AT Lendr. Brokerage Limited, THE PRIVACY AND SECURITY OF OUR CLIENT’S DATA IS OF CRITICAL IMPORTANCE TO US.
We want you to be given the opportunity to understand how we use your personal information and be confident that this information is safe and secure. This Privacy Notice explains who we are, why and how we collect your personal data, how long we may keep your data for and the steps we take to ensure your data is kept secure and confidential. It also sets out your rights as a data subject.
We keep our privacy policy under review and we recommend you check it regularly. This privacy policy was last updated in January 2020.
Contents
1. Definitions
2. Who we are
3. GDPR Principles
4. Data you provide to us
5. Data collected by our website
6. Purposes for which we use your data
7. Retention of personal data
8. Transfer of data to third parties
9. Your rights
10. Embedded Content
11. Contact us
12. Changes to this Privacy Policy
1. Definitions
1.1. “Personal data” means any information which relates to a living, identifiable person. It can include names, addresses, telephone numbers, email addresses, etc. But it is wider than that and includes any other information relating to that person or a combination of information which, if put together, means that the person can be identified.
1.2. “Processing” covers all activities relating to the use of personal data by an organisation, from its collection through to its storage and disposal and everything in between.
1.3. “Data subject” means the person whose personal data is being processed.
1.4. “Controller” means the person, public authority, agency or other body which determines the purposes and means of the processing of personal data.
1.5. “Processor” means the person, public authority, agency or other body which processes personal data on behalf of the controller.
2. Who we are
Lendr. Brokerage Limited (‘Lendr.”’) together with its associated companies, provides mortgage & credit brokering services in the Isle of Man.
We operate in the Isle of Man through our local group entities and where applicable these are subject to supervisory overview by The Isle of Man Financial Services Authority (‘FSA’).
Lendr. is the controller for all personal data processed by Lendr’s staff or other appointed officers. The contact details for our offices can be found. You can also contact our Data Protection Officer, as highlighted in section 10 below.
3. GDPR Principles
Here at Lendr., we take your privacy very seriously. We will safeguard and utilise any personal data provided to us in accordance with the Principles of General Data Protection Regulation (GDPR, 2018).
The six overall principles which apply to the processing of personal data are:
1) Lawfulness, transparency and fairness
2) Purpose limitation
3) Data minimisation
4) Accuracy
5) Storage Limitation
6) Integrity and confidentiality
Together with the overarching principle of ‘accountability’ which requires us to evidence our compliance with the six principles.
4. Data you provide to us
We collect and process your data for various purposes connected with our services. We collect personal information that is necessary for us to provide credit brokering services to our clients or otherwise perform the services you have requested from us.
We also collect personal information from third parties to allow us to do this. In addition, we may require information from you and from third parties about you to allow us to comply with legal and regulatory compliance obligations.
The types of data we collect and process includes:
- Name and Contact details: Information we require for the purposes of managing our relationship, including your name, postal address, email addresses and telephone numbers.
- Due Diligence & Regulatory Details: Information we require to meet our legal and regulatory regulations, particularly anti-money laundering legislation and assessing the risk associated with providing services to you, including:
1. Identity information (current and former names, aliases, date of birth, country of birth, place of birth, gender, nationality, copy of your passport and copy of your birth certificate)
2. Documents providing proof of your identity and address (e.g. copy of your driving license, government issued documents, bank statements, utility bills, etc).
3. Detailed tax status information (your tax domicile, tax identification number, copies of tax returns).
4. Proof of the source of your wealth and funds (pension plans, property sales agreements and loan documents).
5. Professional background information (including occupation and employment information and details of legal entities you are affiliated with).
6. Details of criminal convictions and disqualification, history of bankruptcy and details of investigation by a formal official body.
7. Details of involvement in high-risk or high-profile activities.
8. Other due diligence information gathered from search engines and social media sites that are available in the public domain. - Other details: Any other information you provide to us through our relationship or that may be required to perform our duty as a credit broker.
5. Data collected by our website
5.1 Information collected.
To make our Site more useful to you, our servers collect information from you including your IP address (automatically collected), web browser type and version (automatically collected), operating system (automatically collected) and a list of URLs starting with a referring site, your activity on our website and the site you exit to (automatically collected).
5.2 Log Files.
As is true with most websites, we gather certain information automatically and store it in log files. This information includes your IP address, browser type Internet Service Provider (“ISP”), referring/exit pages, operating system, date/time stamp and clickstream data.
We use this information to analyse trends, administer the Site, track user’s movements around the Site and gather demographic information about our user base as a whole. This is used to better tailor our Site to the user's needs.
For instance, some of the information may be collected so that when you visit the Site, it will ‘recognise’ you and the information could be used to serve advertisements and other information appropriate to your interests.
Except as noted in the Privacy Policy, we do not link this automatically-collected data to Personal Data.
5.3 Cookies.
‘Cookies’ are small pieces of information that a website sends to your computer’s hard drive while you are viewing a website.
We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to improve your experience of using our Site and to ultimately, improve our range of services.
Persistent Cookies can be removed by following internet browser help file directions. You may, if you wish, deny consent to the placing of Cookies by amending the privacy settings within your browser; however certain features of our Site may not function fully or as intended.
Our Site uses analytics services provided by Google. Website analytics refers to a set of tools used to collect and analyse usage statistics, enabling us to better understand how users use the Website. You do not have to allow these Cookies, as detailed above, however the safe use of Cookies allows us to improve our business and most importantly, your experience with us.
You can choose to delete Cookies at any time, however you may lose information that allows you to access our Site more quickly and efficiently. For instance, personalisation settings and automated form filling. It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
6. Purposes for which we use your data
When providing services to you, we may use data about you for the following purposes and on the following lawful bases:
PURPOSE
Carrying out due diligence and performing risk assessments. Including carrying out standard due diligence, enhanced due diligence, politically exposed person checks and performing risk assessments in relation to your financial standing and eligibility for our services.
Legal and regulatory compliance and compliance with law enforcement requests. Including performing checks and monitoring transactions for the purpose of preventing and detecting crime. Also to comply with laws relating to money laundering, fraud, terrorist financial, bribery, corruption and international sanctions. Also, sharing information with law enforcement and regulatory bodies on suspected financial crimes, fraud and threats.
LAWFUL BASIS FOR PROCESSING
- Necessary to comply with legal obligations to which we are subject.
- Necessary to perform our contract with you.
- Our legitimate business interest to assess the risk associated with providing you with our services.
- Necessary to comply with legal obligations to which we are subject.
- Necessary to perform our contract with you.
- Managing our business operations.
- Our legitimate business interest to process your personal data in order to manage our business processes.
- Necessary to perform our contract with you.
- Sharing data with entities in our group. Including sharing client records and due diligence.
- Our legitimate business interest to utilise existing client records, due diligence and risk assessment information when providing an existing client with alternative services.
- Necessary to perform our contract with you.
- Sharing data with other third parties.
- Including third parties who process data on our behalf. Including, but not limited to, screening service providers, professional advisors, banking, IT service providers and data storage services.
- Our legitimate business interest to share your data with trusted third parties who provide us with services relevant to our provision of services to you.
- Necessary to perform our contract with you.
Where we process your personal data for a reason not named above, we will ask you for your consent before we process the personal data (these cases will be clear from the consent).
Where the legal basis for processing your personal data is that you have provided your consent, you may withdraw your consent at any time. You will not suffer any detriment for withdrawing your consent. If you withdraw consent, this will not make processing which we undertook before you withdraw your consent unlawful.
You can withdraw your consent by contacting the Data Protection Officer, whose details are provided in Section 2.
7. Retention of Personal Data
Businesses operating within the Regulated sector and Isle of Man incorporated entities themselves are subject to stringent record keeping obligations under local legislation including the Isle of Man Proceeds of Crime Act 2008.
Furthermore, in order to ensure that the rights and freedoms of our clients, our staff, our business and its Members are safeguarded, we may hold certain information connected to client entities for longer time periods.
This is on the basis that it may be required to assist with the mitigation of any future tax or regulatory query into the transactions/affairs undertaken by an entity to which we have provided services.
8. Transfer of data to third parties
We will not share your data with third parties except in specific circumstances. Generally, these circumstances will be to enable us to perform our contact with you (for instance, if you ask us to get a mortgage) or to comply with legal or regulatory obligations.
Lendr. uses Google to provide certain IT services including G-Suite platform for email and other cloud services. As a result, Google acts as a processor of personal data on our behalf. These services are provided under the data processing agreement and having made due enquiry, we are satisfied that the services provided are GDPR compliant.
9. Your rights
Under GDPR you have the right to expect us to handle your data sensitively, in accordance with the Principles set out in Article 5 of the Regulations which can be found at.
Details of your rights under GDPR are detailed in Chapter 3 – Articles 12-23 which can be found at
https://gdpr-info.eu/chapter-3/.
Right of access. You have the right of access to your personal data and can request copies of it and information about our processing of it.
Right of rectification. If the personal data we hold about you is incorrect or incomplete, you can ask us to rectify or add to it.
Right of Erasure. You have the right to ask us to erase your personal information in certain circumstances, for example where you withdraw your consent or where the personal information we collected is no longer necessary for the original purpose. This will need to be balanced against other factors however. For example, we may have regulatory and/or legal obligations which mean we cannot comply with your request.
Consent. Where we are using your personal data with your consent, you can withdraw your consent at any time.
Right to restrict. You can ask us to restrict the use of your personal data if:
* It is not accurate.
* It has been used unlawfully but you do not want us to delete it.
* We do not need it any more but you want us to keep it for another use.
* You have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request.If you wish to exercise your rights, please contact us.
If you wish to make a formal complaint concerning our conduct then you should contact the Isle of Man Information Commissioner, whose contact details are below:
Isle of Man Information Commissioner
First Floor,
Prospect House,
Douglas,
Isle of Man
IM1 1ET
Tel: +44 1624 693260
We would, however, appreciate the chance to deal with your concerns before you approach the Isle of Man Information Commissioner so please contact us in the first instance.10. Embedded Content
Pages on this site may include embedded content, like application forms, for example. Embedded content from other websites behaves in the exact same way as if you visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged-in to that website. Below you can find a list of the services we use:
* Jotform (GDPR COMPLIANT)
* LiveChat Inc (GDPR COMPLIANT)
* Formstack Forms (GDPR COMPLIANT)
* Formstack Documents (GDPR COMPLIANT)
* Zapier (GDPR COMPLIANT)
* Asana (GDPR COMPLIANT)
11. Contact us.
If you are unsure about any aspect of this notice, have any questions or wish to exercise your right, please contact our Data Protection Officer (DPO) using the details below.
Data Protection Officer email
hello@lendr.im12. Changes to this Privacy Policy
We may update this notice (and any supplemental privacy notice) from time to time as shown above.
