1. Introduction

RightCard Payment Services Ltd is regulated and authorised by the Financial Conduct Authority (“FCA”) and a subsidiary of Pomelo Technology US Inc. which comprise a group of companies (“Pomelo Group”or “we”) and respects your right to privacy. This Privacy Notice explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Privacy Notice applies to personal information that we and other third-party entities collect through your use of our app, LemFi Mobile Application (“LemFi App” or “Application” or “App”), and the Credit Services accessible through the LemFi App.

Application users, clients, customers, account holders are referred to collectively as “Users” or "you". The Application together with the Services and all content contained therein are referred to collectively as the “Resources” or “Credit Services” as further described in our Terms & Conditions. Please read this Notice carefully to understand our policies and practices for collecting, processing, and storing your personal information. If you do not agree with our policies and practices, your choice is not to use the Credit Services.

We provide Credit Services as an approved Independent Appointed Representative (“IAR”) in conjunction with other third-party entities collectively referred to as “Service Providers'', including Fintern Ltd trading as “Abound”(''Abound”). If you do not accept our and or ABOUND’s policies and practices then you are choosing to decline the use of our Credit Services. Please read ABOUND Privacy Notice and Terms & Conditions of Service.

Similarly, we may rely on the services of different Credit reference Agencies and its subsidiaries, affiliates to provide Credit Services, including Equifax If you do not accept the Privacy Notice (Terms & Conditions) of any Credit Reference Agency including Consent Online then you are choosing to decline the use of our Credit Services.

Credit Services means your current or future use of our Credit Services, including, but not limited to the delivery, management, marketing and processing of such Services, whether through us or third party Service providers.
Our Data Protection Officer can be contacted at the following email address: dataprivacycounsel@lemfi.com

2. Who are we?

RightCard Payment Services Ltd with its registered seat at B7b St. Faiths Street, Maidstone, Kent, England ME14 1LH, United Kingdom. For the purposes of how we use your personal information across our brands and platforms (e.g. our websites and apps) in the ways described in this Privacy Notice, RightCard Payment Services Ltd is the main Data Controller.

Personal information provided to, or collected by, us when you use our Application in respect of Credit Services is controlled by RightCard Payment Services Ltd. The associated processing of your personal data takes place on the basis of a joint controller arrangement between ABOUND and Equifax. Under this arrangement, RightCard Payment Services Ltd will at all times be available for data subjects (customers) to address any concerns or questions and/or allow them to exercise their rights under domestic applicable data protection laws regarding their personal information.

We are committed to safeguarding the personal information of our customers, users, employees and other stakeholders, while helping our customers, employees, investors and society create a deeper impact and make the right decisions.

3. What is Our Relationship with ABOUND

ABOUND Ltd is an independent, regulated and authorised lender which may process a number of loan applications linked to your personal and financial information that it collects from us, as provided by you through the LemFi App, Consent Online, Open Banking Services or information obtained in any other manner. This includes but is not limited to the following:

• Performing financial and credit suitability analysis on your financial information;
• Obtain your credit references from Equifax and conduct verification of your financial information, including your income, current or past residential addresses;
• Access your bank account information via Open Banking platform to assess your income, outgoings and affordability for our Credit Services;
• Provide underwriting (criteria for lending) and apply that to all your financial and personal information to determine your eligibility and suitability for Credit Services based on automated decision making process;
• Determine lending limits and repayment plans for customers;
• Review and manage customers credit ledgers and reconcile repayments;
• Advise us on whether to make credit available to individual customers;
• Manage collection and debt sale Services in the event of overdue payments and default for non-payment by customers;
• Review customer Credit applications;
• Advise us on Credit Services applications related to customers and manage the customer Credit Application journey, including subsequent processing of the Credit Services account of customers.

We are Independent Authorised Representative (“IAR”) of ABOUND Ltd. It is ABOUND Ltd which processes, authorises and disburses any loan granted to you.

4. What is Our Relationship with Credit Reference Agencies

We, together with ABOUND, use Credit Reference services to obtain and verify current and historical financial information about our customers to assess their suitability for Credit Services. Credit Reference services provides us ABOUND with an individual customer financial credit report based on numerous financial checks and categorisation of the bank account transactional data it collects and processes from internal and external databases. These include, but are not limited to, income history, financial outgoings, previous defaults on loans amongst other information on customers.

We, together with ABOUND, also review a customer’s financial data through Open Banking to assess payment history, income, expenditure, and overall creditworthiness to determine affordability.

The financial information collected on customers helps us and ABOUND to decide whether to offer Credit Services to an individual customer.

Please refer to the type of information Credit Reference Agencies collects and processes as contained in their Privacy Notice and Credit Reference Agency Information Notice.

5. What is our relationship with other Services Providers:

(a)TrueLayer: We use TrueLayer for payments similar to Remittance Service but we use them as a VRP service: Variable Recurring Payments, which allow customers to connect with authorized payment providers to their bank accounts. Using TrueLayer allows ABOUND to collect loan repayments from customers. Please refer to the TrueLayer Privacy Notice on how it processes your personal data. We may also use other Open Banking service provider as required from time to time.

(b)Marqeta: Provides personal identifiable information, address, PAN (card) number to create an account and transactional details (purchase amount, merchant, available limit or balance) to enable customers to use the cards. Please refer to the Marqeta Privacy Notice on how it may process your personal data.

(c)Visa: we don’t share any data directly with visa. All the data exchange happens with Marqeta and may involve Visa to process card payments for customers. Please refer to the Visa Privacy Notice.

6. How do we collect personal information?

We collect personal data about you in the following ways:

• directly from you when you fill in information on the LemFi App, manage your loan online or correspond with us by email, phone or otherwise;
• by observing how you access and use our products and services. For example, how you use our website or how you manage your accounts with LemFi. This includes recording how and when you submit your loan application and other information to us;
• from organisations that have your consent to share your data with us or for a separate legal basis for a specific or defined purpose. This could include for direct marketing or assessing your eligibility for a partner's product which may be suitable for you;
• from public sources, for instance the Companies House register, the Individual Insolvency Register, the 'Open Register' part of the electoral register. This may include tracing you if you have moved in order to recover monies owed to us; and
• from third-party organisations such as Credit Reference Agencies, Fraud Prevention Agencies and Account Information Service Providers. The Credit Reference Agencies provide information on your financial behaviour. This is referred to as your credit history that gives us and ABOUND as a Lender information on how you manage your finances (including things like your mortgage, credit cards overdrafts, loans, mobile phone contracts, and utilities).

7. What data do we collect?

The information we may collect about you will vary depending on how you interact and engage with us. It may include the following:

• Personal identification information, such as name, date of birth, place of birth, nationality, gender, email, address, demographic information, and phone number. We may verify your address via utility bills or through an electronic address verification method.
• Supplemental identification information, such as government-issued identity documents, live photo images captured, passport, driver’s license, national insurance number(as applicable).
• Information about your device (name, type and unique identifier, software version, language, timestamp, and timezone associated with the device), IP address and location.
• Financial information, including but not limited to, income, sources of income, employment including but not limited to self employment, full and part-time employment, pension, salary, outgoings, loans, existing credit and debts, rent payable, mortgages, credit cards, any other financial commitments of a customer and previous defaults, banking history, bank accounts and information related to bank accounts (financial statements); any other information made available by Credit Reference Agencies , customers or via Open Banking platform.
• Information on your behaviour on our App, including screens viewed, links clicked keystrokes, and actions taken; including use of any functions/features or failure to verify the account or lack of transactions (dormant position) and User Application activities carried out within the App.
• User location searches.
• Communications data, including messages, comments, or file transmissions.
• Information about your internet connection, the equipment you use to access our Resources, and usage details.
• Information specific to our App, including that provided during your use of the app.
• Credit transaction information, including information related to the use of the Services, types of Services requested, dates and times of such requests, payment methods, information on the use of Credit Services, including but not limited to frequency of use, how and when a Credit Card was used in conjunction with Credit Services and other similar information.
• Additional information required by the Company (in its sole discretion) to verify a User's identity, which may include capturing the image of your face in real time for facial matching and/or recognition.
• Any other information relevant to issuance, management, processing and delivery of Credit Services in conjunction with our third-party Service providers, including but not limited to, information required by ABOUND and Credit Reference Agencies (as applicable from time to time).
• Any personal information you may provide us through social media channels or promotions held by us or our partners.
• information collected from Credit References Agencies, Fraud Prevention Agencies and Account Information Service Providers. We will collect this information at the point you first enquire about your loan and on a continuing basis as we manage your loan
• open banking data that you have authorised us to access
• details of the loan(s) you hold and have held with us;
• details of any contacts that we have had with you;
• details of how you applied for your loan (for example which browser you applied with);
• details of any contact with us including any telephone, email or other communication with you; and
• information collected through customer feedback surveys;and
• Information on transactions related to the Remittance, Credit, or Card products to evaluate your use of our services, and for any other analysis.

8. How do we use your personal information?

We may use your information:

• to process and complete your application for a loan;
• to search Credit Reference Agencies' and Fraud Prevention Agencies' records;
• to make an initial lending decision and to assess your eligibility for additional borrowing;
• to set up and process payments and prevent fraudulent transactions;
• to communicate effectively with you when applying for, agreeing to and undertaking the loan agreement, to effectively answer and manage any questions, concerns or complaints you may have;
• to update our records and maintain your account with us;
• to offer you products and/or services that may be of interest to you, where you have consented to be contacted for such purposes. This may include us making periodic searches at Credit Reference Agencies;
• to monitor, review and improve the content and appearance of our website, to ensure it is presented in the most effective manner for you;
• to maintain and develop our business systems, including without limitation, testing and upgrading them;
• to trace your whereabouts if we cannot contact you;
• to recover any money you owe us;
• to comply with our legal and regulatory obligations;
• for any other specific purpose which we notify you of at the time your personal information is collected;
• to pre-populate fields on our site to make it easier for you to navigate when you return to our website and login as an existing customer; and
• to help us analyse our business and develop marketing strategies, develop products and improve our advertising materials.
• We may monitor and record calls, emails, SMS and other communications to ensure transactions are executed correctly, detecting any vulnerabilities you may have, and for security, quality control, training and fraud prevention purposes.
• If we cannot offer you a product, we may check your eligibility for loans and/or other relevant credit products from our panel of trusted lenders and brokers. We will always seek your consent to do this and in assessing eligibility our partners will always use soft checks which will not impact your credit file.
• We may collect your personal information for the purpose of assessing the interest in our credit Product prior to its launch and subsequent offer.
• We use the loan amount granted to a User and assign that to the User’s Card (virtual or physical) to allow them to use the Card to make use of the Credit granted.

9. Why do we process your personal information?

We collect and use your personal information where it is necessary for us to carry out our lawful business activities. Our grounds for processing your data are as follows:

(a) Contractual necessity
We may process your information where it is necessary to enter into a contract with you or to perform our obligations under that contract. This may include processing to:

• assess your eligibility for the products and services we provide,
• sharing information to assess your creditworthiness with Credit Reference Agencies, Fraud Prevention Agencies and Account Information Service Providers;
• To provide you with credit which is enabled and used through the use of virtual or physical card only.
• to assess your eligibility for similar products including new loans. This may include making periodic searches at Credit Reference Agencies;
• provide and administer the products we offer, including:
  • setting up your account;
  • verifying your contact information;
  • collecting and providing to you required information and documents including statements and formal notices;
  • disbursing money and processing payments;
  • to manage fees, charges and interest due on your account;
  • to send you service communications and notices required by law;
  • to collect and recover outstanding sums owed to us; and
  • to address any enquiries or complaints we receive from you or a representative you have appointed.

(b) Legal obligation
We may process your data where it is a legal or statutory obligation on us. This may include processing to:

• confirm your identity;
• detect, investigate and report transactions in order to comply with laws relating to money laundering, financial crime and international sanctions;
• assess affordability of any credit products for which you apply;
• detecting, investigating and reporting financial crime, and taking measures to prevent this;
• maintain records of our business as required by law;
• complying with laws which require us to provide information, directly or indirectly to any national authority, for the purpose of the calculation and collection of tax;
• responding to enquiries and requests for information by any of our Regulators including the Financial Conduct Authority and Information Commissioner's Office;
• creating and submitting reports required by any of our Regulators;
• to otherwise meet our obligations under all laws and regulations and codes of practice which apply to our business activities; and
• where we have a duty to protect vulnerable customers and provide them with support.

(c) Legitimate interest
We may process your information when we have a business or commercial reason to do so. If we do, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is. This may include processing to:

• develop new products and services and identifying which may be of interest to you;
• contacting you to make you aware of such products and services, where we have the relevant permission to do so. This may include a reasonable period after your relationship has ceased with us;
• statistical analysis, analytics and profiling, for example, to create scorecards, models and variables in connection with the assessment of credit, fraud, vulnerabilities, risk or to verify identities, to monitor and predict market trends, and for analysis such as loss forecasting;
• monitor, review and improve the content and appearance of our website, to ensure that content from our website is presented in the most effective manner for you assess how our customers use our website, products and services;
• maintain and develop our business systems, including without limitation, testing and upgrading them;
• sharing information with organisations who introduce you to us under a commercial agreement;
• to recover monies owed;
• to sell debts to other firms;
• to share your information with third parties for the purpose of preventing fraud and financial crime; and
• to obtain finance for the products we provide; and
• We may collect your personal data for the purpose of the Credit product “loans” before the launch of the product to assess your interest in our product.

(d) Who do we share your personal information with?

• We may use third-party companies to provide services on our behalf. This may require these organisations to access and process your personal data. These may include:
• Credit Reference Agencies;
• Fraud Prevention Agencies including CIFAS;
• Account Information Service Providers;
• communications service providers offering mail, email and SMS text services;
• Debt Collection Agencies, Debt Management Companies and companies specialising in customer reconnection, asset repossession and general information-gathering visits;
• debt purchasers;
• customer survey providers in order to receive feedback and improve our services;
• IT service providers;
• data security providers for debugging and product improvement purposes;
• legal service providers;
• digital and direct marketing service providers;
• third party quality assurance providers
• payment processors;
• trusted lenders and brokers who will assess your eligibility for products; and
• Prospective assignees of your account; and
• Abound Ltd as the lender.

(e) How do we use Credit Reference Agencies?

• To process your application, we will perform credit and identity checks on you with one or more credit reference agencies ("CRAs"). Where you take services from us we may also make periodic searches at CRAs to manage your account with us. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
• We will use this information to:
• assess your creditworthiness and whether you can afford to take the product;
• verify the accuracy of the data you have provided to us;
• prevent criminal activity, fraud and money laundering;
• manage your account(s);
• trace and recover debts; and
• ensure any offers provided to you are appropriate to your circumstances.

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your accounts including settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt and payment performance. This information may be supplied to other organisations by CRAs.

When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders or financial services providers.

Where you have a financial association with someone your records may be linked, so you should discuss your application with them before you make it. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully file for a disassociation with the CRAs to break that link.

(f) How do we work with Fraud Prevention Agencies?
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance.

The Fair Processing Notices for Cifas provides further details on how your information will be used by us and these fraud prevention agencies, and your data protection rights.

(g) How do we use Account Information Service Providers?
We use a tool provided by TrueLayer Limited (www.truelayer.com) ("TrueLayer") that allows you to send information on your payment accounts to us and other service providers.

In order to use this service, you will be asked to agree to their Terms of Service and enter your payment account details with TrueLayer or, for Open Banking connections, you will be redirected to your bank by TrueLayer in order to authenticate yourself. The Terms of Service set out the terms on which you agree to TrueLayer accessing information on your payment accounts for the purposes of transmitting that information to us.

10. Result of Processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide financing to you. If you have any questions about this, or believe that your information has been processed inaccurately, please contact us at the address above.

11. How can you amend your marketing preferences?

When we first collect your data, we will give you the opportunity to confirm your preferences. Any electronic marketing communications we send you will include clear instructions to follow should you wish to unsubscribe at any time. You may also amend your contact preferences in the following ways:
- by notifying customer services via email or telephone.

12. What are your personal data rights?

As a data subject, you have a number of rights:

• the right to access the personal data we hold about you;
• the right to rectify inaccurate personal data or complete it if it is incomplete;
• the right to have your personal data deleted;
• the right to request restriction of or suppression of your personal data;
• the right to obtain and make use of your personal data for your own purposes across different services ("portability");
• the right to object to the processing of your personal data in certain circumstances;
• rights related to automated decision-making including profiling, and
• the right to withdraw consent at any time. In certain circumstances, we may need to get your consent before we can access or process your personal data. If this happens, we will always ask for your consent first. If you have given us consent in the past but subsequently change your mind, you can withdraw your consent at any time.

Your data protection rights are subject to certain restrictions and conditions and financial organisations are required to retain a range of your information for legal and regulatory reasons including responsible lending and the prevention of financial crime. LemFi or ABOUND is required to keep a record of all the relevant information reported to the Credit Reference Agencies about you and any additional information which is retained by LemFi and Abound for their sole record keeping for any regulatory compliance for six years from the date that the loan is settled/closed. If your account is recorded as defaulted, the data is kept for six years from the date of the default. This may be extended where we require this to bring or defend legal claims.

If you think that any of the personal data we hold about you is wrong or incomplete you have the right to challenge it.

We will not make a charge for handing your rights request, unless we consider it to be manifestly unfounded or excessive involving a disproportionate effort (particularly if this is a repeated request).

We will assess your request and if we decide not to act upon it or place certain restrictions on it, we will inform you of our reasons for this.

You have the right to complain to us and to the data protection regulator, the Information Commissioner's Office. Their address is: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. They can be contacted by phone on 0303 123 1113 (local rate) or 01625 545745 if you prefer to use a national rate number.

You can find details on how to report a concern at: https://ico.org.uk/make-a-complaint/

13. What is 'Special categories' of personal data

We will not typically ask you for any 'special categories' of personal data. This is also referred to as 'sensitive personal data' and includes information revealing an individual's political opinions, racial or ethnic origin, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning an individual's sex life or sexual orientation.

We may process personal data about your health or medical conditions, where we need to understand this to provide you with support, or to make adjustments in how we provide you with information or provide you with additional services that you may need. Companies acting on our behalf specialising in identifying vulnerable customers or customer reconnection and information gathering visits may also process personal data about your health or medical conditions for this purpose. If we process such data, we will do so to comply with our legal obligations to support you if you are, or become a vulnerable customer, and to establish, take or defend any legal action.

14. How long do we keep your personal information?

We will retain your personal data for as long as we are required to under relevant legislation and regulation, and where no specific rules apply, for no longer than it is necessary for our lawful purposes. This will usually be no more than six years from the end of our relationship with you. The retention period of your personal data may need to be extended where we require this to bring or defend legal claims.

We may also retain data for longer periods for statistical purposes, and if so we will anonymise this.

15. How do we protect your information?

We use leading cloud services such as AWS that have adopted industry security best practice frameworks to protect your data in transit and at rest. In addition, we comply with best practice security standards.

16. How do we use automated decisions?

We may use your personal data in automated processes to make decisions about you. You have the right not to be subject to a decision based solely on automated processing, if this will have a legal or other significant effect on you (certain exceptions apply).

We use automated decision making in:
credit scoring and affordability assessment. We use data collected from yourself through online forms, your use of our site and Credit Reference Agencies and other third parties to assess your creditworthiness and affordability of the product applied for. If you do not agree with the decision you have the right to appeal the outcome of these automated decisions and ask for them to be reconsidered manually. Lendable may require additional relevant information to be provided by you before human oversight of a specific decision will take place;

fraud and money laundering risk identification. If our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with information that you have provided previously, or you appear to have deliberately hidden your true identity we may decide that you pose a fraud and money laundering risk;

profiling to identify whether you are suitable for products and services we offer and to inform you of these. This profiling will be conducted by us when assessing suitability of existing customers for new loans. We will use profiling in conjunction with our partners when developing new prospect marketing campaigns; and

determining appropriate action to take, where your account has gone into arrears or default. You have the right to ask for this to be reconsidered manually.

17. Children’s Personal Information:

Our Resources are not intended for persons under 18 years of age. No one under age 18 may provide any information to or on the Resources. We do not knowingly collect personal information from persons under 18. If you are under 18, do not use or provide any information on this Resource or through any of its features, register on the Resource, make any purchases through the Resource, use any of the interactive or public comment features of this Resource, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a person under 18, we will reject the application or close the account and delete that information. If you believe we might have any information from or about a child under 18, please contact us at dataprivacycounsel@lemfi.com.

We may undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. For example, we obtain data from companies providing fraud prevention and ‘KYC’ (know your client) information for AML (anti-money laundering), sanctions and credit reference agencies checks (we will also need to share data with these types of agencies).