1.1. DSI – Data State Inspectorate (Datu valsts inspekcija).
1.2. GDPR – General Data Protection Regulation.
1.3. EU/EEA – European Union and European Economic Area.
1.4. Notice – this Privacy notice.
1.5. Lendiscore (or “we”) – SIA “Lendiscore”, registration No. 40203251925, legal address: Krišjāņa Valdemāra iela 118, Riga, LV-1013, Latvia.
1.6. You (also “you”) – individual (or his/her authorized representative), who is interacting with us and affected by personal data processing conducted by us.
1.7. Services – professional services ancillary to financial services as described in the services agreement concluded between Lendiscore and you in order to facilitate the receipt of financial services.
1.8. Webpage – Our webpage available at lendiscore.com
1.9. Other terms defined by the GDPR, for example – “personal data”, “processing”, “restriction of processing”, “profiling”, “pseudonymization”, “controller”, “processor”, “recipient”, “third party”, “consent”, “personal data breach”, “supervisory authority” – are used in this Notice with the same meaning.
- PURPOSE AND SCOPE OF THE PRIVACY NOTICE
2.1. This Notice applies to the processing of your personal data in relation to our services addressed to individuals.
2.2. The purpose of this Notice is to explain how your personal data is collected and otherwise processed by us, inform you about the purposes of processing and your rights, as well as give other information related to processing of personal data performed by us.
2.3. Some of the links on our Website lead to other websites with their own privacy notices, which may be different to this Notice. You will need to make sure that you are satisfied with the respective privacy notice when using those other websites.
- WHO ARE WE AND HOW YOU CAN CONTACT US?
3.1. When using the Services, Lendiscore is regarded controller of your personal data. This means that we determine the purposes (“why”) and means (“how”) personal data will be processed in course of provision of Services to you.
3.2. Feel free to contact us on any matter related to the Services, this Notice or personal data processing by regular post (our address is indicated in Clause 1.5. above) or e-mail: email@example.com
- WHAT INFORMATION WE PROCESS?
4.1. We will need certain personal data to deliver the Services you have asked for and to give the best possible experience when you engage with us (for example, via Website or otherwise) and use our Services.
4.2. Depending on your requested Services personal data that we may typically process include the following:
(a) Identification data (name, surname, date of birth, national ID number, series and number of ID document, age);
(b) Contact details (phone number, e-mail address, address);
(c) Information about your bank account (bank name, bank account number);
(d) Financial information (e.g., credit history, bank statement, information about income and expenses, information about debts (amount, maturity date, etc.), information about current monetary obligations (information about open loans and other obligations), information about transactions, etc.);
(e) Employment data;
(f) Creditworthiness and credit risk assessment recommendation;
(g) Information about your opinion (for instance, about our Services, customer care, etc.);
(h) Information collected during your interaction with our Webpage (for example, your IP address, information about device and software that you use, other similar technical data) using cookies or other similar technologies;
(i) Investigation data (for instance, client due diligence checks, sanctions and anti-money laundering checks, etc.);
(j) User login data (for instance, authentication credentials);
(k) Audio records of all telephone calls (incoming and outgoing);
(l) Details of other communication with us (for instance, via post, e-mail, live chat, etc.);
(m) Footage and images from video surveillance conducted at our office (if conducted);
(n) Information about your device (for instance, device type, type of internet browser, e-mail registration date, domain, domain category, etc.);
(o) Other information submitted by you or included in the report you order from us using the Services.
- PERSONAL DATA SOURCES
5.1. We collect personal data only according to the provisions of GDPR and other applicable laws. Personal data typically may be collected in the following ways:
(a) Directly from you (for instance, when you apply for the Services; when you contact us (call us, e-mail us, etc.); when you fill in any forms on the Webpage; when you submit a claim to us; when you otherwise interact with us);
(b) From third sources, which mainly include the following:
1) Your creditor;
2) Credit information bureaus;
3) Databases of debt history;
4) State information systems / state institutions;
5) Service providers that provide anti-fraud, anti-money laundering and similar services;
6) Cookies and other technologies used on the Website.
(c) Generated by us, based on information collected from you and other sources mentioned above (for example, when generating a report according to the requested Services).
5.2. Personal data from the third sources mentioned in Clause 5.1. (b) 2) -5) of this Notice may be received by Lendiscore independently by using direct integration or indirectly by using technical support of your creditor.
- PURPOSE OF PROCESSING, LEGAL BASIS OF PROCESSING
6.1. We mainly process your personal data for the following purposes:
(a) To enter into a business relationship with you and deliver our Services to you;
(b) To administer your account with our Webpage (if you have one) and manage any relationship you have with us;
(c) To answer to your requests, claims queries, etc.;
(d) To carry out your instructions;
(e) To process payments, you make when ordering Services;
(f) To assess your opinion on our products, services, other activities;
(g) For marketing purposes (for instance, via post, e-mail, SMS, calls, social media, mass media, messaging, etc.) and to understand your preferences;
(h) To contact you on matters related to interaction/cooperation with us (for instance, to inform you about changes in our Services, terms, policies, other document or to notify you in cases prescribed by law, etc.);
(i) To protect our legal rights and interests (for instance, in case of a dispute);
(j) To perform our legal obligations;
(k) To ensure security (including cybersecurity) and business continuity;
(l) For market research purposes and to identify trends;
(m) To ensure protection of our property (for instance, our assets, information, computer network, infrastructure, etc.) against physical, cyber and other threats;
(n) To protect vital interests of individuals (for instance, our employees, visitors, etc.);
(o) For risk management purposes;
(p) To prevent and detect unlawful actions (e.g., fraud, theft, property damage, terrorism financing, money laundering etc.);
(q) For performing administrative functions;
(r) To personalize online experience;
(s) For product, services and Webpage improvement purposes;
(t) Other related purposes.
6.2. When processing personal data, we may rely on different legal bases, depending on the purpose pursued and personal data type processed, namely:
(a) Your consent (for instance, in case of sending you commercial communications);
(b) Performance of a contract (for instance, if you have contractual relations directly with us, have an account with our Webpage, etc.);
(c) Processing is necessary for fulfilment of our legal obligations (for instance, obligations under tax laws, laws on anti-money laundering and terrorism financing prevention, laws on national/international sanctions, etc.);
(d) Processing is necessary for protection of vital interests of individuals (for instance, in cases when life and health of individuals can be affected);
(e) Processing is necessary for the performance of a task carried out in the public interest (for instance, when carrying out activities for prevention of money laundering; prevention and detection of crime, etc.);
(f) Processing is necessary for the purposed of our legitimate interests (for instance, detection and prevention of fraud; ensuring security (including cyber security); protecting our property (assets, information (including personal data); computer network infrastructure, etc.); risk management; ensuring business continuity; protecting of our property and information; direct marketing; protection of our legal rights and interests; improving our products, services and Webpage; customizing or products and services to your interests, etc.).
- RECIPIENT CATEGORIES
If it is legally justified in each particular case, personal data may be disclosed to the following recipient categories:
(a) Authorized employees of Lendiscore;
(b) Service providers (processors and other controllers) that provide different services to Lendiscore (for instance, IT services, data storage services, e-mail service providers, marketing services, etc.);
(c) Competent state institutions (for instance, Data State Inspectorate, court, police, etc.);
(d) Recipient indicated by you;
(e) Other recipients if there is an appropriate legal basis.
- TRANSFER OF PERSONAL DATA
We mainly process personal data within the EU/EEA. However, in course of our business activities, information (including personal data) may be transferred outside EU/EEA. In this case we will ensure that all GDPR requirements on transfers of persona data outside the EU/EEA are complied with. You can receive more detailed information on this matter by addressing us using the contact information provided herein.
- TERM OF PROCESSING (INCLUDING STORAGE)
We will process and store personal data according to our data retention policy. Retention period mostly depends on type of personal data concerned and processing purpose. In respect to some personal data categories, retention periods are provided in applicable laws (for instance, tax laws, accounting laws, consumer protection laws, etc.). In other cases, when retention period is not determined by law, we determine retention period taking into account personal data protection principles provided in the GDPR. For instance, longer retention period may be needed if we need data for our legitimate interest purposes, e.g., to help us respond to queries and complaint, fighting fraud and financial crime, responding to requests from regulators, etc. At the end or retention period we will delete or irrevocably anonymize your personal data.
- DATA SUBJECT RIGHTS
10.1. GDPR provides individuals (as data subjects) with a set of different rights, namely:
(a) Right to request access to personal data we hold about you;
(b) Rights to request rectification of personal data;
(c) Rights to request erasure of personal data;
(d) Rights to restriction of processing;
(e) Rights to data portability;
(f) Rights to object to processing;
(g) Rights to withdraw consent at any time if processing is based on your consent as a legal basis (NB! The withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal).
10.2. You can exercise the said the abovementioned rights by addressing us using the contact information indicated herein.
10.3. We would like to draw your attention to the fact that the abovementioned rights are not absolute. Namely, GDPR and other applicable laws stipulate for conditions that have to be met in order to exercise these rights, limitations and exceptions.
10.4. If we have reasonable doubts about identity of individual, who submits a request on exercise of the said rights, we may request to provide additional information which is necessary for confirmation of your identity.
- DISPUTE RESOLUTION AND COMPLAINTS
We would like to resolve any dispute in a friendly manner. Therefore, if you believe that processing of personal data conducted by us is not in compliance with the GDPR or other applicable laws on personal data protection, we encourage you to submit us your complaint, using the information indicated in this Privacy Notice. We will do our best to resolve the matter as soon and effective as possible. However, you can always submit a complaint to the DSI (https://www.dvi.gov.lv/lv/).
- OBLIGATION TO PROVIDE PERSONAL DATA
Whether it is an obligation or option to provide personal data, will mainly depend on the purpose of processing. In most cases information will be provided by you because you wish to take Services from us or engage with us and use of your information will be governed by contract terms. Giving this information is therefore your choice. If you choose not to give all or some of the information, this may affect our ability to provide Services. In case of commercial communication (e.g., advertising sent via e-mail, SMS, etc.) you are free to decide whether you are willing to receive it and thus provide your personal data.
We use appropriate technical (including physical and logical) and organizational measures to protect personal data and other information that we collect and store against accidental or unlawful destruction, loss, alteration, disclosure, access. For example, by limiting access to our premises, using encryption, managing access rights, using secure processors and other partners, raising awareness on personal data protection and security matters of our staff, etc.
- DECISION MAKING AND PROFILING
To provide services requested by you, our specialists will use information received from the abovementioned sources and use them for calculations and analysis of data. As a result, we will provide a report that will be sent to the recipients indicated in the service contract with you. To ensure that the report is as precise and objective as possible, we will rely on modern and impartial calculation techniques. We will mainly use your financial data and will not rely on discriminatory criteria (such as gender, national or social origin, etc.). Any final decisions on provision of financial services will be made by your creditor and not by us.
- AMENDMENTS TO THE PRIVACY NOTICE
We may update this Privacy Notice from time to time. The most recent version can be found at our Webpage and you should check it regularly. In case of important changes, we will let you know about them.
- FURTHER INFORMATION
Please feel free to address us in case of any additional questions related to personal data processing. Additional information about cookies is also available in our Cookie notice.
This Privacy notice was last updated in November 2021.