Last updated May 2018
This privacy notice is to let you know how Lendable gathers and processes your personal information in accordance with this privacy notice and in compliance with the relevant data protection regulation and law. This document applies to both borrowers and investors on the Lendable platform.
We are committed to ensuring that your personal data is kept safe and we have put in place appropriate technical and other security measures to protect it.
We are Lendable Limited, our registered office is at 128 Shoreditch High Street, London, E1 6JE and we are registered in England and Wales under company number 08828186. We are registered on the Information Commissioner's Office (ICO) Register of Data Controllers under registration number ZA041704. Our designated Data Protection Officer is Paul Pamment.
We collect personal data about you in the following ways:
We may hold and use various categories of personal information collected at the start of, and for the duration of your relationship with us. We will limit the collections and processing of these personal data to what is necessary to achieve the purposes identified in this notice. It is your responsibility to ensure that all information you provide to us is correct, accurate, complete and not misleading.
Personal information may include:
In some circumstances we may also collect and process certain special categories of information. This includes ensuring our services are accessible, to detect and prevent financial crime or to protect vulnerable customers. We will only collect and process special category data with your explicit consent.
We may use your information:
To understand our customers’ needs better, we will, with your permission, retain the information you have provided us to analyse customer trends and behaviour.
We monitor or record calls, emails, sms and other communications for business purposes only, such as for security, quality control and training.
If we cannot offer you a product, we may check your eligibility for loans and/or other relevant credit products from our panel of trusted lenders and brokers. We will always seek your consent to do this and our partners will always use soft checks which will not impact your credit file. Our partners include:
We will only collect and use your personal information where it is necessary for us to carry out our lawful business activities. Our grounds for processing your data are as follows
We may process your information where it is necessary to enter into a contract with you or to perform our obligations under that contract. This may include processing to:
We may process your data where it is a legal or statutory obligation. This may include processing to:
We may process your information when we have a business or commercial reason to do so. If we do, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is. This may include processing to:
We may use third party companies to provide services on our behalf. This may require these organisations to access and process your personal data.
One of our communications service providers that we use to send customer emails is located in the USA and is covered by Privacy Shield. Data in or attached to these emails will be processed outside the EEA. It may also be processed by staff operating outside the EEA who work for our provider.
For more information about these controls, please visit https://ico.org.uk and search for ‘International transfers’.
To process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). Where you take services from us we may also make periodic searches at CRAs to manage your account with us. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully file for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at https://www.callcredit.co.uk/crain. CRAIN is also accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document:
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity
Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details and device identifiers including IP address.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
We may use cookie technology on our website to collect some of the information detailed in this policy.
When a visitor requests any page from our web site, our web servers automatically obtain that visitor's domain name and IP address. This information does not contain sensitive data about our users and is critical to the functioning of all websites. An IP address serves as the return address, much like a post code, of your device when you request to see a webpage which allows us to send the information you want back to you. We only use this data to investigate and prevent fraud or abuse of our website.
This site uses the web analytics service called Inspectlet. Inspectlet can record user clicks, movements, scrolling and selected non-personal text users enter into our website. The service does not gather personally identifiable information. We use this service to improve our website, make it more user-friendly and monitor that everything is performing as well as possible.
Any electronic marketing communications we send you will include clear and concise instructions to follow should you wish to unsubscribe at any time. You may also amend your contact preferences in the following ways:
As a data subject, you have a number of rights:
Your data protection rights are subject to certain restrictions and conditions. We will assess your request, if we decided not to act upon it or place certain restrictions, we will inform you of our reasons for this. We will not make a charge for handing your rights request.
You have the right to complain to us and to the data protection regulator; the Information Commissioner’s Office. Their address is: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. They can be contacted by phone on 0303 123 1113 (local rate) or 01625 545745 if you prefer to use a national rate number.
You can find details on how to report a concern at: https://ico.org.uk/reportaconcern
We may use your personal data in automated processes to make decisions about you. You have the right not to be subject to a decision based on solely automated processing, if this will have a legal or other significant effect on you (certain exceptions apply).
We use automated decision making in: