PERSONAL DATA PROCESSING POLICY FOR MARKETING PURPOSES

1. Data Controller

2. Terms and Definitions

Processing: Any operation performed with Personal Data, including collection, recording, storage, alteration, granting access, responding to requests, transmission, and any other actions involving the Data.

Data: Information related to an identified or identifiable natural person (the Data Subject).

Data Subject: An identified or identifiable natural person who can be directly or indirectly identified through Personal Data. This includes Clients (natural persons) and related individuals associated with Clients (legal entities).

Client: A natural person (Data Subject) or a legal entity associated with the Data Subject that applies for Services provided by the Controller.

Services: The intermediary lending services offered by the Controller.

Controller: The entity defined in Section 1 of this Policy responsible for processing Personal Data and independently determining the purposes and means of processing.

Policy: This document outlining the Personal Data Processing Policy for Marketing Purposes.

Website - www.lamaiecredit.ro

3. Purpose of the Policy

The purpose of this Policy is to inform the Data Subject about the types of Data processed by the Controller for marketing purposes as part of its marketing activities. Upon reviewing this Policy, the Data Subject has the option to consent to the Controller's use of their Data for marketing purposes or to decline such use.

4. Application of the Policy

This Policy applies to the Controller's Clients who are classified as Data Subjects, as well as to related Data Subjects who represent Clients in their communications with the Controller. It specifically governs the Data that the Controller utilizes for marketing purposes.

For information regarding the general principles and purposes of the Controller's data processing, as well as the Data Subject's rights related to data protection and their exercise, please refer to the Privacy Policy for Clients available on the Controller's website.

5. Personal Data Processing

In the course of implementing marketing activities, the Controller processes the following personal data:

• First Name
• Last Name
• Email Address
• Phone Number

Using this data, the Controller maintains communication with Clients by sending marketing messages that include relevant information about the Services provided, updates, new products, suitable discounts, and other advantageous offers. Notifications may be sent via email or text message, and the Controller also conducts direct calls to Clients.

The Controller's processing of personal data for marketing purposes is lawful when based on Article 6(1)(a) of the GDPR, which states: "The Data Subject has given consent to the processing of their personal data for one or more specific purposes." By agreeing to this Policy, the Data Subject consents to the processing of their personal data for marketing purposes and separately confirms whether they wish to receive marketing messages from the Controller.

Consent may be revoked at any time by notifying the Controller of the desire to do so. This can be accomplished by sending a letter to the Controller's contact details provided above. Upon receiving a revocation of consent for the use of personal data for marketing purposes, the Controller will immediately cease processing such data.