. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Contractual necessity: To perform our lending services
  • Legal obligation: To comply with regulatory requirements
  • Legitimate interests: For business operations and fraud prevention
  • Consent: For marketing communications and optional services

7. Data Sharing and Disclosure

We may share your personal information with:

  • Credit reference agencies and fraud prevention agencies
  • Regulatory authorities and government agencies
  • Professional advisers and service providers
  • Third-party processors acting on our behalf

We do not sell your personal data to third parties for marketing purposes.

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy and to comply with legal obligations. Typically, we retain data for:

  • Active customer data: For the duration of our relationship
  • Financial records: 7 years after account closure
  • Marketing data: Until you withdraw consent
  • Technical data: 2 years unless required longer for legal purposes

9. Your Rights

Under GDPR, you have several rights regarding your personal data:

  • Right of access: Request copies of your personal data
  • Right to rectification: Correct inaccurate personal data
  • Right to erasure: Request deletion of your personal data
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Transfer your data to another provider
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent for marketing communications

10. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place, including:

  • European Commission adequacy decisions
  • Standard contractual clauses
  • Binding corporate rules
  • Certification schemes

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and staff training
  • Incident response procedures

12. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

13. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Luxembourg National Commission for Data Protection (CNPD) or your local supervisory authority.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.

15. Contact Us

For any privacy-related enquiries or to exercise your rights under GDPR, please contact us using the contact information provided above. We aim to respond to all requests within 30 days of receipt.