Data Minimization Policy for Centaur Health Inc.

Introduction

Centaur Health Inc. is committed to respecting the privacy of our applicants and borrowers. In alignment with our values and adherence to legal requirements in New York, New Jersey, and Connecticut, this Data Minimization Policy outlines our approach to collecting, using, and storing personal and transactional data.

Scope

This policy applies to all personal and transactional data collected from loan applicants in the states of New York, New Jersey, and Connecticut.

Data Collection

  1. Necessity and Consent: We will only collect data that is necessary for processing loan applications. This includes personal identification information and transactional data from applicants’ accounts, which is accessed only with explicit consent from the applicant.
  2. Limitation of Data: The data collected will be limited to what is necessary to assess the applicant's eligibility for a microloan. This may include, but is not limited to, transaction history, account balances, and financial behaviors that are relevant to the loan application.
  3. Children’s Data: Consistent with the Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect any information from persons under the age of 13.

Data Use

  1. Purpose of Use: Collected data will be used solely for the purpose of evaluating loan eligibility, processing applications, and maintaining records as required by law.
  2. No Secondary Use: Data will not be used for purposes other than those for which it was collected, such as marketing or unrelated research, without explicit consent from the applicant.

Data Storage and Security

  1. Secure Storage: All personal and transactional data will be stored securely, with access restricted to authorized personnel only.
  2. Retention Limit: Data will be retained only for as long as necessary to fulfill the purpose for which it was collected, and in compliance with legal and regulatory requirements.

Data Sharing and Disclosure

  1. Restricted Sharing: We will not share personal or transactional data with third parties unless necessary for processing the loan application or as required by law.
  2. Transparency in Disclosure: Applicants will be informed if their data is shared, with whom, and for what purpose, unless prohibited by law.

Compliance and Review

  1. Legal Compliance: This policy is designed to be in compliance with all relevant laws and regulations.
  2. Regular Review: This policy will be reviewed periodically, but at least annually, to ensure continued compliance and relevance to our operations.

Questions and Concerns

For any questions or concerns regarding this Data Minimization Policy, please contact our Privacy Officer at [email protected].