Privacy Policy

Sabiedrība ar ierobežotu atbildību “LoanTech” (Ltd.), registration No. 50203431551, legal address: Maskavas Street 322S, Riga, Latvia, LV-1063 (“us”, “we”, “our” or the “Company”) as the Data Controller operates the website providing loan management system (the “Program”) integration services and Program support services (the “Service”).

This Privacy Policy informs you (the “User” or the “Customer”) of our policies regarding the processing (collection, storage, use, disclosure, erasure etc.) of Personal Data when you visit our website.

If the User does not agree with the Privacy Policy or certain provisions thereof, the User does not have to provide Personal Data to the Company.

If the Personal Data provided by the User has changed or the information processed by the Company about the User is inaccurate or incorrect, the User has the right to request to change, clarify or correct this information. The Company shall not be liable for inaccurate or incomplete data submitted by the User.




  • Data Controller

Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data. Definition shall have the same meaning as in Article 4 (7) of GDPR.

  • Data Processor (or Service Providers or Sub-contractors)

Data Processor (or Service Provider or Sub-contractor) means any person (other than an employee of the Data Controller) who processes the Personal Data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your Personal Data more effectively. Definition shall have the same meaning as in Article 4 (8) of GDPR.

  • Data Subject

Data Subject is any living individual (natural person) who is the subject of Personal Data.

  • Cookies

Cookies are small pieces of data stored on a User’s device.

  • GDPR

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

  • Personal Data

Personal Data means data about a living individual (natural person) who can be identified or identifiable from those data (or from those and other information either in our possession or likely to come into our possession). Definition shall have the same meaning as in Article 4 (1) of GDPR.

  • Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process Personal Data. Definition shall have the same meaning as in Article 4 (10) of GDPR.

  • Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (information that your browser sends whenever you visit our webpage or when you access the Service by or through a mobile device, for example, your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the duration of a page visit, unique device identifiers and other diagnostic data, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data).

  • User

The User is the individual using our website. The User corresponds to the Data Subject, who is the subject of Personal Data.




The Company processes the User’s personal data in accordance with the following legal basis and purposes for processing personal data:

Identification data: name, surname;

Contact details: telephone number, e-mail address, country;

Language of communication;

Information on employment: position, name of the company, website of the company, business description of the company, company’s markets of operations;

Communication data: correspondence data contained in emails or by phone  and  other forms of communication and interaction data.

The processing is necessary for the performance of pre-contractual measures at the request of the Customer (data subject) and for the performance of the contract and provision of Services. To identify the Customer;

To communicate with the Customer and generally manage the Customer relationship;

Administration of Services: to conclude, administer and perform the contract and provide the Services;

To ensure that the personal data is accurate, up-to-date and correct by checking and updating the data.

Identification data: name, surname;

Contact details: telephone number, e-mail address, country;

Communication data: correspondence data contained in emails or by phone  and  other forms of communication and interaction data.

The legitimate interests of the controller (to provide evidence, to establish, exercise or defense legal claims and to establish a right of recourse). To establish, defend, assign  and provide evidence against claims of non-conformity of Services, as well as to provide evidence against a possible claim arising in delict.
Communication and device data collected when the Customer visits the website, mobile application or other channels of communication (data on habits, preferences and satisfaction, such as usage activity, services used, personal preferences, survey responses, Customer satisfaction):

1) technical information (e.g. device type, Internet Protocol (IP) address and Internet Service Provider (ISP) used to connect the device to the Internet; registration information; browser type and version; time zone settings, browser plug-in types and versions, operating system and platform, screen resolution, location, font encoding;

2) visit information, including full URLs, clickstreams to, through and from the website (including date and time); services viewed or searched for; reference/exit pages, files viewed on the website (e.g. HTML pages, graphics, etc.); and (e.g. HTML pages, HTML files, web pages (e.g. HTML pages, HTML files, web pages with HTML content, etc.), page response times, download errors, duration of visit to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to navigate away from the page, date/time stamp and/or clickstream data.

Customer consent to the processing of personal data (including the use of cookies when visiting the website).


To meet the legitimate interests of the Controller (performance of management functions; monitoring, improving and developing the quality of Service provision and/or Customer service by testing the website, mobile application, digital environment; information security and improvement of technical systems and IT infrastructure to prevent, limit and investigate misuse or unlawful use or disruption of Services, including fraudulent activities).



To monitor, improve and enhance the quality of Service provision and/or Customer service;

To perform the management functions (business strategy, sound risk management and corporate governance);

To improve technical systems and IT infrastructure and to ensure information security (to sanction and control access to and operation of digital channels, to prevent  and detect unauthorised access and fraudulent use to adapt the display of the service on devices and to develop services by testing and improving technical systems and IT infrastructure).




Personal Data may be obtained directly from the User (the User provides information by completing submissions, through social media, by mail, by email, by telephone, or through any other media or services) as well as from the use of the Services (the email communications and documents including interactions and communications with the Company).


The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.

We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. The Company will also retain Usage Data for internal analysis purposes.

Where the same personal data are processed for more than one purpose, they shall be kept for the longer applicable retention period.

The storage period of the processed personal data may be based on the Customer’s (data subject’s) consent (until revocation, if there is no other basis for processing the personal data), the Contract (to provide evidence against claims of non-compliance with the Service and/or performance of the obligations under the Contract, as well as to provide evidence against a potential claim, arising from a tort, the retention period is ten years from the date of performance of the service or the Contract), the legitimate interests of the Controller or a legal obligation to which the Controller is a subject arising from applicable laws and regulations (e.g. laws and regulations on archiving of documents, etc.).

If none of the legal grounds for processing personal data no longer exist and the normative acts do not provide for a longer period of storage of personal data, the Controller shall delete the personal data.


Personal data is processed in the European Union / European Economic Area (EU / EEA).

However, if the Personal Data is transferred outside the EU / EEA, the Company undertakes to take all necessary security measures to ensure the same level of security of Personal Data as in the EU / EEA, and appropriate guarantees in accordance with the provisions of Article 46 of the GDPR. The Company shall transfer Personal Data to a third country or to an international organisation only if there is a legitimate basis for it and appropriate safeguards have been put in place:

(a) the European Commission has decided in accordance with Article 45 of the GDPR that the third country or organisation concerned ensures an adequate level of protection; or

(b) the controller or processor has provided adequate guarantees in accordance with Articles 46 or 47 of the GDPR: (i) binding corporate rules; (ii) standard contractual clauses adopted and approved by the European Commission or the national supervisory authority; (iii) other ad hoc contractual clauses, if approved by the competent national supervisory authority; (iv) an approved code of conduct together with a binding and legally enforceable commitment by the third-country data controller or processor to apply the relevant safeguards; (v) an approved certification mechanism together with a binding and legally enforceable commitment by the third-country data controller or processor to apply the relevant safeguards; or

(c) there is an exception set out in Article 49 of the GDPR ((i) the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards; (ii) where the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person; (iii) the transfer is necessary for the establishment, exercise or defence of legal claims; (iv) where the transfer is necessary for important reasons of public interest; (v) where it is necessary for the protection of the vital interests of the data subject or of another natural person, where the data subject is physically or legally incapable of giving consent.

Upon a written request, the User can receive more detailed information on the transfer of Personal Data to countries outside the EU / EEA.

In the event of any onward transfer, the Company will comply with all other safeguards, in particular the purpose limitation. The Company will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data and other personal information.



When the Company receives and transfers your Personal Data to Data Processors who process Personal Data on behalf of the Company, the Company shall take all necessary measures to ensure that the Personal Data is processed by the Data Processors in accordance with the agreement or regulatory enactments and documented Company instructions.

When the Company receives and transfers your Personal Data to the Third parties (independent Data Controllers), the Third parties, as independent Data Controllers, process the Personal Data in accordance with their privacy policies, which are available on the website of the respective service provider.

  • Legal Requirements

Under certain circumstances, the Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. Consumer Rights Protection Centre, State Revenue Service, courts, government agency, out-of-court dispute resolution institutions, insolvency process administrators, sworn bailiffs, etc).

The Company may disclose your Personal Data:

  • To comply with a legal obligation
  • To protect and defend the rights or property of the Company
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of Users of the Service or the public
  • To protect against legal liability.


  • Service Providers (Sub-contractors)

The Company may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on the Company’s behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

The Company may disclose your Personal Data to the Service Providers including, but not limited to:

– companies in the same group as the Company and the authorities of the country of residence of their shareholders/members, if so requested by such authorities;

– persons who provide services to or otherwise cooperate with the Company in order to provide services or perform their obligations under the agreement where disclosure of personal data is necessary for the provision of that service or cooperation;

– a person to whom (or through whom) the Company transfers or the Company intends to transfer a right of claim arising under the contract (assignment);

– server providers and data storage providers selected by the Company; website and mobile application operators; video surveillance system providers; tele-marketing, marketing and survey service providers, email and SMS gateway service providers, online intermediaries and other third parties involved in the provision of the services provided by the Company (incl, banks, archiving, postal and courier service providers, etc.), ensuring that such parties will process the Customer’s personal data only to the extent and for the purposes (purposes) set out in this Privacy Policy;

– persons who, on behalf of the Company, carry out a statistical, market or public opinion study or survey, if the disclosure of personal data is necessary for the purpose of carrying out the study or survey in question;

– any accounting service provider, auditor, financial adviser, legal adviser, solicitor, notary public and/or bailiff selected by the Company.

These Service Providers have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

  • Analytics (Sub-contractor)

We may use third-party Service Providers to monitor and analyze the use of our Service.

  • Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page

  • Behavioral Remarketing (Sub-contractor)

The Company uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use Cookies to inform, optimize and serve ads based on your past visits to our Service.

  • Google Ads

Google Ads remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page.

Google also recommends installing the Google Analytics Opt-out Browser Add-on for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

  • Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.



Our Service does not address anyone under the age of 13 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.



The Company has established necessary legal, organizational, physical and technical security measures to protect your Personal Data against unauthorised access, accidental or unlawful alteration, disclosure, loss, destruction, erasure, including measures against threats caused by physical exposure and measures implemented by means of software. Some examples of the measures we use:

Physical measures – paper-based documents containing Personal Data are stored in locked rooms and cabinets to which only certain employees have access for fulfilling their job duties; data processing rooms and IT-systems are sufficiently protected against fire, overheating, water, current instability and power outages.

Technical measures – all employee work computers are protected with password protected screensavers when the employee leaves; it is ensured that the IT- system does not accept new login attempts and locks the username if certain number of access attempts has been exceeded; it is ensured that especially vulnerable systems (e.g. laptops, smartphones) are sufficiently protected (using encryption or other means).

Organizational means – all IT system Users are assigned roles and profiles; it is ensured that access rights are deleted when an employee leaves the Company; it is ensured that there is no access from publicly used rooms to rooms where Personal Data is being processed.

In case we use external companies for providing services, which include data processing, we conclude data protection agreements with such Service Providers obligating them to: a) take appropriate measures to ensure confidentiality and security of the Personal Data and ii) process Personal Data in accordance with the applicable legal requirements.


  • Right to be informed and Right of access

If you wish to be informed what Personal Data we hold about you and receive a copy of the Personal Data we hold about you, please contact us. Please note that we may ask you to verify your identity before responding to such requests.

  • Right to rectification

You have rights to request updating any personal information about you if it is inaccurate or incomplete.

  • Right to erasure

The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have Personal Data erased and to prevent processing in specific circumstances: (i) where the Personal Data is no longer necessary in relation to the purpose for which it was originally collected/processed; (ii) the Personal Data is processed in relation to the offer of information society services to a child; (iii) when you withdraws consent; (iii) the Personal Data was unlawfully processed (i.e. otherwise in breach of the GDPR); (iv) when the individual objects to the processing and there is no overriding legitimate interest or other legal basis for continuing the processing; (v) the Personal Data has to be erased in order to comply with a legal obligation.

  • Right to restrict processing

You have rights under certain circumstances to request to ‘block’ or suppress processing of Personal Data for a certain period (e.g. if you have objected to Personal Data processing). When processing is restricted, we are permitted to store the Personal Data, but not further process it.

  • Right to object

You have the right to object to such data processing which is based on the Company’s legitimate interest incl. profiling based on our legitimate interest. We shall stop processing your Personal Data when you present an objection, unless we can demonstrate compelling legitimate grounds for the processing or processing is needed for the establishment, exercise or defense of legal claims. You also have the right to object at any time to processing of your Personal Data concerning for direct marketing. Upon receiving such objection, we shall stop processing your Personal Data for direct marketing.

  • Right to data portability

In case processing the Personal Data is based on your consent or on a contract between us and Personal Data is processed automatically, you have the right to access Personal Data concerning you which you have given to us in a structured, generally usable and in machine readable form. You have rights to move, copy or transfer Personal Data easily from one IT environment to another in a safe and secure way. We will provide all Personal Data in a structured way using open formats like CSV.

  • Right to withdraw your consent

You have right to withdraw your consent where the personal data is provided to the Company on the basis of your consent (withdrawal of consent does not affect the lawfulness of processing based on consent prior to the withdrawal);

  • Right to not be subject to fully automated decision-making, including profiling

You have right not to be subject to fully automated decision-making, including profiling, where such decision-making has legal effects or similarly significantly affects you (data subject). This right shall not apply if the decision-making is necessary for entering into or performance of a Contract with the Customer (data subject), if the decision-making is permitted under applicable laws or regulations or if the Customer (data subject) has given its explicit consent.

  • Right to contact us, submit a complaint to the Data State Inspectorate of Republic of Latvia and the court

If you want to exercise any of the abovementioned rights, please contact us using the e-mail address In order to respond to your inquiry, we must first authenticate you to avoid granting information to unauthorized persons. We will respond to your inquiries within 30 days.

We respect your privacy and wish that processing your Personal Data by us would be understandable and transparent. For that we have also drafted these Privacy Policy.  Should you need further information about processing your Personal Data or exercising your rights, please contact us at e-mail address

If you believe that processing of your Personal Data violates the GDPR requirements, you have the right to turn to the Data State Inspectorate of Republic of Latvia ( and the courts to protect your rights and interests.



We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.



If you have any questions about this Privacy Policy, please contact us by email: