PrecisionLender is committed to protecting your privacy
Last Updated: December 14, 2020
2. Types of Data and Collection Methods
We receive data that you actively submit, as well as data that we track. This includes:
Our PrecisionLender platform is provided as a Software-as-a-Service (SaaS) solution for commercial banks. It collects, processes, and stores data under the direction of our clients as a Processor, as such term is defined within Article 4 of the EU General Data Protection Regulation (GDPR). While the primary purpose of our platform is to process commercial loans, it is our clients who choose what business data they share with us based on the services they use, and they own all rights in and to their business data. If Personal Data is uploaded by a client, we have no direct relationship with the individuals whose Personal Data that our platform processes on behalf of such client. For this reason, an individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his/her query to the relevant client (who is the Controller, as such term is defined within Article 4 of the GDPR). If the client asks us to remove the data, we will respond to their request within 10 business days of such request. As stated in our Terms of Service, Consumer information such as social security numbers, driver’s license numbers, and financial account numbers (“Prohibited Customer Data”) should never be provided to us or uploaded and/or entered into the services.
To provide and support our platform and service, as well as to market to new clients, we retain Personal Data of the individuals who are employed by our clients, prospective clients, suppliers, and business partners. This data is limited in nature and consists of business contact information such as name, email address, phone number, and physical office address.
3. Collection Purposes, Use of Personal Data
We use Personal Data for the following purposes:
4. Bases of Processing Personal Data
We collect and process your information as a Controller when we have a legal basis to do so. The following legal bases pertain to our collection of data:
Where we act as a Processor, we process Personal Data based on the instructions of our clients.
5. Data Retention
We do not store the Personal Data for longer than is legally permitted and necessary for the related processing purposes. The storage period depends on the type of Personal Data, the purposes of use, and applicable law, and therefore varies per use.
Typically, we store Personal Data for as long as the user is using our platform or services or for as long as we have another purpose to do so and, thereafter, for no longer than is required or permitted by law or necessary for internal reporting and reconciliation purposes.
We erase Personal Data provided by you after the above described storage period or when a client or individual provides us with a verified request to erase the data, subject to laws and regulations that allow us to deal with the request in a different way.
6. Sharing Personal Data with Third Parties
We share Personal Data within our organization, which may include our affiliates and subsidiaries, if and as far as necessary for the purposes specified in this Policy. Our employees processing Personal Data are bound by confidentiality obligations.
We may share Personal Data with our contracted service providers, who process Personal Data on our behalf pursuant to the legal bases described above or as required by law.
Our service providers may provide:
Some of these service providers may be located outside of the United States. However, before transferring your Personal Data to these service providers, we will either ask for your explicit consent or require that they maintain at least the same level of privacy and security for your Personal Data that we do.
We are not in the business of selling or renting your Personal Data to telemarketers and we do not share your Personal Data with others, except as outlined in this Policy. We may share your Personal Data as required by law or in the interest of protecting or exercising our or others’ legal rights, such as in connection with requests from law enforcement officials and in connection with court proceedings. If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.
We reserve the right to share or transfer your Personal Data in connection with a prospective or actual sale, merger, transfer or other reorganization of all or parts of our business. We reserve the right to use and disclose de-identified and non-attributable data for any legal business purpose, provided that such data does not include any Personal Data. The purposes may include, but are not limited to, analyzing usage trends or seeking compatible event sponsors or clients.
7. Links to Third Party Websites
When you click on a link to a third-party website from our websites, your activity and use of the linked website is governed by that website’s policies, not by our policies. We encourage you to review their privacy and user policies.
8. Individual Data Rights
In connection with promotions or other projects, we may ask you specifically whether you have objections to certain uses or sharing of your Personal Data. If you opt-out under such circumstances, we will respect your decision. To opt out of receiving commercial communications from us, please click on the “opt-out” link in the communication or contact us using one of the methods outlined in the Contact Information below.
If we have received your Personal Data in reliance on the Privacy Shield, you may also have the right to opt-out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. To submit such requests, please email us at firstname.lastname@example.org.
Please note that as a Processor, we have limited rights to access data submitted to us by our clients. Therefore, if you contact us with an opt-out or revocation request related to Personal Data submitted to us by a client, we will ask you to tell us the identity of the relevant client. We will forward your request to that client, and provide any needed assistance as they respond to your request.
Subject to local data protection laws, you may have the right to request that we disclose to you the categories and specific pieces of Personal Data that we have collected over the past 12 months. Upon receiving a verifiable request from you to access Personal Data, we will promptly take steps to disclose and deliver, free of charge to you, the Personal Data required. We will deliver this information electronically in a portable and, to the extent technically feasible, readily useable format that allows you to easily transmit the information.
Subject to local data protection laws and with certain exceptions, you may have the right to request that we delete any of your Personal Data that we have collected. Upon receiving a verifiable request from you, we will delete (and, if applicable, direct our service providers to delete) your Personal Data from our records, unless an exception applies.
Exercising Your Rights
To exercise your rights, contact us using one of the methods outlined in the Contact Information below. Upon receipt of your request, we will work promptly to process it, and will contact you if we need additional information from you in order to verify the request.
We will not discriminate against a consumer for exercising any rights.
We use robust security measures to protect Personal Data from unauthorized access, maintain data accuracy, and help ensure the appropriate use of such data. When our service is accessed using an updated web browser, Transport Layer Security (TLS) technology protects the Personal Data and client data using both server authentication and data encryption. These technologies help ensure that such data is safe, secure, and only available to the client to whom the information belongs and those to whom the client has granted access.
10. Location and Transfer
As an organization with a global presence, we have operations in several locations around the world. For our client data, we work closely with each organization to ensure we meet their data sovereignty requirements. For other Personal Data collected, we may transfer information to, or access it from, countries outside an individual’s country of domicile. We take steps to ensure that all Personal Data receives an adequate level of protection in the countries in which we process it. Further information regarding the international transfer of Personal Data may be obtained by contacting us at email@example.com.
11. EU-U.S. Privacy Shield Framework
We participate in and certify our compliance with the EU-U.S. Privacy Shield Framework (the “Privacy Shield”), as set forth by the U.S. Department of Commerce, regarding the processing of Personal Data transferred from the European Union, the European Economic Area, or the United Kingdom to the United States, or otherwise received in reliance on the Privacy Shield. We commit to, adhere to, and have certified to the Department of Commerce that we adhere to, the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.
We are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Our websites and platform are not directed at children under the age of 16 and we do not knowingly collect information from anyone under 16. If you believe a child has provided us with Personal Data, please contact us using one of the methods outlined in the Contact Information below. If we become aware that a child under 16 has provided us with Personal Data, we will take the necessary steps to delete such information.
13. Changes To This Policy
We reserve the right to change, modify, add, or remove portions of this statement from time to time and in our sole discretion, but we will alert you that changes have been made by indicating on the Policy the date on which it was last updated. When you visit the website, you are accepting the current version of this Policy as posted on the website at that time. We recommend that users revisit this Policy on occasion to learn of any changes.
14. Contact Information and Dispute Resolution
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your Personal Data. Any questions or concerns regarding the use or disclosure of Personal Data should first be directed to us at firstname.lastname@example.org or by postal mail:
Attn: Deputy General Counsel
4201 Congress Street, Suite 200
Charlotte, NC 28209, United States
We will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of Personal Data. For complaints related to the processing of Personal Data that we receive in reliance on the Privacy Shield that cannot be resolved between us and the complainant, we have agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute.
For HR-related data of prospective employees, if a complaint or dispute cannot be resolved through our internal process, we commit to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to human resources data transferred from the EU in the context of a potential employment relationship.
If your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you under the Privacy Shield’s “Recourse, Enforcement and Liability Principle” and Annex I of the Privacy Shield.