Lending privacy notice
LAST UPDATED: 28 February 2019
“LendInvest”, “we”, “us” and “our” means LendInvest plc and our Affiliates, and we are committed to respecting your privacy.
We are registered in the UK and our registered address is at Two Fitzroy Place, 8 Mortimer Street, London, W1T 3JJ and our company registration number is 08146929.
“Affiliates” means, in respect of any person, any other person controlling, controlled by or under the common control of that person. Please note that a fund shall be deemed to be controlled by (and be an Affiliate of) its investment adviser.”About this privacy notice
For the purposes of data protection law, we are a data controller in respect of your personal data. LendInvest is responsible for ensuring that it uses your personal data in compliance with data protection law.
This privacy notice applies if you are an applicant, borrower, agent or intermediary.
The privacy notice sets out the basis on which any personal data about you that you provide to us, that we create, or that we obtain about you from other sources, will be processed by us. Please take the time to read and understand this privacy notice.
We may update this privacy notice from time to time and so you should check back periodically.Personal data that we collect about you
We will collect and process the following personal data about you:
- Information that you provide directly to us or one of our Affiliates. This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include:
- identity (for example, your name, address and date of birth), contact and financial information about you as an applicant, borrower, agent or intermediary as well as about directors, partners, members, shareholders, beneficial owners and guarantors;
- biometric data (e.g. facial recognition);
- family, lifestyle, education, employment or social circumstances if relevant to the product or service;
- personal data in any of the above forms about other named applicants. You must have the authority to provide the personal data to us and have shared this privacy notice with them beforehand;
- information provided to us during the course of a loan (including, if you are a borrower, agent or intermediary, certain personal, identity, contact and financial information about directors, partners, members, shareholders, beneficial owners and guarantors); and
- information about the devices you use to access our content and services (for example, your IP address).
- Information we obtain from other sources.
Your personal data may be stored and processed by LendInvest in the following ways and for the following purposes:
- To make lending decisions: if you are an applicant or borrower, this may include assessing your application, checking details on proposals and claims for all types of insurance, making a credit decision, opening accounts and/or verifying your identity.
- To verify your identity and prevent any fraud or money laundering: by, for example, checking details provided on applications for credit related or other facilities.
- If you give us false or inaccurate information and/or we suspect or identify fraud or money laundering risks, we will record this and may allow law enforcement agencies to access and use your personadata to detect, investigate and prevent crime. We may also access and use information recorded by credit or fraud prevention agencies in other countries. This information may contain your personal data.
- If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested and/or we may stop providing existing services to you.
- To provide you with information and services that you request from us: this will include maintaining accounts, updating our records, verifying your identity, transferring or receiving money and servicing your loan.
- For audit: we are required to process certain data to meet our audit obligations.
- For debt collection: enforcing loan or security provisions or tracing you in the case of a default.
- For statistical analysis: for the purposes of aggregating, reporting and other efficiency algorithms.
- For marketing: we may process certain personal data to send you select marketing communications (these will generally be emails to you from us) which we believe would be of interest to you. You (or someone acting on your behalf) can opt out of receiving marketing communications at any time by following the process set out below.
We are entitled to use your personal data in these ways because:
- you (or an agent or intermediary acting on your behalf) require us to take specific steps to decide if we can enter into a loan contract with you, including to make credit decisions and where appropriate provide you with indicative loan terms and/or a loan offer – the processing of your personal data is necessary for us to do this;
- the processing is necessary for us to enter into a loan agreement with you and to comply with our obligations under the loan agreement including to provide you with information and services that you request from us;
- we have legal and regulatory obligations that we have to discharge, particularly in respect to the prevention of fraud and money laundering, to comply with your rights under data protection law if you make a request and to comply with certain of our audit obligations;
- we may need to use your personal data to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
- the use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our Affiliates), such as:
- to be able to comply with the contractual obligations we have with our institutional funding lines;
- being able to enforce our contractual agreements including but not limited to our loan agreements terms and conditions and loan security;
- being able to carry out internal and external audits on our loans and origination processes to ensure quality and consistency across our portfolio;
- preventing fraud and money laundering as well as protecting the business of LendInvest and its Affiliates more generally;
- if you are an individual, sole trader or a partner in a partnership, sending you select direct marketing communications about products and special offers that we think may be of interest to you (based on products you already receive from us or products that you have expressed an interest in receiving). You, or someone acting on your behalf, have the right to opt out of receiving marketing communications we may send you at any time and can do so by unsubscribing by selecting the ‘unsubscribe’ option contained at the bottom of our emails we send to you.
- if you are a company or an individual working for a company, sending you select direct marketing communications using your business contact details to market our products and services to you. You, or someone acting on your behalf, have the right to opt out of receiving marketing communications we may send you at any time and can do so by unsubscribing by selecting the ‘unsubscribe’ option contained at the bottom of our emails we send to you.
We may share your personal data outside of LendInvest and our Affiliates to the following third parties:
- with credit reference and fraud prevention agencies – we have set out below a summary of what happens when your data is shared with these agencies below. If false or inaccurate information is provided and/or fraud is suspected or identified, details will be passed to fraud prevention agencies;
- with a third party loan servicer for the purposes of providing services to us and you. Any third party servicer will be subject to confidentiality requirements and they will only use your personal data as described in this privacy notice;
- we may disclose your personal data to our institutional funding lines and equity providers in accordance with our contractual obligations. Any such disclosure will be subject to confidentiality requirements and your personal data would only be used as described in this privacy notice;
- if we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer for due diligence purposes;
- if we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third party buyer;
- to third party agents or contractors (for example, the providers of our electronic data storage services, auditors, solicitors or valuers) for the purposes of providing services to us. These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this privacy notice;
- if there is an emergency or we need to protect the security of our business or your vital interests;
- to government bodies and agencies in the UK and overseas;
- payment systems if you require us to use them to process transactions; and
- to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation, establish, exercise or defend our legal rights.
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who work for our Affiliates or for one of our suppliers.
Where we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA. This can be done in a number of ways, for instance:
- the country that we send the data to might be approved by the European Commission;
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data; or
- where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme.
In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the “Contacting us” section below.Retention of personal data
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
- the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
- legal obligations – laws and regulations may set a minimum period for which we have to keep your personal data.
We may convert your personal data into statistical or aggregated data which can’t be used to identify you and this may be used to produce research or reports. This aggregated data may be used or shared in any of the ways described in this privacy notice.Your rights
You have a number of legal rights in relation to the personal data that we hold about you. These rights include:
- the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
- the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another reason (other than consent) for doing so;
- in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
- the right to request that we rectify your personal data if it is inaccurate or incomplete;
- the right to request that we erase or correct your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
- the right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are entitled to continue processing your personal data and / or to refuse that request; and
- the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.
You can exercise your rights by contacting us using the details set out in the “Contacting us” section below.
You can find out more information about your rights by contacting the Information Commissioner’s Office, or by searching their website at https://ico.org.uk/.Contacting us
If you would like further information on the collection, use, disclosure, transfer or processing of your personal data, the exercise of any of the rights listed above, or if you have any other questions about the processing of your personal data, please address questions, comments and requests at https://www.lendinvest.com/about/contact-us/.
Credit and fraud prevention agenciesWhat credit reference and fraud prevention agencies do
When credit reference agencies receive a search from us they will:
- place a credit search “footprint” on your company credit file whether or not your application proceeds. If the search was for a credit application the record of that search (but not the name of the organisation that carried it out) may be seen by other organisations when your business applies for credit in the future;
- place an enquiry search on the personal credit files of any director/owner or partner that have been searched. Place an associate enquiry search on your personal financial partner’s credit file, if that is checked, if they are a director. These enquiry searches will not be seen by other organisations if any director/owner or partner applies for credit in the future;
- link together the previous and subsequent names advised by you, of anyone that is a party to the account;
- place an enquiry or identification search on the record of any shareholder who is a beneficial owner and who we have checked;
- create a record of the name and address of your business and its proprietors if there is not one already.
- information about your business or company, such as previous applications for credit and the conduct of the accounts and also similar personal credit information in your name and of your business partners;
- public information such as County Court Judgments (CCJs) and bankruptcies;
- electoral register information on you and your business partners;
- fraud prevention information; and
- confirmation or otherwise that the usual residential addresses supplied by directors match those on the restricted register held at Companies House (or for those directors’ addresses registered under section 243 of the Companies Act, that the usual residential addresses supplied by directors match those on the credit reference agency’s proprietary business directory).
Your personal data may be used by credit reference and fraud prevention agencies to prevent fraud and money laundering and to verify your identity.
Credit reference agencies will keep records of outstanding debt on file for six years after they are closed, whether settled by you or defaulted.
Fraud prevention agencies may hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
Your information will not be used by credit reference agencies to create a blacklist or to make a decision.
The information which we and other organisations provide to the credit reference agencies and/or fraud prevention agencies about you, your business partners and details about your business may be supplied by credit reference agencies and fraud prevention agencies to other organisations and used by them to:
- prevent crime, fraud and money laundering by, for example checking details provided on applications for credit and credit related or other facilities;
- check the operation of credit and credit-related accounts;
- verify your identity if you or your business partner(s) apply for other facilities*;
- make decisions on credit and credit related services about you and/or your business partner, or your business;
- manage your personal, your business partner’s and/or business credit or credit related account(s);
- trace your whereabouts and recover debts that you owe;
- conduct other checks to prevent or detect fraud; and
- undertake statistical analysis and system testing.
* Where your information is passed to fraud prevention agencies, a record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. Please contact us using the details set out in the “Contacting Us” section above.Data transfers by fraud prevention agencies
Organisations may access and use from other countries the information recorded by fraud prevention agencies.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
Credit Reference Agency contact details
You can contact the CRAs currently operating in the UK; the information they hold may not be the same so it is worth contacting them all.
- CALLCREDIT, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ or call 0870 0601414
- EQUIFAX PLC, Credit File Advice Centre, PO Box 3001, Bradford, BD1 5US or call 0870 010 0583 or log on to www.myequifax.co.uk.
- EXPERIAN, Consumer Help Service, PO Box 8000, Nottingham NG80 7WF or call 0844 4818000 or log on to www.experian.co.uk.
The ways in which CRAs use and share personal information is explained in the Credit Reference Agency Information Notice (CRAIN) which can be accessed via any of the following links:
Fraud prevention agency contact details
- CIFAS, Consumer Affairs, Cifas, 6th Floor, Lynton House, 7-12 Tavistock Square, London, WC1H 9LT or call 0330 100 0180 or log on to https://www.cifas.org.uk/contact-us
- National SIRA, Compliance Department, Synectics Solutions Ltd.,Synectics House, The Brampton, Newcastle-under-Lyme, Newcastle ST5 0QY