Privacy Policy

Last Updated: December 14, 2020

1. Introduction

This Privacy Policy (“Policy”) describes how Lender Performance Group, LLC (d/b/a PrecisionLender) and its subsidiaries and affiliates, including LPG – International, LLC and Lender Performance Group I, LLC (collectively "Precision Lender", “we”, “us” and/or “our”) collects, uses, shares, and retains personal information (“Personal Data”) that you may provide to us, or that we collect when you use our software platform and websites. For the purposes of this Policy, “website(s)” shall refer collectively to precisionlender.com as well as other websites that we operate and link to this Policy. By using the websites or services platform, you consent to the data practices described in this Policy. We also have Terms of Service which govern the service offerings provided to our clients.

2. Types of Data and Collection Methods

Website:

We receive data that you actively submit, as well as data that we track. This includes:

• Actively Submitted Data – when you request additional information or a demo, sign up for blogs or other content, or register for our services, we will ask you to provide basic contact information and certain information related to the business you represent. There may also be other situations, such as surveys, webinars and conferences, where we ask you to actively submit similar information.
• Passively Tracked Data – when you visit our websites, we may use technologies, such as cookies, beacons, tags, and scripts, to analyze trends, administer the websites, deliver ad content, track users’ movements around the websites, and to gather demographic information about our user base as a whole. We collect such data in order to provide a better website experience and content in the future. This passively tracked information can include the internet protocol (IP) address of your computer, browser type, internet service provider (ISP), the date and time you access the website and your movements and preferences on our websites. You do not need to have cookies turned on to visit our websites. You can refuse cookies by turning them off on your browser. But, if you want to access web pages that require registration, you need to accept a mandatory session cookie, which you can delete after you leave the website.
• Testimonials – we display personal testimonials of satisfied clients on our websites in addition to other endorsements. With your consent, we may post your testimonial along with your name.
• Social Features and Media Widgets and Features – our websites include social media features. These features may collect your IP address, which page you are visiting on our websites, and may set a cookie to enable the feature to function properly. Social media features are hosted by third parties and your interactions with these features are governed by the privacy notice of the company providing it.
• Prospective Employees – through our career page, an individual may submit biographical information, contact information, and professional history in order to be considered for an open position.

Our Platform:

Our PrecisionLender platform is provided as a Software-as-a-Service (SaaS) solution for commercial banks. It collects, processes, and stores data under the direction of our clients as a Processor, as such term is defined within Article 4 of the EU General Data Protection Regulation (GDPR). While the primary purpose of our platform is to process commercial loans, it is our clients who choose what business data they share with us based on the services they use, and they own all rights in and to their business data. If Personal Data is uploaded by a client, we have no direct relationship with the individuals whose Personal Data that our platform processes on behalf of such client. For this reason, an individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his/her query to the relevant client (who is the Controller, as such term is defined within Article 4 of the GDPR). If the client asks us to remove the data, we will respond to their request within 10 business days of such request. As stated in our Terms of Service, Consumer information such as social security numbers, driver’s license numbers, and financial account numbers (“Prohibited Customer Data”) should never be provided to us or uploaded and/or entered into the services.

To provide and support our platform and service, as well as to market to new clients, we retain Personal Data of the individuals who are employed by our clients, prospective clients, suppliers, and business partners. This data is limited in nature and consists of business contact information such as name, email address, phone number, and physical office address.

3. Collection Purposes, Use of Personal Data

We use Personal Data for the following purposes:

• to allow us to run, maintain, and develop our business;
• to allow us to offer and provide our services;
• to allow us to conduct informational and promotional campaigns (including direct marketing) related to our services (including by phone, mail and email), keeping clients and prospective clients informed about our services and special offers that are likely to interest them;
• to allow us to perform the contract we have signed with our clients, suppliers, or partners;
• to allow client service management (such as, when clients contact our service desk);
• to allow contract management (such as, to address our invoices to our clients);
• to enhance our services and websites;
• to perform research and analysis relating to our services and websites;
• to perform tracking of the use of our services and websites;
• to conduct market surveys; and/or
• to review prospective employee submissions

4. Bases of Processing Personal Data

We collect and process your information as a Controller when we have a legal basis to do so. The following legal bases pertain to our collection of data:

• Our use of your personal information is in accordance with your consent (for example, when you consent to sharing your personal information with a third party for their own marketing).
• Our use of your personal information is in our legitimate interest as a commercial organization (for example in order to make improvements to our products and services and to provide you with information you request); you have a right to object to processing as explained in the section below titled Individual Data Rights;
• Our use of your personal information is necessary to perform our obligations under a contract or take steps to enter into a contract with you; and/or
• Our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have (for example, where we are required to disclose personal information to a court or tax authority).

Where we act as a Processor, we process Personal Data based on the instructions of our clients.

5. Data Retention

We do not store the Personal Data for longer than is legally permitted and necessary for the related processing purposes. The storage period depends on the type of Personal Data, the purposes of use, and applicable law, and therefore varies per use.

Typically, we store Personal Data for as long as the user is using our platform or services or for as long as we have another purpose to do so and, thereafter, for no longer than is required or permitted by law or necessary for internal reporting and reconciliation purposes.

We erase Personal Data provided by you after the above described storage period or when a client or individual provides us with a verified request to erase the data, subject to laws and regulations that allow us to deal with the request in a different way.

6. Sharing Personal Data with Third Parties

We share Personal Data within our organization, which may include our affiliates and subsidiaries, if and as far as necessary for the purposes specified in this Policy. Our employees processing Personal Data are bound by confidentiality obligations.

We may share Personal Data with our contracted service providers, who process Personal Data on our behalf pursuant to the legal bases described above or as required by law.

Our service providers may provide:

• the application hosting platform – infrastructure and storage;
• cloud storage services;
• client support and communications systems;
• internal communication and issue tracking systems;
• marketing automation systems;
• email software; and
• Client Relationship Management (CRM) software.

Some of these service providers may be located outside of the United States. However, before transferring your Personal Data to these service providers, we will either ask for your explicit consent or require that they maintain at least the same level of privacy and security for your Personal Data that we do.

We are not in the business of selling or renting your Personal Data to telemarketers and we do not share your Personal Data with others, except as outlined in this Policy. We may share your Personal Data as required by law or in the interest of protecting or exercising our or others’ legal rights, such as in connection with requests from law enforcement officials and in connection with court proceedings. If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.

We reserve the right to share or transfer your Personal Data in connection with a prospective or actual sale, merger, transfer or other reorganization of all or parts of our business. We reserve the right to use and disclose de-identified and non-attributable data for any legal business purpose, provided that such data does not include any Personal Data. The purposes may include, but are not limited to, analyzing usage trends or seeking compatible event sponsors or clients.

7. Links to Third Party Websites

When you click on a link to a third-party website from our websites, your activity and use of the linked website is governed by that website’s policies, not by our policies. We encourage you to review their privacy and user policies.

8. Individual Data Rights

Opt-Out

In connection with promotions or other projects, we may ask you specifically whether you have objections to certain uses or sharing of your Personal Data. If you opt-out under such circumstances, we will respect your decision. To opt out of receiving commercial communications from us, please click on the “opt-out” link in the communication or contact us using one of the methods outlined in the Contact Information below.

If we have received your Personal Data in reliance on the Privacy Shield, you may also have the right to opt-out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. To submit such requests, please email us at privacy@precisionlender.com.

Please note that as a Processor, we have limited rights to access data submitted to us by our clients. Therefore, if you contact us with an opt-out or revocation request related to Personal Data submitted to us by a client, we will ask you to tell us the identity of the relevant client. We will forward your request to that client, and provide any needed assistance as they respond to your request.

Access

Subject to local data protection laws, you may have the right to request that we disclose to you the categories and specific pieces of Personal Data that we have collected over the past 12 months. Upon receiving a verifiable request from you to access Personal Data, we will promptly take steps to disclose and deliver, free of charge to you, the Personal Data required. We will deliver this information electronically in a portable and, to the extent technically feasible, readily useable format that allows you to easily transmit the information.

In addition, if Personal Data you have submitted through the website is no longer accurate, current, or complete, you may request that we update it.

Deletion

Subject to local data protection laws and with certain exceptions, you may have the right to request that we delete any of your Personal Data that we have collected. Upon receiving a verifiable request from you, we will delete (and, if applicable, direct our service providers to delete) your Personal Data from our records, unless an exception applies.

Exercising Your Rights

To exercise your rights, contact us using one of the methods outlined in the Contact Information below. Upon receipt of your request, we will work promptly to process it, and will contact you if we need additional information from you in order to verify the request.

Non-Discrimination

We will not discriminate against a consumer for exercising any rights.

9. Security

We use robust security measures to protect Personal Data from unauthorized access, maintain data accuracy, and help ensure the appropriate use of such data. When our service is accessed using an updated web browser, Transport Layer Security (TLS) technology protects the Personal Data and client data using both server authentication and data encryption. These technologies help ensure that such data is safe, secure, and only available to the client to whom the information belongs and those to whom the client has granted access.

10. Location and Transfer

As an organization with a global presence, we have operations in several locations around the world. For our client data, we work closely with each organization to ensure we meet their data sovereignty requirements. For other Personal Data collected, we may transfer information to, or access it from, countries outside an individual’s country of domicile. We take steps to ensure that all Personal Data receives an adequate level of protection in the countries in which we process it. Further information regarding the international transfer of Personal Data may be obtained by contacting us at privacy@precisionlender.com.

11. EU-U.S. Privacy Shield Framework

We participate in and certify our compliance with the EU-U.S. Privacy Shield Framework (the “Privacy Shield”), as set forth by the U.S. Department of Commerce, regarding the processing of Personal Data transferred from the European Union, the European Economic Area, or the United Kingdom to the United States, or otherwise received in reliance on the Privacy Shield. We commit to, adhere to, and have certified to the Department of Commerce that we adhere to, the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

We are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

12. Children

Our websites and platform are not directed at children under the age of 16 and we do not knowingly collect information from anyone under 16. If you believe a child has provided us with Personal Data, please contact us using one of the methods outlined in the Contact Information below. If we become aware that a child under 16 has provided us with Personal Data, we will take the necessary steps to delete such information.

13. Changes To This Policy

We reserve the right to change, modify, add, or remove portions of this statement from time to time and in our sole discretion, but we will alert you that changes have been made by indicating on the Policy the date on which it was last updated. When you visit the website, you are accepting the current version of this Policy as posted on the website at that time. We recommend that users revisit this Policy on occasion to learn of any changes.

14. Contact Information and Dispute Resolution

In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your Personal Data. Any questions or concerns regarding the use or disclosure of Personal Data should first be directed to us at privacy@precisionlender.com or by postal mail:

PrecisionLender
Attn: Deputy General Counsel
4201 Congress Street, Suite 200
Charlotte, NC 28209, United States

We will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of Personal Data. For complaints related to the processing of Personal Data that we receive in reliance on the Privacy Shield that cannot be resolved between us and the complainant, we have agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute.

For HR-related data of prospective employees, if a complaint or dispute cannot be resolved through our internal process, we commit to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to human resources data transferred from the EU in the context of a potential employment relationship.

If your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you under the Privacy Shield’s “Recourse, Enforcement and Liability Principle” and Annex I of the Privacy Shield.