Data Protection Policy

1. Introduction

Lendable Ltd (hereafter referred to as “the Company”) is committed to ensuring the security and protection of personal data that we process and to providing a compliant and consistent approach to data protection. The Company provides lending software services worldwide and recognizes the importance of maintaining the privacy and integrity of the personal data we handle.

2. Scope

This Data Protection Policy applies to all employees, contractors, and third parties working on behalf of the Company. It covers all personal data that the Company processes in relation to its lending software services, including customer data, employee data, and any other personal information processed by the Company.

3. Data Protection Principles

The Company is committed to processing personal data in accordance with its responsibilities under relevant data protection laws, including the General Data Protection Regulation (GDPR). The principles set out below outline the Company’s approach to data protection:

  1. Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner.
  2. Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  3. Data Minimization: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  4. Accuracy: Personal data shall be accurate and, where necessary, kept up to date.
  5. Storage Limitation: Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  6. Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
  7. Accountability: The Company shall be responsible for and be able to demonstrate compliance with these principles.

4. Data Collection

The Company will ensure that personal data is obtained only for specified, explicit, and legitimate purposes. Data collection methods will be transparent, and data subjects will be informed of the purposes of the data collection at the point of collection.

5. Data Use

Personal data will be used only for the purposes for which it was collected. Any use of personal data for new purposes will require the explicit consent of the data subject unless otherwise authorized by law.

6. Data Sharing

The Company will not share personal data with third parties unless it is necessary to fulfill the purpose for which the data was collected, or if the Company is legally required to do so. All third parties with whom personal data is shared must provide adequate safeguards to ensure the protection of the data.

7. Data Security

The Company will implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures will include, but are not limited to:

  • Encryption of sensitive data.
  • Regular security audits and assessments.
  • Access controls to limit access to personal data to authorized personnel only.
  • Security training for employees.

8. Data Retention

The Company will retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Data retention periods will be clearly defined, and data will be securely disposed of when no longer needed.

9. Data Subject Rights

Data subjects have the following rights in relation to their personal data:

  • The right to access their personal data.
  • The right to rectification of inaccurate data.
  • The right to erasure of their data (the “right to be forgotten”).
  • The right to restrict processing.
  • The right to data portability.
  • The right to object to processing.
  • The right to withdraw consent at any time (where processing is based on consent).

The Company will ensure that data subjects can easily exercise these rights and will respond to requests in a timely manner.

10. Data Breach Response

In the event of a data breach, the Company will follow a defined incident response plan to contain, mitigate, and investigate the breach. Data breaches will be reported to the relevant supervisory authority and affected data subjects in accordance with applicable legal requirements.

11. Policy Review

This Data Protection Policy will be reviewed regularly and updated as necessary to ensure continued compliance with data protection laws and best practices. All employees and relevant third parties will be informed of any changes to this policy.

12. Contact Information

For questions or concerns regarding this Data Protection Policy or the Company’s data protection practices, please contact:

Quinn Pratt

[email protected]

Lendable Ltd

Approved by:
Quinn Pratt
CEO
3/8/2024

Effective Date:
3/8/2024

Review Date:
3/2/2025