When visiting or using this website and the PrivateLending platform (together the “Portal”), PrivateLending SA (the “Operator”) may collect and further process personal data of visitors (“Visitors”) and users who have registered on the Portal (“Users”), including individuals acting on behalf of Users.
1. Who is responsible for the processing of your personal data?
The personal data provided by Users (or individuals acting on behalf of Users) and Visitors when visiting or registering on the Platform shall be processed by the Operator according to the conditions set out in the Personal Data Protection Act of 8 December 1992 and its implementing decrees (the “DPA”).
For this purpose, the data controller is the Operator, with registered office at 435 Chaussée de Louvain, B-1380 Lasne, Belgium.
2. What personal data does the operator process and for which purpose?
2.1 -.Personal data of Users (and individuals acting on behalf of Users)
Upon registration on the Portal, entry into an agreement with the User under which the Operator is providing services to the User via the Portal (“User Agreement”), or when expressing an intention to enter into a legal transaction through the Portal, including by submitting a Bid (“Bid”), the User or the individual acting on its behalf will be requested to provide certain information, such as (without limitation):
Not proving this information may result in the Operator’s inability to process the Investment Application or enter into a User Agreement.
The Operator is entitled to record all data of the User (or individual acting on its behalf) received through the Portal and other communication means (e.g. postal mail, telephone, e-mail, etc.).
The Operator is entitled to process the personal data about the User (or individual acting on its behalf) in order to provide services to the User under the User Agreement, amongst which (without limitation) in order to perform the of Operator’s obligations under the User Agreement or applicable law, and in order to assess the credit-worthiness of the User.
In order to establish a legal relationship with the User or make a decision related to a legal transaction requested by the User through the Portal, and in order perform due diligence verifications on the User (or the individual acting on its behalf), the Operator is also entitled to search for and collect data about the User (or the individual acting on its behalf) from publicly accessible sources (for the purpose of, amongst other goals, assessing the credit-worthiness of the User when it applies for a Investment via the Portal).
The Operator is also entitled to process all the data relating to the User (or the individual acting on its behalf) that is reasonably necessary for the provision of services under the User Agreement, including but not limited to data that is reasonably necessary for execution and enforcement of loan agreements concluded via the Portal.
The Operator may also use User’s personal data (or the personal data of the individual acting on its behalf) in order to provide them, by email, information on the services provided by the Operator. The User (or the individual acting on its behalf) may opt-out from these communications when creating an account, through reviewing his/her/its personal settings in his/her/its User profile or through clicking on the unsubscribe link included in each email sent to the User or the individual acting on its behalf.
2.2. Visitors’ personal data
The Operator may also process (limited) personal data of Visitors who have not registered as Users. This shall, for example, be the case if a Visitor sends a question or message using the contact form available on the Portal. In that case, the Operator shall process such data as (without limitation):
Such personal data shall be used for the purpose of answering the question or message sent by the User. For this purpose, the Operator is entitled to record all Visitors’ data received through the Portal and other communication means (e.g. postal mail, telephone, e-mail, etc.).
The Operator may also use Visitors’ personal data in order to provide them, by email, information on the services provided by Operator. Such emails shall only be sent to Visitors if Visitors have explicitly consented hereto through clicking on the box provided to this end in the contact form available on the Portal. After having consented to the sending of such communications on the Portal’s contact form, Visitors may at all times refuse future communications through clicking on the unsubscribe link included in each email sent to Visitor.
The Operator shall also have the right to use the data disclosed by the Users (or individuals acting on their behalf) and Visitors at any time as well as the data created by the Users (or individuals acting on their behalf) when using the Portal for statistical purposes, and to disclose the received statistical data over the internet, ensuring however that the data disclosed cannot be directly linked to any specific User (or individual acting on its behalf) or Visitor.
3. Disclosure of User’s data to third parties
3.1. Recipients of personal data
The Operator is entitled to disclose User’s and Visitor’s data (insofar as reasonably necessary) for the fulfilment of the purposes described above):
Finally, the Operator shall have the right to submit User’s data to persons maintaining registers of defaulted payments or other kind of data necessary for assessment of credit worthiness for the purpose of applying the principles of responsible lending, likewise for enabling the third persons to assess the User’s payment behaviour and credit worthiness. User’s data submitted to such registers may be processed by all persons who are members of such registers or have access to these on any other legal basis.
3.2. Cross-border transfer of data
The transmission of personal data to the recipients described above may imply a transfer of personal data to recipients located in (or processing personal data from) countries outside the European Economic Area, which do not offer a level of protection for personal data comparable to that offered by the DPA. In that case, the Operator shall take adequate measures (including contractual clauses) in order to ensure that the Users’ and the Visitors’ personal data are sufficiently protected.
Likewise, while executing transactions in a foreign country or with persons of any foreign country, the Operator may be obliged to disclose User’s data to authorities of these foreign countries according to the local legislation, including the legislation of countries outside the European Economic Area which do not offer a level of protection for personal data comparable to that offered by the DPA.
4. Data retention and accuracy
4.1. Data retention
The Operator shall process data of Users (and individuals acting on their behalf) and Visitors as long as this is reasonably required for the business purposes of the Operator and performance of any obligation under User Agreements or applicable legislation.
4.2. Data accuracy
The User is obliged to notify the Operator promptly of all relevant changes of data submitted to the Operator in the course of using the Portal.
Upon entry into a User Agreement and expression of declarations of intention through the Portal, including submitting Bids, Users shall present correct and accurate data. Upon entry into the User Agreement, every User certifies that the data submitted by them through the Portal is correct.
A User who has submitted false information shall be liable for the damage caused to the Operator and other Users by such submission of false information, above all if the Operator or other Users have concluded a transaction with the User who submitted false information by assuming the accuracy of the submitted false information.
The Operator shall in no manner be liable for the accuracy and correctness of the information submitted by the User.
In case of any changes to the personal data provided:
Failure to provide notification of any changes in the data shall constitute a fundamental violation.
Visitors and Users (or individuals acting on their behalf) are entitled to request access to their personal data, and request their correction in the event of inaccuracies.
Likewise, they are entitled to object, free of charge, to the processing of their personal data for direct marketing purposes.
These rights can be exercised through sending an email to firstname.lastname@example.org a copy of their identity card or passport. Objecting to direct marketing communications by email can also be done through clicking on the unsubscribe link inserted in each email sent or, for Users (or individuals acting on their behalf), through reviewing the personal settings in their User profile.
7. Modifications of this policy
This policy may be subject to unilateral modifications. Consequently, Users (or individuals acting on their behalf) and Visitors are encouraged you to review its terms for changes regularly. Users will be informed of any modifications to this policy via the Portal, and such modifications shall enter into force within four (4) weeks as from the disclosure of the modification via the Portal.
Upon disagreement with the modifications, Users shall have the right to terminate the User Agreement within four (4) weeks as from notification of the modification via the Portal.
Last amended on 1st of June 2016