Privacy Policy

Last update date: FEBRUARY 04, 2025

The company PLEDG undertakes to act in accordance with all regulations in force applicable to the protection of personal data and in particular with EU Regulation No. 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (RGPD) and Law No. 78-17 of January 6, 1978 relating to data, files and freedoms (Loi Informatique et Libertés).

The purpose of the present privacy policy is to inform, in a clear, concise and comprehensible manner, of the conditions of implementation of the processing of personal data carried out by the company PLEDG in its capacity as subcontractor of CA CF, of which it has been a 100% subsidiary since February 2024. It is also intended to inform the persons concerned of their rights with regard to Data Processing, Data Files and Individual Liberties, and how to exercise them, in particular visitors to the PLEDG website and users and beneficiaries of financing solutions ("YOU").

For all practical purposes, CA CF's personal data policy is available here.

1. Definitions

Personal data: Personal data is any information relating to an identified or identifiable natural person.

Sensitive" personal data: "Sensitive" personal data are those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data, data concerning health or data concerning the sex life or sexual orientation of a natural person, data relating to criminal convictions or offences.

Processing of personal data: is an operation, or set of operations, relating to personal data, whatever the process used (collection, recording, organization, conservation, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation).

Controller: The entity that, alone or jointly with others, determines the purposes and means of processing personal data.

Processor: This is the entity that processes personal data on behalf of the controller.

Recipient: This is the entity that receives communication of personal data.

Data subjects: these are the natural persons whose personal data are processed.

Transfer of personal data outside the EU: any communication, copy or movement of personal data that is intended to be processed in a country outside the European Union.

Data Protection Officer (DPO ): is the person in charge of ensuring the protection of personal data within the organization that has appointed him/her and monitoring compliance with the regulations in force.

Customer: any natural person placing an order for goods and/or services with a Merchant, whether on the Merchant's website, on a marketplace or in a physical sales outlet of the Merchant, and requesting a Deferred or instalment payment.

Merchant: any legal entity selling goods or services and offering to pay for goods and services via Deferred or instalment payment.

Deferred or instalment payment : any method of staggering the payment of goods and/or services purchased from a Merchant, granted to a Customer via the Solution.

Solution: the technological solution developed by PLEDG and made available to the Merchants in order to allow them to propose to their Customers to pay their purchases of goods and services in several times or in a deferred way.

2. Legal information about PLEDG

The data controller is PLEDG, whose head office is located at 95, rue Saint Lazare, 75009 - Paris, registered with the Paris B Trade and Companies Register under number 823 495 544, and represented by Mr Nicolas Pelletier in his capacity as Chairman. PLEDG is registered as a broker in banking operations and payment services (COBSP) with the organization for the unique register of intermediaries in insurance, banking and finance (ORIAS), under number: 21001402

3. What are the objectives (purposes) and legal basis (legal basis) of the processing carried out by PLEDG in its capacity as data controller?

In order to be as transparent as possible with regard to the processing of personal data, you will find below a table containing all the processing operations carried out by the PLEDG company in its capacity as data controller. These processes concern data (1) transmitted by our trading partners, (2) collected with your consent or (3) corresponding to connection data. This includes technical data, personal data, contact data, purchase data and financial data. In the table below, this data is associated with the purposes for which it is processed and the legal basis on which PLEDG relies to carry out this processing.

Personal data processing carried out by the company PLEDG

Purposes of the processing

Applicable legal bases

Management of the validation of the deferred or fractional financing offer by means of a creditworthiness and reliability score that can lead to a fully automated decision and that takes into account :
- The automated assessment of the creditworthiness of the financing offer applicant by a partner
- The automated assessment of the applicant's reliability by the online payment management service provider

(Consumer Relations)

The processing is necessary for the execution of the contract for the financing of pre-contractual measures. In addition, PLEDG collects your consent for the collection and analysis of your bank statements that you have sent to PLEDG as part of your financing application.

Management of requests for assistance and demonstration of the PLEDG technological solution received via contact forms accessible from the website

The processing is necessary for the purposes of the legitimate interests pursued by the company PLEDG, which are to respond to all requests for information, in particular on the services provided, and to communicate with its customers.

Sales prospecting management
(B to B: Relations with merchants)

The processing is necessary for the purposes of the legitimate interests pursued by PLEDG, which are to develop its customer base by presenting and offering its services and financing solutions to prospective customers.

Customer relationship management, including technical integration activities and customer satisfaction surveys
(Merchant relations)

The processing is necessary for the performance of a contract and in certain cases for the purposes of legitimate interest (satisfaction surveys, collection of testimonials).

Development and training of the algorithm used for the validation of a financing offer

The processing is necessary for the purposes of the legitimate interests pursued by PLEDG, which are to improve the accuracy of its algorithm's predictions and its success rate.

Preventing and combating fraud:
- Detection of acts carried out within the scope of activities that are anomalous, inconsistent or have been reported as potentially involving fraud
- Alert management (which consists of carrying out checks, requesting explanations or supporting documents)
- Creation of a list of persons duly identified as perpetrators of acts qualified as fraud or attempted fraud.

The processing is necessary for the purposes of the legitimate interests pursued by PLEDG, which are to prevent, limit or stop any deliberate act designed to take unlawful advantage of a deferred or fractional financing contract.

Management of obligations relating to identification and customer knowledge (KYC):
- Collect online proof of identity from users via video streaming sessions
- Verify the integrity of identity documents provided
- Verify that the person presenting the identity documents is indeed the person corresponding to said documents

The processing is necessary to comply with a legal obligation to which the company PLEDG is subjectThe consent of the person for the collection of the video of his face (Explicit consent in the presence of biometric data)

Implementation of control systems, in particular to combat money laundering and the financing of terrorism (LCB-FT)

The processing is necessary to comply with a legal obligation to which PLEDG is subject.

Accounting treatment

The processing is necessary to comply with a legal obligation to which the company PLEDG is subject

4. How long will my data be stored?

PLEDG retains data for as long as is necessary for the performance of the contract or pre-contractual measures, and until the expiry of the applicable legal time limits. In particular, data relating to :

  • accepted or rejected financing applications are kept for 1 year
  • a situation of unpaid bills, are kept for 3 years
  • are kept for 5 years from the closing of the fraud file.
  • a file declared to TRACFIN, are kept for 10 years
  • accounting treatment, are kept for 10 years

At the end of this period, your data will be anonymized.

5. Profiling and fully automated decision-making

The company PLEDG, within the framework of the provision of its financing services, wishes to inform you that it carries out processing of personal data that may lead to the adoption of a fully automated decision with regard to the persons concerned and producing effects in their respect such as the loss of the benefit of obtaining a credit or the exclusion for any future transactions.

With regard to automated processing for the purpose of validating a financing offer :

When PLEDG receives a new financing request, a refusal decision based exclusively on automated processing using its algorithm may be adopted. This decision, necessary for the conclusion of a financing contract, has the consequence of depriving the person concerned of obtaining a financing service. In this case, the person concerned has the right to obtain human intervention, to express his or her point of view, to obtain explanations regarding the decision and to contest it, under the conditions set out in point 8 of this privacy policy.

With regard to automated processing for the purpose of managing unpaid bills and, in particular, identifying persons in a situation of unpaid bills for the purpose of exclusion:

The company PLEDG wishes to inform you that the non-payment of a due date programmed by a financing plan automatically leads to the registration of the concerned person on a list dedicated to the identification of the persons in situation of unpaid. The inscription on this list has as consequence to exclude the concerned person for any future transaction, from the benefit of the financing services proposed by the company PLEDG.

The person concerned is informed about his inclusion in this list and the reasons for this decision. On this occasion, the PLEDG company reminds the data subject that he or she has the right to obtain human intervention, to express his or her point of view, to obtain explanations about the decision taken and to contest it, under the conditions provided for in point 9 of this Privacy Policy.

6. Who are the recipients of the personal data?

In order to be able to provide its services and within the strict framework of each purpose of the treatments implemented by the company PLEDG, the following categories of recipient are likely to receive communication of the personal data:

  • The internal staff of PLEDG is subject to an obligation of confidentiality and is specially authorized to process personal data with regard to their functions.
  • The various suppliers, business partners and technical service providers of PLEDG, specially authorized to process personal data on its behalf and in accordance with the requirements of the applicable regulations.
  • The legally authorized authorities within the framework of their missions or the exercise of a right of communication.
  • Merchant partners, bound by their privacy policy and the contract between them and Pledg.
  • The securitization mutual fund that finances receivables arising from Pledg payment facilities. As part of this partnership, PLEDG acts as a data processor on behalf of the Fonds Commun de Titrisation.

7. What are the objectives (purposes) and legal basis (legal basis) of the processing operations carried out by PLEDG as a processor?

Personal data processing carried out by the company PLEDG

Purposes of the processing

Applicable legal bases

Customer relationship management: provision of payment schedules, payment management, management of reminders before direct debits, management of refunds, management of complaints (consumer relations).

Processing is necessary for the performance of a contract


Management of unpaid invoices and debt collection:
- Identification of proven unpaid invoices
- Debt collection
- Identification of unpaid invoices in order to exclude them from all future transactions (inclusion on a list with automated decision on D+4 for non-payment of a due date).

processing is necessary for the performance of a contract to which the individual is a party


Refund and after-sales service management

(Merchant relations)

Processing is necessary for the performance of the contract

8. Is personal data transferred to a country outside the European Union?

As a matter of principle, PLEDG takes care to minimize situations in which personal data may be transferred to a country outside the European Union. Nevertheless, it may happen that the use of services provided by a service provider or a third-party application may involve, in the sense of the regulations, a transfer of data to a country outside the European Union. In such cases, PLEDG has put in place procedures to ensure that processing involving the transfer of data outside the European Union can only take place if a sufficient and appropriate level of protection for your personal data is guaranteed.

9. How do we protect personal data?

PLEDG is committed to implementing all necessary security measures, both technical and organizational, to ensure the confidentiality, integrity and availability of personal data. These measures ensure that personal data is protected against unauthorized access, modification, alteration, disclosure, loss or destruction.

If we use a service provider acting on our behalf as a subcontractor, we ensure beforehand, with the support of our DPO, that the latter presents sufficient guarantees as to the implementation of appropriate security measures and guarantees the protection of the rights of the persons concerned.

10. What rights can data subjects exercise over their personal data, and how?

In accordance with Regulation (EU) 2016/679 on the protection of personal data (RGPD) and Law No. 78-17 of January 6, 1978 on data processing, files and freedoms, data subjects have, depending on the legal basis of the processing:

  • The right to ask PLEDG for access to your personal data. The right of access is your right to ask the company PLEDG whether we process personal data about them and to obtain a copy of this information;
  • The right of rectification, which allows you to obtain the modification of inaccurate or incomplete data;
  • The right to object at any time to the processing of personal data for commercial prospecting and when the processing is necessary for the legitimate interests pursued by the company PLEDG;
  • The right to erasure, also known as the "right to be forgotten", which allows to obtain, under certain conditions, the erasure of personal data;
  • The right to limit the processing of personal data and to obtain the suspension of the processing in certain cases provided for by the regulations;
  • The right to the portability of personal data, which allows the recovery of personal data provided or to request a direct transfer of such data to a new controller;
  • The right to withdraw their consent to the processing of personal data at any time, where consent is the legal basis for the processing;
  • The right to define directives relating to the conservation, deletion and communication of personal data after their death under the conditions provided for in Chapter V of Title II of Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms " Provisions governing the processing of personal data relating to deceased persons" ;

You can exercise your rights by contacting the Data Protection Officer by post or electronically, providing proof of your identity "by any means", at the following addresses:

  • By mail : dpo@pledg.co
  • By post: PLEDG - 55 rue de la Boétie, 75008 Paris - FRANCE

Finally, you can lodge a complaint with the Commission nationale de l'informatique et des libertés (CNIL ),https://www.cnil.fr/fr/adresser-une-plainte.

11. How do I obtain information about the use of cookies and similar tracking technologies?

We use cookies on our website https://pledg.co. To learn more about this, please see our cookie policy.