Terms & conditions

Lending privacy notice

LAST UPDATED: 1 June 2023

Download as PDF

LendInvest”, “we”, “us” and “our” means LendInvest plc and our Affiliates, and we are committed to respecting your privacy.

We are registered in the UK and our registered address is at Two Fitzroy Place, 8 Mortimer Street, London, W1T 3JJ and our company registration number is 08146929.

“Affiliates” means other members of the corporate group to which LendInvest plc belongs, including in respect of any entity controlling, controlled by or under the common control of LendInvest plc.

About this privacy notice

For the purposes of data protection law, we are a data controller in respect of your personal data. LendInvest is responsible for ensuring that it uses your personal data in compliance with data protection law.

This privacy notice applies if you are an applicant, borrower, agent, intermediary or broker.

The privacy notice sets out the basis on which any personal data about you that you provide to us, that we create, or that we obtain about you from other sources, will be processed by us. Please take the time to read and understand this privacy notice.

We may update this privacy notice from time to time. If we make any significant changes to this privacy notice, we will contact you and add a notice to our website.

Personal data that we collect about you

We will collect and process the following personal data about you:

Borrowers

Information that you provide directly to us or one of our Affiliates

This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include:

  • identity (for example, your name, address and date of birth), contact and financial information about you as an applicant or borrower as well as about directors, partners, members, shareholders, beneficial owners and guarantors;
  • family, lifestyle, education, employment or social circumstances if relevant to the product or service;
  • personal data in any of the above forms about other named applicants. You must have the authority to provide the personal data to us and have shared this privacy notice with them beforehand;
  • information provided to us during the course of a loan (including, if you are a borrower, certain personal, identity, contact and financial information about directors, partners, members, shareholders, beneficial owners and guarantors); and
  • information about the devices you use to access our content and services (for example, your IP address).
Information we obtain from other sources

We may also obtain information about you from third parties including credit reference agencies, fraud prevention agencies, insolvency practitioners, debt advisers, tracing agents, commercial databases, marketing databases, public records and other publicly available information sources, including information about your business or company (e.g. previous credit applications, personal credit information, electoral register and fraud prevention information).

This may include recordings of certain phone calls with you that we or our third party loan servicer, Pepper UK, are required to make as a matter of law and for training and quality assurance or dispute resolution purposes, data held on our customer relationship management systems and records of your activity on any information technology system maintained and provided by us or by any of our Affiliates.

Intermediaries and Brokers

Information that you provide directly to us or one of our Affiliates

This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include:

  • identity (for example, your name, address and date of birth) and contact information about you as an intermediary or broker, as well as about any other directors, partners, members, shareholders, beneficial owners and guarantors or the corporate intermediary or brokerage that you work for;
  • information about the products that you apply for on behalf of your customers, including anonymised and aggregated data about your customers which enables us to monitor your performance;
  • information about the commission earned by you in respect of sales of our products to your customers;
  • information about your registration with the FCA and any other applicable regulatory bodies; and
  • information about the devices you use to access our content and services (for example, your IP address).
  • feedback provided by you about our services.
Information we obtain from other sources

We may also obtain information about you from third parties including credit reference agencies, fraud prevention agencies, insolvency practitioners, debt advisers, tracing agents, commercial databases, marketing databases, public records and other publicly available information sources, including information about your business or company (e.g. previous credit applications, personal credit information, electoral register and fraud prevention information).

This may include records of your activity on any information technology system maintained and provided by us or by any of our Affiliates.

This may also include information about you provided by any network, club, packager firm or association that you have a professional membership with and may include information regarding your membership with any such network, club, packager firm, or association (including information about any complaints or disciplinary action that may have been taken against you by any such network, club or association.

Uses of your personal data and our lawful basis

Your personal data may be stored and processed by LendInvest in the following ways and for the following purposes:

Borrower

Uses of your personal data
  • To make lending decisions: if you are an applicant or borrower, this may include assessing your application, checking details on proposals and claims for all types of insurance, making a credit decision, opening accounts and/or verifying your identity.
  • To verify your identity and prevent any fraud or money laundering: by, for example, checking details provided on applications for credit related or other facilities.
    • If you give us false or inaccurate information and/or we suspect or identify fraud or money laundering risks, we will record this and may allow law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. We may also access and use information recorded by credit or fraud prevention agencies in other countries. This information may contain your personal data.
    • If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested and/or we may stop providing existing services to you.
  • To provide you with information and services that you request from us: this will include maintaining accounts, updating our records, verifying your identity, transferring or receiving money and servicing your loan.
  • For audit: we are required to process certain data to meet our audit obligations.
  • For debt collection: enforcing loan or security provisions or tracing you in the case of a default
  • For statistical analysis: for the purposes of aggregating, reporting and other efficiency algorithms.
  • For marketing: we may process certain personal data to send you select marketing communications (these will generally be emails to you from us) which we believe would be of interest to you. You (or someone acting on your behalf) can opt out of receiving marketing communications at any time by following the process set out below.
Lawful Basis for using your personal data
  • Steps Prior to Contract: you (or an agent or intermediary acting on your behalf) require us to take specific steps to decide if we can enter into a loan contract with you, including to make credit decisions and where appropriate provide you with indicative loan terms and/or a loan offer – the processing of your personal data is necessary for us to do this;
  • Performance of a Contract: the processing is necessary for us to enter into a loan agreement with you and to comply with our obligations under the loan agreement including to provide you with information and services that you request from us;
  • Legal Obligations: we have legal and regulatory obligations that we have to discharge, particularly in respect to the prevention of fraud and money laundering, to comply with your rights under data protection law if you make a request, and to comply with certain of our audit obligations;
  • Legal Claims: we may need to use your personal data to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
  • Legitimate Interests: the use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our Affiliates), such as:
    • to be able to comply with the contractual obligations we have with our institutional funding lines;
    • being able to enforce our contractual agreements including but not limited to our loan agreements terms and conditions and loan security;
    • being able to carry out internal and external audits on our loans and origination processes to ensure quality and consistency across our portfolio;
    • preventing fraud and money laundering as well as protecting the business of LendInvest and its Affiliates more generally;
    • if you are an individual, sole trader or a partner in a partnership, sending you select direct marketing communications about products and special offers that we think may be of interest to you (based on products you already receive from us or products that you have expressed an interest in receiving). You have the right to opt out of receiving marketing communications we may send you at any time and can do so by unsubscribing by selecting the ‘unsubscribe’ option contained at the bottom of our emails we send to you.
    • if you are a company or an individual working for a company, sending you select direct marketing communications using your business contact details to market our products and services to you. You have the right to opt out of receiving marketing communications we may send you at any time and can do so by unsubscribing by selecting the ‘unsubscribe’ option contained at the bottom of our emails we send to you.

Intermediary or Broker

Uses of your personal data
  • To verify your identity and prevent any fraud or money laundering: by, for example, checking details provided on applications for credit related or other facilities.
    • If you give us false or inaccurate information and/or we suspect or identify fraud or money laundering risks, we will record this and may allow law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. We may also access and use information recorded by credit or fraud prevention agencies in other countries. This information may contain your personal data.
    • If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested and/or we may stop providing existing services to you.
  • To provide you with information and services that you request from us: this will include maintaining accounts, updating our records, verifying your identity, transferring or receiving money and servicing your broker account with us.
  • For audit: we are required to process certain data to meet our audit obligations.
  • For statistical analysis: for the purposes of aggregating, reporting and other efficiency algorithms.
Lawful Basis for using your personal data
  • Steps Prior to Contract: we need to collect and process certain information about you before approving you as a broker of our products with rights to introduce us to your clients under our Broker Terms, including to verify your identity and FCA approvals;
  • Performance of a Contract: the processing is necessary for us to enter into Broker Terms with you and to comply with our obligations under the Broker Terms including to provide you with information and services that you request from us;
  • Legal Obligations: we have legal and regulatory obligations that we have to discharge, particularly in respect to the prevention of fraud and money laundering, to comply with your rights under data protection law if you make a request, and to comply with certain of our audit obligations;
  • Legal Claims: we may need to use your personal data to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
  • Legitimate Interests: the use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our Affiliates), such as:
    • to be able to comply with the contractual obligations we have with our institutional funding lines;
    • being able to enforce our contractual agreements including but not limited to our Broker Terms;
    • being able to carry out internal and external audits on our loans and origination processes to ensure quality and consistency across our portfolio;
    • preventing fraud and money laundering as well as protecting the business of LendInvest and its Affiliates more generally;
    • if you are an individual, sole trader or a partner in a partnership, sending you select direct marketing communications about products and special offers that we think may be of interest to you (based on products you already receive from us or products that you have expressed an interest in receiving). You have the right to opt out of receiving marketing communications we may send you at any time and can do so by unsubscribing by selecting the ‘unsubscribe’ option contained at the bottom of our emails we send to you.
    • if you are a company or an individual working for a company, sending you select direct marketing communications using your business contact details to market our products and services to you. You have the right to opt out of receiving marketing communications we may send you at any time and can do so by unsubscribing by selecting the ‘unsubscribe’ option contained at the bottom of our emails we send to you.

If you fail or refuse to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Transfer of your information to Affiliates

Any of the personal data we collect about you may be transferred to our Affiliates to be stored and processed in the ways and for the purposes set out above in this privacy notice.

Disclosure of your information to third parties

We may share your personal data outside of LendInvest and our Affiliates to the following third parties:

  • with credit reference and fraud prevention agencies – we have set out below a summary of what happens when your data is shared with these agencies below. If false or inaccurate information is provided and/or fraud is suspected or identified, details will be passed to fraud prevention agencies;
  • with third parties involved in your account and / or transaction (for example, in the case of a joint borrower sole proprietor (JBSP) mortgage, the third party contributing to or otherwise guaranteeing the mortgage);
  • with solicitors or other independent legal advisers acting for you, LendInvest or any other third parties involved in your account and / or transaction (for example, the contributor or guarantor for a JBSP mortgage); with a third party loan servicer for the purposes of providing services to us and you. Any third party servicer will be subject to confidentiality requirements and they will only use your personal data as described in this privacy notice;
  • we may disclose your personal data to our institutional funding lines and equity providers in accordance with our contractual obligations. This may include, but is not limited to, Chetwood Financial Limited. Details on how they will use your personal data can be found at How we collect and use your personal information. Any such disclosure will be subject to confidentiality requirements and third parties will be contractually obligated to use your personal data in accordance with applicable data protection laws;
  • if we sell any of our business or assets, in which case we may disclose your personal data to prospective buyers and their advisers for due diligence purposes. Any such disclosure will be subject to confidentiality requirements and third parties will be contractually obligated to use your personal data in accordance with applicable data protection laws;
  • if we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third party buyer and their advisers. Any such disclosure will be subject to confidentiality requirements and third parties will be contractually obligated to use your personal data in accordance with applicable data protection laws;
  • to third party agents or contractors (for example, the providers of our electronic data storage services, auditors, solicitors or valuers) for the purposes of providing services to us. These third parties will be subject to confidentiality requirements and contractual restrictions in terms of how they will use your personal data;
  • to government bodies and agencies in the UK and overseas;
  • payment systems if you require us to use them to process transactions; and
  • to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation, establish, exercise or defend our legal rights.

Transfers of personal data outside the UK

The personal data that we collect from you may be transferred to, and stored at, a destination outside the UK. It may also be processed by staff operating outside of the UK who work for our Affiliates or for one of our suppliers.

Where we transfer your personal data outside the UK, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the UK. This can be done in a number of ways, for instance:

  • the country that we send the data to might be approved by the Secretary of State; or
  • the recipient might have signed up to a contract based on the international data transfer agreement or addendum approved by the UK Parliament, obliging them to protect your personal data.

In other circumstances the law may permit us to otherwise transfer your personal data outside the UK. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.

You can obtain more details of the protection given to your personal data when it is transferred outside the UK (including a copy of the international data transfer agreement or addendum which we have entered into with recipients of your personal data, where applicable) by contacting us in accordance with the “Contacting us” section below.

Retention of personal data

How long we hold your personal data for will vary. The retention period will be determined by various criteria including:

  • the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
  • legal obligations – laws and regulations may set a minimum period for which we have to keep your personal data.

If you require specific information about how long your information will be held, or for support in exercising any of your data subject rights in respect of the personal data held about you, please contact us using the details in the "Contacting us" section below.

Data anonymisation and aggregation

We may convert your personal data into statistical or aggregated data which can’t be used to identify you and this may be used to produce research or reports. This aggregated data may be used or shared in any of the ways described in this privacy notice.

Automated Decision-Making

We may use automated techniques such as software or AI programmes to analyse your data to help us make decisions about you.

However, we do not rely solely on such automated techniques to make any legal or significant decisions about you, such as any final lending decisions, which are made by humans. You will not be subject to decisions that will have a legal or significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

Your rights

You have a number of legal rights in relation to the personal data that we hold about you. These rights include:

  • the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
  • the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another reason (other than consent) for doing so;
  • in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
  • the right to request that we rectify your personal data if it is inaccurate or incomplete;
  • the right to request that we erase or correct your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
  • the right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are entitled to continue processing your personal data and / or to refuse that request; and
  • the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.

You can exercise your rights by contacting us using the details set out in the “Contacting us” section below.

You can find out more information about your rights by contacting the Information Commissioner’s Office, or by searching their website at https://ico.org.uk/.

Contacting us

If you would like further information on the collection, use, disclosure, transfer or processing of your personal data, the exercise of any of the rights listed above, or if you have any other questions about the processing of your personal data, please address questions, comments and requests at https://www.lendinvest.com/contact/.

Credit and fraud prevention agencies

What credit reference and fraud prevention agencies do with your data

Your personal data may be used by credit reference and fraud prevention agencies to prevent fraud and money laundering and to verify your identity.

Credit reference agencies will keep records of outstanding debt on file for six years after they are closed, whether settled by you or defaulted.

Fraud prevention agencies may hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years

Your information will not be used by credit reference agencies to create a blacklist or to make a decision.

The information which we and other organisations provide to the credit reference agencies and/or fraud prevention agencies about you, may be supplied by credit reference agencies and fraud prevention agencies to other organisations and used by them to:

  • prevent crime, fraud and money laundering by, for example checking details provided on applications for credit and credit related or other facilities;
  • check the operation of credit and credit-related accounts;
  • verify your identity if you apply for other facilities*;
  • make decisions on credit and credit related services about you;
  • manage your personal credit or credit related account(s);
  • trace your whereabouts and recover debts that you owe;
  • conduct other checks to prevent or detect fraud; and
  • undertake statistical analysis and system testing.

* Where your information is passed to fraud prevention agencies, a record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. Please contact us using the details set out in the “Contacting Us” section above.

What credit reference and fraud prevention agencies do with your data when you are a company applying for a loan

When credit reference agencies receive a search from us they will:

  1. place a credit search “footprint” on your company credit file whether or not your application proceeds. If the search was for a credit application the record of that search (but not the name of the organisation that carried it out) may be seen by other organisations when your business applies for credit in the future;
  2. place an enquiry search on the personal credit files of any director/owner or partner that have been searched. Place an associate enquiry search on your personal financial partner’s credit file, if that is checked, if they are a director. These enquiry searches will not be seen by other organisations if any director/owner or partner applies for credit in the future;
  3. link together the previous and subsequent names advised by you, of anyone that is a party to the account;
  4. place an enquiry or identification search on the record of any shareholder who is a beneficial owner and who we have checked;
  5. create a record of the name and address of your business and its proprietors if there is not one already.

The information which we and other organisations provide to the credit reference agencies and/or fraud prevention agencies about you, your business partners and details about your business may be supplied by credit reference agencies and fraud prevention agencies to other organisations and used by them to:

  • prevent crime, fraud and money laundering by, for example checking details provided on applications for credit and credit related or other facilities;
  • check the operation of credit and credit-related accounts;
  • verify your identity if you or your business partner(s) apply for other facilities*;
  • make decisions on credit and credit related services about you and/or your business partner, or your business;
  • manage your personal, your business partner’s and/or business credit or credit related account(s);
  • trace your whereabouts and recover debts that you owe;
  • conduct other checks to prevent or detect fraud; and
  • undertake statistical analysis and system testing.

* Where your information is passed to fraud prevention agencies, a record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. Please contact us using the details set out in the “Contacting Us” section above.

Credit reference agencies supply the following information to us

  1. information about your business or company, such as previous applications for credit and the conduct of the accounts and also similar personal credit information in your name and of your business partners;
  2. public information such as County Court Judgments (CCJs) and bankruptcies;
  3. electoral register information on you and your business partners;
  4. fraud prevention information; and
  5. confirmation or otherwise that the usual residential addresses supplied by directors match those on the restricted register held at Companies House (or for those directors’ addresses registered under section 243 of the Companies Act, that the usual residential addresses supplied by directors match those on the credit reference agency’s proprietary business directory).

Data transfers by fraud prevention agencies

Organisations may access and use from other countries the information recorded by fraud prevention agencies.

Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

Credit Reference Agency contact details

You can contact the CRAs currently operating in the UK; the information they hold may not be the same so it is worth contacting them all.

  • CALLCREDIT, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ or call 0870 0601414
  • EQUIFAX PLC, Credit File Advice Centre, PO Box 3001, Bradford, BD1 5US or call 0870 010 0583 or log on to www.myequifax.co.uk.
  • EXPERIAN, Consumer Help Service, PO Box 8000, Nottingham NG80 7WF or call 0844 4818000 or log on to www.experian.co.uk.

The ways in which CRAs use and share personal information is explained in the Credit Reference Agency Information Notice (CRAIN) which can be accessed via any of the following links:

Fraud prevention agency contact details

  • CIFAS, Consumer Affairs, Cifas, 6th Floor, Lynton House, 7-12 Tavistock Square, London, WC1H 9LT or call 0330 100 0180 or log on to https://www.cifas.org.uk/contact-us
  • National SIRA, Compliance Department, Synectics Solutions Ltd., Synectics House, The Brampton, Newcastle-under-Lyme, Newcastle ST5 0QY

Changes to our lending privacy notice

We may make changes to this lending privacy notice, and how we use your information, in the future. If we do this, we’ll post an updated version of this notice on our website. You can find the current version of this notice by visiting our website at Lending Privacy Policy. This lending privacy notice was last updated in June 2023.