We are London Credit Ltd, a UK private limited company, having registration number 09889336 («Data Controller»), and we can be contacted at The Business Centre, 758 Great Cambridge Road, Enfield, Middlesex, EN1 3GN, UK or electronically at firstname.lastname@example.org. Our Data Processing Officer («DPO») can be contacted by post at The Business Centre, 758 Great Cambridge Road, Enfield, Middlesex, EN1 3GN, UK or electronically at email@example.com.
The DPO may be contacted directly with regards to all matters concerning this notice and the processing of your personal data including the enforcement of all applicable and available rights.
At London Credit («we», «us», «our») the protection of your personal data is a top priority. Keeping your data secure and private is part of our philosophy to deliver high standards of services. These values are the cornerstone of our corporate culture and for this purpose it is our commitment to process your personal data as follows:
- Fairly and lawfully;
- In an appropriate manner;
- For limited purposes and not longer than necessary;
- For the purpose required and not in an excessive way;
- Keep them upto-date and accurate;
- Processed in line with your individual rights and in accordance with applicable Law;
- In a secure way avoiding unauthorised or unlawful processing;
- Protected against breach, accidental loss, destruction or damage by using appropriate technical and organisational measures;
- Not transferred to third parties or organisations without adequate protection;
This privacy notice describes how we process your personal data during and after the provision of our services, in accordance with the EU Regulation 2016/679 for the protection of natural persons with regard to the processing of personal data and on the free movement of such data («GDPR»), and the Data Protection Act, and it applies to personal data provided to us, both by yourself or by third parties.
London Credit offers a wide spectrum of services through a number of affiliate companies, and any reference to our company’s services in this privacy notice includes the operations of our affiliate companies.
We will work closely with you and third parties, where appropriate, to ensure that all statutory requirements and our policies dealing with personal data protection, strike an effective balance between your personal interests and the legitimate interests of our company as a service provider.
All data users within our company are obliged to comply with the provisions of this privacy notice and our internal data management and protection policies when processing your personal data.
Before we provide services, goods, or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
London Credit, as a company operating in the financial services industry, collects and processes the minimum and a specific set of personal data allowing the company to comply with its contractual and legal obligations.
The personal data you have provided, we have collected from you, or we have received from third parties may include your:
- Date of birth;
- Residential address and address history;
- Contact details such as email address and telephone numbers;
- Financial information;
- Employment details;
- Identifiers assigned to your computer or other internet connected device including your Internet Protocol (IP) address;
- Vehicle details;
- Business activities;
- Income, taxation and other related financial details;
- Personal / Family information;
Equally, for compliance purposes with relevant laws, we might obtain personal data concerning you, from publicly available and accessible sources as well as from other sources such as credit reference agencies, data intelligence databases, internet search engines and other third parties. Should this be the case, you will be informed accordingly by the DPO within the prescribed statutory period.
When required by law or with your express consent we may collect special categories of personal data. Pursuant to the definition given by the GDPR, these data may include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic data, biometric data, data concerning health, sex life or sexual orientation and criminal records.
The purposes for which our company will process your personal data include:
- Providing the requested services
Based on the requested services, we will use the respective personal data only in respect of providing our professional services including but not limited to credit financing, bridging loans, investments and sub-participation, assignment, transfer, novate, syndicate in relation to credit financing.
- Administration / Management / Business development
Personal data is used by us for the purpose of managing the business relationship with you, developing our business operations and services, including the provision of statistical analysis, and also archiving and IT backup and security purposes.
- Provide information about our services
Subject to your approval and consent, we will provide you with information on the company’s range of services, including commercial information and newsletters on a variety of related and associated operations.
You may withdraw your consent and unsubscribe from our newsletters anytime, by clicking the unsubscribe link located on all our e-newsletters and/or electronic commercial information or by contacting the DPO at the address above.
- Legal purposes
Our company is subject to legal and regulatory compliance obligations. Thus, your personal data will be used to carry out a compliance and risk assessment of your profile and activities to meet our obligations and to certify that our company is not statutorily prevented from providing you the requested services.
The personal data we have collected on you will be shared with fraud prevention agencies who are dedicated to fraud and money laundering prevention and identity verification services.
As part of the above compliance requirements and applicable laws, our company may be required to disclose specific personal data to supervisory and government bodies and law enforcement agencies.
- Automated decision – making / profiling
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if:
- our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or
- you appear to have deliberately hidden your true identity.
Likewise, we may use an automated decision-making system to evaluate, analyse or predict aspects concerning your credit worthiness, and our ability to provide the services in question; thus, enter or perform a contract.
You have rights in relation to automated decision making. If you want to know more, please contact us using the details above.
(Some of the above grounds for processing overlap and there may be several grounds which justify our use of your personal data).
When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
Similarly, the basis for collecting your personal data would be your express written consent (where applicable), our mutual rights and obligations governing our agreement to provide the requested services or financing and the performance of that agreement, our legal obligation to comply with the rules and regulations under the relevant applicable laws and our company’s legitimate interest in delivering our professional services as follows:
- Determine whether or not to offer a loan;
- Manage any loan advanced through to redemption;
- Manage any relationship with intermediaries including a record of introductions, payments made and other relevant information appropriate to managing the relationship;
- Managing the relationship with funders or anyone applying to become a funder and to maintain appropriate records relevant to that relationship;
- To manage business relationships with our professional advisers, contractors and third party providers;
- Share information where necessary with funders, our professional advisers, contractors and third party providers and anyone who may wish to acquire all or any part of our business;
- Share information with other companies in the same group and associated companies;
- Carry out checks with fraud prevention and credit reference agencies and tracing agencies if required.
We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services and financing or employment to you. If you have any questions about this, please contact us on the details above.
We may request your written consent for processing special categories of data. If we do so, we shall provide you with full details of the information needed and the purpose, so that you can carefully consider whether you wish to consent. You should be aware that agreeing to any request for consent from our company is not a condition to enter into any services agreement with us.
We reserve the right to make backup data files and hold secure multiple copies of personal data (including any electronic copies), in order to protect our company’s interests in the event of data loss.
We will only use your personal data for the purposes mentioned above, for performing our commercial agreement and for legitimate purposes. Your data may be processed through our secure computer network systems and accessed only by authorised users and employees within our company. We will also share your information with other associated entities and third-party professional advisers, including funders, potential purchasers, who work with us for the purposes of managing our business.
Data processing may be carried out on behalf of us by third party data processors, pursuant to written and express authorisation for specific purposes contained in the relevant authorisation. We have taken all necessary steps, including the implementation of appropriate legal, technical and organisational measures, to ensure that the data processing meets all applicable statutory requirements, thus safeguarding your rights.
Our company operates within the European Union (EU), the European Economic Area (EEA) and other third countries, and therefore your personal data or part of it may have to be transferred overseas.
We have taken all reasonable steps to ensure that personal data is provided with adequate protection and that all transfers of data are conducted pursuant to our written agreements and the supervisory authority’s guidelines (if required) and/or other legal and/or regulatory requirements.
Whenever fraud prevention agencies transfer your personal data outside of the EEA, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA. They may also require the recipients to subscribe to «international frameworks» intended to enable secure data sharing.
We will only retain your personal data for as long as it is required to fulfill our contractual obligations and any legal, accounting, tax, reporting and/or other statutory obligations.
Fraud prevention agencies can hold your personal data for different periods of time and if you are considered to pose a fraud or money laundering risk, your data can be held for up to 6 (six) years.
Where no such contractual or statutory obligation applies, it is our policy to keep the personal data for 6 (six) years after the provision or termination of the requested services. Should we not proceed with your application or for details concerning general inquiries, we will generally keep your personal information for a period of up to 1 (one) year.
The personal data processed for marketing and/or other commercial purposes shall be kept with us until you notify us that you no longer wish for it to be used for such a purpose.
Here at London Credit, the security of your personal data is taken very seriously. For both hard and electronic copy processing, we have data management systems that are periodically updated in accordance with technological development and a framework of multilevel security policies to hold data confidential and secure. Security measures have also been taken to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed.
Moreover, we have procedures to deal with suspected data security breaches or threats and should a breach ever materialize, you will be notified accordingly, along with the supervisory authority, if we are required to do so.
More information on our security framework is available upon request.
Your personal data is protected by legal rights, which include your rights to:
- Object to our processing of your personal data;
Where personal data processing is based exclusively on consent, you have the right to request from us to withdraw such consent at any given time and object to further processing. Such withdrawal will not affect the lawfulness of any data processing based on that ground prior to your withdrawal.
Upon receiving your request, we will no longer process your information for the purposes you originally agreed to, unless another legal basis exists, or for the establishment, exercise or defense of legal claims.
Should there be a distinct processing operation based on consent, we will take all necessary steps to ask for your separate consent.
The right of objection may also be exercised against the receipt of commercial / marketing information and materials.
- Request that your personal data is erased or corrected;
Save for any limitations provided by express legal or regulatory provisions, including our policies for data retention, you have the right to request your personal data to be erased from our database.
We aim in having up-to-date personal data kept in our records. Any inaccurate or incomplete personal data may be updated or rectified pursuant to a formal request.
- Request access to your personal data;
You have the right to enquire and obtain information from us, as to whether or not your personal data is being processed, including information on the purposes and legal standing of the processing, the categories of data, the recipients or group of recipients and where possible, the envisaged period for which the personal data will be stored.
Where applicable, you may also enquire in respect of any transfer of personal data to a third country or international organisation as well as to obtain more information about our existing security measures / safeguards governing such transfer.
Save for any limitations provided by express legal or regulatory provisions or our overriding legitimate interests, including our policies for data retention, you have the right to request your personal data to be erased from our database.
- Restriction of data processing;
Provided that no statutory exceptions apply, you have the right to request from us to restrict the further processing of your personal data.
- Right of portability;
In case the processing is based on consent or for the performance of a contract, where personal data is processed by automated means, you have the right to receive the personal data in a structured, commonly used and in a machine-readable form. Where it is technically feasible, you have the right to request personal data to be transmitted directly from one data controller to another; thus, from one organisation to another.
Subject to any statutory requirement, the right of portability does not extend to personal data produced by us, such as credit analysis, activity registry or other results of algorithmic analysis.
Any personal data related requests shall be processed within a reasonable time and in any case within 1 (one) month from the signed written request. This period of time may be extended under certain circumstances by a further 2 (two) months.
You will not have to bear any cost to exercise any of your rights. We may charge a reasonable fee should your requests be clearly unfounded or excessive, due to their repetitive character, or refuse to comply with such request.
We may request specific information to assist us confirm your identity and ensure your capacity to enforce your rights. This is part of our security measures to certify that personal information is not disclosed to any person who has no right to receive it.
For more information or to exercise your data protection rights, please contact us using the contact details above.
We reserve the right to amend or update this privacy notice at any time, and you will be informed when this shall take place. We may also notify you in other ways from time to time about the processing of your personal data.
If you are unhappy about how your personal data has been used please contact directly our company’s DPO, either by post at The Business Centre, 758 Great Cambridge Road, Enfield, Middlesex, EN1 3GN, UK, or electronically at firstname.lastname@example.org. For any other form of complaint please refer to our complaints policy at www.londoncredit.com/complaints-policy. You also have a right to complain to the Information Commissioner’s Office at www.ico.org.uk which regulates the processing of personal data.