LXA Privacy Notice
Last updated: 29 July 2024
Introduction
The LXA Group (“LXA”) is fully committed to safeguarding the privacy of its customers. The success of our business depends on our ability to maintain the trust of our clients and customers, of which data privacy and security is a core pillar.
This Privacy Notice is intended to describe:
what information we collect
how we collect the information
why we collect the information and how it may be used
with whom it may be shared
how we protect your information
how you can contact us for matters relating to your personal information
This Privacy Notice shall at all times be in accordance and subject to the Singapore Personal Data Protection Act (PDPA). It applies to all services offered via companies affiliated with the LXA Group, including LXA Pte Ltd, LXA Capital Pte Ltd, LXA Solutions Pte Ltd.
This Privacy Notice supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which any of the LXA Group companies may have at law to collect, use or disclose your Personal Data.
What Information We Collect
In general, we collect information to identify you and to better understand your financial circumstances. These may include
Identifying information
Income and employment information
Assets and liabilities information
Credit and payment history
Information about relevant or prospective properties
The specific information we collect depends on the products and services that we offer you, or that you have expressed an interest to use or apply for. We may also collect similar information about other people with whom you have a relationship or association with such as a co-borrower, spouse or partner, who may be relevant to the provision of these products or services.
In addition to the above, we collect information from job applicants. This information may include your resume, cover letter, references, and other information relevant to your application.
How We Collect the Information
Information may be provided to us by you directly, through your proxies, through third-party data sources and/or from the use of the LXA Platform and services.
1) Information provided by you
We may collect information directly from you through our website or through other channels such as phone, email, SMS, WhatsApp, and other messaging and information sharing services. By providing this information you affirm that the information you provide is accurate to the best of your knowledge, and that you are authorised to provide this information, in case you are providing information on behalf of an entity other than yourself.
Generally, when LXA requests for personal information in the course of providing you a service and/or product and where you provide us with such personal information, there is implied consent that you agree to provide us with your personal information in order for us to provide you with the requested service and/or product.
2) Information provided by your proxies
We may collect information through your co-borrower, spouse, partner or other authorised representatives acting on your behalf (e.g., mortgage brokers, property agents).
3) Information from third parties
We may also obtain information about you from business partners, contractors and other third parties, including but not limited to government institutions, banks, financial institutions, and other service providers and websites. Examples of such information include but are not limited to information about your personal profile (e.g., Singpass Myinfo), your house (e.g., property valuation, floor size), your financial interests (e.g., business ownership) and credit history.
We will seek your expressed consent when collecting any information pertaining to personal information from Singpass Myinfo or from the credit bureau. LXA does not pull your Myinfo profile or credit bureau report on loan customers without permission.
4) Information from use of LXA platform and services
We may collect information about your activities on our website, as is standard for most companies with an Internet presence today. This information includes your IP address, your browser type and language, access times, the content of any undeleted cookies that your browser previously accepted from us and the referring website address.
A cookie is a text file made up of letters and numbers that allow us to distinguish your browser/device from another user's browser/device. This text file is stored on your computer's hard disk, or other memory, for the purpose of keeping records when you visit a website. You may choose to delete this cookie at any time by clearing the cache in your browser.
Why We Collect the Information and How It May Be Used
We use the information collected to deliver the products and services that you requested (or have expressed an interest in), and in particular to secure the capital necessary for the funding of property loans and to provide customer support to you.
We use information about the loan, customer and property to ascertain the credit quality of the mortgage asset and the borrowers’ ability to repay
We ensure that the issuance of the mortgage asset is compliant with prevailing anti-money laundering / countering the financing of terrorism (AML / CFT) regulatory provisions
We use information about the loan, customer and property to provide relevant and timely customer support to you
We use aggregated information with non personal identifiable information (non-PII) to conduct internal research and analysis on mortgage portfolio performance and risk
We use the information collected from job applicants to process and evaluate applications for employment, and to communicate with applicants about their application status.
With Whom We Share Your Information
LXA does not share your personal information with others except as indicated below, or when we inform you and give you an opportunity to opt out of having your personal information shared.
1) Authorised Service Providers
We may share your personal information with our authorised service providers that perform certain services on our behalf in connection with your purchase interest for our products and services.
These service providers include, but are not limited to, data providers, technology providers, credit bureaus, title companies, insurance providers, appraisal companies, escrow companies, closing agents and other financial institutions. These service providers may have access to personal information needed to perform their functions, but are not permitted to share or use such information for any other purpose.
2) Investors
We might also be required to share aggregated and anonymized data with investors in LXA and its affiliated entities to ascertain the credit quality and risks of the loan portfolio. You would not be uniquely identifiable through this information.
3) Other LXA Group Businesses
We may share information we collect, including your personal information, with other LXA Group companies. Sharing information with the LXA Group companies enables us to serve you more holistically and provide you with more timely support. By complying with this Privacy Notice, you are also authorising other LXA Group businesses to contact you regarding other products and services.
All LXA Group companies comply with this Privacy Notice. LXA Group companies also comply with applicable privacy and security laws and, at a minimum, in any commercial email they send to you, will give you the opportunity to choose not to receive such e-mail messages from that company in the future.
4) Legal and Regulatory Agencies
We are also obligated under prevailing regulations to disclose information collected to law enforcement agencies and other relevant regulatory authorities. These may include,
a response to a subpoena or similar investigative demand, a court order or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.
instances when we believe disclosure is appropriate in connection with efforts to investigate, prevent or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees or others; to comply with applicable law or cooperate with law enforcement
instances in connection with a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, asset sale or in the unlikely event of bankruptcy.
How We Protect Your Information
LXA has in place various security procedures, technical and organisational measures to safeguard your information including the detection and prevention against hacking and other malware intrusions to our IT systems.
Data Encryption Electronic data is encrypted at rest and in transit between application servers and the database. The encryption standard we use is AES-256, which is a widely recognized as industry standard
Data Anonymization Data will be anonymized when aggregated and shared with investors or for internal portfolio analysis. No personally identifiable information (PII) will be made available for such purposes.
Data Retention Data will be retained while the mortgage asset is in-force and plus an additional 5 years in accordance with Singapore’s record keeping requirements
Access control Access to data and documents are secured internally via Single Sign-On (SSO) and transparent management of internal user access groups.
Physical security Physical devices used by all LXA staff and employees are secured by Mobile Device Management software that enables remote monitoring and erasing of the device. Our physical offices are secured via physical access control mechanisms.
Training and awareness LXA employees also undergo periodic security awareness programmes to create awareness in information security so that employees are able to identify and respond appropriately to security risks.
LXA fully expects to comply with all applicable regulatory requirements relating to the protection of customer information (including the requirements under the Notice on Technology Risk Management (CMG-N02), Notice on Cyber Hygiene (CMG-N03) issued by the Monetary Authority of Singapore) and is concurrently working towards SOC 2 certification.
While we use all reasonable efforts to safeguard your information, you should be aware that the use of the Internet can never be entirely secure and for this reason we cannot guarantee the security or integrity of any information which is transferred from you or to you via the Internet. You should also be mindful that you are responsible for keeping your access rights confidential and secure at all times.
How You Can Contact Us
LXA seeks to ensure that the information we collect is accurate, its use is authorised, and that the information is stored in a secure and safe manner. You can contact our Data Protection Officer at dpo@lxagroup.com should you like to report unauthorised use of your information, withdraw consent to information previously given, correct inaccurate information or for any other matters pertaining to your data privacy and security.
Please note that a verification of identity will be required of the party requesting the information and disclosure is made only to the individual whom the personal data pertains to. Please also note that all requests to have personal data removed from our databases or physical storage facilities will be entertained and performed within the company’s reasonable abilities and subject to the prevailing regulatory and business requirements.
Changes to this Privacy Notice
We will occasionally update this Privacy Notice to reflect changes in our practices and services. When we post changes to this Privacy Notice, we will revise the "last updated" date at the top of this Privacy Notice. If we make any material changes in the way we collect, use, and/or share personal information that may impact you, we will notify you by sending an e-mail to the e-mail address you most recently provided us in your account, profile or registration (unless we do not have such an e-mail address), and/or by prominently posting notice of the changes on our website. We recommend that you check our website from time to time to inform yourself of any changes in this Privacy Notice or any of our other policies.