Privacy Policy

Last updated on: March 24, 2021

1. Who We Are

Verge Capital Limited (“Finclude”, “We”, “us”, “our” or “Company”) Registered in Ireland No. 630528. Registered Office: 2 Ballymount Road Upper, Dublin 24, D24 XW40, Ireland, trading as finclude. References to “You” or “Your” is to the individual applicant who wishes to utilise the software services/platform of the Company (the “Services”) to facilitate the provision of financial performance data and metrics by the Company to the relevant credit institution or other client (the “Finclude Clients”) in connection with Your application for any service and/or product of the relevant Finclude Client and from whom the Company and/or relevant Finclude Client shall collect and process the Personal Data required for these purposes.

2. How We Use Your Personal Information

This privacy policy (the “Privacy Policy”) explains how we will collect and use Your Personal Data. The Privacy Policy applies to our Business (as defined below) and our website https//, our APIs and our API store (collectively the “Website”) and to all Services offered by Finclude.

Finclude is committed to ensuring that Your privacy is protected and to Processing Your Personal Data in a fair, transparent and secure way. Finclude will take all reasonable commercial measures in ensuring Your information is protected and secured in accordance with all relevant laws and regulatory standards.

In this Privacy Policy, the term “Personal Data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, our possession, and includes Personal Data as described in Data Protection Legislation (as defined below).

In this Privacy Policy, the terms “Controller”, “Processor” and “Processing” shall have the meaning ascribed to those terms by GDPR (as defined below).

Please read the following carefully: Registering for an account on our Website, use of Your account or our Website or otherwise accepting the terms of this Privacy Policy indicates that You have reviewed this Privacy Policy and have agreed to be bound by it. If You do not agree to these terms You must leave our Website immediately. If You choose to accept this Privacy Policy, we will keep a record of Your acceptance in this regard.

We will handle Your Personal Data in accordance with Data Protection Legislation. “Data Protection Legislation” means the Data Protection Acts 1988 to 2018, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), and any other applicable law or regulation relating to the Processing of Personal Data and to privacy, including the E-Privacy Directive 2002/58/EC and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (“E-Privacy Regulations”), as such legislation shall be supplemented, amended, revised or replaced from time to time.

We are a Controller (as defined in Data Protection Legislation) in relation to any Personal Data which we collect from You through Your or any other user’s use of the Services. This Privacy Policy sets out the basis on which any such Personal Data will be processed by us. You may be a data subject (as defined in Data Protection Legislation) or You may be a Controller. When You are a Controller in respect of the Personal Data of other data subjects, then You must comply with all of Your Controller obligations under Data Protection Legislation. When You are a Controller, we and You act as independent Controllers, unless agreed otherwise.

3. Information We Gather From You or Finclude Clients

Before they provide services, products or financing to You, Finclude Clients shall collect and process Your Personal Data and will share it with Finclude to allow Finclude to undertake financial analysis so as to assess Your eligibility for postpaid and/or credit products (the “Business”). We may also collect Your Personal Data from you directly through the use of the Services.

The Personal Data collected from You or which we have received from Finclude Clients, may include information obtained directly from You, from Finclude Clients or from other sources, as set out in table 3.1 below (Sources of Personal Data/Requirements to Provide Personal Data). The Personal Data we hold about You may be used for any of the purposes set out in table 4.1 below (Purposes of Processing). Any Personal Data You provide to us will be held and processed by us at all times in accordance with Data Protection Legislation.

We endeavour to keep Your Personal Data accurate and up-to-date. As such, You must tell us about any changes to such information that You are aware of as soon as possible. You can change Your stated interests in respect of whether or not You wish to receive direct marketing from us by clicking ‘unsubscribe’ on any direct marketing electronic communication which You receive from us.

If You are aged 18 or under, please get Your parent/guardian’s permission before You provide Your Personal Data to us/use the Services.

3.1 Sources of Personal Data/Requirements to Provide Personal Data

Category of Personal Data Source Requirement Consequence of Failure to Provide
Contact Information
Financial Information
Identity Information
Tax Residency Information
You/Finclude Clients Statutory It would not be possible to complete an application for the requested product and/or service.
Employment Status Information You/Finclude Clients Contractual It would not be possible to complete an application for the requested product and/or service.
Financial Information
Credit Information
Identity Information
Tax Residency Information
Financial Institutions APIs Contractual It would not be possible to complete an application for the requested product and/or service.

We have explained in table 3.2 below the type of information included in each of the categories of Personal Data listed in table 3.1 above (Glossary of Categories of Personal Data).

3.2 Glossary of Categories of Personal Data

Category of Personal Data Included Information
Contact Information postal address, email address, telephone number(s)
Identity Information title, name, nationality, gender, age, date of birth, photograph, signature, electoral roll data, passport
Employment Status Information employed, self-employed, student, retired, other
Financial Information assets, liabilities, income and expenses
Credit Information credit history
Transactional Information deposits, withdrawals, and payment history of Your account(s) with Finclude or Finclude’s client
Tax Residency Information national insurance / social security number, foreign tax identification number(s), citizenship(s)

4. Why We Collect/Have Access to Your Information

We may collect information directly from You as necessary in the course of providing our Services. We may collect Your personal information while monitoring our technology tools and Services, including our Website and email communications sent to and from us. We gather information about You when You provide it to us, or interact with us directly.

We may use Your Personal Data on any one or more of the following legal bases: (i) to perform a contract with You; (ii) for our legitimate business purposes in providing the Services (in which case, our legitimate interests will not override Your fundamental privacy rights); (iii) where we have a legal or regulatory obligation to do so; and/or (iv) in limited circumstances, where You have given us Your express consent.

We have set out below, in a table format, a description of all the ways we plan to use Your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate. Where we wish to use Your Personal Data in any other way, we will ensure that we notify You and get Your consent first. You will be given the opportunity to withhold or withdraw Your consent for the use of Your Personal Data for purposes other than those listed in this Privacy Policy.

Note that we may process Your Personal Data for more than one legal basis depending on the specific purpose for which we are using Your Personal Data. Please contact us if You need details about the specific legal basis we are relying on to process Your Personal Data where more than one ground has been set out in the table below.

4.1 Purposes of Processing

Category of Personal Data Purpose for processing Lawful basis for processing
Contact Information Transactional Information
Identity Information
Tax Residency Information
Security Information
Employment Status Information
1. operating, maintaining and administering Your loan account(s) application(s) and/or our Business
2. providing You with the services and products You have requested
Performance of a contract/to take steps prior to entering into a contract
Contact Information
Financial Information
Transactional Information
Identity Information
Tax Residency Information
Security Information
Employment Status Information
1. internal reporting (for business operation purposes) and external reporting (for compliance with any relevant legal and/or regulatory obligations)
2. our confidential internal research and analysis so as to generate new assessment models and reports on countries/regions which may be offered to market research firms and financial institutions
3. compliance with any other legal and/or regulatory requirements including legitimate requests for information from law enforcement and/or regulatory bodies/agencies
4. general record keeping requirements as stipulated by relevant laws, regulations, and/or regulatory authorities including but not limited to the Central Bank of Ireland
5. developing the products and services we provide
6. carrying out public register and commercial databases searches
Legitimate interests
Legal obligations

We restrict access to Your Personal Data to employees/contractors who need to know that information in order to operate, develop, or improve our Services and/or Website (including in respect of the support of our software, and marketing/analytics). These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, civil litigation and/or criminal prosecution, if they fail to meet these obligations. We may also share Your Personal Data with our suppliers/service providers for the purpose of providing and improving the Service to you.

We may also use selected third parties to process Your Personal Data and provide services on our behalf and in some cases, we may need to transfer Your Personal Data to countries both within and outside the European Economic Area. By submitting Your Personal Data, you explicitly consent to this transfer, storing or processing.  Where we do this, we will ensure that adequate procedures and safeguards are put in place to protect Your Personal Data at all times in accordance with this Privacy Policy and anyone to whom we pass the information provides an adequate level of data protection in accordance with Data Protection Legislation.

If the Company becomes involved in a merger, acquisition, or any form of sale of some of all of its assets, Your Personal Data will not be transferred to any third party unless there are adequate safeguards in place with the recipient in respect of the security of Your Personal Data.

We will not disclose information about You to anyone else (other than agents or third parties performing any of the above activities/Services on our behalf) unless we are required by law to do so.

5. Retention of Personal Data

We will retain records in accordance with our retention policy and to comply with relevant laws and regulatory requirements. This includes retaining backups of our systems infrastructure for disaster recovery purposes. We will retain Your Personal Data, that You supply in the application form and elsewhere (including identification data, product data, email correspondence, and transactional information) on paper and on computer, and/or other electronic devices for a period of six years after the closing date of Your last application (unless you delete your account with us in which case Your Personal Data will be deleted) to comply with legal and regulatory obligations (including any possible fraud, financial crime and complaints investigations), to retain a reference and audit trail of any discussions, and to preserve a record of account history to facilitate a streamlined customer journey for any future new account applications. Finclude Clients and the external agencies they use (fraud prevention, credit reference and risk management agencies) may retain Your Personal Data for different periods of time, as covered by their own separate privacy notices.

6. Breach Reporting

We will notify serious data breaches in respect of Your Personal Data to the DPC without undue delay, and where feasible, not later than 72 hours after having become aware of same. If notification is not made after 72 hours, we will record a reasoned justification for the delay; however, it is not necessary to notify the DPC where the Personal Data breach is unlikely to result in a risk to the rights and freedoms of natural persons. A Personal Data breach in this context means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

We will keep a record of any data breaches, including their effects and the remedial action taken, and will notify You of any data breach affecting Your Personal Data (which poses a high risk to You) when we are required to do so under Data Protection Legislation. We will not be required to notify You of a data breach where:

  • we have implemented appropriate technical and organisational measures that render the Personal Data unintelligible to anyone not authorised to access it, such as encryption; or
  • we have taken subsequent measures which ensure that the high risk to data subjects is not likely to materialise; or
  • it would involve disproportionate effort, in which case we may make a public communication instead.

7. Cookies Policy

When You visit our Website, we will set essential cookies on Your device, but request Your consent to set non-essential cookies. You can find out more about how we use cookies in our Cookie Policy. Please note that we use Google Analytics which is a third-party web analysis service provided by Google Inc, and which uses performance cookies and targeting cookies. The information generated by these cookies about Your use of the Website (including Your IP address), will be transmitted to and stored by Google Inc on servers in the United States. Google will use the information collected for the purpose of evaluating Your use of our Website on our behalf, compiling reports on website activity and providing other services relating to activity and internet usage to us. Google will not associate Your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on Your browser as described above. Furthermore, You can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under This creates an opt-out cookie which prevents the further processing of Your Personal Data. For more information about Google Analytics cookies, please see Google’s help pages and privacy policy. If You prevent or disable these cookies, we cannot guarantee how the Website will perform for You.

8. Security Measures

We will take appropriate security measures to ensure that Your Personal Data is protected and secured in accordance with Data Protection Legislation. We will only disclose information about You to third party data processors who shall process Your Personal Data on our behalf. We may also disclose information about You to credit reference, fraud prevention, and risk management agencies, or if we are required by law or regulation to do so. We shall ensure that our data processors shall process Your Personal Data based on our instructions and have appropriate data security measures in place to protect the Personal Data and we will enter into a contract with all such third party data processors to reflect these requirements as set out in Article 28 of GDPR.

In some cases, we may need to transfer Your information to third parties overseas such as affiliate entities outside the European Economic Area. However, we will ensure that adequate procedures and safeguards such as the European Commission Model Contract Clauses, as an example, are in place to protect Your Personal Data at all times and that the affiliate and the third parties are contractually obligated to provide an adequate level of data protection in accordance with the EU data protection laws and regulations.

9. Third Party Websites

This Privacy Policy applies to websites and services that are owned and operated by the Company. We do not exercise control over the sites/applications that may be linked from the Services. These other sites/applications may place their own cookies or other files on Your computer, collect data or solicit personal information from You. You acknowledge the Services that we provide may enable or assist You to access the website content of, correspond with, and purchase products and services from, third parties via third-party websites and that You do so solely at Your own risk. We make no representation or commitment and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with, any such third-party website, or any transactions completed, and any contract entered into by You, with any such third party and the use by any such third-party of Your Personal Data.  We do not endorse or approve any third-party website nor the content of any of the third-party website made available via the Services. We encourage You to carefully familiarize Yourself with the terms of use and privacy policies applicable to any websites and/or services operated by third parties. Please be aware that we are not responsible for the privacy practices of any third parties.

10. Impacts of Processing

If we determine that You pose a fraud or financial crime risk (which may be based on information provided to us by a fraud prevention or risk management agency), we and/or Finclude’s client may refuse to provide the services You have requested, or we may stop providing Services to You. A record of any fraud or money laundering risk will be retained by us for so long as is permitted by law, and may result in others refusing to provide services, financing or employment to You.

If false or inaccurate information is provided and fraud is identified or suspected, we may pass information to financial and other organisations involved in fraud prevention to protect us and our customers from theft and fraud.

Law enforcement agencies may also access and use this information to detect, investigate and prevent crime. We may provide the law enforcement agencies with information about You or Your account which we consider relevant to assist with any investigation of criminal activity.

11. Where We May Use Your Information To Contact You

We may contact You:

  • for administration reasons related to the Services (e.g. to provide You with password reminders or to notify You that a particular service, activity or online content has been suspended for maintenance, or in response to a question that You ask us;
  • to provide You with information about our Service, activities or online content, including sending e-newsletters or similar correspondence and updates or responding to any contact You have made with us, e.g. on our Website, by email or via the ‘How To Contact Us’ facility referred to below; and
  • for direct marketing purposes.

12. Your Rights

As a data subject, You have the following rights under Data Protection Legislation and we, as Controller in respect of Your Personal Data, will comply with such rights in respect of Your Personal Data. These rights are explained in more detail below, but if You have any comments, concerns or complaints about our use of Your Personal Data, please contact us (see ‘Contact Us’ below). We will respond to any rights that You exercise within a month of receiving Your request, unless the request is particularly complex or cumbersome, in which case we will respond within three months (we will inform You within the first month if it will take longer than one month for us to respond). Where a response is required from us within a particular time period pursuant to Data Protection Legislation, we will respond within that time period.

12.1 The right to be informed

The right to be informed encompasses our obligation to provide ‘fair processing information’ through a privacy notice. It emphasises the need for transparency over how we use Personal Data.

12.2 The right of access

You have the right to access Your Personal Data and supplementary information. The right of access allows You to be aware of and verify the lawfulness of the processing of Your Personal Data. The right of access allows You to submit a Data Subject Access Requests (“DSAR”) for a copy of the Personal Data that we hold about You.

Requests for Your Personal Data must be made to us (see ‘Contact Us’ below) specifying what Personal Data You need access to, and a copy of such request may be kept by us for our legitimate purposes in managing the Services. To help us find the information easily, please give us as much information as possible about the type of information You would like to see. If, to comply with Your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person, if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person, if possible.

There are certain types of data which we are not obliged to disclose to You, which include Personal Data which records our intentions in relation to any negotiations with You where disclosure would be likely to prejudice those negotiations. We are also entitled to refuse a DSAR from You where (i) such request is manifestly unfounded or excessive, in particular because of its repetitive character (in this case, if we decide to provide You with the Personal Data requested, we may charge You a reasonable fee to account for administrative costs of doing so), or (ii) we are entitled to do so pursuant to Data Protection Legislation.

12.3 The right to rectification

GDPR gives You the right to have Personal Data rectified if it is inaccurate or incomplete free of charge. If You would like to do this, please:

  • email or write to us (see ‘Contact us’ below);
  • let us have enough information to identify You (e.g. name, registration details); and
  • let us know the information that is incorrect and what it should be replaced with.

If we are required to update Your Personal Data, we will inform recipients to whom that Personal Data have been disclosed (if any), unless this proves impossible or has a disproportionate effort.

It is Your responsibility that all of the Personal Data provided to us is accurate and complete. If any information You have given us changes, please let us know as soon as possible (see ‘Contact Us’ below).

12.4 The right to erasure

The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable You to request the deletion or removal of Personal Data where there is no compelling reason for its continued processing. The right to erasure does not provide an absolute ‘right to be forgotten’.

In accordance with Data Protection Legislation, You can ask us (please see ‘How To Contact Us’ below) to erase Your Personal Data where:

  • You do not believe that we need Your Personal Data in order to process it for the purposes set out in this Privacy Policy;
  • if You had given us consent to process Your Personal Data, You withdraw that consent and we cannot otherwise legally process Your Personal Data;
  • You object to our processing and we do not have any legal basis for continuing to process Your Personal Data;
  • Your Personal Data has been processed unlawfully or have not been erased when it should have been; or
  • the Personal Data have to be erased to comply with law.

We may continue to process Your Personal Data in certain circumstances in accordance with Data Protection Legislation (i.e. where we have a legal justification to continue to hold such Personal Data, such as it being within our legitimate business interest to do so to retain evidence of billing information etc.). Where You have requested the erasure of Your Personal Data, we will inform recipients to whom that Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort. We will also inform You about those recipients if You request it.

12.5 The right to restrict processing

You have the right to ‘block’ or suppress processing of Your Personal Data, which will make it restricted, and permit us to store the Personal Data, but not to further process it. We would retain just enough information about You to ensure that the restriction is respected in future. We will be required to restrict the processing of Your Personal Data temporarily in the following circumstances:

  • You do not think that Your Personal Data is accurate (but we may start processing again once we have checked and confirmed that it is accurate);
  • the processing is unlawful but You do not want us to erase Your Personal Data;
  • we no longer need the Personal Data for our processing; or
  • You have objected to processing because You believe that Your interests should override the basis upon which we process Your Personal Data.

If You exercise Your right to restrict us from processing Your Personal Data, we will continue to process the Personal Data if:

  • You consent to such processing;
  • the processing is necessary for the exercise or defence of legal claims;
  • the processing is necessary for the protection of the rights of other individuals or legal persons; or
  • the processing is necessary for public interest reasons.

We must inform You when we decide to lift a restriction on processing.

12.6 The right to data portability

The right to data portability allows You to obtain and reuse Your Personal Data for Your own purposes across different services. It allows You to move, copy or transfer Personal Data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The right to data portability only applies to Personal Data You provided to us, where the processing is based on Your consent or for the performance of a contract; and when processing is carried out by automated means.

12.7 The right to complain to the DPC

If You do not think that we have processed Your Personal Data in accordance with this Privacy Policy, please contact us in the first instance. If You are not satisfied, You can complain to the DPC or exercise any of Your other rights pursuant to Data Protection Legislation. Information about how to do this is available on the DPC website at

12.8 Right to ask us to stop contacting You with direct marketing

We have a legitimate interest to send You electronic communications in connection with the Services and related matters (which may include but shall not be limited to newsletters, announcement of new features etc. and which may also appear on social media platforms such as Facebook, LinkedIn, Twitter or Instagram.). We may also ask You for Your consent to send You direct marketing from time to time. You may be able to select Your preferences with respect to direct marketing when registering with us for the Servces. We may also ask You different questions for different services, including competitions. We may also ask You to complete surveys that we use for research purposes, although You do not have to respond to them.

You can ask us to stop contacting You for direct marketing purposes. If You would like to do this, please:

  • Click on ‘unsubscribe’ on an email (this will be instantaneous);
  • Send an email via ‘Contact Us’ below (this can take up to 5 working days).

We will provide You with information on action taken on a request to stop direct marketing – this may be in the form of a response email confirming that You have ‘unsubscribed’.

12.9 The right to object/withdrawal of consent

If You no longer consent to our processing of Your Personal Data (in respect of any matter referred to in this Privacy Policy as requiring Your consent), You may request that we cease such processing by contacting us via the ‘Contact Us’ facility referred to below. Please note that if You withdraw Your consent to such processing, it may not be possible for us to provide all/part of the Services to You.

12.10 The right in relation to automated decision making and profiling

You may ask us to ensure that, if we are evaluating you, we don’t base any decisions solely on an automated process and have any decision reviewed by a member of staff. These rights will not apply in all circumstances, for example where the decision is (i) authorised or required by law, (ii) necessary for the performance of a contract between You and us, or (ii) is based on your explicit consent. In all cases, we will endeavour that steps have been taken to safeguard Your interests.

13. Contact Us

For more information or to exercise Your Personal Data protection rights, please contact our Data Protection Officer with subject heading “Data Protection Queries”:

  1. By writing: Data Protection Officer Verge Capital Limited – Harcourt Centre, Harcourt Road, Dublin 2, D02 HW77, Ireland
  2. By calling: +353 (0) 1 477 3266
  3. By emailing: [email protected]