This Privacy Policy describes how Lendisys ("we," "us," or "our") collects, uses, and discloses
your information in connection with your use of our website (lendisys.com) and our loan
origination system services (collectively, the "Services").
In short: we do not set analytics or marketing cookies until you agree to
them. If you want to know exactly which cookies we use and change your choice, see our
Cookie Policy or open
Cookie Settings.
1. Who We Are and How to Contact Us
For personal data collected through this website, the data controller is
„PLANTON SOLUTIONS” S.R.L., trading as Lendisys — a company registered in the Republic
of Moldova under IDNO 1010600041937, at strada Moara Roșie 5/E, ap. 34, MD-2005, Chișinău,
Republica Moldova.
You can reach us about any privacy matter at
contact@lendisys.com.
We have not appointed a Data Protection Officer. You can raise any data protection question with
us at the address above.
Controller and processor
The distinction matters for who you contact about your data:
- For data you give us directly through this website — a contact form, a demo request, a
newsletter sign-up — we are the controller. This policy applies, and you
should contact us.
- For borrower or applicant data processed inside our loan origination system on behalf of a
financial institution, that institution is the controller and we are its
processor. We handle that data only on their documented instructions, under a
written agreement that meets Article 28 of the UK GDPR and EU GDPR. If you are a customer of
a lender that uses Lendisys, please direct your request to that lender — they are required to
answer it, and we will support them in doing so.
2. Information We Collect
Information You Provide to Us
- Contact Information: When you request a demo, contact us, or subscribe to
our newsletter, you may provide us with your name, email address, phone number, company name,
and job title, along with anything you choose to write in a message to us.
- Demo and Service Data: When your financial institution uses our Services, it
may upload data necessary for the loan origination process. This is client-controlled data
for which we act as processor, as explained above.
Information We Collect Automatically
- Log and Usage Data: We collect standard log information, including your IP
address, browser type, operating system, pages viewed, and the dates and times of your
visits.
- Cookies and Similar Technologies: If you consent, we use cookies and similar
technologies to analyse trends and measure our advertising. Our
Cookie Policy describes the cookies we use and what each one
is for.
- Anti-spam: Our contact page uses Google reCAPTCHA to tell real visitors from
bots. reCAPTCHA collects device and behaviour signals and is subject to
Google's
Privacy Policy.
3. How We Use Your Information and Our Legal Bases
Under the UK GDPR and EU GDPR we must have a lawful basis for each purpose. Ours are:
| What we do |
Lawful basis |
| Respond to your enquiry or demo request and correspond with you about it. |
Legitimate interests (Art. 6(1)(f)) — answering someone who
has approached us about our product. Where the exchange leads towards a contract,
steps prior to entering a contract (Art. 6(1)(b)). |
| Send you marketing emails and our newsletter. |
Consent (Art. 6(1)(a)), which you give by subscribing and can
withdraw at any time via the unsubscribe link in any message or by emailing us. |
| Analytics cookies, which tell us how the site is used. |
Consent (Art. 6(1)(a)), given through our cookie banner and
withdrawable at any time via Cookie Settings. |
| Marketing cookies, including Google Ads measurement and HubSpot. |
Consent (Art. 6(1)(a)), given and withdrawable in the same way. |
| Keep the site secure and protect our forms from spam and abuse. |
Legitimate interests (Art. 6(1)(f)) — keeping our service
available and free from abuse. |
| Provide the Services under our agreement with a client institution. |
Performance of a contract (Art. 6(1)(b)) with that institution;
for borrower data we act as processor on its instructions. |
| Meet our legal, regulatory and accounting obligations. |
Legal obligation (Art. 6(1)(c)). |
Where we rely on legitimate interests, we have weighed our interest against your rights and
freedoms, and you have the right to object at any time — see section 8.
4. Cookies and Tracking Technologies
We do not set any cookie beyond those strictly necessary to run the site until you tell us we may.
When you first arrive you can accept all, reject all, or choose category by category. You can
change or withdraw that choice at any time through
Cookie Settings, linked from the footer of every page —
withdrawing is as easy as consenting. Our Cookie Policy describes the
cookies we use, their purpose and their lifetime.
5. How We Share Your Information
We do not sell your personal information. We share it in these circumstances:
- With Service Providers: vendors who process data on our behalf under
contract, including our website analytics providers, our CRM and marketing
platform (HubSpot), our advertising platform (Google Ads), and our hosting provider
Hetzner Online GmbH (Germany).
- As Required by Law: where disclosure is required by applicable law,
regulation, or legal process, or to establish or defend legal claims.
- Business Transfers: in connection with a merger, sale of assets, financing,
or acquisition of all or part of our business.
- With Your Consent: for any other purpose you agree to.
6. International Data Transfers
Some of our providers are outside the UK and the European Economic Area, which means your data may
be transferred to and processed in those countries.
United States providers
Google (Analytics, Ads and reCAPTCHA) and HubSpot are United States providers. Transfers to them
are governed by the data protection terms of our agreements with each provider. Note that our
contact form submission includes your IP address in the record we send to HubSpot, so that
transfer occurs whenever you submit the form.
You may request details of the safeguards that apply to any transfer by emailing
contact@lendisys.com.
7. How Long We Keep Your Information
We keep personal data only as long as we need it for the purpose we collected it for:
| Data |
Retention period |
| Contact form and demo request enquiries |
24 months from our last contact with you |
| Newsletter subscriber records |
Until you unsubscribe. We then keep a minimal suppression record indefinitely, so that we do
not contact you again by mistake |
| Website analytics data (Google Analytics) |
2 months |
| Website analytics data (other analytics providers) |
Retained in line with each provider's own retention schedule. Email us and we
will tell you the current period. |
| Server and security logs |
Up to 14 days |
| Your cookie consent record |
180 days, after which we ask you again |
| Client (Service) data we process for a financial institution |
For the term of our agreement with that institution and as instructed by it;
deleted or returned on termination in line with that agreement |
Where we must keep records for legal, tax or accounting reasons, we retain them for the period
required by law even if the periods above have passed.
8. Data Security
We implement technical and organizational measures designed to protect your information from loss,
theft, misuse, and unauthorized access, disclosure, alteration, and destruction. As our clients
are financial institutions, we adhere to standards of data security appropriate for the financial
technology industry.
9. Your Data Protection Rights
If you are in the UK or the EEA, you have the following rights over your personal data. They are
free to exercise, and we will respond within one month.
- Access — obtain a copy of the personal data we hold about you (Art. 15).
- Rectification — have inaccurate or incomplete data corrected (Art. 16).
- Erasure — have your data deleted where we no longer have grounds to keep it
(Art. 17).
- Restriction — ask us to pause our use of your data while a dispute about it
is resolved (Art. 18).
- Portability — receive data you gave us in a structured, commonly used,
machine-readable format, and have it sent to another controller (Art. 20).
- Object — object to processing based on our legitimate interests (Art. 21).
Where you object to direct marketing, we will stop, with no exceptions and no
need to give a reason.
- Withdraw consent — withdraw consent at any time where we rely on it, without
affecting processing already carried out (Art. 7(3)). For cookies, use
Cookie Settings; for marketing email, use the
unsubscribe link in any message.
- Complain to a supervisory authority — if you think we have handled your data
unlawfully (Art. 77). In the UK this is the Information Commissioner's Office
(ico.org.uk); in the
EEA it is the authority in your country of residence, work, or where the issue occurred. We
would appreciate the chance to address your concern first, but you can go to them directly.
To exercise any of these rights, email
contact@lendisys.com. We may need to verify your
identity before we act. If you are a customer of a financial institution that uses Lendisys,
please direct your request to that institution, which is the controller of that data.
10. Automated Decision-Making
We do not make decisions about visitors to this website by automated means that produce legal
effects or similarly significant effects on them.
Our loan origination software does support automated decisioning for our client institutions.
Where a lender uses that capability, the lender — not Lendisys — is the
controller responsible for those decisions and for meeting the requirements of Article 22,
including telling applicants about the logic involved and offering human review. Applicants
should contact their lender.
11. Children's Privacy
Our Services are not directed to individuals under the age of 16, and we do not knowingly collect
personal information from children. If we become aware that we have inadvertently collected such
information, we will take steps to delete it.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make changes, we will revise the "Last
Updated" date at the top of this policy, and where a change materially affects how we use your
data we will give you additional notice and, where required, ask for your consent again.
13. Contact Us
If you have any questions about this Privacy Policy, please contact us at:
Email: contact@lendisys.com
Postal address: „PLANTON SOLUTIONS” S.R.L., strada Moara Roșie 5/E, ap. 34,
MD-2005, Chișinău, Republica Moldova