Privacy Policy
Privacy Notice
Last updated: October 2023
Lendco Limited (“Lendco“) respects your right to privacy. This Privacy Notice explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights.
If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Notice.
What does Lendco do?
Lendco is a mortgage lender that offers bridging and buy-to-let loans, headquartered in the United Kingdom.
For more information about Lendco, please see the About Us section of our Website.
What personal information does Lendco collect and why?
The personal information that we may collect about you broadly falls into the following categories:
- Information that you provide voluntarily
We may ask you to provide personal information voluntarily: for example, we may ask you to provide your contact details in order to register an account with us, to apply for a loan, and/or to submit enquiries to us. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
Our application form which you submit in order to apply for a loan asks for the following types of information to allow us to perform relevant Know-Your-Customer (“KYC“) checks and to assess your suitability for a loan:
- Personal details (including name, date of birth, marital status, nationality and residence rights);
- Contact details (including email address, phone number(s) and residential address(es) for the past 3 years);
- Family information (including details of dependants);
- Financial information (including credit card commitments, personal mortgage commitments and income details); and
- Employment details (including job title and name of employer or details of any self-employment).
- Information that we collect automatically
When you visit our Website, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.
Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.
Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.
Some of this information may be collected using cookies and similar tracking technology, as explained further in the cookie policy.
- Information that we obtain from third party sources
From time to time, we may receive personal information about you from third party sources (including mortgage brokers, credit reference and fraud prevention agencies, the Home Office, HM Revenue & Customs, any past/present employer, accountant, lender or bank, other applicants and any referees or guarantors provided), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
The types of information we collect from third parties include contact details where you have been referred by a mortgage broker, KYC details and any money laundering or suspected fraud details, immigration status, validation of information supplied under the HMRC Verification Scheme, and we use the information we receive from these third parties to assess your application and suitability for a loan, undertake KYC checks, prevent fraud and money-laundering and to maintain and improve the accuracy of the records we hold about you.
In general, we will use the personal information we collect from you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal information. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as statistical purposes) if and where this is permitted by applicable data protection laws.
Who does Lendco share my personal information with?
We may disclose your personal information to the following categories of recipients:
- to our group companies, organisation with which we are affiliated, third party services providers and partners who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Website) or who provide mortgage servicing and administration services to us, or who otherwise process personal information for purposes that are described in this Privacy Notice or notified to you when we collect your personal information.
- to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- to another credit provider (including without limitation any other credit provider who has lent money on the same security) any information about your creditworthiness, credit standing, credit history or credit capacity. In particular, we may provide a credit opinion in relation to you;
- to agents for the purposes of tracing you and/or recovering any debt that you owe us;
- to any originator, finance consultant, financier, accountant, Credit Reference Agency (CRA), lawyer or third party involved with the prospective finance to be provided to you;
- to a potential buyer or investor (and its agents and advisers) in connection with any proposed purchase, merger, acquisition or investment of any part of our business, provided that we inform the buyer or investor it must use your personal information only for the purposes disclosed in this Privacy Notice;
- to parties to or investors in any “Financing Transaction” which means any securitisation, loan or other financing, sale, derivative or any transaction with a similar effect to any of the foregoing which involves your mortgage. This may include any person to whom any interest in your mortgage is assigned or transferred in connection with the Financing Transaction, any security agent or trustee who holds security on behalf of creditors, paying agents and banks, any mortgage administrator who services the mortgages, professional and financial advisors and credit rating agencies;
- to a mortgage insurer to assess the risk of providing mortgage insurance or to assess the risk of default; and
- to any other person with your consent to the disclosure.
Fraud Prevention Agencies
GENERAL
- Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
- The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
- Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
- We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
- We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
- Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
CONSEQUENCES OF PROCESSING
- If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
- A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
DATA TRANSFERS
- Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
YOUR RIGHTS
- Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.
- For more information or to exercise your data protection rights, please contact us using the contact details above.
- You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data.
Legal basis for processing personal information (EEA visitors only)
If you are a visitor from the European Economic Area, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details on our contact us page.
Purpose of processing
We may use your personal information for any of the following reasons:
- to administer mortgage contracts and to protect our interests as lender;
- to determine creditworthiness;
- to assess your eligibility or suitability for a loan;
- to verify your identity;
- to manage and provide you with access to your account;
- to communicate with you;
- to comply with KYC and anti-money laundering laws;
- for fraud prevention and law enforcement;
- for audit purposes research and statistical analysis;
- for sales and marketing purposes; and
- for security, quality and internal training purposes.
Cookies and similar tracking technology
We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookies page.
How does Lendco keep my personal information secure?
We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
International data transfers
If in the future your personal information is transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.
We reserve the right to transfer data overseas in the future. If we do so, we will ensure that appropriate safeguards are in place to protect your personal information in accordance with this Privacy Notice.
Data retention
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Example of our data retention periods are as follows:
- We will retain your personal information relating to any mortgage for the term of the mortgage plus an additional 12 years to enable us to comply with all administrative procedures in relation to the mortgage.
- We will retain the data you submit in any unsuccessful application for 36 months.
- We will retain records of the data of any website visitor for 36 months.
- We will retain any marketing data for 36 months.
Your data protection rights
You have the following data protection rights:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
- In addition, if you are a resident of the European Union, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “How to contact us” heading below.
- Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here.)
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Updates to this Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
How to contact us
If you have any questions or concerns about our use of your personal information, please contact us using the following details:
Write to: The Risk & Compliance officer, Lendco Limited, 33 Gracechurch Street, London, EC3V 0BT United Kingdom; or
Visit our website at: https://lendco.co.uk.
The data controller of your personal information is Lendco Limited.
Where interests in the mortgages are assigned or transferred in connection with a Financing Transaction, there may be further data controllers including the assignee or transferee of such interests, a security trustee who protects those interests in the event of an enforcement and the originator of the loans. Contact details in relation to any Financing Transaction would be provided once any new data controller was established.
Credit references agencies or fraud prevention agencies may also become data controllers if they use your data for their own purposes, for example to retain records of decisions or applications or for fraud prevention. You should refer to the privacy policies of these agencies which can be found at the following links:
Credit reference agencies:
Fraud prevention agencies:
If you want to receive details of the relevant fraud protection agencies this can be obtained by contacting us.