ERNCEL AGENCIES — Privacy Policy

Internal Privacy Policy for the ERNCEL AGENCIES Loan Management System

Last Updated: December 3, 2025

1. Purpose of This Policy

This Privacy Policy explains how personal and financial data is collected, used, stored, shared, and protected within the ERNCEL AGENCIES Loan Management System ("ERNCEL AGENCIES"). This system is strictly for internal business operations.

2. Scope

This policy applies to all employees, contractors, administrators, auditors, and any authorized users who access borrower, employee, or company data within ERNCEL AGENCIES.

3. Types of Data Collected

  • Borrower personal information (name, ID numbers, contacts, address)
  • Financial data (income, loan amounts, repayment schedules, balances)
  • Employment and business information
  • System usage logs and access history
  • Device, IP, and authentication data

4. How Data Is Used

  • Loan processing, approvals, disbursements, and recovery
  • Risk assessment and credit decisioning
  • Internal reporting and audits
  • Fraud prevention and compliance checks
  • System security monitoring

5. Lawful Basis for Processing

Personal data processed in ERNCEL AGENCIES is handled under legitimate business interest, contractual obligations with borrowers, and applicable regulatory compliance requirements.

6. Data Access & Confidentiality

Access to personal data is strictly role-based. Users are only permitted to access information required to perform their job duties. Unauthorized access, sharing, or misuse of data is strictly prohibited.

7. Data Storage & Protection

  • All system data is stored on secured servers
  • Passwords are encrypted
  • Access is logged and monitored
  • Backups are securely maintained
  • Secure network and firewall protections are enforced

8. Data Sharing & Third Parties

Data may only be shared with third-party service providers that are approved by management and comply with strict confidentiality and data protection requirements. Unauthorized sharing is prohibited.

9. Data Retention

Data is retained in accordance with internal records retention policies and regulatory requirements. Data is only deleted through approved administrative procedures.

10. Data Subject Rights

Where applicable by law, individuals whose data is stored within ERNCEL AGENCIES may have rights to:

  • Request access to their data
  • Request correction of inaccurate records
  • Request lawful deletion or restriction

All such requests must be directed to the Data Protection Officer.

11. Breach & Incident Reporting

Any suspected data breach, unauthorized access, or exposure of personal information must be reported immediately to the Security and IT team. Failure to report incidents may result in disciplinary action.

12. Cookies & Tracking

ERNCEL AGENCIES does not use public tracking cookies. Session management may use internal secure authentication tokens solely for operational and security purposes.

13. Policy Violations

Breach of this Privacy Policy may result in loss of system access, disciplinary measures, termination of employment or contract, and possible legal action.

14. Changes to This Policy

This Privacy Policy may be updated periodically. Continued use of ERNCEL AGENCIES after changes constitutes acceptance of the revised policy.

15. Contact Information

Data Protection Officer (DPO): Contact via your organization’s internal directory.
IT & Security Team: Internal support desk.