We are Lendable Limited. Our registered office is at Lendable, Telephone House, 69-77 Paul St, London, EC2A 4NW. We are registered in England and Wales under company number 08828186. We are registered on the Information Commissioner's Office (ICO) Register of Data Controllers under registration number ZA041704.
We can be contacted:
by post at Lendable, Telephone House, 69-77 Paul St, London, EC2A 4NW,
by email at contact@lendable.co.uk,
or by phone on 020 3322 1948.
Our Data Protection Officer can be contacted by post at the address above.
We collect personal data about you in the following ways:
We may hold and use various types of personal information collected at the start of, and during your relationship with us. We will limit the collection and processing of these personal data to what is necessary to achieve the purposes identified in this notice.
The information you provide to us must be correct, accurate, complete and not misleading.
Personal information may include:
In some circumstances we may also collect and process special categories of personal information. This is to help ensure that our services are accessible and so that we can offer appropriate levels of support where required.
We may use your information:
We may monitor and record calls, emails, SMS and other communications to ensure transactions are executed correctly, detecting any vulnerabilities you may have, and for security, quality control, training and fraud prevention purposes.
If we cannot offer you a product, we may check your eligibility for loans and/or other relevant credit products from our panel of trusted lenders and brokers. We will always seek your consent to do this and in assessing eligibility our partners will always use soft checks which will not impact your credit file. Our partners include:
We collect and use your personal information where it is necessary for us to carry out our lawful business activities. Our grounds for processing your data are as follows:
We may process your information where it is necessary to enter into a contract with you or to perform our obligations under that contract. This may include processing to:
We may process your data where it is a legal or statutory obligation on us. This may include processing to:
We may process your information when we have a business or commercial reason to do so. If we do, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is. This may include processing to:
We may use third party companies to provide services on our behalf. This may require these organisations to access and process your personal data. These may include:
To deliver services to you, we, or one of our service providers, may transfer your personal data to countries outside either the UK or the European Economic Area (EEA), whose personal data protection laws are less strict than in the UK or the EEA. Where we or one of our service providers do so, we will make sure suitable safeguards are in place to protect your personal data, in line with data protection law. The safeguards we use will depend on the circumstances and the third party who we transfer data to, but include the EU Commission's standard contractual clauses. Please contact contact@lendable.co.uk if you want to know more details about the above safeguards or obtain a copy of the standard contractual clauses we use to transfer data outside the UK and the EEA.
To process your application, we will perform credit and identity checks on you with one or more credit reference agencies ("CRAs"). Where you take services from us we may also make periodic searches at CRAs to manage your account with us. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your accounts including settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt and payment performance. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
Where you have a financial association with someone your records may be linked, so you should discuss your application with them before you make it. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully file for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at https://www.transunion.co.uk/crain. Credit Reference Agency Information Notices (CRAIN) are also accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document:
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. The Fair Processing Notices for Cifas provides further details on how your information will be used by us and these fraud prevention agencies, and your data protection rights.
We use a tool provided by TrueLayer Limited (www.truelayer.com) ("TrueLayer") that allows you to send information on your payment accounts to us and other service providers.
In order to use this service, you will be asked to agree to their Terms of Service and enter your payment account details with TrueLayer or, for Open Banking connections, you will be redirected to your bank by TrueLayer in order to authenticate yourself. The Terms of Service set out the terms on which you agree to TrueLayer accessing information on your payment accounts for the purposes of transmitting that information to us.
TrueLayer is subject to UK and EU data protection laws and is required to treat your data in accordance with those laws, as well as the Terms of Service and TrueLayer's Privacy Policy.
TrueLayer is authorised by the UK Financial Conduct Authority under the Payment Services Regulations 2017 to provide account information services and payment initiation services (Firm Reference Number: 901096).
We may also obtain Open Banking data from other third parties which may include details of your transactions with other financial institutions.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide financing to you. If you have any questions about this, or believe that your information has been processed inaccurately, please contact us at the address above.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to 'international frameworks' intended to enable secure data sharing.
When we first collect your data, we will give you the opportunity to confirm your preferences. Any electronic marketing communications we send you will include clear instructions to follow should you wish to unsubscribe at any time. You may also amend your contact preferences in the following ways:
As a data subject, you have a number of rights:
Your data protection rights are subject to certain restrictions and conditions and financial organisations are required to retain a range of your information for legal and regulatory reasons including responsible lending and the prevention of financial crime. Lendable is required to keep a record of the information reported to the Credit Reference Agencies about you and will therefore retain repayment information regarding your loan for six years from the date that the loan is settled/closed. If your account is recorded as defaulted, the data is kept for six years from the date of the default. This may be extended where we require this to bring or defend legal claims.
If you think that any of the personal data we hold about you is wrong or incomplete you have the right to challenge it.
We will not make a charge for handing your rights request, unless we consider it to be manifestly unfounded or excessive involving a disproportionate effort (particularly if this is repeated request). If you would like to exercise any of the rights outlined above, you can make a request verbally by calling 020 3322 1948 or in writing by emailing contact@lendable.co.uk.
We will assess your request and if we decided not to act upon it or place certain restrictions on it, we will inform you of our reasons for this.
You have the right to complain to us and to the data protection regulator, the Information Commissioner's Office. Their address is: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. They can be contacted by phone on 0303 123 1113 (local rate) or 01625 545745 if you prefer to use a national rate number.
You can find details on how to report a concern at: https://ico.org.uk/make-a-complaint/
We will not typically ask you for any 'special categories' of personal data. This is also referred to as 'sensitive personal data' and includes information revealing an individual's political opinions, racial or ethnic origin, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning an individual's sex life or sexual orientation.
We may process personal data about your health or medical conditions, where we need to understand this to provide you with support, or to make adjustments in how we provide you with information or provide you with additional services that you may need. Companies acting on our behalf specialising in identifying vulnerable customers or customer reconnection and information gathering visits may also process personal data about your health or medical conditions for this purpose. If we process such data, we will do so to comply with our legal obligations to support you if you are, or become a vulnerable customer, and to establish, take or defend any legal action.
We will retain your personal data for as long as we are required to under relevant legislation and regulation, and where no specific rules apply, for no longer than it is necessary for our lawful purposes. This will usually be no more than six years from the end of our relationship with you. The retention period of your personal data may need to be extended where we require this to bring or defend legal claims.
We may also retain data for longer periods for statistical purposes, and if so we will anonymise this.
We use leading cloud services that have adopted industry security best practice frameworks to protect your data in transit and at rest.
We may use your personal data in automated processes to make decisions about you. You have the right not to be subject to a decision based solely on automated processing, if this will have a legal or other significant effect on you (certain exceptions apply).
We use automated decision making in:
Our website may contain hyperlinks to websites that are not operated by us. We urge you to review any privacy policy posted on any site you visit before using the site or providing any personal information about yourself.
We may use cookie technology on our website to collect some of the information detailed in this policy.
Cookies are small text files stored on your device or internet browser when you visit us. We use cookies mainly to improve the performance of the Lendable website and our service for our customers. Our Cookie Policy explains in more detail what types of cookie we use, why we use them and how to identify and disable them.
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. The Fair Processing Notices for Cifas provides further details on how your information will be used by us and these fraud prevention agencies, and your data protection rights.