LemFi | Privacy Notice

Privacy Notice

How LemFi handles your data

上次更新: Aug 16, 2024

Introduction
Who are we?
What data do we collect?
Children’s Personal Information:
How do we collect your data?
How will we use your data?
Data usage and processing
How do we transfer and store your data?
Access to your contact list
Data retention and deletion
Data sharing and disclosure
Marketing
What are your data protection rights?
DATA SUBJECT RIGHTS UNDER THE GRAMM - LEACH -BLILEY ACT (GLBA)
Cookies
Privacy policies of other websites
Changes to our Privacy Notice
Contact us

1. Introduction

This Privacy Notice (the “Notice”) represents the notice of Pomelo Technology US Inc., a Delaware corporation (together with all subsidiaries thereof, the “Company” or "we") regarding the collection, use, and management of personal information belonging to:

All visitors (“Site Visitors”) to the Company’s website located at https://www.lemfi.com/ (the “Website”)
Anyone who downloads or uses (“Application Users”) the Company’s mobile application (the “Application”)
Anyone who enrolls for the Services of the Company (“Clients”)

Services means your current and future use of any of our existing or new products, including, but not limited to the delivery, management, marketing and processing of such Services, whether through us or third party Service provider.

Personal information means any data relating to an individual who can be identified, directly or indirectly, based on that information. This may include information such as names, contact details, (online) identification data, online identifiers or other characteristics specific to that individual.

Site Visitors, Application Users, and Clients are referred to collectively as “Users” or "you". The Website and the Application together with the Services (as defined below) and all content contained therein are referred to collectively as the “Resources” as further described in the User Agreement. Please read this Notice carefully to understand our policies and practices for collecting, processing, and storing your personal information. If you do not agree with our policies and practices, your choice is not to use the Resources.

2. Who are we?

Pomelo Technology US Inc.is a global financial technology company, with the registered address at 251 Little Falls Drive, Wilmington, DE 19808, USA

Pomelo Technology US Inc. group of companies consist of entities that are registered data controllers, and which are the following Pomelo Technology US Inc. as mentioned above; Lemonade Technology Ltd. with its registered seat at B7b St. Faiths Street, Maidstone, Kent, England ME14 1LH, United Kingdom; RightCard Payment Services Ltd. with its registered seat at B7b St. Faiths Street, Maidstone, Kent, England ME14 1LH, United Kingdom; Lemonade Technology Ltd. with its registered seat at 786 King St. W, Toronto, Ontario, M5V 1N6 , Canada; Pomelo Two US LLC with the registered seat at 251 Little Falls Drive, Wilmington, DE 19808, USA; Pomelo Added Services Ltd with its registered seat at 4 , Elbe close, Off Panama Crescent, Maitama, Abuja, Maitama FCT, Nigeria; Pomelo Australia Limited with its registered seat at Level 25, 10 Eagle Street, Brisbane QLD 4000, Australia and Pomelo Remits Europe Ltd with its registered seat at 77 Lower Camden Street, Dublin, D02 XE80, Ireland. For the purposes of how we use your personal information across our brands and platforms (e.g. our websites and apps) in the ways described in this Privacy Notice, Pomelo Technology US Inc. is the main data controller. This Privacy Notice explains how we collect and use information about you when you interact with our websites, apps and Services.

Personal information provided to, or collected by, us via our web pages is controlled by Pomelo Technology US Inc. The associated processing of personal data takes place on the basis of a joint controller arrangement between all companies in the group and its relevant affiliates and subsidiaries. Under this arrangement, Pomelo Technology Inc. will at all times be available for data subjects to address any concerns or questions and / or allow them to exercise their rights under their local applicable data protection laws regarding their personal information.

We are committed to safeguarding the personal information of our customers, users, employees and other stakeholders, while helping our customers, employees, investors and society create a deeper impact and make the right decisions.
If you wish to contact us in relation to questions regarding your personal information, we refer you to the ‘CONTACT US’ section below.

3. What data do we collect?

The information we may collect about you will vary depending on how you interact and engage with us. It may include the following:

Personal identification information, such as name, date of birth, place of birth, nationality, gender, email, address, demographic information, and phone number. We may verify your address via utility bills or through an electronic address verification method
Supplemental identification information, such as government-issued identity documents, live photo images captured, passport, driver’s license, taxpayer identification number or national insurance number, source of income and employment information including its status and history, Social Security Number, Social Insurance Number (as applicable).
Financial information, including but not limited to income/wealth verification documents or bank account statements.
Credit references, credit affordability verification data, credit analysis reports, automated decisions related to individual application for credit facility, where applicable.
Information on your behavior on our website, including pages viewed, links clicked keystrokes, and actions taken including copy/paste functions or failure to verify the account or lack of transactions (dormant position) and User Application activities carried out within the App. Transaction information, including information related to the use of the Services, types of Services requested, dates and times of such requests, payment methods, and other similar information.
Location data, including User location searches
Communications data, including messages, comments, or file transmissions
Information about your internet connection, the equipment you use to access our Resources, and usage details
Additional information required by the Company (in its sole discretion) to verify a User's identity, which may include capturing the image of your face in real time for facial matching and/or recognition.
Any personal information you may provide us through social media channels or promotions held by us or our partners.

4. Children’s Personal Information:

Our Resources are not intended for persons under 18 years of age. No one under age 18 may provide any information to or on the Resources. We do not knowingly collect personal information from persons under 18. If you are under 18, do not use or provide any information on this Resources or through any of its features, register on the Resources, make any purchases through the Resources, use any of the interactive or public comment features of this Resources, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a person under 18, we will reject the application or close the account and delete that information. If you believe we might have any information from or about a child under 18, please contact us at dataprivacycounsel@lemfi.com.

5. How do we collect your data?

Users may provide data directly to us, including our approved independent partners who may offer Services in conjunction with us. The Company may also collect and process data, which may include personal information, when Users:

Register online, participate in promotions, or place an order for any of our products or Services;
Voluntarily complete a customer survey or provide feedback on any of our message boards or via email;
Use or view the Site via its browser’s cookies;
Download or use the Application;
Submit content to the Site, like reviews, messages, or comments;
Enable access to its device’s location tracking functionality, whether the Site or Application is running in the foreground (Application or Site open and onscreen) or background (Application or Site open but not on-screen). Certain functionality may be affected while location data is turned off;
Communicate with the Company via emails, phone calls, application messages and social media;
Register or opt to take products and Services offered by us in conjunction with third party independent partners
May agree to provide information obtained through third party Services providers, including but not limited to Credit reference agencies and Open banking platforms.

We may also collect some data from other parties – before we provide Services. We may undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. For example, we obtain data from companies providing fraud prevention and ‘KYC’ (know your client), AML (anti-money laundering), sanctions and credit reference agencies checks (we will also need to share data with these types of agencies).

6. How will we use your data?

The Company collects Users’ data, which may include personal information, in order :

To provide the Services and the other Resources to Users, including issuing digital cards and processing information connected with them and enabling use of the savings product of our partners.
To enhance the safety and security of our Users and Services, including by protecting you and the Company from errors, misrepresentations, fraud, and/or contraventions of laws or criminal activity,
To verify User’s identity, and for processing and recording financial transactions made through the Application and assessing User’s financial stability.
To administer our relationship with you and our business, such as providing and managing your access to and use of our Services. This processing is necessary for the performance of a contract
For credit checks, for the purpose of testing and analysis as well as offering credit products.
For due diligence, verification, credit checks and fraud prevention analysis.
For customer support to understand, resolve your requests and overall customer experience.
For research and development, improving our Services and developing new products, such as inviting you to participate in surveys or analyzing website traffic to optimize our websites or to personalize your experience with our Services. This processing is necessary for the purposes of our legitimate interests.
To enable communications between Users.
To send marketing and non-marketing communications to Users to understand and improve the effectiveness of marketing outcomes, campaigns and the channels.
To do marketing, such as customer segmentation, providing you with marketing or advertising communications that we think you may be interested in. This processing is with your given consent for our legitimate interests
In connection with legal proceedings
To carry out the Company's obligations and enforce its rights arising from any contracts with a User, including for billing and collection or to comply with legal requirements
To measure or understand the effectiveness of the advertising we serve to you and others, and to deliver relevant advertising to you.
To provide Users with information, products, or Services that a User requests from us.
To fulfill the purposes for which a User has provided the information or that were described when it was collected, or any other purpose for which a User provides it.
For any other purpose with a User's consent.
To provide existing or future User’s with Services in conjunction with independent third party Service providers. This processing is necessary for performance of a contract.
To comply with our legal and regulatory obligations.

The Company does not sell or share user personal data with third parties for their direct marketing, except with Users’ consent.

7. Data usage and processing

We collect and use personal information only where we have one or more lawful grounds for doing so under applicable privacy laws. Such grounds may vary depending on where our Users are located, but generally include processing personal data:

A. To provide requested Services and features:
In order to provide our Services, we must collect and use certain personal data. This includes:

User profile data, which we use to establish and maintain User accounts; verify User identity; communicate with Users about their orders and accounts; and enable Users to make or receive payments (as and if applicable),
Usage data, which is necessary to maintain, optimize, and enhance the Company’s Services,
Transaction information,
Information relating to customer support,
In offering additional products and Services.

B. For purposes of the legitimate interests of the Company or other parties:

This includes using personal data to maintain and enhance our Users’ safety and security. For example, we use personal data to prevent use of our Services by Users who have engaged in inappropriate or dangerous behavior, such as by retaining data of banned Users to prevent their use of the Application.

This also includes purposes such as combating fraud; improving our Services, direct marketing, research, and development; and enforcing the Company’s User Agreement.

In addition, it includes using personal data to the extent necessary for the interests of other people or the general public, such as in connection with legal or insurance claims, and to protect the rights and safety of others.

C. To fulfill the Company’s legal obligations:

We use the personal data you have provided, we have collected from you, or we have received from third parties to meet our obligations which we are required to do under law. For example, we are required to make sure that we run appropriate KYC, AML and sanctions checks on all our customers. The Company may also share data with law enforcement or government regulatory authorities regarding criminal acts or threats to public safety, or requests by third parties pursuant to legal processes.

D. With consent:

We may collect and use personal data based on the User’s consent. For example, we may collect personal data through voluntary surveys or through Application to verify your identity based on your real time facial image. Responses to mentioned surveys and processing your image are collected on the basis of consent. You can give consent in writing, as well as verbally, electronically, or through authorized representatives. In certain circumstances, if applicable privacy laws allow, it’s also implied.

Where you have provided consent, we may use your personal data to offer you additional Services, including, Services offered in conjunction with independent third party Service providers and Pilot schemes related to the development and testing of new products and Services.

A User who has provided consent to a collection or use of their personal data can revoke it at any time (subject to legal or contractual restrictions). However, the User will not be able to use any Service or feature that requires collection or use of that personal data.

8. How do we transfer and store your data?

The security of your personal information is very important to us. We use physical, electronic, and administrative measures designed to secure Users' personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. The Company stores all information Users provide to it behind firewalls on our secure servers. Any payment transactions will be encrypted using TLS technology. The safety and security of User data also depends on each User. Where the Company has given a User (or where a User has chosen) a password for access to certain parts of the Resources, each User is responsible for keeping its password confidential. The Company asks each User not to share its password with anyone.

We may transfer your personal data to third parties or affiliates located outside the country where you reside, including but not limited to the United States, Canada, United Kingdom, European Union member states, Nigeria, Kenya, Ghana, and the Philippines. These countries may have different data protection laws than your jurisdiction, and in some cases, they may not provide the same level of data protection.

As required under the applicable law, third parties are required to use appropriate safeguards to protect personal information, and they can only access the personal information that is necessary for performing their specific tasks.

You may also request additional information regarding data transfers outside the EEA and obtain a copy of the appropriate safeguards by exercising your rights set out in section 11.

9. Access to your contact list

With your express permission, we may access your contact list on your mobile device so that you can identify your contacts on 'LemFi' to allow you to send money to friends and family on Lemonade — by searching for their phone number, email address or username.

We transmit and use this information to help you easily filter your friends on 'LemFi' and to help you transact with your friends and contacts if you choose to connect your contact list information with your Account. We only access your contact list information with your explicit permission. For example, when

you provide us with information about your contacts, we may use it to let you know which of your contacts have also signed up for our Services so you can send money to them for free and quicker.

We will not send messages to your contacts or make use of the data for any other purpose.

10. Data retention and deletion

The Company retains user profile, transaction, and other personal information for as long as a user maintains their account and except as otherwise permitted or required by applicable law or regulation, only for as long as necessary to fulfill the purposes the Company collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The Company may also retain certain information if necessary, for purposes of safety, security, and fraud prevention. For example, if the Company deactivates a User’s account because of unsafe behavior or security incidents, the Company may retain certain information about that account to prevent that User from opening a new account in the future.

Users may request deletion of their account at any time. Following such requests, the Company deletes the data that it is not required to retain for purposes of regulatory, tax, insurance, litigation, or other legal requirements. For example, the Company retains location, device, and usage data for these purposes for a minimum of 7 years; while it retains such data, it may also use it for purposes of safety, security, fraud prevention and detection, and research and development. In certain circumstances, the Company may be unable to delete a user’s account, such as if there’s an outstanding credit on the account or an unresolved claim or dispute. Upon resolution of the issue preventing deletion, the Company will delete the account as described above.

If you decide that you no longer wish us to keep or use information or you want the information to be revised or updated, please feel free to contact us. We will remove or amend the information as appropriate in accordance with our Notice and applicable legislative and regulatory requirements.

Under some circumstances the Company may anonymize Users' personal information so that it can no longer be associated with a particular User. The Company reserves the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to the relevant User or its consent.

12. Marketing

We may send existing Users information about products and Services of the Company, always with the consent of the User. Users may provide consent to marketing and promotional communication when they enroll for the Services pursuant to the User Agreement.

If you have agreed to receive such marketing materials, you may always opt out at a later date. You have the right at any time to stop us from contacting you for marketing purposes.

If you no longer want to receive marketing-related emails from us, you may opt-out by following the instructions in any such email. We will try to comply with your request as soon as reasonably practicable. Please note that if you opt-out, we may still send you important administrative messages, from which you cannot opt-out.

The Company does not sell or share User personal data with third parties for their direct marketing purposes, except with Users’ consent.

13. What are your data protection rights?

As a global organization, we operate in different jurisdictions which grant individuals different levels of protection in relation to the processing of personal information. We will honor your rights under the applicable law. To the extent provided under your local data protection laws, including the European data protection laws as applicable, your rights may include the following:

Right of access (‘an overview of your personal information’): the right to get an overview of your personal information that we process.
Right to rectification (‘correct your personal information’): if your personal information is inaccurate or incomplete, the right to ask us to rectify or complete your personal information.
Right to erasure (‘right to be forgotten’): the right to request that we delete your personal information to the extent permitted by the applicable law. In certain circumstances, it may not be possible for us to accept your request; for example, when the processing is necessary to comply with a legal obligation, or if the processing is necessary for the performance of a contract. In some cases, your personal information is necessary in order to provide the Services and if you do not provide such information to us then you may be precluded from accessing and using the Services or using certain Services features.
Right to data portability (‘transfer your personal information’): the right to ask us to transfer your personal information directly to you. This applies to certain personal information if processed by automated means and with your consent, or based on a contract you have with us. On your request, and where technically feasible, we will transfer your personal information to another party of your choice.
Right to restrict processing: the right to request that we restrict or stop the processing of your personal information held by us for a certain period of time, or for an indefinite period. In certain circumstances, it may not be possible for us to accept your request; for example, when the processing is necessary to comply with a legal obligation, or if we can demonstrate compelling legitimate grounds otherwise.
Right to object: the right to object to the processing of your personal information. The reasons for an objection should relate to your particular situation, and be related to processing based on the legitimate interest condition. We will then no longer process the personal information, unless we can demonstrate compelling reasons otherwise. In certain circumstances, you have the unconditional right to object; for instance, in the context of direct marketing activities.
Withdrawal of Consent: the right to withdraw your consent to the processing of your personal information at any time; for instance, after you consented to us keeping you informed about our Services, you have the right to withdraw this consent at any time. Withdrawal of your consent will not affect the lawfulness of the processing of your personal data prior to the withdrawal.

To exercise your rights (if applicable) and/or for any other questions about the handling of your personal information, we refer you to the ‘Contact Us‘ section below.

If you feel we are unresponsive or disagree with our data privacy practices, you also have a right to lodge a complaint with a data protection supervisory authority, in particular in the Member State in the European Union where you are habitually resident where we are based or where an alleged infringement of data protection law has taken place.

DATA SUBJECT RIGHTS UNDER THE GRAMM - LEACH -BLILEY ACT (GLBA)

The Gramm-Leach-Bliley Act (GLBA) is a federal law in the United States that governs the collection, use, and disclosure of non-public personal information by financial institutions. Under GLBA, individuals (data subjects), have specific rights regarding the privacy and protection of their personal information. These rights include:

A) Right to Access: Data subjects have the right to access their non-public personal information held by financial institutions. This includes the right to request copies of their personal information and to know how it is being used and shared.
B) Right to Correction: You have the right to request corrections to any inaccuracies or errors in their non-public personal information. We will promptly update or correct any inaccurate information upon your request.
C) Right to Opt-Out: You have the right to opt-out of certain information sharing practices by us. This includes the right to opt-out of having your personal information shared with non-affiliated third parties for marketing purposes.
D) Right to Notice: You have the right to receive clear and conspicuous notices from us regarding your privacy practices and policies. By this Privacy Notice we inform you about the types of personal information collected, how it is used and shared, and your rights under GLBA.
E) Right to Confidentiality and Security: You have the right to expect that your non-public personal information will be kept confidential and secure by us. This includes safeguards to protect your personal information from unauthorized access, use, or disclosure.
F) Right to File Complaints: you have the right to file complaints with regulatory agencies if you believe your privacy rights under GLBA have been violated. Regulatory agencies, such as the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB), are responsible for enforcing GLBA and investigating complaints.
G) Right to Transparency: You have the right to transparency regarding the collection, use, and sharing of your personal information by us. This includes transparency about the purposes for which personal information is collected and how it is used to provide financial products and Services , which we explain in this Privacy Notice.
H) Right to Data Portability: You may have the right to request the portability of your personal information to other financial institutions or service providers, subject to certain limitations and conditions.

ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section outlines those rights and provides information on how you can exercise them.

A) Right to Know: You have the right to request information about the categories of personal information we have collected, the sources from which we collected the information, the purposes for which we use the information, and the categories of third parties with whom we share the information.

How to Exercise: You can make a request to know by contacting us through the methods listed in the "Contact Us" section below.

B) Right to Delete: You have the right to request the deletion of your personal information that we have collected, subject to certain exceptions.

How to Exercise: You can make a request to delete by contacting us through the methods listed in the "Contact Us" section below.

C) Right to Opt-Out of Sale: We do not sell your personal information to third parties for monetary value. However, you have the right to opt-out of any potential future sales of your personal information.

How to Exercise: If you would like to opt-out, please contact us through the methods listed in the "Contact Us" section below.

D) Non-Discrimination: We will not discriminate against you for exercising your rights under the CCPA and CPRA. This includes denying you goods or Services, charging you different prices, or providing you with a lower quality of goods or Services.

How to Exercise: If you believe we have discriminated against you for exercising your CCPA and CPRA rights, please contact us through the methods listed in the "Contact Us" section below.

Sensitive Information Disclosure. We may collect the following categories of sensitive personal information (as defined under California law): social security, driver’s license, state identification card, or passport number, account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to User account, and information on precise geolocation and mobile device fingerprint. This information is collected in order to process transactions, comply with laws, manage our business, or provide you with Services. Note that we do not use such information for any purposes that are not identified within the California Privacy Rights Act Section 1798.121. We do not “sell” or “share” sensitive personal information for purposes of cross-context behavioral advertising.

For further details on our data practices, including the categories of personal information we collect and the purposes for which we use it, please refer to the main body of this Privacy Notice. If you have any questions or concerns specific to your rights as a California resident, please contact us using the information provided in the "Contact Us" section below.

If you are a California resident, you may designate an authorized agent to make a request to access or a request to delete on your behalf. To do so, you must: (1) provide that authorized agent written and signed permission to submit such a request; and (2) verify your own identity directly with us. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. We will respond to your authorized agent's request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf, or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4121 to 4130. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf, or are unable to verify their identity.

ADDITIONAL INFORMATION FOR QUEBEC AND CANADIAN RESIDENTS

Where applicable law permits, we may transfer the personal information we collect about you to other Canadian provinces, the United States and other jurisdictions that may not be deemed to provide the same level of privacy protection as Canada or its provinces, for the purposes set out in this privacy notice. For more information and to connect with the applicable person responsible for privacy compliance, please contact us using the information provided in the “Contact Us” section below.

VERIFY YOUR IDENTITY
We may request specific information from a User to help us confirm User’s identity and right to access, and to provide such User with the personal data that the Company holds about the User or to make requested changes pursuant to applicable privacy law. Applicable privacy law may allow or require the Company to refuse to provide a User with access to some or all of the personal data that the Company holds about such User, or the Company may have destroyed, erased, or made such User's personal information anonymous in accordance with the Company's record retention obligations and practices. If the Company cannot provide a User with access to its personal information, the Company will inform such User of the reasons why, subject to any legal or regulatory restrictions. In order for the Company to verify a User's identity, it will generally either require the successful login to such User's account and/or the matching of sufficient information a User provides to the Company to such User's personal information maintained within the Company's systems. Although the Company tries to limit the personal information collected in connection with a User request to exercise its rights, certain requests may require the Company to obtain additional personal information from the relevant User. In certain circumstances, the Company may decline a request to exercise a User's right to know and right to deletion, particularly where the Company is unable to verify such User's identity.

You consent to an electronic database search by us in order to verify your identity. We shall retain records of the contents and results of such searches in accordance with this Notice and all current and applicable laws.

14. Cookies

We use cookies that identify your browser. They collect and store information when you visit our website about how you use it through which it is possible to record your use of the website, as well as provide you with a better service and experience when browsing and for analytics. The personal data we collect through these technologies will also be used to manage your session.
For more information about cookies and how we use them, please see our: Cookie Notice.

15. Privacy policies of other websites

The Site may contain links to other websites. This Privacy Notice applies only to the Site. If you navigate to any other website from a link on the Site, you should review the Privacy Notice of such website.

16. Changes to our Privacy Notice

It is our policy to post any changes we make to our Privacy Notice on this page. If we make material changes to how we treat our users' personal information, we will inform you through a notice on the Website home page or in the Application. The date the Notice was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Resources and this Notice to check for any changes.

17. Contact us

If you have any questions about this Privacy Notice, the personal information we hold on you, or you would like to exercise one of your data protection rights provided for under applicable privacy laws, please do not hesitate to contact our Data Privacy Manager at dataprivacycounsel@lemfi.com.

If you feel we are unresponsive or disagree with our data privacy practices, you also have a right, depending on applicable law, to file a complaint with your local Data Protection Authority.