IDENTIFICATION DETAILS
Controller: LENDIGM, S.L. (hereinafter, “LENDI GM”).
Tax ID (NIF): B-22.484.430
Registered Office: Madrid, Calle Poeta Joan Maragall, 3, Piso izq, 28929, Madrid
Data Protection Officer (DPO): [X]
By accessing www.lendigm.es (“Web Site”) the visitor (hereinafter, the “User” or “Users”) is informed that the personal data provided through the Web Site will be processed by LENDI GM for the purposes described below.
Please bear in mind that, this Privacy Policy applies to the online loan services offered to consumers, as well as the collected data derived from browsing and any other data the User may provide in the future through the channels enabled for this purpose.
Furthermore, LENDI GM may process User data provided by third parties, all in accordance with this Privacy Policy and current applicable regulations.
The User must carefully read this Privacy Policy, which has been written clearly and simply to facilitate understanding, allowing the User to freely and voluntarily decide whether to provide their personal data to LENDI GM.
To fulfil the purposes specified in the specific Web Site´s forms and, unless otherwise specified, Users are obliged to disclose the requested data. If such data are not provided or are provided incorrectly, the User’s requests cannot be processed.
Without prejudice to the above, the User will still have access to certain content on the Web Site.
LENDI GM collects personal data either directly by the User or from third-party sources:
Additionally, due to the nature of LENDI GM’s activity, certain data will be provided by third parties, particularly through AML check service providers such as UNNAX or credit information system, such as ASNEF-EQUIFAX. These providers offer verification and credit assessment services to LENDI GM, to enable LENDI GM to comply with its legal obligations under anti-money laundering and anti-terrorism financing regulations.
Moreover, these providers, including Unnax, provide aggregated information about the User’s bank account transactions—such as spending percentages in areas like food, leisure, etc.—to perform the creditworthiness assessment required by consumer credit law. This assessment is a necessary prerequisite for entering into a contract (LENDI GM never accesses the User’s account balance).
The access by the account information service provider to your bank account will always be based on the explicit consent you give to that provider under their Terms and Conditions, after which the data are shared with LENDI GM.
Furthermore, consumer credit law allows, as part of the creditworthiness assessment, the consultation of credit and asset solvency files to verify whether there are any outstanding monetary obligations. Currently, LENDI GM consults the ASNEF file managed by EQUIFAX IBERICA S.L. for this purpose.
Finally, to prevent fraud, certain data are provided by third parties such as UNNAX. The purpose is to identify whether the person applying for the loan is indeed who they claim to be or, in case of suspicious behaviour on the website, to identify the device used and thereby the person responsible for any harmful activity.
LENDI GM may use automated decision-making processes, including profiling, to: assess, fraud prevention, verify, comply with AML/CTF. For these purposes, LENDIGM analyzes personal data provided by the applicant and, where there is a lawful basis, information obtained from external sources related to identity verification, credit history, and/or fraud risk assessment. The evaluation is based on objective criteria, which may include credit history and repayment behaviour, existing financial obligations, indicators of financial capacity, declared employment and income information, results of KYC/AML checks, and anti-fraud indicators (such as inconsistencies in the information provided or signs of suspicious activity during the application process).
In order to verify and validate the User´s identity, LENDI GM will request a full copy of the identity document and may use optical character recognition ("OCR") technologies to extract and dump the necessary data, as well as biometric verification technologies to confirm the validity of the document and the identity of the User. Only if the User gives explicit consent, biometric technologies – facial recognition – will be used to verify their identity. This technology will be provided by Onfido.
If the User does not give explicit consent to the processing of biometric data, he/she may carry out identity verification in an assisted manner, in particular
To carry out these actions, the User may use the functionalities provided by Onfido, that allow images or files stored on their device to be uploaded or activate the camera to capture the required information. To this end, LENDI GM will request authorization to access the camera and files on the User's device. This access will be limited exclusively to images or files necessary to verify identity, upload documents or allow the download of extracts or other documents available. LENDI GM will not access any other content on the device or use the accessible images or files for purposes other than those described herein. In the event that the User does not grant this authorization, some functionalities may not be fully or partially executed.
To detect possible cases of fraud or identity theft, and provided that the Client’s mobile device allows it, LENDI GM may also access geolocation data.
In addition, in the event that the Client gives their consent, it will be necessary to register with the financial aggregator Unnax Regulatory Services, EDE, S.L. The entity providing the aggregator service will also process your data as a data controller and will transfer it to LENDI GM within the framework of the collaboration agreement we have. In this way, through the accounts that you have added (external sources), LENDI GM will obtain the following categories of data: balances in different asset and liability products in other financial institutions, the movements of these accounts (including information on dates, amounts, description, issuer of the transfer and recipient of the transfer). Based on the above, in order to create a commercial profile of the Client, LENDI GM may access accounts in other entities as long as the User has contracted any of the financial aggregator services and has given its consent to do so. LENDI GM will be able to periodically access the information available from its accounts in other entities through its electronic banking. The processing of the User's personal data will be limited to what the User has consented to at any given time.
Furthermore, as part of the process of processing applications for the products and in order to keep the Users' data updated in its systems, LENDI GM will consult the information held in the General Treasury of the Social Security when the User expressly authorises it by checking the corresponding box or signing the document enabled for this purpose.in order to verify income or declared economic activity. In particular, the name, surname(s), identification document, type of registration with Social Security (employed or self-employed), contribution group and economic activity carried out will be consulted. The information that the General Treasury of the Social Security will return to LENDI GM from the Client will be the identification and contact details of their employer and the details of their professional or work activity (CNAE, if they are self-employed and/or employed, the worker's contribution group). LENDI GM will only process the User’s personal data if the User has given their consent to do so, which will remain in force until they withdraw it. If LENDI GM does not have the User’s consent, it may request additional documentation justifying its economic activity.
The legal basis for this processing is the application of pre-contractual measures. The User may request human intervention from LENDI GM, as the decision-making process involves automated decisions based on predefined risk parameters. The User may express their point of view or challenge the decision if deemed appropriate). The processing of biometric data, financial aggregator and consultation of the General Treasury of the Social Security on behalf of the User is based on the explicit consent of the User.
Legal basis for this processing is the application of pre-contractual measures.
Legal basis for this processing is LENDI GM’s legitimate interest in granting loans only to individuals who are not in default or have not failed to meet financial obligations. This protects LENDI GM’s assets and viability and prevents User over-indebtedness. Users may object to this processing, in which case the product or service cannot be contracted.
Legal basis for this processing is ensuring compliance with legal obligations under Law 10/2010 on the Prevention of Money Laundering and Terrorist Financing, such as verifying the identity of the User, as well as corroborating the ownership of LENDI GM details provided.
Legal basis for this processing is the execution of the contract.
Legal basis for this processing is the execution of the contract.
Legal basis for this processing is the execution of the contract. The analysis of the most effective recovery strategy will be carried out under the legitimate interest of LENDI GM to determine the most efficient means of action (e.g., cost-effective options) and those most suitable for the debtor’s circumstances.
Legal basis for this processing is Legitimate interest of the entities participating in the credit information system to maintain updated information on payment defaults and prevent over-indebtedness. This processing cannot be objected to, as overriding reasons apply. Processing is subject to Article 20 of Organic Law 3/2018.
Legal basis for this processing is the execution of the contract and LENDI GM legitimate interest.
Legal basis for this processing is the consent that the User may withdraw at any time, as well as the execution of the contract and LENDI GM legitimate interest in recording phone calls for security and quality reasons. In some cases, if the User withdraws consent, the request or inquiry may not be processed.
Legal basis for this processing is User consent, which may be withdrawn at any time.
Legal basis for this processing is User consent, which may be withdrawn at any time.
Legal basis for this processing is User consent, which may be withdrawn at any time, without affecting the lawfulness of the processing carried out prior to its withdrawal.
Legal basis for this purpose is User consent, for those who have accepted analytical cookies, in accordance with the Cookie Policy https://LENDI GM.es/cookies/. If the User does not accept analytical cookies, LENDI GM will not place any analytical cookies. Nonetheless, some personal data may be extracted from Users use of the Web Site, and will be processed based on LENDI DM legitimate interest in improving its services.
Legal basis for this purpose is LENDI GM’s legitimate interest in verifying that the telephone service provided by LENDI GM employees to Clients is carried out in accordance with the instructions issued by LENDI GM, ensuring consistency in the messages and information communicated to clients.
Legal basis for this purpose is LENDI GM’s legitimate interest in targeting communications to Users who have repaid loans, helping to protect its business and prevent over-indebtedness. Users may object at any time. Only the contracting and payment history from the past year will be taken into account. This profiling will be carried out solely using internal information. Commercial communications will be sent only to those who have expressly agreed to receive them.
Legal basis for this purpose is LENDI GM’s legitimate interest in understanding the Client’s past behaviour in repaying loans, in order to determine whether a new loan should be granted. LENDI GM’s interest lies in reducing the risk of loan defaults and thereby protecting its economic activity. Additionally, this helps to prevent over-indebtedness in society. The User may object to this profiling at any time.
Only the contracting and payment history from the past year will be taken into account. This profiling will be carried out solely using internal information.
Legal basis for this purpose is LENDI GM’s legitimate interest in gathering feedback to improve services. Users may object at any time.
Legal basis for the processing is LENDI GM’s legitimate interest in ensuring services are not used for illicit purposes and addressing any incidents.
Legal basis for the processing is LENDI GM’s legitimate interest in preventing fraud and protecting its business. LENDI GM’s interest also lies in ensuring that its services are not used for unlawful purposes, thereby safeguarding its economic activity. Examples of fraudulent actions include providing false information or impersonating Users.
Legal basis for the processing is LENDI GM’s legitimate interest in using anonymized data to enhance operations.
Legal basis for the processing is compliance with legal obligations.
The consents obtained for the above purposes are independent, so the User may revoke any of them without affecting the others or the lawfulness of prior processing.
To revoke consent or object to data processing, the User may contact LENDI GM at: [email protected]
Third-party data: When the User provides data of third parties, they declare they have obtained consent and/or sufficient legal basis and agree to inform them of this Privacy Policy, releasing LENDI GM from any liability. LENDI GM may verify this and take appropriate due diligence measures.
LENDI GM will collect the data necessary for the specific purpose for which they are to be processed. All requested data are necessary to fulfil the request or carry out the intended purpose. The User will be able to identify mandatory fields, as they will be marked with an asterisk. If these data are not provided, the request cannot be processed.
While using the Web Site, LENDI GM may process the following personal data:
Identification data: name, surname, ID document.
Contact data: email, phone, postal address.
Connection and browsing data: username, login, IP address.
Biometric data
Personal characteristics: date of birth, nationality.
Financial and credit history: bank account numbers, account ownership, loans, income, expenses, solvency level, credit history and repayment behaviour, existing financial obligations, indicators of financial capacity, declared employment and income information, results of KYC/AML checks, and anti-fraud indicators.
Employment details: type of activity, professional category.
Contracted products/services: previously requested products/services.
Please bear in mind that, Unnax or ASNEF-EQUIFAX provide Financial and credit history.
Identification data: name, surname.
Contact data: email, phone.
Identification data: name, surname, ID document.
Financial and credit history: defaults.
Contracted products/services: previously requested products/services.
Please bear in mind that ASNEF-EQUIFAX provide Financial and credit history.
Identification data: name, surname, ID document.
Contact data: phone.
Personal circumstances: date of birth, nationality.
Financial and credit history: bank account numbers, account ownership.
Connection and browsing data: IP, operating system, browser.
Identification data: first name, last name, ID document.
Contact data: email, phone, postal address.
Connection and browsing data: User, login, and IP.
Personal characteristics data: date of birth, nationality.
Financial, and credit history data: bank account numbers, account ownership, credits, income, expenses, as well as creditworthiness level (payments and defaults).
Employment details: type of activity, professional category.
Contracted products and/or services: products and/or services previously requested by the User.
Identification data: name, surname, ID document.
Contact data: email, phone, postal address.
Contracted products/services: product/service and transaction data.
Financial and credit data: payment history.
Other: voice.
Identification data: name, surname, ID document.
Contact data: email, phone, postal address.
Personal characteristics: date of birth, nationality.
Financial and credit history: bank account numbers, account ownership, loans, income, expenses, solvency level.
Employment details: type of activity, professional category.
Contracted products/services: previously requested products/services.
Identification data: name, surname, ID document.
Contact data: email, phone, postal address.
Personal characteristics: date of birth, nationality.
Financial and credit history: bank account numbers, account ownership, loans, income, expenses, solvency level.
Employment details: type of activity, professional category.
Contracted products/services: previously requested products/services
Identification data: name, surname.
Contact data: email, phone, postal address.
Other: voice.
Other purposes:
Identification data: name, surname.
Contact data: email, phone.
Other data: any data provided by the User related to the request.
Identification data: name, surname, ID document.
Contact data: email, phone, postal address.
Financial data: bank account number, income, token.
Employment details: type of activity, professional category.
Personal characteristics: date of birth, nationality.
Identification data: name, surname.
Contact data: email, phone.
Other data: any data provided by the User related to the request.
Identification data: name, surname, ID (in cases where it is required for participation in contests and/or raffles).
Contact data: email, phone, postal address.
Contracted products/services: product or service.
Aggregated User information.
Browsing data: IP, advertising ID, behaviour on the Web Site.
Identification data: name, surname.
Contact data: email, phone, address.
Contracted products/services: product or service.
Other data: voice and any data provided during the call.
Identification data: name, surname, ID document.
Financial data: payment history.
Contracted products/services: contract history.
Personal characteristics: date of birth.
Contracted products/services.
Identification data: name, surname, ID document.
Financial data: payment history.
Contracted products/services: contract history.
Identification data: name, surname.
Contact data: email, phone.
Contracted products/services: product or service.
Other data: opinions or feedback provided in the survey.
Identification data: name, surname, ID document.
Connection data: password, username, login.
Contracted product/service.
Browsing data: IP, behaviour on the Web Site, OS, browser.
Of all the above: IOVATION provides the following:
Connection and browsing data: IP, OS, browser.
Identification data: name, surname, ID document.
Contact data: phone.
Personal circumstances: date of birth, nationality.
Connection and browsing data: IP, OS, browser.
Browsing behaviour on the Web Site.
Personal characteristics: date of birth, nationality.
Financial and credit data: loans, income, expenses, solvency level.
Employment details: type of activity, professional category.
Contracted products/services.
Identification data: name, surname, ID document.
Contact data: email, phone, postal address.
Personal characteristics: date of birth, nationality.
Financial and credit data: loans, income, expenses, solvency level.
Employment details: type of activity, professional category.
Contracted products/services.
Any other required data.
Data processed on the basis of contract performance or the implementation of pre-contractual measures will be retained for the duration of the contractual relationship and subsequently, dully blocked for the statutory limitation period applicable to any legal actions. (hereinafter, the “General period”).
The User’s personal data will be retained for a period of six months following the end of the contractual relationship and will remain accessible prior to being duly blocked, should the user choose to re-contract. This measure enables the user to streamline the process without restarting the application from scratch. After this period, the data will be securely blocked.
Additionally, data associated with the following purposes will be blocked according to the following timelines:
Credit and asset solvency file consultations will be retained until the User objects to the processing, and if no objection is made, until the end of the general period.
Data related to LENDI GM’s anti-money laundering obligations, such as identity and bank data verification, will be retained for 10 years.
Inquiries, complaints, or claims, including those made via instant messaging, will be retained until the User withdraws consent, and if not withdrawn, until the request is processed, and afterwards, dully blocked for the statutory limitation period applicable to any legal actions.
The User’s profile account with basic personal data will remain accessible until the User requests account deletion. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.
Data related to commercial communications will be retained until the User withdraws consent. Consent may be withdrawn at any time without affecting the lawfulness of prior processing, afterwards, data will be stored dully blocked for the statutory limitation period applicable to any legal actions.
Data used for Web Site usage analysis and behaviour monitoring will be retained until the User withdraws consent and, in any case, for no more than one (1) year. After this period, the data will be anonymized.
Data used to create a profile for commercial communications will be retained until the User objects, and if no objection is made, for a maximum of three (3) year from the end of the contractual relationship.
Data used to create a profile for creditworthiness assessment will be retained until the User objects, and if no objection is made, for a maximum of one (1) year from the end of the contractual relationship. After this period, the data will be dully blocked and stored for the statutory limitation period applicable to any legal actions.
Data provided for satisfaction surveys will be retained until the User objects, and if no objection is made, until the statistical reports are completed, and in any case, for no more than one (1) year. After this period, the data will be dully blocked and stored for the statutory limitation period applicable to any legal actions.
Data related to the security and confidentiality of information systems will be retained until the User objects, and if no objection is made, until the services are no longer used. After this period, the data will be dully blocked and stored for the statutory limitation period applicable to any legal actions.
Data related to fraud prevention will be retained until the User objects. After this period, the data will be dully blocked and stored for the statutory limitation period applicable to any legal actions.
Data affected by legal obligations will be retained for the periods established by law.
In the case of applicants, when there are incomplete requests or the request is denied due to lack of documentation or other reasons, a six-month period is also granted to resume the incomplete request or submit a new one. After this period, if the product or service is not contracted, all data associated with the request will be blocked.
Data blocking means that the data will not be processed by LENDI GM unless required to comply with a legal request from competent authorities. The data will remain blocked for the applicable statute of limitations, which are:
After these legal limitation periods, the data will be permanently deleted.
The User’s personal data may be disclosed to:
Public Authorities, in cases provided by law, such as obligations related to identity verification and validation of bank data, or for the assessment of credit and financial solvency that LENDI GM must perform, as required by anti-money laundering and consumer credit laws. This data sharing is a legal obligation.
Courts and Tribunals, in cases provided by law, based on compliance with a legal obligation. This data sharing is a legal obligation.
EQUIFAX IBERICA S.L., the credit and asset solvency file referenced in the terms and conditions of the online loan, in cases of non-payment, when the legal requirements for such communication are met. This is based on LENDI GM’s legitimate interest in safeguarding its business and recovering granted loans. It also helps prevent User over-indebtedness by allowing other financial institutions to be aware of defaults. Once the legal requirements for removal from the file are met, LENDI GM will request the User’s immediate removal.
LENDI GM will consult the CIRBE, for the purpose of assessing the credit risk of the User. In particular, the following will be consulted: name, surname, identity document, credit history and history of amounts owed by the User. in other entities. This processing is based on compliance with a legal obligation derived from Law 44/2002, developed by Order ECO/697/2004 and by Circular 1/2013 of the Bank of Spain, amended by Circular 2/2023
Third-party creditors, because of the sale or assignment of credits, in compliance with all legal requirements. This is based on LENDI GM’s legitimate interest in safeguarding its business and recovering granted loans.
Collaborators/ Partners or Group companies: only the User’s name, surname, address, email, and phone number will be shared so that these companies can send commercial communications about their products and/or services, but only if the User has given consent by checking the appropriate box on the Web Site. This data sharing is based on consent, which may be withdrawn at any time without affecting the lawfulness of prior processing.
Unnax, for the purpose of verification of the User´s the identity of the User. This data sharing is based on the execution of the contract and legal obligation.
LENDI GM will only provide the data that is strictly necessary, and the third parties mentioned may only process the data for the purposes outlined here.
Additionally, to fulfil the aforementioned purposes, LENDI GM may work with service providers whose services require access to data under LENDI GM’s responsibility. These providers may include, for example: IT hosting providers, bank data verification providers, system providers, or even Group companies that provide services to LENDI GM. These third parties will not process the User’s data for their own purposes unless explicit consent is obtained, or another legal basis applies.
The User is informed that the provision of services by LENDI GM requires a series of international data transfers due to the use of the following providers: Mailchimp, Google, WhatsApp. These transfers are regulated through Standard Contractual Clauses, in accordance with the provisions of current data protection regulations.
One of the purposes for which LENDI GM processes the personal data provided is to send users marketing communications about products and/or services that may be of interest, provided they have requested such communications by selecting the corresponding option on the Web Site and as long as the consent initially granted has not been revoked.
If the User wishes to opt-out, they may unsubscribe from the service by sending an email to: [email protected]
Or by, clicking the unsubscribe link found at the bottom of the commercial communications sent.
The User guarantees that they are over twenty (20) years old and that the data provided to LENDI GM are true, accurate, complete, and up to date. To this end, the User is responsible for the accuracy of all data they communicate and will keep the information provided properly updated so that it reflects their actual situation.
Likewise, the User guarantees that they have informed any third parties whose data they may provide, if applicable, of the aspects contained in this document. The User also guarantees that they have obtained the third party’s authorization to provide their data to LENDI GM for the purposes indicated.
In any case, the User will be responsible for any false or inaccurate information provided through the Web Site and for any direct or indirect damages that this may cause to LENDI GM or third parties.
As the owner of the data, the User may send a letter to LENDI GM, to the address indicated in the heading of this Privacy Policy, or by e-mail to the address: [email protected], at any time and free of charge, to exercise the following rights:
You have the right to be informed LENDI GM whether or not it is processing your personal data and, if so, to have access to such data and to receive information on the purposes for which they are processed, the categories of data affected by the processing, the recipients to whom your personal data were disclosed and the expected period of retention of the data, among other information.
You will have the right to request the erasure of personal data provided that the legal requirements are met, and the rectification of inaccurate data concerning you when, among other reasons, they are no longer necessary for the purposes for which they were collected.
In certain circumstances (for example, in the event that the applicant disputes the accuracy of his or her data, while the accuracy of the data is being verified), he or she may request that the processing of his or her personal data be restricted and processed only for the purpose of asserting or defending claims.
You also have the right to revoke the consent given and to object to the processing at any time, for reasons related to your particular situation, if the processing is based on our legitimate interest. In this case, LENDI GM will cease processing, unless legitimate reasons can be demonstrated.
You shall have the right to receive the personal data you have provided to LENDI GM in a structured, common and machine-readable format, and to be able to transmit them to another data controller without being prevented from doing so by the data controller to whom you have provided them, in the cases legally provided for this purpose.
Furthermore, in addition to the above-mentioned rights, in case of automated decisions, including profiling, you have the right to obtain human intervention by LENDI GM and to express your point of view and challenge the decision.
Likewise, when personal data is transferred to a third country or an international organization, you have the right to be informed about how you can access or obtain a copy of the appropriate safeguards concerning the transfer.
Likewise, you may file a complaint regarding the protection of your personal data before the Spanish Data Protection Agency at C/ Jorge Juan, 6, 28001 - Madrid, when the interested party considers that LENDI GM has violated the rights recognized by the applicable data protection regulations.
LENDI GM will process the User's data at all times in an absolutely confidential manner and will keep the mandatory duty of secrecy with respect to the same, in accordance with the provisions of the applicable regulations, adopting for this purpose the necessary technical and organizational measures to ensure the security of your data and prevent its alteration, loss, unauthorized processing or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed, whether from human action or from the physical or natural environment.
LENDI GM reserves the right to revise its Privacy Policy at any time it deems appropriate, in which case it will be communicated to Users. For this reason, please check this privacy statement regularly to read the most recent version of LENDI GM's Privacy Policy.
The User declares to have been informed of the conditions on personal data protection, accepting the content of this Privacy Policy.
Last update: April 2026.
