top of page

PRIVACY POLICY

1. INTRODUCTION


This Policy describes how KEENGET S.R.L., a limited liability company organized and operating under Romanian law, having its registered office in Bucharest, Sector 3, 5 Halelor Street, 2nd Floor, registered with the Trade Register Office attached to the Bucharest Tribunal under no. J2024029653007, having the European Unique Identifier (EUID) ROONRC.J2024029653007 and Unique Registration Code 50675772 (“Keenget”, the “Company” or “We”), processes personal data of natural persons in the context of debt administration and recovery activities arising from credit agreements.


The Company carries out two types of operations:

 

  • Administration and recovery of receivables on behalf of and for the account of creditor principals, based on mandate/service/administration agreements. In this case, we act as a data processor and process personal data only on the instructions of the controller (the creditor).

  • Administration and recovery of receivables acquired in our own name, based on receivables assignment agreements. In this case, we act as a data controller, determining the purposes and means of processing in our own name.

 

This Privacy Policy (“Privacy Policy”, “Policy”) explains how we collect, use, and protect your personal data, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, as amended and supplemented (GDPR). This Privacy Policy should be read together with the Cookies Policy.


2. DATA CONTROLLER AND DATA PROTECTION OFFICER


The controller of your personal data is determined depending on the context in which the processing takes place, as follows:

 

(i) Administration and recovery of receivables on behalf of creditor principals

 

Where KEENGET carries out debt administration and recovery activities on behalf of and for the account of a creditor, such creditor acts as the data controller, while KEENGET acts as a data processor, processing personal data exclusively based on the instructions received from the controller.


Creditors may include non-banking financial institutions (NBFIs), credit institutions, or other entities in the financial sector.
 

To find out the identity and contact details of the controller (your creditor), we recommend consulting your credit agreement or accessing the creditor’s official website. The controller is responsible for providing you with information regarding the processing of personal data in this capacity.

(ii) Administration and recovery of receivables acquired in own name


Where KEENGET acquires receivables in its own name, based on assignment agreements, KEENGET acts as a data controller, determining the purposes and means of processing personal data.


If you have any questions regarding the capacity in which KEENGET acts in a particular situation (controller / processor), you may contact us using the contact details provided below for further clarification.

(iii) Interaction via the Website and direct communications


Where you contact us directly (for example, via email, telephone, SMS, messaging applications, or post), including through the website https://www.keenget.ro/ (the “Website”), KEENGET generally acts as a data controller for processing related to handling requests, communications, and complaints.


Depending on the nature of the request, KEENGET may act either as a controller or as a processor, as applicable, in particular where the request relates to a credit agreement administered on behalf of a creditor.


3. SOURCES OF PERSONAL DATA


The data we process comes from the following sources:

 

  • The creditor principal – Where a receivable is assigned to us or where we act under a mandate, we receive credit files and supporting documentation from the creditor. These documents contain the information you initially provided when entering into the credit agreement or subsequently in your relationship with the creditor;

  • You or persons acting on your behalf – We obtain data from communications with you (by phone, email, SMS, or other means of communication), from notifications or requests submitted by you, as well as from persons who make payments on your behalf;

  • Interaction via the Website – We collect data that you provide directly by completing the contact form available on the Website or by submitting requests through it. This data may include identification and contact details, as well as the content of your message (e.g., requests for information or complaints). We also automatically collect certain information when you visit the Website, such as technical data regarding the device used, IP address, browser type, and information regarding the use of the Website, through cookies and similar technologies, in accordance with the Cookies Policy;

  • Public sources and third parties – For the purpose of updating or verifying data, we use information from public registers, databases of authorities (e.g., DEPABD, Trade Register, Land Registry), or from professionals involved (such as bailiffs, public notaries, private investigators), as well as from other entities with legal reporting obligations.

4. CATEGORIES OF DATA PROCESSED, PURPOSES OF PROCESSING, LEGAL BASIS, AND RETENTION PERIOD


A. Receivables administered under mandate

B. Assigned receivables

C. Interactions not related to debt administration and recovery activities

If a submitted request proves to be related to the administration or recovery of a receivable, it will be handled in accordance with Sections A or B above, as applicable.

5. DATA COLLECTED AUTOMATICALLY IN THE CONTEXT OF WEBSITE USE

In the course of using the Website, certain data may be collected automatically through technologies used for its operation and security. Such data may include, in particular: technical data regarding the device used (e.g., device type, operating system, browser); log data (e.g., IP address, date and time of access, pages visited, duration of the visit); data collected through cookies and similar technologies (e.g., online identifiers, information regarding browsing behavior).

For detailed information regarding the use of cookies, please refer to the Cookies Policy available on the Website.

These data are processed for the purposes of ensuring the technical functioning of the Website; administration and security of IT systems; prevention and detection of fraud or unauthorized access; and analysis of the use of the Website in order to improve it.

 

In the above cases, the legal bases for processing are Article 6(1)(f) GDPR – the legitimate interest in ensuring the functioning and security of the Website, and Article 6(1)(a) GDPR – the user’s consent, in the case of cookies that are not strictly necessary.

 

6. YOUR RIGHTS

In accordance with applicable data protection legislation (including Regulation (EU) 2016/679 – GDPR), you benefit from the following rights in relation to your personal data:

  • Right of access: You have the right to request confirmation as to whether we process your data, as well as information about the categories of data processed, the purposes of processing, the recipients of the data, and the storage period.

  • Right to rectification: You have the right to request the correction of inaccurate data or the completion of incomplete data.

  • Right to erasure: You may request the deletion of your data under the conditions provided by law. Please note that this right is not absolute and does not apply where processing is necessary for compliance with legal obligations, for the establishment, exercise, or defense of legal claims, or for fulfilling other applicable legal obligations.

  • Right to restriction of processing: You have the right to request the limitation of how your data is used in certain situations provided by law (for example, if you contest its accuracy).

  • Right to object: Where processing is based on our legitimate interest, you have the right to object. We will cease processing unless we have compelling legitimate grounds which override your interests, or where processing is necessary for the establishment, exercise, or defense of legal claims.

  • Right to data portability: In certain situations (for example, where processing is based on consent or a contract and is carried out by automated means), you have the right to receive your data in a structured format and to request its transmission to another controller.

  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out prior to such withdrawal.

  • Right not to be subject to automated decision-making: You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you, except where permitted by law.

  • Right to lodge a complaint: You have the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro). However, we encourage you to contact us first in order to attempt to resolve the matter amicably.

 

The exercise of your rights does not affect your obligation to repay the debt and does not prevent the lawful conduct of debt recovery activities, including the initiation or continuation of judicial or enforcement proceedings, in accordance with the law.

 

7. RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

For the purpose of carrying out its activities, KEENGET may disclose your personal data to certain categories of recipients, to the extent that this is necessary and justified:

  • IT service providers and technical support providers, including hosting, maintenance, cybersecurity services, and IT systems used in debt administration and collection activities;

  • communication service providers, including telephone, SMS, or email services used for contacting debtors;

  • CRM service providers or other operational systems used for managing debtor relationships and debt recovery activities;

  • external consultants and professionals, such as lawyers, bailiffs, or other advisors, where necessary for debt management or compliance with legal obligations;

  • courts of law, bailiffs, and other competent bodies involved in debt recovery proceedings;

  • public authorities or competent institutions, where the disclosure of data is required by law or necessary for the protection of Keenget’s rights and legitimate interests.

 

In all cases, we disclose only the data strictly necessary for the intended purpose and ensure that recipients implement appropriate security and confidentiality measures in accordance with applicable legislation.

 

8. INTERNATIONAL DATA TRANSFERS

As a rule, Keenget processes your personal data within the European Economic Area (“EEA”). In certain situations, for the purpose of carrying out its activities, we may use service providers located outside the EEA, such as:

  • IT, hosting, or cybersecurity service providers;

  • call-center or communication solution providers;

  • providers of digital platforms used in day-to-day operations (e.g., analytics or online communication services).

 

In all such cases, data transfers are carried out in compliance with applicable legal requirements and only where appropriate safeguards are implemented to protect your data, such as standard contractual clauses approved by the European Commission or adequacy decisions.

 

9. DATA SECURITY

KEENGET implements appropriate technical and organizational measures to ensure the protection of personal data against unauthorized access, loss, destruction, or unauthorized disclosure. These measures include, without limitation, technical, physical, and administrative safeguards applied both during data transmission and after its receipt.

 

Access to personal data is granted only to employees and collaborators who require such information for the performance of their duties, and who are subject to confidentiality obligations. However, it should be noted that no method of data transmission over the internet or method of electronic storage is completely secure, and therefore we cannot guarantee the absolute security of the data.

 

10. MISCELLANEOUS

Response timeframe – We will make all reasonable efforts to respond to your request without undue delay and, in any event, within a maximum of 30 days from receipt. This period may be extended by up to an additional 60 days where necessary, taking into account the complexity and number of requests. In such cases, we will inform you of any such extension within 30 days of receiving the request, including the reasons for the delay, in accordance with applicable legal provisions.

Restriction of access – In certain situations, we may not be able to provide full or partial access to your personal data due to legal restrictions. If your access request is refused, we will inform you of the reasons for the refusal, to the extent permitted by law.

 

Inability to identify – In specific cases, it may be impossible for us to identify your personal data due to insufficient identification information in your request. If you do not provide additional details enabling your identification, we will not be able to respond to your request to exercise the legal rights mentioned in this section.

Links to other websites – The Website may contain links to other websites that are not operated by KEENGET. KEENGET is not responsible for the content of such websites or for how they process personal data. We recommend reviewing the privacy policies of those websites before providing any personal data.

Processing of minors’ data – The Website is not intended for individuals under the age of 18, and KEENGET does not knowingly collect personal data from minors. If such a situation is identified, we will take steps to delete the respective data without undue delay.

 

11. CONTACT DETAILS

For questions or requests related to data protection, as well as to exercise your legal rights, you may contact us:

in writing, at our registered office – Bucharest, Sector 3, 5 Halelor Street, 2nd Floor;

via the contact form available on the Website https://www.keenget.ro/;

by email at dpo@keenget.ro;

by phone at XX.

For the purpose of handling your request, we may ask you to provide additional information necessary to verify your identity. Furthermore, where requests are manifestly unfounded, excessive, or repetitive, we reserve the right to refuse to act on such requests or to charge a reasonable fee, in accordance with applicable legal provisions.

KEENGET SRL

Registration number: J2024029653007

CIF: 50675772

Registered office: Bucharest, District 3, 5 Halelor Street, 2nd Floor

European Unique Identifier (EUID) ROONRC.J2024029653007
Registered with the National Authority for Consumer Protection under no. 33165/09.04.2026

© 2026 by Keenget

Get in Touch

I have read and understood the Privacy Policy and I agree to the Terms and Conditions.

bottom of page