Ezra (“We”, “the Company”) respects your privacy and is committed to ensuring that any Personal Data you share with us is protected. This Privacy Statement aims to inform you of the Personal Data that We collect that relates to you and lay out your data privacy and protection rights and how you may enforce them.
From time to time, this Privacy Statement may be supplemented by notice that relates to the specific Processing activities that We engage in (“Privacy Notice”). Where a Privacy Notice is applicable to you, it will be provided at the point of collection of your Personal Data.
- Who We Are
Ezra is made up of several distinct legal entities, each incorporated in a different jurisdiction. When We refer to Ezra or the Company, We shall be referring to the Ezra Group, consisting of LendTech Investment Holdings Pte. Ltd., incorporated in Singapore (LendTech Singapore), LendTech Services Ltd, incorporated in the Republic of Kenya (LendTech Kenya), and LendTech Middle East FZE, incorporated in the United Arab Emirates (LendTech Dubai).
If you have any questions about this Privacy Statement or our data protection measures and practices, you may contact us through our email address – firstname.lastname@example.org
- Information We Collect From You
Ezra collects, stores and Processes a wide range of data. Some of the Personal Data We collect relates to you as an individual and may be used to identify you (“Personal Data”).
We may process the following Personal Data from you:
- Contact Details
- Employment Status
- Financial Information
- Device Data
- Usage Data
- How We Collect Your Personal Data
We use a number of different methods to collect Personal Data from you and about you including:
- By direct interactions: You may give us your Personal Data directly by filling in forms or uploading your Personal Data onto our systems;
- Third parties or publicly available sources: We may receive Personal Data about you from third parties or public sources such as:
- analytics providers such as Google;
- advertising networks such as Google Ads and Facebook; and
- Search engines such as Google Search.
- How We Use Your Personal Data
The Personal Data We collect from you is put to a number of different uses within Ezra. Any such interaction with your Personal Data (including collection, storage, manipulation, transfer and deletion) is considered “Processing” of your Personal Data. We only Process your Personal Data where the law allows us to do so. In particular, We use your Personal Data for any of the following lawful purposes:
- Where We need to comply with a legal obligation to which We are subject;
- Where We need your Personal Data to perform our obligations under a contract between us and yourself;
- Where it is necessary for our legitimate interests, provided your rights and freedoms do not override those interests;
- Where it is necessary to protect your vital interests (or those of a third party);
- To collect usage statistics to enable us to make our services better;
- To build credit models and perform credit scoring;
- To contact you regarding the services We provide to you;
- To detect, prevent and investigate any illegal or fraudulent activity; and
- Where We act as a data processor, on the specific instructions of the data controller to whom you gave your Personal Data.
We will not ordinarily rely on consent as a lawful basis for the Processing of your Personal Data. However, for limited purposes, such as for marketing campaigns, We shall seek your specific consent.
Where We need to collect Personal Data that is required by law or under the terms of our engagement with you and you do not provide such Personal Data, We shall not be able to provide the services under the engagement and as such, may need to cancel such engagement with you.
In case you need any clarifications on the lawful basis We rely on, you can reach us through our email address – email@example.com
- How Long We Hold Your Personal Data
Ezra generally stores your Personal Data for as long as is required for the purposes that it was collected for. There are, however, instances where We are under a legal obligation to hold it for a longer period, or We have legitimate purposes for doing so. In such cases, your Personal Data will be held until the legal obligation is met or the legitimate purpose has been achieved.
While your Personal Data remains in our custody without being actively used, We shall archive such Personal Data and take reasonable measures to ensure that it remains secure from external threats.
- Your Rights Around Your Personal Data
Data Protection legislation generally confers certain basic rights on you as owner of the Personal Data. These are as follows:
Right to access
You have a right to obtain confirmation as to whether or not We Process Personal Data about you, and where We do, may request access to such Personal Data.
Such request shall be made through this email.
Right to rectification
You may request us to rectify any of your Personal Data that is untrue, inaccurate, outdated, incomplete or misleading.
Such request shall be made through this email.
Right to erasure
You may request us to destroy any of your Personal Data held by us where:
- We no longer require your Personal Data for the purpose it was initially collected;
- you object to the Processing, and We have no overriding legitimate interest to continue;
- the Processing of your Personal Data is unlawful; and
- you withdraw your consent to our Processing of your Personal Data (where consent was relied on for the Processing).
Such request shall be made through this email.
Right to data portability
You may request for your Personal Data in our possession to be transferred to another entity or to yourself. The Personal Data shall be transferred in a commonly used machine-readable form.
Such request shall be made in this email.
Right to withdraw consent
Where We Process your Personal Data purely on the basis of consent (such as where We use your Personal Data to send you individualized marketing), you may request us to cease such Processing. We will provide you with a mechanism for the withdrawal of each instance of consent through the channels that you granted us the consent (e.g. the unsubscribe link on any marketing material We send you).
Please note that your consent withdrawal is only limited to those Processing activities that you have consented to.
- Who We share your Personal Data with
We may share your Personal Data with third parties in certain instances, as set out below:
- Internal third parties
Your Personal Data may be shared with any of the companies within Ezra for the day-to-day provision of the contracted services.
- External third parties
The nature of the services We provide requires us to share your Personal Data with entities outside Ezra. These include:
- Public Regulatory authorities – We may need to share your Personal Data with public authorities such as tax authorities and our regulators for compliance with legal obligations;
- Other financial institutions – We may need to share your Personal Data with financial institutions such as your bank or mobile money provider in the course of providing our contracted services;
- Investigative authorities – We may need to share your Personal Data with investigative authorities, at your request or on our own initiative, for the investigation or prevention of fraud or other criminal activity; and
- Service providers – We may need to transfer your Personal Data to service providers such as our cloud providers. Prior to contracting with such providers, We will ensure that they have in place adequate security measures for the protection of your Personal Data.
These are general cases in which We may share your Personal Data with third parties. In the event We need to share your Personal Data with any other third party, this will be communicated to you through a specific Privacy Notice.
- Cross-border transfers
These third parties will be located in different jurisdictions and as such, We will request for your consent in the course of our contracting and prior to any such transfers.
We ensure that your Personal Data is protected by enacting standard protection measures including standard contractual clauses in our data transfer agreements in order to ensure that the level of protection offered to your data meets a satisfactory standard.
Please contact us if you require further information on the specific methods that We use for our transfers of your Personal Data to third parties and outside of the country.
- Security of your information
- In storage
We have put in place security measures to protect your Personal Data while in our possession. These include the securing of storage devices and network infrastructure that Processes your Personal Data and limiting of access to your Personal Data to only those members of staff and third parties that need access to your Personal Data for the lawful purpose that it has been collected.
- In transit
We have also put in place security measures for ensuring the security of your Personal Data while it is being transferred. These include pseudonymisation of your Personal Data and, where the necessary, encryption of the Personal Data.
We have also put in place procedures to identify breaches of your Personal Data and will notify you and the relevant regulators of any breaches where the Personal Data is still in an identifiable form.
- How to contact us
In case you have any questions or concerns regarding this Privacy Statement or your Personal Data in our possession, you may contact us through the following channels:
- Email: firstname.lastname@example.org