Updated 04/29/2025

Your privacy is important to us and we take it very seriously. This personal data protection policy describes the information that we collect about you (hereinafter “You” or the “Customer”), by means of or through, in whole or in part, our website or one of our pages on social networks, but also and more generally in the context of your relationship with us, and how we process it (see information relating to the methods of collection, processing and use of your personal data).

Regular Finance (formerly Tech For Change), a simplified joint-stock company with capital of 2,157.996 euros, whose registered office is located at 41 rue de la Chaussée d’Antin 75009 Paris, registered with the RCS of Paris under number 849 355 565 (hereinafter “Regular” or the “Company”) thus undertakes to implement all measures necessary to ensure processing in compliance with applicable regulations, in particular the European Regulation 2016/679 on the protection of personal data (hereinafter, the “RGPD”) and the French Data Protection Act of January 6, 1978.

By using the www.regular.eu website (hereinafter, the “Site”), the Regular Service, the mobile application on iOS or Android, you agree to the present privacy policy (hereinafter, the “Policy”). The purpose of the Policy is to set out the terms and conditions for processing your data in connection with your use of the Site and the Regular Service. Regular reserves the right to modify this Policy at any time. If a modification is made, we undertake to publish the new version on the Site, mentioning the last update date. It is therefore your responsibility to check the Site regularly to stay informed of any changes.

1. General

Information regarding the protection of your Personal Data can be found in this Privacy Policy.

The purpose of this Privacy Policy is to provide information on how Regular collects, processes, protects, stores, shares and deletes Customers’ Personal Data.

For the purposes hereof :

• Data” refers to all Customer data. This includes in particular data linked to the customer account, data accessible via the interfaces provided by Regular, and the data defined below (Identification Data, Personal Data);
• Identification Data” refers to the data enabling the Customer to access his Personal Space, consisting of an e-mail address and a password;
• The term “Personal Data” refers to all personal information concerning a Customer, a natural person identified or who can be identified, directly or indirectly, by reference to an identification number or to one or more elements that are specific to him;
• The term “Personal Space” refers to an individualized environment, accessible via the Regular mobile application and the Regular website, and dedicated to the use of the Regular service.

2. Person responsible for the processing of personal data

‍The information communicated by the Customer is intended for Regular Finance SAS, dedicated to the development of its Regular. As such, Regular Finance SAS determines the purposes of personal data processing. It is thus responsible for processing within the meaning of Article 4 -7) of the RGPD.

3. Purposes of processing

Personal data is collected by Regular and processed automatically to provide Regular services, while maintaining confidentiality.

It is necessary for :

• Providing services,
• Check the customer’s identity and age,
• Check the customer’s solvency,
• Combating fraud and money laundering, and “know your customer” (KYC) procedures,
• Comply with tax control and reporting obligations, as well as risk assessment and management.

4. Confidentiality of personal data

Regular attaches the utmost importance to the confidentiality of Personal Data. To this end, Regular takes all necessary precautions to protect the confidentiality of Personal Data, and declares that it works with trusted subcontractors, reputed for the reliability of their services and the high degree of protection they afford to the confidentiality of Personal Data.

5. Processed data

To provide the Services, the following data are collected and processed:

• Last name, First name,
• Contact details (postal address, telephone number, email address),
• Date & place of birth, gender, nationality, marital status,
• Identification data,
• Authentication data,
• Tax number,
• Professional status,
• Identity documents, geolocation, metadata,
• Selfies, video selfies, photo geolocation,
• IP addresses.

In the course of using the services, other personal data may be processed in addition to the above-mentioned data:

• Order data (withdrawal request),
• Data relating to our obligations to combat money laundering and the financing of terrorism.

6. Legal basis

The Customer’s express and unequivocal consent to the processing, collection, sharing and analysis of his Personal Data is obtained by signing and accepting the CGUV and constitutes the legal basis of the present Policy.

7. Recipient of data

Data is transmitted to Regular and encrypted, and may also be processed securely by the following subcontractor within the meaning of Article 4 – 8) of the RGPD:

– DocuSign International (EMEA) Limited’s identity verification service, 5 Hanover Quay, Grand Canal Dock, Dublin D02 VY79 Ireland.

The aforementioned subcontractor has limited access to Customer data in the context of the performance of services, and has a contractual obligation to use it in compliance with the provisions of the applicable regulations on the protection of personal data and to implement organizational and technical measures to ensure the security of Customer data.

8. Data security

Regular, in order to guarantee the best protection of Clients’ personal data, implements organizational, technical, software and physical data security measures to protect such personal data against alteration, destruction and unauthorized access. The Personal Data collected is all stored on our servers within the European Union, and in accordance with current regulations (RGPD).

9. Data life cycle

The Customer’s Identification Data and Personal Data are recorded at the time of registration and each time the Customer updates his/her data in the Customer area.

Identification Data is collected by DocuSign International (EMEA) Limited.

All Data collected is transferred to Regular’s servers and databases. The Data is structured and reorganized by Regular so that it can be used in an agreed format. The Data may be consulted and updated at the Client’s request. The Data is not kept beyond the period necessary for the purposes in question.

10. Data retention period

Personal data is kept only for as long as is strictly necessary for the purposes for which it was collected and to the extent permitted by applicable law. The length of time that customer data is retained varies according to the purpose of the processing. In application of obligations linked to the fight against money laundering and the financing of terrorism, it may be kept for a maximum of five (5) years from the end of the contractual relationship between Regular and the Customer (pursuant to article L.516-12 of the French Monetary and Financial Code). In addition, commercial and tax law provides for retention periods. Once the retention period has elapsed, Regular permanently deletes the Customer’s Personal Data. Data may be destroyed at any time at the Customer’s request, with the exception of data whose retention is required by law.

11. Customer rights

The Customer has the following rights:

• The right of access: this is the right to obtain a copy of the personal information that Regular holds about you.
• The right to data portability: this is the right to obtain data concerning him or her that Regular holds, in a structured and interoperable electronic form, and to have it transferred to another data controller.
• The right of rectification: the right to have incomplete or inaccurate personal information processed about you rectified.
• The right to request the deletion of personal data: the Customer has the right to request the deletion of personal data processed about him/her, which Regular will do subject to its legal retention obligations.
• The right of limitation: this is the Customer’s right to obtain the limitation of the processing of his personal data when he disputes the accuracy of his data, when he believes that their processing is unlawful, or when he believes that Regular no longer needs to process his data unless the latter is unable to delete them due to a legal or other obligation.
• The right to object: this is the right to object to the processing of one’s data by Regular. Regular will respect your request unless the processing is justified by a legitimate reason in application of the regulations in force.
• The right to withdraw consent: the right to withdraw consent once it has been given.
• The right to lodge a complaint with the CNIL: without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the CNIL if you consider that the processing of personal data concerning you constitutes a breach of the applicable regulations (Art. 77 of the RGPD)

All these rights may be exercised by the Customer by making a specific request and providing proof of identity (copy of ID card or passport), by contacting Customer Support online or by post addressed to Regular’s head office. The Client will be informed of the measures taken in response to his/her request as soon as possible. Regular will not, however, respond to manifestly unfounded or excessive requests. For reasons of security and in the event of doubt as to the value and authenticity of the supporting documents produced by the Client, Regular reserves the right to request any other supporting document. Should the Client request opposition to the processing of his/her Personal Data, the Client may be asked to close his/her Account (in the event that Regular is unable to provide the Services concerned without the processing in question). Customers are informed of their right to lodge a complaint with the competent supervisory authority responsible for data protection, i.e. the CNIL.

12. Cookies

Customers are informed that when they visit the Site, a cookie may be automatically installed on their browser. Cookies are text files, often encrypted, stored in your browser. They are created when a user’s browser loads a given website: the site sends information to the browser, which then creates a text file. Each time the customer returns to the same site, the browser retrieves this file and sends it to the website’s server. We can distinguish between two types of cookies, which have different purposes: technical cookies and advertising cookies:

• Technical cookies are used throughout your browsing experience, to facilitate navigation and perform certain functions. A technical cookie may, for example, be used to memorize the answers entered in a form, or the customer’s preferences regarding the language or layout of a website, where such options are available.
• Advertising cookies may be created not only by the website on which the Customer is browsing, but also by other websites displaying advertisements, announcements, widgets or other elements on the page displayed. In particular, these cookies may be used to carry out targeted advertising, i.e. advertising determined according to the Customer’s browsing habits.

The Site uses technical cookies. These are stored in the Customer’s browser for a period not exceeding six (6) months.

The Site uses advertising cookies. The customer can deactivate these cookies by clicking on a dedicated tab on the Site (Refuse advertising cookies). The Site uses or may use Google Analytics, a statistical audience analysis tool that generates a cookie to measure the number of visits to the site, the number of pages viewed and visitor activity. The customer’s IP address is also collected to determine the city from which he/she is connecting. This cookie is stored for 13 months. The Site reminds customers that they may refuse to accept cookies by configuring their browser. However, such a refusal could prevent the Site from functioning properly.

13. Exercise of customer rights

In accordance with the provisions of current legislation, in particular the RGPD, you have a battery of rights that you can exercise at any time as a data subject. You can exercise all these rights by contacting us:

• By post to: 41 rue de la Chaussée d’Antin 75009 Paris
• By e-mail: contact@regular.eu

You also have the right to lodge a complaint with the competent supervisory authority (in France, this is the Commission Nationale de l’Informatique et des Libertés, known as “Cnil”: 3 place de Fontenoy – TSA 80715 – 75334 Paris cedex 07; tel.: 01 53 73 22 22) if you consider that your personal data has not been processed in accordance with the legal and regulatory provisions governing the protection of personal data. To understand your rights, please refer to the explanations provided by Cnil here: www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles