Factora Logo

Privacy Policy

Privacy Policy

Effective Date: [09/09/2025]

Factora (“Factora,” “we,” “us,” “our”) values your privacy and is committed to protecting the personal data you provide when interacting with our website and our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information, in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

1. Data We Collect

Demo form (required fields):

  • Full name
  • Business email
  • Company name
  • Role

Contact form:

  • Full name (required)
  • Email (required)
  • Phone number (optional)
  • Subject and message

Automatically collected (online identifiers):

  • IP address
  • Device/browser information
  • Timestamp
  • Referral URL
  • Cookie identifiers (see Cookies section)

Marketing (optional):

  • Your explicit consent to receive product updates.

⚠️ Please avoid including sensitive or confidential information (e.g., financial, health, government ID data) in free-text message fields.

2. Purposes & Legal Bases (GDPR, Art. 6)

Demo form — to arrange, confirm, and run your demo (emails, scheduling, follow-ups): Contractual necessity / pre-contract steps (Art. 6(1)(b)).

Contact form — to respond to your inquiry: Contractual necessity / pre-contract steps (Art. 6(1)(b)).

Security, abuse prevention, logging — monitoring system integrity and fraud prevention: Legitimate interests (Art. 6(1)(f)).

Optional product updates/marketing — only with your explicit consent: Consent (Art. 6(1)(a)). You may withdraw at any time.

Legal obligations — e.g., record-keeping, regulatory requests: Legal obligation (Art. 6(1)(c)).

We do not use these forms for automated decision-making that produces legal or similarly significant effects.

3. How We Use Your Information

We process your personal data only where there is a lawful basis under GDPR. We use your information for the following purposes:

  • To respond to your inquiries and messages.
  • To schedule and manage demo calls or meetings.
  • To communicate with you regarding our services and partnerships.
  • To provide information about potential financing opportunities through our partner institutions (upon request).
  • To improve our Website functionality and user experience.
  • To comply with legal obligations and regulatory requirements.

The lawful bases for processing include performance of a contract, legitimate interest, compliance with legal obligations, and your explicit consent (where required).

4. Sharing of Information

As part of order processing in accordance with Art. 28 GDPR, we pass on your data to service providers who support us in the operation of our websites and the associated processes. Our service providers are strictly bound by instructions to us and are contractually bound accordingly. These are service providers of the following categories:

We may share your information with:

  • Cloud hosting and IT infrastructure providers,
  • Website analytics services,
  • Email communication and scheduling tools,
  • Professional advisers (legal, compliance, and audit), and
  • Dunning & collection agencies (registered) for dunning and collection services in the context of overdue receivables

All third parties are required to process your data securely and in compliance with applicable data protection laws.

Where our service providers process data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses (SCCs) or an adequacy decision, to guarantee an adequate level of protection.

We do not sell or rent your personal data. We do not share your form data with financing partners unless you explicitly ask us to or it is necessary to progress your request (e.g., you ask for an introduction).

5. International Transfers

Some providers may process or store data outside the EEA/UK. Where this occurs, we implement:

  • EU Standard Contractual Clauses (SCCs)
  • Transfer Impact Assessments (TIAs)
  • Technical/organisational safeguards (e.g., encryption, access restrictions).

6. Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, and in line with legal and regulatory requirements. Specifically:

  • Demo leads & contact inquiries: up to 24 months from last interaction (to allow reasonable follow-ups and pipeline analytics).
  • Marketing contacts (consent): until withdrawal or 24 months of inactivity.
  • Security logs: typically 12 months (longer if required for security investigations).
  • Legal claims/compliance: specific records may be retained longer if required by law or necessary to establish/defend claims.

7. Cookies and Tracking

You can manage your cookie preferences through your browser settings. Essential cookies cannot be disabled, as they are necessary for Website operation.

Our Website uses cookies and similar technologies to:

  • Ensure Website functionality.
  • Improve your browsing experience.
  • Collect anonymized analytics data.

You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent to you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our websites may then not be displayed and some functions may no longer be technically available.

8. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption (in transit and at rest where applicable)
  • Access controls and least-privilege policies
  • Regular security monitoring and logging
  • Vendor due diligence and contractual safeguards.
  • Incident detection and response processes

Despite our safeguards, no system is fully secure, but we strive to maintain a level of security appropriate to the risks.

9. Your Rights

Under GDPR, you have the following rights:

Right to information (Article 15 GDPR):

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.

Right to Rectification (Article 16 GDPR):

You have the right to request the correction of inaccurate personal data concerning you and, if necessary, the completion of incomplete data without undue delay.

Right to Erasure (“Right to be Forgotten”) (Article 17 GDPR):

You have the right to request that personal data concerning you be deleted without undue delay if one of the reasons listed in detail in Article 17 GDPR applies.

Right to Restrict Processing (Article 18 GDPR):

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.B. if you have objected to the processing, for the duration of the examination by the controller.

Right to Data Portability (Article 20 GDPR):

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.

Right to Object (Article 21 GDPR):

You can object at any time to processing of your data based on legitimate interests, including profiling, unless we demonstrate compelling legitimate grounds. You also have the right to object to processing for direct marketing purposes.

Right Not to Be Subject to Automated Decision-Making (Article 22 GDPR):

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or significantly affects you, unless such processing is:

  • necessary for entering into or performing a contract,
  • authorized by law, or
  • based on your explicit consent.

Right to Withdraw Consent (Articles 6(1)(a) and 7(3) GDPR):

Where processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR):

In accordance with Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. In particular, the right to lodge a complaint may be asserted with a supervisory authority in the EU Member State or UK jurisdiction of your habitual residence, place of work or where an alleged infringement has occurred.

10. Children’s Data

Our Website and services are directed exclusively to businesses. We do not knowingly collect data from individuals under the age of 18. If we become aware that we have collected such data, we will delete it immediately.

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The “Last Updated” date at the top will indicate the latest revision. We encourage you to review this Policy regularly.

Back to Contact