The privacy of Customers' personal data is important to LendProtect. Please carefully read this policy to get a better understanding of:
• What Customer personal data we have collected;
• How we use Customer personal data;
• How Customer personal data is shared;
• How we retain and secure Customer personal data;
• Your personal data protection rights; and
• How to contact us or file a complaint.
Any changes made to this policy will be posted on this site.
The types of personal data we have collected
By way of summary, the personal data we collected included the following:
• Details regarding the relationship between the Customer, their bank account, and their debit card by reviewing database history;
• Bank sort codes and bank account numbers;
• Details found in Customer applications with lenders and their bank account data;
• A Customer's bankruptcy and IVA history;
• Customer debit and credit card transactions;
• Loan performance data for underbanked Customers;
• Attributes from Equifax such as the "Number of credit inquiries in last 12 months" and the "Age of Accounts in Months";
• Personal data found in credit reports from Equifax (with and without linked addresses);
• Information relating to checks for ensuring Customers were in compliance with Office of Foreign Assets Control, Bank of England, European Union, Central Intelligence Agency (CIA) and PEP (Politically Exposed Persons) Intelligence;
• The Customer's employment history;
• Various details about a Customer's identity (including details founds in their passport or driving licence to assess if these documents were valid);
• A Customer's home and work addresses;
• A Customer's home phone number; and
• Various information regarding a Customer's mobile phone number, as provided on their application to a lender.
How we use this data: the legal basis and purpose
As we are no longer trading, we use your personal data for the following limited purposes:
• To establish, enforce and defend legal claims;
• To comply with legal obligations and to respond to requests from government agencies, including law enforcement and other public authorities, regulators and tax authorities which may include such authorities outside your country of residence; and
We rely on our legitimate interests to process for the above purposes which include our fundamental rights and freedoms, including our freedom to conduct a business and our ability to deal with any complaints and to establish, enforce and defend legal claims. Where we are subject to a legal obligation to process your personal data (for example a court order requiring its disclosure) then we rely on that legal obligation to process the personal data.
To the extent that the personal data we process about you includes a) special categories of personal data (for example in some cases we may be processing personal data which reveals your political opinions) and/or b) personal data relating to criminal convictions and offences or related security measures, we rely on the condition for processing necessary for the purposes of complying with, or assisting other persons to comply with a regulatory requirement as set out in Schedule 1, paragraph 12 of the UK Data Protection Act 2018. We may also rely on processing necessary for the establishment, exercise or defence of legal claims.
Recipients: How your data is shared
LendProtect is no longer trading or offering services. Therefore we no longer process or share your personal data for the purposes of providing the LendProtect services. However, we may also share Customer personal data in the following circumstances for the purposes described above:
• To comply with legal obligations and to respond to requests from government agencies, including law enforcement and other public authorities, regulators, tax authorities which may include such authorities outside your country of residence; and
• To deal with any complaints from Customers or lenders.
• To protect our rights.
• To obtain legal advice.
Data transfers outside the EU: International transfers
Your personal data is stored on servers in the United States. As the laws in the United States do not offer the same level of protection as UK data protection laws, in order to ensure that appropriate safeguards are in place for your personal data we have a contract in place which incorporates the standard contractual clauses for controller to processor transfers as approved by the European Commission.
Please contact us at [email protected] if you require further information on this matter or would like to know the means by which to obtain a copy of the appropriate safeguards or where they have been made available.
How your data is retained
We retain personal data for as long as we reasonably require it for legal or regulatory purposes. We will also retain your personal data as long as necessary to deal with your queries and for as long as you or a lender might legally bring claims against us. We will take all necessary steps to ensure that data privacy is maintained for the period of retention. For further details on retention, please contact [email protected].
As set out above, we will only retain this personal data until 1 April 2022.
How your data is secured
We recognize that online security and data protection is an area of vital importance. LendProtect is committed to protecting the security of the personal data you have shared with us or we otherwise process about you. In support of this commitment, we have implemented appropriate technical, physical and organisational measures to ensure a level of security appropriate to the risk.
As the security of some communications via the internet is not completely secure, we cannot guarantee the security of any information that you disclose using your internet connection. You accept the inherent security implications of using the internet and that LendProtect is not responsible for the security of communications sent over the internet.
Your data protection rights under the UK Data Protection Act 2018
Under the UK Data Protection Act 2018, you have a number of rights which are outlined below. Some of these only apply in specific circumstances and are qualified in several respects by exemptions in data protection legislation. We will advise you in our response to any request you may make if we are relying on any such exemptions. Your rights are:
• Information: The right to be informed about our processing of your personal data;
• Correction: The right to have your personal data corrected if it's inaccurate and to have incomplete personal data completed;
• Objections: The right to object to processing of your personal data;
• Restrictions: The right to restrict processing of your personal data;
• Erasure: The right to have your personal data erased (i.e. the "right to be forgotten");
• Access: The right to request access to your personal data and information about how we process it;
• Portability: The right to move, copy or transfer your personal data (i.e. "data portability"); and
• Profiling: Rights in relation to automated decision making including profiling.
As a consumer, you are entitled to receive a copy of all personal information we held on you. You can request a copy of this information by downloading and completing the Enquiry Form below.
Under Section 45 of the Data Protection Act 2018, you may have a right to obtain from us confirmation as to whether or not your personal data is being processed by us and, where we are processing your personal data, access to that personal data and other information we are required to disclose under the Data Protection Act 2018.
Download the PDF Consumer Enquiry Form
For any requests related to your credit file or your personal data, or which are otherwise related to your rights referenced above, please download and complete this PDF Enquiry Form, along with a copy of a valid form of identification such as a driving license or passport, and send this to the following address:
LendProtect UK Limited,
Sheffield Technology Parks,
Once we receive your completed form and fee, we will send you a copy of the information on file within 10 days.
Filing a complaint
If you are not satisfied with how we manage your data, you have a right to make a complaint to your local data protection authority (i.e. 'Supervisory Authority). In the UK this is the Information Commissioner's Office.
LendProtect's Supervisory Authority is the UK Information Commissioner's Office. Should you have cause to do so, you can make a complaint to the supervisory authority in your jurisdiction, as set out above.