Who we are
Please read the following carefully to understand our views and practices regarding your personal data.
Collection of Personal Data
We may collect the following information from you as part of the process of validating your application and managing your loan agreement. Personal Data we collect from you includes:
Information that you provide by filling in forms on the Site:
- Basic personal information such as your name, date of birth, gender
- Your contact details such as postal address, email address and phone number.
- Verification information such as past addresses and proof of income and expenditure.
- Details of any loan applied for such as the amount, preferred repayment period, and bank details for making repayments and consenting to Open Banking.
- Information we need to assess the affordability of the loan such as your employment details and your monthly income.
- Identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address and other information about your visits to the Website.
- Any other personal data that you choose to provide on the Website or in your communications with us. Please note, call recordings of conversations may be retained for monitoring and training purposes, except where bank card details are provided when the call recording will be paused.
Information that we may obtain from third parties such as:
- If you own any property, we may carry out a search with the land registry – We do not place any charge on the property as security for providing the loan. Performing the search helps us verify you and, in some cases, means we can lend higher amounts.
- A credit check will be carried out by TransUnion to view your financial commitments. For further details, please refer to the Credit Reference Agencies section under “4. Sharing your personal data” below. If you advise of any other financial commitments not shown on the credit file, details will be retained.
- Plend may also carry out a soft credit search if payments are missed or if we are unable to contact you.
- Details of your health or medical history if you have provided explicit consent for Plend to note these on your records.
- We may obtain information about complaints from the Financial Ombudsman Service if you escalate a complaint.
Information that may be generated during the course of your relationship with us, for example:
- Details of repayments that you have made or missed;
- Account reference details on our system; and
You are not obliged to provide us with any personal data, however if you do not provide certain necessary personal data, we may not be able to enter into an agreement with you
Use of Your information and Legal Bases for Processing Data
We may store and use your personal information for the purposes of:
(a) administering your application and loan agreement (as is necessary for performance of a contract between you and us and/or as is necessary for our legitimate interests);
(b) carrying out anti-fraud and anti-money laundering checks and verifying your identity (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests);
(c) assessing financial risks, including by carrying out credit reference checks (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(d) using your payment details to process payments relating to your loan repayments, and refunds (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(e) communicating with you about your loan application/agreement, including responding to your enquiries (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(f) administering debt recoveries, where you owe us money under a contract or otherwise (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(g) undertaking statistical analysis, including analysing your use of our website. This allows us to develop new, or improve existing, products and services (as is necessary for our legitimate interests); and
(h) fulfilling our obligations owed to a relevant regulator, tax authority or revenue service (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests).
Our “legitimate interests” as referred to above include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient, and sustainable manner, in accordance with all applicable legal and regulatory requirements. Your personal data is not used for the purposes of solely automated decision making or profiling
Special category personal data
We may occasionally process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, genetic or biometric data, data concerning health, or data concerning your sex life or sexual orientation. For example, you may inform us about health conditions that impact your ability to repay.
This data is considered ‘special category personal data’ under the Data Protection Laws. We will generally only process this personal data where you have given your express consent to this, or where it is necessary for the establishment, exercise or defence of legal claims.
Where we process special category personal data on the basis of your express consent, this can be withdrawn at any time. Withdrawing consent will not affect the lawfulness of any processing based on the consent before it was withdrawn. To withdraw consent to the processing of special category personal data, please contact our Data Protection Officer firstname.lastname@example.org
Sharing your information
We may share your personal information with our associated companies and with certain third parties including:
We use GoCardless to process direct debit payments. More information on how GoCardless processes personal data and your data protection rights, including your right to object, is available at https://gocardless.com/legal/privacy/.
Open Banking is a secure way of providing read-only access to your bank or building society account to providers who are registered for this purpose. For more information, visit www.openbanking.org.uk.
In order to enter into and administer your loan agreement you must agree for us to share your personal, contact and loan application details with our registered Open Banking partner, Plaid. During your loan application we shall safely and securely direct you to Plaid’s secure portal for the purposes of granting Plaid access to your bank or building society account information. As soon as your account information is received it shall be reported back to us in the form of a completed search in order that we may continue to process your loan application.
Plaid are registered under the Open Banking Directory as an account information service provider and are also regulated by the Financial Conduct Authority as a payment services firm under number 804718. Any data you submit via the Plaid portal will be encrypted and its usage tracked as part of set Open Banking data security standards.
You will not be required to share your banking password or log in details with either us or Plaid. Once you have given your explicit consent to share your bank account information on the Plaid portal you will be directed to your own bank or building society’s login page where you will enter in your own login details directly.
We use Modulr to manage our investor e wallets. More information on how Modulr process personal data is available at https://www.modulrfinance.com/privacy-policy
With other third parties
We may share your personal information with our associated companies and with certain third parties including:
- Third parties that assist us in preparing or sending any communications to you, or to assist us in connection with any of our administrative or business functions, or in the provision of any of our services to you, or to third parties acting as our agents.
- We reserve the right to sell non-performing accounts. We will inform you if we do this.
- If we are unable to make contact with you, we may employ third party companies to trace your whereabouts and re-engage with us. We may also employ third parties to enforce our rights under any agreement with you.
- If Plend or its assets are potentially to be acquired by a third party, or if we consider restructuring, personal data held by us about our customers (including borrowers and investors) will be one of the transferred assets and may be shared during the potential transaction or restructuring process.
- Anyone to whom we transfer or may transfer our rights and duties under any agreement with you.
- Legal and regulatory bodies, such as the Financial Conduct Authority, the Information Commissioner’s Office, the Financial Ombudsman Service, fraud prevention agencies or when we have a legal obligation to do so.
- Our auditors, solicitors, professional advisors, sub-contractors who have agreed to treat your personal details as confidential.
- If you were introduced to us by a third party, we will provide them details of whether the loan was successful or not. A commission may be paid for the introduction. If you require details of any commission paid, please contact Plend by using our contact details.
Credit Reference Agencies (CRA)
In order to process your application, we will perform credit and identity checks on you with TransUnion, Experian & Equifax credit reference agencies (“CRAs”).
To do this, we will supply your personal information to TransUnion, Experian & Equifax and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. TransUnion, Experian & Equifax will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness and whether you can afford to take the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud, and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with TransUnion while you have a relationship with us. We will also inform TransUnion about your settled accounts. If you borrow and do not repay in full and on time, TransUnion, Experian & Equifax will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When TransUnion, Experian & Equifax receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at https://www.transunion.co.uk/legal/privacy-centre?#pc-credit-reference and Credit Reference Agency Information Notice (CRAIN) | Experian
Transfers outside the UK
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).
In accordance with our retention policy, we will retain your personal information for a minimum of six years from the end of our business relationship with you. Our business relationship will be deemed to be at an end on the date upon which your account is closed (which will either be when all outstanding sums under the agreement have been repaid or when we stop pursuing arrears on the account) or when your application has been declined.
We take steps with a view to deleting, destroying, or permanently anonymising your personal data (which means that we are no longer able to identify you from it) when it is no longer necessary for its purpose and we are not required by law to keep it. For further information on Plend Retention & Erasure policies, please contact the Data Protection Officer: email@example.com
Security of Information
We are aware of the importance of protecting your personal data we collect from you and therefore we store data in encrypted form on computers and control access via secure web pages. We employ firewalls and other security technologies to protect our servers from external attack. We train our employees in the proper handling of personal information and when we use other companies to provide services for us, we require them to protect the confidentiality of personal information they receive.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Your rights under applicable data protection law
Your personal information is protected under data protection law and you have several rights (explained below) which you can seek to exercise. Please contact our Data Protection Officer firstname.lastname@example.org if you wish to do so, or if you have any queries in relation to your rights.
If you seek to exercise your rights, we will explain to you whether or not the right applies to you; these rights do not apply in all circumstances. Please be aware that if your request is manifestly unfounded or excessive we may refuse to deal with your request or may charge a reasonable fee for dealing with it.
Right to access
You have the right to access the personal information held about you and to obtain certain prescribed information about how we process it. This is more commonly known as submitting a ‘data subject access request’. We may request proof of your identity before sharing such information.
Right to rectify your personal information
If you discover that the information we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e. corrected).
Right to be forgotten
You may ask us to delete information we hold about you in certain circumstances, this is often referred to as the ‘right to be forgotten’. This right is not absolute and only applies in particular circumstances. It may not therefore be possible for us to delete the information we hold about you, for example, if we have an ongoing relationship or are required to retain information to comply with our legal obligations or to exercise or defend legal claims.
Right to object to processing
You may object to the processing of your personal information when it is based upon our legitimate interests. You may also object to the processing of your personal information for the purposes of direct marketing and for the purposes of statistical analysis
Right to restriction of processing
In some cases, you may have the right to have the processing of your personal information restricted. For example, where you contest the accuracy of your personal information, it may be restricted until the accuracy is verified, or where the processing is unlawful but you object to it being deleted and request that it is restricted instead.
Right to data portability
You have the right to receive, move, copy, or transfer your personal information to a controller which is also known as ‘data portability’. You have the right to this when we are processing your personal information based on consent or on a contract and the processing is carried out by automated means. You should note that this right is different from the right of access (see above) and the types of information you can obtain under the two separate rights may be different.
Your Consent - When you submit your application for a loan, we will ask you if you want to receive marketing information from Plend, about products from Plend (opportunities to take out new loans, top up loans etc.).
You can decide if you want to receive information and how you want to receive it (email, SMS, telephone, post).
We will not pass your details to other third-party organisations, for the purposes of marketing, without your consent.
If you want to change your marketing preferences, you can update them through your Plend online portal or make contact with our offices directly.
Data Controller and Contact Information
The data controller is Plend Limited, registered in England and Wales under registration no. 12581855 and with its registration address at Aldgate Tower- 6th Floor, 2 Leman Street, London, E1 8FA.
If you have any questions about this privacy statement or how and why we process personal data, please contact us at:
Data Protection Officer
Post: 2 Leman St, London E1 8FA.
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to email@example.com or use the contact details above. We will investigate and respond to any complaints we receive.
You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) (the UK data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website or contact the ICO on 0303 123 1113.
We reserve the right to make changes to this Policy at any time and any significant changes to this Policy will be emailed direct to the primary email address supplied by you; minor changes will be updated directly to the Policy and may not require notification. We advise you regularly review this document to ensure that you are aware of any amendments and to be clear on how this policy may affect you.
This privacy statement was last updated on 20th June 2023.