PrecisionLender is committed to protecting your privacy
Last Updated: June 27, 2019
We receive data that you actively submit, as well as data that we track. These include:
Our PrecisionLender platform is provided as a Software-as-a-Service (SaaS) solution for commercial banks. It collects, processes, and stores data under the direction of our clients as a Processor, as such term is defined within Article 4 of the EU General Data Protection Regulation (GDPR). While the primary purpose of our platform is to process commercial loans, it is our clients who choose what business data they share with us based on the services they use, and they own all rights in and to their business data. If Personal Data is uploaded by a client, we have no direct relationship with the individuals whose Personal Data that our platform processes on behalf of such client. For this reason, an individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his/her query to the relevant client (who is the Controller, as such term is defined within Article 4 of the GDPR). If the client asks us to remove the data, we will respond to their request within 10 business days.
To provide and support our platform and service, as well as to market to new clients, we retain Personal Data of the individuals who are employed by our clients, prospective clients, suppliers, and business partners. This data is limited in nature and consists of business contact information such as name, email address, phone number, and physical office address.
We process Personal Data for the following purposes:
Where we act as a Controller, we process Personal Data to pursue our legitimate interests to run, maintain, and develop our business. We may also process Personal Data to comply with our legal obligations.
In connection with some parts of our platform and services, we might request an individual’s consent for the processing of their Personal Data for a specific purpose. In that event, an individual may withdraw their consent at any time.
Where we act as a Processor, we process Personal Data based on the instructions of our clients.
We do not store the Personal Data for longer than is legally permitted and necessary for the related processing purposes. The storage period depends on the type of Personal Data, the purposes of use, and applicable law, and therefore varies per use.
Typically, we store Personal Data for as long as the user is using our platform or services or for as long as we have another purpose to do so and, thereafter, for no longer than is required or permitted by law or necessary for internal reporting and reconciliation purposes.
We erase Personal Data provided by you after the above described storage period or when a client or individual asks us to erase the data.
We only share Personal Data within our organization if and as far as necessary for the purposes specified in this Policy. Our employees processing Personal Data are bound by confidentiality obligations.
We may share Personal Data with our service providers, who process Personal Data on our behalf, and who agree to use the Personal Data only to assist us in providing our services or as required by law.
Our service providers may provide:
Some of these service providers may be located outside of the United States. However, before transferring your Personal Data to these service providers, we will either ask for your explicit consent or require that they maintain at least the same level of privacy and security for your Personal Data that we do.
We remain liable for the protection of your Personal Data within the scope of our Privacy Shield certification that we transfer to third parties, except to the extent that we are not responsible for the event that leads to any unauthorized or improper processing.
We are not in the business of selling or renting your Personal Data to telemarketers and we do not share your Personal Data with others, except as outlined in this Policy. We may share your Personal Data as required by law or in the interest of protecting or exercising our or others’ legal rights, such as in connection with requests from law enforcement officials and in connection with court proceedings. If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.
We may share or transfer your Personal Data in connection with a prospective or actual sale, merger, transfer or other reorganization of all or parts of our business. We reserve the right to use and disclose, de-identified and non-attributable data for any legal business purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible event sponsors or clients.
When you click on a link to a third-party website from our websites, your activity and use of the linked website is governed by that website’s policies, not by our policies. We encourage you to review their privacy and user policies.
In connection with promotions or other projects, we may ask you specifically whether you have objections to certain uses or sharing of your Personal Data. If you opt-out under such circumstances, we will respect your decision. To opt out of receiving commercial communications from us, please click on the “opt-out” link in the communication or email us at email@example.com.
If we have received your Personal Data in reliance on the Privacy Shield, you may also have the right to opt-out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt-out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized. To submit such requests, please email us at firstname.lastname@example.org.
Please note that as a Processor, we have limited rights to access data submitted to us by our clients. Therefore, if you contact us with an opt-out or revocation request related to Personal Data submitted to us by a client, we will ask you to tell us the identity of the relevant client. We will forward your request to that client, and provide any needed assistance as they respond to your request.
If Personal Data you have submitted through the website is no longer accurate, current, or complete, and you wish to update it, please send an email to email@example.com. Upon appropriate request, we will be happy to update or amend your information, but we reserve the right to use information obtained previously to verify your identity or take other actions that we believe are appropriate.
We use robust security measures to protect Personal Data from unauthorized access, maintain data accuracy, and help ensure the appropriate use of such data. When our service is accessed using an updated web browser, Transport Layer Security (TLS) technology protects the Personal Data and client data using both server authentication and data encryption. These technologies help ensure that such data is safe, secure, and only available to the client to whom the information belongs and those to whom the client has granted access.
As an organization with a global presence, we have operations in several locations around the world. For our client data, we work closely with each organization to ensure we meet their data sovereignty requirements. For other Personal Data collected, we may transfer information to, or access it from, countries outside an individual’s country of domicile. We take steps to ensure that all Personal Data receives an adequate level of protection in the countries in which we process it. Further information regarding the international transfer of Personal Data may be obtained by contacting us at firstname.lastname@example.org.
We participate in and certify our compliance with the EU-U.S. Privacy Shield Framework (the “Privacy Shield”), as set forth by the U.S. Department of Commerce, regarding the processing of Personal Data transferred from the European Union, the European Economic Area, or the United Kingdom to the United States, or otherwise received in reliance on the Privacy Shield. We commit to adhere to and have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.
We are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
We reserve the right to change, modify, add, or remove portions of this statement from time to time and in our sole discretion, but we will alert you that changes have been made by indicating on the Policy the date on which it was last updated. When you visit the website, you are accepting the current version of this Policy as posted on the website at that time. We recommend that users revisit this Policy on occasion to learn of any changes.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your Personal Data. Any questions or concerns regarding the use or disclosure of Personal Data should first be directed to us at email@example.com or by postal mail:
Attn: General Counsel
4201 Congress Street, Suite 200
Charlotte, NC 28209, United States
We will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of Personal Data. For complaints related to the processing of Personal Data that we receive in reliance on the Privacy Shield that cannot be resolved between us and the complainant, we have agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute.
For HR-related data of prospective employees, if a complaint or dispute cannot be resolved through our internal process, we commit to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to human resources data transferred from the EU in the context of a potential employment relationship.
If your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you under the Privacy Shield’s “Recourse, Enforcement and Liability Principle” and Annex I of the Privacy Shield.