Privacy policy

  1. Who we are

Credilink - Intermediação de Crédito, Lda. (Credilink), NIPC 515700738, is a Portuguese company that operates in the financial sector, providing credit broker services through its website https://credilink.pt/.

Credilink is the Data Controller in accordance with Regulation (EU) 2016/679 (GDPR) and the complementary legislation on the protection of personal data in force in the countries in which it operates.

Credilink and its employees undertake to use your personal data only for the purposes communicated to them and always in a safe and responsible manner.

We want to explain to you how we use your information (your 'personal data') when you use our services or apply for a job.

If you have any questions about this Privacy Policy, please contact our Data Protection Officer (DPO) at dpo@credilink.pt.

Our website may contain links to third-party websites, including social networks. If you access other sites, we recommend that you read their privacy policies to find out how they treat your personal data.

 

  1. Personal Data

In this Privacy Policy, the term "Personal Data" means the set of information that relates to you and that allows us to identify you, directly or indirectly. Your personal data may include, for example, your name, your tax identification number, your telephone contact or email address and your interactions with us. We collect some of your personal data, for example, when you contact us.

We may also receive your personal data from other companies, particularly when they collect, process or store it as part of the service they provide to us.

 

  1. Personal data we process

 

3.1 When you contact us or use our credit broker services

  • What do we do?

 

We will process your personal data for the purpose of analyzing your application, on the legal basis of 'Pre-contractual due diligence at your request', in accordance with Article 6(1)(b) of the GDPR.

We do not make any automated decisions.

We will not share your personal information with third parties, unless it is necessary to obtain references or confirm your professional history. At the end of the application process, your personal information will be deleted immediately, regardless of the outcome.

As a credit broker, Credilink mediates between clients and financial institutions. Credilink's role is not to grant credit, but to present proposals and provide advice and support to clients. 

When you contact us, we will process your personal data to answer your questions, clarify and/or provide our services. 

You can contact us by telephone, e-mail or via our contact form ('credit simulator'), available on this website. If you do so, we will collect your name, telephone number, e-mail address and information related to your credit simulation (purpose, amount and term) so that you can be identified and we can provide accurate information tailored to your needs.

Our services are aimed at people aged 18 or over. 

In order to provide our services, in the context of granting credit to Credilink's partners, we will ask you to send us the necessary information and documentation.

Once this information and documentation has been received by Credilink, it will be shared with the partner financial institutions that will act as the Data Controller for the personal data:

  • verification of the identity of the client and other parties involved; 
  • analysis and presentation of the financing proposal, and the financial institution is obliged to assess the creditworthiness of the client prior to granting credit, which presupposes mandatory consultation of the Central Credit Register, as well as other databases. 

For more information on how each of these partners handles your personal data, you can consult their respective Privacy Policies or request more information directly from them. 

The up-to-date list of Credilink's partner financial institutions can be found at: https://credilink.pt/informacao-legal/

You can exercise your rights with the partners with whom Credilink has shared your personal data. If you wish to do so, you should address your request to the contact provided by the partner concerned. 

  • Where do we store the information and with whom do we share it?

Your information will be shared with the financial institutions we work with, an up-to-date list of which you can consult here: https://credilink.pt/informacao-legal/

Credilink may have to share your personal data with judicial or administrative authorities, as well as supervisory or regulatory bodies.

We process your personal data within the territory of the European Union / European Economic Area (EU/EEA). Any transfers of personal data outside the EU/EEA will always be carried out securely and lawfully, under the mechanisms permitted in Chapter V of the GDPR. 

We use service providers to create the infrastructure we need to carry out our business. Among the business solutions we contract for this purpose are the cloud and Microsoft applications. Microsoft is one of the commercial organizations participating in the EU-US Framework Agreement on the Protection of Personal Data, thus guaranteeing an adequate level of protection for personal data. To find out how this company handles your personal data, please consult its Privacy Policy.

Your personal data will be kept for the periods provided for by law or until the purposes of processing have been exhausted, whichever is applicable.

  • Legal grounds and automated decisions

When we process your personal data to answer your questions or clarify our services, we have our 'Legitimate Interest' in communicating with you and managing the business relationship with you as a legal basis, in accordance with Article 6, 1, f) of the GDPR. 

When we process your personal data in order to provide our services in the form of proposals and financial advice, in the context of granting credit to Credilink's partners, we will have your 'Consent' as our legal basis, in accordance with Article 6(1)(a) of the GDPR. The customer has the right to withdraw consent without this compromising the lawfulness of the processing carried out until then. However, you should bear in mind that the continued provision of our services may be compromised or made impossible, as may the completion of the credit granting process.

When we have to comply with certain legal requirements resulting from the legislation in force (e.g. mandatory communications to regulators or administrative authorities), we will have compliance with a 'Legal Obligation' as a legal basis for processing the relevant information, in accordance with Article 6, 1, c) of the GDPR.

At Credilink, we do not make any kind of decisions based on exclusively automated processing that could have significant effects on your legal sphere or your private life (e.g. decision not to grant credit, in the form of an immediate decision, when such a decision is obtained through exclusively automated means). However, you should consult the respective privacy policies of our partners for information on how decisions are made and what your rights are. An up-to-date list of Credilink's partner financial institutions can be found at https://credilink.pt/informacao-legal/.

3.2 When you take out life insurance

  • What do we do?

Most mortgage loans require the client to take out life insurance. 

Credilink is authorized by the Autoridade de Supervisão de Seguros e Fundos de Pensões (ASF) to act as an insurance agent. 

The Insurer will be responsible for processing your personal data. 

As Subcontractor, Credilink will have access to the personal data strictly necessary to be able to present you with an insurance proposal, provide you with information and assistance. You will fill in the form and send it directly to the insurer.

  • Where do we store the information and with whom do we share it?

Credilink does not store the personal data it has access to. Personal data will be shared directly with the Insurer, which will store it in its systems. You should consult the Insurer's Privacy Policy to find out how your personal data is processed. 

The insurance policy will be shared with the bank with which you will conclude the mortgage contract. 

  • Legal grounds and automated decisions

In order for us to have access to personal data in the context of pre-contractual steps with a view to concluding an insurance contract, we will have the legal basis of 'Pre-contractual steps at your request', in accordance with article 6, 1, b) of the GDPR.

We do not make any automated decisions.

3.3 Marketing communications

  • What do we do? 

Through our Newsletter, we share tips, news and opinions on matters related to credit and insurance.

If you are our client or contact us expressing an interest in our services, you may receive marketing communications by e-mail ('Newsletter') regarding services similar to those previously provided or in which you have expressed an interest. 

If you are not our client, or if you are, but the communications relate to services other than those previously provided or in which you have expressed an interest, we will only send these communications with your consent.

  • Where do we store the information and with whom do we share it? 

We use business solutions for information storage and communications management developed by service providers located in the EU/EEA.

We also use MailChimp, a CRM software, to manage our contacts and send our marketing communications ('Newsletters'). MailChimp is a brand of the company The Rocket Science Group LLC, which belongs to the Intuit Inc. group based in California, USA. Intuit, Inc. is one of the commercial organizations participating in the EU-US Framework Agreement on the Protection of Personal Data - stating that it covers MailChimp - thus guaranteeing an adequate level of protection for personal data. To find out how this company handles your personal data, please consult Intuit's Privacy Policy.

We will retain your information in our systems for as long as you are our client or have an interest in our services and do not object to the processing of your personal data for direct marketing purposes. You can opt out of receiving these communications at any time by clicking on the relevant button in the footer of our emails.  We will not share your personal information with other third parties.

  • Legal grounds and automated decisions

In order for us to process your personal data to send you our newsletters, if you are our client or have expressed an interest in our services and only for communications relating to services similar to those previously provided or in which you have expressed an interest, we will have our 'Legitimate Interest' in communicating and managing the commercial relationship with the client / potential client as a legal basis, in accordance with article 6, 1, f) of the GDPR. 

If you are not a client of ours, or if the communications relate to services other than those previously provided, we will rely on your 'Consent', in accordance with Article 6, 1, a) of the GDPR.

We do not make any automated decisions.

3.4 When you apply for a job

  • What do we do?

When you apply for one of our job vacancies or make a spontaneous application, we process your information in order to analyse whether your professional profile is suitable for the position and the organization. This information may include your identification details (e.g. full name); contact details (e.g. telephone number and/or e-mail address); and professional information that makes up your CV or cover letter.

  • Where do we store the information and with whom do we share it?

We will not share your personal information with third parties, unless it is necessary to obtain references or confirm your professional history. At the end of the application process, your personal information will be deleted immediately, regardless of the outcome.

  • Legal grounds and automated decisions

We will process your personal data for the purpose of analyzing your application, on the legal basis of 'Pre-contractual due diligence at your request', in accordance with Article 6(1)(b) of the GDPR.

We do not make any automated decisions.

 

  1. Information Security

We will treat your personal information with the utmost care and respect for your rights. We have implemented appropriate security measures to prevent the loss, misuse or improper access, alteration or disclosure of your personal data. Likewise, we limit access to your information only to employees, service providers and other third parties who have an operational need to process said information, who will only process your personal data following Credilink's instructions and will at all times be subject to an obligation of confidentiality.

 

  1. Retention of Information

We will retain your information, whenever we collect or process your personal data, until the end of the applicable legal period or until the purposes for which it was collected have been exhausted. At the end of the respective retention period, your information will be completely deleted or anonymized (e.g. it may be aggregated with other data so that it can be used for statistical purposes without any personal identifiers).

 

  1. How to exercise your rights

You have the right to request it:

  • Access to your information processed by us, free of charge;
  • The rectification of your personal data when it is incorrect, outdated or incomplete;
  • When we process your data on the basis of your consent, you may withdraw that consent at any time, without this affecting the lawfulness of the processing carried out until then;
  • The erasure of the data we hold about you, in specific circumstances, namely when you withdraw your consent and we have no overriding legitimate interest, or when the purpose for which the information was collected has been exhausted;
  • The portability of your data to you or to another organization;
  • The limitation of the processing of your personal data, in specific circumstances, namely when we are considering an objection you have raised;
  • Opposition to the processing of your personal data, when this is carried out on the basis of the legitimate interest of Credilink or a third party. 
  • That we do not use your personal data for direct marketing purposes.

To exercise any of the above rights, please contact our Data Protection Officer (DPO) at dpo@credilink.pt.

 

  1. How to contact the Regulator

If you are dissatisfied with our use of your personal data or with our response to your request to exercise your rights, you can lodge a complaint with the Comissão Nacional de Proteção de Dados (CNPD) using the means available at www.cnpd.pt.

 

  1. Questions?

If you have any questions or need further clarification, please contact our Data Protection Officer (DPO) at dpo@credilink.pt.

This Privacy Policy may be updated from time to time. 

The latest version will always be available on our website.

This policy has been updated to 29/10/2024.